Feeds:
Posts
Comments

Archive for December, 2017

Yes, Samsung sent out another software update for the Galaxy S7 here in Belgium.

But the essential part of the “update” is limited to the Android Security patch level, now at “December 1st, 2017“. That’s just barely good, Samsung. Where are the versions of Android 7.1, Android 8 or Android 8.1 for this device? Is the S7 already destined to be abandoned when it comes to serious software updates?

Read Full Post »

I have known for a long time that there is no such thing as ‘perfect online security’. But I do try to apply at least some of the guidance taught by experts. Not just on my computers, but also (and foremost!) on mobile devices – even your phone texts (SMS traffic here in Europe) give away a lot of information to anyone who cares to intercept it. But it’s hard to know what to do exactly, and for a long time advice was scattered all over the internet, in blog posts, articles, etc., each mostly about a single subject.

The last few months, the situation has improved considerably, thanks to the efforts by a number of essential players in the field. I’ll enumerate the most prominent of sources here.

The Electronic Frontier Foundation created the Surveillance Self-Defence website. This site contains a whole series of articles ranging from explanations on how parts of the web work to tutorials on how to manage passwords or using PGP for your email. You’ll need a lot of time to read and digest all the information on this site, but the level of detail provided is certainly worth the effort. In their own words:

SSD includes step-by-step tutorials for installing and using a variety of privacy and security tools, but also aims to teach people how to think about online privacy and security in a sophisticated way that empowers them to choose appropriate tools and practices even as the tools and adversaries change around them.

I hope I don’t have to tell you that the EFF is an essential resource to keep up to date with subjects like digital privacy, free speech, and innovation?

The Security Planner project is an initiative of the Citizen Lab, an interdisciplinary group based at the Munk School of Global Affairs at the University of Toronto. The project has a strong academic approach, including peer review of all its publications, and its advisors include Bruce Schneier (whom I have quoted already several times on this blog!).

The principal motivation for Security Planner was our shared experiences (and frustrations) when we are regularly asked the question: “what could average people do to protect themselves online”? Although there are some good guides out there, there is also a lot of conflicting advice.

The advice on Security Planner is organised around themes like ‘Computer’, ‘Online Accounts’ and ‘Phone’, and they clearly indicate what you can gain w<hen you implement their advice. Currently available in English, they are promising versions in Spanish and French soon.

On the WIRED website, you’ll find their ‘Guide to Digital Security’. Just ignore the garish design of the home page, the articles are worthwhile reading.

In this guide, we’ve included a few ways to improve your online security posture based on those different levels of risk. These won’t prevent the next megabreach or banish ransomware from the earth. They’re not all-encompassing. But they’ll help get you in the mindset of the types of steps you should be taking based on your particular situation.

Wired includes a discussion of Google’s Advanced Protection, and talks about the use of Faraday cages and blankets (yes, blankets!) as part of a sophisticated security approach. Specialised stuff, indeed, and overkill for most of us – but it may help you be aware of all the threats that exist in the real world.

You may also have a look at the (long) article titled ‘The Motherboard Guide to Not Getting Hacked’ over at the website of Motherboard (part of Vice). It’s not as comprehensive as the previous sources mentioned here, but it contains a lot of links that may be of use to you. And for my part you can quote them when talking to your employer:

And if your employer asks you to change passwords periodically in the name of security, please tell them that’s a terrible idea. If you use a password manager, two-factor authentication (see below), and have unique strong passwords for every account there’s no need to change them all the time—unless there’s a breach on the backend or your password is stolen somehow.

The above sources are mainly directed towards individuals. If you want some pointers about how to deal with privacy and security for groups, have a look at the ‘Cybersecurity Campaign Playbook’, published by the Belfer Center for Science and International Affairs (Harvard Kennedy School) in November 2017. The approach here not only includes subjects talked about in the previous sources I mentioned, but includes the ‘human factor’. In their words, when talking about a campaign to get elected for public office:

In today’s campaigns, cybersecurity is everyone’s responsibility. Human error has consistently been the root cause of publicized cyber attacks, and it’s up to the candidate and campaign leaders to weave security awareness into the culture of the organization.

That brings us back to the main point in all these publications: if you’re using computers, tablets, smartphones and other devices, be aware of the risks – and act accordingly!

Read Full Post »

On December 23, 1999, I wrote the first post on this blog. Remember Userland’s Manila? That was my tool of choice then, because it was available online, without installation, and free to try. In those days, I wasn’t ready to produce HTML by hand, and I still don’t want to do that. Picking a blog tool was the start of my study of content management solutions. Remarkably, the Manila website is still up and running, inviting you to start a trial site – I’m not certain where that will lead you, though.

When Userland seemed unable to continue to offer a good service, I started building a copy of my blog on WordPress. I did exactly what I tell everyone to avoid: I migrated each and every post from Manila to WordPress by hand. You see, Manila had this one feature that I also needed in whatever tool able to replace it: a complete, yet simple backup mechanism. The HTML from the Manila backup could be pasted into the WordPress editor without much intervention. That’s how this site remains what it became over the course of the years: a not so virtual memory for travels on the Web – and in real life as well, of course.

Happy holidays!

 

Read Full Post »

If you read this blog more or less regularly, then I assume that you have at least a bit of nerdiness in you.

So if you need a Christmas stocking filler for yourself or, say, a web developer, you might want to look into Tim O’Reilly’s “WTF?: What’s the Future and Why It’s Up to Us” (here’s a link to the hardcover version on Amazon, but I’m sure you can find your own supplier ). If you don’t believe me, just read what Cory Doctorow has to say on the subject:

Tim O’Reilly’s history with computers and the internet pre-dates the rise of these grotesqueries, the financialization of the tech sector. He writes beautifully about the passion, the excitement, and the tremendous progress that technologists (from every walk of life) have brought to the tech sector, and cleanly cleaves the technology from its economic and political context. He dares to assert that we can love the sin and hate the sinner. That the reason tech went toxic was because unethical people made unethical choices, but those choices weren’t inevitable or irreversible.

Read Full Post »

At work I’m busy moving all the ColdFusion applications from Windows 2003 servers with CF8 to new virtualised servers with Windows 2012 running CF11. Configuring Windows and IIS are also much more complicated than ten or more years ago, but we have that under control now. Most of the ColdFusion (and Java) code transfers without a problem, and I spend more of my time deleting scripts and components that are no longer used than modifying code.

Until this week, when I stumbled over a script that shows an inventory of the active Scheduled Tasks on the server, together with the link to their respective output (which we write to a network drive)… To do that, the code gets the data from the file, and then we put all the data in a handcrafted Query object. The names of the tasks and the links displayed fine, but there was something wrong with the start and end times: “1899-12-30” is not a time!

It took me hours to figure out what was wrong, because I was focusing on the date and time formatting functions used to format the data before adding them the query. Why the formatting, you ask? Well, we wanted to sort the data on columns containing start and end times, and in previous versions of CF our solution was to prepare the strings before adding them to the Query – seemed like a good way to make sure that ‘11:00:00 AM‘ and ‘11:00:00 PM‘ turned up in the right place of a sorted column.

So what was wrong with our code? Let me quote the “Query of Queries user guide”:

If you create a query object with the QueryNew function and populate a column with date constants, ColdFusion stores the dates as a string inside the query object until a Query of Queries is applied to the query object. When ColdFusion applies a Query of Queries to the query object, it converts the string representations into date objects.

Our code added strings formatted as “hh:mm” to the Query object, but once we filtered or sorted that Query using QoQ those columns were transformed into datetime objects. ColdFusion 11 then adds that time to the default date used, i.e. “1899-12-30“.

Clearly, that was not the case in earlier versions of ColdFusion – at least not in CF8. There are multiple solutions to solve this problem, once you know what’s going on – so now our overview displays everything as intended.

Read Full Post »

What can I say? From “Wait for it: Popular app takes three days to ‘develop’ pics“:

The 99-cent iOS app, which came out in July, approximates the look and experience of a Kodak disposable camera. Users can only snap 24 shots in a row. Once they’ve finished a roll of 24 exposures, they have to wait an interminable hour to reload the “film.” Rolls take three days to “develop.”

What’s next: email message that require postage stamps? A self-driving car that you have to push by hand?

Read Full Post »

I like my privacy a lot, and anyone checking out my blog or the apps on my computers great and small will see proof of that. That also explains why I have a ProtonMail account, although I must admit that I don’t use it very often – to make full use of it, you need correspondents that use the same tool.

To make the use of the ProtonMail service easier, the company makes a new tool available:

The ProtonMail Bridge is an application for paid users that runs on your computer in the background and seamlessly encrypts and decrypts your mail as it enters and leaves your computer. It allows for full integration of your ProtonMail account with any program that supports IMAP and SMTP such as Microsoft Outlook, Mozilla Thunderbird and Apple Mail.

(Click the image to read ProtonMail’s blog post on the subject)

Compared to the hoops you had to jump through in the past if you wanted to encrypt your email with PGP, this looks like a dream!

Read Full Post »

Older Posts »