Exploring the intersection of security, technology, and society—and what might be coming next...
Standard Web Edition | Ep. 305 | November 1, 2021
| SECURITY NEWS The US has banned China Telecom over national security concerns. The fear is that they could use their infrastructure to access, store, disrupt, and/or misroute US communications. They must discontinue their services in the US within 60 days. More US Intelligence agencies released a report on the origins of COVID 19. The FBI thinks it leaked out of a lab, but most other agencies think it happened naturally. None of the groups thinks it was created as a weapon. This matches well with the armchair analysis I and others in the UL community have done over these many months. Basically, the lab leak theory is unlikely, but it’s foolish to discard it outright without having good reason. More MITRE and CISA announced the 2021 CWE Most Important Hardware Weaknesses List. Interesting list. Top hits were: Improper isolation of shared resources on a SOC, improper access control for on-chip debug and test interfaces, and improper prevention of of Lock Bit modification. More NSA is hiring people for “cyber careers” with CS, C/EE, Intelligence, and Math backgrounds. More The US is working with Taiwan to secure the chip supply chain. More Incidents:
TECHNOLOGY NEWS Facebook changed its name to Meta, and they’re spending at least $10 billion on it this year. More | My Analysis Tesla got an order for 100,000 cars from Hertz, and the resulting bump in its stock price made it a $1 trillion dollar company. More US regulators are looking at how banks might be able to get into crypto to avoid being left behind. More After Apple’s stock dip from its earnings call, Microsoft became the world’s most valuable company. Not sure that’ll hold for long, though. More If you have a Tesla with the latest update, you can now remotely stream video from your car’s cameras. More Photoshop is about to get the option to prepare an image as an NFT. More Microsoft is going to work with community colleges to fill 250,000 cybersecurity jobs. More Tim Cook said Apple lost $6 billion due to supply chain problems, and that they’ll lose even more more this quarter. But they still crushed it with $83 billion in revenue, which is up 29%. More Niantic just launched its new AR game, Pikmin Bloom, which is like a seed & plant version of Pokemon Go. You have to walk around outside, plant seeds, see them grow into plants, and journal about your activities. More Patreon is exploring crypto as a way for creators to earn more money. More Companies:
HUMAN NEWS A new meta-analysis found that high levels of vitamin D3 are inversely correlated with COVID-19 mortality. I would add this to the list of “make sure you’re D3 is high enough”, but I’m not skilled enough with this science to read this paper properly and tell if it’s a slam dunk or just another drop in the bucket. What I can say for sure is make sure you’re not D3 deficient. More Texas Republicans are looking to make Texas the center of the US crypto world. I guess this is on-brand, given the decentralized and counter-government vibes of advocating for a competing currency to the USD. More A new study by the CDC says vaccination protects against COVID better than natural immunity due to infection. More 35% of registered voters in the US think the last election should be overturned. More CONTENT, IDEAS & ANALYSIS Thoughts on Facebook Meta — This move by Facebook is genius on multiple levels, and I feel like the only way it can fail (at least completely) is if it’s too early. Full Essay NOTES I’m almost done with the new Pinker book, Rationality. Really, really, good. It’s like a massive collection of pitfalls for thinking clearly. I’ve been watching tons of Vim content on YouTube. It’s pretty much Vim, Chess, and Table Tennis in my history. Yep, nerd central. Anyway, I highly recommend these two plugins (HT to The Primeagen) which have been much-desired upgrades. They give me fish-like autocomplete for commands, plus a really cool sytnax highlighting for in/valid commands while doing so. Also, I highly recommend lsd as a replacement for ls. More | Bad | Good DISCOVERY Is Korea the new cultural superpower? More Shodan Trends — See trends in internet attack surface. More Atlas of Surveillance — More Slow Down, Finish Faster More iFixit did a teardown of Apple’s out-of-stock polishing cloth. More Repeat Yourself, a Lot More The 37-Year-Olds Are Afraid of the 23-Year-Olds Who Work For Them More Beyond Smart, by Paul Graham More Threat Matrix CI/CD — A common threat matrix for CI/CD. More | by Rung SSRFmap — Takes a Burp request file and fuzzes for SSRF. More | by Swissskyrepo Browser Fingerprinting — A bunch of tech and discussion that will help you build a web scraper that will be harder to block. More | by Niespodd Embark — The firmware security scanning environment. More | by e-m-b-a MVSP — Minimum Viable Secure Product. A minimum security baseline for enterprise-ready products and services. More | The List RECOMMENDATIONS Conflicts with people we care about are too often caused by, 1) one or both parties not knowing what they want from life, or 2) one or both parties not honestly articulating what they want from life. Try your best to be good at both of those. Figure out what you want—what you really want—and be willing to ask for it from those you share your life with. This will polarize some relationships, but that’s ok. What remains will stand on a stronger foundation. APHORISMS “All human activity is promoted by desire.” ~ Bertrand Russell |
