Daniel Miessler's Blog, page 90

I saw a tweet recently by Robert M. Lee—a highly respected ICS Security professional in the industry.

When folks put “ICS” in the category of “IOT” it conflates the systems, purpose, value, and risks of separate communities. There’s important differences between a robot arm in a car manufacturing plant and your internet connected doll even if both have default passwords.

— Robert M. Lee (@RobertMLee) January 2, 2019

I am a mid-tier ICS Security person, by the way. I’m experienced with it, and an expert compared to most security people, but I’m a non-expert compared to the people fully focused on it like Robert.

I see his point, and I think it’s valid, but I worry that some people who are not experts in IoT or ICS security might not get the nuance. The part I want to quibble with is this bit:

When folks put “ICS” in the category of “IOT” it conflates the systems, purpose, value, and risks of separate communities.

Robert M. Lee

I almost completely agree with this statement—but with a caveat.

Basically, I do believe that ICS is a category of IoT—if you define IoT a certain way. As usual, so many of these discussions come down to definitions. And this isn’t going to be a rant about how my extremely detailed and specific definition is the most accurate, and how Robert’s or anyone else’s is specifically and technically incorrect.

I think we actually need to head the opposite direction when it comes to these definitions and discussions. I think the definition we should be using for IoT, when we’re talking with non-experts and the public at large is something like, “The process of connecting everyday objects and systems to networks in order to make them globally available and interactive.”

For most people, IoT can best be thought of as the process of connecting everyday objects and systems to networks in order to make them globally available and interactive.

I believe this definition does a lot of work for us.

Most importantly, it unifies the risks around everyday IoT, ICS, and IIoT. It makes it clear that the primary source of risk for all IoT is the fact that there are many sensitive things that happen in this world, and that it’s inherently a really big deal to start connecting those functions to networks.

Even the Internet of Shit can be dangerous if it’s insecure and grants access to something or allows an attacker to steal resources, e.g., the fish plaque connected to the cloud that grants access to your network.

This is true of car robot arms, baby monitors, thermostats, and almost every type of IoT we one can imagine. That is the unifying component—going from analog to digial, from isolated to connected, and from static to interactive.

Now, that being said, I absolutely agree that this unification has limits, and that—like Robert said—it’s simultaneously critical to make distinctions between the various types of IoT. But once we accept what’s similar, I think it’s easier to make those lines clearer for people.

I think it comes down to magnitude of impact assuming something were to go wrong. If your fish plague gets compromised, an attacker might use your bandwidth to create fake ad clicks, or they might try to pivot and install ransomware on your systems at home.

But if a major dam’s SCADA system is compromised, well, millions of dollars of property could be lost, people can be hurt and killed, and it can have a major effect on livelihoods and economies. That’s a major difference worth calling out.

So I guess what I’m saying is that perhaps we should use a broader, more approachable definition of IoT that unifies underneath the basic concept of old=disconnected=lower risk, and new=connected=higher risk. And then from there we can make the separations within IoT of the types according to impact. Perhaps something like the following:

A conceptual differntiation between IoT, Consumer IoT, and Industrial Control Systems

Eager to hear any feedback.

I think the distinction is minor, but important.

—

I spend between 5 and 20 hours creating this content every week. If you're someone who can afford fancy coffee, please consider becoming a member for just $5/month…

Start Membership

Thank you,

Daniel

January always feels fresh to me—a chance to be better. But at the same time, it’s really just a day after the end of December. This is why I don’t do New Year Resolutions. Basically, if you wanted to do that thing bad enough, you would have done it already.

But that’s for things that you can do and start at any moment that you want to continue doing, like eating better, or getting more exercise. The things I like to do in January are different: they’re annual activities that—as the name implies—you only need to do once a year.

Here are mine:

Rotate Passwords: This one is pretty obvious, but for your top accounts you should probably be rotating at least once a year. It’s also a good time to make sure your 2FA settings are solid, and that your recovery options are correct, e.g., phone numbers, backup emails, etc.
Make Sure My Backups Are Solid: This should be higher in the list, but I do all of them pretty much simultaneously so it’s not a big deal. Making sure you have your most important data backed up is something you want to do at least once a year. I recommend a hybrid strategy of cloud plus local storage. So you have most of your backups in your favorite cloud system, and you have a copy of it on a set of hard drives (or a NAS) that you update at least once a year.


Reorganize my Feedly Account: Feedly is my top news source, and it’s critical that it says in good shape. Things I do here include trimming categories, pruning sources, and revisiting settings and options. This year I removed tons of categories and got it down to Favorites, InfoSec, Ideas, and News—all while removing tons of dead and broken sources.
Clean up my Twitter Account: Twitter—as much as it’s become toxic in recent years—continues to be the best window into my professional world. It’s sad to write that, but I think it’s still true. Every year I adjust my lists, take a look at my profile pic, profile text, settings, and who I’m following. This year I pruned lists by half (consolidation) and didn’t make too many changes to who I’m following.
Revisit Reddit: Reddit is my view into the wider world, and every year I take a look at my settings and subreddits. I didn’t make any changes this year, but I did look at some of the new settings and client options and made some tweaks.

I just finished my tweaking and it feels quite nice.

I recommend you do the same.

—

I spend between 5 and 20 hours creating this content every week. If you're someone who can afford fancy coffee, please consider becoming a member for just $5/month…

Start Membership

Thank you,

Daniel

I’m a life-long Bay Area resident—born and raised—and I’m starting to see transformations in various communities that are setting off my dystopian spidey senses.

Basically, I’m seeing stark and disturbing differences between communities that are just a few miles from each other. I’ll take the Newark / Fremont area as an example, since I’m familiar with it, but I’ve seen this type of thing throughout the Bay Area over the last several years.

Dead Zones


If you go to run-down cities, like Newark, there are often homeless everywhere just wondering around like zombies. I’ve lived there since the 70’s, and within the confines of anecdote I can say it’s never been like this. Perhaps there was homeless before, but it wasn’t nearly as acute or visible.
Restaurants in these places are typically ghost-towns, with very few wait staff and virtually no interest in customer service. I often go into restaurants in Newark, San Bruno, and other similar areas where the staff might not even acknowledge you when you come in. And even then, it’s not a direct address—more like a chore that must be done. I would be mad about it, but it’s not their fault. Management has cut staff dramatically and put much more load on each person working—and without more pay.
The bathrooms in these towns are often splattered in urine and feces, with tons of graffiti on the walls. And toilets are often out of order, missing toilet paper, etc. Again, when mentioning this fact to the staff, they stare back at you with dead eyes and you realize you’re an asshole for even bringing it up. Their lives are infinitely more difficult than mine, and I’m acutely sensitive to that.
I was in a Starbucks in Newark yesterday (my hometown) and there were four homeless people camped out inside the store. The man next to us smelled so bad that we and other customers had to actually cover our noses to work nearby. It was the smell of fecal matter rotting on skin. He was rigged up with three extension cords and multiple gaming consoles just playing away for hours. I asked management about the smell, mentioning that the guy (a white guy probably in his 50s) seemed nice enough but he was disrupting the entire place, and they said he could do nothing whatsoever. And again, I felt like a horrible person for even talking to someone about it. If someone is in a bad enough spot to spend their time in a Starbucks, after not showering probably for days or weeks, then who am I to complain about my cafe experience?
The people in the cafes and businesses in these towns tend to seem beaten down, frayed, or otherwise downtrodden. Alternatively, they appear to not be participating in the rat race, e.g., they’re gamers or retires or high school kids not particularly focused on college.

After enough of these really negative experiences of seeing abject poverty and suffering—not just recently but over the last few years—I hear myself saying internally that I need to start going to “nicer” places. You know, places where there won’t be people stinking up the entire place because they decided to not participate in society (I know a lot about that particular person, and he’s definitely making that choice). Or another local guy with obvious drug problems with a suitcase worth of stuff strewn about his table.

I define a Star Trek liberal as someone who thinks the goal is to live in a society like that of Star Trek The Next Generation, i.e., highly diverse and focused on art and scientific exploration rather than materialism.

The problem is I feel bad for thinking this way. I am a Star Trek Liberal—again, born and raised in the Bay Area. I was not raised to run away from suffering, to run to the richer areas where I feel comfortable all the time. That’s why I drive from San Francisco where I live and work, to Newark (a 40-80 minute drive) to spend my free time. It’s home.

The idea of writing off my old stomping ground to head for more refined communities is repulsive to me.

But let’s talk about those places real quick, just to see the differences.

Thriving Areas


I’ve noticed that nice places are basically anywhere with a Philz coffee, Apple Store, or Whole Foods nearby (with a few exceptions like San Francisco proper).
The people in coffee shops there are younger, more Asian, and obviously very focused on either preparing for college, doing well in college, or kicking ass in their new careers. They’re basically high-grit people with educated parents or parents that highly value education for their kids.
The other types of people in these nicer communities’ cafes are 20s to 50s entrepreneurs meeting to talk about their businesses and their ideas. In these nicer areas I’d guess roughly 10% to 50% of the clientele at any given time are these types.
The staff in the restaurants are more attentive and courteous—no doubt due to the fact that they are working more for something to do and some side money, and not to support a family in an impossible situation.
The restaurants and businesses are well-kept, with functioning restrooms not covered in filth.
The streets, gas stations, and general infrastructure is more clean and presentable.
The people you see in stores and businesses and cafes are vibrant and energetic, and seem to obviously have some measure of optimism for their futures.


Polarization

The Anaphase step in Mitosis

What interests me about this situation is not just saying that some places suck, and some places are nice. That’s both rude and obvious.

What matters more to me are 1) the reasons this is happening, and 2) how this dynamic will continue to unfold over time. To me those two are strongly related, as I think they both share polarization, i.e., the bad places getting worse, and the nice places getting better.

This is where the dystopia comes in.

There are now indications that this investment could be slowing.

My hometown of Newark has two main shopping areas, and they’re both completely taken over by Chinese businesses at this point. Like, completely. Of course there’s nothing wrong with Chinese businesses, but there’s a play now for Chinese business interests to find decapitated spots in the Greater Bay Area and to just move in and take over.

That doesn’t sound positive for me. Not because of any crazy conspiracy or anything, but just because it’s the clearest sign that what existed before wasn’t strong enough to survive on its own. It’s a clear indicator of decline when a single force (like Chinese tea shops) can come in and replace most of your local businesses in a matter of moments.

So that’s one side: your businesses get hollowed out and replaced with new money from the outside. The infrastructure basically rots. There’s garbage everywhere. There’s either far more homeless, or they are forced into the streets. There’s no customer service because you can’t pay good people enough to work there and management has to cut costs by hiring fewer people. And the schools are bad, so none of the highly-education focused Asians want to live there to raise their families.

That spells the end of (or at least a prolonged decline of) cities like Newark in my mind. But it’s not just Newark. It’s all up and down the East Bay coast. San Leandro, Hayward, most of San Jose, etc. They’re epicenters of suffering, full of people basically resigned to a third-tier existence.

Enter the green zone

And then, right next door, you have these little thiriving areas. Cupertino. Palo Alto. Parts of San Francisco. Walnut Creek. Pleasanton. And many other small enclaves of the successful.

What fascinates me is how aware of the poor areas these places are. They know how bad it is out there. And they know they live in the nicer area. And while it’s hard to be inside someone’s mind, I can’t help but thinking that they’re protecting their spots. They’re gatekeeping, whether consciously or not—to keep out the riff-raff.

So you wouldn’t go into a Starbucks in Walnut Creek and find a homeless white guy playing video games all day while chasing out customers with his smell. That wouldn’t happen. They’d kick him out as soon as someone complained—if they even allowed him in.

The streets are cleaner. The gas stations don’t have as many gang signals carved on the pumps. More of the population is educated. And the schools are better.

So all the rich—and by rich I mean well-paid tech workers and other professionals mostly—all move there to start their families.

Dystopian Gravity

My real problem is what seems to be coming as a result of this stratification.

$16/hour is $32K/year, which is less than it costs to live in many places in the Bay Area

Service Workers can’t afford to live in most of the nice areas in the Bay Area. Hell, many of them have to come in from out in the desert, like Fresno and Modesto. But at the same time, the nice areas need cooks, and waiters, and cleaning staff.

It seems obvious that some sort of eventual solution will be something like servants quarters: areas of the nice parts of town that are designated for the help. None of the nice folk will go over there, and the people who live there will know they’re not welcome in the city unless they’re working. It’ll be a nice little arrangement. Right up until somoene (like me in this piece) realizes how goddamn disgusting it is.

We’re building a Red Zone / Green Zone situation. Right here in the Bay Area. Right now.

The only thing we’re lacking is checkpoints around the Green Zones to make sure people from the Red Zone are allowed in to do some work for the educated folk. You think that sounds crazy—and it does—but places like New Orleans are already hiring private security forces to protect nice areas. And numerous neighborhoods are investing in private security to keep out the undesirables.

I think this massive income disparity, the destruction of the middle class, and the polarization of neighborhoods into rich or poor is going to have a major effect on people. I think it’s going to inject a social discord and fragility into our overall society that’s going to be extremely unhealthy.

I wish I had answers, but ultimately I think the cause is the changing nature of work. There are basically fewer and fewer types of jobs that pay lots of money, and they can only be filled by people with certain gifts or lots of luck. And the other 90% will mostly be stuck with service work that barely pays livable wages even outside of the Bay Area and similar places.

That employment and income difference is what’s powering this entire thing, and like a fresh wreck on the freeway it’s both tragic and hard not to notice.

If you’re a student of this type of phenomenon, and/or live in the Bay Area, hit me up below or directly and tell me what I got right and wrong here. I’m eager to better capture the problem so we can start exploring solutions.

—

I spend between 5 and 20 hours creating this content every week. If you're someone who can afford fancy coffee, please consider becoming a member for just $5/month…

Start Membership

Thank you,

Daniel

This is a member-only even episode. Members get the newsletter every week, as well as access to all previous episodes, while free subscribers only get odd episodes every other week.

—

I spend between 5 and 20 hours creating this content every week. If you're someone who can afford fancy coffee, please consider becoming a member for just $5/month…

Start Membership

Thank you,

Daniel

I was doing the Twitter thing recently, and someone was talking about red teaming and I had an epiphany: Vaccination and Red Teaming are extremely similar.

Or at least they should be.

Here are some similarities:

The main purpose is to strengthen the defenses
It’s done by exposing defenses to the bad stuff
Its effect weakens over time, so you have to keep doing it
People who refuse to do it are more vulnerable to real attacks
The closer the exposure is to the real thing, the better
Various groups mandate them, and various groups fight that mandate

These are pretty striking to me.

There is some argument that most people just use regular old attacks, however.

The regulation angle is fascinating as well. All sorts of security standards require that adversarial testing is performed, but very few testing practices can actually mimic the type of attackers that are likely to come after a given target—especially for high-level attackers.

The problem is that real attackers are diverse, and use diverse toolsets, and I’d argue those are more varied (and tame) than the TTPs of security testers. And that in turn results in less immunity to the real stuff when it happens.

So that’d be something like immunizing for a Flu strain we saw in 1994, knowing that what’s coming next year won’t look much like it. Anyway, I’m not sure how deeply the analogy holds, but I think it is quite strong as a metaphor.

Basically, if you’re not emulating real adversaries to your WHATEVER then you’re more likely to be blindsided when they actually show up.

Be ready.

Summary


Both red teaming and immunization is based on exposure to real threats.
Both weaken in effectiveness over time and therefore require periodic re-applicaiton.
Both are being mandated by various groups, and are being carried out with varied levels of effectiveness.
Both have detractors who refuse to participate, and who leave themselves in weakened states as a result.

—

I spend between 5 and 20 hours creating this content every week. If you're someone who can afford fancy coffee, please consider becoming a member for just $5/month…

Start Membership

Thank you,

Daniel

If a rat is experimentally injected with infectious bacteria, it behaves a bit like I did after the dentist. It withdraws from social contact with other animals; it doesn’t move so much; its sleeping and eating cycles are disturbed.

In short, infection reliably causes a syndrome in animals — called sickness behavior — that is roughly recognizable as akin to the human experience of depression. In fact, you don’t even need to infect a rat to see this sickness behavior. It is enough to inject the rat with cytokines, proving that it is not the germ itself that causes sickness behavior but the immune response to infection.

Inflammation directly causes depression-like behaviors in animals — that is beyond doubt.

Source: The Link Between Inflammation and Depression – Member Feature Stories – Medium

I think this link—if it proves valid—will end up being one of the biggest breakthroughs in mental health in decades. Perhaps equal to the idea that much of our mental functioning takes place in our subconscious.

Last year I created a calculator for determining how depressed you’re likely to be, which also serves as a recommendation engine.

The quote from this article is just remarkable: you can produce depression in animals by challenging their immune systems. Now think of the depressed people you know. How many of them are physically active and eating good foods? How many of them have dental health issues?

In other words, how much of our current depression epidemic is associated with or directly tied to a state of immune system irritation?

Now ask a different question: how many people do you know who eat healthily—with lots of fresh vegetables and very little fast/junk food and who get lots of exercise—are depressed?

There are many causes for depression, so of course it’s possible to be a paragon of physical health and still be depressed.

Anecdotes are not data, but I don’t think I know any. Most are either horrible eaters, obese, sedentary, or all three. The first twenty of these studies I ignored as background noise, but the evidence seems to be adding up. I find it quite fascinating.

I still feel like it’s early in this area of research. And I’m not a doctor so I don’t feel comfortable being certain about these types of things. But here’s what I will say: if you’re in a bad spot, or know someone who is, there seems to be very little risk in entertaining this emerging theory around inflammation.

Consider looking at your diet, dental care, and other sources of inflammation, and then getting serious about exercise.

I think this is likely to (if these studies stand up to scrutiny) become the new standard for not just good health—but good mental health as well.

—

I spend between 5 and 20 hours creating this content every week. If you're someone who can afford fancy coffee, please consider becoming a member for just $5/month…

Start Membership

Thank you,

Daniel

Starting around October 1st I saw something catastrophic happen to my incoming traffic from Google.

Compared to the beginning of the year I have gone from around 10,000 pageviews a day to around 5,000—a 50% loss in traffic.

Once I noticed (which took a while), I started reading a ton of articles on all the various potential causes. Finally, after finding a few good ones and talking to my friends in the SEO business, I think I now have a good idea of what happened.

Keep in mind this is still theory, so I could find out at any moment that I was wrong.

Google released a number of major algorithm updates in the latter part of 2018. And at least one of them focused on what they’re calling Your Money or Your Life, which they abbreviate to YMYL.

Basically, they’re specifically trying to find—and punish—sites that make false claims about things that matter. And one of the ways they’re doing that is by trying to judge a site’s authority on particular topics.

Be sure to review Google’s SEO Guidelines.

There’s another tangent to this, which is a concept called “staying in your lane”. So if you’re a lawyer specialized in European Privacy, and you start going off about the Higgs Boson and how everyone’s wrong about string theory, well, Google might conclude that you’re talking out of your ass. The implication is that your overall trust ranking will fall as a result.

And that brings us to me and this website.

The other thing Google focuses on is called E.A.T—expertise, authority, and trust.

I’m a security guy. IoT Security. Application Security. I’m learning more and more about AI and ML, and have smart (but cautious) things to say about those topics.

But I also write extensively about things that have nothing whatsoever to do with security or technology.

Philosophy
Futurism
Politics
Creativity
Happiness
Etc…

To make things even worse, I also do a show called Unsupervised Learning, which is a podcast and newsletter about “Security, Technology, and Humans”.

An excerpt from a recent newsletter

It’s all over the place. I go from Chinese espionage plots to potential cures for cancer, to the future of work, to fiction book reviews.

I don’t think Google has any idea what to do with the site.

The obvious fact here is that both of these campaigns: “Your Money or Your Life” and “Stay in Your Lane” are coming from the urgent need to combat fake news. They’re looking for multiple ways to get there.

If I were building solutions to do this I’d be doing something like this:

Find out what an author is talking about


Parse their content and do topic analysis

Rate their authority on each of their topics


Look at inbound links
Evaluate samples of their factual claims in topic
Look for credentials on LinkedIn and About pages
Make sure they’re standing behind their claims

Lower the rankings of sites who score badly

I get it. It makes sense. And I admire them for doing it, because it’s a matter of literal national and global security.

The problem is that sites like mine seem to be getting destroyed in the process. And it’s clear why that’s the case.

If a site is talking about many disparate topics—especially in an open and tentative way—it’s extremely difficult to tell the difference between a solid but curious intellectual and a complete idiot. So they bring the SERP hammer in both cases.

For Google, their ideal (trustworthy) site is one that talks about one thing and one thing alone, and does so with good sourcing, with clear authors who have their backgrounds right there in the open, and that never branches into topics they’re not experts in.

Again, I get that. But that’s no way to be an intellectual. Not for me anyway. I find the world fascinating, and I’m going to talk about it. For a number of reasons I am going to be more careful with claims in some cases, more careful to add sources when the argument is helped by data, etc.—but I can only flex so far.

This site is fundamentally a personal project. It’s where I learn, and then organize and share what I learn. And I learn by consuming and thinking (out loud, on “paper”).

So I’m not sure how screwed I am. It could be that I have permanently lost half my traffic—or maybe that’ll continue to fall.

But what I hope is that Google will eventually figure out that people like me exist, and that sites like mine exist, and they’ll adjust their Fake News algorithms to take them into account.

One friend of mine—Thomas Zickell—believes that the answer is hub pages, where you make your categories super clear to Google through top-level navigation. This way (the theory goes) Google can clearly see that you have multiple lanes, and will hopefully judge you independently for each of them.

So ideally you could then rank extremely high for areas where you’re a careful expert, and where you have unique and creative thought, and then less high (or not at all) where you’re just riffing on ideas outside your expertise.

I’m betting that’s what Google is working on solving, and that these first swipes of the sword in 2018 were basically emergency efforts to get the house in order.

If you know anyone at Google who might know about this, please let me know.

If I had to guess, I’d say that 2019 will see a number of adjustments to those initial efforts that are designed to bring multi-discipline sites back into focus without opening the gates to the garbage that used to rank well for the wrong reasons.

Meanwhile, I’ll be working on other SEO hygiene trying to get some of my traffic back while they figure it out.

Notes


The other thing I’ll be trying in the meantime is making my overall content categories more clear in the top navigation.

—

I spend between 5 and 20 hours creating this content every week. If you're someone who can afford fancy coffee, please consider becoming a member for just $5/month…

Start Membership

Thank you,

Daniel

For people looking to get into reverse engineering, the barrier to entry can be fairly steep—starting with the terminology. Here are the differences between a few key tools of the trade.

Decompilers reverse binaries into higher-level languages, like C++.
Disassemblers reverse binaries into assembler language.
Debuggers allow you to view and change the state of a running program.
Hex Editors allow you to view and edit the source code of a binary.

Another set of things to know is the different kinds of programming languages. Here they are—from low to high levels of abstraction from the CPU.

Modern languages like Python and Ruby are considered high-level languages, but are functionally a level above.

Machine Code is the 1’s and 0’s executed by a CPU.
Assembler is the next level up, and is the first human-readable level, but just barely.
High-level—also called Compiled—languages include C and C++, and they’re the first level of functionally readable code.
Interpreted Languages are languages like Perl, PHP, Python, and Ruby, which require an environment to run them, trade readability for speed.
Bytecode Languages are languages like Java and .NET, which are cross-platform like Interpreted languages, but with similar readability and speed to compiled languages.


Summary


To go from binary to assembler, use a disassembler.
To go from binary to higher lanugage, use a decompiler.
To edit a particular part of a binary’s contents, use a hex editor.
To interact with an application as it’s running, use a debugger.

—

I spend between 5 and 20 hours creating this content every week. If you're someone who can afford fancy coffee, please consider becoming a member for just $5/month…

Start Membership

Thank you,

Daniel

Unsupervised Learning is my weekly show where I spend 5-20 hours finding the most interesting stories in security, technology, and humans, which I then curate into a 30-minute podcast & companion newsletter.

The goal is to catch you up on current events, show you the best content from around the web, and hopefully give you something to think about as well.

Subscribe to the Newsletter or Podcast

I often find myself in the unpleasant position of wishing I could send people a gift, but not knowing what to get them. What I like to get people are smallish things that produce absolute delight, like the perfect knife, whiskey glass, or end-table book.

So what I’m going to do here is capture my list of items to pick from when the occasion arises.

1. Yoshiharu Hamono Penato Knife

This is an extremely elegant knife that you can keep near the door, for opening envelopes and Amazon boxes.

$12

2. The Tungsten Spinning Top

$16

This Tungsten Top is like a fidget spinner, but more timeless.

3. Fredrick and Mae Playing Cards

$13

This is a unique and beautiful set of playing cards.

4. RAUK Heavy Tumbler

$50

This is a legit whiskey glass with some weight to it.

5. 8.25″ Kyocera Ceramic Damascus Sashimi Knife with Black Blade and Pikka Handle

$255

This is an extraordinary but non-traditional Sashimi knife with a ceramic blade and a black appearance.

—

I spend between 5 and 20 hours creating this content every week. If you're someone who can afford fancy coffee, please consider becoming a member for just $5/month…

Start Membership

Thank you,

Daniel