Just a couple of pointers, nothing major here. A pretty comprehensive-looking party schedule (in addition to the official page). Filling up crazy fast.
One event I don’t see there though is the DEF CON Shoot, Wed 26 18:00 and Thu 27 9:00
Part of why I love being in this field – I’m not really aware of any other global community with annual weeklong bashes in Vegas.
(my last year’s DEFCON badge – it winks at you with those terminator LED’s!)
Here is my subjective take on Vegas hacker’s Disneyland that’s happening end of July 2017. Please keep in mind that this year I’m trying to make it useful for web site/web service security – to that end, I sifted through 70+ talks to come up with a summary of what’s particularly interesting this year.
As for the parties… that’s for the follow-up post : )
BlackHat at Mandalay is more practical and by far the most expensive, it consists of three parts:
Last year I took trainings, but this year I’m very much interested in website security briefings, so I plan to attend as many of the latter as possible.
BSidesLV is much more mellow, it’s under $100 bucks and more informal, people basically chill out in Tuscany Suites in between the “serious” stuff and present research, which can be interesting.
DEFCON, this year at Caesars, is definitely the most fun one, under $300 for everything. It has crazy talks, workshops, hackathons, CTF’s and just like the Renaissance Faire for geeks. They hack everything from poker to pacemakers to 747’s to implanting circuitry into your hands, also have tons of fun contests and a geek marketplace. It’s just super-fun, tho probably less useful for safeguarding a web service.
Now, since BlackHat is absurdly expensive, I filtered out a few specific talks that seem worth visiting for website/web service security – all included with the admission ($2,395):
Cracking The Lens: Targeting HTTP’s Hidden Attack-surface
Don’t Trust The Dom: Bypassing XSS Mitigations Via Script Gadgets
A New Era Of SSRF – Exploiting URL Parser In Trending Programming Languages!
Practical Tips For Defending Web Applications In The Age Of Devops – potentially very interesting talk from Etsy on how to properly set up the whole security engineering process
Splunking Dark Tools – A Pentesters Guide To Pwnage Visualization
The Epocholypse 2038: What’s In Store For The Next 20 Years
Ichthyology: Phishing As A Science (walk through a series of real-world attacks conducted against a Bay Area tech company)
Those are very useful, they typically take 2 days, but tend to cost a ton (~$3k each). I took some last year, but this year I’m more interested in the briefings above. But still, these are the ones that I found very interesting for web security:
Engineering/app-level security training:
Whiteboard Hacking aka Hands-on Threat Modeling
Abilities Inc – Metasploit Mastery
Applied Data Science for Security Professionals
Visual Analytics – Delivering Actionable Security Intelligence
The Web Application Hacker’s Handbook, Live Edition – good intro as usual, but honestly, focuses too much on the obsolete and made-up simple attacks, could really benefit from a 2017-overhaul. But hey, maybe it will be brand new this year.
Cloud Security Hands On (CCSK-Plus)
Advanced Cloud Security and Applied SecDevOps
And that’s it for now – see you there!! After all, it’s Vegas – good times all around!
TLDR: the whole process of buying consumer Windows is surprisingly user-hostile for a company that is supposed to move quickly to survive.
Splurged on a Windows 10 Home license (sooo 90’s….) for my family. Normally, I would not inflict Windows upon myself or people around me, but my family is stubborn. Now trying to simply download. the. thing. and I get this:
Wtf is “Creators Update”??? What is “Windows 10 N” and how is it different from “Windows 10”? What is all this crap? Oh, it’s a special edition for sale in Switzerland that has media player removed, that’s great! But what moron decided to drop these acronyms on a person simply trying to download Home edition, no explanation provided? Too little space on that page for a couple of explainer sentences? Which one should I pick for the ensuing 35-minute download and not screw up? (answer: “Windows 10 Creators Update Windows 10”)
Of course, no mention of how big is the actual download anywhere, including Amazon’s product description (answer: 3-4GB depending on the architecture, so throw away that 2GB thumb drive you were planning on using) – and I bought this on Amazon, in advance distrusting MS purchase experience, and was still forwarded to MS website. Who cares if I have to run to the store to buy a bigger thumb drive? Stupid details, this petty consumer nonsense is beneath Microsoft. I thought Nadella turned that place around… or something…
Quick summary from reading up on tons of links and discussions on Betterment, Wealthfront, WiseBanyan, etc.
TLDR: real concerns:
Charles Schwab is already undercutting both companies with no fees (0.00%), and despite what Betterment will tell you, it’s a great deal.
25 basis points is not a business model, it’s a temporary growth tactic.
Even shorter TLDR: it’s worth paying them if you really want to automatically rebalance and diversify across a range of funds and ETFs for a still-low fee, and hope they can make their model work out. If you are not particularly bent on having, e.g. a slice of bonds and overseas equities, then VTI/VOO/what have you is the way to go.
(Of course, in the context of present day, this assumes you are either not of the opinion that we are in an equities bubble, or it’s not a concern for your portfolio choice)
Why doesn’t anyone see the obvious? Many years of near-zero interest rate and dumping cheap money into the system produced mediocre economic growth combined with a huge debt and equity bubble (though surprisingly little inflation).
The rate will have to go up to realistic levels at some point, and with it will evaporate the equity bubble, mortgage affordability and the housing market – with debt servicing (consumer, corporate and government) draining all other parts of the economy.
Wouldn’t it be nice if we had a temporary figurehead with historic unfavorable rating to use as a scapegoat to do some bloodletting in this system?
Oh, wait…
TLDR: Of course not : ) To grow your income, it’s better to invest in your individual strengths (e.g., improving coding skills) and spend less time playing other peoples’ games.
My overall take on sharing services (Airbnb – can never figure out how to cap this word! Uber, Turo, etc): they are temporary exploits of outdated technology and regulation, and people who rely on these services for income too much will not be happy in the long term. There are lots of posts out there tearing up both Airbnb and Uber. I personally don’t believe they are doomed, just do not consider either one as a stable long-term income option. But today let’s take a look at another poster child of the sharing wave of the future: Turo, formerly known as Relay Rides.
Casually browsing the Interwebs you might notice some numbers getting thrown around that may give you an impression that it’s an easy way to get an additional income stream. But after a quick round of research things become significantly less rosy. Let’s do some quick math – first, the fun part:
Let’s say we start on the pragmatic side and offer up a boring but practical car for $40/day. After Turo’s cut of 15% (actually 25% with extra protection features, but let’s say we are too cheap) and a pretty optimistic utilization rate of 70% (which means pretty much a non-stop stream of customers to be serviced), we settle at a healthy $714 of revenue per month.
For simplicity, let’s consider a new or a lightly used leased car. It is actually a violation of your lease contract to rent it out on Turo, but technically doable and does not affect our calculations too much if we chose to buy instead.
If we take a pretty average lease of a Corolla or an Elantra, it will set us back by about $1500 in down payment+tax+registration plus a monthly payment of about $100, let’s say for 36 months. Let’s also assume that we magically get enough miles to go with it (basis for this assumption: even though you may need up to 3k miles/month for heavy utilization, you can find takeover leases that may actually fit that need for a short period of time, or again, price out a purchase, which will not be very different). That will give us $141.67/mo if we spread out all those expenses over the lease period.
Next, operational expenses. A typical heavy utilization rental takes about three days. This means we rent out 7 times a month. If we decide to do an express wash every time, and a more thorough wash once a month, that’s $65/month in cleaning. Let’s also set aside about $70 a month for arranging the pickups and resolving any logistical problems (e.g., if someone runs late, or an occasional TaskRabbit for a delivery if you are out of town). Let’s also set aside $100/month for repairs – even if there is a warranty, you can and will get into out-of-pocket situations, and about a grand a year does not seem unreasonable. Finally, we need to add the car to the personal insurance to be able to drive it between the rentals, e.g. to the shop. Let’s throw in about $20/mo for some kind of a super-minimalistic plan (which technically we could skip, but that would be uncool).
All in all this gives us $396.67 in monthly expenses.
These numbers leave us with about $317.33 in taxable income per car. Which, for a purely theoretical exercise, falls pretty close to what this guy is proudly reporting from the field, considering he got his Chevy Cruze almost for free.
To put things in perspective, if you try to scale and operate, say 5 cars like that, you will be making slightly less than a burger flipper at McDonald’s. For that money, you will have to deal with an average of about 2 customers every day (that includes cleaning the car) and any associated overhead such as people flaking, running late, scratching or staining the car, screwing you over on gas, disputing mileage or just randomly giving you a crappy review. If we tighten the numbers to, say, 90% utilization or even completely remove the cost of the car itself! or find perhaps a higher-end vehicle combination that might yield closer to $1000 in profit per car (though I doubt that number can be achieved in a stable long-term way), that’s still not really the business I would like to be in.
To consider scaling further and doing this full time, you would have to deal with 15-20 cars which gives us 7 pickups+cleanings every day, including the weekends. At this point, a private parking lot near a major airport and a carwash would come in handy, too.
The subject is all the rage in nerd blogs and progressive debates. But it’s a bit ridiculous how quick people are to forget history and get carried away with hype. Basic income (various versions of it, and much more along those lines) has been extensively debated and tried in real life for many years. It has serious pros and cons that mostly still hold, even in the world of (gasp) iphones and facebooks. There is a rich body of works and real-life data for anyone who cares to set aside a few dogmas and take an unbiased look around. Yet most vocal people just pretend like nothing of that kind has ever occurred, and the dumb humanity just never happened to think of trying out the groundbreaking Finnish new ways…
In 2008, the U.S. had over 12 thousand firearm-related homicides. All of Japan experienced only 11
That’s 11 (eleven) incidents, three orders of magnitude less. Japan’s a bit under a half the size of US population.
The U.S. has the loosest gun laws and a gun homicide rate is 15 times higher than the rest of developed countries.
Nuff said. I love guns, rented from a licensed vendor at the range.
Short-term: it means nothing. The sky isn’t falling and my adjusted return rate over 3 years is still 13.77%. And MMM et al are still collecting a sweet chunk of referral change for sending the general interwebs population in that direction.
Long-term: will see. Short of catastrophic operational disruption (which I don’t think is the case here), I expect things to move along the same way in this established business (ok, so the startup tag on this post looks pretty ridiculous by now, of course). The threat I’m still concerned about is some economic event which may cause people to default much more. But what will take the biggest hit in that case – equities, funds, real estate or peer-to-peer lending – is anyone’s guess.
Had to whip up a quick UI for a project, and of course one of the key elements that always comes up is the paginateable, lazy, sortable (and maybe even filterable) table aka the grid. Without further ado, here are the contestants that emerged after some interwebs browsing. Me, I’m making an unoriginal choice to proceed with the most popular one.
| component name | gh stars | gh forks | npm april dl’s | github | npm |
| fixed-data-table | 2377 | 342 | 53,209 | link | link |
| griddle | 1365 | 241 | 21,388 | link | link |
| react-bootstrap-table | 404 | 164 | 11,787 | link | link |
| reactable | 853 | 134 | 9,870 | link | link |
| reactabular | 231 | 55 | 2,701 | link | link |
| react-data-components | 167 | 60 | 632 | link | link |
| react-table-select | 4 | 1 | 234 | link | link |
| react-infinite-grid | 96 | 19 | 215 | link | link |
| react-grid | 0 | 0 | 145 | link | link |
| react-grid-table | 65 | 18 | 50 | link | link |
Bonus: here is how to also make fixed-data-table truly lazy and never download all of the bazillion rows into memory when you only need to display about 10.
Fancy Mollusk 