Let's Know Things

This week we talk about STELLARWIND, 9/11, and the NSA.We also discuss warrantless surveillance, intelligence agencies, and FISA.Recommended Book: Period: The Real Story of Menstruation by Kate ClancyTranscriptImmediately after the terrorist attacks in the US on September 11, 2001, then President George W. Bush gave his approval for the National Security Agency, the NSA, to run a portfolio of significant and ever-evolving cross-agency efforts aimed at preventing future attacks of that kind, scale, and scope.The thinking behind this collection of authorizations to various US intelligence agencies, which would operate in tandem with the NSA, was that we somehow didn't see this well-orchestrated, complex plan coming, and though revelations in later years suggested we kind of did, we just didn't act on the intelligence we had, in those early, post-attack days, everyone at the top was scrambling to reassure the country that things would be okay, while also worrying that more attacks from someone, somewhere, might be impending.So the President signed a bunch of go-aheads that typically wouldn't have been signed, and the government gave a lot of power to the NSA to amalgamate the resulting intelligence data in ways that also wouldn't have previously been okay'd, but that, in those unusual circumstances, were considered to be not just acceptable, but desirable and necessary.This jumble of intelligence service activities, approved by the president and delegated to the NSA, became known as the President's Surveillance Program, and they were kept secret, in part because of how unprecedented they were, and in part because those in charge didn't want to risk their opposition—those they knew about, like Al Qaeda, but also those that might be waiting in the wings to attack the US while it was perceptually weakened and vulnerable—they didn't want to risk those entities knowing what they were doing, what they knew about, how they were collecting data, and so on.The info that was gleaned via these programs was compiled and stored in an SCI, which stands for Sensitive Compartment Information, and which refers to a type of document control system, a bit like Top Secret or Classified, in that it allows those running it to set what level of access people must have to view, process, use, or even discuss its contents, and this particular SCI was codenamed STELLARWIND.Among other activities, the programs feeding data into the Stellarwind SCI mined huge databases of email and phone communications, alongside web-browsing and financial activities; all sorts of tracking information that's collected by various components of intelligence, law enforcement, and other government and government-adjacent services were tapped and harvested.All of this data was then funneled into this one program, and though the degree to which this much information is useful up for debate, because having a slew of data doesn't mean that data is organized in useful ways, in 2004 the US Justice Department discovered that the NSA was not just collecting this sort of data when it was connected to foreign entities or entities that have been connected to terrorism, it was also collecting it from sources and people, including just average everyday Americans and small businesses that were doing no terrorism at all, and which had no links to terrorism, and it was doing so on American soil.After this discovery, then-President Bush said, well, the NSA is allowed to do that, that's fine, but they can only look at collected metadata related to terrorism—so they can collect whatever they want, sweep up gobs of information, file-away whatever drifts into their expansive and undifferentiating nets, but they're not allowed to look at and use anything not related to terrorism; and with that clarification to keep the Justice Department from doing anything that might hinder the program, the president reauthorized it that same year, 2004.There was disagreement within the government about the legality of all this, some entities saying that warrantless wiretapping of American citizens was illegal, even if the collected data was supposedly unusable unless some kind of terrorism connection could be ginned up to justify it. But those in charge ultimately decided that it would be irresponsible not to use these wiretapping powers the NSA wielded to protect American lives, and even said that Congress had no power to stop them from doing so, because it fell within their wheelhouse, that of defense against potential future foreign attack.All of the President's Surveillance Programs officially expired on February 1 of 2007, but new legislation that same year, and more in 2008, extended some of these activities, all with the justification of protecting the US from future terrorist attacks, and in 2009, a report published by the Inspectors General of the country's intelligence agencies found, in essence, that the now-retired President's Surveillance Program went way beyond what was allowed, in terms of collecting this sort of data without a warrant, and indicated that there was little oversight keeping folks from looking at data they weren't supposed to be looking at, while also indicating that the program probably wasn't very effective—so there was all this data, collected on dubious legal grounds, approved during a period of fear and perceived vulnerability, that was also becoming this a major headache for folks concerned about what amounted to a big, secret surveillance program that was targeting the very people it was supposedly meant to protect from terrorism, all in the pursuit of purported security benefits that were more theoretical than real.A former NSA codebreaker went on the record with WIRED magazine in 2012, outlining how the NSA was surveilling Americans in this way, which got the codename Stellarwind into the press as a consequence, and the following year, in 2013, the Washington Post and The Guardian published a draft of that 2009 Inspector General report that said the program was going far beyond the bounds of what was legal and right and effective—that draft leaked by NSA employee and subcontractor Edward Snowden.Further revelations based on that leak came out in 2014, at which point there was abundant public evidence that much of what was happening within the Stellarwind program was kept secret even after supposed earlier divulgences, and a lot of it was seemingly very illegal, though this program still functions in various capacities and at various scales, even now, in 2024.What I'd like to talk about today is a portion of the Stellarwind program that was recently extended, though not without controversy and pushback.—The Foreign Intelligence Surveillance Act, or FISA, was passed in 1978 in response to the fairly brazen and regular violations of Americans' privacy under the Nixon administration; namely that his government regularly spied on, and used intelligence and law enforcement services to mess with, political and activist groups that Nixon didn't like.FISA was meant to establish guardrails for when and how that sort of surveillance could be conducted, who could access the relevant data, and how it could be used—though notably, all of this applied to collecting intelligence in US territory; the rules are a lot looser when it comes to surveillance of non-americans in other countries.Among other things, FISA established the Foreign Intelligence Surveillance Court, which is a court that decides who can use these tools and access this data—they oversee the divvying-out of surveillance warrants—and FISA was the basis for all those President's Surveillance Programs following 9/11; so it was meant to prevent abuses of surveillance and intelligence tools by the US government against its citizens, and this general framework was used as a scaffolding for those enhanced surveillance powers the government gave itself after the 9/11 attacks; it was also a primary resource for those who found all those post-9/11 additional powers to be illegal oversteps.One evolution of FISA following September 11 was the introduction of what's called Section 702, which is provision that allows the US government to undertake targeted surveillance efforts against non US citizens outside the US, leveraging the full weight of the US government to do so, including but not limited to coercing telecommunications companies, like internet or phone companies, to hand over whatever data and recordings and such they might have available.Section 702 is meant to be very targeted and specific, never allowing the surveillance of any US citizen, anywhere, any person from any country who's in the US, or any foreign person located anywhere on the planet who is communicating with a US citizen—which is a technique that was previously leveraged by some components of Stellarwinds, the idea being that if you wanted to surveil an American but had no evidence they have links to terrorism, you would just capture their phone calls and other communications with non-Americans, and you'd be good to go.There's a fairly rigid set of protocols involved in using Section 702 for surveillance, including Department of Justice oversight on every targeting request, and opportunities to deny the collection of, or subsequent access to data that is collected by a sequence of analysts who are disconnected from those requesting said data.That's what the rules and processes for this provision say, anyway.In practice, Section 702 has allegedly been used to track members of Congress, journalists, victims of various sorts of crime, political donors, and protestors—targeting them for surveillance, but also used to search existing data that's already been collected, baselessly, via so-called "backdoor searches" with no connection to terrorism or anything else that would allow for the formal use of these tools, seemingly in violation of those supposed hardcore guardrails, at the behest of the FBI, CIA, and NSA. And this seemingly happens on a fairly regular basis—more than 200,000 warrantless, backdoor searches are performed each year.All of which adds interesting context to a recent congressional vote to reauthorize Section 702 for another two years, right as it was about to expire.This extension vote was laden with drama, in part because two major US internet companies said they would no longer comply if Section 702 wasn't renewed, as the government had had its request to keep collecting data for another year approved, but it no longer had legal backing to demand such data from companies, with the ability to coerce them to hand over digital communications data, like email and text records, if they denied more polite requests. So these companies said, well, you can collect whatever data you can get your hands on, but you can't get your hands on our data, anymore.There was also political drama, though, in the shape of former US President, and current Presidential candidate Trump's loudly stated antagonism toward renewing this provision, something that aligned him with privacy oriented groups that he typically doesn't like or align with.A vote that would have ended all warrantless searches on these sorts of communications failed to pass earlier in April, due to a tied 212 to 212 vote in the House, and another that would have accomplished a similar outcome and which was voted upon a few days later was defeated by just a handful of votes.The conflict here is seemingly that while there are significant and persistent privacy issues with this and related programs, it's also considered to be a potentially useful tool in the US intelligence community's utility belt. And though most politicians would like to be seen as defending the privacy of American citizen from prying government eyes, few want to be seen as hobbling its defense infrastructure, even if the defense value of this and connected programs have been questioned and challenged, time and time again.What eventually helped a Section 702 extension bill attain approval from Congress was a compromise that approved the extension of some components of it, that allowed it to take new communications technologies into account, arguably making it more useful for surveillance purposes while simultaneously increasing the privacy risks it poses, but pairing those add-ons with a shortened extension period, down from five years to two. Which means it's likely there will be another showdown over whether it should be extended in just a few years, at which point it can be killed or further edited, depending on how this new, slightly iterated version, is functioning at that point.All of which is interesting and newly relevant in part because we're stepping into what some have called a new Cold War, with all sorts of real-deal military conflicts on the ground threatening to expand and encompass more of the planet, alongside rifts in the relationships between behemoths like the US and China, which could erupt into larger versions of the same, if these governments aren't careful.At such moments, we tend to see more support for measures that give heightened power to governments and other defense-oriented entities, even at the expense of individual rights.So rather than clipping the wings of this and similar programs in a few years when renewal is once more on the docket, it may be that Congress further empowers it—depending on how today's conflicts play out, and how the relationships between the US and its primary rivals evolve in the meantime.Show Noteshttps://www.washingtonpost.com/national-security/2024/04/19/fisa-702-surveillance-internet/https://www.washingtonpost.com/national-security/2024/04/20/congress-extends-controversial-warrantless-surveillance-law-two-years/https://en.wikipedia.org/wiki/Foreign_Intelligence_Surveillance_Acthttps://www.dni.gov/files/CLPT/documents/2023_ASTR_for_CY2022.pdf#page=24https://www.intelligence.gov/assets/documents/702%20Documents/declassified/2023/FISC_2023_FISA_702_Certifications_Opinion_April11_2023.pdf#page=89https://www.dni.gov/files/icotr/Section702-Basics-Infographic.pdfhttps://www.aclu.org/issues/national-security/warrantless-surveillance-under-section-702-fisahttps://www.brennancenter.org/our-work/research-reports/whats-next-reforming-section-702-foreign-intelligence-surveillance-acthttps://www.brennancenter.org/our-work/research-reports/fisa-section-702-civil-rights-abuseshttps://en.wikipedia.org/wiki/Foreign_Intelligence_Surveillance_Acthttps://www.nytimes.com/2024/04/20/us/politics/senate-passes-surveillance-law-extension.htmlhttps://en.wikipedia.org/wiki/President%27s_Surveillance_Programhttps://en.wikipedia.org/wiki/Sensitive_compartmented_informationhttps://en.wikipedia.org/wiki/Stellar_Wind This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit letsknowthings.substack.com/subscribe

This week we talk about diplomatic immunity, Trump’s court cases, and the Supreme Court.We also discuss Nixon, Clinton, and the US Constitution.Recommended Book: My upcoming book, How To Turn 39 (https://books2read.com/htt39), which is available for pre-order today :)TranscriptThere's a concept in international law—diplomatic immunity—that says, in essence, certain government officials should be immune from the laws of foreign countries, including those within which they're operating.This is a very old concept, based on similar rights that were granted to envoys and messengers back in the oldest documented periods of human civilizations.The idea is that if different cultures, whether organized into tribes or kingdoms or nation states, are going to be able to deal with each other, they need to maintain open and reliable means of communication. Thus, the folks tasked with carrying messages between leaders of these different groups would need to be fairly confident that they wouldn't be hassled or attacked or prosecuted by the people they were bringing those messages to, and whose messages they were bringing back to their own leaders.Such representatives have at times been imprisoned or killed by their hosts, but this is relatively rare, because any governing body that treated ambassadors from other cultures in this way would have trouble dealing with anyone outside their current legal sway, and that would in turn mean less trade, less reliable peace, and less opportunity to generally cross-pollinate with cultures they might benefit from cross-pollinating with.As a general rule, at least in the modern iteration of diplomatic immunity, folks operating under the auspices of this policy can still be punished for their misdeeds, it's just that they'll generally be declared persona non grata, expelled from the country where they did something wrong, rather than punished under that country's laws.In some rare instances a country hosting a misbehaving or criminal ambassador or other diplomat might ask that person's home country to waive their immunity, basically saying, look, this person killed someone or got drunk and drove recklessly through our capitol city's downtown, we'd like to try them in our courts, and it may be that the government running that misbehaving person's home country says, okay, yeah, that's messed up, you go ahead; but usually—even if that person has done something truly reprehensible—they'll instead say, no, sorry, we'll pull them back and they won't be allowed to return to your country or serve as an ambassador anywhere else, because they've shown themselves to be unreliable, and we might even try them in a court here, in their home country, but we can't allow our people, no matter what they do, to fall under the legal jurisdiction of some other nation, because that would set a bad precedent, and it may make people wary of working for us in this capacity in the future—surely you understand.There are tiers of diplomatic immunity, depending on the seniority of the diplomat or other representative in question, and the Congress of Vienna of the early 1800s charted out the basis for how these things work, in much detail, formalizing a lot of what was already in the ether back then, and creating an outline that was then further formalized in 1961's Vienna Convention on Diplomatic Relations, which has been almost universally ratified and respected, though of course there's been a lot of grey area in terms of what harassment of a representative, which is a no-no according to this convention, entails, and to what degree it can be proven, and thus punished, if violated.We saw a lot of grey area utility during the height of the Cold War in particular, in part because many diplomats were moonlighting as spies, which is still true today, though it was even more overt and worrisome to their host countries, back then, so harassment, kidnappings, even assassinations of diplomats were more common then, than today, though they were still almost universally done covertly so that no one seemed to be violating these nearly universally accepted terms.What I'd like to talk about today is another type of legal immunity—in this case, Presidential Immunity in the US—and why this type of immunity is at the center of former US President Trump's ongoing legal cases.—In the United States, many politicians and high-level appointees enjoy some of the immunity-related privileges in their own country that diplomats of various stripes have traditionally enjoyed elsewhere.Most of these figures are only protected by this immunity under very specific circumstances, though, not universally.Judges, while doing court-related, judge-work, for instance, have absolute civil immunity—so a judge who falls afoul of the law in the course of their duty as a judge, doing judge-things, will tend to get away with whatever it is they did wrong, though this won't generally apply to non-judge things they do during that same periodSo a judge would have trouble arguing that they should get off with a warning for murdering someone because they happened to kill that person while they were on their lunch break, but they would likely be okay if they accidentally ruled in a way that exceeded their jurisdiction, even if their having done so caused all sorts of secondary problems.Similarly, and also within the US court system, a prosecutor can't be sued for withholding evidence, even if their having done so leads to a wrongful conviction, which would be a bad thing that happened as a result of their actions, but because they acted while performing their protected duty, they'll almost certainly be okay from a legal standpoint, even if not always a moral one.These are not rules novel to the US system of governance; most of them were borrowed from earlier forms of the same, and a lot of the US's version of these immunity rules are derived from those that exist within the British parliamentary system, where parliamentarians can't be prosecuted for things they say while in Parliament, and the same is true for politicians while engaged in their work on the floor of the US House of Senate.Interestingly though, while the US Constitution provides that kind of legislative immunity to Congresspeople, it doesn't grant the same, or anything similar, to the President; and this was apparently a hotly debated topic back in the Constitution-writing days, as those who set up the rules of the land were aware that it might be beneficial to allow folks at the top some legal leeway, so they don't make executive decisions based on whether or not they might be sued or otherwise punished for those decisions, but at the same time they really didn't want another king, or similarly authoritarian ruler to step into office and then get away with murder—perhaps literally.So the constitution doesn't give the President of the United States the same immunity as other members of government, but a slew of cases in the 19th and 20th centuries found, in general, that if the president or members of the president's cabinet take actions that are "more or less" within the scope of their duties, they should be granted absolute immunity, protecting them from lawsuits and legal punishments.A court case against President Nixon in the 1970s made that previously somewhat vague and general legal trend more formal, at first triggering a bunch of lawsuits against him and his people, but then a 1982 Supreme Court decisions said, in essence, that former or current presidents are immune from lawsuits related to anything that falls within the "outer perimeter" of their duties, due to the president's "unique status under the Constitution."This legal precedent was tested in the mid-1990s when then-President Bill Clinton was sued for sexual harassment during his governor of Arkansas days, and a lower court, then the Supreme Court, both affirmed that presidential immunity doesn't protect the president from things they did before taking that highest government office.As a result of all that, today we have a legal context in which the President is kind of granted some immunity for some things they do while in office, but the delineation between protected and not-protected is fuzzy, and there's a whole lot of theory on this matter, but less in the way of actual court precedent that establishes confident footing for anyone stepping into this corner of the legal world.All of which is newly relevant in 2024 because former President Trump is currently being prosecuted for all sorts of things in several different jurisdictions. And part of his legal strategy is based on a sort of Hail Mary play that's made its way to the Supreme Court, and which is premised on the concept of Presidential Immunity.But before we get to that case, let's talk real quick about the other cases that are currently in progress, all of which that bigger Supreme Court case may influence, depending on how it turns out.Beginning this week, as of the day this episode goes live, the week of April 15, 2024, Trump is scheduled to be in court four days a week for the next six to eight weeks, facing 34 criminal charges related to falsifying business records in order to get payoff money to Stormy Daniels, allegedly to cover up an affair they had, which he didn't want becoming public while he was running for his first term in office.Tentatively beginning in late-May of 2024, Trump will face 40 criminal charges in Florida for allegedly mishandling sensitive documents, and his alleged conspiracy to keep those documents even after the government demanded them back.A federal case in which Trump faces four criminal charges related to his alleged effort to overturn the 2020 presidential election results was originally meant to begin the first half of this year, but it's looking increasingly likely it won't occur until after the November presidential election, as the judge overseeing the case has postponed it until after the Supreme Court makes their decision about presidential immunity, though there's a chance it could start as early as August, despite that delay.And Trump faces 10 criminal charges for the same general collection of alleged efforts to overturn the 2020 election in Georgia, alongside 18 alleged co-conspirators; that trial has a proposed start date of August 5, but that would be tricky, as it would mean the trial could run through Election Day, which would be awkward and would likely complicate things further.Trump has also dealt with a flurry of recent civil, so non-criminal, no jail time possible, just fines, lawsuits, including one related to sexual assault and his defamation of the person he sexually assaulted, which led to a big payout recently, and another in New York related to his misrepresentation of the value of his real estate holdings in the state, which led to an even bigger fine, but which is currently being appealed.There's another federal civil case that's ongoing, Thompson v. Trump, which is related to the attack on the US Capitol by Trump's fans on January 6, 2021, and that's especially relevant here because, already, the judge in that case, ruled that Trump's presidential immunity does not shield him from this lawsuit, and an appeals judge ruled the same.There's now a Supreme Court case, which I mentioned earlier, that consolidates three separate civil lawsuits into one, Trump v. United States, and this case asks, in essence, whether Trump should be protected from these lawsuits by presidential immunity; that same immunity that was upheld in many cases in recent memory, though in different contexts.The reason this Supreme Court case is so fundamental here is that it could impact many or all of those other cases, plus others that might arise related to Trump's actions in the future, as it would give him a sort of legal whammy on just about anything he could argue was done within the perview of his role as President.Thus, he could argue he wasn't trying to overturn the 2020 election that he lost, he was looking into what he considered to be legitimate election irregularities as part of his duty as President. And if some other things happened as a result of that effort, like his supporters breaking into the Capitol building, he should be protected from that under the auspices of this immunity.Those two DC court judges that earlier ruled Trump wasn't protected by presidential immunity said that it's in the public interest to hold presidents accountable for their actions, because not doing so would leave anyone who holds that office "unbounded authority to commit crimes."They determined that it was worth the possibility that a president might make some executive decisions from a perspective of worrying about later lawsuits if it would prevent the creation of a political office from which someone could legally get away with any crime they chose to commit, including but not limited to, theoretically at least, assassinating their political rivals.The big question now is how the Supreme Court will decide on this matter; some people are predicting that the heavily slanted toward conservative justices court will be more likely to find in Trump's favor, though they've defied those expectations several times in recent years, in some cases seeming to take advantage of their current 5 or 6, depending on how you measure, versus 3, conservative to liberal composition in order to get a bunch of Republican priorities accomplished, like overturning Roe v. Wade, which protected the right to an abortion at the federal level, but in other cases they've made what seem to be more objective rulings, defying assumptions made based on those ideological leanings—so there's no way to know one way or the other on this, right now. We'll likely find out, though, sometime in May or June, as the court will begin considering these claims on April 25 of this year, and it's expected they'll have their ruling sometime in those subsequent two months.Until then, though, some of these other cases are a bit up in the air, as the granting of enhanced immunity could make Trump's current and potential future cases a slam-dunk for his defense team, while a ruling in favor of the contemporary, fuzzy standard, or one that weakens that standard, at least for his specific context, would deny him that potentiality.That said, Trump's defense team seems to have also been making use of the abundant delay tactics that are available within the US justice system, and there's a chance that if he delays long enough and then wins another term as president in November, that would allow him, when he steps back into office early next year, to either pardon himself or order someone in his government to get rid of the charges against him.Which is part of why the prosecutors working opposite him have been politely but firmly asking the judges in charge of these cases to pick up the pace, because there's a looming possibility that even if the courts decide against Trump in some key cases, he could still get off Scott free, because of that other apparent loophole in the system that would allow a sitting President to get away with just about anything, though in this case because of a different, in practice immunity-granting mechanism.Show Noteshttps://www.washingtonpost.com/news/opinions/wp/2014/01/30/7th-circuit-pokes-a-hole-in-prosecutorial-immunity/https://en.wikipedia.org/wiki/Trial_of_Donald_Trumphttps://en.wikipedia.org/wiki/Indictments_against_Donald_Trumphttps://www.nytimes.com/interactive/2023/us/trump-investigations-charges-indictments.htmlhttps://www.nytimes.com/article/trump-investigations-civil-criminal.htmlhttps://www.pbs.org/newshour/politics/trumps-2024-trials-where-they-stand-and-what-to-expecthttps://www.washingtonpost.com/politics/interactive/2023/trump-investigations-indictments/https://www.bbc.com/news/world-us-canada-68577638https://www.bbc.com/news/world-us-canada-61084161https://www.theatlantic.com/ideas/archive/2024/03/donald-trump-legal-cases-charges/675531/https://archive.ph/JFsIBhttps://en.wikipedia.org/wiki/Indictments_against_Donald_Trumphttps://apnews.com/article/trump-jury-selection-hush-money-trial-manhattan-56d540406cd174ab143fe12469e9adefhttps://apnews.com/article/donald-trump-michael-cohen-stormy-daniels-e40532d3bce7768e296fdaf9591ef05bhttps://www.wsj.com/us-news/law/trump-criminal-hush-money-trial-begins-2a1bdd15https://www.reuters.com/world/us/fallout-trumps-bid-overturn-election-loss-heads-supreme-court-2024-04-14/https://www.reuters.com/legal/special-counsel-urges-us-supreme-court-reject-trump-immunity-bid-2024-04-09/https://en.wikipedia.org/wiki/Trump_v._United_States_(2024)https://en.wikipedia.org/wiki/Presidential_immunity_in_the_United_Stateshttps://en.wikipedia.org/wiki/Absolute_immunityhttps://en.wikipedia.org/wiki/Parliamentary_immunityhttps://en.wikipedia.org/wiki/Diplomatic_immunityhttps://www.britannica.com/topic/diplomatic-immunityhttps://en.wikipedia.org/wiki/Vienna_Convention_on_Diplomatic_Relations This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit letsknowthings.substack.com/subscribe

This week we talk about Linux, backdoors, and the Open Source community.We also discuss CPU usage, state-backed hackers, and SSH.Recommended Book: The Underworld by Susan CaseyTranscriptIn the world of computers, a "backdoor" is a means of accessing a device or piece of software via an alternative entry point that allows one to bypass typical security measures and often, though not always, to do so in a subtle, undetected and maybe even undetectable manner.While backdoors can be built into hardware and software systems by the companies that make those devices and apps and bits of internet architecture, and while some governments and agencies, including the Chinese government, and allegedly folks at the NSA, have at times installed backdoors in relevant hardware and software for surveillance purposes, backdoors are generally the domain of tech-oriented criminals of various stripes, most of whom make use of vulnerabilities that are baked into their targets in order to gain access, and then while inside the administration components of a system, they write some code or find some kind of management lever meant to give the company or other entity behind the target access for non-criminal, repair and security purposes, and that then allows them to continue to gain access in the future; like using a rock to prop open a door.Concerns over a backdoor being installed in vital systems is fundamental to why the US and European governments have been so hesitant to allow Chinese-made 5G hardware into their wireless communication systems: there's a chance that, with the aid, or perhaps just at the prodding of the Chinese government, such hardware, or the software it utilizes, could contain a Trojan or other packet of code, hidden from view and hardcoded into the devices in some covert manner; these devices could also harbor even smaller devices, indistinguishable from hardware that's meat to be there, that would allow them to do the same via more tangible means.Though there were almost certainly other economic and technology-dominance reasons for the clampdown on products made by Chinese tech company Huawei beginning in earnest in 2012, and escalating rapidly during the US Trump administration, that process was at least ostensibly tied to worries that a Chinese company, prone to spying and stealing foreign tech, already, might incorporate itself into fundamental global communication infrastructure.It was underpricing everybody else, offering whizbang new high-end 5G technology at a discount, and supposedly, if the accusations are true, at least, doing so as part of a bigger plan to tap into all sorts of vital aspects of these systems, giving them unparalleled access to all communications, basically, but also giving them the ability, supposedly, to shut down those systems with the press of a button in the event that China wants or needs to do so at some point, if they ever decide to invade Taiwan, for instance, and want to distract the Western world until that invasion is complete, or just make rallying a defense a lot more difficult.Other, confirmed and successfully deployed backdoors have been found in all sorts of products, ranging from counterfeit Cisco network products, like routers and modems, some of which were installed in military and government facilities back in 2008 before they were recognized for what they were, to Microsoft software, Wordpress plugins, and a brand of terminals that manage the data sent along fiber-optic cables, mostly for high-speed internet purposes.Again, in some cases, the entities making these products sometimes do install what are literally or essentially backdoors in their hardware and software because it allows them to, for instance, help their customers retrieve lost passwords, fix issues, install security updates, and so on.But backdoors of any shape or size are considered to be major security vulnerabilities, as stealing a password or getting access to a vital terminal could then grant someone with bad intentions access to absolutely everything, giving them god-like control over all aspects of a customer's information and operations, or maybe all of the company's customer's information and operations, and that creates a single point of failure that most companies want to avoid, because at a certain point there's no real way to prevent a truly determined and well-funded foe if they know the payout for investing in accessing that terminal or getting that password would be that substantial.What I'd like to talk about today is a long-term effort to do exactly that, the target, in this case, being small, but the potential payoff of backdooring it being pretty much as big as you can imagine.—XZ Utils is the name of an Open Source data compression utility, which means that it squishes data in such a way that no information is lost, but so that big files and other packets of information become smaller, and that makes it faster and easier and cheaper to send that data from place to place.XZ is popular in part because it's effective, in many cases outperforming other free alternatives, like gzip and bzip2, but it also supports an older compression model called LZMA, and it exists in the public domain, which means it's incredibly inexpensive to use, free, for most purposes.It's especially popular in Linux and other Unix-like systems, and in practice that means it's used across these systems so that when data is moved from place to place, it's compressed and decompressed, putting less pressure on the systems themselves, almost like reducing the weight of everything you have to carry throughout the day, without any reduction in quality or the nature of those books and bags and laptops and other things you're hauling around all the time; even small reductions in that weight could make a big difference in the strain on your body, over time, and this utility accomplishes the same for the systems that incorporate it.So this software utility is super useful, is free to anyone who wants to use it, and it's better than a lot of other options, and it's thus been baked into a bunch of fundamental computer infrastructure, like most Unix-like systems. And that's important for a lot of reasons, but the most immediately concerning issue is that the vast majority of servers that run the tech world—basically all the major tech companies, and all the companies they work with—manage their services with Linux.XZ isn't just important for folks who have laptops running on Linux, then, it's also vital to the functionality of huge chunks of the internet; stats from the past few years show that about 96.3% of the top million web sites run on Linux servers, and a substantial amount of non-web-serving servers do, as well.All of which sets the stage for the hubbub that arose on March 29, 2024, when a Microsoft employee named Andres Freund announced that, after looking into a decrease in performance in a version of Linux called Debian—a distinction between how fast it should have been going and how fast it was going of about 500 milliseconds, and that minor slowdown bugged him enough to look into what newer, experimental versions of XZ Utils were doing to the Debian operating system he was working with—after looking into that issue, he announced that he had discovered a backdoor in XZ that was causing errors in a memory debugging tool built into the software, and using more CPU power than Debian otherwise would have used.So he announced this discovery, reported it to an open source security mailing list, to make it known amongst the right people, and that alerted the folks who were experimentally incorporating this new build of XZ into their software.As it turns out, this backdoor, had it been implemented in all this software and spread across the servers that manage the web, would have granted whomever had access to it the ability to alter the behavior of the local instance of the Secure Shell Protocol, or SSH, which is what protects servers while they operate on open networks like the internet.The degree to which this would have damaged the web, as it exists today, cannot be overstated. This problem was given a Common Vulnerability Scoring System ranking, which rates the alarmingness of software issues based on how much damage they could potentially cause, which helps computer security professionals figure out which problems to address first, a score of 10, which is the highest possible score.In theory, this would have granted the person or other entity with backdoor access the ability to get into essentially any server touching the internet with full administrator privileges, making all that information transparent to them, providing them all information about users, passwords, banking information, everything everyone has ever posted to social media, private communications, research and technology secrets—it's really just boggling thinking about how much damage could have been caused by the right person or people, as such a backdoor would basically do away with most of the security measures they might encounter while attempting to infiltrate and even take over pretty much anyone.Because it was discovered by Freund, though, and because he got word out to the right people as quickly as he did, the cybersecurity world was able to pivot pretty quickly, advising everyone who had implemented these test versions to roll back to earlier versions of the relevant software, and the folks behind XZ quickly released updated versions of the utility that removed the backdoor problem.This also triggered a response in the wider software world as many developers have started to reduce the damage future, similar backdoors would be able to cause by reducing the connections and dependencies it took advantage of to function.So this was a big enough deal that even something as arcane as compression utilities and SSH became front-page news around the world, but arguably one of the most interesting aspects of this story is what we know about the person or people who seem to have installed this backdoor.Someone, or group of someones, going by the name Jia Tan, alongside an array of sock puppet accounts—fake accounts with different names that they also managed—started to contribute to the maintenance and development of this project, which is common in the open source world; that's part of what makes open source software and systems so powerful and desirable, despite often not having much in the way of funding or official support from big-name companies; they're often passion projects maintained by maybe just one or a few or a handful of dedicated developers.In 2021, this entity that became known as Jia Tan started contributing to open source projects, and then contributed a patch to XZ via its mailing list.Around that same time, several people who hadn't been seen in this project's community, previously, started to complain that it wasn't being updated fast enough, and arguing that another maintainer should be brought on board, to help it move along faster.This Jia Tan character then started making a lot more contributions to the project, all of them seemingly innocuous and helpful, though in retrospect at least one of them changed a function that would have detected the more malicious changes they ultimately submitted, later.In February of 2024, Tan submitted changes for the new version of XZ Utils that incorporated a backdoor, and groups of people in this larger open source community, possibly sock puppet accounts, started telling the developers who run Debian, Ubuntu, and Red Hat, all popular versions of Linux, they should incorporate this new version with those backdoor-incorporating changes into their operating systems.There are strong suspicions, but little evidence, at this point at least, that Jia Tan and those other sock puppet accounts were run by a well-funded and skilled, probably government-backed hacking group, like one of the entities that often work as proxies for Russia's SVR—their intelligence agency that tends to support local hacking groups to do this sort of dirty work; though again, we can't say that with any certainty, as a lot of government-backed hacking groups could pull off something like this, with enough patience, years worth of patience, and it's still possible that this was a single hacker seeing a soft-target and the potential for a huge payoff if it all worked out.That said, because of the approach this threat actor, whomever they actually are, took to target this utility, and because of how close they got to doing what they intended to do, which would have been devastating, probably even world-changing in some ways, the relationship that big tech and governance has with the open source world is being reassessed, because often the folks running these projects are just individual people doing all this important work in their free time. But because of how the tech world has evolved, huge swathes of the internet and other vital infrastructure are reliant on these single-person, passion-projects that are potential targets for cooption or, as seems to have been the case here, using what's called social engineering to manipulate the folks behind these projects, which can then gives more access to all the stuff they manage, and thus, the things that rely on the stuff they manage, to entities that want to cause harm.Again, and this cannot be emphasized enough, we just barely dodged a bullet here, and the only thing that prevented a huge amount of potential destruction was the effort of another single person who was, almost on a whim, hacking away on a little problem they wanted to look into, and who thus stumbled upon this issue right before it reached a scale that would have been truly problematic.And all of these issues were arguably the result of someone who found themself in the position of maintaining, more or less solo, a utility that became vital to global cybersecurity, and which thus made them the target of a sophisticated social engineering campaign.Show Noteshttps://en.wikipedia.org/wiki/Backdoor_(computing)https://en.wikipedia.org/wiki/Hardware_backdoorhttps://en.wikipedia.org/wiki/Social_engineering_(security)https://www.zdnet.com/article/linux-has-over-3-of-the-desktop-market-its-more-complicated-than-that/https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/https://research.swtch.com/xz-timelinehttps://research.swtch.com/xz-scripthttps://news.ycombinator.com/item?id=39895344https://www.runtime.news/sabotage-in-the-software-supply-chain/https://news.ycombinator.com/item?id=39903685https://www.theverge.com/2024/4/2/24119342/xz-utils-linux-backdoor-attempthttps://www.wired.com/story/jia-tan-xz-backdoor/https://www.404media.co/xz-backdoor-bullying-in-open-source-software-is-a-massive-security-vulnerability/https://www.nytimes.com/2024/04/03/technology/prevent-cyberattack-linux.htmlhttps://www.economist.com/science-and-technology/2024/04/02/a-stealth-attack-came-close-to-compromising-the-worlds-computers This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit letsknowthings.substack.com/subscribe

This week we talk about cacao, plantations, and bean-to-bar chocolate.We also discuss black pod disease, swollen shoot virus, and seed pod currency.Recommended Book: The City & The City by China MiévilleTranscriptThe cocoa bean, also called "cacao," is a seed derived from the cocoa tree, which is native to the Amazon Rainforest in South America.More than 5,000 years ago, near present day Ecuador, the Mayo-Chinchipe culture domesticated and cultivated this tree, which then found its way north into Mesoamerica—so parts of Central America, and modern day Mexico—and that's where we actually thought it came from until a handful of years ago, when new research pushed the initial domestication date back by about 1,500 years, tracking its path down into Ecuador by identifying cocoa residue on pottery from that time period down in that region.But way back then, it's thought that the pulp of this seed was used primarily to create an alcoholic beverage that was fermented to about the same alcohol percentage as a consumer-grade, modern day beer—just over 5%—and because of that utility in making this popular beverage, it was used as a currency in some parts of South and Central America.It's worth noting, too, that this tree and its seed would have originally been called kakawa, which was then turned into an Aztec derivative word much later, cacauatl, which then became cacao, when the Spanish colonized the region, and cacao then became cocoa when introduced to English-speaking parts of the world—and that variation of the word took over in the age of post-WWII globalization, due in large part to the popularization of chocolate products from English-speaking countries like the US and the UK, cacao only recently being reintroduced on that scale to differentiate more expensive cocoa products from those that have become mainstream.Also worth noting is that in addition to being used to produce a popular alcoholic beverage way back in the day, the cocoa bean was also turned into a kind of frothy spiced drink by Aztec royalty and other higher-ups in this part of the world, and that drink was enjoyed by high-born members of society for several thousand years, the beverage used in all sorts of rituals.And to make it, cocoa was whipped together with vanilla and other spices and sweeteners to produce something akin to a sort of hot chocolate the modern person would recognize, though leaning a lot more into those spices than most modern chocolates, rather than sugars and fats.This wasn't a widely available thing in most areas, and it probably wasn't the main end-product for most cocoa beans for most of history, as that alcoholic drink and its many derivatives were a lot more broadly available and widely disseminated.That said, different groups, across this region and across time, including the Maya and the Olmecs, had their own variations of this hot cocoa-like drink, and there's even an Aztec story that Quetzalcoatl was outcast by the other gods in their pantheon for sharing chocolate with humans, and some regional experts have speculated that the ritual of extracting the hearts from human sacrifices in the Aztec empire might be connected to the process of extracting the cocoa pulp from the cocoa bean seed pod when producing this beverage; though that's pretty speculative.The Aztecs came later than a lot of the other cultures in this region that partook in chocolate-related rituals and made cocoa-related goods, so that's likely part of why their rituals surrounding this drink were more elaborate than those of their neighbors, contemporary and forebear, but it's likely that the nature of the bean itself, which only grows in a finite region, about 20 degrees north and south of the equator, also had something to do with it.Because of that limited range, the Aztecs couldn't grow cocoa in their territory, and that meant it was always a luxury import for them, which meant—like many luxuries, even today—only the richest members of society could afford it, and that helped them differentiate themselves from the chocolate-less plebeians.This changed somewhat following the arrival of the Europeans in the Americas, when the Spaniards, who were maybe originally introduced to the drink by Montezuma or one of his underlings, brought the drink back home with them, eventually creating a new market for producers, though Europeans were not initially a fan of it, and mostly seemed to indulge because it seemed exotic, but early on they realized that because this bean already served as a unit of currency in many of the areas they were exploring and exploiting, it allowed them to deal with locals in a familiar way: this many cocoa beans for one thing, this many for another—it made negotiations and payment a lot cleaner and clearer, and cocoa beans could be easily transported for trade while also being useful, in a pinch, as a stable source of food while in transit, which compared favorably to other food goods they were bringing back home from their explorations and invasions, like bananas.What I'd like to talk about today is the modern chocolate market, and a dramatic price increase in cocoa beans that's raising eyebrows and concerns around the world.—The modern chocolate market has expanded in the years since Montezuma and the Spanish conquistadors to cover the whole of the globe, with products based on the cocoa bean on shelves in every country—even shut-ins like North Korea.In 2022, the global chocolate industry was worth something like $116 billion, which is more than double the $50 billion or so it was worth in 2009, and analysts expect this market's compound annual growth rate, which tallies the increase in the industry's return on investment each year, to remain steady at around 3.4%, which is solid, and predicated on the increase in the dark chocolate market, especially amongst health-conscious consumers, and the burgeoning plant-based and vegan chocolate markets, which further reinforce the perception of some chocolate as being a luxurious and healthful indulgence.Such luxury upbranding is key to those CAGR assumptions, as positioning some of these products as more expensive, but better versions of what's long been available allows chocolate companies to sell relatively less product for relatively higher prices, and that means expanding their customer base while also increasing their profit-margins.All of which would be vital for this sort of industry even during normal times, but it's even more important when things are going sideways with an industry's access to raw materials, which seems to be what's happening in the world of chocolate.In the 20th century, especially the late-20th century, the brands that were selling the most chocolate to the most people, globally, started gobbling up their competition. This period of acquisition and consolidation left us with about a dozen big chocolate manufacturers, globally, including names you've almost certainly heard of, like Cadbury, which is the biggest such company in the world, but also Hershey, Mars, Neuhaus, Ferrero, and Milka.Some of these companies, like Nestlé, are what's called bean-to-bar chocolate manufacturers, but most of the titans in this space melt chocolate from other manufacturers into their end-products, only using the bean-to-bar model for a few high-end offerings.But there are a slew of bean-to-bar companies still in operation, today, they just tend to be a lot smaller, because this model requires that they process their own cocoa beans in-house, rather than outsourcing, which tends to be required to achieve the scale that companies like Hershey and Mars have reached; it's a lot more time-intensive and expensive to do it this way.That said, the expansion of the chocolate market into a multi-billion, then more than $100 billion global industry necessitated expanding the footprint of its base-level production beyond its traditional South and Central American origins.Several other locations within that 20 degrees north and south of the equator spectrum have thus seen cocoa trees introduced, but the biggest producer of cocoa, today, is Côte d'Ivoire, the Ivory Coast, in Western Africa, where about 45% of the world's cocoa was cultivated, as of 2022, which amounted to around 2.2 million tonnes that year, alone.Neighboring Ghana comes in second, producing about half as much as Ivory Coast, with about 1.1 million tonnes produced that same year, and Indonesia is a distant third, producing about 667,000 tonnes in 2022.Combined with Ivory Coast's output, Ghana's cocoa bean industry, plus the smaller outputs of nearby Nigeria and Cameroon, account for about 70% of all the cocoa produced anywhere in the world.Ecuador, where the cocoa tree was seemingly first domesticated, is now all the way down in fourth place, producing about 337,000 tonnes of the bean for export in 2022.Because of the nature of how cocoa beans are harvested, and where, chocolate companies have huge sway over local politics and economics, and the folks doing the harvesting have historically not been treated terribly well, and in some cases their ranks have been filled with children.In some such areas, people are trafficked or enslaved and put to work harvesting cocoa beans, and even those who are there of their own behest are paid very little by international standards, not even a living wage (based on the cost of things like shelter and food in their regions), their incomes artificially capped by an agreement with the cocoa bean-buying industry, and though Fair Trade certification has become more common for many chocolate companies, demonstrating their commitment to paying better wages, and in turn allowing the folks producing the raw materials for their chocolates to actually be able to afford to buy chocolate products, which is not the case for those working in non-Fair Trade conditions, that's still not the norm, and in some areas the conditions faced by workers are pretty bleak, many of them children under the age of 15, many of them forced to work for various reasons, and all of them making just enough money to survive, but nothing beyond that, and in some cases, barely that.Most of these beans, the ones that end up in chocolate produced by those bigwig entities that dominate the global chocolate trade, are mixed together with beans from other locations on commodity markets, these companies buying them by the metric ton, similar to other food commodities that are traded in this way, like soybeans, milk, and palm oil.Distinct from most other commodities right now, though, is the increase in price cocoa beans are seeing on these markets.In 2022, the average price for a metric tonne of cocoa beans was somewhere between $2,200 and $2,500.That's of a kind with the typical pricing for the past decade or so, and though there was a massive spike in 1977, which was only about $5,700 per tonne in unconverted money, but that's about $28,000 per tonne if we account for inflation—so that was a pretty bad year for chocolate lovers and companies—but other than that and a few other aberrations through the decades, cocoa beans have been a pretty stable commodity, at least compared to other commodities that are thus traded.In February of 2024, though, cocoa bean prices shot up from those $2,500-ish per tonne prices all the way to around $6,000 per tonne, and then in March cocoa futures hit a record (unconverted for inflation) price of about $10,000 per tonne, which is a staggering leap of something like 4 to 5 times the usual cost.This price jump is being attributed to a confluence of variables, most of them contributing to a series of poor harvests in Ghana and the Ivory Coast, which again, together, account for most of the world's cocoa bean output.The El Niño phenomenon that's been messing with the global water cycle and increasing average global temperatures since July of 2023 is partly the blame here, as are the creeping effects of climate change, which have, in practice, moved the ideal growing areas for all sorts of plants, because of a tweak to the average global temperature knobs that have nudged things higher in most parts of the world, while also making weather patterns more irregular, compared to what we've become used to.Those climate nudges have also allowed diseases to spread faster and to new regions, including those that impact plants.Extreme and unusual rainfall in Western Africa sparked outbreaks of black pod disease, which usually hits after wet season, and all that rain was followed by a period of extreme dryness and drought, which stoked the spread of swollen shoot virus, which reduces output by up to 25% in the first year of infection, up to 50% in the second, and which ultimately kills its hosts, the cocoa trees, and once it spreads to a plantation, the whole plantation, all the trees, usually have to be uprooted and burned, new trees planted in their stead, before things can get up and running again—all of which takes a lot of time and resources.Cocoa manufacturers have been underinvesting in their plantations and smaller cocoa producers for years; so it's not just their workers that they're under-investing in, it's the infrastructure surrounding those workers, which is often decrepit and unsafe, and which has left them prone to these newly aggressive diseases and unusual climate happenings.And a lot of the cocoa produced in these top-producing countries are run by small-holders, not by large-scale plantations. And because these small-holders are often almost as impoverished as the people working on the plantations, they don't have the money to invest in treating disease or uprooting and replacing all their trees, and that's led to a surge in illegal mining operations in cocoa growing areas, because illegal miners come in and say they'll pay the owners of the land where they want to dig a reliable, if still small income, and those landowners don't really have a choice—cocoa doesn't provide them enough money to do more than sustain themselves, so they take what they can get, and every time this happens, that's less prime cocoa-growing land that's being used to grow cocoa.Because of all this, the mid-season crop coming out of Ivory Coast, the biggest producer in the world, is expected to be about a third lower than usual this year, and Ghana's production is expected to hit a 22-year low; hence, those dramatically hiked prices, which have been further inflamed by market maneuvers meant to protect investors from irregularities, but which have the practical effect of raising prices in the short-term, creating more volatility, not less.This price-surge and negative overall outlook for the industry is causing a fair bit of concern for the global chocolate market, which has some stockpiled supply of beans, but which is struggling to account for this increase in overall cost, and is thus attempting to prepare their customers for price hikes and fresh instances of shrinkflation: which basically means selling the same product for the same price, but with less of the product in the package; so maybe a candy bar selling for the same price as before, but the bar is 2/3 its former size.This has been a big discussion topic recently in part because of the recent Easter holiday, which is a big day for chocolate sales in many parts of the Western world in particular, so this situation is topical news, but also because it's representative of what's happening in other commodity and non-commodity markets, as well, as a result of many of the same factors.The global supply of coffee beans has been shrinking since 2021, labor and other systemic issues contributing to that, but the climate also changing where coffee grows best, and thus making life hard on the folks who currently grow most of it, in what were previously the optimal regions for doing so, but which aren't any longer, and may no longer be capable of growing these beans at all in a few decades, the way things are going.Olive oil is likewise seeing record-high prices in 2024, the price of extra virgin olive oil up 70% from a year previous, and 260% from two years ago, due to widespread drought across the Mediterranean, where most olives are grown, and because of a bacteria that's infecting olive trees more enthusiastically than ever before because of all that heat and drought.The banana industry is also raising alarms, too, as the change in global temperatures and the water cycle are combining with a collection of increasingly aggressive diseases and infections that are impacting banana growing regions in Australia, Asia, Africa, and South America, necessitating a clean-sweep approach similar to those used to get a cocoa bean plantation ready to grow, again, post-infection, requiring a lot of additional investment and leading to a lot of waste and diminished expectations.Most of these industries have enough of a backlog and stockpile to keep prices on shelves constant for a while after this sort of hit, but for all of these industries, prices are expected to go up, possibly permanently, because of this seeming new reality, and because of the nature of the entities operating in these spaces, and the systems they've deployed to keep their goods flowing to the entities that turn them into products that end up in stores around the world.So while chocolate is the first to really hit the public consciousness in terms of the companies that own this space trying to prepare their customer base for what's about to happen by making it known that their core prices have grown shockingly high, it's likely we'll continue to see this sort of base-level inflationary impact on all sorts of goods in the coming years, unless something fundamental changes about the variables impacting supply, or the business model they use to sustain their industries.Show Noteshttps://finance.yahoo.com/news/chocolate-market-size-worth-usd-191300029.htmlhttps://www.theguardian.com/environment/2024/mar/29/easter-eggs-chocolate-cacao-harvests-cocoa-prices-aoehttps://www.cnbc.com/2024/03/26/cocoa-prices-are-soaring-to-record-levels-what-it-means-for-consumers.htmlhttps://archive.ph/YnZH7https://apnews.com/article/easter-chocolate-africa-farmers-cocoa-ghana-4a4d58a4e6076c8d46258c1b4dc414c4https://archive.ph/SbWVFhttps://archive.ph/wPhkkhttps://www.visualcapitalist.com/worlds-top-cocoa-producing-countries/https://www.statista.com/statistics/263855/cocoa-bean-production-worldwide-by-region/https://www.confectioneryproduction.com/news/47651/cocoa-sector-reaches-crisis-point-as-crop-prices-hit-10000-a-tonne/https://ycharts.com/indicators/cocoa_bean_pricehttps://www.aljazeera.com/gallery/2024/3/30/chocolate-prices-to-keep-rising-as-west-africas-cocoa-crisis-deepenshttps://investorplace.com/2024/03/olive-oil-coffee-and-cocoa-prices-oh-my-3-grocery-store-items-to-watch/https://www.bbc.com/news/science-environment-68534309https://www.ucl.ac.uk/news/2024/mar/analysis-cocoa-beans-short-supply-what-means-farmers-businesses-chocolate-lovershttps://www.france24.com/en/live-news/20231220-illegal-mining-smuggling-threaten-ghana-s-cocoa-industryhttps://www.sciencedirect.com/science/article/pii/S0022316622143798?via%3Dihubhttps://www.sciencedaily.com/releases/2018/10/181029130945.htmhttps://en.wikipedia.org/wiki/Chocolatehttps://en.wikipedia.org/wiki/Cocoa_bean This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit letsknowthings.substack.com/subscribe

This week we talk about the Rwandan genocide, the First and Second Congo Wars, and M23.We also discuss civil wars, proxy conflicts, and resource curses.Recommended Book: Everyday Utopia by Kristen R. GhodseeTranscriptThe Democratic Republic of the Congo, or DRC, was previously known as Zaïre, a name derived from a Portuguese mistranscription of the regional word for "river."It wore that monicker from 1971 until 1997, and this region had a rich history of redesignations before that, having been owned by various local kingdoms, then having been colonized by Europeans, sold to the King of Belgium in 1885, who owned it personally, not as a part of Belgium, which was unusual, until 1908, renaming it for that period the Congo Free State, which was kind of a branding exercise to convince all the Europeans who held territory thereabouts that he was doing philanthropic work, though while he did go to war with local and Arab slavers in the region, he also caused an estimated millions of deaths due to all that conflict, due to starvation and disease and punishments levied against people who failed to produce sufficient volumes of rubber from plantations he built in the region.So all that effort and rebranding also almost bankrupted him, the King of Belgium, because of the difficulties operating in this area, even when you step into it with vast wealth, overwhelming technological and military advantages, and the full backing of a powerful, if distant, nation.After the King's deadly little adventure, the region he held was ceded to the nation of Belgium as a colony, which renamed it the Belgium Congo, and it eventually gained independence from Belgium, alongside many other European colonies around the world, post-WWII, in mid-1960.Almost immediately there was conflict, a bunch of secessionist movements turning into civil wars, and those civil wars were amplified by the meddling of the United States and the Soviet Union, which supported different sides, funding and arming them as they tended to do in proxy conflicts around the world during this portion of the Cold War.This period, which lasted for about 5 years after independence, became known as the Congo Crisis, because government leaders kept being assassinated, different groups kept rising up, being armed, killing off other groups, and then settling in to keep the government from unifying or operating with any sense of security or normalcy.Eventually a man named Mobutu Sese Seko, usually just called Mobutu, launched a real deal coup that succeeded, and he imposed a hardcore military dictatorship on the country—his second coup, actually, but the previous one didn't grant him power, so he tried again a few years later, in 1965, and that one worked—and though he claimed, as many coup-launching military dictators do, that he would stabilize things over the next five years, restoring democracy to the country in the process, that never happened, though claiming he would did earn him the support of the US and other Western governments for the duration, even as he wiped out any government structure that could oppose him, including the position of Prime Minister in 1966, and the institution of Parliament in 1967.In 1971, as I mentioned, he renamed the country Zaïre, nationalized all remaining foreign owned assets in the country, and it took another war, which is now called the First Congo War, to finally unseat him. And this conflict, which began in late-1996, spilled over into neighboring countries, including Sudan and Uganda, and a slew of other nations were involved, including but not limited to Chad, the Central African Republic, Rwanda, Burundi, Angola, Eritrea, South Africa, Zambia, Zimbabwe, Ethiopia, and Tanzania, alongside foreign assistance granted to various sides by France, China, Israel, and covertly, the United States.The conflict kicked off when Rwanda invaded Zaïre, more neighboring states joined in, all of them intending to take out a bunch of rebel groups that the Mobutu government was no longer keeping in line: Mobutu himself having long since fallen ill, and thus lacking the control he once had, but still profiting mightily from outside influences that kept him as a friendly toehold in the region.So these other nations sent military forces into Zaïre to handle these groups, which were causing untold troubles throughout the region, and the long and short of this conflict is that it only lasted a few months, from October 1996 to May 1997, but the destruction and carnage was vast, everyone on both sides partnering up to take out rebels, or in the case of those rebels, to join up against these government militaries, and all of them using the opportunity to also engage in violence against ethnic enemies with whom they had long-simmering beefs.This led to the collapse of Mobutu's government, the country was renamed the Democratic Republic of the Congo when a new government was installed, but very little changed in terms of the reality of how that government functioned, so all the same variables were still in place a year later, in 1998, when what's now called the Second Congo War kicked off, informed by basically the same problems but bringing even more African governments into the fighting, many of them pulled into things by alliances they had with involved neighbors.And just as before, a variety of groups who felt aggrieved by other groups throughout the region used this conflict as an excuse to slaughter and destroy people and towns they didn't like, including what's been called a genocide of a group of Pygmy people who lived in the area, around 70,000 of them killed in the waning days of the war.In mid-2003, a peace agreement was signed, most of the warring factions that had fought in Congolese territory were convinced to leave, and it was estimated that up to 5.4 million people had died during the conflict.What I'd like to talk about today is what's happening in the DRC, now, at a moment of heightening tensions throughout the region, and in the DRC in particular, amidst warnings from experts that another regional conflict might be brewing.—A transition government was set up in the DRC in 2003, following the official end of that Second Congo war, and this government, though somewhat weak and absolutely imperfect in many ways, did manage to get the country to the point, three years later, in 2006, that it could hold an actual multi-party election; the country's first ever, which is no small thing.Unfortunately, a dispute related to the election results led to violence between supporters of the two primary candidates, so a second election was held—and that one ended relatively peacefully and a new president, Joseph Kabila, was sworn in.Kabila was reelected in 2011, then in 2018 he said he wouldn't be running again, which helped bring about the country's first peaceful transition of power when the next president, from the opposing party, stepped into office.During his tenure in office, though, Kabila's DRC was at near-constant war with rebel groups that semi-regularly managed to capture territory, and which were often supported by neighboring countries, alongside smaller groups, so-called Mai-Mai militias, that were established in mostly rural areas to protect residents from roaming gangs and other militias, and which sometimes decided to take other people's stuff or territory, even facing off with government forces from time to time.Violence between ethnic groups has also continued to be a problem, including the use of sexual violence and wholesale attempted genocide, which has been difficult to stop because of the depth of some of the issues these groups have with each other, and in some cases the difficulty the government has just getting to the places where these conflicts are occurring, infrastructure in some parts of the country being not great, where it exists at all.That 2018 election, where power was given away by one president to another, peacefully, for the first time, was notable in that regard, but it was also a milestone in it marked the beginning of widespread anti-election conspiracy theories, in that case the Catholic Church saying that the official results were bunk, and other irregularities, like a delay of the vote in areas experiencing Ebola outbreaks, those areas in many cases filled with opposition voters, added to suspicions.The most recent election, at the tail-end of 2023, was even more awash with such concerns, the 2018 winner, President Tshisekedi, winning reelection with 73% of the vote, and a cadre of nine opposition candidates signing a declaration saying that the election was rigged and that they want another vote to be held.All of which establishes the context for what's happening in the DRC, today, which is in some ways a continuation of what's been happening in this country pretty much since it became a country, but in other ways is an escalation and evolution of the same.One of the big focal points here, though, is the role that neighboring Rwanda has played in a lot of what's gone down in the DRC, including the issues we're seeing in 2024.Back in 1994, during what became known as the Rwandan genocide, militias from the ruling majority Hutu ethnic group decided to basically wipe out anyone from the minority Tutsi ethnic group.Somewhere between a 500,000 and a million people are estimated to have been killed between April and July of that year, alone, and that conflict pushed a lot of Hutu refugees across the border into the eastern DRC, which at the time was still Zaïre.About 2 million of these refugees settled in camps in the North and South Kivu provinces of the DRC, and some of them were the same extremists who committed that genocide in Rwanda in 1994, and they started doing what they do in the DRC, as well, setting up militias, in this case mostly in order to defend themselves against the new Tutsi-run government that had taken over in Rwanda, following the genocide.This is what sparked that First Congo War, as the Tutsi-run Rwandan government, seeking justice and revenge against those who committed all those atrocities went on the hunt for any Hutu extremists they could find, and that meant invading a neighboring country in order to hit those refugee groups, and the militias within them, that had set up shop there.The Second Congo War was sparked when relations between the Congolese and Rwandan governments deteriorated, the DRC government pushing Rwandan troops out of the eastern part of their country, and Kabila, the leader of the DRC at the time, asking everyone else to leave, all foreign troops that were helping with those Hutu militias.Kabila then allowed the Hutus to reinforce their positions on the border with Rwanda, seemingly as a consequence of a burgeoning international consensus that the Rwandan government's actions following the genocide against the Tutsis had resulted in an overcompensatory counter-move against Hutus, many of whom were not involved in that genocide, and the Tutsis actions in this regard amounted to war crimes.One of the outcomes of this conflict, that second war, was the emergence of a mostly Tutsi rebel group called the March 23 Movement, or M23, which eventually became a huge force in the region in the early 20-teens, amidst accusations that the Congolese government was backing them.M23 became such an issue for the region that the UN Security Council actually sent troops into the area to work with the Congolese army to fend them off, after they made moves to start taking over chunks of the country, and evidence subsequently emerged that Rwanda was supporting the group and their effort to screw over the Congolese government, which certainly didn't help the two countries' relationship.Alongside M23, ADF, and CODECO, a slew of more than 100 other armed, rebel groups still plague portions of the DRC, and part of the issue here is that Rwanda and other neighboring countries that don't like the DRC want to hurt them to whatever degree they're able, but another aspect of this seemingly perpetual tumult is the DRC's staggering natural resource wealth.Based on some estimates, the DRC has something like $24 trillion worth of natural resource deposits, including the world's largest cobalt and coltan reserves, two metals that are fundamental to the creation of things like batteries and other aspects of the modern economy, and perhaps especially the modern electrified economy.So in some ways this is similar to having the world's largest oil deposits back in the early 20th century: it's great in a way, but it's also a resource curse in the sense that everyone wants to steal your land, and in the sense that setting up a functioning government that isn't a total kleptocracy, corrupt top to bottom, is difficult, because there's so much wealth just sitting there, and there's no real need to invest in a fully fleshed out, functioning economy—you can just take the money other countries offer you to exploit your people and resources, and pocket that.And while that's not 100% what's happened in the DRC, it's not far off.During the early 2000s and into the 20-teens, the DRC government sold essentially all its mining rights to China, which has put China in control of the lion's share of some of the world's most vital elements for modern technology.The scramble to strike these deals, and subsequent efforts to defend and stabilize on one hand, or to attack and destabilize these mining operations, on the other, have also contributed to instability in the region, because local groups have been paid and armed to defend or attack, soldiers and mercenaries from all over the world have been moved into the area to do the same, and the logic of Cold War-era proxy conflicts has enveloped this part of Africa to such a degree that rival nations like Uganda are buying drones and artillery from China to strike targets within the DRC, even as China arms DRC-based rebel groups to back up official military forces that are protecting their mining operations.It's a mess. And it's a mess because of all those historical conditions and beefs, because of conflicts in other, nearby countries and the machinations of internal and external leaders, and because of the amplification of all these things resulting from international players with interests in the DRC—including China, but also China's rivals, all of whom want what they have, and in some cases, don't want China to have what they have.In 2022, M23 resurfaced after laying low for years, and they took a huge chunk of North Kivu in 2023.For moment that same year, it looked like Rwanda and the DRC might go to war with each other over mining interests they control in the DRC, but a pact negotiated by the US led to a reduction in the military buildup in the area, and a reduction in their messing with each other's political systems.In December of 2023, though, the President of the DRC compared the President of Rwanda to Hitler and threatened to declare war against him, and UN troops, who have become incredibly unpopular in the region, in part because of various scandals and corruption within their ranks, began to withdraw—something that the US and UN have said could lead to a power vacuum in the area, sparking new conflicts in an already conflict-prone part of the country.As of March 2024, soldiers from South Africa, Burundi, and Tanzania are fighting soldiers from Rwanda who are supporting M23 militants in the eastern portion of the DRC, these militants already having taken several towns.Seven million Congolese citizens are internally displaced as a result of these conflicts, having had to flee their homes due to all the violence, most of them now living in camps or wandering from place to place, unable to settle down anywhere due to other violence, and a lack of sufficient resources to support them.Rwanda, for its part, denies supporting M23, and it says the Congolese government is trying to expel Tutsis who live in the DRC.Burundi, located just south of Rwanda, has closed its border with its neighbor, and has also accused Rwanda of supporting rebels within their borders with the intent of overthrowing the government.Most western governments have voiced criticisms of Rwanda for deploying troops within its neighbors' borders, and for reportedly supporting these militant groups, but they continue to send the Rwandan government money—Rwanda gets about a third of its total budget from other governments, and the US is at the top of that list of donors, but the EU also sends millions to Rwanda each year, mostly to fund military actions aimed at taking out militants that make it hard to do business in the region.So changes in political stances are contributing to this cycle of violence and instability, as are regular injections of outside resources like money and weapons and soldiers.And as this swirl of forces continues to make the DRC borderline ungovernable, everyday people continue to be butchered and displaced, experiencing all sorts of violence, food shortages, and a lack of basic necessities like water, and this ongoing and burgeoning humanitarian nightmare could go on to inform and spark future conflicts in the region.Show Noteshttps://archive.ph/lk0mNhttps://en.wikipedia.org/wiki/Joseph_Kabilahttps://en.wikipedia.org/wiki/Rwandan_genocidehttps://gsphub.eu/country-info/Democratic%20Republic%20of%20Congohttps://en.wikipedia.org/wiki/Economy_of_the_Democratic_Republic_of_the_Congohttps://www.reuters.com/world/africa/why-fighting-is-flaring-eastern-congo-threatening-regional-stability-2024-02-19/https://archive.ph/lk0mNhttps://www.aljazeera.com/news/2024/2/21/a-guide-to-the-decades-long-conflict-in-dr-congohttps://www.cfr.org/global-conflict-tracker/conflict/violence-democratic-republic-congohttps://en.wikipedia.org/wiki/March_23_Movementhttps://en.wikipedia.org/wiki/Kivu_conflicthttps://en.wikipedia.org/wiki/Congo_Free_Statehttps://en.wikipedia.org/wiki/Mobutu_Sese_Sekohttps://en.wikipedia.org/wiki/Congo_Crisishttps://en.wikipedia.org/wiki/1965_Democratic_Republic_of_the_Congo_coup_d%27%C3%A9tathttps://en.wikipedia.org/wiki/First_Congo_Warhttps://en.wikipedia.org/wiki/Second_Congo_War This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit letsknowthings.substack.com/subscribe

This week we talk about mergers, acquisitions, and the Shale Oil Revolution.We also discuss liquid natural gas, energy diplomacy, and political hypocrisy.Recommended Book: Eversion by Alastair ReynoldsTranscriptFor the sixth year in a row, the United States is the largest oil producer in the world.As of March 2024, it's producing an average of 12.93 million barrels of oil per day, according to the US Energy Information Administration, and it periodically pops above that average for stretches of time, like in December of last year when it managed to average just over 13.3 million barrels per day.That's an absolutely astonishing volume of oil.For context, while Saudi Arabia remains the holder of the world's most substantial spare oil capacity and was the largest oil exporter in 2023, they set aside plans to increase output to 12 million barrels a day back in January, which leaves them about a million barrels a day shy of the expansion target they set in 2020.In 2023, the US produced about 28% more oil than Russia and about 33% more than Saudi Arabia, on average.The US is becoming a huge player in oil exports, too, but it really shines if you look at not just crude oil, but also natural gas liquids and refined petroleum products. In aggregate, in 2023, the United States exported nearly the same volume of these products that both Saudi Arabia and Russia produced, not exported, which is pretty wild.As is the fact that in December of 2023, the US exported about 400 billion more cubic feet of natural gas than it imported; and it imports a lot, and it only started exporting natural gas a few years ago, so that's the figure for an industry that didn't even exist until 2016, and didn't really grow until the 2020s.The US hasn't always been this kind of force in the global oil market. It's long been a consumer of huge quantities of the stuff, but while it produced a decent amount until the late-90s, competing with Russia and trailing Saudi Arabia, though not by much, US production levels dropped substantially beginning in the early 90s, the US becoming a huge importer of fossil fuels, its production levels dipping down to something closer to those of Iran by the mid-2000s; when 9/11 happened in 2001, one of the big concerns was that the US's fundamental reliance on Middle Eastern oil would complicate its military options and hamstring its economy.That all changed, though, with what became known as the Shale Revolution, when the widespread investment in and deployment of hydraulic fracturing, or "fracking" technologies, combined with developments that allowed for horizontal drilling, opened up huge swathes of new oil-rich territories in the US and Canada, making what were previously usable, but incredibly expensive to exploit fossil fuel resources less expensive and easier to tap, and southern US states in particular saw a wave of new and expanded drilling, leading to a surge in the US's production output, and ultimately allowing the US to become the top producer in the world beginning in 2018.The degree to which this has changed things, geopolitically, cannot be overstated, in the US and globally.Stateside, petroleum prices became less tethered to the whims and political motivations of mostly Middle Eastern nations and Russia, which, working together via the OPEC+ oil cartel, were long able to threaten and coerce the US government and its allies in various ways.That remained the case for a while, even after this shale oil boom, as production and export figures weren't optimally aligned. But as this new reality has set in, the US government has been more strategic in how it has stockpiled fossil fuels resources and how it's been willing to use those stockpiles to manage price fluctuations, for itself and its allies, when warranted.This has also been important for manufacturing, shipping, and other energy-hungry aspects of the US economy, and it has stoked booms in all sorts of consumer-facing industries, alongside the deployment of power-hungry infrastructure like new power plants and data centers.Globally, this increased production has allowed the US to become a player in energy diplomacy, exporting fuel to allies that needed it because of disasters or foreign meddling, and recently, the US has taken this up a notch by bolstering Europe's energy supplies in the wake of Russia's invasion of Ukraine—an invasion that led to sanctions from the EU against Russia, those sanctions arriving more slowly than they might have otherwise arrived because of concerns that Russia's stranglehold on much of the bloc's energy resources might turn into a chokehold, hobbling their economies, military preparedness, and civilian support for the sanctions, because people would be paying extreme prices for ever-shrinking volumes of energy.In the decades leading up to that invasion, many European nations, especially Germany, completely recalibrated their economies so they could profit from Russian fuel, so the fear that those fuel supplies would dry up if they made the wrong move, supported Ukraine too ardently, was a significant concern and shaped a lot of what happened in those early days of the invasion.The US started exporting liquified natural gas to the bloc, though, which is gas that's turned into a liquid using incredibly low temperatures, which shrinks it so that it's easier and cheaper to ship. And these shipments arrived first in drips and drabs, because the infrastructure on the receiving end, to convert that chilly liquid gas back into room-temperature, full-volumed gas, needed to be installed, but once that infrastructure was in place, LNG began to arrive from the US in huge volumes, a whole new energy economy popping up essentially overnight, relative to how these things typically go, anyway. And that enabled more and sterner sanctions from the EU, of a kind that may not have been feasible, lacking that energy resource backstop.What I'd like to talk about today is another, even more recent development within the US oil industry, and what it might mean for the future of this industry.—In 2023 alone, the businesses that make up the US energy sector spent about $250 billion scooping up clients, suppliers, and rivals.A poll of energy executives in December of the same year suggested we could see another $50 billion or so invested in more acquisitions and mergers over the next two years, and in 2024, so far, as of mid-March, we've already seen APA buy Callon, Chesapeake buy Southwestern, Talos buy QuarterNorth, and Sunoco acquire NuStar; these deals all close at the tale-end of Q1 or in Q2 2024, and they were worth around $4.5, $7.4, $1.29, and $7.3 billion, respectively, so nearly $20.5 billion worth of big oil industry deals, already, and the year is just getting started, so that $50 billion figure is looking prescient.The majority of next-step deals are expected to center around the Permian Basin, which is located in western Texas, with a little bit of overflow across the border into New Mexico.This basin is the highest-producing oil field in the US, generating nearly 6 million barrels of oil and around 25 billion cubic feet of natural gas each day, as of early 2024, and this is a region of intense investment and growth; oil fields around the country are shutting down, and that increase in gas and oil production that we're seeing is mostly the consequence of more effective technologies and upgrades in the hardware and software being used by the industry.So better exploration, better tools to get to the best pockets of resources, better capturing technologies and means of shuttling what they pump from place to place—it's a full stack of better tech and systems, and that is allowing the industry to consolidate its sprawl into fewer areas, many of them in the Permian Basin, and that's thought to be part of why we're seeing so much consolidation at the moment: more investment in fewer wells and fields in a smaller portion of the country is leading to more output, and that means the bigger companies with more R&D capacity and higher-end assets will tend to have a bigger advantage than their more dispersed, smaller rivals.It's anticipated, though, that a collection of variables, including that consolidation, will actually slow the growth of the US's fossil fuel-based energy industry, at least for the next few years.Less activity from fewer business entities and fewer investments that will lead directly to higher output is expected to nudge that 12.93 million barrels a day up by maybe 120,000 or 170,000 barrels per day, rather than the previously projected 1 million barrel a day increase.That's the EIA projection, as least—some other analysts have higher expectations, in some cases double or quadruple that range, but the general consensus is that more of the oil wealth in this region being owned by larger entities that are aiming for consolidation, not growth in the sense of exploring and exploiting a bajillion new wells, will likely lead to a period of more tempered industry-wide growth, and probably a period in which these now-bigger companies will be focusing on getting all their ducks in a row, reducing redundancies and inefficiencies in their new, combined collection of assets, and possibly eyeballing other acquisition targets, as well—so that'll means more investment in efficiencies, less investment in upping those already sky-high production numbers.All of this is happening within the context of efforts, globally, to reduce humanity's reliance on and use of fossil fuels. And that's led to some strange combinations of policies and political messaging, and no shortage of claims of hypocrisy from all sides of the conversation.Case in point: even as US President Biden has celebrated US energy independence and the associated security enabled and supported by this expansion of fossil fuel production and processing, he has also flogged and signed all sorts of laws and regulations meant to reduce oil use and to increase the deployment of solar, wind, and other clean energy sources.He's also pushed hard for government investment in clean energy and related infrastructure, including things like electric vehicles and upgrades for homes, and he's not alone in this: other wealthy nations in particular have been pushing hard to emphasize and enable this transition, as all the data indicates the faster we shift away from burning fossil fuels and engaging in other emitting activities, the less destructive the impacts of human-amplified climate change will be, and the less expensive it will ultimately be to adapt to those new realities, and to stop making them worse; to fully transition to a net-zero, and then eventually, a practically non-emittive future.This seemingly bipolar stance can be disorienting, especially for those it directly impacts.And consequently, rather than making everyone happy, as both sides of the climate change, renewables conversation are getting a fair bit of what they want due to these seemingly opposing investments, it's mostly just pissing everyone off, as environmentalists, climate change activists, and everyday people who are concerned about the impacts of the changing climate that they're seeing around them, more and more each year, are irritated that the segue to a non-emittive energy future isn't happening faster, while oil, gas, and coal companies are peeved that they're being elbowed out, despite having arguably gotten the country to where it is today, provide the US economy with a substantial chunk of its overall income and wealth, and in a very real way enable modern, everyday life—even for those people who want them and their products to disappear as quickly as possible.That perception of hypocrisy is difficult to sidestep, then, because while, yes—there has been a lot of new, clean infrastructure deployed, many EV and similar companies have been invested in, and on the other side there have been all those big expansions of oil and gas infrastructure and an increase in the market for those sorts of products—these two narratives are also in diametric opposition to each other, at least in the long-term, and slow-walking a transition away from fossil fuels makes climate change worse, its impacts more devastating and longer-lasting, the worst stuff arriving faster, too, while the shift toward cleaner energy is stealing market share from those emittive energy companies, and this movement toward renewables puts a cap on fossil fuel companies' very existence, as well—some policies suggesting that they can't exist, or at least not exist at any real scale, doing the type of business they've always done, past a certain, government-mandated date.And both of these perspectives are arguably true; so those victories both sides are accumulating are often lost in the sea of concomitant victories for the perceptually opposing side, which manifest as losses for the non-victorious side.It's worth noting, too, that both sides actually have pretty good arguments, in isolation.Lacking the dominant, fossil fuel-based energy sources of today, the US military wouldn't be able to operate; it simply wouldn't be able to function, which would have all sorts of knock-on effects, until and unless all of those vehicles and missiles and other bits of hardware could be replaced with cleaner versions of the same.Lacking a full-scale replacement of every fuel-chugging car, bus, train, jet, and other piece of transportation infrastructure, the US economy would come to a halt, overnight, and that would wreak untold havoc in-country and around the world.There's a chance that certain plastic goods would disappear, too, and a gobsmackingly large portion of all things created in the modern world are made of some kind of plastic, which is a petroleum product, and the well-being of that industry is in some ways correlated with the well-being of the rest of the industry's efforts.That said, if we don't shift away from the use of these fuels and materials soon, we may lose the ability to counter some of the worst impacts of climate change, including many that are deadly, like overpowered and more regular storms and heatwaves, and others that will take out ecosystems and the creatures living in those ecosystems, permanently, changes to their conditions arriving so quickly they don't have a change to adapt.Military conflicts and economy collapses may seem quaint compared to the cost and loss of lives and treasure associated with forthcoming, more common, climate change-triggered disasters and norm-shifts.There's some indication that some Big Oil companies are making tweaks to how they do things in order to reduce the distance between their economic priorities and the priorities of folks who want them to stop pumping more fossil fuels from the ground.Top mining officials from Saudi Arabia recently announced they're building out the systems and hardware necessary to extract the more than $2.5 trillion worth of metals they're so far located in their territory, for instance, and other state-run businesses have suggested they intend to do the same: leveraging their knowledge, tools, and expertise to mine and process some of the resources that'll be most necessary (and thus, valuable) for the transition to cleaner energy.Some US-based Big Oil companies have made announcements about their own intentions in this regard, some saying they'll pull lithium from their oil wells, while others claim they're investing in rare earth mining infrastructure.ExxonMobil recently announced that it would be returning to one of its old, long-closed oil wells in a small town in Arkansas to mine lithium there, which could be beneficial for their bottom line, but also for folks in that region who were left in the lurch when Exxon left to refocus on Texas in the 1990s.A coal company operating in Wyoming, with the help of the US Department of Energy, recently discovered what could be one of the largest rare-earth metal deposits in the world, and the biggest in the US, on land that they originally bought for coal mining purposes.These sorts of investments are not consequence-free, as mining of any kind tends to deplete local resources, especially water and energy, and can have serious and deleterious effects on people and ecosystems, too. But this does seem like one of the more likely avenues through which these companies' interests may slowly come to align with those of folks, businesses, and governments that are trying to segue the US and other economies to clean energy; and that's meaningful because otherwise these companies almost always represent the most significant, well-moneyed and lobbyist-employing roadblocks to legislation and investment that would speed up the deployment of renewables and associated infrastructure; so this type of pivot would conceivably give them reason to support, rather than hamstring those efforts.That said, some of these announced efforts may end up being mostly PR plays, similar to how big oil companies have dangled the possibility of cleaning up their emissions using carbon drawdown technologies, for years, but few such investments have been made, and some of the deployed tools were eventually retired, as they didn't really do what they were supposed to do.So there are potential avenues via which priorities might align more closely in the coming years, if the economics of such paths can be worked out and if the market validates them, but there's also a chance these opposing interests remain oppositional for the foreseeable future, even though both arguably scratch necessary itches, and both represent anchors and wings for politicians who support and rely upon them.Show Noteshttps://grist.org/energy/oil-companies-used-to-run-this-town-now-theyre-back-to-mine-for-lithium/https://www.reuters.com/default/more-us-energy-deals-likely-2024-wave-consolidation-2024-01-24/https://www.semafor.com/article/03/13/2024/inside-saudi-arabias-plan-to-take-over-the-mining-industryhttps://www.reuters.com/markets/commodities/us-leads-global-oil-production-sixth-straight-year-eia-2024-03-11/https://www.reuters.com/business/energy/saudi-aramco-says-it-will-cut-planned-maximum-capacity-12-mln-bpd-2024-01-30/https://www.reuters.com/markets/commodities/record-us-oil-output-challenges-saudi-mastery-kemp-2023-12-04/https://www.visualcapitalist.com/visualizing-the-rise-of-the-u-s-as-top-crude-oil-producer/https://www.forbes.com/sites/gauravsharma/2023/12/19/as-2024-approaches-us-leads-global-crude-oil-production-roster/?sh=107f8c582706https://www.reuters.com/markets/commodities/is-us-shale-oil-revolution-over-kemp-2022-11-22/https://en.wikipedia.org/wiki/Shale_gas_in_the_United_Stateshttps://www.nrdc.org/stories/fracking-101https://www.eia.gov/dnav/ng/hist/n9133us2M.htmhttps://www.eia.gov/energyexplained/natural-gas/liquefied-natural-gas.phphttps://www.reuters.com/business/energy/us-was-top-lng-exporter-2023-hit-record-levels-2024-01-02/https://www.eia.gov/todayinenergy/detail.php?id=61523https://jpt.spe.org/the-trend-in-drilling-horizontal-wells-is-longer-faster-cheaperhttps://edition.cnn.com/2023/03/28/energy/eu-us-oil-imports-overtake-russia/index.htmlhttps://www.nytimes.com/interactive/2023/09/25/climate/fracking-oil-gas-wells-water.htmlhttps://www.newscientist.com/article/2422110-methane-leaks-from-us-oil-and-gas-are-triple-government-estimates/https://www.eia.gov/todayinenergy/detail.php?id=61523https://en.wikipedia.org/wiki/Petroleum_in_the_United_Stateshttps://www.marketplace.org/2024/02/12/diamondback-and-endeavor-merger-trend-bigger-fewer-oil-companies/https://www.strausscenter.org/energy-and-security-project/the-u-s-shale-revolution/ This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit letsknowthings.substack.com/subscribe

This podcast discusses the ongoing conflict in Ukraine, including foreign aid, brain drain, and economic consequences. It explores the challenges faced by Ukraine in their counter-offensive against Russia, the complexities of international aid, and the economic and social implications of the conflict. The episode also touches on Russian political developments and recommends a book for further reading.

This week we talk about virtual reality, the Meta Quest, and the Apple Vision Pro.We also discuss augmented reality, Magic Leap, and the iPhone.Recommended Book: Daemon by Daniel SuarezTranscriptRansomware is a sub-type of malware, which is malicious software that prevents its victim from accessing their data.So that might mean keeping them from logging into their cloud storage, but it might also mean encrypting their data so that there's no way to access it, ever again, unless they have the necessary decryptor, which is a piece of software or sometimes just a key that allows for the decryption of that encrypted, that locked-down data.The specifics of all this, though, are often less important than the practical reality of it.If you're attacked by a ransomware gang or hacker, your stuff, maybe your personal files, maybe your business files, all your customer information, your valuable trade secrets, anything that's stored digitally, might be completely inaccessible to you, and possibly even prone to deletion, though that might not even be necessary since strong encryption is essentially the same thing as deletion, for most intents and purposes; but all that data is gone, held hostage until and unless you pay some kind of ransom to the person or group that encrypted it, and which holds the key to its decryption.Most ransomware software is transmitted to its victims' computers via a trojan, which is a kind of malware that seems like real-deal software that you actually want or need to install, and folks are generally tricked into downloading and installing it because of that presumed legitimacy.So maybe you receive what looks like a software update for a tool you use at work, and it turns out the update was faked and what you installed was actually a trojan that installed malware on your computer, and consequently on your network, instead.Or maybe you pirated some software, and alongside the fake copy of Photoshop you installed, a trojan also carried another snippet of code that then, in the background, when your computer was hooked up to the internet, downloaded malware that looked for private data and encrypted it.At some point after ransomware is delivered and installed, your data successfully encrypted and inaccessible, you'll receive the ransom demand.For a while this was kind of an ad hoc thing, in some cases targeting people randomly on early internet usenet groups, in others big companies and other wealthy entities being specifically targeted and then ransomware teams calling or emailing or texting them directly, because they knew who they were hitting.In recent years, this has become a more distributed and mainstream effort, akin to an, organized business, and that mainstreamification was partially enabled by the dawn of crypto-currencies like Bitcoin, which allow for relatively anonymous transactions with strangers, and the development of ransomware that is self-contained, in that it can install itself, find the right, valuable files, and then demand a ransom from its victim, providing that victim with the proper bitcoin wallet or other crypto-banking system into which they need to deposit a fixed amount of money in that less-trackable digital currency.The software can then, still autonomously, either decrypt the files once the ransom is paid, or delete the files, killing them off forever, if the ransom isn't paid by an established deadline.Other variations on this theme exist, and some ransomware doesn't use encryption as a motivator to pay, but instead locks down users' machines, displays some kind of demand for money, purporting to be a government agency (or lying about having encrypted or stolen something of value), or it threatens to install illegal pornographic images of minors on the victims' machine if they don't pay the ransom.By far the most popular approach to ransomware, today, though, is encryption-based, and recent evolutions in the business model backing ransomware has escalated its use, especially what's become known as ransomware-as-a-service, which was popularized by a Russian hacker group calling itself REvil that started using it against a variety of targets, globally, to devastating and profitable effect.What I'd like to talk about today is another group that has made successful use of this business model, and a recent investigation into and operation against that group.—First observed by cybersecurity entities in 2019, LockBit quickly became one of the most prolific and effective ransomware-as-a-service providers in the world, their offering, a product called LockBit 2.0, representing the most-used ransomware variant globally in 2022, accounting for something like 23% of all ransomware attacks in the US in 2023, and around 44% of all such attacks globally.According to the FBI, LockBit has been used to launch around 1,700 ransomware attacks in the US since 2020, and according to the US Cybersecurity and Infrastructure Security Agency, about $91 million worth of ransoms were paid in the US alone over the past three years, and it's estimated that number is in the hundreds of millions when we include targets around the world.LockBit's offerings work like many other ransomware-as-a-service offerings, in that they provide what amounts to a dashboard filled with tools that allow users, those who wish to deploy ransomware attacks, those users being their customers, everything they need to do so, and most of their offerings allow even folks with little or no technical knowledge to launch a successful ransomware campaign; it's that user-friendly and intuitive.Hackers using LockBit announced the 2.0 version of the service by attacking professional services giant Accenture in 2021, using what's called a double-extortion approach, which involves encrypting their victim's data, and then threatening to release it if their victim doesn't pay up.They then hit French electrical systems and administrative and management services companies, alongside a French hospital, a group of British automotive retailers, a French office equipment company, the California Finance Administration, the port of Lisbon, and Toronto's Hospital for Sick Children in 2022—in that latter case backtracking after realizing a children's hospital was hit, the group formally apologizing for what they called a violation of its rules by a member of its group, who it claimed was no longer a part of its affiliate program; it provided a free decryptor for the hospital so it could regain access to its data.And that response gestures at the larger opportunities and problems associated with this kind of business model.LockBit is run by a group of people who develop the software tools and provide the services backing up those tools to help anyone who wants to use their product successfully launch ransomware attacks against whomever they want.There are apparently rules about who they can attack, but that's kind of like being a gun store operator who tells their customers they're not allowed to shoot anyone, and if they do, they'll have their gun taken away: they can certainly have those rules in place, but by the time they take back the gun they sold to someone who ends up shooting someone else with it, some damage has already been done.The business models of ransomware-as-a-service schemes vary, and some groups allow their customers to just pay a set licensing fee, once or reccuringly, others have profit-sharing schemes, while others have affiliate programs of some flavor.LockBit seems to have landed on a scheme in which they take something like 20% of whatever their customers, those using their LockBit service, are able to get as a ransom.And just like other software-as-a-service companies, LockBit is thus incentivized to continue providing better and better services, lest their customers leave and use one of their competitor's offerings, instead.Thus, in mid-2022, they release LockBit 3.0, and among other innovations it offered a bug bounty program, which provides payouts to security researchers who find errors in their code—something that companies like Microsoft and Google do, but not something other ransomware gangs have done in the past.The attacks kept coming through 2022 and 2023, and though the US Department of Justice announced criminal charges against one Russian national for his alleged connection to LockBit as an affiliate, and the arrest of another for his participation in a LockBit-oriented campaign, the hits just kept coming, LockBit affiliates attacking a French luxury goods company, a Germany car equipment manufacturer, a chain of Canadian bookstores, the Hong Kong branch of the China Daily newspaper, the Taiwanese TSMC semiconductor company, the Port of Nagoya in Japan, US aerospace and defense company Boeing, the Chicago Trading Company, and Alphadyne Asset Management, and it kicked off 2024 by encrypting the computer system of Fulton County, Georgia.On February 19, 2024, the UK's National Crime Agency, working with Europol and agencies from 9 other countries seized LockBit's online assets, including more than 200 crypto wallets, 34 servers located in eight countries, and about 11,000 domains used by LockBit and its affiliates as part of its ransomware-installation and payout process.They discovered that some of the data supposedly deleted by the group when their victims paid their ransoms wasn't deleted as promised, and they released decryptors to free the data of victims who hadn't paid ransoms, and who had thus been going without access to their data, in some cases for a long time.They also issued three international arrest warrants and five indictments that target other people related to LockBit's operations, and they've issued a reward of up to $15 million for information about LockBit associates.This operation, called Operation Cronos, took years to set up and months to complete, once it was ready to go, and though the agencies behind the operation say they've still got plenty left to do—as those in charge of LockBit are still in the wind, some ransomware tools are still functioning, at least partially, and thousands of accounts associated with LockBit affiliates have been identified, but not yet shut down—it's also being seen as a pretty solid success, allowing them to develop a universal decryptor for LockBit 3.0, and taking out much of the online infrastructure LockBit relied upon to function, not to mention, no doubt, a fair bit of its reputation, as it's likely many of its potential customers will now flee to other offerings for their ransomware-as-a-service needs.All that said, ransomware continues to be a significant threat, for individuals, but especially for business entities, agencies, and organizations of any size, and there are plenty of other options out there for such tools, and only so many cybercrime agencies capable of tackling them; and it seems to take a lot longer to do the tackling than it does to set up a successful, large-scale ransomware-as-a-service business.So the combination of potent encryption tools, automated services, and a potent means of earning fairly consistent income seems likely to keep ransomware tools of this kind in the money for the foreseeable future, and that means, even with these periodic takedowns of people involved with the larger-scale entities in this space, this approach to siphoning money from wealthy entities from a distance will probably continue to grow, until the next, more profitable and effective version of the same comes along.Show Noteshttps://www.bleepingcomputer.com/news/security/police-arrest-lockbit-ransomware-members-release-decryptor-in-global-crackdown/https://www.bleepingcomputer.com/news/security/lockbit-ransomware-disrupted-by-global-police-operation/https://www.bleepingcomputer.com/news/security/ransomware-gang-apologizes-gives-sickkids-hospital-free-decryptor/https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-lockbithttps://www.cisa.gov/news-events/cybersecurity-advisories/aa23-165ahttps://www.bbc.com/news/world-us-canada-63590481https://www.justice.gov/usao-nj/pr/russian-and-canadian-national-charged-participation-lockbit-global-ransomware-campaignhttps://krebsonsecurity.com/2024/02/feds-seize-lockbit-ransomware-websites-offer-decryption-tools-troll-affiliates/https://www.washingtonpost.com/business/2024/02/20/lockbit-ransomware-cronos-nca-fbi/https://www.axios.com/2024/02/19/lockbit-ransomware-takedown-operation?utm_source=substack&utm_medium=emailhttps://www.washingtonpost.com/business/2024/02/20/lockbit-ransomware-cronos-nca-fbi/https://www.bleepingcomputer.com/news/security/police-arrest-lockbit-ransomware-members-release-decryptor-in-global-crackdown/https://www.reuters.com/technology/cybersecurity/us-offers-up-15-mln-information-lockbit-leaders-state-dept-says-2024-02-21/https://arstechnica.com/security/2024/02/after-years-of-losing-its-finally-feds-turn-to-troll-ransomware-group/https://arstechnica.com/information-technology/2024/02/lockbit-ransomware-group-taken-down-in-multinational-operation/https://www.bloomberg.com/news/articles/2024-02-21/russia-s-lockbit-disrupted-but-not-dead-hacking-experts-warnhttps://en.wikipedia.org/wiki/Lockbithttps://en.wikipedia.org/wiki/Ransomwarehttps://en.wikipedia.org/wiki/Ransomware_as_a_service This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit letsknowthings.substack.com/subscribe

From the Meiji Revolution to economic bubbles, this podcast delves into Japan's economic journey. Explore the impact of Commodore Perry's arrival, the shift from feudal to industrial society, and the challenges faced during the Lost Decade. Discover insights on NVIDIA, economic fluctuations, and the Tokyo Stock Exchange.

This week we talk about virtual reality, the Meta Quest, and the Apple Vision Pro.We also discuss augmented reality, Magic Leap, and the iPhone.Recommended Book: Extremely Online by Taylor LorenzTranscriptThe term spacial computing seems to have been coined in the mid-1980s within the field of geographic information systems, or GIS, which focuses on using digital technology to mess with geographic data in a variety of hopefully useful ways.So if you were to import a bunch of maps and GPS coordinates and the locations of buildings and parks and such into a database, and then make that database searchable, plotting its points onto a digital map in an app, making something like Google Maps, that would be a practical utility of GIS research and development.The term spacial computing refers to pulling computer-based engagement into physical spaces, allowing us to plot and use information in the real world, rather than relegating that information to flat screens like computers and smartphones.This could be useful, it was posited, back in the early days of the term, as it would theoretically allow us to map out and see, with deep accuracy and specificity, how a proposed building would look on a particular street corner when finished, and how it would feel to walk through a house we're thinking of building, when all we have available is blueprints.This seemed like it would be a killer application for all sorts of architectural, urban planning, and location intelligence purposes, and that meant it might someday be applicable to everyone from security services to construction workers to doctors and health researchers who are trying to figure out where a pandemic originated.In the 1990s, though, the embryonic field of virtual reality started to become a thing, moving from research labs owned by schools and military contractors out into the real world, increasingly flogged as the next big consumer technology, useful for all sorts of practical, but also entertainment purposes, like watching movies and playing games.During this period, VR began to serve as a stand-in for where technology was headed, and it was dropped into movies and other sorts of speculative fiction to illustrate the evolution of tech, and how the world might evolve as a consequence of that evolution, more of our lives lived within digital versions of the world, rather than in the world itself.As a result of that popularity, especially throughout pop culture, VR overtook spacial computing as the term of art typically used to discuss this type of computational application, though the latter term also encompassed use-cases that weren't generally covered by VR, like the ability to engage with one's environment while using the requisite headsets, and the consequent capacity to use this technology out in the world, rather than exclusively at home or in the office, replicating the real world in that confined space.The term augment reality, or AR, is generally used to refer to that other spacial computing use-case: projecting an overlay, basically, on the real world, generally using a VR-like headset or goggles or glasses to either display information onto lenses the user looks through, or serving the user video footage that is altered to include that data, rather than attempting to project the same over the real thing; the latter case more like virtual reality because users are viewing entirely digital feeds, but like AR in that those feeds include live video from the world around them.A slew of productized spacial computing products have made it to the consumer market over the past few decades, including Microsoft's HoloLens, which is an augmented-reality headset, Google's Glass, which projects information onto a tiny screen in the corner of the the user's eyeline, and Magic Leap's self-named 1 and 2 devices, which are similar to the HoloLens.All three of these products have had trouble making much of a dent in the market, though, and Magic Leap is in the process of retiring its first headset, though it's reportedly partnering with Meta on a new device sometime soon, Microsoft has mostly pivoted to working with companies and agencies rather than selling to consumers, though future versions of their headsets might revert back to their original intended customer base, and Google Glass was retired in 2015, replaced by enterprise editions (sold to businesses and agencies) from that point forward, though those enterprise editions were also halted in 2023.What I'd like to talk about today is the current status of this space, which is being shaken up by two big, global players and their products: Meta with their Quest line of spacial computing devices, and Apple with it's new Apple Vision Pro.—In 2014, the company that was at the time known as Facebook, but which is now called Meta bought a virtual reality company called Oculus for about $2 billion.Oculus made a popular VR device, popular for VR devices in 2014, at least, that was only ever released as a development prototype, but which garnered a huge amount of attention nonetheless, blowing away its Kickstarter goal and attracting tens of millions of dollars in investment from well-known tech-world venture capitalists.The purchase was criticized by many, as part of the appeal of Oculus was that it was independent from the big players in the space, but $2 billion is a significant amount of money, so the sale went through after regulators approved it, and Facebook, now Meta, started churning out its own headsets, initially continuing to use the Oculus branding, but it was more cohesively integrated with Meta's portfolio of offerings in 2021, redesignating this now sub-company Reality Labs, and entwining it with other Meta products like Instagram, Messenger, and WhatsApp—that effort culminating in 2022 with the complete retirement of the Oculus monicker, re-designating the company's products with the Quest brand, its social platforms renamed Horizon, as in Horizon Worlds.So beginning in 2022, Meta had a fully integrated Meta Quest line of virtual reality products, including the hardware and a slew of online components, like social networks, and game, app, and other digital product stores.The company has a long, for this space, anyway, history of now-discontinued products, including partnerships with the likes of Samsung and headsets that vary in price and power, some plugging into one's computer to provide processing heft, but most of the new ones serving as self-contained, all-in-one headset devices, which typically include little handheld controls, wired or wireless, as well.They've also scooped up a variety of related companies, and in 2021, they attempted to buy a company called Within, which makes popular VR games like Beat Saber and Supernatural, but the FTC blocked the purchase on competition grounds; in 2023, though, the purchase was given the go-ahead, so those, and other popular VR-focused apps are now owned by Meta, as well.Meta also partnered with glasses-maker Ray-Ban in 2021 to release a product called Ray-Ban Stories, which are glasses that have built-in cameras that can upload videos they record to social media.So Meta has been investing heavily in this space for years, and their products are relatively well-developed, most of the teething issues faced by new products worked out, at this point, and their products are priced between a few hundred dollars on the low end, about $500 in the middle, and around $1000 at the top.They also have a decent-sized catalog of in-VR offerings for users, and all of their products plug into all of their other products—for better and for worse, as many people who were irritated about the Oculus purchase were angered by the realization that they would need to have a Facebook account to keep using their hardware; so this is both pro and con, depending on who you are.Despite Meta's relative success in the world of spacial computing, though, the big story in this space, as of 2024, is that Apple has released their own augmented-reality headset, the Apple Vision Pro, and it's similar but also distinct from Meta's spacial computing offerings.It has bogglingly detailed screens, which are what project stuff to the user inside the headset, in terms of pixel density, it has a sophisticated hand-tracking interface that allows users to gesture in a fairly natural way to control things within their virtual environment, no separate controllers necessary, it has video pass-through, as do the Quest models, that show the real world within the user's view, but which then superimposes virtual stuff over it, and its tracking of things in the real world is quite detailed and accurate, to the point that some users have been—ill-advisedly, if not illegally—driving their cars while wearing their Vision Pros, and it even offers some possibly just experimental, somewhat creepy quality-of-life additions, like inward facing cameras that track a users face and then display that face while they're video chatting from within the headset, and which project a 3D-video feed of their eyes to the outside of the display, so folks in the world around them can see what their eyes are doing, despite their face being largely covered by this heavy, compared to Meta's headsets, anyway, VR helmet.Apple's Vision Pro also costs $3,500, which is about 7-times the cost of Meta's entry-level, mid-tier, most popular Quest 3 headset.So what we have here is two companies presenting different visions of what the spacial computing industry will look like.Apple's pricing will likely come down, and some of the differences between these products, like Meta's lighter weight headsets and Apple's higher-quality screens, will almost certainly intersect at some point a few product iterations down the line, as they both figure out what's ideal in terms of the quality to price ratio.Other attributes may disappear, like the outward-facing eye projections, which don't seem terribly effective or useful, though some, like those eye-projections, may also evolve into something that people can't live without, and which Meta and other future competitors will then go on to copy.We're also seeing the emergence of different market positions within this space, which isn't something we've really had until this point.Meta had been occupying the perceptual high price point, as their products were the most fleshed-out and for most consumer purposes, at least, useful, and a thousand bucks at the high end is a lot of money for what's mostly an entertaining lark, for most consumers, at this point.Apple's entrance into this space, though, is a bit like when they stepped into the phone market in 2007 and announced a $500 iPhone: it changed the math, and recalibrated people's expectations of what they should expect to spend in the future.$500 seems almost ridiculously cheap for a premium device that's become fundamental to so many people for so many purposes, today, and it's possible that Apple's entrance in this space will do the same, allowing Meta to position its products as the Android of the spacial computing world, cheaper, sure, but also more useful for many people, with more pricing tiers, and serving as a sort of practical, non-luxury, and non-overpriced version of what most people want to get from this type of hardware.The reviews so far seem to support this positioning: Quest headsets are generally quite good, but that's it—they're not blowing any of the tech reviewers away, and most of what they do is passable, not magical.Apple generally aims for magical, and a lot of its initial reviews have suggested that what the Vision Pro does well, it does VERY well; at that magical level, if not beyond it.That said, a lot of the same reviews, and the reviews that have arrived since, after the device formally hit the market, have indicated that it has enough bugs and issues and missed opportunities to be incredible in some relatively few areas, but not worth $3,500 in most other regards; many of the stories on the device as of the week I'm recording this episode are about how many people, who enthusiastically forked over thousands of dollars for a first generation Vision Pro when it was released, are now returning their devices so as not to miss the 14-day return window.The Vision Pro is possibly revolutionary, then, but perhaps not in the sense that it replaces everything that came before: it'll probably change the space in significant ways, but it'll take several iterations before it becomes a must-have product, and in the meantime it'll mostly be meaningful because of how it resets price-expectations, sets a new bar for quality in some regards, and stokes a new round of competition in a space that hasn't seen much in the way of competition for years.Which is basically what happened with the iPhone, iPad, Apple Watch, and other Apple-made devices, as well. They tend to be really impressive and magical-seeming right out of the gate, but not great, practically, until the third or fourth generation, at which point they're just astoundingly good by most metrics.There's a chance that this product will find its feet eventually, too, then, though Meta seems keen to give them a run for their money on this, as their long-held desire to own a hardware product category now seems within reach, their past attempts at making their own watch and phone having been incredible failures.Their pivot to the metaverse, which has been put on hold a little bit because of the advent of generative AI technologies and all the big tech companies trying to figure out what their next steps should be, considering how influential those technologies have turned out to be, those technologies now seem likely to make that metaverse aspiration more viable in the long-term, and these headsets, especially if they can keep making them smaller and lighter and more useable in more contexts, seem like they could be the best entry-point for a Meta-owned network of metaversal platforms, all sorts of content generated on the fly by AI, keeping folks engaged longer, but only if they can maintain their lead over competitors while they build-out those virtual worlds, and as they attempt to grab more relevant companies and refine the relevant hardware, in the meantime.It's still an open question, though, despite this flurry of hype and investment, whether anyone will really want to use these sorts of devices on a regular basis, beyond those with more money than they can spend and people who are super-enthused about any new tech gizmo.Some analysts contend that the best access-point for the metaverse, whatever it eventually evolves into, remains and will remain the screens we have on all of our gadgets, and that the idea of face-based computing is a little bit silly and too cumbersome to ever become mainstream.Others have suggested, though, that we long assumed the same about pocketable computing, and wearing such devices on our wrists—which is something many of us now do, because smartwatches—a field that was for a long time super niche and weird and rare—became incredibly popular after Apple introduced its Apple Watch and then iterated the thing until it was useful, a slew of other companies, including those that were working in this space long-before Apple stepped in, all upgrading and refining their own products, in turn, making the smartwatch world a lot richer and more useful and popular, as a consequence.If these headsets become lighter, cheaper, and possibly even evolve into goggles or glasses, rather than headsets, that could make them a lot more accessible and useable by many people who, today, struggle to understand why they should care, and what possible use they might have for this kind of device, when their smartphones and computer screens seem to work just fine, and with less neck-strain.So we could be looking at a flash in the pan movement, or we could be living through the emergence of a new, mainstream, perhaps even universal computing-related product type; but there's a good chance we won't know which for several more years.Show Noteshttps://stratechery.com/2024/the-apple-vision-pro/https://arstechnica.com/apple/2024/02/our-unbiased-take-on-mark-zuckerbergs-biased-apple-vision-pro-review/https://www.theverge.com/24054862/apple-vision-pro-review-vr-ar-headset-features-pricehttps://www.theverge.com/2024/2/16/24058318/apple-vision-pro-sharing-difficultieshttps://www.businessinsider.com/mark-zuckerberg-instagram-facebook-meta-posting-era-vision-pro-quest-2024-2https://www.theverge.com/2024/2/13/24072413/mark-zuckerberg-apple-vision-pro-review-quest-3https://www.theverge.com/24074795/vision-pro-returns-xbox-future-gemini-open-ai-vergecasthttps://fortune.com/2023/02/06/meta-buying-vr-startup-within-unlimited-after-ftc-battle/https://en.wikipedia.org/wiki/Geographic_information_systemhttps://en.wikipedia.org/wiki/Spatial_computinghttps://en.wikipedia.org/wiki/Microsoft_HoloLenshttps://en.wikipedia.org/wiki/Google_Glasshttps://www.theverge.com/2023/12/21/24010787/microsoft-windows-mixed-reality-deprecated This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit letsknowthings.substack.com/subscribe