Daniel Miessler's Blog, page 63

I’ve needed to write this post for around 10 years or so. I guess today is the day.

Far too much writing on this site has been too loose with claims—especially going back to 2000, 2005, and even 2010. I got much better after 2015, but I continue to improve in this regard and am getting close to my desired state.

It’s not easy for me to write this post because I wish I hadn’t made these mistakes.

Anyway, what am I talking about? I’m talking about posts like this one, where I talk about the separation of classes in the Bay Area and elsewhere in the world.

I basically start with an idea—which I absolutely still believe by the way—that starts out pretty cool. It’s basically an argument and admonition that if you’re not preparing your children, friends, and loved ones to become part of the upper class, then you will default into the lower one. I then go on to describe how those two classes are different, and how I see this playing out in the future.

Fine. No problem.

The problem is that I came up with my own estimates for percentages of the current upper class percentages, and what they might turn into in the future. And I made pretty visuals showing those numbers.

An example of what not to do when pontificating about numbers

That’s lame.

Now, in my defense, I did say right there in the visual that they were estimates. And I also said they were my own estimates explicitly in the text. And I also put it again in the footnotes. But this was 2017, and I’ve doubtlessly done worse before 2017.

Either way, it’s gross to take your own conjecture about future numbers—which nobody can possibly know—and make them visually appealing in a way that looks like a high-quality data visualization. The key term there is data. People see high-quality visualizations with precise numbers and they assume high-quality data sources. Period. End of story.

Now, I do reserve the right to pontificate. To theorize. To think out loud. To wonder. To just riff on ideas. I can and will do that, without apology. So there is some part of that post, and others like it, that I will continue to defend.

The problem is when I invisibly and imperceptibly—even to myself—make a voice and tone pivot into presenting as if the content is already established fact, backed by data. That’s gross, and inexcusable. And that’s not something I wish to have associated with me or this site.

In various cleanings over the last 20 years, I’ve deleted over 4,000 posts for being way to short or way too high quality.

So, I want to clearly apologize to the universe for having done that in the past. And when I come across posts where I’ve done so I’ll be cleaning them up or deleting them.

And I’ll continue to struggle with the line between free, fearless thought, pondering, and speculation…vs. authoritative dissemination of information. This problem is magnified by the fact that I also put out technical content that I am careful to be accurate with. So people see that content and then see me exploring some random idea and they get confused.

That’s my fault, not theirs.

Even if a careful reading would reveal the distinction, they shouldn’t have to read that carefully to find it. I should simply stop writing in a way that produces that confusion.

Happily, a number of mentors have told me that I’ve improved in this in recent years. I think it’s just because I read so much more now, and I see how it’s possible to use different types of voices to pass on different types of information—whether that’s your own ponderings or solid facts.

And so the journey continues. If you’ve read this far it’s probably because you like some of my content at least some of the time. And I thank you for that. 104%.

Notes


Thanks to my new friend who I met today who reminded me I needed to write this post.

—

If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

I recently wrote about a theory about how people have a single, Primary Concern for their politics—such as immigration, or LGBT rights, or a strong military—which determines how they’re likely to vote in an election.

I put this idea forward to explain how someone could vote for Trump even if they find him revolting in one or more ways. So if someone’s Primary Concern is not letting gay people have equal rights, then they’re likely to vote for someone who’s anti-gay even if they don’t like their other positions.

I also just read Peter Strzok’s new book, Compromised.

I just spent the last week reading Bob Woodward’s new book, Rage, and I now have a different model to put forward, which I call Worst Damage Theory.

This model says rather than people having a single issue they’re most concerned about, instead they’re imagining the worst-case scenarios that could result from each candidate being elected. So maybe they really hate Trump, and can see many bad things happening if he’s elected, but they think Biden being elected would result in transgender superheroes, all guns being confiscated by the military, and everyone gets a number tattooed on their forehead.

That’s bad, according to their calculations. Really bad. So at that point it doesn’t matter what negative things they believe about Trump, because they’re comparing bad outcomes. They can’t imagine anything Trump could do being as bad as Satanic tattoos.

And for someone on the left, they might not like a number of things about Biden—such as his senescence, or his history with being touchy-feely—but they may think those are minor compared to Trump selling the country out to Russia, or destroying our reputation abroad.

In short, people don’t maintain an exhaustive ledger of positives and negatives in their heads. There is simply too much information about candidates to do that. Instead, that opinion remains fluid and emotional based on all the various inputs to that opinion.

But when it comes to voting in an election like 2020, where the candidates have such violently competing ideologies, I think many voters will use the mental shortcut of imagining each potential presidency after 4-8 years and ask themselves which would cause the Worst Damage based on their personal values.

This, combined with the Primacy Concern model, is what allows people to vote for people they don’t really like.

—

If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

Welcome to the member area of the site. This is where you can see all the member-only content in one place.

Sign In If You’re a Member

or…

—

If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

I think we’ve lost the plot on disinformation. It’s not the attacks that are the problem. It’s the fact that too many Americans are willing to believe almost anything.

Ideally we’d reduce both the attacks and the vulnerability.

Of course it would be nice to have fewer attacks. Of course it would be nice to keep attacks from being used against higher numbers of vulnerable people. But ultimately the problem is the vulnerability itself.

Bad ideas are worse than bad code because they’re naturally contagious.

This is easier to see in the information security world. If you have a target that will run any code that it’s given, you cannot spend all of your energy making sure it doesn’t receive any code. Part of your plan has to be making sure it’s not so eager to do so. We call that patching.

It’s the same with people. We need to do more than control bad ideas; we need to patch our population against them.

Trade school doesn’t immunize against specious ideas.

For people, patching means education. And not the worker-prep kind of education where you learn how to be an obedient and productive office worker, but the kind that teaches the fundamentals of how things work—from physics to psychology, and from physiology to philosophy.

Controlling bad code, or bad information is tactically valuable, but it’s not a solution. If you have half a billion people who will believe and act upon any idiotic thing they are told, attackers will always find a way to deliver those bad ideas.

We see this with scammers today. We block scam phone calls, the attackers start texting instead. We block text scams, they start sending physical mail to people’s addresses. At some point they’ll just show up at your door like Jehovah’s Witnesses.

Bad ideas will find targets eventually. If we want to survive, we have to reduce the number of susceptible targets. This is why I’m pessimistic about the American union.

Millions don’t believe in vaccination More
Millions don’t believe in manmade climate change More
1 in 5 Americans can’t name a branch of government
41% of Americans think Jesus will return to the Earth by 2050. More
45% of Americans believe in ghosts and demons. More
Only two-thirds of 19-24 year-olds believe the Earth is definitely a sphere. More

This is the deeper problem.

Facebook and Twitter are just the marketplace. The problem is the customers.

We can blame Facebook and Twitter all we want, but to do so a distraction and a copout. It allows us to avoid a much more terrifying truth, which is that we’re becoming a nation of idiots. Ignorant people cannot survive in a system of government that allows them to behave against their own self-interest, because they will.

We need to reduce our attack surface for bad ideas.

Either our gullibility or our freedom has to give. And it’s much easier to lose freedom than it is to educate a population. The saddest part is that we’re not even talking about the problem. We’re just talking about how people are taking advantage of the problem.

Controlling the spread of bad ideas is not a strategy. We need to patch if we want to survive.

Notes


To be very clear, I find the fight against mis/disinformation to be extremely interesting, and extremely valuable. And I regularly talk about and praise the people who are doing this critical work. All I’m saying is that if we have an ignorant population it eventually won’t matter.

—

If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

Statistics is a major component of the scientific method, and its goal is to help us make better decisions on how to live our lives.

—

If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

I have a model I’m using to explain how good people can support Trump. I call it the Primary Concern theory.

It’s not really a theory, just an idea. Theories need research and support.

The idea is that people can have dozens of moral alignments simultaneously, which are active at different times and are not fully known to the person.

For example, someone could be deeply Christian in many ways, but also very isolationist when it comes to immigration. But they believe cussing is fine, and even encouraged. They also have lots of Black and Asian friends. But their father was part of the Italian Pride group in town for the last 30 years. And they believe in a woman’s right to choose, but are pro-death-penalty.

Many people are like this. Some combination of conservative, progressive—open and judgemental. Maybe they harbor racist thoughts, but they don’t come into play when they’re interacting with their friends of other races. Maybe they’re deeply religious but think there’s nothing wrong with atheists. Or maybe they have many atheist and Black friends, but would never let one marry their daughter.

Each of us is multiple people, and it’s hard for anyone—even the person himself—to know exactly which of their personas is in charge at any moment.

I think the reason we’re seeing such strong Trump support is related to this. It has to do with an often unnamed and invisible Primary Concern among his supporters, which is that the country is being destroyed by the left.

This is their Primary Concern. And it’s the reason they can ignore everything else.

They may have ten other moral personas that hate Trump. They think he’s a bad husband, a bad father. A bad business person. Or maybe they think he’s too close to Russia. If you talk to enough Trump supporters—and I’ve talked to many—you won’t find too many people who think he’s great.

But the way they see it, if your house is burning down and a firefighter runs inside, carries you out on his shoulder, and your wife and kids on the other shoulder, you don’t ask him who his favorite baseball team is.

Really. I think it might be that simple, and that extreme.

The country is the house
It’s on fire
Trump is their fireman
He’s immune to criticism during a rescue attempt

This is why it’s so strange to Trump supporters when liberals talk about taxes and adultry and violating the constitution. These might seem like colossal things to people on the coasts, but they’re small things compared to losing the actual spirit of America.

In short, the Primary Concern for Trump supporters is a deep, emotional, often inarticulable, fear of loss of their country at the hands of liberals.

Many liberals feel the exact same way, but they have a different view of the house that’s burning, and they believe Trump is the arsonist, not the firefighter.

So, practically speaking, I think it’s worth searching for everyone’s Primacy Concern. That’s not a trivial thing, because like I said—they might not know themselves. And what they tell you they most care about might be misleading.

Liberals might talk about the environment, or breaking the law, or police brutality, or whatever—and maybe one of those is the main issue, but maybe it isn’t. Maybe its a feeling that America is about freedom for all, and equality, and a feeling of safety and welcome for immigrants.

Conservatives might talk about too many genders, or bathroom politics, or political correctness. But their main issue could be that they just want things to go back to what they remember, even if they can’t articulate that memory.

I think we get distracted by specific arguments—and neglect the search for the Primary Concern—at our peril. It creates dialogue that feels productive, but doesn’t actually yield anything. Because the true issue wasn’t named or addressed.

If you want to make progress with a person, or a group of people speaking as one, find out their Primary Concern. Take the time to dig for it. It might be buried. But the real conversation won’t begin until you find it.

—

If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

10/10

In this episode, I go through my summary of the book Atomic Habits, by James Clear. I cover:

My rating of the book
My one-sentence summary of the text
My capture of the main points
My takeaways, questions, and ideas that came from reading it
My final summarization
And then my rating of the book and whether I recommend you read the full text

You can read my full summary of the book, here.

—

If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

10/10

In this episode, I review the book Atomic Habits, by James Clear. I cover:

My rating of the book
My one-sentence summary of the text
The table of contents, which is super helpful to see the structure of the argument
My capture of the main points
My takeaways, questions, and ideas that came from reading it
My final summarization
And then my rating of the book and whether I recommend you read the full text

Read my full summary of the book, here.

—

If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

Anxiety and Freedom, Microsoft Deepfake Detection, Facebook Disinformation, Replacing Huawei, India China Apps, JEDI Oracle, A Text Scam, Cisco Jabber Flaw, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

Discovery, Creation, and Ideas…

I spend 5-20 hours a week consuming books, articles, and podcasts about security, technology, and society—and every Monday morning I send a summary of my best finds.

 MY ESSAYS



Is Anxiety Freedom Without Direction? More



The Original Meaning of Begging the Question More



SECURITY NEWS



Microsoft has released a tool to help identify deepfake videos to help counteract disinformation. More



Facebook is taking some pretty extreme steps to limit their blame for any upcoming election drama. They’ve removed new accounts linked to Russian propaganda and they’re now going to ban all political ads for the week leading up to the election. I can’t help but feel like they already know it’s going to look bad for them, no matter what, and they’re just trying to build a case that they did what they could. More



The FCC says it’s going to cost around $1.8 billion to replace Huawei/ZTE wireless gear in the US. That seems low, but what do I know. More



Tensions are increasing between India and China, and India has now banned over 100 China-related apps, including PUBG and Baidu. More

This episode originally had this story wrong in the podcast and newsletter—stating that the JEDI contract went to Oracle.

The Pentagon has once again awarded the JEDI contract to Microsoft, and Amazon continues to be upset about it.More

 

There’s a text-message scam going around saying “You, we came across a package from June pending for you. Kindly assume ownership and confirm for delivery here”. Yes, it’s a scam. If you’re reading this you probably already knew that, but tell your loved ones. More



Vulnerabilities: 

Cisco fixes a huge flaw in Cisco Jabber for Windows. More
There are around 450 thousand QNAP devices that are vulnerable to three RCE vulnerabilities in QNAP’s Photo Station app, which comes pre-installed. More
Millions of sites are being attacked to look for a vulnerability in a WordPress plugin called “File Manager”. More

Breaches:

Atrium Health, who used Blackbaud software, reported a breach of patient data between Feb 7 and May 20th related to the Blackbaud breach. As it turns out, Blackbaud’s breach was really tens of thousands of smaller breaches. More
Millions of US voter details have been leaked onto a Russian Dark Web forum. More

Ransomware:

Cygilant, which is a company that protects companies from ransomware attacks, got hit with a ransomware attack. More
Fresno-area schools canceled online classes due to a ransomware attack. More

Disinformation:

Facebook and Twitter have been warned by the FBI that Russia’s Internet Research Agency is active once again around election disinformation. They’ve created a new network of fake accounts and a fake left-wing news website. They also hired US-based writers to help with the believability of the language. More
Graphika published a 120-page report on a new Russian Information Warfare campaign that goes back to 2014. More

TECHNOLOGY NEWS



Amazon gig drivers are putting phones in trees to try to catch more incoming work. More



Amazon is adding 10,000 more jobs in the Seattle area, and 7,000 more in the UK. More More



Walmart is launching Walmart Plus to compete with Amazon Prime. It’s $98 instead of $119, but doesn’t have as many advantages. More



Reed Hastings says remote work has been bad for Netflix, and that they’ll be going back to onsite work as soon as they can. More



Zoom and enhance technology has finally arrived, thanks to the rapid improvement of camera tech. More



Facebook is working a wearable that will allow you to hear inaudible sounds in the real world, including enhancing the speech of someone talking to you in a loud place. More



Amazon has a new line of security cameras that can last up to four years on a single charge. More



Companies:

Zoom’s revenue jumped 355% in Q2. More
Patreon has raised $90 million in Series E funding. More
Hypatos uses language processing and computer vision to speed up financial document processing. More

HUMAN NEWS



More than half of 18 to 29-year-olds in the US are living with their parents. More



Solar and Wind energy reached 67% of new power capacity added globally in 2019, with fossil fuels making up just 25%. More



Divorce rates are up 34% during COVID. More



Economists are getting more concerned that there will be a quick economic recovery—but only for people already doing well. More



Netflix is making a series based on Three-Body Problem. More



In Japan there are companies that help people disappear out of their lives that are so burdened with visibility, expectation, and responsibility. More



Chess is getting big on Twitch. More



IDEAS, TRENDS, & ANALYSIS



What Happened When I Went Full Stoic — I really enjoyed this piece, and I like how it found what I did during my journey with it, i.e., that it’s a lot more like some Eastern teachings that tell you to maintain distance from the world so that it cannot harm you. More



What Will You Do if Trump Doesn’t Leave? More



Riot Porn is making the violence worse. More



UPDATES



Bruce Schneier is moving his blog to WordPress, and the trolling started immediately. Why are you moving to something so insecure! This is wisdom as old as “firewalls keep you safe”. WordPress Core is quite secure (for a blogging platform). It’s the plugins that get you. More



Well, I tried and failed again to create a shorter show this week. This one took me around six hours to assemble. I think I need to raise the bar for what I send to the review queue during the week.



DISCOVERY  



A Big Ass Data Broker Opt-Out List More



Analyzing Senators’ Stock Picks Using ML More



The Criteria for 10x Content More



My Thoughts on Editors in 2020 More



The Most Favorited Hacker News Posts More



Things I Learned From a Senior Software Engineer More



The origin of obscure UNIX commands. More



Someone fed Nassim Taleb aphorisms to GPT-3 to see if it could make more of them. More



Lessons Learned from Running SSH Honeypots More



Using VirusTotal’s API to Detect Malicious Activity More



Red Team Village CTF Writeup More



RECOMMENDATIONS



There are an increasing number of studies (including this new one) that shows that vitamin D can be helpful with COVID-19. I’m being very cautious about how I word this because 1) I’m not a doctor, and 2) even doctors are still confused about this stuff. But here’s one thing I can tell you for sure: it’s probably a really good idea to make sure your vitamin D levels are not below where they should be. That’s true whether this research turns out to be strong or not. TL:DR: Make sure you’re not deficient. More



APHORISMS



“True knowledge lies in knowing how to live.”



~ Baltasar Gracian

Notes


Sep 8, 2020 — This episode originally had this story wrong in the podcast and newsletter—stating that the JEDI contract went to Oracle. My apologies for the error.

—

If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

You probably hear the phrase, “that begs the question…” a few times a week. Speakers and writers using these words mean to say—in a sophisticated way—that the point just made raises a new question.

I’ve mostly outgrown my Well Actually habit, but in this case the situation is interesting enough to make an exception.

Notice I say originally, not actually.

Begging the Question is originally a type of flawed argument called a logical fallacy. It’s an informal logical fallacy because it’s not violating deduction, which would do something like:

All men are humans –> Ken is a man –> Therefore Ken is tall.

That’s a formal logical fallacy, and the other ones you’ve likely heard of like Strawman and Appeal to Authority and such are of the informal variety.

Aristotle is the first philosopher to formally describe Begging the Question.

Anyway, the original meaning of Begging the Question is a type of circular reasoning. That’s where you make a statement that you justify with another version of the statement. For example:

Fruits and vegetables are part of a healthy diet. After all, a healthy eating plan includes fruits and vegetables.

So you say the first thing forcefully—which is what you’re trying to argue—and then you say the supporting statement using different words that are commonly accepted by many in the audience.

In this case, “A healthy eating plan includes fruits and vegetables” is so well accepted that it’s likely to land as solid evidence of the first statement. But it’s not because it’s just another way of saying the same thing.

The greatest thing we can do is to love each other. Love is the highest form of human emotion.

Again, this sounds solid because they’re both repeated so often and accepted by so many. The problem is thinking that the second statement supports the first when it does not.

The language of “Begging” and “The Question” comes from the original Greek that was then translated into Latin, which meant, “Asking for the original thing.”, where the initial thing is the thing you’re trying to prove. In the examples above, the initial things were “The greatest things we can do is love each other”, and, “Fruits and vegetables are part of a healthy diet.”

So Begging in that context meant Assuming, and The Question meant the point that they were trying to make. In other words, Assuming the Conclusion.

Meanings change over time, and that’s ok

We won’t know until later if the meaning has fully changed.

Unfortunately for the pedants—I’m recovering myself—words and phrases change meaning all the time. In fact they’re changing right now, and “Begging the Question” maybe one example.

So maybe it’s ok to use Begging the Question as a smart synonym for “raising a question” already. I don’t know when exactly that call is made, and I’m not sure anyone does.

But I do know that if someone is attempting to sound smart by using the phrase—which is invariably the case—it’s probably best for them to know both meanings. And I’ve never seen a situation in which someone who knew both meanings continued to use the new meaning. They usually switch to “raising” instead of “begging”. I’m one of those people.

Other examples

Student: Why didn’t I receive full credit on my essay? Teacher: Because your paper did not meet the requirements for full credit.

They added “requirements” in here to make it sound official.

Killing people is wrong, so the death penalty is wrong.

That sounds super clean, but all the work is still left undone.

Opium induces sleep because it has a soporific quality.

Cool, so it induces sleep because it makes people sleepy? Thanks for that.

Summary


Begging the Question originally meant “Assuming the Conclusion”.
It sounds cool, so people started repeating it thinking that “Begging” was a smart way to say “Raising”.
This has been happening for some time now, so at some point this may become an accepted and official alternate meaning, but I’m not sure if it is yet.
If you know both meanings—which you now do—I recommend you use “Raising” instead of “Begging” unless you really mean Assuming the Conclusion.
Try your best not to be the guy—yes, it’s usually a guy—who calls someone out in a live conversation when they make the mistake. If you think they’d care and you honestly want to educate them, pull them aside afterward.


Notes


Thanks to Steven Harms for being the first one to tell me about this. It was actually the communication that launched our friendship!

—

If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.