Category Archives: Tech

U2 and Apple Combine to Give Away New Album

So, as part of Apple’s product announcements today, they also teamed up with the band U2 to give away their new album to 500 million iTunes users.

In terms of marketing, it’s an interesting ploy. Why charge for the music at all, why not give it away and make your money as a musician from playing live? That might work for a band as huge as U2, I’m not sure every artist would agree with the premise.

On the Technology front, however, I do find this interesting. How do you feel about Apple pushing out an album to your iCloud storage without your consent? For non iCloud users, how do you feel about the fact that this album is no listed as a purchased item in your iTunes library, potentially affecting the genius recommendations in the future, even if you choose not to download it. (It shows as a purchased item regardless of whether you go to the Purchases link and download it or not.

How do you feel about Apple pushing an album out to all iTunes users whether they want it or not?

Update: Ars Technica has some tips for getting rid of it if you really don’t want it.

Tags:

The Problem with Total Surveillance

20140529-201524-72924452.jpgI was talking with someone a few weeks ago and the NSA and how the government is snooping on email and social media and all those sorts of things. He mentioned that he finds that most times he bring things like that up, it’s met by the all too common refrain “If you don’t have anything to hide, then what’s the problem?”

Let me tell you what the problem is. Context.

Look, I truthfully don’t have anything to hide. I’m not doing anything illegal, I’m not sleeping around, I’m not hiding money anywhere, I’m not living in fear of the government finding out some deep, dark secret that is going to get me in trouble. What I am afraid of is someone from the government seeing a random email, text message, chat, etc. and taking it out of context. Because then I have to go defend myself from their innuendo.

Let me give you a perfect example. I have a Gmail address. I was lucky enough to get on the gmail train early and I have my name @gmail.com. Unfortunately, I have a pretty common name, and lots of people with that name either forget to type more than just the name @gmail when signing up for things, or go ahead and do that so that they don’t have to deal with the emails. Lots of other folks, when sending email to the Mike they know, manage to only type the name @gmail too. Continue reading

Tags: , , ,

Google Finds a Predator

Cross posted from the Child Abuse Survivor site

The tech world is alive with news that Google has helped locate and charge a predator based on scanning their email for child pornography images.

Obviously, this is a case of a stupid criminal, if you’re going to share illegal images, using a cloud service provider that already admits to scanning email contents for keywords as part of their advertising plan probably isn’t the most private place to do it.

On the other hand, it is also a sign of the times. Letting third party companies hold your data on their servers puts some legal obligations on them to prevent you from putting certain kinds of data on the service. Simply put, once you attached a known CP image to an email it was stored on Google’s server. Google could be charged with possession by simply leaving it there, negligence for not knowing it was there, and possibly even more if they allowed this person to keep sharing it with their service. So, they kind of have to scan their own servers for known images. Once found, that information has to be turned over to the authorities, which is as it should be. Anyone who works with technology, especially other people’s technology, would be required to do the same.

As someone who is very interested in making sure child pornographers are caught and charged, I like the fact that cloud services are attracting them. Rather than shut down services that allow people to trade images on the internet for fear of letting a few of them do something illegal, I’d rather have this type of thing going on, where they use the technology, but the technology helps the authorities find them too.

Tags:

Why Net Neutrality Matters

TechDirt has a good example that should show you what is at stake with net neutrality rules.

For about $12, Sprint will soon let subscribers buy a wireless plan that only connects to Facebook.

For that same price, they could choose instead to connect only with Twitter, Instagram or Pinterest—or for $10 more, enjoy unlimited use of all four. Another $5 gets them unlimited streaming of a music app of their choice.

Think about how this plays out. If you run a website, in order for mobile users to actually be able to reach your site, you’re going to have to negotiate with the mobile carriers to get your site carried so that users can access it. It’s no longer enough to spend money on hosting and building a site, now you have to also pay the carriers. So long to independent voices on the web.

If this type of scenario sounds familiar, it’s basically what we see with cable tv now. All those conflicts that saw you lose a network for a few days or weeks here and there? Now imagine going through these negotiations for every single website? Yeah, no one wants that, except the ISPs who aren’t happy charging you for internet access, they also want to charge the internet for access to you, one website at a time.

Tags:

Deactivating AddThis

I’ve been using a couple of AddThis plugins on this site recently, in an effort to make it easier for folks to share things that they find interesting on the site, or to encourage folks to share or like the Facebook page, etc.

Tonight, however, I’m deactivating AddThis on the site. The reason? This article about tracking web visitors using canvas fingerprinting.

Rich Harris, chief executive of AddThis, said that the company began testing canvas fingerprinting earlier this year as a possible way to replace “cookies,” the traditional way that users are tracked, via text files installed on their computers.

“We’re looking for a cookie alternative,” Harris said in an interview.

Harris said the company considered the privacy implications of canvas fingerprinting before launching the test, but decided “this is well within the rules and regulations and laws and policies that we have.”

He added that the company has only used the data collected from canvas fingerprints for internal research and development. The company won’t use the data for ad targeting or personalization if users install the AddThis opt-out cookie on their computers, he said.

Arvind Narayanan, the computer science professor who led the Princeton research team, countered that forcing users to take AddThis at its word about how their data will be used, is “not the best privacy assurance.”

Look, I’m not particularly interested in tracking my readers. I am interested in having easy ways to help you spread the word about my sites, but there are plenty of other ways to do that. It’s not worth alienating those of you with privacy concerns, especially when I fall into that category myself!

Tags:

Depression Stigma in IT?

Closeup fireI’ve been struggling with writing this for a couple of weeks now, but ever since I saw the article over on TechCrunch entitled We Need To Talk About Depression it has been on my mind.

The article talks about some of the stigma associated with depression and mental health in a startup company.

Building a startup is like climbing a mountain and being told you’ll only get the gear you need–harnesses, helmets, bottled oxygen–as you struggle toward the peak. Long hours away from family, responsibility to investors and users, and the fear of failure are extremely stressful and they sometimes coalesce into something more severe.
I’m not a startup founder, but as a TechCrunch writer I’ve gotten to know many, some quite well, and I’ve seen how entrepreneurship can put even the most optimistic people at risk for depression.

It got me thinking about the tech world in general. There are certain stereotypes about tech workers; we work long hours, have no social life, deal with highly stressful situations putting out all of the technical fires that happen within our organizations, etc. Those stereotypes, unfortunately, also turn into expectations. I have always thought that was one of the bigger problems with attracting females to an IT career, this sense that they would be expected to work long hours, be on call for emergencies, and non-emergencies, 24 hours a day, 7 days a week, 365 days a year, etc. (Granted, there are many other reasons why there are a lack of females in the tech world, but this is not an article about that)

Those expectations would make it difficult for someone dealing with depression as well. As John Grohol stated in response to the above article:

 Indeed. When you’re young and feel like you have endless energy, working 80 hours a week (and getting paid for 40) seems like a good idea. But it’s not. It eventually catches up to you, stresses you out, and throws your entire life out of balance.

Some of the articles written around this topic sound like thinly-veiled excuses for the discrimination and prejudice that many have experienced in startup cultures. That because these environments are stressful and demanding, it somehow excuses discrimination and stigma of mental illness.

Here’s where it gets personal to me. I’ve struggled with depression. I’ve attempted suicide before. Sure it’s been years, but this is something that I know I have to be on the lookout for every single day of my life. It’s also something that, while I freely discuss it on my other site, I don’t often discuss professionally. Continue reading

Tags: , , , , ,

Wordfence Security Plugin for WordPress

One of the challenges of hosting your own site and using WordPress is security. As WP has gotten more and more popular, it has become a huge target for hackers of all sorts. I’ve had my own fair share of old installations getting hacked and causing problems for live sites, rogue files, brute force login attempts that create a denial of service, DOS attacks against XMLRPC, and so on over the years.

Recently, I came across a mention of a security plugin called Wordfence and decided to try it out. It scans your install for any changes made to the WordPress core, theme and plugin files by comparing them to the original from the WordPress codex. Sure enough, for the couple of placers where I had made some customizations, it noted those as changed files and warned me about them. It then let me mark those as safe to ignore, provided they don’t change again, which is nice. I’m always nervous when a security app allows the user to set it to ignore a file, and then that’s the file that gets corrupted, and it continues to ignore it. It even warned me about a corrupt file that I had missed about 8 folders deep when I was cleaning up that infection last year, so that’s also nice!

Eventually though, I got everything cleaned up and verified with one more scan!

wordfence1

 

 

Continue reading

Tags: , , ,

Put a PIN in Your Phone

20140529-201524-72924452.jpgI was doing a little light reading last night, about the latest scourge of iCloud attacks, wherein a hacker gets access to your iCloud account, and using the Find my iPhone service, puts your device in “lost mode” and sets up a PIN to lock you out of your own device until you pay the ransom.

It’s brilliant in it’s simplicity, gaining access to a cloud service that is used to protect your data, and using it’s own tools against you.

As I continued reading about the theories about how the hacker was gaining access to the iCloud accounts, and ways to protect yourself from this kind of attack, this bit jumped out at me. I almost spilled my drink.

iPhones and iPads that have a PIN don’t present the attacker with the ability to set their own. That screen earlier on where I remotely locked the device is only presented when it doesn’t already have a PIN so that immediately thwarts this attack. Even if the device is just for the kids, if you connect it to iCloud, put a PIN on it (don’t worry about it making life hard for them, kids have an uncanny ability to access a device protected by nothing more than four numbers).

What the hell people? Ask anyone about losing their phone and they’ll likely tell you about how awful that would be, how it has “their whole life on there”, but they still walk around without even the simplest of security turned on? Really, is the 2 seconds it takes to enter a PIN too much effort? C’mon we have to be better than that. If you don’t have a PIN on your iPhone or iPad please go check out how to enable one. The next time you leave your device somewhere, or set it down in a crowded room/bar/restaurant/etc. you’ll be glad for that meager bit of protection from prying finger tips.

Tags: , ,

TrueCrypt Mystery

If you’re not familiar with TrueCrypt, it a free utility that you can use to encrypt your data. I’ve used it for years, lots of people in the eDiscovery world have used it for years, among many other tech professionals, and I would imagine they continue to use it.

Given the large user base, and the nature of the tool to begin with, the current state of affairs is a huge concern. As ArsTechnica explains:

One of the official webpages for the widely used TrueCrypt encryption program says that development has abruptly ended and warns users of the decade-old tool that it isn’t safe to use.

“WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues,” text in red at the top of TrueCrypt page on SourceForge states. The page continues: “This page exists only to help migrate existing data encrypted by TrueCrypt. The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.”

So has the site been hacked? Is this a hoax? Are they really suggesting that everyone should stop using their software with no further comment or explanation? Who knows? It certainly bears watching for those of us who’ve been using it!

Tags: , ,