Daniel Miessler's Blog, page 67

I’ve written like 5 articles about getting the right sound for my podcast. I talk about the different mics, the different settings, recommendations from NPR professionals, etc.

You can see the other articles in the related posts section below.

I’ve once again had an epiphany on this topic, so I thought I’d share it here in case it’s useful to someone.

Here’s how my basic evolution of thinking has gone:

Whatever, sound doesn’t matter that much (2015)
I guess I’ll get a Yeti mic because they look awesome (2015-2016)
It has to be all about the mic, so let’s figure out what the pros are using
More bass is authoritative
The RE27 N/D is the radio workhorse, so that’s the answer
Oh but wait, NPR uses the U87ai, so that’s even better
More bass sounds cool in the first 30 seconds, but is crap to listen to over time
Ok, Sam Harris has my preferred sound and he supposedly uses an SM7B

What this has brought me to is where I should have started with, but lacked the fundamentals to arrive at. Namely, it’s all about the impact to the listener.

Well, duh. But what does that mean?

First, the heavy bass sound that so many men go for is just bad. Don’t do it. It produces a dull, throbbing sensation that assaults the ear over time. And even worse, it is hard to hear when you have low-pitch noise that competes with it.

A sound that’s in the mid to higher range cuts through background noise better, and is easier to listen to.

Second, forget how podcasters sound and ask yourself how audiobooks sound. They’re designed to be listened to for hours at a time. And since I listen to lots of audiobooks, I started paying attention to their sound.

What do they tend to have in common?

They aren’t bassy at all, but they’re also not crisp. They’re mid to mid-high end in tone.

Next, they don’t have any high-fidelity character in the voice. It’s a neutral voice sound, so that you aren’t distracted by the speaker and can focus 100% on the content itself.

And that’s what got me thinking about Sam Harris’s podcast and all the various mics and sounds that I’ve tried.

I own the Yeti, the RE27, and the U87. And I just bought the SM7B.

When I was using the Yeti I didn’t know anything about sound, so that one doesn’t count. With the RE27 I was just learning, but I liked the fact that it had a wide dynamic range. And with the U87 I was obsessed with the best possible range and the fact that NPR used it.

But here’s the thing—it requires a studio to get the most out of it because it’s so damn sensitive. And even if I had a studio, it turns out I don’t want to hear perfect detail in my voice!

In fact, I just want to hear certain parts of it, in a clear mid-to-high range. And I want that sound to be extremely flat. Not flat in tone, but flat in character. I want it super dry. No noise. No clicks or pops.

No distractions.

This is precisely what I’ve loved so much about Sam Harris’ sound for so long.

He has a bassy voice, but the audio isn’t bassy. It’s flat and dry. And it doesn’t sound super accurate or super sensitive. It’s just clear.

I just set up my SM7B, which is the mic that Joe Rogan and he use, and I turned it down to NPR-like settings. Meaning, as little messing about as possible.

Cloudlifter
Bass rolloff on the mic
No presence enhancement on the mic
Standard pop filter (not the more bassy one)
Gain set to 40 on the RODECASTER Pro
Compressor, De-esser, Aural Exciter, Processing, High-Pass filter, and Noise Gate on RODECASTER Pro
No Bass Boost on RODECASTER Pro
No equalizer in post (Hindenburg)
Moderate compression in post (Hindenburg)

So I’m reducing bass on the SM7B itself, reducing more bass by using the High-pass filter on the RODECASTER Pro, and purposely not using the Big Bottom setting either.

And then I’m not using any equalizer in Hindenburg in post.

And I think these settings may have finally done it. The sound I just got is really close to what I’m looking for, with its unassuming forwardness and clarity.

Here it is for a listen.

I’ll continue to update this post as I make improvements. But hopefully this is fairly close to where I’ll be for a while. It’s time to land and focus completely on content rather than accouterments.

Anyway, hope this helps someone.

Summary


The bassy sound is not your friend
It’s possible to have too much clarity because it can distract the listener
My landing place is unassuming, dry, clarity, like what you hear above

—

If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

THIS WEEK’S TOPICS: Ripple20 IoT Vulns, Homeland Security Surveillance, US Cyber Budget, Adobe EOL, AWS DDoS, Bellingcat Poison Investigation, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

The newsletter serves as the show notes for the podcast.

Notes


Podcast colophon. More

—

If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

THIS WEEK’S TOPICS: SMBleed, Republicans. vs. China, Hawkey Surveillance, COVID in August 2019, IBM Facial PR, Palantir NHS, Blockchain Misinformation, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

The newsletter serves as the show notes for the podcast.

Notes


Podcast colophon. More

—

If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

There are two concepts being discussed a lot right now that I think need some differentiation.

One is Both-Sidesing, which seems to be the act of trying to recognize one or more points made by the opposing party during the course of a debate or discussion.

The other is All Lives Matter, which in my opinion is a failure to understand the concept of prioritization.

If I understand Both-Sidesing correctly, I am actually for it. Not just for it, in fact, but an advocate.

In other contexts, Both-Sidesing is also known as Steel Manning, or during the course of a discussion it can even be used as part of Nonviolent Communication and Active Listening.

In short, I see Both-Sidesing as a natural and desirable part of any advanced discussion between rational people discussing something in good faith.

It reminds me of saying during a discussion, “So it sounds like you’re saying…”, and then inserting your empathically formed paraphrase of their points.

But even more important than the discussion lubrication aspect, I see it as the only realistic approach to discussing complex topics, like racism, social inequality, taxation, how to construct a just government, etc.

I don’t see how you approach anything like that without first looking at multiple (not just two) perspectives, highlighting what you think may be valid points in all of them (or at least why they might see them as valid), and then proceeding from there.

It’s almost like people attacking Both-Sidesing are saying their position is so strong that presenting any alternative viewpoint is equal to moral failure, and that’s no way to have a conversation.

Ok, so that’s what I think about that. The gap I have in that argument is in the definition. If Both-Sidesing is actually something else that I don’t get, then maybe I just need to be educated.

First, is “All Lives Matter” an example of Both-Sidesing? I don’t think so.

That would be something like, when debating Ted Bundy’s killing of girls in Florida, we say:

Sure, but it wasn’t all bad. I mean he was really smart and he made people comfortable around him.

That seems like what Trump did. It’s not our job to find endearing things about white supremacists in the middle of a white pride march. And it’s not our job to find nice things to say about Ted Bundy when he wasn’t killing people.

Maybe Ted Bundy made a hell of a grilled cheese sandwich. I don’t care.

Things get complex when someone comes to the table to talk about underlying grievances, and they come to have an actual conversation.

So if Al Quaeda or the KKK comes to the table to have a real conversation, and they say, “We do this because we don’t have jobs, or because you stole our oil, or you did this on this day.” … Well then we can start to talk about ideas, and then it becomes ok to acknowledge pain and suffering as part of a potential path to understanding and non-violence.

But you don’t go to the site of an ISIS bombing or a racist killing and say, “Well they kind of have a point because of…” It’s about empathy. And timing. And ultimately, context.

And that brings us perfectly to “All Lives Matter”.

All Lives Matter is a perfect example of failure in the realms of empathy, timing, and context. To me the best metaphor is the Emergency Room in a hospital.

If someone comes in with a stab wound to the chest, and they’re not breathing, it doesn’t matter that their pinky is broken. Again, context.

If we were all on vacation in Bora Bora and someone broke their pinky, it’d be a major event. But America isn’t in Bora Bora. America isn’t breathing, and it has a chest wound called systemic racism against black people.

Yes, we know fingers are important. All fingers equally. Cops matter. There’s tremendous racism against Latino people as well, and white and Asian people matter too.

Everyone matters. All groups matter. But mentioning that while someone can’t breathe does not give them air.

Movements like BLM are calls for Emergency Room prioritization. And that makes sense to me.

So, as I work this out in my own mind, I think I see the difference between Both-Sidesing and All Lives Matter more clearly.

This is why I love writing. It clarifies thought.

And in retrospect, it seems like I may actually be wrong about Both-Sidesing because the definition that’s being used is the one I gave with the clearly bad examples. So let me be clear about that: if that’s the definition that people are using, and that we agree on, then I’m against it as well.

I think there are three separate things at play, actually, and I’m only advocating for one of them. So let me break them apart by assigning some concise definitions.

Both-Sides’ing: Taking something that’s clearly horrible and finding something trivially positive to say about it or its advocates. E.g., “Sure, Nazis were bad, but they sure knew how to unify a country!”
All Lives Matter’ing: Failing to recognize the prioritized context in a crisis situation, resulting in additional suffering for the most-acutely injured.
Acknowledging Situational Complexity: Enumerating the multiple perspectives and arguments in a complex problem so we can move towards a solution that works for as many people as possible.

Using these definitions, I am against using 1 and 2, and for 3. In other words, let us not confuse Both-Sidesing with Acknowledging Complexity.

The former should be avoided, and the latter encouraged.

Notes


June 14, 2020 — A reader corrected me on my Trump quote. I had him saying, “There were good people on both sides.” regarding the Charlottesville marches, which he didn’t do. It was evidently about statues coming down, and his wording was “fine people”.

—

If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

THIS WEEK’S TOPICS: COVID-19 Trends, New Zoom Trouble, Facebook Blocking, Chrome Incognito Suit, Retail Rents, Nuclear Contractor Hack, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

The newsletter serves as the show notes for the podcast.

Notes


Podcast colophon. More

—

If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

THIS WEEK’S TOPICS: US Protests & Unrest, Trump Goes Into the Bunker, NSA Warns on Exim, Octopus Scanner, Stanford’s SIO Virality Project, Windows 10 Update, SHA-1 Deprecated in SSH, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

The newsletter serves as the show notes for the podcast.

Notes


Podcast colophon. More

—

If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

I think many things are happening at the same time to bring us to this level of unrest.

There is an extensive history of mistreatment of Black people in our country, which is captured well in this Twitter thread.
In my mind there is no question that Black people continue to be treated badly by some significant subset of police officers and police departments. This doesn’t mean all cops are bad, but it doesn’t need to mean that for there to be a major problem.
Our police in America are far too militarized. Too many of them have transitioned from thinking of themselves as community servants, to thinking of themselves as Navy SEALs or Special Operations troops. This type of dress, gear, and training attract the wrong type of people to join. More
Of course there are people looting just for fun, and to take advantage of the situation. Obviously. And it’s quite logical to assume that there are also some number of professional instigators, either grown internally or acting from the outside, that are sparking or exacerbating various situations. This does not, however, nullify in any way the legitimate grievances that are the root cause of this situation.
Accepting that there are some bad people amongst the protesters and rioters does not delegitimize the movement any more than accepting that “most cops are good” delegitimizes the fact that too many cops are bad. Reality is messy, and many things are true at the same time in this situation.
The COVID-19 situation is also an aggravating factor, as the Black community has also been hit harder both by the disease itself and by the fallout from the lockdown.
And finally, our president has failed to lead on this. Worse than failing to lead, he’s actually made the situation worse by not accepting the points above. Rather than seeing things as nuanced, he grabs a single narrative and turns it into a caricature. In this case the narrative he’s chosen is that cops are right and protesters are wrong. This is not what the country needs right now, and it’s not leadership.

To get through this we need the maturity to be able to maintain opposing ideas in our minds simultaneously. Yes, right-leaning friends: looting is bad. And yes, some criminal-types are taking advantage of the situation. And yes, the rule of law is crucial. Fine. Granted. Ok. No arguments here.

But please accept that the root cause of this—the core issue—is not false. It’s not constructed. It is not contrived. It’s real, and there’s a history there that is raw, visceral, and largely invisible to people outside the affected communities. There is an honest, deep pain and fear in the Black community as it relates to interactions with the police. Sure, not all police are bad, but there are still far too many who are not.

If you’re on the right and have conservative values, please reach internally to your compassion for your fellow humans in this country. Your fellow American is suffering, and they have legitimate grievances. We accept that there is noise in this message caused by troublemakers, but that’s always the case. Don’t let that distract you from the righteous calling to help your American brothers and sisters.

These communities need our support right now. They need your support, my friends and readers on the right. And the worst possible thing you can do is dismiss their claims on the grounds that a few among them are acting in bad faith. You have the wisdom to see through that, and to see the true suffering beneath. And I ask you to please do so. We need you. These communities need you. The country needs you.

—

If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

I do not endorse Twitter mobs. They can do unbelievable damage to someone’s life in a matter of hours, and the meteor-level hatred is often unjustified.

People should not have their careers destroyed for PC-unfriendly jokes or comments that clearly weren’t meant to be harmful. There’s a spectrum there, ranging from a slip that reveals true nastiness, to a good-natured relationship with humor and truth that is common with comics.

Taken at the extreme, most of America (yes, even on the coasts) say or laugh at many things per week that could get them fired if Twitter were listening. So I’m not usually one to jump on when the dog-piling starts.

But this woman calling the police on a black bird-watcher in Central Park is an exception. She deserves what she’s getting. And here’s why.

She wasn’t overheard telling a friend that she’d never date a black guy. Or even saying that she wouldn’t do so because she doesn’t find them attractive, or whatever.

These are the types of opinions and comments that make modern people crinkle their noses and distance themselves from the speaker. Like bad cheese or unwashed feet. And it’s no reason to end someone’s career.

This was different.

This was a white woman trying to force a black man to comply by using the history of America’s racism like a nightstick.

In so many words, here’s what she told him.

If you do not do exactly what I tell you to do, right now, I—a white woman—will call the police (who are there to protect white people) and tell them that you—a black man—are threatening me. And you better be damn well sure that if it comes down to my word vs. yours, you will lose. So do it. Now!

That’s not what she said, but it’s precisely what she communicated.

It wasn’t a good-natured joke or comment in bad taste. It was a revelation of a racism and selfishness so deep that she was willing to threaten a man’s life because she’s a horrible dog owner.

People get shot when women call the police and say they’re being attacked. Especially black men. And she damn well knew that.

She didn’t just know it, she used it as a weapon.

The history of slavery. The history of white women blaming black men for things they didn’t do. The history of the authorities taking their word over that of the accused. All of that.

The entire legacy of America’s oppression of black people, weaponized into a single sentence.

I’m going to tell them there’s an African-American man threatening my life.

That’s her direct quote.

We are luckily our bird-watching friend was carrying a mobile Atticus Finch with him. Without that he might have been one more black guy who couldn’t tell his side of the story. Because he was dead.

There aren’t many who deserve to have their careers crushed by Twitter.

But I think anyone who will tell the police they’re being assaulted by a a black guy—because he asked them to put their dog on a leash—definitely qualifies.

—

If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

THIS WEEK’S TOPICS: Twitter Bots, Face Recognition Headsets, Chrome Bug Memories, Virtual Currency, White House OPSEC, Realtime Language Translation, Technology News, Human News, Ideas Trends & Analysis, Discovery, Recommendations, and the Weekly Aphorism…

The newsletter serves as the show notes for the podcast.

—

If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

I’ve been writing about Information Security for around 20 years now, and I’ve written a lot about the definitions of various terms. A number of people have asked me to assemble those definitions into a single location, and that’s what we’ve done below.

These terms are active works in progress, so if you can improve them please let me know.

Each term has a link to more discussion around each definition.

Threat
A negative event that can lead to an undesired outcome, such as damage to, or loss of, an asset. Threats can use—or become more dangerous because of—a vulnerability in a system. MORE





Risk
A risk, in plain language, is a chance of something bad happening combined with how bad it would be if it did happen. MORE





Threat Actors
The person, actor, entity, or organization that is initiating the given (Threat) scenario. This is generally reserved for human-driven scenarios, such as hack attempts. It doesn’t usually make sense to talk about threat actors when the event is a flood or an earthquake, for example. MORE





Vulnerability
Vulnerabilities are weaknesses in a system. They make threats possible and/or more significant. MORE





Programmer
A Programmer is someone who can solve problems by by manipulating computer code. They can have a wide range of skill levels—from just being “ok” with basic scripting to being an absolute sorcerer with any language. MORE





Hacker
A Hacker is someone who makes things. In this context, it’s someone who makes things by programming computers. This is the original, and purest definition of the term, i.e., that you have an idea and you “hack” something together to make it work. It also applies to people who modify things to significantly change their functionality, but less so. MORE





Developer
A Developer is a formally trained programmer. They don’t just solve problems or create things, but do so in accordance with a set of design and implementation principles. These include things like performance, maintainability, scale, robustness, and (ideally) security. MORE





Event
An event is an observed change to the normal behavior of a system, environment, process, workflow or person. Examples: router ACLs were updated, firewall policy was pushed. MORE





Alert
An alert is a notification that a particular event (or series of events) has occurred, which is sent to responsible parties for the purpose of spawning action. Examples: the events above sent to on-call personnel. MORE





Incident
An incident is an event that negatively affects the confidentiality, integrity, and/or availability (CIA) at an organization in a way that impacts the business. Examples: attacker posts company credentials online, attacker steals customer credit card database, worm spreads through network. MORE





Breach
A Breach is an Incident that results in the confirmed disclosure——not just potential exposure—of data to an unauthorized party. MORE





Penetration Test
A Penetration Test is a time-boxed technical assessment designed to achieve a specific goal, e.g., to steal customer data, to gain domain administrator, or to modify sensitive salary information. MORE





Red Team Engagement
A Red Team Engagement is a long-term or continuous campaign-based assessment that emulates the target’s real-world adversaries to improve the quality of the corporate information security defenses, which—if one exists—would be the company’s Blue Team. MORE





Vulnerability Assessment
A vulnerability assessment is a technical assessment designed to yield as many vulnerabilities as possible in an environment, along with severity and remediation priority information. MORE





Audit
An audit can be technical and/or documentation-based, and focuses on how an existing configuration compares to a desired standard. This is an important point. It doesn’t prove or validate security; it validates conformance with a given perspective on what security means. These two things should not be confused. MORE





White/Grey/Black-Box Testing
The white/grey/black assessment parlance is used to indicate how much internal information a tester will get to know or use during a given technical assessment. The levels map light to internal transparency, so a white-box assessment is where the tester has full access to all internal information available, such as network diagrams, source code, etc. A grey-box assessment is the next level of opacity down from white, meaning that the tester has some information but not all. The amount varies. A black-box assessment—as you’re hopefully guessing—is an assessment where the tester has zero internal knowledge about the environment, i.e. it’s performed from the attacker perspective. MORE





Risk Assessment
Risk Assessments, like threat models, are extremely broad in both how they’re understood and how they’re carried out. At the highest level, a risk assessment should involve determining what the current level of acceptable risk is, measuring the current risk level, and then determining what can be done to bring these two in line where there are mismatches. Risk Assessments commonly involve the rating of risks in two dimensions: probability, and impact, and both quantitative and qualitative models are used. In many ways, risk assessments and threat modeling are similar exercises, as the goal of each is to determine a course of action that will bring risk to an acceptable level. MORE





Threat Assessment
A threat assessment is a type of security review that’s somewhat different than the others mentioned. In general it pertains more to physical attacks than technology, but the lines are blurring. The primary focus of a threat assessment is to determine whether a threat (think bomb threat or violence threat) that was made, or that was detected some other way, is credible. The driver for the assessment is to determine how many resources—if any—should be spent on addressing the issue in question. MORE





Threat Modeling
Threat Modeling is not a well-understood type of security assessment to most organizations, and part of the problem is that it means many different things to many different people. At the most basic level, threat modeling is the process of capturing, documenting, and (often) visualizing how threat-agents, vulnerabilities, attacks, countermeasures, and impacts to the business are related for a given environment. As the name suggests, the focus often starts with the threat agent and a given attack scenario, but the subsequent workflow then captures what vulnerabilities may be taken advantage of, what exploits may be used, what countermeasures may exist to stop/diminish such an attack, and what business impact may result. MORE





Bug Bounty
A Bug Bounty is a type of technical security assessment that leverages crowdsourcing to find vulnerabilities in a system. The central concept is simple: security testers, regardless of quality, have their own set of strengths, weaknesses, experiences, biases, and preferences, and these combine to yield different findings for the same system when tested by different people. In other words, you can give 100 experienced security testers the exact same testing methodology and they’re likely to find widely different vulnerabilities. The bug bounty concept is to embrace this difference instead of fighting it by harnessing multiple testers on a single assessment. MORE





Red Team
Red Teams are internal or external entities dedicated to testing the effectiveness of a security program by emulating the tools and techniques of likely attackers in the most realistic way possible. The practice is similar, but not identical to, penetration testing, and involves the pursuit of one or more objectives—usually executed as a campaign. MORE





Blue Team
Blue Teams refer to the internal security team that defends against both real attackers and Red Teams. Blue Teams should be distinguished from standard security teams in most organizations, as most security operations teams do not have a mentality of constant vigilance against attack, which is the mission and perspective of a true Blue Team. MORE





Purple Team
Purple Teams exist to ensure and maximize the effectiveness of the Red and Blue teams. They do this by integrating the defensive tactics and controls from the Blue Team with the threats and vulnerabilities found by the Red Team into a single narrative that maximizes both. Ideally Purple shouldn’t be a team at all, but rather a permanent dynamic between Red and Blue. MORE





Green Team
An offensively-trained and defensively-focused security team dedicated to working with development and infrastructure groups to address issues discovered using offensive security techniques systemically and at scale across an organization. MORE MORE

—

If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.