Tuesday Sweep: 8 August 2017
Your weekly reminder to back up your data, update software and otherwise pay attention to your digital environment. (Oh, and to go to the CRASH Space meeting…)
Jump in Here
- Welcome. If you haven’t been following along, it’s okay. You’re not behind, you’re just where you are.
- I highly recommend the coach tool at the Crash Override Network has a great step by step break down for many of the same introductory steps we did here.
- Feeling more ambitious? Review the list of OneThing articles and pick one to catch up on.
- Updated software recently? Pick a new device to check on today.
- Backups still up and running? When was the last time you made a clean disk image? Here’s a new great article on how to design a backup system.
- App and Password Gardening: Delete a low quality app from your phone or delete an account that you don’t need that doesn’t make you happy. Digital cruft builds up. Delete it. If you’re keeping it, can you move the password to your password manager (delete it from everywhere else) and add two factor authentication?
- Move to offline archive & delete your histories where you can find them.
- Double check privacy settings on your phone, social media accounts. The folks running the companies can change the TOS and add “features” before you notice them.
Where do you scan for news?
Any one who considers arithmetical methods of producing random digits is, of course, in a state of sin.
— “Various techniques used in connection with random digits” by John von Neumann in Monte Carlo Method (1951)
The Wired the article “Meet Alex, the Russian Casino Hacker Who Makes Millions Targeting Slot Machines,” brought to my attention via Schneier, highlights what some observational legwork, patience and a big payout can accomplish. The failure to use a proper random number algorithm put these machines at risk, but what constitutes “proper random number algorithm”? In security there is the concept of practically or semantically secure vs perfectly secure. Your system is “secure enough” if it would take an obscene amount of time and effort, that you don’t think anyone would bother to spend, to crack it. As computer speeds ramp up, and well paying jobs for people go down, it will be hard to overestimate just how much work people will be willing to do for a payoff. What the folks were doing IN the casinos was pretty mind numbingly boring. Better get some better random number generators (Or, you know, make it easier to get more interesting, better paying work. Security isn’t just crypto). To understand what “better” means in this context – check out the following resources.
- Khan Academy has a decent CompSci 101 with a focus on cryptography. The pseudorandom number generators video from that track is available on YouTube.
- These two videos by Numberphile
- Applied Cryptography Playlist posted by Udacity with a PRNG example
- Reddit ELI5: Why is it impossible to generate truly random numbers with a computer? What is the closest humans have come to a true RNG?
- 2015 Paper on Two Source Extractors
- Excerpt on Randomness from the Art of Computer Programming (mentioned in Wired Article)
- “Random Art” by Andrej Bauer.
- RadioLab Episode on Stochasticity
- The Nature of Code by Daniel Schiffman Introduction: “Random Walks“
Feeling dumb or stupid about how not-l33t you are? Angsting over some silly thing you “know better than to do.” Stop. That isn’t useful. Regret is only of use if it prompts an actual change in behavior. Maybe it’s NOT you that sucks. Could be it’s the technology and you could come up with a fix that would help lots of people. Look forward and make a plan.
We are a community. You are a welcome part of it.