The Millions Silicon Valley Spends on Security for Execs

There’s plenty of talk about security when it comes to giant technical companies, like Google, Facebook, Amazon, and Apple. But that’s all usually from the perspective of the software security and end-user privacy. Here’s a different perspective on the subject – “The Millions Silicon Valley Spends on Security for Execs“.

Apple’s most recent proxy statement, filed earlier this month, shows the company spent $310,000 on personal security for CEO Tim Cook. But that’s a fraction of other tech giants’ expenditures.
Amazon and Oracle spent about $1.6 million each in their most recent fiscal years to protect Jeff Bezos and Larry Ellison, respectively, according to documents filed with the US Securities and Exchange Commission. And Google’s parent company, Alphabet, laid out more than $600,000 protecting CEO Sundar Pichai and almost $300,000 on security for former executive chair Eric Schmidt. In 2017, Intel spent $1.2 million to protect former CEO Brian Krzanich. Apple, Google, Intel, and Oracle declined to comment; Amazon did not respond to a request for comment.
Facebook CEO Mark Zuckerberg was the costliest executive to protect; Facebook spent $7.3 million on his security in 2017, and last summer the company told investors that it anticipated spending $10 million annually.

Well, that’s pretty impressive in terms of money! But do they need it really? They do, at least, to some degree:

While Silicon Valley firms haven’t disclosed many threats to the safety of their executives or offices, they have good reason to take precautions. In December, Facebook evacuated its headquarters after the company received a bomb threat. Last year an unhappy YouTube user entered the company’s San Bruno, California, headquarters and shot three employees before killing herself. And in 1992 the president of Adobe, Charles Geschke, was kidnapped at gunpoint and rescued by the FBI.

Do you still dream of being an executive in a large company?

ULID – Universally Unique Lexicographically Sortable Identifier

If you thought that UUID was the end of universally unique identifiers, think again. Here’s the ULID spec, with the following improvements:

  • 128-bit compatibility with UUID
  • 1.21e+24 unique ULIDs per millisecond
  • Lexicographically sortable!
  • Canonically encoded as a 26 character string, as opposed to the 36 character UUID
  • Uses Crockford’s base32 for better efficiency and readability (5 bits per character)
  • Case insensitive
  • No special characters (URL safe)
  • Monotonic sort order (correctly detects and handles the same millisecond)

Here’s how it looks:

ulid() // 01ARZ3NDEKTSV4RRFFQ69G5FAV

And there’s a wide selection of libraries implementing ULID for all major programming languages.

SSH Examples, Tips & Tunnels

SSH Examples, Tips & Tunnels” is a nice collection of tips and examples for Secure Shell (ssh) users. It covers a variety of scenarios from simple remote connections, to file copying, to tunnels and jump hosts.

The Book of Secret Knowledge

The Book of Secret Knowledge” is a collection of awesome lists, manuals, blogs, hacks, one-liners, cli/web tools and more.  It is intended for everyone and anyone – especially for System and Network Administrators, DevOps, Pentesters or Security Researchers.

While you are at it, also have a look at:

Well-Known URIs

Back when Let’s Encrypt started giving out free SSL certificates, one bit that visible all over the web was the “well-known” directory.  I never thought much about it – it’s just a name after all.

Turns out, there is actually an RFC 5785 that defines a standard for the well-known uniform resource identifiers (URIs).  And that’s a lot more generic than just the bit that Let’s Encrypt needs.

Accidentally stumbled upon this while reading “A Well-Known URL for Changing Passwords” draft.