250: Berkshire vs Shopify & Zoom, Microsoft, Disney+, Nvidia Hack, S&P Global, Visa & Mastercard & AMEX, and Patching Security Holes
"if justice could somehow prevail"
How does a ragtag volunteer army in need of a shower
Somehow defeat a global superpower?
🐦 My Twitter scare last week reminded me that it had been a long time since I downloaded my own Twitter data/archive. The idea is if something ever happens, you could at least re-find follow lists, contacts and DMs, and look up old tweets as reference.
If you want to do it too, here’s how. My archive is a 2.6GB zip file — who has a bigger one?
🔨🧱 🏗 🏚 Here’s a thought experiment.
Think about how much work goes into building just *one* single-family house.
Pouring the concrete foundation, the walls, the electricity and plumbing, building the roof. The finishing touches like paint, making sure the kitchen cabinets door are perfectly lined up and picking out nice bathroom fixtures, planting trees and flowers and doing landscaping. How many skilled people working for weeks does that take?
Now think about how much work goes into making just *one* big building, something many stories high, with hundreds of individuals rooms that all need electricity, plumbing, carpet, paint, lights, HVAC, elevators, etc, with a nice stone exterior like what you see in so many European cities.
The next time you see a bunch of buildings blown up by bombs, think back on this.
Obviously the human cost of war is the most important thing by far — you can rebuild, but you can’t resurrect the dead or erase the pain and suffering that people, including children, have endured — but the other costs of this senseless war shouldn’t be forgotten…
I sure hope that when this is over, the world bands together and does a mini-Marshall plan to rebuild Ukraine.
Ideally, if justice could somehow prevail, reparations would be paid out of the seized assets of an out-of-power Putin and his oligarch proxies (they have hundreds of billions, that’d be a good start), but we know the world isn’t fair. Russia may be bankrupt by then, which is one more gift from Putin to Russians (ie. do you blame the allies for Germany’s suffering during WWII? I know who I blame for that. Hint: It starts with a “H”)...
💚 🥃 If you make just one good decision per year because of something you learn here (or avoid one bad decision — don’t forget preventing negatives!), it'll pay for multiple years of subscriptions (or multiple lifetimes).
Thank you for your support:
Liberty’s Highlights is reader-supported. To support my work, consider becoming a free or paid subscriber.
A Word From Our Sponsor: 📈 Revealera 📊
Revealera provides data and insights for investors into hiring trends for 3,500+ public/private companies + technology popularity trends for 500+ SaaS/Cloud Products.
We give investors insights into:
Job Openings trends: Insights into a company’s growth prospects.
Technology Popularity Trends: Insights into how widely products like Datadog, AWS, Splunk, etc, are gaining adoption.
Vendor Sign-ups (Currently Alpha) tracks the # of companies, as well as the specific companies, that have signed up for SaaS products such as Zoom in near real-time.
Visit Revealera.com for a ✨free✨ trial/demo.
Investing & Business
🐇 Tortoise and the Hare, Pandemic Edition 🐢
Friend-of-the-show and supporter (💚 🥃) John Huber writes:
Since the start of the pandemic 2 years ago, $BRK.B has now significantly outperformed $ZM, $SHOP and a number of other Covid winners. Just amazing when you think about it. It's a real life tortoise vs hare result
‘The Gravity of past success’
I’ve been reading Garry Kasparov’s ‘Winter is Coming’, his book from 2015, to see just how scarily prophetic it was, and this passage about chess was interesting because it applies to so much in life, including investing and business:
I have written about what I call "the gravity of past success" in chess. Each victory pulls the victor down slightly and makes it harder to put in maximum effort to improve further. Meanwhile, the loser knows that he made a mistake, that something went wrong, and he will work hard to improve for next time. The happy
winner often assumes he won simply because he is great. Typically, however, the winner is just the player who made the next-to-last mistake. It takes tremendous discipline to overcome this tendency and to learn lessons from a victory.
I guess you could call it the ‘resting on your laurels’ vs the ‘hungry underdog’ effect.
Microsoft suspends ‘new sales of products and services’ in Russia
Good for them, avoiding the passive weasely voice:
Like the rest of the world, we are horrified, angered and saddened by the images and news coming from the war in Ukraine and condemn this unjustified, unprovoked and unlawful invasion by Russia.
They’re going further than sanctions:
We are announcing today that we will suspend all new sales of Microsoft products and services in Russia.
In addition, we are coordinating closely and working in lockstep with the governments of the United States, the European Union and the United Kingdom, and we are stopping many aspects of our business in Russia in compliance with governmental sanctions decisions. (Source)
Disney+ to Introduce an Ad-Supported Tier (Late ‘22)
In a first for Disney’s premier direct-to-consumer streaming service, Disney+ will expand its offerings for consumers by introducing an ad-supported subscription in addition to its option without ads, beginning in the U.S. in late 2022, with plans to expand internationally in 2023.
*Jeff Green has entered the chat*
“Since its launch, advertisers have been clamoring for the opportunity to be part of Disney+ and not just because there’s a growing demand for more streaming inventory”
As Inglorious Cap puts it:
“Love the framing here (expected obviously). It isn't "sub growth is slowing with price increases so we need an AVOD option to increase penetration". It's "advertisers are CLAMORING for Disney Plus"
Disney knows a lot about AVOD thanks to Hulu, and can probably do a good job on execution. DIS TTD
They did it, S&P Global & Dow Jones Edition
S&P DJI now announces that it will remove all stocks listed and/or domiciled in Russia (including ADRs/GDRs) from its standard equity indices at a price of zero, effective prior to the open on Wednesday, March 9, 2022.
Additionally, given the deterioration in the level of accessibility of the Russian market which may impact the ability of market participants to replicate S&P DJI Indices containing Russian securities, S&P DJI will reclassify Russia from an emerging market to ‘standalone’ effective prior to the open on Wednesday, March 9, 2022.
More details on the massive Nvidia cyberattack 🏴☠️
A ransomware group calling itself Lapsus$ first claimed last week that it had hacked into Nvidia's corporate network and stolen more than 1TB of data. Included in the theft, the group claims, are schematics and source code for drivers and firmware.
What are their demands?
The group then went on to make the highly unusual demand: remove a feature known as LHR, short for "Lite Hash Rate," or see the further leaking of stolen data.
"We decided to help mining and gaming community," Lapsus$ members wrote in broken English. "We want nvidia to push an update for all 30 series firmware that remove every lhr limitations otherwise we will leak hw folder. If they remove the lhr we will forget about hw folder (it's a big folder). We both know lhr impact mining and gaming."
But that’s no all!
On Tuesday, Lapsus$ modified its demand. Now, the group also wants Nvidia to commit to making its GPU drivers completely open source. If Nvidia does not comply, Lapsus$ says, the company can expect to see a new leak that would include the complete silicon, graphics, and computer chipset files for all its recent GPUs. (Source)
You can expect more of these types of hacks, as the arms race between black-hats and companies continues to ratchet up… The defenders are in a difficult position, because attackers only have to win one time for them to lose, while attackers can just keep trying over and over again, against thousands and thousands of potential targets, until they get lucky.
It certainly would help the world if ransomware groups didn’t have safe havens in places like Russia, but even without that, everyone has to take IT security more seriously now that so much of the world’s economic value is basically a bunch of 0101010100101110110 on internet-connected servers. NVDA
💳 💳 💳 Visa & Mastercard & AMEX vs Putin
Effective immediately, Visa will work with its clients and partners within Russia to cease all Visa transactions over the coming days. Once complete, all transactions initiated with Visa cards issued in Russia will no longer work outside the country and any Visa cards issued by financial institutions outside of Russia will no longer work within the Russian Federation.
“We are compelled to act following Russia’s unprovoked invasion of Ukraine, and the unacceptable events that we have witnessed,” said Al Kelly, chairman and chief executive officer of Visa Inc. “We regret the impact this will have on our valued colleagues, and on the clients, partners, merchants and cardholders we serve in Russia. This war and the ongoing threat to peace and stability demand we respond in line with our values.”
For more than a week, the world has watched the shocking and devastating events resulting from the Russian invasion of Ukraine. Our colleagues, our customers and our partners have been affected in ways that most of us could not imagine.
[...] we have decided to suspend our network services in Russia.
With this action, cards issued by Russian banks will no longer be supported by the Mastercard network. And, any Mastercard issued outside of the country will not work at Russian merchants or ATMs.
We don’t take this decision lightly. Mastercard has operated in Russia for more than 25 years.
In light of Russia's ongoing, unjustified attack on the people of Ukraine, American Express is suspending all operations in Russia.
We are also terminating all business operations in Belarus.
"Russia and Belarus" is kind of a redundant sentence now… 🤔
I don’t know for sure, but I think Russia has its own rails internally, built after the 2014 sanctions because of their invasion of Ukraine Part 1 — Wikipedia has a page about the Mir system that goes into some detail, and there’s this statement by the central bank of Russia too.
It’s not entirely clear if there’s also parallel Visa/Mastercard rails that operate in the country or if they’re just present to interface with the rest of the world.
If you know payments plumbing in Russia better than I do, please let me know what is going on over there in the comments. V MA
No no no! These are not sanctions!
Orwellian language cuts both ways…
Science & Technology
Internet Traffic Patterns in Ukraine, Signal Edition
Cloudflare has a blog post about internet traffic & cyberattack patterns in Ukraine during the past couple weeks.
Tragic to see traffic go down progressively in cities like Mariupol and Irpin as Russian troops bomb and take them over…
The chart above stood out to me.
It shows Signal usage in Ukraine — it looks like the encrypted messaging app has become a tool of information and resistance. Telegram was already popular in Ukraine and didn’t move that much, but Signal went up a lot, which is probably a good thing because Telegram leadership allegedly has cooperated with Russia in the past and Russian Telegram bots are harvesting info on civilians, which could put them in danger.
‘A pod of Sperm Whales sleeping in the middle of the open ocean’
Somehow I didn’t know whales could sleep vertically. Or is it just Sperm Whales?
Also a reminder: As mammals that can’t breathe underwater, whales must hold their breath while they sleep.
The whales were found to spend seven percent of their day in these vertical sleeping positions near the surface of the water, where they napped from 10 to 15 minutes. Researchers suggested at the time that they might be one of the world's least sleep-dependent animals.
‘Linux developers patch security holes faster than anyone else, says Google Project Zero’
Project Zero looked at fixed bugs that had been reported between January 2019 and December 2021. The researchers found that open-source programmers fixed Linux issues in an average of only 25 days. In addition, Linux's developers have been improving their speed in patching security holes from 32 days in 2019 to just 15 in 2021.
Its competition didn't do nearly as well. For instance, Apple, 69 days; Google, 44 days; and Mozilla, 46 days. Coming in at the bottom was Microsoft, 83 days, and Oracle, albeit with only a handful of security problems, with 109 days.
Of course, these are just very high-level numbers and a lot of important nuance should be kept in mind — some bugs are *much* worse than others, some platforms have better overall security than others, and it can be better to fix one terrible bug quickly and be slower about 10 less critical bugs than to fix 10 small bugs quickly and let one big one open longer, etc.
The good news:
Generally, everyone's getting faster at fixing security bugs. In 2021, vendors took an average of 52 days to fix reported security vulnerabilities. Only three years ago the average was 80 days. In particular, the Project Zero crew noted that Microsoft, Apple, and Linux all significantly reduced their time to fix over the last two years.
NFT for Peace
The Arts & History
‘Making Automobiles Last During World War II’
Ford made 691,455 automobiles in 1941. Yet they only built around 160,000 vehicles for civilians in 1942, before Ford’s non-military car and truck lines ceased operations on February 10. The government then stockpiled remaining unsold cars and rationed them to those individuals deemed critical to public safety and the war effort—doctors, police and firefighters, farmers, and a rare handful of vital war workers. To be eligible for a new car, a person had to possess an older car with more than 40,000 miles on the odometer.
Rubber for tires was particularly scarce:
automobile tires were exceedingly scarce. A civilian could keep five tires. Anything else had to be surrendered to authorities. People were sternly reminded that no one could trade, buy, or even recap tires without getting the Office of Price Administration and the local Tire Rationing Board involved in the transaction… Great care was taken to inspect tires twice a week or more, checking air pressure, and scouting for small “cuts or bruises” in order to immediately repair them before a catastrophic failure.
Tires of the era were not like modern ones, and lasted only about two years, maybe a bit more if you really were careful with them.
Around April of 1942, companies painstakingly surveyed the status of their employees’ tires, finding, to their alarm, that most would not survive a year under wartime conditions. [...]
Gasoline rationing and reduced speed limits had their roots in the preservation of rubber. “Victory Speed,” 35 miles-per-hour, was initiated nationwide in May 1942. The reduction in speed saved fuel and doubled the life of tires compared to speeds of 60 miles per hour.
This photo is like a very sad renaissance painting
The photographer is Marcus Yam 文火.
Interview: Bill Browder
File this one under real-time-history:
“Putin doesn’t have a reverse gear. If he shows weakness, he loses power, and it’s his death sentence.”