BuzzFeed
BuzzFeed
It just takes a few seconds to update your Venmo privacy settings.
security
GCS
GCS"Third party link-shortening tools can add unnecessary steps to your processes, create accessibility issues, threaten user privacy and undermine user trust – with no benefit to you as communicators."Yes! The risks of using 3rd party URL shorteners outweighs any perceived benefit.
Bloomberg
Bloomberg"The company paid the hefty ransom in untraceable cryptocurrency within hours after the attack, underscoring the immense pressure faced by the Georgia-based operator to get gasoline and jet fuel flowing again to major cities along the Eastern Seaboard, those people said. A third person familiar with the situation said U.S. government officials are aware that Colonial made the payment."Facepalm. This should really help stem the tide of infrastructure attacks. We get a gas panic and the criminals get #!?*coin. At least the perpetrators can't buy Teslas with it.
MSNBC News
MSNBC News"That Pence had a military aide and a briefcase was a surprise to many who aren’t familiar with the command and control of strategic nuclear forces. Suddenly the import of what happened acquired a new salience: Did Trump’s inaction place not only his vice president, but the security of the nuclear deterrent in jeopardy?"The more we learn the worse it gets.
The Mozilla Blog
The Mozilla Blog"Today, Firefox is enabling encrypted DNS over HTTPS by default in the US..."So strange to see a tech company put energy into consumer privacy but I’ll take it.
banking.senate.gov
"...there exists a sphere of life that should remain outside public scrutiny, in which we can be sure that our words, actions, thoughts and feelings are not being indelibly recorded. This includes not only intimate spaces like the home, but also the many semi-private places where people gather and engage with one another in the common activities of daily life—the workplace, church, club or union hall. As these interactions move online, our privacy in this deeper sense withers away."Maciej Cegłowski, owner and operator of old-school bookmarking service Pinboard (which I use to power posts like this) spoke to the Senate Banking Committee about online privacy. His thoughtful written statement is an excellent description of privacy in our current tech environment and has some ideas about how regulation could change things. I have no idea how this public statement came about, but I hope our leaders were listening. The gif here is by @thedansherman.
Twilio
These security and perfomance changes for websites are easy to add and include some new browser features I wasn't aware of before. I went with the recommendation here for a simple CSP header but it looks like you could really batten down the https hatches with that one if you read through the spec.
null program“This program opens a socket and pretends to be an SSH server. However, it actually just ties up SSH clients with false promises indefinitely...”Discouraging bots is a fun hobby I approve of. I like this simple Python script that exploits an RFC loophole.
pi-hole.net
I'm a big fan of goofing around with a Raspberry Pi. At times I've used mine as a game emulator, media center, and caller ID server. Recently it has been sitting in a box, but now it's a DNS server that blocks ads on my home network thanks to Pi-hole. Pi-hole is software you install on a raspberry pi that filters the addresses you or your devices request through shared lists of known advertisers. It's simple to set up and it just works. I'm seeing 98% fewer ads across the web—no browser ad-blocker required. Once installed it has a nice web admin interface and it gives you statistics about which domains have been blocked. (8.7% of all my DNS queries have been blocked as I write this.) It was also easy to add my favorite ad-supported sites to a whitelist so they'll still get paid. It does bother me that this kind of tool leads to a nerds vs. everyone else experience (great interview, btw) but tracking, malware, and general browsing performance has gotten so bad due to ads that we need these tools. If you already have a tiny computer, Pi-hole plus an hour to set it up on a weekend will improve your web experience.
washingtonpost.comWe have recently had regular E. coli outbreaks while the FDA was fully staffed. It seems like a bad idea to understaff them right now.
Update (1/11): Oh good.
Update (1/11): Oh good.
Medium | Javascript
The headline is a little alarmist, but this is a great explanation of some bitcoin scam code that someone placed into a popular node package. I agree that building businesses on top of volunteers is not sustainable and I hope the Node community can work on a solution. Reusing community code is a fast way to develop but you trade away some security.
Freedom to TinkerWith elections on our minds (vote Tuesday!) here's Ed Felton describing a new voting system called E2E-V. I'm not sure I get the nuances of the coin-flip challenge voters but it sounds like a much better system than our current black-box, insecure, privately owned machines. And of course my favorite system is Oregon's statewide mail-in system. I'm sure it's not as secure as end-to-end verifiable cryptography but I think the convenience and ease of understanding how it works means more people participate.