All right couple weeks into January 2020 CES episode to eleven starting off security news California's new privacy law. This CPA went live on January 1st but similar to GDP our people aren't exactly sure what that means. The core the new law states that if your company has data for over fifty thousand California residents you need to explain to them exactly what you're doing with it and customers can also ask that you don't sell it or that you delete it and there's some other stuff there as well. But that seems to be the core of it. There's a new shopworn exploit that makes it even easier to attack hashes but which I won in a lot of people are talking about the possibility of using Blake too as a replacement for a shot to especially within systems like get because it's 10 times faster than try to. But yeah a lot of people are really worried about the integrity of systems like get because foundationally it's a bunch of SHA 1 hashes there appears to be a new trend with ransomware groups where they're not just encrypting the data and charging the victim to decrypt but they're actually taking a copy of the data first and then storing it. So they have more options to monetize it later which is smart and can scary. Ring fired for employees for looking at customers videos. And you might want to avoid writing 20 as an abbreviation for 20 20 on official documents like checks if you still use cheques. Because someone can come behind you and add things to that 20 that you just wrote right. So they're going to at 2010 or 2018 or 2022 seems pretty low probability of an attack but worth knowing about and why not just write to 120. Meters released attack content for industrial control systems attackers are now targeting telecom companies directly so they can get access to customer mobile numbers which allows them to bypass S.A. authentication really what they're talking about is getting access to the ability to do a sim swap. I think this is this article is really saying we have evidence now there's more evidence that attackers are actually targeting these companies but I imagine this has been going on for some time yeah. This Sim swap issue is super serious. I mean basically someone's mobile number today is really a proxy for their identity and if you can break into these companies and. Switch that mobile number to another device that's really serious really really looking forward to telecom companies having a better solution to this. Right now it's basically can you trick the not very well paid customer service person who is dealing with bad documentation and you know poor process and that's what stands between you and having your number stolen. The UK is new offensive cyber security force run by the Ministry of Defence in the GC HQ is nearly ready to go live just in time for Iran shenanigans the US may cancel a civilian drone program based on DJI drones which is a Chinese company due to surveillance concerns. They're worried that it's basically like a giant land mapping project and they're worried that it's going to be used for surveillance and other similar projects actually involving DJI and the military have already been canceled as well for similar reasons. So related to the earlier story someone actually did an analysis of how easy it is to swap a SIM card to gain access to someone's mobile number on five different carriers. And really what they tried to do was you know see what the rules were and map out what that process looks like for the major carriers and their takeaway is that it actually is really easy and s a mess is not a good option which I think we already knew. But I like having data that backs it up. I don't think it's quite strong compared to not having it which a lot of people disagree on. But. Most security people that I know do still think it's better but it's nowhere near as good as having outpaced in someone found a database of 56 million Americans personal data sitting on a Chinese IP address. The data was evidently collected by people finder website called check people dot com. So that is unpleasant and a Texas school district got fish out of two point three million dollars fishing is absolutely stoking because even if all the technical controls work fishing will still work because. Until people are completely replaced by automation I mean they're still going to be making decisions and they're still going to have to have authority to do things and that's what we'll be attacked by the fishing. Advisories. There's a critical Citrix net scalar RC with an active exploit actually out there a trusted second a couple of other groups have put the exploit out already trusted SEC only released it because other people already put it out. But this is CBS s nine point eight and if you have any net scalar slash Citrix you need to get this patched immediately. If it's not compromised already critical Android bug. Yeah really nasty. Firefox zero day under active attack. Millions of cable modems vulnerable to something called Cable hunt which is basically RC of your cable modem which includes the ability to change your DNS which is nasty and some updates for Chrome companies synopsis buys tin foil Technology News got the best of C yes winners from Engadget and the coolest thing I saw here was the wee things scan watch which is a round watched an EKG on it last for 30 days looks quite good. I might actually buy one Warner Brothers is about to start using A.I. to help them decide if they should make a movie or not. I've always wondered when they were actually going to do this. Like just point him unsupervised learning or whatever kind of algorithms you have that work for this. Point it at that repository of data about I am D.B. or actually feed data from the movie into the algorithms themselves so they can extract the features. And combine that with environment information like you know. How's the economy doing. What am I up against. What is the weekend what part of the year is it. What is the weather like all these are for things maybe not the weather because you don't know that before you make the movie. But as many factors as you can figure out right build that into the model and say Is this going to work anyway. I think it's pretty cool idea. I've always wanted to see what an algorithm would come up for rating various movies within I am to be. So we can get ready for us before and Thunderbolt for in 2020 but we don't have to worry about the connector actually because it's still you SBC really can't wait till everything is you SBC so I could take like forty nine cables out of my bag. Space X is looking to launch blacked out satellites to avoid Earth visible light pollution in space where you're basically looking up trying to look at the stars and just see a whole bunch of moving specs because there are so many satellites up there and actually Space X they believe. Has the most satellites that they think there was a story from last week.

All right couple weeks into January 2020 CES episode to eleven starting off security news California's new privacy law. This CPA went live on January 1st but similar to GDP our people aren't exactly sure what that means. The core the new law states that if your company has data for over fifty thousand California residents you need to explain to them exactly what you're doing with it and customers can also ask that you don't sell it or that you delete it and there's some other stuff there as well. But that seems to be the core of it. There's a new shopworn exploit that makes it even easier to attack hashes but which I won in a lot of people are talking about the possibility of using Blake too as a replacement for a shot to especially within systems like get because it's 10 times faster than try to. But yeah a lot of people are really worried about the integrity of systems like get because foundationally it's a bunch of SHA 1 hashes there appears to be a new trend with ransomware groups where they're not just encrypting the data and charging the victim to decrypt but they're actually taking a copy of the data first and then storing it. So they have more options to monetize it later which is smart and can scary. Ring fired for employees for looking at customers videos. And you might want to avoid writing 20 as an abbreviation for 20 20 on official documents like checks if you still use cheques. Because someone can come behind you and add things to that 20 that you just wrote right. So they're going to at 2010 or 2018 or 2022 seems pretty low probability of an attack but worth knowing about and why not just write to 120. Meters released attack content for industrial control systems attackers are now targeting telecom companies directly so they can get access to customer mobile numbers which allows them to bypass S.A. authentication really what they're talking about is getting access to the ability to do a sim swap. I think this is this article is really saying we have evidence now there's more evidence that attackers are actually targeting these companies but I imagine this has been going on for some time yeah. This Sim swap issue is super serious. I mean basically someone's mobile number today is really a proxy for their identity and if you can break into these companies and. Switch that mobile number to another device that's really serious really really looking forward to telecom companies having a better solution to this. Right now it's basically can you trick the not very well paid customer service person who is dealing with bad documentation and you know poor process and that's what stands between you and having your number stolen. The UK is new offensive cyber security force run by the Ministry of Defence in the GC HQ is nearly ready to go live just in time for Iran shenanigans the US may cancel a civilian drone program based on DJI drones which is a Chinese company due to surveillance concerns. They're worried that it's basically like a giant land mapping project and they're worried that it's going to be used for surveillance and other similar projects actually involving DJI and the military have already been canceled as well for similar reasons. So related to the earlier story someone actually did an analysis of how easy it is to swap a SIM card to gain access to someone's mobile number on five different carriers. And really what they tried to do was you know see what the rules were and map out what that process looks like for the major carriers and their takeaway is that it actually is really easy and s a mess is not a good option which I think we already knew. But I like having data that backs it up. I don't think it's quite strong compared to not having it which a lot of people disagree on. But. Most security people that I know do still think it's better but it's nowhere near as good as having outpaced in someone found a database of 56 million Americans personal data sitting on a Chinese IP address. The data was evidently collected by people finder website called check people dot com. So that is unpleasant and a Texas school district got fish out of two point three million dollars fishing is absolutely stoking because even if all the technical controls work fishing will still work because. Until people are completely replaced by automation I mean they're still going to be making decisions and they're still going to have to have authority to do things and that's what we'll be attacked by the fishing. Advisories. There's a critical Citrix net scalar RC with an active exploit actually out there a trusted second a couple of other groups have put the exploit out already trusted SEC only released it because other people already put it out. But this is CBS s nine point eight and if you have any net scalar slash Citrix you need to get this patched immediately. If it's not compromised already critical Android bug. Yeah really nasty. Firefox zero day under active attack. Millions of cable modems vulnerable to something called Cable hunt which is basically RC of your cable modem which includes the ability to change your DNS which is nasty and some updates for Chrome companies synopsis buys tin foil Technology News got the best of C yes winners from Engadget and the coolest thing I saw here was the wee things scan watch which is a round watched an EKG on it last for 30 days looks quite good. I might actually buy one Warner Brothers is about to start using A.I. to help them decide if they should make a movie or not. I've always wondered when they were actually going to do this. Like just point him unsupervised learning or whatever kind of algorithms you have that work for this. Point it at that repository of data about I am D.B. or actually feed data from the movie into the algorithms themselves so they can extract the features. And combine that with environment information like you know. How's the economy doing. What am I up against. What is the weekend what part of the year is it. What is the weather like all these are for things maybe not the weather because you don't know that before you make the movie. But as many factors as you can figure out right build that into the model and say Is this going to work anyway. I think it's pretty cool idea. I've always wanted to see what an algorithm would come up for rating various movies within I am to be. So we can get ready for us before and Thunderbolt for in 2020 but we don't have to worry about the connector actually because it's still you SBC really can't wait till everything is you SBC so I could take like forty nine cables out of my bag. Space X is looking to launch blacked out satellites to avoid Earth visible light pollution in space where you're basically looking up trying to look at the stars and just see a whole bunch of moving specs because there are so many satellites up there and actually Space X they believe. Has the most satellites that they think there was a story from last week.

Tesla's might soon gain the ability to talk to pedestrians via extra mile speakers. The one thing I love about Tesla is there more of a software product than any other car. You never know what features might be in the next update. I've actually wanted to mount one of those bullhorn things like automated one and somehow be able to control it from inside the car so I could just like say it like a cop voice. Just be like next time use your blinker or that was a very nice. Just talk to people like not in a super aggressive way but just call them out so they feel that. Thought that would be cool. You know how to mount something like that to a car. But maybe this will give that functionality although it seems like it could fuel road rage. Like if people were being super rude with it but I doubt that will happen because no one who owns a Tesla would be rude and there's a new D face swap app called W cat that people are excited about. You basically go a selfie or put it on gifs that you provide. Human news another study has found a strong correlation between cardio respiratory fitness and grey matter volume. Alcohol related deaths have doubled between 1999 and 2017 and suicide is up 33 percent in a similar timeframe think we have a meaning crisis. That's what I think the world's largest radio telescope is just come online in China. It is 500 kilometers no 500 meters across which is huge and Star Trek The card has already been renewed for another season. I think a lot of BitTorrent clients are going to be really happy about this. Ideas trends and analysis. Here's an idea. Maybe slow speed information is critical to healthy discourse. Kind of like low glycemic index foods. And maybe the faster and more condensed you can get something like. You just lose something. This is something that I read about in Neil Postman's. Amusing Ourselves to Death. Really great book. I think it was written in the 50s actually it was complaining about TV. As an iteration away from in-person and then radio then it was saying TV was breaking everything. Imagine if you had seen this but I thought that was interesting. Like maybe you just need slow difficult information to have a healthy society. And related to the previous story alcohol deaths doubling 20 years. Suicide up 33 percent in the same timeframe. This way of a serious problem with Pinker's optimism in his last two books. It's not that any of his data are actually wrong that I that I know of anyway. The book is extremely well researched right. The problem is that people don't judge their happiness using the relative experiences of previous decades or centuries like we do. Our brains don't care about how happy our ancestors were. We focus on the present. We how we compare with our peers. And other images that we think we should be aspiring to write or we should be at the level of so I don't think his books were wrong they just totally missed the point. In these suicide statistics and these deaths by alcohol. In my mind they're likely to be related to that they could not be. I mean this is it is conjecture but it seems logical to me. College kids are starting to see big tech a lot like Wall Street where Big Oil basically lucrative but with a moral tradeoff due to their unscrupulous business practices. Evidently becoming a big theme on college campuses. And Equifax is stock rose 50 percent in 2019 and Facebook stock is at an all time high right now. Looks like the relationship between bad behavior and bad outcomes isn't always as solid as we might like. And around one in five Americans uses a smartwatch or a fitness tracker 10 percent. Updates wrote an essay called visibility and understanding create both tools and weapons. Think you will like it. Check it out. Row one called why high end podcasts reduce the base in their audio which you should be hearing in this right now actually should be like a cleaner brighter sound as opposed to like a deep rumbling sound which I used to be into. Yeah I was super into that he sound but it turns out it mixes really poorly with surrounding noise especially road noise. So NPR basically said look we need to cut this out. So they used their mike which say Mike that I have to pull sound out of the bottom range and the high pitch is supposed to basically cut through road noise subway noise surrounding conversation and stuff like that and cut right through and get your ears so I'm trying it out.

Tesla's might soon gain the ability to talk to pedestrians via extra mile speakers. The one thing I love about Tesla is there more of a software product than any other car. You never know what features might be in the next update. I've actually wanted to mount one of those bullhorn things like automated one and somehow be able to control it from inside the car so I could just like say it like a cop voice. Just be like next time use your blinker or that was a very nice. Just talk to people like not in a super aggressive way but just call them out so they feel that. Thought that would be cool. You know how to mount something like that to a car. But maybe this will give that functionality although it seems like it could fuel road rage. Like if people were being super rude with it but I doubt that will happen because no one who owns a Tesla would be rude and there's a new D face swap app called W cat that people are excited about. You basically go a selfie or put it on gifs that you provide. Human news another study has found a strong correlation between cardio respiratory fitness and grey matter volume. Alcohol related deaths have doubled between 1999 and 2017 and suicide is up 33 percent in a similar timeframe think we have a meaning crisis. That's what I think the world's largest radio telescope is just come online in China. It is 500 kilometers no 500 meters across which is huge and Star Trek The card has already been renewed for another season. I think a lot of BitTorrent clients are going to be really happy about this. Ideas trends and analysis. Here's an idea. Maybe slow speed information is critical to healthy discourse. Kind of like low glycemic index foods. And maybe the faster and more condensed you can get something like. You just lose something. This is something that I read about in Neil Postman's. Amusing Ourselves to Death. Really great book. I think it was written in the 50s actually it was complaining about TV. As an iteration away from in-person and then radio then it was saying TV was breaking everything. Imagine if you had seen this but I thought that was interesting. Like maybe you just need slow difficult information to have a healthy society. And related to the previous story alcohol deaths doubling 20 years. Suicide up 33 percent in the same timeframe. This way of a serious problem with Pinker's optimism in his last two books. It's not that any of his data are actually wrong that I that I know of anyway. The book is extremely well researched right. The problem is that people don't judge their happiness using the relative experiences of previous decades or centuries like we do. Our brains don't care about how happy our ancestors were. We focus on the present. We how we compare with our peers. And other images that we think we should be aspiring to write or we should be at the level of so I don't think his books were wrong they just totally missed the point. In these suicide statistics and these deaths by alcohol. In my mind they're likely to be related to that they could not be. I mean this is it is conjecture but it seems logical to me. College kids are starting to see big tech a lot like Wall Street where Big Oil basically lucrative but with a moral tradeoff due to their unscrupulous business practices. Evidently becoming a big theme on college campuses. And Equifax is stock rose 50 percent in 2019 and Facebook stock is at an all time high right now. Looks like the relationship between bad behavior and bad outcomes isn't always as solid as we might like. And around one in five Americans uses a smartwatch or a fitness tracker 10 percent. Updates wrote an essay called visibility and understanding create both tools and weapons. Think you will like it. Check it out. Row one called why high end podcasts reduce the base in their audio which you should be hearing in this right now actually should be like a cleaner brighter sound as opposed to like a deep rumbling sound which I used to be into. Yeah I was super into that he sound but it turns out it mixes really poorly with surrounding noise especially road noise. So NPR basically said look we need to cut this out. So they used their mike which say Mike that I have to pull sound out of the bottom range and the high pitch is supposed to basically cut through road noise subway noise surrounding conversation and stuff like that and cut right through and get your ears so I'm trying it out.

Let me know what you think.

Let me know what you think.

And third one here San Francisco is a microcosm of America's future sounds political. It's not really political. It's more like society analysis type stuff. And I reckon solid hated my reading infrastructure on audible Kindle and good reads and then catching up on my previously read stuff. More work to do on that. Making good progress if you're on good reads connect with me is just annual music and currently reading a fiction series called Cradle which is part of a genre called lit RPG which is literary RPG. It's basically like you're watching a videogame or an RPG. But as a story instead of a game there's tons of focus on leveling skills abilities and items like if you like Diablo and you like collecting things and getting more powerful. This is it's a whole genre of books designed around just that so you should definitely check it out. I'm loving the series. It's called Cradle. I think it's probably a pretty good introduction to it. And I post a couple of new book summaries one on atomic habits which is like one of my. It's just a fantastic book. It's also a great book to read in January. So really suggest you get that or at least read the summary that I wrote and another one called the infinite game which is super cool. And let me know what you think about bullets for the advisories and other sections in security above. So for the first time I took it out of a paragraph with just commerce operation and actually added some bullets because you're listening to this you're not seeing the newsletter. But yeah just let me know what you think of that. If you see it. In discovery I look at Google's health care efforts like Project Nightingale and Guardian how Israel trains its elite drone Warriors a visual suddenly calculator how to read long complex books. Got my new favorite hacking video. There's a thing called Silent book club where people get together in public places and silently read together which I to be doing one in S.F. the end of this month. Why quit using Google. That's not me. It's someone else's article. This clips bar 50 for sound bar looks super awesome. Don't know where I'm going to put it. I have like eleven square feet in my house and an interactive vim tutorial recommendation for the week. It's the beginning of January and a new year so make sure you have your most sensitive data backed up somewhere securely off site that you either rotated your key passwords or using a password manager with a strong scheme. And that your most vulnerable loved ones are doing these same things. And the aphorism for the week all happiness depends on courage and work all happiness depends on courage and work. A Nora day Balzac.

And third one here San Francisco is a microcosm of America's future sounds political. It's not really political. It's more like society analysis type stuff. And I reckon solid hated my reading infrastructure on audible Kindle and good reads and then catching up on my previously read stuff. More work to do on that. Making good progress if you're on good reads connect with me is just annual music and currently reading a fiction series called Cradle which is part of a genre called lit RPG which is literary RPG. It's basically like you're watching a videogame or an RPG. But as a story instead of a game there's tons of focus on leveling skills abilities and items like if you like Diablo and you like collecting things and getting more powerful. This is it's a whole genre of books designed around just that so you should definitely check it out. I'm loving the series. It's called Cradle. I think it's probably a pretty good introduction to it. And I post a couple of new book summaries one on atomic habits which is like one of my. It's just a fantastic book. It's also a great book to read in January. So really suggest you get that or at least read the summary that I wrote and another one called the infinite game which is super cool. And let me know what you think about bullets for the advisories and other sections in security above. So for the first time I took it out of a paragraph with just commerce operation and actually added some bullets because you're listening to this you're not seeing the newsletter. But yeah just let me know what you think of that. If you see it. In discovery I look at Google's health care efforts like Project Nightingale and Guardian how Israel trains its elite drone Warriors a visual suddenly calculator how to read long complex books. Got my new favorite hacking video. There's a thing called Silent book club where people get together in public places and silently read together which I to be doing one in S.F. the end of this month. Why quit using Google. That's not me. It's someone else's article. This clips bar 50 for sound bar looks super awesome. Don't know where I'm going to put it. I have like eleven square feet in my house and an interactive vim tutorial recommendation for the week. It's the beginning of January and a new year so make sure you have your most sensitive data backed up somewhere securely off site that you either rotated your key passwords or using a password manager with a strong scheme. And that your most vulnerable loved ones are doing these same things. And the aphorism for the week all happiness depends on courage and work all happiness depends on courage and work. A Nora day Balzac.