Tuesday Sweep: Feb 28 2017
Reflect
What’s are the frictions keeping you from doing “what’s right”? Regret is only useful if it leads to a plan on how to improve.
Confessional: Flu season makes you stupid. So does panic. So does the drive “not to be annoying.” It’s tax season and someone told me they should email them some financial information. I died a little and then said, “No, I can bring it by.” But I feel like I of all people should of have a better solution for that at the ready. This person is not the most tech savvy, so even tossing a password onto the file seems like too much. Hmmm.
Continuing Set Up
We’ve covered so much so fast. You’re not behind, you’re just where you are. Pick something to do.
- If you’re having trouble with all the set up, the coach tool at the Crash Override Network has a great step by step break down for many of the same introductory steps we did here.
- Review the list of OneThing articles so far and pick one to catch up on.
Sweep
This list will be getting longer, but lets keep it simple while folks are still setting up.
- Updated software recently? Pick a new device to check on today.
- Backups still up and running? When was the last time you made a clean disk image? Here’s a new great article on how to design a backup system.
- Reduce your attack surface: Delete a low quality app from your phone. Delete an account.
- Add a password to your password manager… and delete it from everywhere else.
- Anywhere you could add two factor authentication?
- Double check privacy settings on your phone, social media accounts.
Learn
Where do you scan for news? I keep an eye out for recent exploits and breaches that have come to light, new tools, interesting idea’s, etc.
Whew. Once again facing two weeks of news, here’s a handful.
- Note to Self has a 5 day challenge called the Privacy Paradox that’s interesting even if you “know it all aready”
- Guide for running OpenSource Projects
- This guide is for the Go language but it introduces a short list of low-lying fruit design patterns devs should be looking to use in their own projects.
- SHA-1 Encryption algorithms work because it is computationally expensive to work through solutions. It just got way easier to find matching solutions to one that was predicted to fail soon. Despite the fact that it was predicted to be vulnerable, it is still in widespread use. Ars Technica explains what finding a collision means more specifically. Fo most of us the biggest hit is that git uses SHA-1, but Linus Torvalds insists on not freaking out despite the people producing evidence that they warned him a long time ago.
- Cloudflare is a service that accelerates websites, it has a small “leaks” in the way it handles requests exposing “encryption keys, cookies, passwords, chunks of POST data and even HTTPS requests for other major cloudflare-hosted sites from other users.” This leak has been dubbed Cloudbleed after the Heartbleed bug. Its a bit of a freak occurrence, but Cloudflare handles A LOT of data so it adds up. Read Pragmatic thoughts on #CloudBleed by Troy Hunt.
- Heads up. The new FCC chair sucks. Going forward the net will not be neutral, you will have no rights to privacy, and telecoms are free to charge captive audiences as much as they want. The agency’s phone number is 1-888-CALL FCC (225-5322) and Ajit Pai’s email is Ajit.Pai@fcc.gov
- There’s an interesting AnC JavaScript attack that renders the Address Space Layout Randomization (ASLR) protection used in chips useless. ASLR makes where processes store their information “safe” because the address is random. The security researchers have found code that can ping out the location of this randomly placed information. If this was the Tron version I feel like this would play out like poachers hacking radio collars.
- Yes, IoT toys, still creepy.
- This is some of the most Bad Ass Soldering I have ever seen. Board Level Micro Repair. And there is a whole YouTube channel of it! Fight for your Right to Repair.
Engage
We are a community. You are a welcome part of it.
- Speak up
- Give
- Show up at CRASH Space tonight! (Or the Tech Solidarity Meetup)
