By Published on

A smörgåsbord of updates

It has been a while, so let's recap some bits over the past few months. In no particular order, 

  • "Salt Typhoon" is a mess. If one was relying on the public telephone network to be secure, this should end any such illusion. Use an actually secure messenger instead. Signal, XMPP, Threema, Wire, even Matrix are secure messengers. Manyverse, Session, Olvid are other possibilities. And no, whatsapp, apple messages, google messenger, and telegram are not secure.
    • Any company using SMS 2-factor authorization really needs to switch to FIDO or TOTP 2-factor auth. Use both in fact.
  • Use the cloud for fast iterations and get a minimal viable solution. Once you have a working solution, switch to hardware in a data center. It will save you 50-80% of your budget in the first month. 
    • True Story: A client was running a bill around $150,000/mo with a cloud provider for their variable data analysis workloads. We built a 100 gbps fiber network and acquired four decent servers. A total of 512 AMD EPYC cores, 1 TB ram, and RAID-Z JBOD arrays later, all for $200k. The runtime job duration decreased by 80% and stream throughput was 500% better. They haven't upgraded the servers for 2 years now and still have plenty of capacity for bursts and future expansion. In retrospect, we could've bought less hardware and scaled as needed. However, they got a really good deal on the bulk purchase of the hardware. 
  • Remember, "best practices" are merely "minimal requirements". When a company says they follow "best practices", what they're really saying is "we do the minimum required". Adjust your service expectations accordingly.
  • I've been running LLM models locally on main CPU.  Fancy GPUs are faster, but there's a price premium for them. On a $500 computer with a Ryzen 9, it takes 2-5 seconds to fully respond to a prompt. I can live with that for 99% of what I want to do. Maybe this works for you, too. Side benefit, it's all offline and doesn't require any Internet connection.
  • Roughly 3,360 days ago, I sold my car and went car free. AAA suggests a car is roughly $9,000/year on average (maintenance, fuel, insurance, license, registration, fees, etc). This is roughly $25/day to own a car. I've saved around $84,000 by not having one. I still think about getting a car. However, modern cars are horrible data collectors and you can't opt out. Until this changes, I opt out of ownership.
    • I've helped a few people physically remove the OnStar module from their cars. In one case, they disconnected it and cut the power cables to the module. At a routine service, the dealership service department repaired it without telling the owner. They discovered it when they pushed the button by accident and someone responded.
  • I helped two organizations handle successful spearphishing where they wired roughly 15% of their annual budget to a criminal organisation. In both cases, they were using Google for companies. In both cases, google's email server caught the fake domain, but 1) didn't flag anything, 2) left the fake domain and kept the email thread intact. Also, in both cases, the criminals provided better customer support and clearer guidance than the actual vendor asking to be paid. In both cases, the bank involved absolved themselves of all liability and said they need 180 days to do an investigation. The FBI provided a case number, mostly for insurance purposes, but otherwise did nothing.
    • In my mind, regardless of the amounts, the bank knows how the criminals opened the account, what info they used, and whether any KYC/AML flags were raised. The banks also know where the funds went and how fast they were gone. Of course, we'll never know because the FBI says the amounts were under their floor for doing an actual investigation.
  • San Francisco and California continue to be amazing. Glad I moved here 8 years ago.
  • The end of DivestOS provides the impetus for me to give up on Android and all mobile phone operating systems. PostmarketOS or just simply linux on a portable mini-PC is the direction I'm going. I haven't had a SIM card in 4 years, I don't miss it at all.