Beautiful Leaves in the Smokies. When to See Them, Where to Find Them. Fall of 2023

I love fall in the Smokies. I absolutely love to hike them when I can during the fall.

It can be tricky. depending on the weather the leaves can be green one weekend, at their height by the next and mostly dead a few days later. Still, I’ve never gone wrong trying.

Animated map of when the leaves in the United States are projected to change
Animation by The Washington Post, original image from SmokyMountains.com

Each year SmokyMountains.com puts out their Fall Foliage Prediction Map — a national map — that estimates when leaves will be at their peak.

Of course it is an estimate, but I have yet to find anything else that is close.

If you love the fall and the outdoors, this is a wonderful map to look at today, to plan your perfect weekend this fall — Oct 2nd, 9th or 16th in the Smokies,

Also worth noting: the elevation change in the Smokies (3,000+ plus) means that at any time different elevations will be at different periods. There are easily three different levels where both the tree types and the leaves change. Generally, the further up you go the more coniferous (pine & fir-like) there are, which makes the heights great places to view, but often less colorful themselves.

Some Great Smokies Viewpoints

This isn’t regurgitated guide books, this is all from my own explorations!

Drive to Newfound Gap — you can drive here, no hiking required. It gives a broad view of the middle Eastview of the Smokies.

Drive or Hike to Clingmans Dome — you can drive all the way there and either look out over the Southern part of the Smokies, or hike up to the viewing tower (0.6 miles, steep but paved) and get a 360′ view.) You literally can’t go wrong.

Hike Alum Trail towards Mount LeConte — The first 2-3 miles of this hike offers excellent views. As you approach the peak there are more amazing views, but you need to prepare to hike higher. Be ready for crowds: this is the most popular trail to Mount LeConte, if you can, go during a weekday to find parking, or park at Newfound Gap and find a way to get down to the trailhead (don’t plan on hiking down.)

Hike Mount Cammerer — This is a long and difficult hike. Somewhere around 10 miles out and back. The reward is a 270′ view from an old firetower, of the mountains, mostly outside of the Smokies. I never think of it as my favorite, but I also can never pull myself away after I’m there.

Drive Cades Cove — the 11 mile loop on the West side of the park, you can get out and hike short trails (0.5 miles +/-) or stay in the car. It’s worthwhile by itself, but during the fall will be amazing.

Drive Little River Gorge Road and 441 — this will take you from Townsend on the Northwest side of the Smokies to the South side of the Smokies and back. Elevation from 1300′ to 5000’+ means you’ll see the lowest point to the highest point.

The drive along the Little River never disappoints. There are multiple short trails you can take at pull-offs, along with viewing areas all along Newfound Gap. Expect this to take the entire day over weekends, pack a lunch and something to drink. (Bathrooms at Metcalf Bottoms, the Gatlinburg Visitors Center, and Newfound Gap).

Drive the Parkway — Two sections of road outside of the main park, East and West of Gatlinburg, each offers pull-offs with amazing views of the mountains.

Drive Greenbrier Road — I’ve only been here once, and during the winter. It’s main advantage is you can drive along it, making it very accessible.

Dozens of easy trails exist throughout the park. The Cosby Campground is full of them, Little River Road has multiple pull-offs with short trails that typically have adequate parking, the Cades Cove campground has accessible trails that can go as short or as long as you’d like, Middle Prong Trailhead near the Tremont Visitors Center also allows you an easy hike along a creek, and there are drivable areas in the East side of the park that I have barely explored.

Photos

Edited to show t the Smoky Mountains at their finest.

Creek crossing on hike to Alum Bluffs in the Great Smoky Mountains. iPhone 12 mini
Carsten, Katie & Elyonah Addington walk a path in the Cosby Campground during the fall in the Great Smoky Mountains. Nikon d5600
Path to Laurel Falls during the fall in the Great Smoky Mountains. Minolta DiMage
View from the hike to Alum Bluffs in the Great Smoky Mountains. iPhone 12 Mini
Leaves during the fall in the Great Smoky Mountains. Minolta Dimage
View from Alum Bluffs during the fall in the Great Smoky Mountains. Nikon d5600
Leaves during the fall in the Great Smoky Mountains. Nikon d5600
Pull off on Clingman’s Dome Road in the Great Smoky Mountains during the fall. No hiking required. iPhone 12 Mini
Creek at the Cosby Campground during the fall in the Great Smoky Mountains. Nikon d5600
Pull off near Newfound Gap in the Great Smoky Mountains, no hiking required. Nikon d5600

Live Views

Want to know before you go? I’d always recommend asking your friends on Facebook first, but there are also webcams that will give you a pretty good idea of the colors.

Skypark Live Web Cam
Newfound Gap — you may need to visit this page to ensure you have the latest image.

MGM Taken Down, Caesers Paid Up

MGM was completely taken offline this week. Multiple casinos and hotels down, slot machines unable to pay out. It’s one of the biggest cybersecurity messes that has been made public (they can’t hide it!)

Caesers reportedly was in a similar spot, but they paid up instead.

It seems like most people don’t take us cybersecurity pros seriously when we say this can happen. I don’t know how much MGM would have had to pay but:

  • Their operational losses this week will be through the roof
  • The costs to investigate and repair will be incredible
  • The lost revenue between hotel cancellations — which are forced to offer for free — and lost gambling revenue must be huge
  • The reputational losses will be long-lasting. How many MGM customers will stay at Caesars going forward just to avoid the potential hassle of working with MGM?

Of course, for MGM this on $13bn of annual revenue, so would this matter to a smaller business?

Yes. Small businesses will typically have a higher ransom or recovery cost as a proportion of revenue.

The ultimate gamble is, is it less costly to go through a cybersecurity incident or defend against one? And if the incident is less costly, is it still worth it?

Fixed — Soundcore 30Q Poor Audio Quality on macOS

I have a Soundcore 30Q that connects wirelessly to my MacBook Pro running macOS Ventura. But the sound quality went back and forth between great (headphone mode) and awful (headset mode).

After resetting the headphones, unpairing and repairing — all of the things — I finally found that Audio Hijack was causing the problem. I love Audio Hijack, but when I used the Soundcore Life Q30 as an input source it would switch modes, making music and video sound quality untenable.

Awful:

Disabled in AudioHijack, back to great:

So, posting this in hopes that the next person struggling with this admittedly super-edge case issue is able to find an answer!

BaguetteBox on WordPress without Plugins

I wanted lightboxes for images on my site. I tried a plugin but it seemed to work inconsistently, probably due to how I have my site setup.

My next option was to add a custom class to links by hand, but that seemed awful. Finally, with an assist from ChatGPT, I came up with this code and leave it here for someone else.

It scans the entire page for any a tags that have an img inside of them, where the a href has an image filename in it (jpg, jpeg, png, webp). I have the code placed in the footer of all pages to ensure it is non-blocking.

<script src="https://cdnjs.cloudflare.com/ajax/libs/baguettebox.js/1.11.1/baguetteBox.min.js" integrity="sha512-7KzSt4AJ9bLchXCRllnyYUDjfhO2IFEWSa+a5/3kPGQbr+swRTorHQfyADAhSlVHCs1bpFdB1447ZRzFyiiXsg==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/baguettebox.js/1.11.1/baguetteBox.min.css" integrity="sha512-NVt7pmp5f+3eWRPO1h4A1gCf4opn4r5z2wS1mi7AaVcTzE9wDJ6RzMqSygjDzYHLp+mAJ2/qzXXDHar6IQwddQ==" crossorigin="anonymous" referrerpolicy="no-referrer" />

<script type="text/javascript">
  
  var j = jQuery.noConflict();
  
j(window).on("load", function() {
    console.log("Window loaded");
    
    // Filter and add the class to eligible <a> tags
    var links = j('body a:has(img)').filter(function() {
        var matches = /\.(jpg|jpeg|png|webp)$/i.test($(this).attr('href'));
        console.log("Checking link: ", $(this).attr('href'), matches);
        return matches;
    });

    console.log("Number of matching links: ", links.length);
    links.addClass('baguetteBoxItem');
    
    // Run baguetteBox on the entire body
    baguetteBox.run('.baguetteBoxItem');
});

</script>		

Want to see it at work? Right here.

Kaseya/Datto RMM 2023Q3 Product Update

About This Article

None of this is confidential to the best of my knowledge. The webinar is recorded and I expect all of the new features to make their way into the documentation if they haven’t already. Quotes are best effort, I’m typing them up as they go, so they might not be exact. Some quotes have been cleaned up for grammar and spelling. Finally, the post isn’t chronological, I ordered things so that it fits into understandable narrative.

Panelists

Matthe Smit, GM of Datto RMM.

George Cochrane, Product Manager II, Datto RMM

Daniel Chaplin, Datto RMM Principal Project Manager.

Overview:

Kaseya wants to build out an RMM that is more cloud-focused. Manage M365 in the RMM.

I was (and am) EXTERMELY skeptical of the Kaseya promises to deliver new and better features after the Datto acquisition. That Kaseya didand does* – purchase companies, ask for 3 year contracts, and only then disclose the purchase is unethical. That said, between the last product update and this one, Kaseya is making actual improvements to their products.

If the product works as advertised this will be real progress. The updates shown today are aimed at things MSPs want, not just what Kaseya wants to sell.

Highlights:

  • Launch Web Remote from Autotask and other products
  • Track and record time in Web Remote against Autotask tickets
  • M365 manager — reset passwords, view logins, see MFA status, see Secure Score and more
  • Ingest endpoint data into Autotask for automatic client billing
  • Software manager will manage 200 products!

If I were a vendor that had a product that only focused on one of these areas, I’d be thinking about what benefits and features my product had over Datto RMM. Other than not being Kaseya owned (not an insignificant consideration).

*IT Glue, ConnectBooster, AuditIT, TMT, Pulseway. Some of these are good products, there is no need to be deceptive about the purchases.

Datto RMM Usage Statistics

Jobs taking too long to run: Smit promises they are working on it, “we’ve done work here.” From my personal knowledge, this has been an issue for multiple MSPs. My team has gone crazy over it.

Under the hood: upgrading to DotNet 6, especially for better performance on macOS/Linux. Count me a little skeptical, both of these have never performed at par. N.b., Smit thinks that the future of the macOS RMM is in MDM so it is tied into the operating system. I think it will only work when it is MDM.

Autotask

Autotask and BMS can now ingest endpoints for automatic billing to clients.

This is supposed to be coming for multiple Kaseya products.

This is a welcome change that could improve billing and profitability across the entire industry. I’d guess that on average, MSPs have 2-3% shrinkage. Eliminating this would be a huge gross profit boost to the industry.

The RMM/Autotask integration will be available in the new UI and… looks pretty? I dunno, it seems that for this audience it is the least useful, we’ve used the old version for years.

On the plus side, it is one less thing that requires us to ping pong back and forth between the old and the new UI.

ConnectWise setup coming in Q1 for the new UI.

Start Web Remote control sessions from “anywhere,” IT Glue, Autotask and several more that I missed.. Cochrane shows how a Web Remote session can be started from an AT ticket. AT time tracking is also now built into the web remote.

This includes recording the time entry, the same way you do in Autotask today.

“Time stamps are put in by Autotask automatically when we create time entries”

BUT you can’t add notes [outside of the time entry] yet!” “Hi Dean, yes – this should be in the November or December release”

Other tickets for a device can be pulled up inside the web remote interface. It looks like you can link the device you are remoted into to the ticket here.

In November you will be able to create tickets from the RMM.

You can now add attachments to the ticket from the Web Remote. That includes grabbing a screenshot (in November) and — maybe in the future — adding files from the endpoint to the ticket.

Great for logs, might be an issue for PII…

Datto Backup Integration

Datto SaaS backup status now available in the RMM dashboard:

It’s real progress towards a single pane of glass.

Coming in the future, link users to SaaS Backup data in the RMM:

Oddly, Spanning integration isn’t on the roadmap. (Spanning is another Kaseya product that covers SaaS backup, it predates Datto as a Kaseya company)

Azure Backups “Cloud Siris”

“Cloud Siris” devices can now back up Azure servers, no physical device required. You can spin up a virtual server through this cloud-based Siris.

myITprocess Integration

This is the same thing that Kaseya went over in their last platform-wide product update, last copy and paste into myITprocess and more direct imports.

New UI Updates

Device Deletions are now available in the new UI.

See what is pending, such as devices that are offline when you hit delete. (There are other problems here today, maybe I’ll write it up in the future)

There are “patch management improvements” such as:

  • Customize messages to end users
  • Multi language support
  • Auto-resolution for patch alerts

Notable missing: promising that patch management actually works.

Activity log is now available in the REST API.

Coming soon: uninstall software at a Global or Site Level.

Smit promises that there will be an end date for the legacy UI, but that it isn’t now. Chaplin: “We are going to start defaulting people to the new ui starting in 12.6. you will still be able to access the old UI”

SIGNIFICANTLY MORE SOFTWARE APPLICATIONS COMING TO THE SOFTWARE POLICIES. “200”

I feel like they really buried the lede here, this has been a major shortcoming. Up until now, you had to use Chocolatey or Ninite to have reasonable coverage for updates, and those come with their own problems. (Ninite: expensive, Chocolatey, either expensive or community-driven and prone to supplychain attacks.)

Custom packages may be available in the future, no plan today.

Ninite pricing:, $0.41/endpoint at 700 endpoints:

Abbreviated list of software soon to be supported in the Datto RMM software policies.

Chocolatey pricing, $16/endpoint at 700 endpoints.

I will some day understand their pricing strategy, but that sure isn’t today.

Co-managed Improvements

I don’t have a good handle on how much of an improvement this is.

Except, the agent branding by site will save me a lot of pain.

M365 Manager

900 partners have access to today, “it will be 100% available to everyone by DattoCon.”

Global View:

Client level view:

Users view:

User level details. Notice the ability to reset M365 passwords in the upper right-hand corner, and the sign-in log with location info at the bottom.

Oddly, in the Q&A a question was asked about if the M365 manager had a read-only mode, not easy to reset a password in read-only. Kaseya answered, “This first release is mostly around displaying data and managing access. We are following Microsoft’s security recommendation and always have security top of mind with everything we build.”

Agent now looks to see if computers are Azure AD joined, and will be able to link users to devices. This is like SaaS Alerts Unify built into Datto RMM.

Roadmap Summary

Events

DattoCon is sold out, “ConnectIT” events coming up:

Q&A

Google Workspace Support (like M365)

no. Gonna get M365 right first.

M365 Costs?

What was shown here today will be included in Datto RMM for no additional charge.

Will Datto add OTP integration when using IT Glue passwords in web remote sessions?

“”Not now. “We have it logged as a request,”

What about the integration problem with ITGlue, is there any progress on fixing it? In concrete terms.

“Yes – this fix will be part of the release we are deploying now. (12.3) – just added to this release today”

IT Glue in Web Remote shows me archived password vault entries. Are you aware of this, and is it on the list to be fixed?

“yes we’ve got this on our radar and it is queued to be addressed shortly.”

Is Splashtop going to be dropped at some point? I am having more and more issues with it…

“Nope, we have no plans to remove it. We want to give people the option for what works best for them. We will be continuing to improve Web Remote but there are no plans to remove any remote technology.”

I agree that Splashtop is not a tier 1 solution at this point.

Will the ALT+TAB be supported in web remote?

“Good idea.” Uhm, yeah.

Will Web Remote replace the ‘agent browser’ in the future? Or will you still invest time in it, and update the agent browser look and feel?

We do not currently have plans to update the agent browser. We are working on adding more functionality to web remote but have no plans to remove the agent browser.” Yeah good call, the agent browser is awful. It would be nice if they made it less awful until all of its features are integrated into the Web Remote

How can I filter out AT companies – we have a ton that aren’t needed in DRMM, but the mapping seems backward. Every site maps to a company, but not every company maps to a site.

“[We] understand your point, but there were two factors that we wanted to prioritize for this – having multiple sites map to a single company, and the ability to easily “add a new site” for those that don’t exist yet. The tables can be filtered down to show “unmapped only” which can help sift out those you don’t need to see”

Can the Web Remote provide separate menu items to remote, chat or PowerShell?

[No], “we have had some conversation for changing the UI for Web Remote so that you can switch between the chat/powershell/screenshare but we don’t have a current timeline

How do you submit ideas on the ideas portal? Will someone really read what we submit?

“You should be able to submit them here: https://rmm.ideas.datto.com/ideas. we may not respond to every comment/idea but we do look at them and see how/when we can fit them in.”

Are there any plans on adding more widgets, maybe custom widgets?

“It is something we have thought about but do not have firm plans for that right now”

Will the mystery device issue be resolved in the latest release?

No open issue to my knowledge. This is generally related to AV “sandboxing”. https://rmm.datto.com/help/en/Content/3NEWUI/Devices/MysteryDeviceRecords.htm?Highlight=mystery

This is a bad answer. Yes, there are technical roadblocks. I’m confident that Datto/Kaseya could overcome them. Maybe a blog post for another day.

Will Ransomware Detection require a paid license in the future (as expected) or will it remain free indefinitely?

“We do not have a blanket approach, it is determined on a per customer basis” Ha. Negotiate well my friends.

Will quick jobs get an option to set an expiration upon creation, either as a default or user specified?

“We have no plans to add an expiration for quick jobs.” This is a bad answer. The problem is that if you trigger a job and it doesn’t run now — say the device is offline — it will run whenever the device turns back on. If it is user-impacting, or restarting a service (say DNS), it will now happen a point you don’t control. There ought to be a default setting for quick job expirations, I’d say an hour.

When will server metrics be added to the API?

No firm timeframe on it, “but we working on splitting off some of our engineers to be dedicated to the API so we can have more improvements there”

Any Patch management for MAC computers coming in the future?

“Yes, we are hoping to address that in Q1/Q2.” Yeah maybe. You can use softwareupdate -l to get data and other flags to install them, so it certainly is possible.

usage: softwareupdate <cmd> [<args> ...]

** Manage Updates:
	-l | --list		List all appropriate update labels (options:  --no-scan, --product-types)
	-d | --download		Download Only
	-i | --install		Install
		<label> ...	specific updates
		-a | --all		All appropriate updates
		-R | --restart		Automatically restart (or shut down) if required to complete installation.
		-r | --recommended	Only recommended updates
		     --os-only	Only OS updates
		     --safari-only	Only Safari updates
		     --stdinpass	Password to authenticate as an owner. Apple Silicon only.
		     --user	Local username to authenticate as an owner. Apple Silicon only.
	--list-full-installers		List the available macOS Installers
	--fetch-full-installer		Install the latest recommended macOS Installer
		--full-installer-version	The version of macOS to install. Ex: --full-installer-version 10.15
	--install-rosetta	Install Rosetta 2
	--background		Trigger a background scan and update operation

** Other Tools:
	--dump-state		Log the internal state of the SU daemon to /var/log/install.log
	--evaluate-products	Evaluate a list of product keys specified by the --products option
	--history		Show the install history.  By default, only displays updates installed by softwareupdate.

** Options:
	--no-scan		Do not scan when listing or installing updates (use available updates previously scanned)
	--product-types <type>		Limit a scan to a particular product type only - ignoring all others
		Ex:  --product-types macOS  || --product-types macOS,Safari
	--products		A comma-separated (no spaces) list of product keys to operate on.
	--force			Force an operation to complete.  Use with --background to trigger a background scan regardless of "Automatically check" pref
	--agree-to-license		Agree to the software license agreement without user interaction.

	--verbose		Enable verbose output
	--help			Print this help

New White House Situation Room

The White House released photos of the situation room after a makeover. It now looks the way that we all imagined it did.

The old situation room
The renovated situation room

The highest-tech photos: the communications center:

What struck me in 2014 when the White House released photos of the Obama administration watching the operation that took out Bin Laden was how small it was. It isn’t clear from these photos if it is any larger, both seem to show 6 chairs on either size plus one one the end for the president.

The Scammers Are Warning Me

Some days you can’t make this stuff up.

A relatively easy way to get around spam/phishing filters is to send phishing emails from a legitimate source. Google Groups — real-life mailings lists from Google — have become a popular option recently. On the surface they look like an email from the Geek Squad or something, even though they are actually a phishing email.

To send someone an email from a Google Group you need to add them to mailing list first, and this is where the new accidental, warnings come in: Google emails me when I get adding to a phishing group:

This is a legit email, basically just letting me know that I’ve been signed up for a mailing list. But, of course, Geek Squad is NOT using Google Groups to send me emails, the scammer abduasah[at]gmail.com is.

The next email from this group will be a renewal notice “from” the Geek Squad asking me to call to cancel a service I don’t have…

What Made the Lahaina Fires So Destructive? “The truth is that I believe that God was angry”

The Washington Post published a relatively short article with analysis of the fire based on video, along with showing some of those videos.

I recommend you read the article but here is the short version:

  1. There are three major land parcels that run north to south on the West side of Lahaina.
  2. None of the three landowners took significant responsibility to keep the land free of grasses that created a tinder box
  3. The fire started by a down power line; the Maui fire department said they had contained it in the morning
  4. But by the afternoon things had dried out and the fire restarted.
  5. The direction of the wind ensured that the fire actually warmed up and dries out fuel further down its path. Combined with all of that grass, and eventually hitting areas of the town not built to withstand fire, it all went to hell

But the most interesting part of the story is the absolute denial of responsibility of any of the landowners. I’m sure that there will be more blame to go around, but this is ridiculous.

Developer Peter Martin, who was reached by phone, told The Post that the invasive grass was a “red herring” to divert attention from the government’s water resource regulations, which he said were so restrictive that they prevented farming or development of the land he owns. “The truth is that I believe that God was angry,” Martin said, that these lands were not being used “as God intended.”

(Large parcel land owner)

Good lord.

“We have managed our lands in an effort to heal the ʻāina (land) and create a thriving resource for our lāhui (community),” said Sterling Wong, a spokesperson for the Kamehameha Schools.

(Large parcel land owner)

Yes, well, it’s cauterized now.

The state’s Department of Land and Natural Resources (DLNR) told The Post it has tried to mitigate fire risk with limited resources, including applying for federal grants to create fire breaks and reduce invasive species across state and private lands in West Maui.

(Large parcel land owner)

The only honest response, perhaps an acceptance of responsibility but not a straightforward denial.

Large land ownership by parcel near Lahaina. By the Washington Post

More stories will come out and there will be more blame to go around (unless God takes responsibility): these parties should still take responsibility for their own inaction. People burned to death over this inaction.

Post-Webinar Thoughts on Huntress’ M365 MDR

Some initial analysis on their newly announced product:

An MDR/SOC solution for 365 is very attractive right now, if I know that it works, but I don’t know that: Huntress didn’t provide any objective data that their protection works.

Huntress never fails to put on an engaging marketing event: that includes their ability to dig into technical details of attacks, and narratives, instead of a focus on their service or tool.

Kyle also didn’t inspire a lot of confidence that their MDR is fully baked. To dig in for a moment: I really don’t understand how they can possibly have 486 incidents across 730k users1, that seems impossibly low. With about 2m events per day that is 0.000162 events per day. I went back to re-listen and this is what they said, “[we] went back and checked these numbers right before we went live.”

I also don’t understand how it is different than Rocket Cyber. I wished I had dug into that. That matters quite a bit: RC’s SOC is more proactive in remediation across a much wider range of tools. It’s not clear why Huntress’ SOC would be any better and could be worse. RC is also a quasi-SIEM, which Huntress clearly is not.

Some of the things that were missing are important. They can’t block any logins. They don’t support geo-fencing (and unreasonably dump on the idea). MFA isn’t in the reports.

Their response appears to be limited:

Question: What are some remediation steps that Huntress can take in M365?

Answer: A Huntress analyst can disable and lock an account without partner intervention. We can also provide an assisted remediation to remove malicious inbox rules. We also provide manual remediation steps beyond that to kick out threat actors.

Is this MDR or quasi-MDR?

To sum it up: I’m not sure how this is different from any other SOC, except for it’s brand name and narrow focus.

  1. In the comments Huntress (Josh) said, “730K *identities* includes a lot more than users!
    ” but the slide clearly said “monitored users” ↩︎

Huntress MDR for Microsoft 365

This post is from the live webinar put on by Huntress on August 30th, 2023. The style is half product, half attack stories, similar to the endpoint marketing.

About This Article

None of this is confidential, a point Huntress (Rich) made explicitly during the webinar. Quotes are best effort, I’m typing them up as they go, so they might not be exact. Some quotes have been cleaned up for grammar and spelling. Finally, the post isn’t chronological, I ordered things so that it fits into understandable narrative.

Panelists: Kyle Hanslovan, Nadya Duke Boone, Josh Lambert (Sr. Project Manager), Chris Bisnett (CTO and Founder), Kyle Hanslovan (CEO). 400+ attendees.

Early access pricing, good through end of September. Lock in price for 2 years.

An interesting tidbit, Huntress is a fully remote company. I assume that they bring this up to demonstrate why they are in a unique place to create MDR for 365.

“We’re providing real fucking value.”

Kyle Hanslovan

Kyle and Chris think that there is not another product that does something like this. Chris: I ” feel like we’re pretty big, but there has to be some other MSSPs consuming a lot of data.”

Overview

This is like Huntress for M365 instead of for endpoints: it is a “fully managed” MDR tool. It looks at events inside M365 and flags them for human review at the Huntress SOC. Remediations can be taken from there, either by the SOC or the MSP.

Those are the two primary selling points: it’s managed, and there is a human looking at it.

It is clearly a competitor to SaaS Alerts and probably RocketCyber as well. I don’t see why most MSPs would use more than one of three of these. (It isn’t clear where Augmentt fits in)

You can skip to the questions and get the jist of the rest of it.

“Why did we build this?”

“We’re gonna go where the hackers go.”

Kyle: “If you wait [to launch a product] until you [have everything perfect] you waited to long… this was our approach to endpoints.”

Is this an MVP? “This is a Huntress-ready product… remember that V in MVP… a product that will take care of your ass.”

Chris: When we [originally] started, Huntress noticed that everyone had antivirus but it wasn’t preventing attacks. Context helped solve that, files that weren’t clearly malicious in the temp directories, etc. [I.e., this is the same idea]

History of Huntress product development:

Kyle: “You can see what we built and released in 2015 isn’t anything like what we’re offering in 2023”

Kyle: [Even] Microsoft is experiencing their own issues. [See post/tweet to the right here]

Hacker tradecraft is changing, shift towards identity theft.

“The tradecraft is still really immature.”

[I think Kyle said that they started going after mid-market and enterprise? not sure]

Huntress even went to Blackhat — sounds like to go after enterprise customers.

Product Demo

Chris: “We really believe in building for the future.”

Use CSP to add tenants. A second account is required to implement. An Exchange license needed for a smooth implementation, to handle inbox rules and “a tighter integration.

The CSP account needs… basically permissions to everything.

“We require a bunch of roles. You can see the exact roles we need via our KB:

https://support.huntress.io/hc/en-us/categories/19906075516051-Huntress-Managed-Detection-and-Response-for-Microsoft-365

Huntress pulls all of your tenants in CSP and lets you map them to Huntress customers. You can only integrate a single CSP at a time.

You can MFA report across all users.

What is Huntress Seeing?

Kyle: “When you build an early product, you don’t always see what you were expecting.”

This is a fully managed MDR product.” The third incident would not have been captured without humans looking at it. “Managed teams and managed security can really be a win.”

Event Data

730,000 users monitored already, 486 incidents reported. [That seems really, really low to me]

Sample Incident — Huntress Says This Was Real

Attacker gets in

Chris says this was happening over ExpressVPN

Foothold established

Attacker able to regain access [until huntress kicks them out]

Second Incident Example – Weird Rules

RSS rules are created, but travel is all over the place, changed from Windows to macOS

Third Incident – Shadow Workflows

Huntress has even seen attackers create their own MFA inside M365.

Roadmap

Uses Microsoft Graph to pull in data. On a per-user basis, expects that to change this year [so per user licenses aren’t needed?]

Chris: Other products that came before us use polling and try to see what changed between polls, that has its own limitations, it doesn’t scale.

Chris: This is MDR today, but we’re going in a direction for Managed Microsoft 365. You’ll see us adding configuration among other things.

Kyle: The Three Best AVs

[Kyle takes a brief left turn here]

These change up, management is key: S1, Defender and high-end version of CrowdStrike. “I’d say Huntress managing Microsoft Defender will crush it all day… you’re not going to get a better offer. [A number of] our partners run huntress and S1 side-by-side [so you can do that].”

James: “…we definitely can be used in tandem with SentinelOne, however there is a lot of crossover with between us, we definitely should chat, I’d get in touch with your Channel Account Manager to help with that decision further”

M365 Licensing

No topic had more questions than what licensing is required. Currently, P1 is required per user. This is expected to change in September with a change in how Microsoft handles logging and licensing.

How does this compare to SaaS Alerts?

Huntress doesn’t hold any punches here, which is appreciated.

So, is a product like SaaS Alerts a competitor? If I am about to sign a multiyear contract with SA or Huntress, do I need or want both?

SaaS Alerts would be a competitor to MDR for Microsoft 365 – if you’d like some information on how we differ to help you decide which to use, please do reach out to your Channel Account Manager

Can Huntress MDR for 365 work with tools like SaaS Alerts?

We do not currently have an integration planned with SaaS Alerts. [There is no reason that they would, this is clearly a competing product at the core.]

Is there any other selling points as far as differences between you guys and SaaS Alerts?

Everybody is looking at the same data! We think the human element between you and those alerts is REALLY REALLY important!

Do you plan on having recommended conditional access policies, similar to SaaS Alerts? Also we’re finding DNS filtering being important does Huntress recommend any products on this or may have something in the pipeline?

“This is definitely on the roadmap. Stay tuned, we should get to talking about this soon.” [Unclear if this is about SaaS Alerts or DNS filtering]”

What Isn’t On The Roadmap

  • Email filtering
  • …other products… Chris Bisnett says that for other products, “you can expect a similar path,” but I didn’t hear him give us any specific answers.
  • Email analysis: “We do not analyze email content with this product”
  • DLP

Questions

Pricing & Billing Questions

Is Pax8 on the roadmap?

If we went through Pax8, it would be 20% more expensive than buying direct to make up for the margin they charge us to sell through Pax8. Even though we love the Pax8 team, our partners have given us the feedback that paying 20% more isn’t worth the benefit of consolidated billing Pax8 provides.

Kyle Hanslovan

How much?

No real answer: “[W]e currently have Early Adopter pricing available. If you have a Huntress account manager already, reach out to them for more details.”

Will the pricing information and documentation be sent to us after this meeting?

It won’t be sent as part of the webinar follow-up email, but it also isn’t a secret! Feel free to reach out to feedback, sales, or your account manager for more info.

is there an NFR program for internal use?

Yes

What is a billed user? a m365 with any m365 license or only licenses with email? Unlicensed users? Shared Mailboxes?

We do our very best to ONLY bill you for actual user identities. It’s a little more difficult to discern that with something on the order of 3000 different license types out there. If you see a license type listed as “billable” that you think shouldn’t be, you can always reach out to Support to get some clarification.”

Feature Questions

Can you push MFA and verify that it’s enforced?

“We do not currently make config changes to your Microsoft tenants.”

Is there a push button baseline config that automatically gets activated upon turning this on?

“Not yet! Stay tuned.” [But see the previous question]

If MDR has been connected after a breach, will this still show detection, etc. after the fact?

We will detect and report existing malicious inbox rules after you enable the integration.

I use MS365 without email, in other words email carrier is a different company. Would MDR work in this case?

Yes

MDR Response Questions

How far behind real-time does huntress detect and report an event?

We’re at the mercy of Microsoft here but generally a few minutes

Could you filter based on IP Adress registration? Example: If the IP used to login is from a known VPN host then it is blocked.

We do not block logins. If an analyst believes that a login is coming from a malicious actor (via a compromised IP), they can lock out the account

Does Huntress/can Huntress block accounts that are found to be compromised? / What are some remediation steps that Huntress can take in M365?

A Huntress analyst can disable and lock an account without partner intervention. We can also provide an assisted remediation to remove malicious inbox rules. We also provide manual remediation steps beyond that to kick out threat actors.

Can Huntress Geofence M365 logins?

Not at present

Kyle and Josh both pile on that geofencing provides limited value.

Will Huntress flag [not block] a suspicious login if it comes from a “legitimate” (Proto, etc.) VP service?

Potentially. If our SOC analysts deem that the legit VPN is being used maliciously, they will issue a report

I see that you guys are detecting events, does a ticket get generated for intervention with the MSP’s ticketing system or does this have automated responses?

We have integrations into some of the most common MSP ticketing tools out there, some of our remediation steps can/will have a ‘One Click’ button to remediate issues without the need of additional steps

Technical “How Does this Work” and Compliance Questions

Can we connect to GCC High tenant?

“..we currently don’t have GCC High tenant support…”

Is this GPDR compliant?

No, we do not have the ability to segment our data in that way. We do our best to comply with as much of GDPR as we can.

How long are logs kept?

2 weeks. [It sounds like they don’t want to be a SIEM. Not sure how they can export to partners without excessive egress bandwidth costs.]

Huntress Gets Push Notifications?

“Correct, we leverage a webhook so Microsoft pushes us data.”

Does this use CPV AppConsent API to configure CSP customer permissions on GDAP agreements, or is it a per-tenant permission acceptance?

“MDR for Microsoft 365 can do both :)”

Are you scraping/streaming Microsoft Defender for Office 365 and Microsoft Advisor recommendations as part of the MDR?

Not yet. We are ingesting events directly from the Azure logs

Other Questions

Are you guys seeing any weird reporting based on users using personal VPN services?

“We’re seeing a shit ton of personal VPN and odd nonsense when examining at scale.”

I currently use Datto for email protection and backup. Will Huntress play nice with that?

We shouldn’t interfere with any service you have for email filtering, backup, etc. We do not alter the contents of emails or look at email contents at all.

NSFW on Bing Homepage Images

Microsoft Bing is returning some NSFW images on the Images tab by default with filters on:

Screenshot of Bing Images showing a woman in a transparent dress with a visible butt.
Screenshot of Bing Images showing a woman in a transparent wedding dress with visible breasts
Screenshot of Bing Images showing a woman in a dress upside, without pants, clearly revealing her genitals.

These are from Bing Images, no search criteria, from an InPrivate window. The results are the same from multiple IP addresses. I assume that this has something to do with their integrations into OpenAI & ChatGPT.

Even the more innocuous results are… something else:

Screenshot of Bing Images showing a woman in a dress with a V neck. The image itself is not risqué, but Bing suggests that the user click roughly where her right breast is to do a visual search.

While the image itself is relatively tame it is from a Pinterest board dedicated to transparent dresses. And the default “search inside this image” includes a suggestion that you search from the bottom of the V-Neck.

These results aren’t buried deep, you don’t need to go looking, two of these are literally on the top row:

It actually gets tamer as you go further down, it appears that this is pulling from images marked “inspiring” in some way or another, especially from the number of wedding dresses that are shown (inspirations) further down the page.

It is isn’t surprising that AI would surface these, if you “Grew up” on the internet you know how much of the geeky-male culture has always pushed the envelope (4chan anyone?) and openly let fetishes come out, at least under pseudonyms.

(You might notice that there aren’t any NSFW images of men, clearly reflects internet culture)

So, it isn’t shocking that an AI would bring this sort of thing up, just that Microsoft didn’t put in some basic filters.

Bing has long been known for being more willing to serve up NSFW, but I’ve never seen something like this: where it does so by default.

Edit

I wanted a way to replicate this beyond an Incognito window and different IP address, so I west webpagetest.org to run a test that captured screenshots from a browser in EC2. The initial test (14 hours after the original post) showed at least one of the same images, if not all of them:

Screenshot from WebPageTest.org of Bing images, showing NSFW photos from a completely neutral location.

You can see one of the tests here. I can’t scroll in the test, so viewing anything below the fold isn’t possible.

Can ChatGPT Be A Doctor?

Axios has the sensational headline: ChatGPT plays doctor with 72% success.

Driving the news: A new study from Mass General Brigham researchers testing ChatGPT’s performance on textbook-drawn case studies found the AI bot achieved 72% accuracy in overall clinical decision making, ranging from identifying possible diagnoses to making final diagnoses and care decisions.

Let’s break this down a little.

Textbook Case Studies

ChatGPT depends on its training the basically read the internet and an unknown number of books. This means that it likely had access to these case studies, or something similar. In other words, it already knew the answer to the test question. This is not the same thing as a real diagnosis.

Accuracy Changes

ChatGPT’s models are incredibly opaque — even by AI standards.

First, accuracy in ChatGPT has already been observed as changing. It isn’t just ChatGPT, it is an issue with AI models more broady:

AI drift occurs when an AI system’s performance and behavior change over time, often due to the evolving nature of the data it interacts with and learns from. This can result in the Artificial intelligence system making predictions or decisions that deviate from its original design and intended purpose. In essence, AI model drift is a form of algorithmic bias that can lead to unintended consequences and potentially harmful outcomes.

Analytics Insight

Second, OpenAI puts out new version of its models every few months. You don’t notice this as an end-user, but it can make a big difference in output, and in the ability to truly test in accuracy.

To the right is a partial list of OpenAI models and the date they will be shutdown: no more access to them at all.

This means that any study done today on one of these models can’t be replicated in January. Every few months the models need to be re-tested for accuracy.

A lead AI researcher says:

“Any results on closed-source models are not reproducible and not verifiable, and therefore, from a scientific perspective, we are comparing raccoons and squirrels,” [Sasha Luccioni of Hugging Face] told Ars.

Ars Technica

Partial ChatGPT Deprecation Schedule

SHUTDOWN DATEMODELPRICERECOMMENDED REPLACEMENT
2024-01-04text-ada-001$0.0004 / 1K tokensgpt-3.5-turbo-instruct
2024-01-04text-babbage-001$0.0005 / 1K tokensgpt-3.5-turbo-instruct
2024-01-04text-curie-001$0.0020 / 1K tokensgpt-3.5-turbo-instruct
2024-01-04text-davinci-001$0.0200 / 1K tokensgpt-3.5-turbo-instruct
2024-01-04text-davinci-002$0.0200 / 1K tokensgpt-3.5-turbo-instruct
2024-01-04text-davinci-003$0.0200 / 1K tokensgpt-3.5-turbo-instruct

It is an open question if LLM models will be able to perform at this kind of level in the future, but we can’t count on them today.

This Distracts from Helpful Machine Learning

ML (AI in a more specific context) is already proven in other areas. For example, Mayo Clinic uses ML in radiology.

“Radiology has had the lead, partly because AI is driven by data, and radiology has a lot of digital data already ready to be used by AI.”

Radiology has a narrow context, and an understandable learning concept. We can define what radiological images look like and if they show areas of concern — or not. This is different from an LLM like ChatGPT where the learning scope is so broad we don’t understand it: it really is a black box. [1]

Look Beyond The Hype

You need to look beyond the hype to understand where AI is making gains today. You’ll usually find that information in less-mainstream publications, and in headlines that are non-sensational.

[1] You could argue that this is a matter of scale, and that radiology is much smaller black box. You’d be right, but the number of variables is so vastly different that it’s more than Apples and Oranges. In addition, testing radiology outcomes is relatively straightforward, unlike broader medical diagnoses.

[2] You know where LLMs work well? Summary: the SEO summary for this post was created by ChatGPT:

ChatGPT achieves 72% accuracy in clinical textbook case studies, but concerns arise over drift, model opaqueness, and frequent updates. Don’t go to Dr. ChatGPT

ChatGPT, Model GPT-4. August 3 version

Should We Really Change the Name of the Tallest Peak in The Great Smoky Mountains?

2 minutes to read

Unedited photo of view from Clingmans Dome at sunset. Nov 1, 2021, Jonathan Addington

Clingman’s Dome (6,643′) is the highest mountain in the Great Smoky Mountains, and the third highest East of the Mississippi, its current name comes from United States Senator and General Thomas L. Clingman [1].

So why is Cambell County in Tennessee — a red county if there ever was one [2] — voting to change the name to “Kuwohi?”

Cherokee inhabited the Smoky Mountains and their surroundings until their forced removal in the 1800s. Today, of course, they own nearly none of it.

“It’s not like we just occupied the land, we lived on the land,” Hill told NPR. “Our own government, towns, language, our own newspaper; we were thriving communities. Then, due to forced removal, we were forced out of our homelands.”

NPR Interview
Clingmans Dome seen from Mount LeConte, Oct 5, 2020. Jonathan Addington

You’d think that the names of mountains, rivers and valleys in the park would have several Cherokee names, but only Abrams Falls is named after any Cherokee (his Christian name). There is scant history in the form of placards or other markings of the Cherokee at all in the park.

Clingmans Dome is ‘Kuwohi’ in Cherokee — it’s original name — and it was in the middle of the Cherokee territory before their forced removal.

So, what’s the issue with General Clingman? He was a Confederate general. And he is hardly central to Clingmans Dome.

Of course, Clingman was more than a confederate general, he was a land surveyor and explored the Smokies.

So why did he get the honorific? Not because he was the first on the mountain, or the first white person to explore it, not because he discovered it.

It was named because the man who found it’s altitude — Arnold Guyot — wanted to give tribute to the man who paid for Guyot’s expedition: Clingman [3].

It’s hard to argue for anything else other than a return the Cherokee name. It was a peak central to the land taken from them, then renamed for a man who most noteworthy legacy was a rebellion against the United States.

Cambell County was not the first to suggest the un-renaming of the mountain, the Cherokee themselves passed a resolution in 2022 for the same purpose. Buncombe County, NC passed a resolution for the restoration of the name in 2022, Knox County approved of the name change in June of 2023,

Mount LeConte seen from Clingmans Dome. There is a classic cloud inversion, where the clouds are below the mountain peaks. Nov 1, 2021, Jonathan Addington

What can you do?

Ultimately this is a federal decision, not a state decision. Here are two things you can do:

  1. Share this article on social media, let your people know that it matters, and why it matters.
  2. Write your congressional representatives. This is a pretty easy PR win for any of them, so long as they believe it has something behind it.

Here is some suggested language [4]:

Dear [Rep], in 1858 the name of the mountain now known as Clingmans Dome was renamed from its Cherokee name of Kuwohi. Today, the Cherokee believe that we should restore its original name. I support this, along with communities surrounding the park, including Knox County, Campbell County and Buncombe County.

We aren’t trying to erase history: it’s the opposite, a return to history. The history of the Smoky Mountains is rich and incredible, and the Cherokee were the first settlers in and around the mountains. What is a better way to pay homage to our past and support our friends at the same time?

As someone who loves American history, the Great Smoky Mountains and our treasured national parks I urge you to suppose legislation to restore the mountain to its original name: Kuwohi.

Sincerely — your name

It is enough to just drop that message on the Contact page of their website.

Diana Harshbarger (TN), Tim Burchett (TN), Chuck Fleischmann (TN), Scott Desjarlais (TN), Andy Ogles (TN), John Rose (TN), Dr. Mark Green (TN), David Kustoff (TN), Steve Cohen, (TN), Senator Bill Hagerty (TN), Senator Marsha Blackburn (TN), Donald Davis (NC), Deborah Ross (NC), Greg Murphy (NC), Valerie Foushee (NC), Virginia Foxx (NC), Kathy Manning (NC), David Rouzer (NC), Dan Bishop (NC), Richard Hudson (NC), Pat McHenry (NC), Chuck Edwards (NC), Alma Adams (NC), Wiley Nickel (NC), Jeff Jackson (NC), Senator Richard Burr (NC), Senator Thom Tillis (NC)

Panorama of Clingmans Dome as seen from Mount LeConte, Oct 5 2020, Jonathan Addington

[1] The origin of certain place names in the United States, page 85. See it online here.

[2] In 2020 Cambell County went for Trump, 83%. “Since the founding of the Republican Party, only three Democratic Presidents, all Southerners, have carried the county.”

[3]  Tennessee Historical Society, https://tennesseeencyclopedia.net/entries/clingmans-dome/

[4] This is nearly verbatim from Cambell county Commission Tyler King, who said it eloquently.

Q3 Kaseya Product Updates, IT Glue, Network Glue, ConnectBooster and Compliance Manager

I watched the webinar, so you don’t have to 🙂

Kudos to the Kaseya team for flying through this — so much better than when vendors take 10x as long as needed. BUT, I’m sure I missed a few things here.

Overall, the changes are incremental. Nothing will rock your world. If you are an Autotask and/or Datto RMM user those incremental changes will translate to greater efficiency for your techs. (In minutes per day, not hours).

I’m hardly shilling for Kaseya here, but the updates are targeted at MSPs, it looks like more than Kaseya selling more of everyhing (or upselling, or cross selling).

IT Glue

SSO now allows for specific users to bypass SSO, in case the SSO provider goes down.

Exports can now be scheduled in the UI, or pulled in via the API.

OTP secrets are exported in the run book as well.

Offline Passwords

The ITG Browser password extension allows for offline mode for passwords — in beta. Also, it only works on Windows/Chrome. Other options are “on the roadmap” to “look into.” Comes out of beta in Q4.

Admin controls will be available. Existing permissions will carry over to offline mode, MFA and SSO still supported if ITG is offline (how does this work?)

Datto SaaS Protection Integration

They really ran through this at a fast clip. It looks like you can view all the relevant information from the ITG interface.

Spanning for Google Workspace

Similar to above, it didn’t look quite as complete.

Datto BCDR DR Runbook

Soon (December?) you can run Datto BCDR run books inside ITG. ITG says that this will help with clients who need DR runbooks on hand for compliance.

Network Glue

Automatic password rotation (September)

Password rotation is an existing feature, it now allows scheduling. ON-PREM AD ONLY. Nothing for Azure AD. (“On the roadmap”)

SNMPv3 Discovery (December)

No details given other than the headline. SNMP data can be pulled in as well, I don’t know if this is an existing feature.

Datto Networking Integration

Existing feature, it looks a lot like the Datto Network dashboard data, but inside ITG and I’d argue more readable. But, nothing here is mind-blowing.

Wifi Credentials Auto-documentation (Q4)

Save the WPA password automatically from the Datto Networking to ITG.

This is a great idea, but not exactly business changing.

Datto RMM & Autotask Integrations

Surface Documentation to Autotask Tickets

Create ticket rules to pull documentation into the ticket. At a glance, this looks like it will help junior techs, that don’t know what to search for. I can imagine — kind of — where this would be more help than time investment. In the meantime, it looks like writing a lot of rules.

Launch Datto RMM Web Remote from ITG.

ITG Checklists in Autotask

Ok, so this one I am a little excited about. You can create checklists in ITG and show them in Autotask PSA tickets.

RMM Integrations

Device passwords and documentation from ITG available in Datto RMM. If this works like they showed it, it will be great. Let techs get to documentation and passwords without jumping over to ITG.

MyGlue, myITProcess and Compliance Manager

TruMethods veteran Jeff LeClair goes over MyGlue, myITProcess and Compliance Manager. I don’t use any of these three products so take this with a grain of salt. But I didn’t see anything new in MyGlue or myITProcess. Compliance Manager will pull in data from across the Kaseya ecosystem. “No more copy and paste.”

ConnectBooster

Andy Nordin

Dashboard customizations

Move widgets around partner (your) dashboard, turn them on and off, “not quite snap to grid yet.” In the future “more widgets,” with “advanced metrics.”

“In the coming months” MSPs can turn on and off dashboard items for specific users at their clients.

Invoices Generation

Can choose HTML or PDF, based on customer. Looks like maybe (?) it can ingest PDFs from their party accounting solutions.

Notifications & Service Boards?

Andy went over something here but I completely missed it.

Is the cybersecurity job market losing steam?

The Wall Street Journal reports today (2023-08-21): More Cyber Companies Announce Layoffs. It’s not a clickbait headline, there really are companies laying off cybersecurity workers but it’s important to realize it isn’t indicative of the larger job market.

The companies listed (Rapid7, Secureworks [owned by Dell], HackerOne, Dragos) only do cybersecurity: there are not other workers to lay off.

A cybersecurity recruiting firm in the article is quoted:

The uptick in cy­ber­se­cu­rity job seek­ers gained steam late last year and is con­tin­u­ing, said Mark Sas­son, man­ag­ing part­ner at Pin­point Search Group, a re­cruit-ing firm in cy­ber­se­cu­rity.

Headlines from last year announce that cybersecurity has a 0% unemployment rate. Overall, there is clearly more demand for workers than people available to fill the roles.

In addition, the landscape still favors the bad guys. From my POV, things are marginally better for Windows based environments today than they were five years ago but by no means where the must be. The number of types of attacks to defend against mean that those of us in the industry increasingly need to use new tools to protect against cyberattacks — man power isn’t enough.

Businesses large and small will continue to rely on outsourcing major portions of security because it isn’t possible to maintain enough skill in house, only companies that offer security to many organizations can achieve the economies of scale needed at the macro level to come close to filling the cyber gap.

Finally, government regulation is finally stepping up after decades of ignoring risk. This is happening on the state level, and in multiple laws and regulations at the federal level. Some of the specifics are onerous but on the whole this regulation is needed — it essentially outlaws gross negligence on the cyber side of business.

Don’t read the article and think that the need for cybersecurity is abating— there is no end in sight.

August 20th, 2023 – Hunter Biden Roundup

Two stories on the Hunter Biden investigation today, one from Politico and the other from the Washington Post.

The Investigation

Politico’s post is a medium length read that goes over the history of the investigation.

Hunter Biden’s lawyers either threatened to put President Biden on the stand:

“This of all cases justifies neither the spectacle of a sitting President testifying at a criminal trial nor the potential for a resulting Constitutional crisis,” Clark wrote.

The Justice Department came (and comes) under fire from both sides for being political.

First, it is worth remembering that Trump worked as hard as he could to stir the pot up against Hunter Biden — which included his first impeachment because he wanted Ukraine to announce an investigation into Biden corruption.

In light of Trump’s ceaseless demands for an investigation of the first son, charging the younger Biden with tax crimes would be “devastating to the reputation” of the Justice Department, his lawyers asserted. It would look like the department had acquiesced to Trump’s political pressure campaign.

Of course, when administrations flipped, anything other than a hard line looks like going easy on Biden.

 The Wall Street Journal reported that an IRS supervisor was ready to tell Congress that political calculations were infecting the investigation. But unlike Biden’s lawyers, who argued their client was being treated too harshly because of politics, the IRS supervisor would testify that the first son was getting “preferential treatment” from a Justice Department run by his father’s appointees.

It also isn’t clear if the immunity agreement signed on July 26th was executed and is still enforceable:

Before the [July 26th] hearing, Biden and Weiss signed the pretrial diversion agreement, which included the immunity guarantee.

Finally, it is clear to everyone that any plea deal is meant to protect Hunter Biden from executive overreach from the next administration. Effectively, eliminate the option to investigate Hunter Biden in the future for anything already covered by this investigation.

The Special Prosecutor

WaPo has a history of David Weiss.

Highlights: he began as a prosecutor in Delaware, he has worked with parties all over the spectrum, under presidents Obama, Trump and Biden, as well as with Beau Biden in 2010.

The general sentiment is that he is a hard-hitting prosecutor unswayed by politics. While unbelievable on it’s face, it is worth considering given that both parties think he isn’t being fair to Hunter Biden, but for opposite reasons.

Those who have observed Weiss for yearssay his professional intersections with the Biden family over the years will have no bearing on his work as special counsel. They insist he will follow the facts and tune out the partisan noise.


“He was appointed by Donald Trump, and now if he doesn’t do everything Republicans want, they denigrate him,” said Mullaney, the former chief of staff to Beau Biden. He said it was “inconceivable” Weiss would play favorites, saying, “Hopefully he is not paying attention to all the rhetoric.”

If you’re into this sort of thing, give both articles a read.

Short Takes

Like Twitter, but only here.

Election Debt

Politico:

Rudy Giuliani’s ex-lawyers are suing the former New York City mayor for failing to pay legal fees amounting to $1.36 million they charged while representing him in numerous controversies — several of them related to Donald Trump’s efforts to overturn the election.

Robert J. Costello, a longtime friend of Giuliani, and his law firm Davidoff Hutcher & Citron LLP filed the complaint on Monday in a state court in Manhattan.

To me this just underscores how we should take America’s Mayor.

Instacart IPO Priced

From WSJ. It’s worked so well for me I’m optimistic for the company although I’m aware that face their own headwinds.

Manifest Demons

Just saw a post on FB that suggested aliens are manifested fallen angels (demons).

A friend asked me if I believe in this stuff.

Maybe.

“But all the stuff the government released.”

Uh huh.

I’m skeptical every time something sensational is released that it isn’t to distract from something else. If it was only on Thursday’s we’d know why…

US Hypersonic Missiles Primer

WSJ has a story on why the US doesn’t have any.

The really short version seems to be the long R&D breaks we took during the Vietnam War and the War On Terror. An irony lost on the authors: actual, poorly planned wars, decreased our capability for future wars.

Earlier this month DOD aborted a planned test launch.

A US Army soldier lifts the hydraulic launching system on the new Long-Range Hypersonic Weapon (LRHW) during Operation Thunderbolt Strike at Cape Canaveral Space Force Station, Florida, on March 3.

BFC

Discussion among those brave and stupid enough to compete in the Barkley Fall Classic.

Arm Sets IPO Price at $51 a Share

From WSJ. Trading starts tomorrow. If I have left cash in my E*trade account I’d be buying. As is I won’t unload other holdings to get in on the IPO.

But I’ll get me some eventually.

Missing Flight 93

Wow, look at this story from a guy who almost flew Flight 93 on 9/11. He saw the second plane his the tower from his still-on-tarmac plane window. Click to increase image size.

Tweet text: I was booked on United Flight 93 on 9/11, 2001, flying nonstop from Newark NJ to San Francisco CA. Around midnight the night before, a coworker called me urging me to change my flight to fly into San Jose instead. This meant I had to give up my 1st class seat and move to a flight that left 20 minutes later (from the same gate) with a stopover in Denver.
I was very reluctant but I did it.
When I got to the airport, I watched people boarding flight 93 and I was upset that I was not leaving earlier, in my 1st class seat on a direct flight. I didn't notice or care about the people as they were boarding, only myselt.
When I finally boarded my plane, we were 7 planes behind flight 93.
When we were 3 plans away from we taking off, the pilot told us to look out the right side of the plane because it appeared the Twin Towers had been hit by a plane. I thought it might have been a small Cessna until I saw the second plane strike the other tower.
We were grounded just before taking off. I changed that day. I now take every opportunity to get watch and if possible, get to know the people I'm boarding a plane with. I never hesitate to give up my seat for a later flight if requested. I've had two children since 9/11 and went to multiple mission trips to war torn countries. Every day I wake up breathing is another gift from God.

The Dr Pepper Diet

Nothing like your calorie tracker saying you eat less on days when you have soda…

WSJ: Don’t Try So Hard at Work

Today’s stupid WSJ headline: Try Hard, but Not That Hard. 85% Is the Magic Number for Productivity.

The premise? If you overwork yourself you lead to burnout and the magic number (can you have a magic number for “how hard” you work?) is 85%.

  1. It’s hardly news that overwork leads to burnout (see my post, You’re Not a Navy Seal)
  2. 85% is a halfway made up number. Yes, that seems to be about right for max productivity, to apply it to everyone, everywhere, across subjective areas seems… like clickbait.

Health Insurance Up 6%+ in 2024

WSJ reports that health insurance costs are expected to rise 6%+ for 2024.

My personal premiums + deductibles line up so insurance doesn’t cover anything significantly until I’ve spent $22,000 – $30,000 in combined health care and premium costs. And that assumes all in-network and covered procedures.

At some point it becomes completely unaffordable to opt into the system at any level.

Enrique Tarrio sentenced to 22 years

WaPo. He undoubtedly had this coming.

The orange Garmin inReach he wore always amused me. They are great things: made for SOS calls — typically to authorities— during backcountry expeditions.

He didn’t even have the nice one with a display, a key piece if you wanted to have GPS location available even if the grid went down.

Maybe there is some inscrutable reason for it, but it always struck me as posing at it’s finest.

I use it’s big brother when hiking.

China Hacks Residential German Routers

Risky Business News has an article reporting a warning from Germany that China is hacking home routers and storage devices.

The devices aren’t hacked for their own intrinsic worth (although that should be a concern), instead they are used so the Chinese can launch attacks from the home routers to hide the true origin of the attack.

P.S. This is why cybersecurity experts are big on NOT using home routers for business. They are notoriously easy to hack and never get the security updates that they need.

Heart & Soul

I was wanted to write something witty about this… but I just… can’t.

What even?

Definitely gonna be a WARRIOR DAD though. What else could a modern LinkedIn dad want than to be a WARRIOR?

WaPo: Families crossing U.S. border illegally reached all-time high in August

Record numbers of migrant families streamed across the U.S.-Mexico border in August, according to preliminary data … and could once again place immigration in the spotlight during a presidential race.

The U.S. Border Patrol arrested at least 91,000 migrants who crossed as part of a family group in August, exceeding the prior one-month record of 84,486 set in May 2019, during the Trump administration. Families were the single largest demographic group crossing the border in August, surpassing single adults for the first time since Biden took office…

WaPo

I don’t believe it is possible to solve this in a humanitarian way. This is what happens when you’re the richest country in the world: people want to come here.

WSJ: The Case for Trumpless Thursdays

I love it.

Dur­ing the ra­tioning days of World War II, there was the weekly event called Meat­less Tues­day. To save meat for the troops, civil­ians were asked to cut it from their di­ets one day each week… It was con­sid­ered an act of pa­tri­o-tism. Every­one, as far as I knew, went along with it.

…I won­der if the coun­try wouldn’t do well to de­clare Trum­p­less Thurs-day. This would en­tail an agree-ment on the part of all me­dia—tele­vi­sion, ra­dio and print—not to run any items about Don­ald Trump, show his face on screen or in pho­tographs on Thurs­day of every week. The coun­try would be given a weekly 24-hour rest from Trump talk.

I wish I could post the whole thing. 2 mins to read tops.

Meta rejects own board’s request to suspend account of Cambodian strongman

From WaPo. Facebook’s own oversight board recommended removing the account of Hun Sen.

Who is that? Until a few weeks ago, Cambodia’s leader, he set his son to be the successor, but the elder Sun:

Since 1998, Hun Sen has led the CPP to consecutive and often contentious election victories, overseeing rapid economic growth and development, but also corruptiondeforestation and human rights violations.

Wikipedia Article

But the foreign policy isn’t what matters here. Facebook’s internal oversight board wanted his account removed:

…based on a video he posted earlier this year where he threatened to “beat up” opponents, “send gangsters” to their homes and “arrest a traitor with sufficient evidence at midnight.”

Facebook replied that it was “inconsistent” with their policies and did not violate protocols.

What does it take to violate their protocols, if a dictator publishing video threats on Facebook is OK?

Facebook clearly does not know how to moderate content or will not. I suspect the latter.

Apple, Google, Tesla, Facebook — it’s a long list — continue to learn, and unlearn, that sucking up to questionable regimes works for profits in the short term but bites you in the long term.

And you not only lose all moral authority, you’ve actually lost your morals, caving to dollars instead of standing up to basic human rights.

Immigration & Job

Axios Headline:

Immigration is absolutely essential to a healthy US economy. If we want to avoid the reduction in the labor-force itself, and the economic problems that brings (See Japan & China) we need to replace workers.

If the US population isn’t naturally increasing at the necessary rate (it isn’t) you need to “import” workers.

There is no reason this can’t be a win-win, including increasing our global competitiveness.

Absolutely Irrelevant

The answers to this type of question in nearly any industry are 100% irrelevant to anyone.

Unless you know all 88 commenters the answers are just noise.

Residential is different from b2b. Specialty is different from general. Quality matters.

More Prigozhin

At this point I think the morbid story is interesting to most in the West as a plot straight out of James Bond — it isn’t likely to have a meaningful effect on any of our lives nor provide an accurate narrative for years.

That said:

WSJ reports that DOD thinks it was an assassination, a bomb or something but not a surface to air missile. But DOD stopped short of publicly calling it an assassination.

“Our ini­tial as­sess­ment is that it is likely Prigozhin was killed,” Air Force Brig. Gen. Pat Ry­der, a Pen­tagon spokesman, said at a brief­ing Thurs­day. It was the first time the U.S. con­firmed Prigozhin’s death.

WSJ

WSJ reports on Wagner fighters mourning Prigozhin and stating they no one “should do anything stupid.”

Chatham House: Prigozhin Might Not Be Dead

It’s not likely, but it’s not impossible.

Keir Giles, a Russia expert with the international affairs think-tank Chatham House, urged caution about reports of Prigozhin’s death. 

“Multiple individuals have changed their name to Yevgeniy Prigozhin, as part of his efforts to obfuscate his travels,” he said. 

“Let’s not be surprised if he pops up shortly in a new video from Africa.” 

Euronews

Basically every news organization that reported today on Putin’s comments has said something like: “[Putin] stopped short of explicitly confirming Prigozhin’s death.”

NPR: flame retardants found in breast milk

To quote extensively:


In the early 2000s, researchers … found high levels of toxic compounds used as a common flame retardant in household items.

The compounds… were gradually phased out…

This summer, scientists detected a new set of similar flame retardants in the breast milk of 50 U.S. women.

…they’re used in so many different products, we come in contact with these compounds in our daily lives…

…while the sample size is relatively small, “this is an interesting start…”

Researchers say it’s too early to know whether we should be worried about these new bromophenols…


Do we need to wait and see if complex chemicals are bad to be given to newborns to eat? It really seems like “no.”

(Yes, the sample size is small, but chemical testing will be relatively easy to replicate)

Not so much

WSJ and others suggest that Prigozhin’s death. I don’t think so.

It was never clear why he was still alive by the end of June. Even dead, the fissures he created in the military and his demonstration that Putin is not invincible live on.

I don’t know that a less stable Russia is good for the world.

Edit: I’m not the one one with this view: