The Crux #8: Are you the cucumber, or the brine?

A bit of an infosec heavy newsletter this week.

The USA wants to ban CVEs from the DoD, a blue team vuln graph tool, Digital Ocean dumps Mailchimp, and some advice on improving your opsec.

We also have some deep nerd stuff on what network packets look like on an oscilloscope, bootable USBs, and how Janet Jackson can crash your laptop.

For this week’s Long Read, I give away the source of some of my secret consulting knowledge.

Things to note

Companies are adding a bunch of ‘Workplace Productivity’ surveillance tech because most managers have no idea how to manage their staff. I wrote a thing a while back in The Register about how infosec does this too and needs to knock it off.

Zero Networks have open sourced BlueHound, a nifty looking tool for helping infosec blue teams map out the graph of vulnerabilities that could be exploited to break into their systems.

Digital Ocean dumped Mailchimp as their email list provider after a security breach. Mailchimp didn’t handle this well at all, it seems. The old PivotNine newsletter used Mailchimp but we moved away from them some time ago.

Ever wanted to see what network packets look like as electrical signals? Check out this very cool, and very technical, article from Oxide Computer’s Matt Keeter: From Oscilloscope to Wireshark – A UDP Story.

Good advice on improving your communications security from Aussie Journo Paul Farrell on digital safety in newsrooms. It’s aimed at journos, but this advice is useful for anyone. Even executives.

The USA might try to pass a Defense Spending Act that bans the Department of Defense from buying software that contains known vulnerabilities. The Register has a good summary of the pros and cons. If history is any guide, this will end up making things worse but in the most hilarious way possible. Hail Eris!

Want to see what Javascript commands are getting injected by in-app browsers on your smartphone? Now you can! There’s a lot of focus on TikTok, because racism, but lots of in-app browsers do similar shady crap like this. It’s almost like the surveillance model of advertising is a huge security risk.

Some nice principles for good design from design guru Dieter Rams. Give this to your product managers to stop them doing stuff that makes people’s lives worse. Winamp really understood principle 5.

Need bootable USBs for more than one operating system? You don’t have to have a draw full of them any more. You can put them all on one big stick with Ventoy. Now I can more easily lose all of them instead of just the one I need.

Fun tech history lesson for the week: A Janet Jackson song can crash old laptops.

Longer reads

A book I have found useful is The Secrets of Consulting: A Guide to Giving and Getting Advice Successfully by Gerald M. Weinberg. It’s available for free at archive.org.

Some of it is overly glib, but it’s full of little gems based on how humans actually behave rather than as we might prefer them to behave. It’s also quite amenable to dipping in and out of, so the 1 hour loan to read online from archive.org is perfect for that.

My favourite saying from the book is Prescott’s Pickle Principle: Cucumbers get pickled more than brine gets cucumbered. A small system that tries to change a big system through long and continued contact is more likely to be changed itself.

Are you the cucumber, or the brine?

Weekly tip: The sales tube

Hidden inside the sales funnel is the sales tube, a core group of customers that will love you but don’t yet know you exist.

The Sales Tube
The Sales Tube. [Source: PivotNine]

Outside of the tube are all the customers that either aren’t ready for you yet, or don’t really care that much about your offer, or otherwise won’t make it all the way through your sales funnel to become customers anytime soon. Spending a lot of your limited time on these customers isn’t going to get you sales as quickly as spending your time finding the easy sales.

For early-stage companies, there is no funnel. There is only tube. Small companies simply don’t have the resources to properly maintain a full sales funnel. I mean, look at it. It’s much bigger than the tube.

When you have a tube, you need to focus on two things: aiming the tube, and fixing holes in the tube.

Aiming the tube means finding customers that are a great fit for what you offer them. If your product is well designed, when you find your people (or they find you) moving them through the tube should be pretty easy. You just need to watch out for holes in the tube that prospective customers fall through.

If you plug the holes, converting prospects into customers should be easy. If it isn’t, you have one of two problems: locating customers, or product design.

Once you’ve got the sales tube finely honed—well aimed, and low friction—then you can start worrying about a more complex sales funnel.

Until then, grab your tube, aim it at customers, and suck as hard as you can.