The Silk Road marketplace saga was one of the most bonkers tech stories of our time

The Silk Road was the first modern dark web marketplace, an online place for anonymously buying and selling illegal products and services -- mostly illegal drugs -- using Bitcoin. The creator ended up with a life sentence in prison. But before the feds shut it down, someone stole bitcoin from the site. And by the time they found it in the floor of the hacker's house, that bitcoin was worth $3.3 billion!

Here's the incredible story of the Silk Road marketplace.

Zero trust in plain English

Everybody's talking about the zero trust security model. And there's a very good reason for that: It's one of the most effective cybersecurity approaches ever invented. Zero trust takes a “default deny” security posture. It uses microsegmentation and least privileged access principles to stop intruders. But what does all this mean? Here's why zero trust works when everything else fails in terms everybody can understand. 

The one real problem with synthetic media

Real life comes at you fast. Fake life comes even faster.

Content creators, marketers, company bloggers, and others are rushing to take advantage of the new synthetic media trend.

AI-generated synthetic media is arguably the most exciting realm in technology right now. Some day, it will transform business. But for now, it’s a legal third rail you should avoid. Here's why

Twitter is the new poster child for failing at compliance

All companies have to comply with privacy and security laws. They must also comply with any settlements or edicts imposed by regulatory agencies of the U.S. government.

But Twitter now finds itself in a precarious position and appears to be failing to take its compliance obligations seriously. The case is a “teachable moment” for all organizations, public and private.

The cybersecurity takeaway from Twitter’s verification chaos

On Twitter, a notable person verifies who they are, and now they’re verified for all time (or until a billionaire buys the service and changes the verification policy). Whether verified or not, Twitter users must authenticate themselves with passwords and phone numbers.

Verification usually happens one time in any given system. Authentication is a repeated act to demonstrate that the person accessing something is, in fact, the person previously verified. Verification is: “Here’s proof that Mike Elgan is a specific person.” Authentication is: “The person attempting to gain access to a system is, in fact, specifically the previously verified Mike Elgan.” 

Like Twitter, organizations of all types need both verification and authentication.

Reframing our understanding of remote work

It's time to retire the stale old narratives about remote work, hybrid work, and flex work.

Is remote work temporary or here to stay? Are remote workers goofing off or more productive? Is hybrid work a compromise between employees who want remote work and managers who do not?

These questions are obsolete.

Remote and hybrid work, in fact, are here to stay.

So the only remaining question (which isn't asked often enough) is: How do we make remote work perform best — for ourselves and our organizations?

How posture management prevents catastrophic cloud breaches

We’ve all heard about catastrophic cloud breaches. But for every cyberattack reported in the news, many more may never reach the public eye. Perhaps worst of all, a large number of the offending vulnerabilities might have been avoided entirely through proper cloud configuration.

Many big cloud security catastrophes often result from what appear to be tiny lapses. For example, the famous 2019 Capital One breach was traced to a misconfigured application firewall.

Could a proper configuration have prevented that breach? Absolutely. But the problem isn’t as straightforward as a single error enabling a specific attack since many organizations have massive numbers of misconfigurations.

The difficulty is finding and fixing all the configurations which constantly arise because of dynamic and complex cloud activity. As time goes on, it’s increasingly clear that the challenge must be met with good cloud security posture management.

ChatGPT: Finally, an AI chatbot worth talking to

AI chatbot experts are all talking about — and talking to — a newish research project from artificial intelligence research organization OpenAI. It’s called ChatGPT.

It was only this last summer when DALL-E 2 took the world by storm and transformed the public’s understanding of what’s possible with AI art. I believe ChatGPT will make a much bigger impact, because its results are far more useable and useful to a wider range of people.

Inside the second White House Ransomware Summit

Ransomware is a growing, international threat. It’s also an insidious one.

The state of the art in ransomware is simple but effective. Well-organized criminal gangs hiding in safe-haven countries breach an organization, find, steal and encrypt important files. Then they present victims with the double incentive that, should they refuse to pay, their encrypted files will be both deleted and made public.

In addition to hundreds of major attacks around the world, two critical ransomware incidents — the Colonial Pipeline attack and the attack on US meatpacking company, JBS — proved that this threat could no longer be ignored. In fact, American financial institutions lost $1.2 billion in costs associated with ransomware attacks in 2021, according to data reported by banks to the U.S. Treasury Department.

Incidents are on the rise, ransoms are on the rise, and the world has finally had enough. And so last year, the White House launched an initiative to attack the problem. Here's what happened. 

It's time to talk about productivity again

Remember when everybody used to obsess over productivity? That conversation has fallen out of fashion in recent years. But it's time to bring it back.

The reason is that productivity crashed this year.

A productivity decline in the second quarter of this year was the largest ever recorded by the Bureau of Labor Statistics. (It recovered very slightly in the third quarter.)

Changes in productivity appear to shed light on the remote work/work-from-home trends. A simplistic view is that productivity went up when more people worked from home, then crashed when many were forced to come to work again.

I'm a strong advocate for remote work, but I think this conclusion is wrong.

What is it about Provençal cuisine that makes it so irresistible?

Great farmers, highly skilled chefs, a long tradition of country cooking, a brilliant Mediterranean fishing coastline in the South of France, the world’s greatest farmland and the double influences of French cooking specifically, and Mediterranean cooking generally. And truffles! 

Provence is also one of the world’s great wine countries. 

Like Italian and Greek food culture, Provençal gastronomy is a “cuisine du soleil,” a profoundly Mediterranean cuisine based on seafood, olive oil, beans, herbs and plenty of vegetables. 

Provence dishes favor the world’s tastiest lamb; most amazing produce like tomatoes, cherries, berries and more; a delicious salmon-looking trout called the Sorgue trout; and many other incredible ingredients. 

But it’s also specifically French, with the world’s greatest cheese, wine and bread.

But here's why the food of Provence is so amazing

I'm on TWiG!

Don’t miss This Week in Google, with hosts Leo Laporte, Jeff Jarvis, Ant Pruitt and guest: Me! Watch here now.

We talk about the FTX celebrity fallout, Elon Musks Twitter blunders, the end of Protocol, the Swifty Ticketmaster crunch, all manner of Mastodon matters, Amazon layoffs, narcissistic billionaire troubles, the fate of Evernote, birdsong, NASA’s moon launch, Google Wallet on Fitbit, Android Auto and more!

Subscribe to TWiG.

Get the show notes, download, associated links and more.

Get episodes ad-free by joining Club TWiT!

How the DNSChanger shutdown changed cybersecurity

On the morning of July 9, 2012, the world braced for an “internet doomsday”: a full-scale crash of the global internet.

Except it didn’t happen. And that non-event represented the culmination of a long and successful coordinated action taken between a huge number of organizations, spearheaded by the FBI.

It was one of the most remarkable operations in the history of cyber crime, and it led to lasting changes in how professionals think about and defend against malicious cyberattacks. 

Here's how the DNSChanger malware reaction changed cybersecurity forever. 

Why are cloud misconfigurations still a major issue?

Cloud misconfigurations are by far the biggest threat to cloud security, according to the National Security Agency (NSA). The 2022 IBM Security X-Force Cloud Threat Landscape Report found that cloud vulnerabilities have grown a whopping 28% since last year, with a 200% increase in cloud accounts offered on the dark web in the same timeframe.

With vulnerabilities on the rise, the catastrophic impact of cloud breaches has made it clear that proper cloud security is of the utmost importance. And so the question arises: Are your organization’s misconfigured cloud resources being advertised to malicious hackers?

How ‘synthetic media’ will transform business forever

The biggest technology-driven trend to affect business in the coming years is synthetic media. Yet this phrase is rarely even uttered in boardrooms and on Zoom meetings.

It’s time to clarify what synthetic media is, and why it’s going to be so impactful.

Synthetic media is any kind of video, pictures, virtual objects, sound or words that is produced by, or with the help of, artificial intelligence (AI). This category includes deepfake content, text-prompted AI-generated “art,” virtual content in virtual reality (VR) and augmented reality (AR) environments, and other new content types.

Many synthetic media tools started as obscure academic research or limited-beta online playthings. But it’s now on the brink of making a colossal splash in business, marketing, media and, well, human culture.

How colossal? In the book “Deepfakes: The Coming Infocalypse,” author and synthetic media analyst Nina Schick estimates that some 90% of all online content may be synthetic media within four years.

Here's why media is going synthetic

Digital nomad pro tip: Don't skimp on a backpack!

My backpack failed me in the worst way. The zippers failed at the Marseille Airport rental car lot. The backpack was less than a year old. 

In October of last year, I bought the Endurax Camera Drone Backpack. I liked it because it had a flat drone launching pad, a rain-proof cover, lots of space and cost only a hundred bucks on Amazon

Big mistake. 

The front panel, which exposed the entire innards of the backpack, closed with two zippers, which met in the middle. 

Some months ago, one of the zipper's sliders slipped off the "teeth" or "chain" of the zipper. It was inconvenient, but I kept using it with the other zipper. 

Then, a couple months ago, the second zipper slipped off as well. I had to carry the backpack horizontally with both arms in front of me to the rental car. (I understood the possibility of using pliers to re-connect the sliders. But I had lost faith in the zipper.)

Once we arrived at our apartment in Provence, I used the mini day pack that attaches to, and came with, my Meridian rolling luggage. The pack is handy, but it's really a minimal, poorly protected skimpy backpack. That's what I used for the next two months. I carried it across France, Spain and Morocco. I wore it in the Sahara desert. 

In that tiny backpack I squeezed my brand-new M1 MacBook Pro, my iPad Pro and my Sony A7 III dslr into the backpack, using T-shirts for padding. 

During two months of travel, the flimsy backpack damaged the expensive Pad & Quill cover for my laptop, and probably damaged my camera. It was painful to wear. When it rained, I had to take shelter because I knew the backpack couldn't handle the rain. 

It was a stressful, painful two months, thanks to the failure of my backpack. 

But no more. 

I just bought the Peak Design 45L Travel Backpack (pictured above). It cost three times the amount as my previous backpack, and worth every penny. It has super high-quality, waterproof zippers. All the materials are extremely high quality, plus it has a gazillion great features that you can research if you're interested (mostly around the designs for wearability, access and straps). It's really an incredible backpack. I also bought a small "Camera Cube" to optimize the protection and use of my DSLR. 

My point is not to praise the Peak Design backpack specifically, but to offer the following advice: Don't fuck around with your backpack purchase if you're an internationally traveling digital nomad, especially one like me who carries expensive gear. 

My attempt to save a few bucks almost cost me thousands of dollars in damaged equipment, nearly wrecked my back and created needless stress while traveling. 

When you buy a backpack, get one that will not fail you. When you're abroad carrying expensive gear, backpack failure is not an option. 

What CISOs want to see from NIST’s impending zero trust guidelines

Cybersecurity at U.S. federal agencies has been running behind the times for years. It took an executive order by President Joe Biden to kickstart a fix across the agencies. The government initiative also serves as a wake-up call to enterprises lagging in getting zero trust up and running. 

There’s much to be learned, and much to be gained, by CISOs from NIST’s zero trust guidelines. Above all, understand that the zero trust era is truly here.

Quit quitting on the quiet quitters

Though definitions vary, quiet quitting is the deliberate withholding by an employee of their full potential effort at work.

The Gallup organization calls "quiet quitters" "actively disengaged workers," and their percentage has, in fact, risen in the past two years.

But the "quiet quitter" label is new, enabling the concept to go viral on social media.

Technically, the phrase is misleading. Quiet quitting is explicitly undertaken as an *alternative* to quitting. 

But quiet quitting represents a breakdown in communication. And that's the biggest problem. The problem isn't the "quitting" (that isn't quitting). The problem is the "quiet" part.

It's time to communicate. So don't quit on the quiet quitters.

Nearly all surveyed voice actors fear being replaced by AI

A survey by the UK's union for performing arts workers, Equity, found that 93% of audio artists thought AI posed a threat to their jobs. 65% of all members thought the same. 

AI-based audio tools aren't in the union, don't get tired and work super fast. Audiobook.ai, for example, can create an audiobook in 10 minutes in 43 languages. Great piece in the Financial Times