Permalink to single post

Heartbleed / CVE-2014-0160

Let’s talk about something that affects you. It’s called CVE-2014-0160. You probably know it by Heartbleed. It is a security problem which affects at least 60% of the Web, including Facebook. Here’s how Heartbleed works.

While sysadmins panic (which did include me for a short time), here’s what you should do:

When you receive communication from an affected Website saying that they have fixed the problem, change your password on that site immediately. If they only acknowledge the problem exists but don’t mention a fix, do not change your password: their site is still vulnerable. If a few weeks pass with no confirmation the problem was fixed, you should change your password anyway.

Going forward, keep an eye on your financial statements for fraudulent activity and use unique passwords for every account. (Here’s why: if a vulnerability appears on site A but not site B, it won’t compromise your account on site B since they only have your personal information from site A.)

You can keep track of your passwords, and generate more secure passwords, using password tools like LastPass. If you want to control where your encrypted passwords are, you can use 1Password or KeePass. You can also use a notebook or special password journal (any office supplier will have either).

Whichever option you choose, make sure you keep your passwords somewhere safe and keep a copy outside your home in case of disaster. A safe deposit box or trusted friend/relative’s house, depending on your level of trust/paranoia, are both good options for most people.

Oh, and a report from Bloomberg says the NSA has known about this vulnerability for years and has exploited the bug. Articles with other commentaries and statements from the NSA (dishonestly) denying their exploitation of Heartbleed are available on MSN, CNET, and The Huffington Post.

For more information about Heartbleed, go to Heartbleed.com, or for more technical information visit Heartbleed’s entry in the Common Vulnerabilities and Exposures database, maintained by The MITRE Corporation.

Permalink to single post

I will never be one of those women, who stay silent and pretty on the arm of her husband. Or remote and alone in the kitchen doing the washing up for that matter. One’s life must matter, Denis, beyond all the cooking and the cleaning and the children. One’s life must mean more than that. I cannot die washing up a teacup.

— A characterization of the young Margaret Roberts from The Iron Lady.

Permalink to single post

Something Undertaken

Hello everyone. Happy 2014!

I have a big announcement to make.

I’ve thought long and hard about what I want in life. Like everyone, I want a certain kind of life. For me, that’s making significant impacts on my industry, living without fear of what the future may bring to my finances, and continuing generosity to others with what I have, especially to give others the tools to find happiness.

I don’t like learning in an institution. It’s never really been my forte. I took an online class recently, and the experience wasn’t what I was hoping it would be; the textbook was the instructor and it didn’t manage to keep me engaged. I still learned a few things: first, that I don’t like institutional learning. Second, I’ve many more relevant skills than I thought I did before taking the class. Finally, I really don’t want to go to university.

My industry is growing out of wanting a piece of paper to prove skill. I can teach myself a computer language in a few months. I could write good programs in that language in around a year. Formal education is becoming a formality—and as an entrepreneur, who would I show a degree to? I believe a good plan, a great leader, and an amazing team would trump any degree when talking with investors or creditors, because it certainly would with me.

I’m tossing a few ideas around in my head. My internal monologue is occasionally interrupted by a shriek of terror or frustration at the thought of being a stereotypical 20-something and of failing at a career as an entrepreneur.

If I had to choose an option—and really, I do—I would rather fail while trying to live how I want than resign to living something I know I don’t want at all.

When I see others who have a life similar to the one I want, they arrived at it through building their own business. What I need out of my life is something I believe I can meet through entrepreneurship.

Thus, I have an announcement: I’m starting a company. It will likely be a while before you hear anything about it, but I’m going to do my best to make sure you’re just as excited as I am when you do.

(Time for a wordnik moment! The words ‘entrepreneur’ and ‘enterprise’ are very similar words, in form and function. Both entered the English lexicon in Middle English (1150–1470 CE) from Old French. They share the root entreprendre, which in the case of ‘enterprise’ means ‘something undertaken’.)

Permalink to single post

User Expectations Regarding Files & Mobile Applications

There has been a fast foray by most business software companies into ultra-mobile computing. Microsoft is finally starting to catch up on non-Windows Phone devices with Office for Android. I say that they’re only starting because I met a critical flaw in their own application.

Mobile software has taught users—myself included—that you only need to save documents on full-fledged computers, not smartphones or light tablets (i.e., anything with an ARM chip). It’s great, because that’s one less step to do with a tiny keyboard on a tiny display using an interface that wasn’t designed for handling files.

In fact, it’s one of the intentional decisions made by Apple, and later Microsoft, with their respective mobile platforms: removing the file system from the average user’s view. This is great for most users: you don’t expose the underlying system, so the system appears less complex and it’s less intimidating up front for people who haven’t learned to use the system.

Apple took this step with OS X: they’ve hidden the Library folder in users’ home directories and have somewhat replaced their file browser from being the center of interaction when you first turn on a Mac by introducing Launchpad.

While the rest of the industry starts moving away from exposing the file system to non-power users (and Apple just hides it from everyone), the shift is clear: we don’t open files directly anymore. Instead, we always open applications to handle files.

Some developers have handled this well. Their apps automatically save changes, even to drafts. If the operating system terminates the application when it’s in the background, the file is safe and, to the user, the application’s state hasn’t changed when the user switches back to it. And there’s no need to worry about finding a place to save a file when you press Save; you just need to tap the name of the new document, Untitled, and type in a new name. It’s saved until the user tells the application to destroy it.

Now, here’s my gripe: a certain app for Android doesn’t do that. It still uses parts of the file metaphor (which is partly due to Android as a platform having a silly insistence on exposing the file system for normal users despite everyone else realizing it makes things more complicated) and, its most egregious sin, doesn’t autosave files or drafts.

I just lost an entire hour’s worth of fiction I wrote before sleeping that I’ll never be able to recover, because someone didn’t think about how the modern device’s user environment handles files as part of the industry’s standards, the platform, and the user experience.

If your application doesn’t automatically save changes, please warn me now so I can avoid it.

Permalink to single post

Have you ever seen the rain?

Sometimes there is no better metaphor for a period in one’s life than rain. There’s the spring shower, where it’s grey for a day and everything blooms come the next. There’s the summer thunderstorm, which is often dark, loud, and scary. It seems to last forever, stretching deep into the night and keeping you awake, hiding under your covers. There’s the autumn rain, where there’s wind stripping the trees of their bright, colorful leaves and giving arid farmlands a sigh of relief until harvesting ends. And further, there’s the wintry rain, sometimes frozen, hammering on the roofs of homes and offices, shattering on windshields and pelting pedestrians; and when the rain stops, the path can be treacherous, well into the following days and weeks.

There is beauty in rain that no other weather has. There are so many conditions that can coalesce into something beautiful, or into an absolute terror.

In the late summer, each raindrop that falls onto the parking lot evaporates from the absorbed heat of the asphalt. The sweet vapors flow through your nose, giving a subtle nudge to your brain to recognize how amazing its natural talent of cleaning the air of its impurities and pollutants really is. The realization that despite human expansion, we have no control over the weather and that only it can undo so much of our contamination is both humbling and frightening. It leaves one literally awful.

Even the long, dark winters of the Pacific Northwest are beautiful. The sound of the rain against the rooftops and streets, mimicking its mother ocean’s waves breaking against beaches, can lull one to sleep at night or provide a soundtrack for busy afternoons at work and romantic evenings.

And perhaps the most amazing, when you think about all of the factors and extremes that contribute to it happening, is every single rainbow. The sun burns at several thousand degrees to throw visible radiation in every conceivable direction, and a few of those photons make it to Earth, slip through her atmosphere, break through the rainclouds, strike the raindrops at just the right angle, refract through it, and strike the back of your eye, turning into pulses of electricity, showing amazingly bright, saturated hues across the entire spectrum in your brain to your soul.

After the rain hits the ground, it drains away, from capillaries, to larger and larger waterways, until it hits a river like the mighty Columbia, and flows back into the ocean, only to take the journey again—someday.

Though today is a sunny one in my part of Oregon, winds are calm and our high is set to be around 54°F. A nice day for Thanksgiving in America.

Gods know I have a lot to be thankful for. But in particular, I’m grateful for being alive, for knowing the people I know, for my family and friends, whether living or absent, and for everyone who works around the globe on everything from computers and medicine to water treatment and milling so I don’t have to.

And I’m grateful my friend is still alive. The world would not be as bright of a place without you.

The rain may come, but it doesn’t stay forever.

Permalink to single post

On Holiday (A Pseudo-Liveblog)

On holiday in Massachusetts! Presented in reverse-chronological (latest first) order.

…rest of the trip?

So I was a little too occupied to write much else in this post. I’ll be leaving it up for posterity, though. I had a great time on my trip. And it ended the way I wanted it to. I kissed my love.

2013-06-20 07:59-0400

Oh my god it’s cold, really, really cold.

2013-06-19 06:50 UTC-0400

Yes. That’s the offset for Eastern Daylight Time you see there in that heading. I have crossed the entire nation—and a great lake.

I was surprised at how short of a trip it was getting here. (Being hindered and not aided by the jet stream on the return trip is definitely going to make the flight back, well, painful, both literally and figuratively.) The 757 I was on (sadly its cabin is not wider than a 737) had in-flight Wi-Fi. Unfortunately, its provider charges an exorbitant amount of money for access which ends up lasting less than ¼ a day (if you’re on a longer flight, it’s still not worth the price).

Well, unfortunate if you hadn’t looked for a workaround before leaving. Hack My Trip had an article detailing how to get Gogo’s in-flight service for free: own a BlackBerry—or make the service think you do. As detailed in the article, you can make your device identify itself as a modern (≥ BB10) BlackBerry. When Gogo directs you to their payments page, it realizes you’re “a BlackBerry” and gives your device free access to the Internet (including VPNs and SSH). One IT department’s stupidity, though, is another man’s $20. Or something like that.

Also, a bit of kudos to the TSA agents at KPDX (don’t worry, I still don’t like the TSA):

  • They actually reopened security lines to handle the >300 passengers waiting in line for red-eye flights.
  • None of them were rude, to me or other passengers.
  • I opted out of the millimeter nudie-wave scan, to no protest on the TSA’s part. (Though not ionizing or genotoxic like backscatter X-ray, I still don’t want to go into a device used to treat everyone like terroristic cattle and that looks an awful lot like a death trap in science-fiction movies.)
  • I wasn’t “gate-raped”: no personal space violations, no groping, no molesting, no cavity searches.

I hope it’s the same when flying out of KBDL, because I will be watching. So don’t fuck it up.

2013-06-18 03:08 UTC-0700

I’m writing this while hurtling towards Detroit at around 10 times faster than highway travel.

(Don’t worry, it’s a layover—I switch planes to go to KBDL/Hartford-Springfield after I land in around an hour.)

Also, the morning twilight is beautiful from up here.

2013-06-17 23:00 UTC-0700

Look who I found! An Internet friend of mine. No, I didn’t get a picture of him until after we parted ways—my flight was boarding and I didn’t even think about it beforehand. (He’s the one in the chartreuse ASIG uniform.)

20130618-031717.jpg

Robert! …’s back. Ah well, might catch him on the return trip.
« Older Entries
%d bloggers like this: