Burn After Reading - Issue #10
Money laundering, company secrecy, strategy, security, and more!
It's been a while again, and sadly Revue is no more so welcome to my Substack! I hope all is well with you.
Once again, a variety of things I've read and enjoyed - both non-tech and tech. Money laundering, company secrecy, strategy, security, and more!
Assorted
"Moving Bricks: Money-Laundering Practices in the Online Scam Industry" is a fascinating insight into the operations of some commercial money-launderers. I'm regularly fascinated by the level of commercial sophistication that exists within organised crime, and here we see training programs, escrow systems, risk-managment, dispute resolution systems and more.
Tax Policy Associates have an interesting proposal to end offshore company secrecy inspired by the US Foreign Account Tax Compliance Act (FATCA). It's written by a UK organisation as a proposal for the UK, but broadly-speaking the principles generalise. I think it would struggle to succeed without US support, given that it requires companies to file accounts and they don't currently require that, but it's still interesting to see an incentives-based approach and the considerations involved.
Far too many people and organisations get caught up in analysis, to the extent that it delays their decision-making and impacts their effectiveness. "Action Produces Information" from Commoncog is a great piece about how simply doing something can be hugely informative.
"Who is Government?" dives into the life and work of Christopher Mark, who, "[l]ed the development of industry-wide standards and practices to prevent roof falls in underground mines, leading to the first year (2016) of no roof fall fatalities in the United States"
Finally, the Nintendo GameCube isn't actually a cube, but how many would it take to make a cube? Nikki did the maths.
Tech
incident.io's Observability Strategy is a fantastic read. Lots of really insightful thinking about structure and usability, with great breakdowns and examples. I've not long finished Rumelt's Good Strategy / Bad Strategy and in that sense, I wouldn't call this a "strategy" so much as "a good general guide" - I think wherever you're at, there's valuable information and thoughts in here.
On a broader note, RevenueCat's Engineering Strategy lays out a number of key principles and decisions that underpin their approach to building software. This is a much more situational document, but while you may not be in the same position as them, it's still interesting to see the decisions they've made and what they prioritise.
In "security horror stories", watchTowr's "We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI" is a fascinating and terrifying story of how some initially-minor security research and experimentation spiralled to become pretty horrifying in scope.
Again in security horror, Sam Curry's "Hacking Kia" - "we discovered a set of vulnerabilities in Kia vehicles that allowed remote control over key functions using only a license plate" was a pretty disconcerting read. As much as I enjoy home automation and device connectivity, there's many things I wish I could buy without any internet connection at all, and my car is certainly one of them...
Finally Victor Tao's Song Pong - synchronising pong to music with constrained optimisation - is both fascinating and fun!
So
Thanks for making it this far, I hope you enjoyed it. Feedback is always much appreciated, whether by email, Twitter, or assorted-Substack-mechanisms…!
If you think someone you know might enjoy reading this, then do please pass it on, or point them to the subscription page:
Cheers, Kristian