11: AWS Chaos-as-a-Service, 400 Security Holes in 1 Chip, and the Many Faces of Lara Croft

“Talent develops in quiet places, character in the full current of human life.”

“Talent develops in quiet places, character in the full current of human life.”

—Johann Wolfgang von Goethe

Welcome to all the new subscribers. I don’t know exactly what this is, but I’m glad we’re here together, inside your head, through the power of words and pictures.

I thought I would have a long time before I had to fulfil my promise made in the intro of edition #8, but it looks like I may have to do it soon… Stay tuned.

Investing & Business

-“Robbing the owner while his house is on fire”

A new piece in the South China Morning Post gives fairly low odds to a Microsoft-TikTok deal, and says that the fight is escalating (though who knows if this is a desperate negotiation gambit to get a better price):

ByteDance, the Chinese owner of short video hit TikTok, is preparing to escalate its legal and public relations battle against US President Donald Trump’s executive order to ban the app in the United States unless it is sold, according to two people familiar with the situation. […]

reported preliminary talks with social media giant Twitter, are unlikely to end in a deal, said one of the people who has been briefed on the talks [...] And the chances of Twitter buying TikTok were said to be even smaller, according to the person, as the US social media platform “just doesn’t have enough money.” [...]

The person said the probability of Microsoft buying TikTok is “not higher than 20 per cent” since the initial price offered by the US software giant was akin to “robbing the owner when his house is on fire”.

-7 Ways to Maximize Misery

However good you are at being miserable, here’s how you can do even better and descend into the abyss of despair and existential anguish.

-Stripe: Business Started Since March Lockdown

Patrick Collison, one of the best founders and CEOs in the world right now, as well as all around Renaissance man, gave this update on May 20:

Businesses launched on Stripe since lockdowns began in March have -- somewhat incredibly -- already generated more than $1 billion in aggregate revenue. We're very glad to be able to play our part in helping them sell, adapt, and grow.

That was impressive, but things have kept snowballing since. He wrote on August 10:

This number will shortly pass $10 billion.

-Apple’s Cash Firehose

Horace Dediu writes:

In three years Apple will have zero net cash and half the shares it had outstanding at the end of 2012. By then the company will have paid about three quarters of a trillion dollars to its shareholders.

Another way to think about this is as follows: If Apple would not have a capital return program it would today have about $650 billion in cash; exceeding not only all other private companies but also more than all but 2 sovereign wealth funds.

-Security Holes in Everything, Qualcomm DSP Edition

Security researchers at Check Point did an audit of a common Digital Signal Processor (DSP) chip made by Qualcomm and found in countless mobile phones out there, “including high-end phones from Google, Samsung, LG, Xiaomi, OnePlus and more.”

More than 400 vulnerable pieces of code were found within the DSP chip we tested, and these vulnerabilities could have the following impact on users of phones with the affected chip:

  • Attackers can turn the phone into a perfect spying tool, without any user interaction required – The information that can be exfiltrated from the phone include photos, videos, call-recording, real-time microphone data, GPS and location data, etc.

  • Attackers may be able to render the mobile phone constantly unresponsive – Making all the information stored on this phone permanently unavailable – including photos, videos, contact details, etc – in other words, a targeted denial-of-service attack.

  • Malware and other malicious code can completely hide their activities and become un-removable.

We disclosed these findings with Qualcomm, who acknowledged them, notified the relevant device vendors

A good reminder of how hard security is, and that however much it is claimed to be a priority by everybody, we need to become better at it. Our whole lives and businesses are now living on digital devices. Being able to hack them is like hacking people’s brains. It shouldn’t be as easy as it is.

If you happen to be a security geek and want more details, here’s a DEFCON remote talk given by Check Point on this audit.

-Heico Two-in-One Surveillance Countermeasures Acquisitions

Heico just acquired two companies, and this part of the deal jumped at me:

Although ID and TS are separate companies, Mr. Pirali and Mr. Whittingham partnered their companies in 2010 when they became roughly equal owners in each other’s company in order to share certain resources and jointly develop critical technologies. The two companies, which together employ approximately 50 people, are co-located in state-of-the-art facilities in Columbia, MD and share extensive resources.

This kind of deep integration/partnership isn’t something I’ve seen too often, but it’s an interesting model (if you can pull it off — you need people and cultures who are very compatible to make it work long-term, no doubt). I know that cross-ownership is more common in certain places, like South-Korea and Japan, but I wonder if this kind of operational integration is as rare as it seems or I’m just not looking in the places where it’s happening.

Back to the companies, they operate in a pretty cool space (Technical Surveillance Countermeasures aka TSCM):

[They] design, develop, manufacture and support state-of-the-art detection and monitoring systems used to protect critical spaces from exploitation via wireless transmissions, technical surveillance, and listening devices. Their products include hardware and software which detect, identify and analyze an array of threats posed in cellular communication security, information security and radio frequency security.

-Alteryx’s Second Quarter

Science & Technology

-Accidentally Triggered Fire-Suppression System in Military Hangar

Oops. Best comment: “Open the windows and start up the helicopters”.

It’s even worse than it may first appear, because now every aircraft will need to be “completely stripped down, cleaned and inspected before they can be signed off to fly again.” Source.


-1996 to 2018: Like Moore’s Law, but for Faces

Matthew Ball posted about the evolution of simulated reality (in this case, for games, but it doesn’t mean that it’ll only be used for what we’d traditionally think of as games over time). Make sure to check out the whole thread — the graph showing triple-A game development budgets on a log graph is particularly telling of how much effort is going into building these virtual assets (both the game engines and the things simulated within them).

If you look closely, you'll see how hard hair is to do right. Took a lot longer than the face. This was Pixar's challenge for Monster's Inc, but they don't do real-time rendering, so constraints were different.

-Should AWS Offer Chaos-as-a-Service?

Now that’s thinking out-of-the-box. It would be like Netflix’s “chaos engineering”, but as-a-service. For those not familiar:

While overseeing Netflix's migration to the cloud in 2011, Greg Orzell had the idea to address the lack of adequate resilience testing by setting up a tool that would cause breakdowns in their production environment, the environment used by Netflix customers [...]

We have created Chaos Monkey, a program that randomly chooses a server and disables it during its usual hours of activity. Some will find that crazy, but we could not depend on the random occurrence of an event to test our behavior in the face of the very consequences of this event. Knowing that this would happen frequently has created a strong alignment among engineers to build redundancy and process automation to survive such incidents, without impacting the millions of Netflix users. Chaos Monkey is one of our most effective tools to improve the quality of our services. (Source)

Source of the tweet. Discussion about the idea.

-DuckDuckGo Search Engine

Little known fact about me: My primary search engine is DuckDuckGo. (You can learn more about what it is on Wikipedia, and here’s their traffic over time, now doing about 55 million queries per day, with 100 employees).

Ever since the company was formed, I tried it every few years, and usually went back to Google for one reason or another.

About a year ago I tried again and it felt fast enough and good enough to handle around 85% of my searches. For the other 15%, I use Google (which you can do directly from DDG by adding !g to a query).

A while ago I realized that the majority of my searches were more navigational than actual research. I just want the search engine to give me some company’s website or an artist’s Wikipedia page or a film’s IMDB page or whatever. I know where I want to go, I just want a handy link to click on.

For real research, I trust Google to have better results, but I don’t mind being off their radar for the rest of my searches. Don’t put all your data eggs in the same basket.

The Arts

Setting the stage for this music recommendation and future ones: I’m trying to share things that relatively few people know but many may enjoy.

It would be easier to be just totally obscure and find something that nobody knows, but few enjoy (hipster approach — “hey guys, listen to this grindcore track! what do you mean you don’t like it?”), or to just find something that most people like, but already know (the sure thing approach, “let’s play the All Along The Watchtower cover again”).

But I prefer this quadrant on the 2x2. I may not be successful at it, though. I have a bad track record of picking music for others…

-Song of the Day: “Aventine” by Agnes Obel

“The Aventine Hill is one of the Seven Hills on which ancient Rome was built”:

Will you go ahead to the Aventine
In the holly red in the night?
Dirt under my shoe from the old at heart
Right under you, grinning in the dark

Things of note: First, the vocals are pretty great, and the production is both lush and gives a lot of space to everything. When the cello kicks in with that low note, it just rattles my bones in a good way, and then later on, when what sounds like Pizzicato violins appear, things get a whole different, brighter feel.

Warning: It’s night music, so may not work as well in the daylight.

Listen on: Spotify. Apple Music. Youtube.

-South Korean makeup artist Dain Yoon