If you haven’t heard yet—which is unlikely—there’s a problem with hiring in cybersecurity. The issue is we’re not sure of the nature of that problem. A number of studies are talking about there being 3.5 million unfilled cybersecurity positions by 2021. But many are in that same market looking for work and are unable to find any. So…
On the History of Watches
Some friends just commented about a video on Twitter where a watch guy basically described why real watches are real watches, and technology-based watches like the Apple Watch don’t qualify. You should take a moment to watch the video. I agree with many of his points, and I’ve recently consumed a number of similar opinions from similar people.…
Preparing to Release the OWASP IoT Top 10 2018 (Updated: Released)
[ UPDATE: The project is now live here. ] Please give your feedback on the list here. The OWASP Internet of Things Top 10 has not been updated since 2014, for a number of reasons. First of which was the fact that we released the new umbrella project that removed focus from the Top 10 format. This, in…
Humanity’s Ultimate Red Pill
Man can do what he wants, but he cannot will what he wills. Arthur Schopenhauer One of the most powerful concepts in the Matrix was the idea that people were separated into two groups: those who could only see the world as it appeared, and those who could see its true form. I am saying 5% because of…
How I Reduced My Spam Phone Calls by 90%
Many of the calls are actually in Mandarin, which I don’t speak. Over the last few months I’ve seen my spam phone calls go from around one a week to like ten a day, and it’s been infuriating. After a good bit of Googling, I ended up coming up with two solutions that reduced the problem by around…
Stop Trying to Violently Separate Privacy and Security
I just stumbled upon an article by Mark R. Heckman, Ph.D, CISSP, CISA that—like so many others in the industry—wildly contorts himself to make a distinction between security and privacy. He writes: I argued here why I don’t think this difference matters as much as people think. Without a clear understanding of the difference, data security and privacy…
Feedly Feature Request: Custom Long-press
This post will serve as a feature request for my preferred news reader—Feedly. The feature is called: Custom Long-press Custom Long-press pro Custom Long-press is a feature that allows users to assign an arbitrary function to the long-press action within Feedly. Examples might include sending to the Safari Reading List, Sharing on Buffer, etc. My current workflow for…
How Technology Increases Production Without the Need for Humans
Over the last several years I’ve been reading extraordinary amounts about the future of artificial intelligence, and how it’ll affect human work. I’ve written about this extensively here, so feel free to explore if you’re interested. Recently a reader reached out and pointed me to a video by Moshe Vardi of Rice University. The reader was himself a…
My Analysis of the Disconnect Between Sam Harris and Jordan Peterson
If you follow the work of either Jordan Peterson or Sam Harris you’ve no doubt seen them engage each other in various ways over the past year or so. Jordan has been on Sam’s podcast, which didn’t go well. They talk about each other to their respective audiences, and now they have a new video podcast series together…
Unsupervised Learning: No. 141
Subscribe here to get this in your inbox every week. Security News 😮 The governments of the “Five Eyes” (US, Australia, UK, Canada, and New Zealand) have asked the world’s largest tech companies to build encryption backdoors into their systems. But more than just asking, they also said, ”Should governments continue to encounter impediments to lawful access to information…
My Current Top 3 Intellectual & Creative Challenges
Just on a personal note, I want to capture three of my top projects right now: Learning and implementing machine learning. This includes getting a decent understanding of the math that goes into it, but not going too deep there. The primary focus is to be able to make real-world predictions for real-world problems. Making electronic music. Specifically…
Concise Argument and Evidence That Steven Pinker is Wrong About How Good Things Are
As I covered in this earlier piece, despite having massive respect for Steven Pinker, and loving his latest book, Englightenment Now, I think he’s very, very wrong about the current state of America. My opinion on this is best described as a feeling of increasing unease—which is an emotion—but I only arrived at that emotion after consuming a…
5 Things You Didn’t Know You Could do with Nmap
For those who have been in information security for a while, nmap is like a warm and familiar blanket. Except this blanket kicks ass. It is—without question—the most versatile portscanner ever. A lot of people know that. Read my masscan tutorial. What fewer people know, however, is that with NSE scripting functionality nmap can do things you wouldn’t expect from a portscanner.…
The Most Important Questions
I think it’d be a useful exercise to try to capture the most important questions in the world. Here’s an initial attempt: If we don’t have free will, how should we build a society in such a way that both accepts this truth yet doesn’t descend into nihilism or other negative philosophies?If we were designed by evolution, and…
The Future of Work is Everyone Running the “Work” App
Let me propose one potential future to you—a future where most everything is done through the gig economy. Here is roughly how that might take place. Companies get rid of many or most of their employees, and decide to go with short-term contracts instead. There is extraordinary data showing that 94% of job growth (jobs created vs. jobs…
The Future Belongs to Those With Grit
If you’re not imbuing your children and friends with grit—as a core part of their identity—they will soon be driving rich people around and bringing them food. Rich people who probably have grit themselves. Grit /’grit’/ noun A positive, non-cognitive trait based on an individual’s perseverance of effort combined with the passion for a particular long-term goal or…
Rewards Programs Are Another Way We Pay for Things With Our Data
There’s a famous, often-misattributed quote in the tech scene that says something like: If you’re not paying for a given service, then you’re not the customer—you’re the product.Many people, going back to the 70’s This is fairly well understood for services like Google and Facebook, where the service is basically free but the companies make most of their…
The Difference Between Deductive and Inductive Reasoning
Pretty much anyone who thinks about how to solve problems in a formal way has probably run across the concepts of deductive and inductive reasoning. As with all my tutorials, the purpose of this article is to explain the differences between these two approaches as clearly as possible. Both deduction and induction are often referred to as a…
A Chromium-based Command-line Alternative to Curl
If you’ve spent any time coding in InfoSec, you’ve probably used a ton of curl to pull websites, check them for various issues or attributes, etc. This will follow redirects and provide a non-curl User Agent. curl -LA 'Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_3 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8J2 Safari/6533.18.5' reddit.com…
Companies Are Relaxing Their Degree Requirements to Find Top Talent
Glassdoor just compiled a list of top companies that are dropping college degree requirements. There are a couple of different ways of looking at this. One is to say that the job market is so hot—in favor of employees—that companies are relaxing standards just to get people in. Another way to see it is that the correlation between…
Unsupervised Learning: No. 139
Subscribe here to get this in your inbox every week. Security News TLS 1.3 is finalized and should start rolling out everywhere soon. Adoption is expected to be quick. Link Burp continues to impress with its massive campaign of improvements and blog posts describing them. They recently just talked about how they’re adding point-and-shoot scan functionality, where you…
Unsupervised Learning: No. 137
Subscribe here to get this in your inbox every week. Security News The DHS is launching a new group to protect critical infrastructure. Link Cisco is buying Duo Security for $2.35 billion. Link Reddit had a security incident related to SMS 2FA, and their write-up on it is quite solid. I can actually gain trust in a company…
Unsupervised Learning: No. 136 (Member Edition)
This week’s topics: Air marshal surveillance, Russians hacking control systems, Google 2FA, 23andMe sharing your data, Pentagon’s DoNotBuy list, technology news, human news, discovery, notes, recommendations, and the aphorism of the week… Every week I spend 5-20 hours finding the most interesting stories in security, technology, and humans, which I then curate into a 30 minute podcast &…
It’s Becoming Difficult to Discuss Interesting Topics With People Who Don’t Read
Books are a uniquely portable magic.Stephen King The more I read the more I find it difficult to talk to people who don’t. I am aware of how bad that sounds, but it’s not what you’re thinking. It’s not as if I don’t like talking to people who don’t have certain views, or who don’t have a certain…
Anatomy of the American Death Spiral
America is struggling in a way that it never has before. This is not like the last times. It’s not a recession. It’s not even a depression. It’s a catastrophe. Here’s some additional context around what I’m talking about here. The reason this time is so different is that Americans have always had something solid to fall back on…
Humans Oscillate Between Wanting Novelty and Familiarity
I was listening to a random episode of the a16z podcast a few years back, and a guest on the show said something random that I thought was profound. I’m not sure the exact quote, but it was something like: We bounce back and forth between wanting something new and wanting to experience patterns that we recognize. It…
DNS Rebinding Attacks Explained
A lot of people have questions about the concept of DNS Rebinding attacks, and many of the overviews dive too deep into the details. Here’s a simple explanation that should help those having trouble getting it. DNS Rebinding lets you send commands to systems behind a victim’s firewall, as long as they’ve somehow come to a domain you…
The Problem With Pinker’s Positivity
I recently finished Steven Pinker’s Enlightenment Now, which was remarkably well done. I particularly loved the later chapters on science and reason, which talked about how far these have brought our society, and how far they can continue to take us. In general, the book argued—similar to his previous work The Better Angels of Our Nature—that we should…
How to Become a Superforecaster
I just finished Steven Pinker’s latest book, Enlightenment Now, which turned out to be fantastic. I was frustrated in the first two-thirds of the book for reasons I won’t go into here (it seemed too positive while ignoring negatives), but the final several chapters were spectacular. Those chapters mostly focused on science and reason, and why they’re so…
The Difference Between Ex-Ante, Post Hoc, Ex Post, A Priori, and A Posteriori
If you do a lot of (good) reading you have probably run into a few highbrow, Latiney sounding phrases like those in the title of this post. I’m guessing you almost looked them up several times, but if you’re here you finally did. Well done. Here they are. Ex Ante means before the event, and is basically a…
The Evolution of the SOC and the CSIRT
We’re starting to see significant debate around the terms SOC vs. CSIRT, and which one companies should have. As with most such debates in tech—which is moving almost as fast as we can lock down definitions—the issue is largely one of semantics. To start, Wikipedia says a SOC is a centralized unit that deals with security issues on…
Why I Use a Single-screen iPhone Configuration
There are lots of ways to organize the apps on your phone. You can have lots of screens of single apps, or you can have lots of screens of app folders, or you can have something in-between. I do something simpler. I have one screen of apps, and everything else I have to invoke via the down-swipe. Not…
New Study Shows You Can Predict Credit Rating From Your Online Tech Fingerprint
For anyone who’s been worried that their online fingerprint was going to be used against them, this paper will provide them their vindication. Here’s how they describe the analysis: As a simple example, every website can effortlessly track whether a customer is using an iOS or an Android device; or track whether a customer comes to the website…
What The Code of Hammurabi Can Teach Us About Hardware and Software Liability
The Information Security community has been debating software reliability for decades. Some say software is too advanced to place guarantees on it. And others say that unless we hold creators/builders responsible, nothing will improve. Nassim Taleb’s Skin in the Game is what got me thinking about this topic. As it turns out, the most ancient law that we…
My Thoughts on America in June of 2018
I’ve been writing more defined and concise posts lately—usually clean ideas that have a beginning and an end. I like it, and I plan to keep doing it. But not today. Today I just need to write. Today this will be an old-school blog, or a journal. There are a lot of things happening in America right now.…
Tactical Advice for Clearing Depression
I have been drawn to questions of happiness and fulfillment for much of my adult life. I’m not sure the reason for that, but I think it’s a combination of some things in my family history, it being an extremely hard problem, and the fact that so many people I know are deeply unhappy. The suicide rate in…
Free Will’s Absurdist Paradox
Philosophers and scientists have been debating the concept of free will for centuries. While there are many nuances and subtleties, there are generally three main positions. Libertarian Free Will is the idea that we have a completely free will that is not significantly determined by our makeup or our surroundings. Basically, our choices are our own, and physics…
The Platform and Candidate That America Needs in 2020
America has been stumbling for quite some time due to its lack of adaptation to a changing world. The classes are separating again (as they always do when there’s no catastrophe), we’re about to lose even more jobs to automation and AI, and it’s becoming increasingly difficult for average Americans to afford basic items like rent, healthcare, education,…
Security and Privacy Are Not As Different As People Think
There’s a common belief in InfoSec circles that Security and Privacy are related, but that they’re different enough to constantly mention the distinction. I don’t think the difference should matter much to defenders much at all, and in fact if you look close enough the distinction nearly vanishes. They are simply different aspects of the unified goal of…
Examined But Absurd (A Poem)
How strange it is that we live this way Unable to know what next we’ll say We feel control that cannot be And sense a freedom we cannot see Some drive to push and conquer all And those who don’t deserve to fall But what’s deserve when no options exist For the poor are just those with luck…
The Most Exciting Features from the WWDC 2018 Keynote
This year’s WWDC Keynote was all about software, and it had updates for iOS, macOS, watchOS, and tvOS. Here were my favorites. iOS Share back in photos Siri shortcut integrations Shortcut editor Travel plans Heading home Screentime Time limits Allowances Memoji Personalized animoji Group FaceTime with up to 32 people Pivot directly from Messages to group FaceTime watchOS…
How to Have Amazon Polly’s AI Voice Read Your Newsletter as a Podcast
I’ve just published my first podcast episode (Episode 128) using Amazon Polly—Amazon’s AI-based text-to-speech engine. Listen to the episode here. It’s quite good—much better than the few others that I’ve tried. What I quite like about it for my podcast is that I can use SSML syntax to insert pauses at appropriate points. For example, I like a…
Unsupervised Learning: No. 128
This week’s episode of Unsupervised Learning is now available. Subscribe below and get this episode’s podcast and newsletter. This week’s topics: Pentagon background checks, China using machine learning in schools, Rusian ethnicity detecting AI, US Military presence in Africa, Atlanta lost dashcam footage, Kidnapping insurance, Technology News, Ideas, Recommendation, Aphorism, and more… Listen to this week’s Podcast Become…
Automated Situational Interpretation and Prediction (ASIP)
Any time you see us using cameras to feed a Machine Learning algorithm, I think we’ll start calling that Machine Learning Vision, and, eventually, Computer Vision. The key point is that computers can parse video (and other sensor data) and figure out things that even humans cannot. The combination of audio, video, heat, other types of EM waves,…
I’m Not (Overly) Concerned About Smart Speaker Security, And You Shouldn’t Be Either
I have a 1,001 friends in InfoSec who I hear things like this from on a regular basis: I’d never put one of those things in MY house! I’m in security! They’re going to find flaws in those things, you wait and see! Then when something happens, like a private conversation being sent to a random person, they…
Economic Inequality is the Norm, Not the Exception
I read and think a lot about technology, automation and how it will impact humanity. One of the most important dynamics there is the potential for technology to increase income inequality, and for automation to take jobs from those who need them most. For some reason—perhaps my being born and raised in the San Francisco Bay Area—I have…
The Single Reason Harry Potter is Better Than the Marvel MCU
I’ve been having a heated discussion with a friend about why I can only take Marvel movies so seriously, and why it’s objectively lower quality entertainment than Harry Potter. There are spoilers below for Harry Potter, Infinity War, Deadpool 2, and The Bible. The answer is death. Humans, as a rule, don’t value that which they cannot lose,…
Security Report Analysis: 2018 DBIR Report
In this Security Report Analysis (SRA) series I look at various security reports and pull out the main points. This doesn’t replace a complete and detailed read of these reports, but it exposes you to some of the key takeaways that you might not otherwise have seen. REPORT: The 2018 DBIR Report Key points These points are a…
The Waking Up Podcast: Sam Harris vs. Sean Carroll on Free Will
Sam Harris recently had Sean Carroll on his Waking Up podcast, and to my delight they arrived pretty quickly at the free will topic. You can read more of my free will content here. Carroll is both a physicist and a compatibilist, which was both surprising and exciting. It was surprising because I naturally expect hard science types…
John Gruber Wrong About the Duplex Demo
John Gruber of Daring Fireball took a big shot at Google Duplex recently. He basically said that the way the demo was conducted should make us doubt the legitimacy of the tech. Why not demo it live? Why only play recordings? When is it rolling out to actual customers? Was there a hands-on after the event where members…
- « Previous Page
- 1
- 2
- 3
- 4
- 5
- …
- 43
- Next Page »