I'm Daniel Miessler, and I spend 5-20 hours a week consuming books, podcasts, papers, and articles in the areas of security, technology, and humans.

I then curate what I've learned into a concise summary/analysis, which is available in both a newsletter and podcast format.

It's Content Curation as a Serviceless time searching, more time learning.

🛡️ Security News

The Telegraph has found strong links between Huawei employees and Chinese intelligence agencies. The Huawei counter was that this was extremely common among telecom companies, and that it wasn't a big deal. The counter to that counter was, basically, "Well, then why did you try to hide it?" /gg More

The NPM security team caught a malicious package designed to steal cryptocurrency. A lot of these packages work by uploading something useful, waiting until it's used by lots of people, and then updating it to have the malicious payload. My buddy Andre Eleuterio did the IR on the situation there at NPM, and said they're constantly improving their ability to detect these kinds of attacks. Luckily NPM's security team had the talent and tooling to detect such a thing, but think of how many similar companies aren't so equipped. I think any team that's part of a supply chain should be thinking about this type of attack very seriously. More

Federal agents are mining state DMV photos to feed their facial recognition systems, and they're doing it without proper authorizations or consent. To me this has always been inevitable because—as Benedict Evans pointed out—it's a natural extension of what humans already do. You already have wanted posters. You already have known suspects lists. And it's already ok for any citizen or any cop to see any person on that list and report them. In fact it's not just possible, it's encouraged. So the only thing happening here is that process is becoming a whole lot more aware (through more sensors), and therefore more effective. Of course, any broken algorithms that identify the wrong people, or automatically single out groups of people without actual matches, those issues need to be snuffed out for sure. But we can't expect society to not use superior machine alternatives to existing human  processes, such as identifying suspects in public. That just isn't realistic. Our role as security people should be making sure these systems are as accurate as possible, with as little bias as possible, by the best possible people. In other words, we should spend our cycles improving reality, not trying to stop it from happening. More

Google keeps your purchase history even after you delete all your emails, which is supposed to be how to remove the items. Instructions told users to delete the email to delete the purchase history, but this person deleted all their emails and the purchase history was still there weeks later. Stunning. It's almost like they're an ad company masquerading as an email and search provider! More

Nearly a third of the top VPNs are owned by six Chinese companies. Seriously all: if you're savvy enough to want a VPN, you should be using Algo, which uses WireguardMore

Iran and China appear willing to unite against the US in offensive cyber operations. More

⚙️ Technology News

MIT and IBM have created a tool that can add and remove objects automatically from images. You just pick the "tree" brush, for example, and paint on the image, and it will place a tree there in a completely believable way. The demo video is stunning. We're getting closer than ever to needing authentication for everything we perceive. Someone's going to make billions on authenticated images, audio, and video. More

Cloudflare had a major outage that was caused by a bad software push. It lasted about 30 minutes and affected thousands of sites around the world. It was a misconfigured rule in the WAF that had a regex that caused a 100% CPU spike, and ultimately 502 errors. This has always been my nightmare, personally: being forced to write filter rules and you push them and they take everyone down. More

👧🏼  Human News

Japan has resumed commercial whaling after 30 years. It's easy to bash them without reading more, but it appears that they're attempting to go after whales that are not endangered, and in small numbers. But that doesn't quite add up to me. The article says that only a couple of hundred whales will be allowed to be killed, but I don't see how you can tell an entire country that whaling is now legal and not get far more kills than that. I do empathize for those who live in small towns and see whaling as part of their culture. I just wish the world were such that they could have their culture and the whales could live in safe numbers at the same time. Like an ecosystem. More

💡 Ideas, Trends, & Analysis

If we don't allow people to sell their kidneys, why do we allow them to sell their data? More

We should plant 1 Trillion trees to pull carbon dioxide out of the air. If it works too well, we'll cut some down. And if it doesn't work, we'll just have more trees. More

Based on a Twitter thread I just saw, I'm going to look into copyrighting my PII. More

Why remote work isn't going away. More

Now here's an interesting idea: maybe hatred is getting so popular because it enhances self-esteem. In other words, as we lose our meaning structures through the loss of family and religious bonds, we look for alternate sources of self. And if hatred checks that box, then you can be sure we'll use it. It makes sense. Nothing makes you feel more solid in your beliefs and your character than screaming, "Get off my lawn!" at full decibels. More

🔭 Discovery

Passports rated by how powerful they are (DATAVIZ) More

What makes things go viral on Hacker News More — A collection of resources for startups that need to do security. More

25 words that are their own opposites. More

🔥 MapSCII — An actual map in the terminal. More

📓 Notes

I am around 2/3 through Fall, by Neal Stephenson. I keep alternating between bored, annoyed, and impressed. I think I'll finish it and not do any Stephenson any time soon, if ever. 

I've been thinking a lot about tinkering with some fiction writing myself. I want to do it mostly because it seems impossible—kind of like making electronic music. I thought about making something in the future about myself, but had an initial squeamish feeling about that which was backed up by a friend. People don't like reading other people writing about themselves. It's masturbatory and arrogant. I think that's a vibe that Stephenson has, come to think of it. It's like he's in a blues band but he took the entire booked studio time doing an Yngwie Mamlsteen solo on his own guitar. I don't want to be that guy, but writing as yourself is so easy, and it would give me time to focus on what matters, which is the ideas and the setting. I think in the meantime I'm just going to capture a bunch of ideas that I like, and see what people think about them.

I'm really excited to get back to non-fiction after this Stephenson book. So much I can't wait to read. I think I'm going to start by finishing John Brockman's collection of peoples' opinions on AI.

🖊️ Recommendations

Bill Gates' three questions:
  1. Did I devote enough time to family?
  2. Did I learn enough new things?
  3. Did I develop new friendships and deepen old ones?

🦉 Aphorisms / Quotes

“What do you want to avoid? Such an easy answer: sloth and unreliability. If you're unreliable it doesn't matter what your virtues are.”

~ Charlie Munger

“Help me (emotive gesturing)…help you…”

I spend around 20 hours on the show every week, and if you get value from it, please consider becoming a supporting member for just
$5/month (or $50/year). Members get the newsletter every week instead of twice a month.


Thank you,

: :



: :

Copyright © 2015-2019 Daniel Miessler, All Rights Reserved

Click here to stop receiving the Unsupervised Learning Newsletter