I spent last week in Washington D.C., including a day at Blu Ventures’ Cyber Venture Forum, which convened people with extensive government, defense, and security and software engineering experience. The event was really instructive.

There’s vastly more energy – more demand – in DC than I realized for the next generation of enterprise software. A great deal of the demand stems from leaders’ concerns about state actors attacking critical software infrastructure. Enterprise security leaders seem to have moved on from an abstract worry that they might suffer an attack; they’re mostly certain that they will suffer an attack.

But for all the energy, there’s only so much that can get done in a given year. There’s only so much time, so much budget, so much available talent. CISOs are overwhelmed.

For instance, I met a few people frustrated by ransomware. They’re now evaluating backup solutions across their environments. The ransomware problem’s not new. The set of products they’re evaluating aren’t that new either. It really just takes a while to get this stuff set up properly across an entire organization.

One CISO told me, “Look, I get hundreds of SaaS pitches every week – are you solving my biggest problem or not?” It’s helpful to remember that the answer is usually no. It has nothing to do with how good your product is. The practical limitations that security teams deal with are just tough.

In any event, it’s nice to be back in San Francisco :)

What We’re Reading

• Fake Video of Trump and Musk Appears on TVs at Housing Agency: in some more exciting news out of D.C., monitors at the Department of Housing and Urban Development were hacked yesterday, with AI-generated video of the President sucking Elon Musk’s toes playing across the agency’s monitors. No one immediately was able to determine how the hack happened, so agency leaders decided to unplug the devices.

• Italian Police Freeze Cash from AI-voice Scam that Targeted Business Leaders: attackers impersonated Italy’s defense minister Guido Crosetto’s voice with AI, goading the owner of Inter Milan into wiring more than $1M into a bank account in the Netherlands. Authorities successfully recovered the funds. However, it’s a useful reminder: AI is a really powerful weapon for attackers.

• A Security Engineer Investigates His Eight Sleep: I’m a little too old fashioned to have one of these smart beds. If I had it my way, we’d all still be typing out T9 text messages on Nokia bricks. But for those of you who like gadgets, you may want to give this one a read. It’s a useful reminder that all connected devices invite potential security issues. In this case, it’s worth wondering do I really want everyone at Eight Sleep to know what I’m doing in bed? My dog and I will be sticking with the cheap Wayfair mattress-in-a-bag that I bought when I moved to San Francisco four years ago.

• Bybit Got Hacked and Lost $1.4B: is this the largest theft ever? It’s not clear exactly what happened here. Bybit claims that they fell victim to a “sophisticated” attack, but some folks seem pretty convinced it’s not that complicated, that it was really just a phishing attack. In any event, yikes. Bybit’s executive team insists that the company is solvent, which seems to suggest the opposite.

• Merz Wins a Messy Election, then Calls for Independence from America: there’s a new chancellor in Germany, conservative Friedrich Merz. The incumbent center-left SPD suffered a brutal defeat, particularly as the far-right AfD surged in vote share. Exactly how Merz cobbles together a ruling coalition remains to be seen. However, Merz appears to have won a clear mandate (1) to boost economic growth (2) to curb immigration and (3) unify Europe without relying on American partnership.

• Advice for First-Time Open Source Contributors: this is a really brief, practical set of tips for folks that want to get involved with open source projects. As a company that maintains an open source project, we’ve struggled a bit with helping other people to get involved. It just turns out that collaboration is hard. We’ll probably incorporate this blog post as we work on our own contribution guidelines.

Top Secret Developer Tips

I’m kind of junior varsity when it comes to Bash. I recently learned this little trick that I like. It turns out that you can use `$_` to replace the last argument of your previous command.

For example, instead of writing:

touch text.txt
vi text.txt

You could instead write:

touch text.txt
vi $_

Kind of useful!

Nerd Corner^TM

Always graph your data.

In college, I learned about Anscombe’s Quartet. It’s four different datasets, each containing eleven (x, y) coordinate pairs. Each of the four datasets looks identical when you just look at summary descriptive statistics. They all have the same mean x value, the same mean x value, the same sample variance of x, the same sample variance of y, the same x-y correlation, the same x-y OLS regression line.

But they’re all obviously different!

I recently learned about the Datasaurus Dozen. It’s the exact same idea as Anscombe’s Quartet: a bunch of datasets that share the same descriptive summary statistics. But the Datasaurus Dozen is way more fun. It has one dataset that looks like a dinosaur and another that’s a star. Here’s what it looks like:

Other Cool Stuff

• Blunderchess.net: where blundering is a strategy! This is kind of a silly chess app. Every five moves, each player gets to control their opponent’s move. I’m not sure how this plays out in terms of strategy. How do you optimize your position to make a disastrous blunder impossible? We tend to like chess over here at SSOReady, so we may give it a try some time. Also, the code is open source.

• Make your logo liquid metal: a really neat frontend animation. I love when people are great at frontend, because I am really terrible at it. Great work from the team at Paper!

• An AI-assisted word processor: I asked around for help finding a product that’s like Cursor, but for writing. People seemed to think Lex is a good fit. I’ve started playing with it, and I’m excited to practice more. I often end up with writer’s block, and so I’m hopeful that just hitting CMD K + will help me get unstuck.

From The Archives

• (2008): Is underdog LinkedIn poised to beat flashy Facebook?

• (2012): Techcrunch’s picks: the 10 best startups from Y Combinator demo day

• (2014): Why there will never be another RedHat: the economics of open source

• (2014): Uber isn’t worth $17 billion

• (2014): Stupid shit no one needs & terrible ideas hackathon

• (2018): Paper scraps recovered from Blackbeard’s cannon

Thanks,

Ned