I often joke that the two most directly applicable course I took in college to my current career (infosec) were logic and rhetoric, and psychology. THe former to learn how to construct a coherent argument and the later to know which argument to use with which person.
Surprisingly neither COBOL nor Prolog figure strongly into my day to day.
Min
I've owned various Bose NC headphones/earbuds for years. I have poor sound discrimination. If I'm in a crowded airport and I want to hear the person beside me, I'll put on some NC headphones to narrow my audio field, works a treat. I don't need total sound isolation, I could use earplugs for that (and sometimes do). I want to be able to hear some of my environment (car horns, my kid yelling for me, etc), I just want to only hear the things that are immediately important to me
So at least for me, feature, not bug...
Min
I attended a security talk some years back, wherein someone had done code level analysis of Huawei equipment. The presenter explained up front that he went in looking for Chinese back doors.
At some point in time he gave up, because he had found so many code flaws, and vulnerabilities, he concluded that the Chinese government didnâ(TM)t NEED to pay the company to install black doors, and if they had, it would be impossible to distingish them from the crappy coding that had been done.
Please note, this is not actually a slam at Huawei or Chinese companies in general. No company is immune from the pressures of needing to hit a ship date, and the iron triangle isnâ(TM)t a new thing to any of us. When you canâ(TM)t adjust time, or the size of the shipping product (You didnâ(TM)t ACTUALLY need packet routing in the minimal viable product of our router, did you?) quality is your remaining variable.
This is why state actors will pay a hundreds of thousands of dollars for the right vulnerabilities, itâ(TM)s more deniable then paying someone to insert a back door. Not to say that no one has ever decided to code themselves a retirement package, just that the state actor that paid for the retirement has plausible deniability.
Min
So if you encrypt something today, do you care if itâ(TM)s secret 10 years from now? Depending on what youâ(TM)re encrypting, yes you do.
If your oposition is nation-states, theyâ(TM)re probably collecting things that are interesting now, for decryption later when they have the ability, so ya, you probably care now.
Iâ(TM)ve had multiple professional conversations about âoepost-quantum cryptographyâ in the last 2 years because of exaclty this. Todayâ(TM)s emails are evidence or headlines 10 years from now, so you may care.
Min
In psychology there is a reason you need to clear your experiment with an ethics board prior to conducting it on a subject. If the subject is unaware you need to convince your board that there is no harm to come to the subject.
I'd say potentially exposing information (Are you redacting appropriate things, what happens if a popup from another app comes up while you're doing a screen capture? Is the metadata your collecting potentially have uses that run contrary to the interests of the user - hey this user asked for directions to an HIV clinic...) is a harm that should be considered. Maybe detect interesting behavior and offer the user a discount on your app if they allow you to send the collected data?
Min
I also contend that the phrase 'screen time' is poorly chosen. I prefer to differentiate between what she's doing with the screen. I count coding differently then watching Youtube vids, Minecraft different from reading a book on Overdrive, etc.
There's.a whole lot of nuance that tends to get lost. Also depends on the kid. Mine is fit and active (unlike her old man) so that feeds into it too.
Min
In Soviet Russia:
Tech journalists do as little research as they do anywhere else before writing an article!
Min
Check out this video:
Along with showing how this is done, heâ(TM)s a great speaker.
Min
Sometimes, but that leads to someone else doing the job.
I've taken the job, written up a detailed analysis of the risks involved, the costs involved to remediate those risks (PR firms on hot standby, lawyers in airplanes with parachutes, etc), and challenged the sales dept to prove they could cover the costs and still make a profit.
That killed the project permanently. Usually when somethings unethical, its also unprofitable when all the externalities are priced in.
Min
Actually in a display of common sense, Toronto and region refused to offer any 'incentives' (my 10 yr old kid is confused as to why they're not called bribes, and I'll grant her that it's a fine line, but Amazon never said paying the refs to choose you was against the rules, so incentives rather then bribes)
https://www.cbc.ca/news/busine...
Min
I don't generally respond to ACs but just in case this point is useful to someone who hasn't though this through. If you're worried about spying, faraday bag your cell phone first. At least with my google home I can do network traffic analysis on it (hint, when its idle it sends very little). Try that trick on your cell phone. Well for starters, there's a whole level of your phone you don't have access to. (check out https://media.ccc.de/v/27c3-40... ) - spoiler alert: Silicon/firmware security hasn't gotten any better since then.
Source: I've been involved in cell network security.
Funny thing - before, yes. Now, not as often actually. I find myself tending to leave my phone in a charger and grabbing it when I go out.
And of course our 10 year old ("Hey google, how do you spell X") doesn't have a phone, and she often leaves her tablet on a different floor (or dead
As for the flow of conversation (not your comment, but figure I'll save some electrons
Oh and "Hey google, tell ourgroceries to add butter" has saved so many runs to the corner store when something gets missed off the shopping list because one of us used the last of the butter and forgot to tell me before I run to the store.
Min
Not sure I agree. We have one in our living room where we don't have any desktops. We often use it during dinner conversations to get facts to support a position, "Hey Google, when was France invaded during WW II?" or cooking "Hey Google, how long do you boil a potato?" or set a timer "Hey google, set a timer for 7 minutes".
None of those would be accomplished faster by going upstairs and bringing a system back from sleep and typing the question in.
And "Hey Google, let there be light!" is just fun
Min
There are classes of secrets for which "decades" is a reasonable threat model. Communications can be an example. If I'm recording everything you send NOW, are you sure there's nothing in there that won't be a problem for you in 20, 30 years? Consider some person is going to be present of the US in 20, 30 years.
If you're on the Nation State side of this, recording everything you can and decrypting later is a totally legitimate strategy, as SOMEONE will be the leader of $otherCountry then, and having all their emails ever is going to be valuable, even if only for putting together a psychological profile.
So people who work for companies whose job it is to protect your information SHOULD be looking ahead. I know I'm writing policy documents with words like "Quantium Horizon" in them and looking at up and coming post-quantum algorithms. You're welcome
Min
Oh? Check out this article:
https://www.washingtonian.com/...
But the localsâ"whose farms and homes had been condemned and displaced to make room for the observatoryâ(TM)s campusâ"didnâ(TM)t take so kindly to the influx
"You need tender loving care once a week - so that I can slap you into shape." - Ellyn Mustard
