Let's Know Things Podcast Por Colin Wright capa

Let's Know Things

Let's Know Things

De: Colin Wright
Ouça grátis

Sobre este título

 A calm, non-shouty, non-polemical, weekly news analysis podcast for folks of all stripes and leanings who want to know more about what's happening in the world around them. Hosted by analytic journalist Colin Wright since 2016.

letsknowthings.substack.comColin Wright Política e Governo
Episódios
  • Mythos

    Mythos
    Apr 14 2026
    This week we talk about Project Glasswing, Anthropic, and Q Day.We also discuss exploit markets, vulnerabilities, and zero days.Recommended Book: The Culture Map by Erin MeyerTranscriptIn the world of computer security, a zero-day vulnerability is an issue that exists within a system at launch—hence, zero-day, it’s there at day zero of the system being available—that is also unknown to those who developed said system.Thus, if Microsoft released a new version of Windows that had a security hole that they didn’t know about, but someone else, a hacking group maybe, discovered before it was released, they might use that vulnerability in Windows or Word or whatever else to hack the end-users of that software.While large companies like Microsoft do a pretty good job, considering the scope and scale of their product library, of identifying and fixing the worst of the security holes that might leave their customers prone to such attacks, that same scope and scale also means it’s nearly impossible to fill every single possible gap: a truism within the cybersecurity world is that defenders need to get it right every single time, and attackers only need to get it right once, and the same is true here. There’s never been a perfect piece of software, and as these things expand in capability and complexity, the opportunity to miss something also increases, and thus, so does the range of possible errors and exploitable imperfections.Because of how damaging zero-days can be for both users of software and the companies that make that software, there are thriving marketplaces, similar to those that deal in other illicit goods, where those who discover such vulnerabilities can sell them, usually for cryptocurrencies or funds derived from stolen credit cards.Software companies have countered the increasing sophistication of these exploit black markets with white and grey market efforts, the former being direct payouts to hackers, basically saying hey, thanks for finding this bug, here’s a lump-sum of money, a bug bounty, rather than punishing all hacking of their systems, which is how they would have previously responded, which had the knock-on effect of sending all hackers, even those who weren’t looking to cause trouble, either underground, or actively hunting for bugs for the black market.The grey market is more complicated and diverse, and also the largest of marketplaces for those shopping around for these types of exploits. And it’s populated by the same sorts of neverdowells who might frequent the exploit black markets, but also includes all sorts of governments and intelligence agencies, who scoop up these sorts of vulnerabilities to use against their opponents, or to deny them to others who might use them instead, against them.All sorts of governments, from the US to Russia to North Korea to Iran are regular shoppers on these computer system exploit grey markets, and that has created a complicated, entangled system of incentives, as is some cases, it’s better for the US government, or Iranian government, or whomever, if the company making these systems doesn’t know about a bug or other vulnerability, because they just spent several million dollars to buy a map to said bug or gap, which could, at some point in the future, allow them to tunnel into an enemy’s computers and cause damage or steal information.What I’d like to talk about today is a new AI system that is apparently very, very good at identifying these sorts of exploits, and why this is being seen as a milestone moment for some people operating in the zero day, and overall computer security space.—On April 7, 2026, US-based AI company Anthropic announced Project Glasswing—a new initiative that is currently only available to 11 companies that’s meant to help those companies shore-up their cyber defenses before more AI systems like the one that underpins Project Glasswing, which is called Mythos Preview, hit the market.So these companies, Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks, make a lot of stuff, and in particular make and maintain a lot of vital online and device-based software infrastructure, like operating systems and all the stuff that keeps things in our apps and on the web secure.Mythos Preview is a new model created by Anthropic, similar to their existing Claude models, but apparently vastly more powerful. There are tests that AI companies use to compare the potency of their models at a variety of task types, but those are generally considered to be flawed or game-able in all sorts of ways, so the main thing to know here is that Mythos did way better at most of those tests, especially the coding, the programming-related ones, than the other, currently most capable models, the ones that professional programmers, most of them anyway, are using these days. It was also able to do impressive and worrying ...
    Exibir mais Exibir menos
    16 minutos
  • US Router Ban

    US Router Ban
    Apr 7 2026
    This week we talk about modems, WiFi, and kinda sorta bribes.We also discuss Huawei, government subsidies, and the FCC.Recommended Book: Replaceable You by Mary RoachTranscriptMany homes, those with WiFi connections to the internet, have two different devices they use to make that connectivity happen.The first is a modem, which is what connects directly to your internet service provider, often via an ethernet jack in the wall that connects to a series of cables webbed throughout your city.The second is a router, which plugs into the modem and then spreads that signal, derived from that network of city-wide cables around your home, either by splitting that single ethernet jack into multiple ethernet jacks, allowing multiple devices to plug into that network, or by creating a wireless signal, WiFi, that multiple devices can connect to wirelessly in the same way. Many routers will have both options, though in most homes and for most modern devices, WiFi tends to be the more common access point because of its convenience, these days.That WiFi signal, and the connection provided via those additional ethernet ports on the router, create what’s called a Local Area Network of devices, or LAN. This local area network allow these devices—your phone and your laptop, for instance—to connect to each other directly, but its primary role for most people is using that connection to the modem to grant these devices access the wider internet.In addition to providing that internet access and creating the Local Area Network, connecting devices on that network to each other, routers also usually provide a layer of security to those devices. This can be done via firewalls and with encryption, which is important as unprotected networks can leave the devices plugged into them vulnerable to outside attack. That means if the router is breached or in some other way exploited, a whole company’s worth of computers, or all your local devices at home, could be made part of a botnet, could be held hostage by ransomware, or could be keylogged until you provide login information for your banks or other seemingly secure accounts to whomever broke into that insufficiently protected LAN.What I’d like to talk about today is a recently announced ban on some types of routers in the US, the reasoning behind this ban, and what might happen next.—On March 23, 2026, the US Federal Communications Commission announced a ban on the import of all new consumer-grade routers not made in the United States.This ban does not impact routers that are already on the market and in homes, so if you have one already, you’re fine. And if you’re buying an existing model, that should be fine, too.It will apply to new routers, though, and the rationale provided by the FCC with the announcement is that imported routers are a “severe cybersecurity risk that could be leveraged to immediately and severely disrupt US critical infrastructure.”They also cited recent, major hacks like Salt Typhoon, saying that routers brought into the US provided a means of entry for some components of those attacks.This stated concern is similar to the one that was at the center of the Trump administration’s 2019 ban of products made by Chinese tech company Huawei in the United States. Huawei made, and still makes, all kinds of products, including consumer-grade smartphones, and high-end 5G equipment sold to telecommunications companies around the world for use in their infrastructure.The concern was that a company like Huawei might leverage its far better prices, which were partly possible because of backing from the Chinese government, to put foreign competitors out of business. From there, they could dominate these industries, while also getting their equipment deep in the telecommunications infrastructure of the US and US allies. Then, it would be relatively easy to insert spy equipment and eavesdrop on phone calls and data transmissions from phones, or to incorporate kill-switches into these grids, so if China ever needed to, for instance, distract the US and its allies while they invaded Taiwan, they could just push a button, kill the US telecommunications grid, and that would buy them some time and fog of war to do what they wanted to do without immediate repercussions; and undoing a successful invasion would be a million times more difficult than stepping in while it’s happening to prevent it.As of 2024, Huawei still controlled about a third of the global 5G market. It controlled about 27.5% back in 2019, the year it was banned in the US and in many US allied nations, so while it’s possible they could have grown even bigger than that had the ban not been implemented, they still grew following its implementation.Chinese companies currently control about 60% of the US router market, and it’s likely the local, US market will shift, reorienting toward US makers over the next decade or so. But it’s possible these Chinese companies will grow their global ...
    Exibir mais Exibir menos
    13 minutos
  • Ukraine and Iran

    Ukraine and Iran
    Mar 31 2026
    This week we talk about cheap drones, energy resources, and Russia’s invasion of Ukraine.We also discuss the Strait of Hormuz, the war in Iran, and economic asymmetry.Recommended Book: The Age of Extraction by Tim WuTranscriptRussia’s invasion of Ukraine has been pretty universally bad for everyone involved, very much including Russia, which going into the fifth year of this conflict, which it started by massing troops on its neighbor’s border and invading, unprovoked, following years of funding asymmetric military incursions in Ukraine’s southeast. Following their full invasion though, Russia has reportedly suffered around 1.25 million casualties, with more than 400,000 of those casualties suffered in 2025, alone. It’s estimated that Russia has also suffered at least 325,000 deaths, and Ukrainian officials reported confirmed kills of more than 30,000 Russian soldiers just in January 2026.As of early 2026, Russian controlled about 20% of Ukraine, down from the height of its occupation, back in March of 2022, when it controlled 26% of the country.And due to a combination of military spending, intense and expansive international sanctions, and damage inflicted by Ukraine, it’s estimated that Russia has incurred about $1 trillion in damages, about a fifth of that being direct operational expenses, and around a fourth the result of reduced growth and lost assets stemming from all those sanctions.There’s a good chance that all of these numbers, aside from the land controlled, are undercounts, too, as some estimates rely on official figures, and those figures are generally assumed to be partially fabricated to allow Russia to keep face in what is already a pretty humiliating situation—a war they started and which they thought would be a walk in the park, lasting maybe a week, but which has instead gone on to reshape their entire country and present one of the biggest threats to Putin’s control over the Kremlin since he took office.That in mind, a report from last week, at the tail-end of March, suggests that the Kremlin knows things aren’t looking great for them, and they asked Russian oligarchs to donate money to the cause, to help stabilize Russian finances. This report, which is unconfirmed, but has been reported by multiple Russian media entities, arrives at a moment in which the Russian government is also planning cuts to all sorts of spending, including military spending, but also a reported 10% across the board, to all “non-sensitive” matters in its 2026 budget.Despite these fairly abysmal figures, though, there’s some optimism in Russia-supporting circles right now, in large part because the conflict in Iran, and Iran’s near shutting down of the Strait of Hormuz, which is an important channel for the flow of international energy assets, that’s goosed the price of oil and gas, which in turn has goosed Russian income substantially.What I’d like to talk about today are the interconnections between the conflict in Ukraine and the conflict in Iran, and how Ukraine being invaded seems to have put them in a position of relative influence and authority in this new conflict in the Middle East.—From the moment Russia launched its full-scale invasion of Ukraine, the Ukrainian military, and its government, industrial base, and pretty much everyone else, scrambled to find an asymmetric means of keeping a far larger, wealthier, and ostensibly more experienced and better backed foe from just steam-rolling over them.They found that by leveraging lower-cost deterrents, like cheap rockets and drones, they could pay something like $10,000 to take out a tank or other weapons platform that cost Russia a million or ten million dollars. That’s a pretty stellar trade-off, and if you can do that over and over again, eventually you make the cost of the conflict just ridiculously unbalanced, each trade of hardware costing you very little and them a whole lot, which with time can making waging war unsustainable for the side paying orders of magnitudes more.Russia is of course making use of inexpensive drones and rockets, as well. That’s become a norm in modern conflicts, especially over the past five years or so, as cheap but capable and easy to produce models have started rolling of manufacturing lines in Iran and Turkey, allowing them to become popular sources of single-use but quite agile and deadly aerial weaponry.Ukraine has gone further than most other entities, though, as they’re immensely incentivized to get this right, and to put their full support behind anything that gives them the upper-hand against what’s still a powerful and otherwise overwhelming invading force. And this patchwork of companies, independent and government supported, large-ish and tiny enough to operate under constant fire and in wartime conditions, has since scaled-up so that they’re expected to manufacture about 7 million drones of many different varieties in 2026.This scaling has attracted a lot of ...
    Exibir mais Exibir menos
    12 minutos
Ainda não há avaliações