Cyberweapons, Lux Capital, and Public

In which I talk about large magnitude, low probability events

Hey everyone,
Greetings from Washington, D.C.!

It’s been a heads-down kind of week for me and the cold weather in the city means there is not much to do outside anyways. While inside, I’ve been listening to this playlist over the weekend and watched Ghost Dog for the first time last night. My focus over the next few months is on collaborations, leveling-up this newsletter, and other writing as much as I can before the post-vaccine festivities take over my schedule. Hopefully, I’ll be able to announce some of what I’ve been working on next week. As always, I’m grateful for all of your attention.

In this issue of Snapshots, I want to talk about:

  • This Is How They Tell Me the World Ends by Nicole Perlroth

  • Lux Capital’s Quarterly Letter, Q4 2020 by Josh Wolfe & team

  • A re-post of How Public can win and why it is relevant again

  • Thinking about calendars, animations, and Stanley Tucci’s new show

Book of the week

While reading this week’s book, This Is How They Tell Me the World Ends by Nicole Perlroth, I felt that someone with a better understanding of disruption theory would be able to write a Clay Christensen-inspired analysis of how the United States’ focus on its core capabilities—offensive cyber weapons—has left its systems vulnerable to attack. In other words, its defensive capabilities is outstripped by the sophistication of the today’s cyber attackers.

And the result has not been a loss in market cap or ousted CEOs as it would for a large incumbent getting disrupted, but more worse—a humming suspense among experts about impending attacks:

We went from occasional wake-up calls to one continuous, blaring alarm — and got better and better at ignoring it all.

The reason behind this glaring lack in defense? A hack:

Starting in 2016, the U.S. National Security Agency’s own cyber arsenal—the sole reason the United States maintained its offensive advantage in cyberspace—was dribbled out online by a mysterious group whose identity remains unknown to this day. Over a period of nine months a cryptic hacker—or hackers; we still don’t know who the NSA’s torturers are—calling itself the Shadow Brokers started trickling out NSA hacking tools and code for any nation-state, cybercriminal, or terrorist to pick up and use in their own cyber crusades.

I’m no expert, but the people supposed to protecting you against getting hacked getting hacked themselves at the largest scale position is a not a recipe for inspiring confidence.

The result of this hack? Perhaps the most devastating cyberattack ever, NotPetya:

On June 27, 2017, Russia fired the NSA’s cyberweapons into Ukraine in what became the most destructive and costly cyberattack in world history. That afternoon Ukrainians woke up to black screens everywhere. They could not take money from ATMs, pay for gas at stations, send or receive mail, pay for a train ticket, buy groceries, get paid, or—perhaps most terrifying of all—monitor radiation levels at Chernobyl. And that was just in Ukraine. The attack hit any company that did any business in Ukraine. All it took was a single Ukrainian employee working remotely for the attack to shut down entire networks. Computers at Pfizer and Merck, the pharmaceutical companies; at Maersk, the shipping conglomerate; at FedEx, and at a Cadbury chocolate factory in Tasmania were all hijacked. The attack even boomeranged back on Russia, destroying data at Rosneft, Russia’s state-owned oil giant, and Evraz, the steelmaker owned by two Russian oligarchs. The Russians had used the NSA’s stolen code as a rocket to propel its malware around the globe. The hack that circled the world would cost Merck and FedEx, alone, $1 billion. By the time I visited Kyiv in 2019, the tally of damages from that single Russian attack exceeded $10 billion, and estimates were still climbing. Shipping and railway systems had still not regained full capacity. All over Ukraine, people were still trying to find packages that had been lost when the shipment tracking systems went down. They were still owed pension checks that had been held up in the attack. The records of who was owed what had been obliterated.

There is no reason to believe that the same cannot happen here or anywhere else. With more time and preparation afforded by a nation deeply divided, it will almost certainly happen.

If you ask national security experts, they will tell you that any future failure at the scale of NotPetya will not be a failure of imagination—they know it’s coming. But it will be a failure of the collective prioritization of the populace which trickles down to political priorities in the absence of rare discontinuities like Robert Moses. Humans are not very good at thinking about high magnitude, low-probability events.1 And it is tough for people to think about abstract issues like cyber weapons. And examples like NotPetya frankly don’t do much to help:

For most Americans, Ukraine still felt a world way. We caught passing glimpses of Ukrainians protesting in Independence Square, and later celebrating as a new pro-Western leadership replaced Putin’s puppet. Some kept an eye on the battles in eastern Ukraine. Most can recall the Malaysian airplane—filled with Dutch passengers—that Russian separatists shot out of the sky.

Think otherwise? Look at what happened with COVID-19. It was very clear that a dangerous virus was in China, yet we continued about our daily lives. Wuhan still felt a world way. There are things in this world that are localized and things are not. Viruses are not. Neither is code.

I’m not quite sure what to take from this book other that the fact that maybe there are some books I should not read. The failures happening at institutional and there are not even feel-good solutions like “turn off your lights when you’re not using them.” The last few months have been full of these kind of books for me—The Secret Live of Groceries by Benjamin Lorr, Subprime Attention Crisis by Tim Hwang, and now this. As I start my transformation from normal person to doomsday prepper, I take some—maybe a bit twisted—solace in the fact that we will can now be paranoid together.2

Long read of the week

Lux Capital’s Quarterly Letter, Q4 2020 by Josh Wolfe & team (annotated, original)

Most annual/quarterly letters are not that great. Even reliable performers like Jeff Bezos can occasionally disappoint—his 2019 letter published in March 2020 had strong “hey please don’t trust bust my company look at all these things we’re doing during COVID” vibe. But Josh Wolfe’s latest letter to the LPs of Lux Capital is a great zoomed out view of where things are and where they are going.

Here were some of my highlights:

  1. “How soon we take for granted the crazy complexity of technologies to work and serve our expectant impatience”

    I mean, I’ve done this on this newsletter! I’ve complained about the Kindle as if the miracle of holding all the books in the world in a sleek slab of metal that I can hold in my hands is not good enough. I’ve complained elsewhere about the sub-optimal outcome of Apple owning the default messaging application on iOS. As if being able to send text, links, photos, or videos (all three I use to send memes) to anyone around the world isn’t amazing.

    And I don’t think that means that we never criticize these products. The “divinely discontent” customer might actually be the only force that pushes these larger-than-nation-states-GDP countries to innovate. But it does mean that every now and then, we pause and think about the simple things that technology enables us to do and which we now take for granted—connect with parents an ocean away, watch movies from a Japanese director who died the year I was born, and yes, write to thousands of you on a winter weekend evening.

  2. “There were Pokemon Go throngs descending on public parks.”

    I have a couple of divergent thoughts here:

    • The first is that online life increasingly feels like a video game. Or at least that it isn’t real life. I feel a nagging discontinuity whenever I meet someone in-person who I have only met online. I suspect a lot of people who have changed jobs after the pandemic and have been remote-only will feel the same. More fidelity on text-based platforms like Twitter through audio (think Spaces) or video will help but the feeling will likely persist. Entirely new platforms will allow more fidelity—VR seems like the most well-positioned to do this in the next 10 years. Then, we can truly live in video games…

    • Pokemon Go was one of the first innocuous experiences that people had with the online world taking over the offline one. It felt a bit weird and very natural at the same time. Means are often agnostic of the ends—who’s to say that one cannot draw a line from the Pokemon Go mania to more recent events of the more dangerous, democracy-threatening variety. The pollyanish assumption is dangerous when applied to systems that impact billions of people. We need to be more clear-eyed in our interpretation of how the world is and not be seduced by how we want it to be.

  3. “The desire for tribal linkage does not necessarily mean a desire for truth”

    The idea of “echo chambers” is such a cliché that I don’t even want to bring it up here. But it made me think of my own consumption patterns and how hard it is to break own of them. What I found most concerning is that most of consumption is personality-driven.3 This obviously leads to pattern-matching and group think. To counteract this, I’ve been trying to read newsletters that are more like public journals to move away from—or at least complement—the deluge of tech-focused newsletters out there. But even those perspectives are written by people who have very similar backgrounds as me. Attempts like mine to engineer serendipity often only lead to reinforced thought patterns as the cognitive load to add truly distinct perspectives is extremely high. A litmus test for how you are doing on this ambiguous notion of diversity: when was the last time you changed your mind about something? To be honest, I’m not doing very well. I’m learning a lot certainly, but to what extent is that being just added to my existing branches of understanding as opposed to giving birth to new offshoots of thoughts is debatable.

  4. Surprise ≄ Suspence

    Probably my favorite part of the letter was this anecdote:

    There is a brilliant distinction Alfred Hitchcock made in describing the difference between suspense and surprise.Surprise is when two people are in a coffee shop and unexpectedly a bomb goes off under their table. Suspense is when we see someone place the bomb under the table and watch expectantly as the pair is ignorant to what we know. The key is the asymmetry of the information. With surprise, we don’t even know. With suspense we know, just not the duration or the verdict. Hitchcock noted that with surprise you can only give viewers 15 seconds of emotion, but with suspense, you can give them 15 minutes. His conclusion was that whenever possible, the public must be informed.

    A good storytelling reminder and a wonderful take based on observation, not analysis—something I’ve been trying to do more of in my own writing.

  5. “An abundance of creation now, portends much destruction later.”

    Extremely well-put about all time high valuations of what seems like everything. The music will stop, and those who haven’t left the dance floor will be dragged out by the bouncers of bankruptcy.

The whole letter is a great read and I hope my highlights gave you a taste of the good stuff. If you’re interested, check out my annotated version of the letter or find it in all its unmarked glory here.

Business move of the week

(Re-post) How Public can win

A few months ago, I wrote about a “friendly, wavy blue dot” which was popping with alarming frequency on Twitter. This company was Public, an investing app. This week, they passed 1M users.

The Snapshots audience has grown quite a bit since then, so I thought it would be useful to share that essay. The essay stands up reasonably well considering the volatile conditions of creation and destruction that today’s markets face.

Read my blog post on Public

The company is also very much a part of the zeitgeist—they’ve had a recent jump in users courtesy of users fleeing from Robinhood. They also announced that they will stop taking money from hedge funds and other institutional investors through Payment For Order Flow to align themselves closer to their customer’s interests.

I hope reading the piece gives you some insight into what could be one of the largest forces in retail investing over the next few years.

Odds and ends of the week

Another article-video-article sandwich this week:

📅 Contemplating Calendars by Devon Zuegel: Looking for some productivity inspiration? See no further than how Devon uses her Calendar. I’m curious to see which tools will enable the next level of interaction with calendars. If nothing else, there is so much opportunity with creating logs—activity, meal times, music you’ve been listening to, etc.—that should be a string of APIs input centralized in the calendar app. That would be the first step in getting us to our own Jarvis’.

If you’re working on something like this, let me know—I’d be happy to offer feedback, make any intros I can, etc.

🎥 The Animation That Changed Cinema: Many readers wrote back last week saying that they loved the Making of a Cello video. Well, there is more where that came from! This week, check out this hypnotic video about the most impactful animations in cinema.

🇮🇹 Stanley Tucci’s charm: You all saw that Negroni video from Stanley Tucci that broke the Internet last year. This article expands on that and speaks to a culture of personality-driven—actually I don’t even know I’m writing this, I know everyone clicked that Negroni video and is no longer reading…


I actually have a side pet theory that imagery and other sensory inputs can cut through this cognitive bias. Think how photos of nuclear power plants during meltdown—a pretty low probability event—has led to countries significantly curbing a carbon emission-free energy source.


I’m like 50% joking.


The irony that the reading of this investment letter was personality-driven is not lost on me.

That wraps up this week’s newsletter. You can check out the previous issues here.

If you want to discuss any of the ideas mentioned above or have any books/papers/links you think would be interesting to share on a future edition of Sunday Snapshots, please reach out to me by replying to this email or sending me a direct message on Twitter at @sidharthajha.

Until next Sunday,