(date: 2024-04-05 08:54:36)
date: 2024-04-05, updated: 2024-04-04, from: Bruce Schneier blog
It seems that the FCC might be fixing the vulnerabilities in SS7 and the Diameter protocol:
On March 27 the commission asked telecommunications providers to weigh in and detail what they are doing to prevent SS7 and Diameter vulnerabilities from being misused to track consumers’ locations.
The FCC has also asked carriers to detail any exploits of the protocols since 2018. The regulator wants to know the date(s) of the incident(s), what happened, which vulnerabilities were exploited and with which techniques, where the location tracking occurred, and if known the attacker’s identity…
date: 2024-04-05, from: Robert Reich’s blog
The Origins of Trumpism, Part 10
https://robertreich.substack.com/p/the-three-men-who-killed-american
date: 2024-04-04, from: John Naughton’s online diary
Anyone for truffles? Provence (where else?) Quote of the Day ”A toy car is a projection of a real car, made small enough for a child’s hand and imagination to grasp. A real car is a projection of a toy … Continue reading
https://memex.naughtons.org/friday-5-april-2024/39320/
date: 2024-04-04, from: Robert Reich’s blog
Biden must stand up to Netanyahu
https://robertreich.substack.com/p/bombs-away
date: 2024-04-04, updated: 2024-04-04, from: Bruce Schneier blog
The ProtonMail people are accusing Microsoft’s new Outlook for Windows app of conducting extensive surveillance on its users. It shares data with advertisers, a lot of data:
…The window informs users that Microsoft and those 801 third parties use their data for a number of purposes, including to:
- Store and/or access information on the user’s device
- Develop and improve products
- Personalize ads and content
- Measure ads and content
- Derive audience insights
- Obtain precise geolocation data
- Identify users through device scanning
https://www.schneier.com/blog/archives/2024/04/surveillance-by-the-new-microsoft-outlook-app.html
date: 2024-04-04, from: Paolo Valdemarin’s blog
A friend this morning shared a list of vegetables, noting how hard it is to eat 30 different ones in the same week. I immediately turned to my AI chatbot to ask to create a list of commonly eaten vegetables, and of course I got a very good one. At that point I thought that … Continue reading “GroceriesGPT”
https://val.demar.in/2024/04/groceriesgpt/
date: 2024-04-04, from: Robert Reich’s blog
How to get “American” corporations to act in America’s interest?
https://robertreich.substack.com/p/steel-chips-and-big-tech-the-real
date: 2024-04-04, from: Dan Rather’s Steady
How Democrats could flip Florida
https://steady.substack.com/p/the-gops-costly-abortion-strategy
date: 2024-04-03, updated: 2024-04-02, from: Bruce Schneier blog
The lawsuit has been settled:
Google has agreed to delete “billions of data records” the company collected while users browsed the web using Incognito mode, according to documents filed in federal court in San Francisco on Monday. The agreement, part of a settlement in a class action lawsuit filed in 2020, caps off years of disclosures about Google’s practices that shed light on how much data the tech giant siphons from its users—even when they’re in private-browsing mode.
Under the terms of the settlement, Google must further update the Incognito mode “splash page” that appears anytime you open an Incognito mode Chrome window after …
date: 2024-04-03, from: Enlightenment Economics blog
Another book of many out on AI is As If Human: Ethics and Artifical Intelligence by Nigel Shadbolt and Roger Hampson. I found this a very accessible book on AI ethics, possibly because neither author is an academic philosopher (sorry, … Continue reading
http://www.enlightenmenteconomics.com/blog/index.php/2024/04/ais-as-the-best/
date: 2024-04-03, from: Robert Reich’s blog
I believe he’ll win, but which potential obstacle deserves most attention?
https://robertreich.substack.com/p/office-hours-bidens-biggest-obstacle
date: 2024-04-03, updated: 2024-04-03, from: Daring Fireball
https://gizmodo.com/amazon-reportedly-ditches-just-walk-out-grocery-stores-1851381116
date: 2024-04-03, updated: 2024-04-03, from: Daring Fireball
https://www.npr.org/2024/04/01/1242019127/google-incognito-mode-settlement-search-history
date: 2024-04-03, updated: 2024-04-03, from: Daring Fireball
https://www.theverge.com/2024/4/2/24118436/yahoo-news-artifact-acquisition
date: 2024-04-02, updated: 2024-04-02, from: Daring Fireball
https://www.theverge.com/2024/4/2/24118873/google-podcasts-shutdown-graveyard
date: 2024-04-02, from: John Naughton’s online diary
In the sticks… In the wilds of Donegal. What estate agents, those masters of euphemism, would call “a development opportunity”. Quote of the Day ”I think that maybe if women and children were in charge we would get somewhere.” James … Continue reading
https://memex.naughtons.org/wednesday-3-april-2024/39312/
date: 2024-04-02, from: Om Malik blog
TLDR: This is a smart move for Yahoo. It didn’t cost them much. I would say that this was cheaper than the “cheap and cheerful” category. Second, it gives Yahoo News a chance to modernize. ** “A lot of organizations care deeply about news and personalized content and I think they’re looking around and saying …
https://om.co/2024/04/02/why-yahoo-bought-artifact-leftovers/
date: 2024-04-02, updated: 2024-04-04, from: Bruce Schneier blog
The cybersecurity world got really lucky last week. An intentionally placed backdoor in xz Utils, an open-source compression utility, was pretty much accidentally discovered by a Microsoft engineer—weeks before it would have been incorporated into both Debian and Red Hat Linux. From ArsTehnica:
Malicious code added to xz Utils versions 5.6.0 and 5.6.1 modified the way the software functions. The backdoor manipulated sshd, the executable file used to make remote SSH connections. Anyone in possession of a predetermined encryption key could stash any code of their choice in an SSH login certificate, upload it, and execute it on the backdoored device. No one has actually seen code uploaded, so it’s not known what code the attacker planned to run. In theory, the code could allow for just about anything, including stealing encryption keys or installing malware…
https://www.schneier.com/blog/archives/2024/04/xz-utils-backdoor.html
date: 2024-04-02, updated: 2024-04-01, from: Bruce Schneier blog
Through a 2010 FOIA request (yes, it took that long), we have copies of the NSA’s KRYPTOS Society Newsletter, “Tales of the Krypt,” from 1994 to 2003.
There are many interesting things in the 800 pages of newsletter. There are many redactions. And a 1994 review of Applied Cryptography by redacted:
Applied Cryptography, for those who don’t read the internet news, is a book written by Bruce Schneier last year. According to the jacket, Schneier is a data security expert with a master’s degree in computer science. According to his followers, he is a hero who has finally brought together the loose threads of cryptography for the general public to understand. Schneier has gathered academic research, internet gossip, and everything he could find on cryptography into one 600-page jumble…
https://www.schneier.com/blog/archives/2024/04/declassified-nsa-newsletters.html
date: 2024-04-02, from: David Rosenthal’s blog
@tzedonn |
There is a surprising amount of respect for people who appear to know nothing about the industry. They’re known as the “left curves.”Below the fold I look at the left side of the curve
The nickname comes from a popular meme in crypto that shows a bell curve with investors on the left who know nothing, or very little, and those in the fat middle of the curve who know something about crypto. On the right are investors who seemingly know everything.
Source |
For example, a crypto project with pseudonymous co-founders including “Smokey The Bera” and “Dev Bear” has become a unicorn after it raised millions of dollars from institutional investors such as Brevan Howard Digital. Another token with no real utility — only a cute picture of a dog wearing a hat — has increased by more than 1,400 times its value from three months ago. A developer of a sloth-themed memecoin called Slerf claimed they accidentally burned a large amount of the tokens after raising $10 million.
What a great time to be a left curve! In this bull market, forget about highbrow ideas like revamping Wall Street. Give up on dreams of replacing traditional artwork with nonfungible tokens. Instead, don’t overthink it. Just “choose rich.”
Source |
How did this happen? How did crypto’s greatest comeback take place so fast, so hilariously and — at times — so stupidly? Why did crypto evangelists give up their dreams? At its core, it’s because the market is still living under the shadows of past catastrophes like FTX’s collapse and TerraUSD’s blowup.The “past catastrophes like FTX’s collapse and TerraUSD’s blowup” may be old news but to their victims they aren’t even close to over. The best FTX’s creditors can hope for is to get back what their HODL-ings were worth before Bitcoin took off moon-wards, and who knows when that might happen.
In the past bull markets, when Bitcoin went up, everything else went up amid small-scale rotations between major and small-cap coins. But in this bull market, the rotation is more severe: As Solana went up in the past month, the price of Ether went down dramatically — a simple piece of evidence that shows there’s less money being thrown at the crypto market today than three years ago.
“I had no idea who Barry Silbert was or anything until after November 16, 2022,” Eric Asquith told me. That date was when he was pretty sure he had lost his family’s savings of $1,052,000.Asquith wasn’t on the Left Curve but just a bit left of the middle:
He didn’t buy bitcoin or other meme tokens. Instead, earlier that year, he moved over cash from his business — just a little at first, then more — and converted it into digital currencies he thought were as good as cash. The digital coins were called GUSD, and each was worth exactly $1 because the company that minted them — Tyler and Cameron Winklevoss’s crypto exchange, Gemini — backed each one with real money and assets.But Asquith’s GUSD were deposited into Gemini’s Earn program to get its 5.5% interest, far more than banks were paying. But Asquith and the other Earn depositors were far enough left on the curve that they didn’t know Earn wasn’t like a bank savings account:
What Asquith did not fully understand was that his money was no longer with Gemini. In one sense, Genesis, a crypto company owned by Barry Silbert had it, but even that wasn’t quite true. Soon-to-collapse hedge funds with names like Three Arrows Capital and Alameda Research — Sam Bankman-Fried’s personal fund — were quietly borrowing from Silbert’s shop. Asquith’s money, and that of tens of thousands of others, was being used by SBF and others to make giant bets on some of the highest-flying, most volatile digital tokens.Then Terra/Luna collapsed and things started to fall apart. Amy Castor and David Gerard reported:
One of Genesis’s biggest customers was Three Arrows Capital (3AC), who they’d lent $2.4 billion. After 3AC blew up in May, DCG assumed $1.2 billion of the liabilities to keep the hit off Genesis’ books. Genesis had been the single largest creditor of 3AC.Gemini tried to get the cash:
Genesis also had money on FTX. As FTX was falling apart, Genesis tweeted on November 8 that they had no exposure, and it was fine. Two days later, Genesis admitted they had “~$175M in locked funds in our FTX trading account,” and they were not fine.
Genesis scrambled to find more capital. Genesis and DCG needed $1 billion in emergency credit by 10 a.m. EST on November 14, but didn’t get it. Even Binance turned them down.
So two days later, Genesis suspended withdrawals,
…
One of Genesis’s biggest customers is Gemini Trust, run by the Winklevoss twins, that operated its own “yield” program, Gemini Earn, for retail investors.
Gemini was supposed to be the safe exchange — but it was exposed to risks via Genesis. There’s now $700 million that Gemini Earn customers can’t withdraw — because it’s stuck on Genesis.
On January 8, Gemini terminated the Master Loan Agreement with Genesis and emailed customers accordingly. This “requires Genesis to return all outstanding assets in the program.” Genesis did not return the funds by the end of January 10 — so they were officially in default on the loan. At this point, Genesis can pull the pin and try to put Gemini into involuntary bankruptcy.They did, and there followed a year of legal wrangling between Gemini, Genesis and Barry Silbert’s Digital Currency Group, which owns Genesis. The SEC sued both Gemini and Genesis, and so did the New York Attorney General. While the wrangling continued, another of the semi-regular cryptocurrency bull markets took off until in February 2024:
the victims, Silbert’s now-bankrupt crypto-lending operation, the Winklevoss twins, and regulators hammered out a deal to pay everybody back in full. The crypto bull market of 2024 made it possible to pay back Earn customers not some fraction of what they invested but the generally much higher sum of what their holdings would now be worth.Everyone started cele:wbrating;
Except there was Silbert. Earn victims who had been unfamiliar with him would soon learn that he had made his first fortune by studying the ins and outs of the bankruptcy system and using it to his financial advantage. Since February, the billionaire investor has been relying on a controversial interpretation of bankruptcy law to stop Asquith and all the other victims from getting the bigger payout, the one based on current prices. Instead, to simplify a bit, he would prefer to keep that money himself. “DCG cannot support a plan that not only deprives DCG of its corporate governance rights but also violates United States bankruptcy code,” a spokeswoman for the company said.People started talking to the press about Gemini:
The victims have taken to calling it “the Barry Trade”: If Silbert is successful, he would be able to pocket as much as $1 billion in funds that would otherwise be returned to them. At the very least, Silbert may substantially delay the money being returned to Earn customers.
…
Silbert’s legal logic is that the bankruptcy code sets a date to value victims’ claims in U.S. dollars, and in Genesis’ case, it just happened to be around the market’s lows.
Former Gemini employees told The Beast that Gemini Earn’s terms and conditions were highly dubious from the outset. One staffer recalled reading the fine print for the first time, saying, “[We] were like, ‘Holy shit, are you fucking kidding me?’”And Genesis:
Among those terms: Customer assets were loaned out on “an unsecured basis,” which meant that their money would not be safe in the event of a market collapse. The deposits were also not insured, nor were they guaranteed against errors or fraudulent activity.
“Whatever Gemini may or may not have done pales in comparison to what you see at Genesis, which was more than negligent when it came to protecting customer assets and complying with general best practices,” one former employee said. Among those problems, the person said, was not screening clients who were on, say, the Treasury’s blacklists — an allegation that was supported by a separate January suit filed by New York Department of Financial Services.This isn’t a “past catastrophe”. For the victims there is no end in sight:
A ruling isn’t expected until April. Since the settlement announcement, the victims have resigned themselves to an even longer wait as Silbert continues to fight. “A year ago, there was a deal that was proposed. Everyone was celebrating in a very similar way,” Asquith said. “Now, I’ll believe it when it’s in my account.”This case, like Dickens’ Jarndyce v Jarndyce, will run and run.
Source |
A project describing itself as “The world’s first memecoin pre-announced as a rugpull” was explicit in its marketing: “do not buy this coin, as it will go to zero.”
Despite that, people sent the creator over 8.8 ETH (almost $29,000) for the project’s “pre-sale”, even as they repeated on Twitter that the project was a scam and that no one should buy it.
https://blog.dshr.org/2024/04/the-left-curve.html
date: 2024-04-02, from: Enlightenment Economics blog
Over the holiday weekend I read (among other things*) Digital Design: A History by Steven Eskilson. I enjoy reading design books in general – a window into a more glamorous specialism than economics. This one covers a range of aspects, … Continue reading
http://www.enlightenmenteconomics.com/blog/index.php/2024/04/digital-design/
date: 2024-04-02, from: Robert Reich’s blog
Friends, Several of you have asked me how I manage to produce this Substack every day, seven days a week (and sometimes two times a day). Is there just one of you? you ask. Do you get any sleep? Do you have a life? There’s just one of me (except on Saturdays, when Heather Lofthouse joins me for the Coffee Klatch). I
https://robertreich.substack.com/p/how-and-why-i-post-so-much
date: 2024-04-02, updated: 2024-04-02, from: Daring Fireball
https://www.washingtonpost.com/technology/2024/04/01/truth-social-trump-media-results/
date: 2024-04-01, from: Dan Rather’s Steady
Buzz about a big comeback
https://steady.substack.com/p/oh-honey
date: 2024-04-01, updated: 2024-04-01, from: Daring Fireball
https://politicalwire.com/2024/04/01/donald-trumps-easter-madness/
date: 2024-04-01, updated: 2024-04-01, from: Daring Fireball
date: 2024-04-01, updated: 2024-04-02, from: Bruce Schneier blog
Adam Shostack is selling magic security dust.
It’s about time someone is commercializing this essential technology.
https://www.schneier.com/blog/archives/2024/04/magic-security-dust.html
date: 2024-04-01, from: Robert Reich’s blog
He’s already laid each step out
https://robertreich.substack.com/p/trumps-5-step-fascist-plan
date: 2024-04-01, updated: 2024-04-01, from: Julia Evans blog
https://jvns.ca/blog/2024/04/01/making-crochet-cacti/
date: 2024-04-01, from: Om Malik blog
Almost nine years ago, when both T-Mobile and Experian were hacked, I wrote an article for The New Yorker. I argued that the companies wouldn’t learn anything from the mess created by these data and privacy breaches. As a result, we, the citizens, are now simply Data Piñatas. Consumers have become data piñatas – hacked, tracked and abused by everyone from hackers, governments, and worse of them all, …
https://om.co/2024/03/31/why-corporations-fail-to-protect-our-data/
date: 2024-04-01, updated: 2024-04-01, from: Bruce Schneier blog
Ross Anderson unexpectedly passed away Thursday night in, I believe, his home in Cambridge.
I can’t remember when I first met Ross. Of course it was before 2008, when we created the Security and Human Behavior workshop. It was well before 2001, when we created the Workshop on Economics and Information Security. (Okay, he created both—I helped.) It was before 1998, when we wrote about the problems with key escrow systems. I was one of the people he brought to the Newton Institute, at Cambridge University, for the six-month cryptography residency program he ran (I mistakenly didn’t stay the whole time)—that was in 1996…
https://www.schneier.com/blog/archives/2024/03/ross-anderson.html
date: 2024-04-01, from: Om Malik blog
hobby: a pursuit outside one’s regular occupation engaged in especially for relaxation obsession: a persistent disturbing preoccupation with an often unreasonable idea or feeling Sunday is my day for hobbies. I am either editing photos and putting together a collection to share, or engaging with another hobby of mine: fountain pens. At the start of …
https://om.co/2024/03/31/obsessions-vs-hobbies/
date: 2024-03-31, from: John Naughton’s online diary
Whitegate As regular readers will know, I am trying to re-learn the art of black-and-white photography, after years and years of working in colour. B&W requires one to ‘see’ things differently — to look for structure, contrast, subtle changes in … Continue reading
https://memex.naughtons.org/monday-1-april-2024/39303/
date: 2024-03-31, from: Robert Reich’s blog
I hope so.
https://robertreich.substack.com/p/the-end-of-the-necktie
date: 2024-03-31, from: Dan Rather’s Steady
A Reason To Smile
https://steady.substack.com/p/norah-jones
date: 2024-03-31, from: Robert Reich’s blog
And last week’s winner
https://robertreich.substack.com/p/sunday-caption-contest-good-or-rotten
date: 2024-03-31, updated: 2024-03-31, from: Daring Fireball