Showing all posts tagged #security:

Food for Thought: 2017-05-29

Posted on May 23rd, 2017

Here are some of the reads & comics I’ve found thought-provoking over the last week. Ranked in priority-reading order:One step closer to duress modes for software: 1Password introduces travel mode: J. Fowler takes on workplace discrimination in tech companies from an unusual-but-critically-important angle:

Top Links for 2017-05-22

Posted on May 16th, 2017

Here are some of the reads & comics I’ve found thought-provoking over the last week. Ranked in priority-reading order:The Restorative Justice movement is key (see my recommendation of Changing Lenses) to a more just society. This detailed essay gets into some of the political considerations and implications: Slate Star Codex talks about the tactic of focusing on Bail Reform:

Top Links for 2017-05-15

Posted on May 9th, 2017

Waging Nonviolence discusses the tactics and principles of nonviolence: online companies are engaging in Internet colonialism: Drawn Lines reminds us of one of the troubles of immortality: task-switching and interruptions are very expensive:

Duress Modes

Posted on March 3rd, 2017

I have written about “Duress Modes" before (here and elsewhere). They are an important safety protection that I believe system and software developers need to be building into their products. When a user is being coerced, a Duress Mode gives them an option to comply, while limiting their risk. Maciej Ceglowski has brought up a specific version of this with his recent post entitled “Social Media needs a Travel Mode." Take a read!

On Blocking

Posted on June 7th, 2016

I was recently told in a Facebook group that I'm not "allowed" to block someone. I have the right to block someone. You have the right to block someone. Facebook (and other providers) have often give us that ability, and it is good that they do. One can block someone for many different reasons. A block can be for very serious reasons such as limiting harassment or protecting one's mental health. One can block to avoid people who troll, derail conversations, avoid the topic, bother other us...

"cannot provide information we do not have"

Posted on May 14th, 2016

The Intercept recently covered how a judge was punishing a secure-communications application. The title of this post comes is a quote from representatives of the application in question. I continue to press the idea that our systems designs need to architected to be resistant to “rubber hose cryptography". In other words, they need to be resistant to coercive pressures targeting users of our software (regardless of whether those pressures are criminal, political, or (frequently) both). When...

DRM-Free: Not Just About Piracy

Posted on May 14th, 2016

DRM (Digital Rights Management) is supposedly a tool for protecting intellectual property in digital media, but the usage of it has introduced numerous other challenges. These side-effects (or in some cases, arguably intentional effects) cause other problems for the proliferation and use of beneficial technology. These challenges can include: Speed, resource, and energy overhead Losing media you already “own" if the provider decides to discontinue it or goes out of business Inability to con...

Food for Thought: 2016-04-18

Posted on April 18th, 2016

The New Inquiry ponders the “viral virus" and whether society benefits "from a world in which everyone is anxious about having anxiety". Your first SMBC of this post: In TV and movies, it is a common trope to track someone to an exact location using only their IP address, often even to a specific spot in a specific room! Naturally, you are skeptical of that, as you should be. This excellent story shows some of the really interesting things that happen with IP-to-physical-address mapping at...

Food for Thought: 2016-04-01

Posted on April 1st, 2016

No Funnies Edition Another winner from The Baffler. It hits so many sweet spots for me, such as quoting Jacques Ellul and criticizing advertising, propaganda, and this terrible upcoming US presidential election. The ethical thing to do when you have a security vulnerability is to help the people responsible for the vulnerability to fix it. Often, it is instead hidden and weaponized, commoditized, and used against specific targets. However, during that period, non-targets with the same softwa...

Two-Factor Authentication in the News

Posted on March 31st, 2016

The IBJ has another article that discusses the Anthem breach. Like many articles from many sources before, it does a poor job of being clear about the uses and types of two-factor authentication. If you are not aware, two-factor authentication requires that you use two ways to prove who you are. This is often implemented by using something you know (account name and password) and something you have (a special token or certificate). It is becoming common to use two-factor authentication for ...

Todd Grotenhuis

Professionally an Information Security Specialist, Politically an Abolitionist, Theologically an Anabaptist