Details on a New PGP Vulnerability | Schneier on Security

You might have seem some of the hullabaloo around the web about the discovery of a security flaw in PGP or S/MIME. From Bruce Schneier, the vulnerability is not in the encryption itself, rather the exploit is carried out in transit.

The vulnerability isn't with PGP or S/MIME itself, but in the way they interact with modern e-mail programs. You can see this in the two suggested short-term mitigations: “No decryption in the e-mail client,” and “disable HTML rendering.”

The suggested workaround is solid advice. Email has never been a sensible means for secure communication.

Why is anyone using encrypted e-mail anymore, anyway? Reliably and easily encrypting e-mail is an insurmountably hard problem for reasons having nothing to do with today's announcement. If you need to communicate securely, use Signal. If having Signal on your phone will arouse suspicion, use WhatsApp.

Thank you for making 10 years of GitHub possible | Github

Github has put together a nice timeline of achievements to celebrate their first decade in existence.

For 10 years, you’ve shared, tinkered, and built on GitHub from all around the world. Before we head into the next decade, we’ve collected some of our favorite moments and milestones—just a few of the ways you’ve pushed software forward.

I have written about the usefulness of GitHub for academic users in the past. The platform’s commitment to education is not only admirable, but I suspect a part of their success in general. If you’re a student, and you’re looking for a way to get into coding in any capacity — even if it is only a passing interest — the Github student package is more than worth claiming.

Making Slides | kieranhealy.org

This is timely from Kieran Healy . I’m just now working on a review of the wonderful Markdown slide deck app Deckset.  This is as good a primer on presentation technique as I have come across.

It doesn’t cover the tools. That makes sense, the tools shouldn’t matter — if they can get out of your way that is. I would argue, to put this advice into practice means allocating your focus away from the kerning of application settings and onto ideas. The right tool can give you the means to do that. It is worth thinking about, if you're going to head advice such as this;

The actual slides are the most immediately visible but also the least substantively important part of your material. While I’m going to highlight a few rules and techniques about making decent slides, do not lose sight of the fact that if your paper is bad, your talk is going to be bad too.

The paper is not the talk. The paper is what the talk is about. In some fields, the talk can be very closely related to the paper, and there are still people trained to “read the paper” in the old-fashioned sense. But this is increasingly rare. In most fields, especially when presenting the results of a data analysis, the presenter must condense, summarize, and highlight the important parts of their own work. The paper is the most important thing; the talk is about the paper; and you use your slides to help you give a better talk.

The Case Against Retweets | The Atlantic

The Atlantic For all those people abandoning Twitter, I am preparing to share some thoughts on micro.blog. In the meantime, here is a modest proposal for those of you holding on to the bow.

Somewhere along the line, the whole system started to go haywire. Twitter began to feel frenetic, unhinged, and—all too often—angry. Some people quit. Others, like Schulz, cut way back. I felt the same urge, but I wanted to do something less extreme, something that would allow me to keep the baby, even as I drained the bathwater. So I began to take note each time I experienced a little hit of outrage or condescension or envy during a Twitter session. What I found was that nearly every time I felt one of these negative emotions, it was triggered by a retweet.

Permalink

The Laptop Locator You Probably Didn’t Know About Could Save You | Backblaze

The Laptop Locator You Probably Didn't Know About Could Save You – Something I haven’t spent enough time on here is the other kind of security, backups. If you’ve never needed anything from a backup you might not fully grok their value, let alone the peace of mind. It only takes one failure. Given the realtime backup capabilities of Backblaze, anything else is a bonus. But as far as bonus features go, you would be hard pressed to find a better one than the Backblaze Locate my Computer feature. This post from their blog highlights a few of the success stories. Where Find my Mac failed, Backblaze was still able to help. 1

While we kept hearing praise and thanks from our customers who were able to recover their data and find their computers, a little while passed before we would hear a story that was as incredible as the ones above. In July of 2016, we received an email from Una who told us one of the most amazing stories of perseverance that we’d ever heard. With the help of Backblaze and a sympathetic constable in Australia, Una tracked her stolen computer’s journey across 6 countries. She got her computer back and we wrote up the whole story: How Una Found Her Stolen Laptop.

Backblaze offers a 15-day free trial, then unlimited backup storage for US$5 per month.

  1. The location map is also encrypted with your private key, so there are no privacy issues either.

Show and Tell – Tuesday, 06 Mar 2018

Luke Chesser 50 Unsplash.jpg

At some point I’ll make up a regular schedule for theses links, drop the Monty Python titles, and make something of this. We’re not there yet. Enjoy.

The Odd Job

The LinkedIn Garbage Fire That Funded Podcasting | Macdrifter  I might have momentarily flirted with linked in, if I did I was most likely high at the time. This link, however, is more for the sentiment about podcasting ad reads. Again, I’m on the same page

Ad-Blockers: The Good, the Bad, the Ethics | the Mac Security Blog  By now, it should be clear where I stand on this. I’m also I scratching around trying to work out how to make this site work, so I have more insight into how tricky this is than I ever did before. And yet, I still think most advertising companies are run by assholes who have no qualms using malware to get their jobs done.

It's a tough call; you want your favorite websites to survive, yet they hit you with an advertising sledgehammer. As someone who earns a living from writing content for publications, it hurts me to use an ad blocker, but it's necessary. What really irks me is that websites I subscribe to — newspapers and magazines — often still show me ads. When websites decide to tone down the ads, I'll whitelist them; but, they should be rewarding me for paying for their content.

Jack and the Mean Talk | Pixel Envy Pixel envy is one of the more thoughtful patches of the tech world. This is some commentary on a Twitter Thread, the

point of which is distilled in the premise that banning Nazis from Twitter shouldn’t be difficult,

I think that a better start would be to ban Nazis. I mean that literally. Flag any account where its name, handle, location, bio, or recent tweets contain allusions to Hitler normally used by white supremacist groups: “1488”, “HH”, “14 words”, and other hate symbols in context. That gives human operators the ability to sift through heaps of these accounts and ban the ones that are clearly and obviously Nazis, of which there are frighteningly many. This isn’t a perfect solution; it’s barely scratching the surface. But it would be a material change in how Twitter operates and a clear line as to what they do not tolerate. “No Nazis” should not be a controversial point of view.

What Else Float’s on Water?

The Feds Can Now (Probably) Unlock Every iPhone Model in Existence | Pixel Envy You can be certain there isn’t a fix for this exploit yet, Apple tends to broadcast the good stuff.

WatchKit Is a Sweet Solution That Will Only Ever Give Us Baby Apps  Marco Arment on why Watch apps suck.

Apple confirms it now uses Google Cloud for iCloud services | The Verge I have pointed out the folly of buying whole heartedly into Apples largely marketing based emphasis on privacy, but I was still surprised by this. If you are concerned about data security in the cloud, you have other options.

If It's Broke, Don't Fix It | Welcome to Macintosh – This was a wonderfully refreshing listen. So many of the ‘tech’ podcasts I have tried listening to are borderline infomercials for Apple. Or if not, their idea of being critical has nothing to do with the world at large, and everything to do with superficial details. The blind defence of Apple from some quarters can be mind blowing. Apple Fans in general could learn a lot from this, being able to confess your concerns about profound global issues, while confessing an uncritical history of fandom is exactly the kind of wake up that is needed for users to demand more of this mega-giant. Image is everything to them, so let them know you can see through it.

Three Apple Workers Hurt Walking Into Glass Walls in First Month at $5bn HQ | Technology | the Guardian Who could see this coming?

Anonymous Bitcoin Donor Rains $56 Million on Stunned Nonprofits – the Chronicle of Philanthropy In the last Show and Tell, I linked to some of the more unpleasant aspects of the crypto currency boom. Here’s something to restore your faith in others.

Photo by Luke Chesser on Unsplash

A Case Study in Phishing | MacSparky

A Case Study in Phishing | MacSparky — While this is a great example of how sophisticated phishing scams can look on the surface, just beneath the veneer are all the crude signs that scream scam. Perhaps the crudest is how greedy these scammers are, you might think they’d look up the subscription prices before trying to ape them.

The first tool you need in fighting Spam is common sense. YouTube Red does not cost $149.99/month, and a simple search will tell you that. If there is any question, also take a closer look at the details. The sender lists their name as “App Store” but disclosing the actual email address; it’s “noreply11@fillappealform.com”. Does that really sound like an address Apple would send you to confirm a subscription? Also, it lists “Payment Method” as “By Card”, not the usual xxxx-xxxx-1234 you usually see. It also creates this sense of urgency, explaining I'm on a free trial but I will be charged $150 in just two days if I don't act. While I can see how this email may fool some people, on the barest scrutiny, it starts looking shady.

Permalink

Show and Tell — Friday 23rd February, 2018

Showandtell 23 02 2018.jpg

Some of these links have collected a little dust over the past few weeks. Things have been quiet around here whole I dealt with the little matter of moving from one island to another. If you enjoy the quips, read on. If you only came for the potentially useful links, I’m sure you can find them. Enjoy.

How Not to be Seen

Salon to Ad Blockers: Can We Use Your Browser to Mine Cryptocurrency? | Ars Technica — Salon might think this is clever, but I doubt they think it’s honest. Nor do I think they care. What stands out to me, other than litany of other implications, is yet more massaging of meaning. Salon claims it will take advantage of ‘unused computing power’, then clocks the CPU to ridiculous levels. But the real kicker is clause of ‘one browser session’. People simply don’t close their browsers anymore, so this could go on for a lot longer than what unsuspecting users think it will. In short, not a fan.

Hey Alexa, Is It True a TV Advert Made Amazon Echo Order Cat Food? | Technology | the Guardian — If nothing else, this illustrates what should already be clear. These devices have one function, buy stuff.

Key iPhone Source Code Gets Posted Online in ‘Biggest Leak in History' – Motherboard — I was listening to a popular ‘tech’ podcast 1 a few days ago and heard another proclamation that Apple is more focused on security than anybody ever. Sure, all the evidence supports that. Oh wait, no it doesn’t.

Facial Recognition Software Is Coming to Industries Like Fast Food and Luxury Shopping. | Slate — Sadly, this is now inevitable. It’s still creepy, bordering on terrifying.

Objective-See | Mac Malware 2017 — If you’re still under the illusion there is no such thing on macOS

Chinese Police Are Using Facial Recognition Sunglasses to Track Citizens | the Verge — Say what you like, this is happening

Idle at Work

Numbers | Becky Hansmeyer – If you haven’t yet seen the app, check out Snapthread. This is an interesting insight into the difficulties facing independent developers. It is not unlike running an independent blog.

The Light Entertainment War

Can an App That Rewards You for Avoiding Facebook Help Beat Smartphone Addiction? | Technology | the Guardian  Or, just stay off Facebook

Facebook personal data use and privacy settings ruled illegal by German court | Technology | The Guardian

Heiko Duenkel, litigation policy officer at the VZBV, said: “Facebook hides default settings that are not privacy friendly in its privacy centre and does not provide sufficient information about it when users register. This does not meet the requirement for informed consent.”

The court also ruled eight clauses in Facebook’s terms of service to be invalid, including terms that allow Facebook to transmit data to the US and use personal data for commercial purposes. The company’s “authentic name” policy – a revision of a rule that once required users to use their “real names” on the site, but which now allows them to use any names they are widely known by – was also ruled unlawful.

Early Facebook and Google Employees Form Coalition to Fight What They Built | The New York Times  — Doing anything evenly vaguely related to tech can be disheartening at times. If you can see through all the bullshit, let alone have a desire to present a balance against some of the more disturbing trends, you might find some hope in this project.

The effect of technology, especially on younger minds, has become hotly debated in recent months. In January, two big Wall Street investors asked Apple to study the health effects of its products and to make it easier to limit children’s use of iPhones and iPads. Pediatric and mental health experts called on Facebook last week to abandon a messaging service the company had introduced for children as young as 6. Parenting groups have also sounded the alarm about YouTube Kids, a product aimed at children that sometimes features disturbing content.

The new group also plans to begin lobbying for laws to curtail the power of big tech companies. It will initially focus on two pieces of legislation: a bill being introduced by Senator Edward J. Markey, Democrat of Massachusetts, that would commission research on technology’s impact on children’s health, and a bill in California by State Senator Bob Hertzberg, a Democrat, which would prohibit the use of digital bots without identification.

The Idiot in Society

You Don't Understand Bitcoin, but You Understand Free Money  —  I’m not posting his for what it shares, but for the utterly moronic sentiment in its title. This so-called free money has an economic underpinning, whether people like this idiot want to believe it or not. We could go all the way back to the labour if you like, but let’s talk about energy consumption instead. Bitcoin alone is currently using more than 1m transatlantic flights worth of carbon per year. If we really want to make something of the revolutionary technology that makes bitcoin possible, we'll have to deal with all the snake oil salesmen, and sociopaths first.

Bitcoin’s energy sage is huge – we can't afford to ignore it | The Guardian — Thought I was making up that figure? If you know anything about economics, you know value has to come from somewhere. The next time you hear some idiot banging on about Bitcoin being decoupled from politics, remind them… actually, forget it, who knows what those people are high on.

Could be, Might be useful

Markdown Converter | OU Libraries Tools — A tool like this can help enable an iOS only workflow if you work with Markdown.

10 Hidden Tricks That'll Make Life With Your iPhone X so Much Easier | BGR — If you have one, this is actually useful.

Left by Rekka — If you’re looking for a simple, plain text writing app.

Setting Up GitHub Pages HTTPS Custom Domains Using CloudFront and Lamda@Edge — A while ago I posted a reminder of what education users can get through Github. If you’re already on that train, here is a tutorial for adding ssl to GitHub pages (check)

Tweak Spotify's Recommendation Tech to Create Custom Playlists | Engadget — Yet more fun with the Spotify API

And now, for Something Completely Different

Solo, a Star Wars Story | Kottke — I’m with Kottke, my ongoing love and obsession with Star Wars is embarrassing and irrational. I’m an outlier, in that I feel like the Last Jedi all but redeemed the crimes of Abrams. Not that I really cared in the end, when it comes to a galaxy far far away, I inevitably give in to childish joy. Whatever this ends up being, I intend to enjoy it

Gorgeous 50-Megapixel Panoramas Shot on an iPhone at 20,000 Feet — It’s these capabilities that trap us in the double bind. What you can do with an iPhone now is amazing, especially in photography. Consider these pictures were taken with a phone, and therefore camera, that is already 2 generations old.

Kids Use Data From Space to Make Cool Basslines With a Modular Synthesizer | Synthtopia — Ah space music.

  1. You know, an Apple Cast

Photo by Daniel Cheung on Unsplash

Do Not, I Repeat, Do Not Download Onavo, Facebook’s Vampiric VPN Service

Old news, yes I know. However if anything bears repeating, this is over qualified. If clarification is needed, the Onavo VPN does not enable any kind of new practice from Facebook. No, it simply makes it dramatically more efficient for Facebook to do what they always do, track everything. What’s particularly nauseating in this instance, is how they’re taking advantage of general misunderstanding around security and privacy. To my mind, this meets the modern definition of a lie. Onavo is spyware.

If you’re someone who can’t live without Facebook or simply can’t find the courage to delete it, the Onavo appears under the “Explore” list just above the “Settings” menu. I’d recommend you never click it. Facebook is already vacuuming up enough your data without you giving them permission to monitor every website you visit.