Later On

A blog written for those whose interests more or less match mine.

Archive for January 3rd, 2021

Variations on Dutch babies

leave a comment »

Dutch babies can be consider a sweet version of Yorkshire pudding, using butter instead of beef fat or beef drippings and topped with powdered sugar, as shown in this brief video (recipe details; and a variant recipe):

And for comparison, here is Yorkshire pudding (recipe details):

My immediate thought was of variations on the recipe — for example, a Dutch baby with duck fat instead of butter, and sprinkled with (say) ground chipotle or smoked paprika instead of sugar. That would be tasty with roasted vegetables, I bet.

By varying the fat and the flavorings, you could create many varieties. The batter might include (for examaple) a dash of Worcestershire sauce and/or a small dash of liquid smoke. You could sauté some minced garlic in the fat before adding the batter. I imagine you can think of other variations incorporating flavors you like — fresh rosemary, for example, or a bit of curry powder.

Written by LeisureGuy

3 January 2021 at 7:10 pm

Posted in Daily life, Food, Recipes, Video

Covid timeline for individual infection

leave a comment »

Written by LeisureGuy

3 January 2021 at 4:35 pm

Posted in Daily life, Health, Medical

Another 52 interesting things

leave a comment »

Early last month I posted some of the 52 things Tom Whitewell had learned the previous year (with a link to his full list). I just learned that a year ago he posted a similar list, which begins:

  1. Each year humanity produces 1,000 times more transistors than grains of rice and wheat combined. [Mark P Mills]

Continue reading. There are 41.5 more.

Written by LeisureGuy

3 January 2021 at 11:47 am

A template for a good email message

leave a comment »

Via Reddit:

Dear Person I am Writing To,

This is an optional sentence introducing who I am and work for, included if the addressee has never corresponded with me before. The second optional sentence reminds the person where we met, if relevant. This sentence states the purpose of the email.

This optional paragraph describes in more detail what’s needed. This sentence discusses relevant information like how soon an answer is needed, what kind of answer is needed, and any information that the other person might find useful. If there’s a lot of information, it’s a good idea to separate this paragraph into two or three paragraphs to avoid having a Wall of Text.

If a description paragraph was used, close with a restatement of the initial request, in case the addressee ignored the opening paragraph.

This sentence is just a platitude (usually thanking them for their time) because people think I am standoffish, unreasonably demanding, or cold if it’s not included.

Closing salutation, Signature

The person who created this notes:

“People always ask me how I can fire off work emails so quickly. Nobody has figured out yet that it’s the same email with the details change as needed.”—Anonymous on the Internet.

Written by LeisureGuy

3 January 2021 at 11:36 am

Some quotations to ponder

with one comment

Selected by Kevin Kelly:

  • If you want to go fast, go alone. If you want to go far, go together. — Robin Jones Gunn
  • A foreign accent is a sign of bravery. — Amy Chua
  • To know what you’re going to draw, you have to begin drawing. — Picasso
  • The reward for good work is more work. — Tom Sachs
  • The invention of the ship was also the invention of the shipwreck. — Paul Virilio
  • If all I’d ever wanted to do was make money, I’d probably be really poor by now. — Brian Eno
  • Sell your cleverness and buy bewilderment. — Rumi
  • On average, bad things happen fast and good things happen slow. — Stewart Brand
  • What I cannot create, I do not understand. — Richard Feynman
  • Find out who you are and do it on purpose. — Dolly Parton

Written by LeisureGuy

3 January 2021 at 11:30 am

Posted in Daily life

How to Get Rich Sabotaging Nuclear Weapons Facilities

leave a comment »

Matt Stoller writes in BIG:

Happy new year. Today I’m going to write about the Russian hack of American nuclear facilities, and why a billionaire private equity executive just profiled in the Wall Street Journal as a dealmaker extraordinaire is responsible. Plus some short blurbs on:

  • The Problem with Amazon competitor Shopify
  • Ticketmaster’s Grotesque Settlement with the Department of Justice
  • Economists Non-Surprising But Important Findings about Debt-Fueled Private Equity and Covid
  • Big Tech and Diversity
  • Appliance Parts Monopolization?

Happy New Year! The password is 12345

My Password Is “Password”

Roughly a month ago, the premier cybersecurity firm FireEye warned authorities that it had been penetrated by Russian hackers, who made off with critical tools it used to secure the facilities of corporations and governments around the world.

The victims are the most important institutional power centers in America, from the FBI to the Department of Treasury to the Department of Commerce, as well as private sector giants Cisco Systems, Intel, Nvidia, accounting giant Deloitte, California hospitals, and thousands of others. As more information comes out about what happened, the situation looks worse and worse. Russians got access to Microsoft’s source code and into the Federal agency overseeing America’s nuclear stockpile. They may have inserted code into the American electrical grid, or acquired sensitive tax information or important technical and political secrets.

Cybersecurity is a very weird area, mostly out of sight yet potentially very deadly. Anonymous groups can turn off power plants, telecom grids, or disrupt weapons labs, as Israel did when it used a cyber-weapon to cripple Iranian nuclear facilities in 2010. Bank regulators have to now consult with top military leaders about whether deposit insurance covers incidents where hackers destroy all bank records, and what that would mean operationally. It’s not obvious whether this stuff is war or run-of-the-mill espionage, but everyone knows that the next war will be chock full of new tactics based on hacking the systems of one’s adversary, perhaps using code placed in those systems during peacetime.

And that makes this hack quite scary, even if we don’t see the effect right now. Mark Warner, one of the smarter Democratic Senators and the top Democrat on the Intelligence Committee, said “This is looking much, much worse than I first feared,” also noting “The size of it keeps expanding.” Political leaders are considering reprisals against Russia, though it’s likely they will not engage in much retaliation we can see on the surface. It’s the biggest hack since 2016, when an unidentified group stole the National Security Agency’s “crown jewels” spy tools. It is, as Wired put it, a “historic mess.”

There is a lot of finger-pointing going on in D.C. and in cybersecurity circles about what happened and why. There are all of the standard questions that military and cyber lawyers love, like whether this hack is war, espionage, or something legally ambiguous. Policymakers are revisiting the longstanding policy of having the National Security Agency focus on offensive hacking instead of securing defensive capacity.

The most interesting part of the cybersecurity problem is that it isn’t purely about government capacity at all; private sector corporations maintain critical infrastructure that is in the “battle space.” Private firms like Microsoft are being heavily scrutinized; I had one guest-post from last January on why the firm doesn’t manage its security problems particularly well, and another on how it is using its market power to monopolize the cybersecurity market with subpar products. And yet these companies have no actual public obligations, or at least, nothing formal. They are for-profit entities with little liability for the choices they make that might impose costs onto others.

Indeed, cybersecurity risk is akin to pollution, a cost that the business itself doesn’t fully bear, but that the rest of society does. The private role in cybersecurity is now brushing up against the libertarian assumptions of much of the policymaking world; national security in a world where private software companies handle national defense simply cannot long co-exist with our monopoly and financier-dominated corporate apparatus.

All of which brings me to what I think is the most compelling part of this story. The point of entry for this major hack was not Microsoft, but a private equity-owned IT software firm called SolarWinds. This company’s products are dominant in their niche; 425 out of the Fortune 500 use Solar Winds. As Reuters reported about the last investor call in October, the CEO told analysts that “there was not a database or an IT deployment model out there to which [they] did not provide some level of monitoring or management.” While there is competition in this market, SolarWinds does have market power. IT systems are hard to migrate from, and this lock-in effect means that customers will tolerate price hikes or quality degradation rather than change providers. And it does have a large market share; as the CEO put it, “We manage everyone’s network gear.”

SolarWinds sells a network management package called Orion, and it was through Orion that the Russians invaded these systems, putting malware into updates that the company sent to clients. Now, Russian hackers are extremely sophisticated sleuths, but it didn’t take a genius to hack this company. It’s not just that criminals traded information about how to hack SolarWinds systems; one security researcher alerted the company last year that “anyone could access SolarWinds’ update server by using the password “solarwinds123.’”

Using passwords ripped form the movie Spaceballs is one thing, but it appears that lax security practice at the company was common, systemic, and longstanding. The company puts its engineering in the hands of cheaper Eastern Europe coders, where it’s easier for Russian engineers to penetrate their product development. SolarWinds didn’t bother to hire a senior official to focus on security until 2017, and then only after it was forced to do so by European regulations. Even then, SolarWinds CEO, Kevin Thompson, ignored the risk. As the New York Times noted, one security “adviser at SolarWinds, said he warned management that year that unless it took a more proactive approach to its internal security, a cybersecurity episode would be “catastrophic.” The executive in charge of security quit in frustration. Even after the hack, the company continued screwing up; SolarWinds didn’t even stop offering compromised software for several days after it was discovered.

This level of idiocy seems off-the-charts, but it’s not that the CEO is stupid. Far from it. “Employees say that under Mr. Thompson,” the Times continued, “an accountant by training and a former chief financial officer, every part of the business was examined for cost savings and common security practices were eschewed because of their expense.” The company’s profit tripled from 2010 to 2019. Thompson calculated that his business could run more profitably if it chose to open its clients to hacking risk, and he was right.

And yet, not every software firm operates like SolarWinds. Most seek to make money, but few do so with such a combination of malevolence, greed, and idiocy. What makes SolarWinds different? The answer is the specific financial model that has invaded the software industry over the last fifteen years, a particularly virulent strain of recklessness typically called private equity.

I’ve written a lot about private equity. By ‘private equity,’ I mean financial engineers, financiers who raise large amounts of money and borrow even more to buy firms and loot them. These kinds of private equity barons aren’t specialists who help finance useful products and services, they do cookie cutter deals targeting firms they believe have market power to raise prices, who can lay off workers or sell assets, and/or have some sort of legal loophole advantage. Often they will destroy the underlying business. The giants of the industry, from Blackstone to Apollo, are the children of 1980s junk bond king and fraudster Michael Milken. They are essentially are super-sized mobsters who burn down businesses for the insurance money.

In private equity takeovers of software, the gist is the same, with the players a bit different. It’s not Apollo and Blackstone, it’s Vista Equity Partners, Thomas Bravo, and Silver Lake, but it’s the same cookie cutter style deal flow, the same financing arrangements, and the same business model risks. But in this case, the private equity owner of SolarWinds burned down far more than just the firm.

Arson for Profit

In October, the Wall Street Journal profiled the man who owns SolarWinds, a Puerto Rican-born billionaire named Orlando Bravo of Thomas Bravo partners. Bravo’s PR game is solid; he was photographed beautifully, a slightly greying fit man with a blue shirt and off-white rugged pants in front of modern art, a giant vase and fireplace in the background of what is obviously a fantastically expensive apartment. Though it was mostly a puff piece of a silver fox billionaire, the article did describe Bravo’s business model.

Thoma Bravo identifies software companies with a loyal customer base but middling profits and transforms them into moneymaking engines by retooling pricing, shutting down unprofitable business lines and adding employees in cheaper labor markets.

The firm then guides its companies to use the profits they generate to do add-on acquisitions, snapping up smaller rivals with offerings that they could spend months and millions of dollars trying to replicate.

As I put it at the time, Bravo’s business model is to buy niche software companies, combine them with competitors, offshore work, cut any cost he can, and raise prices. The investment thesis is clear: power. Software companies have immense pricing power over their customers, which means they can raise prices to locked-in customers, or degrade quality (which is the same thing in terms of the economics of the firm). As Robert Smith, one of his competitors in the software PE game, put it, “Software contracts are better than first-lien debt. You realize a company will not pay the interest payment on their first lien until after they pay their software maintenance or subscription fee. We get paid our money first. Who has the better credit? He can’t run his business without our software.”

SolarWinds represents this thesis perfectly. The company was . ..

Continue reading.

Written by LeisureGuy

3 January 2021 at 11:20 am

%d bloggers like this: