Category Archives: Tech

Deactivating AddThis

I’ve been using a couple of AddThis plugins on this site recently, in an effort to make it easier for folks to share things that they find interesting on the site, or to encourage folks to share or like the Facebook page, etc.

Tonight, however, I’m deactivating AddThis on the site. The reason? This article about tracking web visitors using canvas fingerprinting.

Rich Harris, chief executive of AddThis, said that the company began testing canvas fingerprinting earlier this year as a possible way to replace “cookies,” the traditional way that users are tracked, via text files installed on their computers.

“We’re looking for a cookie alternative,” Harris said in an interview.

Harris said the company considered the privacy implications of canvas fingerprinting before launching the test, but decided “this is well within the rules and regulations and laws and policies that we have.”

He added that the company has only used the data collected from canvas fingerprints for internal research and development. The company won’t use the data for ad targeting or personalization if users install the AddThis opt-out cookie on their computers, he said.

Arvind Narayanan, the computer science professor who led the Princeton research team, countered that forcing users to take AddThis at its word about how their data will be used, is “not the best privacy assurance.”

Look, I’m not particularly interested in tracking my readers. I am interested in having easy ways to help you spread the word about my sites, but there are plenty of other ways to do that. It’s not worth alienating those of you with privacy concerns, especially when I fall into that category myself!

Tags:

Depression Stigma in IT?

Closeup fireI’ve been struggling with writing this for a couple of weeks now, but ever since I saw the article over on TechCrunch entitled We Need To Talk About Depression it has been on my mind.

The article talks about some of the stigma associated with depression and mental health in a startup company.

Building a startup is like climbing a mountain and being told you’ll only get the gear you need–harnesses, helmets, bottled oxygen–as you struggle toward the peak. Long hours away from family, responsibility to investors and users, and the fear of failure are extremely stressful and they sometimes coalesce into something more severe.
I’m not a startup founder, but as a TechCrunch writer I’ve gotten to know many, some quite well, and I’ve seen how entrepreneurship can put even the most optimistic people at risk for depression.

It got me thinking about the tech world in general. There are certain stereotypes about tech workers; we work long hours, have no social life, deal with highly stressful situations putting out all of the technical fires that happen within our organizations, etc. Those stereotypes, unfortunately, also turn into expectations. I have always thought that was one of the bigger problems with attracting females to an IT career, this sense that they would be expected to work long hours, be on call for emergencies, and non-emergencies, 24 hours a day, 7 days a week, 365 days a year, etc. (Granted, there are many other reasons why there are a lack of females in the tech world, but this is not an article about that)

Those expectations would make it difficult for someone dealing with depression as well. As John Grohol stated in response to the above article:

 Indeed. When you’re young and feel like you have endless energy, working 80 hours a week (and getting paid for 40) seems like a good idea. But it’s not. It eventually catches up to you, stresses you out, and throws your entire life out of balance.

Some of the articles written around this topic sound like thinly-veiled excuses for the discrimination and prejudice that many have experienced in startup cultures. That because these environments are stressful and demanding, it somehow excuses discrimination and stigma of mental illness.

Here’s where it gets personal to me. I’ve struggled with depression. I’ve attempted suicide before. Sure it’s been years, but this is something that I know I have to be on the lookout for every single day of my life. It’s also something that, while I freely discuss it on my other site, I don’t often discuss professionally. Continue reading

Tags: , , , , ,

Wordfence Security Plugin for WordPress

One of the challenges of hosting your own site and using WordPress is security. As WP has gotten more and more popular, it has become a huge target for hackers of all sorts. I’ve had my own fair share of old installations getting hacked and causing problems for live sites, rogue files, brute force login attempts that create a denial of service, DOS attacks against XMLRPC, and so on over the years.

Recently, I came across a mention of a security plugin called Wordfence and decided to try it out. It scans your install for any changes made to the WordPress core, theme and plugin files by comparing them to the original from the WordPress codex. Sure enough, for the couple of placers where I had made some customizations, it noted those as changed files and warned me about them. It then let me mark those as safe to ignore, provided they don’t change again, which is nice. I’m always nervous when a security app allows the user to set it to ignore a file, and then that’s the file that gets corrupted, and it continues to ignore it. It even warned me about a corrupt file that I had missed about 8 folders deep when I was cleaning up that infection last year, so that’s also nice!

Eventually though, I got everything cleaned up and verified with one more scan!

wordfence1

 

 

Continue reading

Tags: , , ,

Put a PIN in Your Phone

20140529-201524-72924452.jpgI was doing a little light reading last night, about the latest scourge of iCloud attacks, wherein a hacker gets access to your iCloud account, and using the Find my iPhone service, puts your device in “lost mode” and sets up a PIN to lock you out of your own device until you pay the ransom.

It’s brilliant in it’s simplicity, gaining access to a cloud service that is used to protect your data, and using it’s own tools against you.

As I continued reading about the theories about how the hacker was gaining access to the iCloud accounts, and ways to protect yourself from this kind of attack, this bit jumped out at me. I almost spilled my drink.

iPhones and iPads that have a PIN don’t present the attacker with the ability to set their own. That screen earlier on where I remotely locked the device is only presented when it doesn’t already have a PIN so that immediately thwarts this attack. Even if the device is just for the kids, if you connect it to iCloud, put a PIN on it (don’t worry about it making life hard for them, kids have an uncanny ability to access a device protected by nothing more than four numbers).

What the hell people? Ask anyone about losing their phone and they’ll likely tell you about how awful that would be, how it has “their whole life on there”, but they still walk around without even the simplest of security turned on? Really, is the 2 seconds it takes to enter a PIN too much effort? C’mon we have to be better than that. If you don’t have a PIN on your iPhone or iPad please go check out how to enable one. The next time you leave your device somewhere, or set it down in a crowded room/bar/restaurant/etc. you’ll be glad for that meager bit of protection from prying finger tips.

Tags: , ,

TrueCrypt Mystery

If you’re not familiar with TrueCrypt, it a free utility that you can use to encrypt your data. I’ve used it for years, lots of people in the eDiscovery world have used it for years, among many other tech professionals, and I would imagine they continue to use it.

Given the large user base, and the nature of the tool to begin with, the current state of affairs is a huge concern. As ArsTechnica explains:

One of the official webpages for the widely used TrueCrypt encryption program says that development has abruptly ended and warns users of the decade-old tool that it isn’t safe to use.

“WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues,” text in red at the top of TrueCrypt page on SourceForge states. The page continues: “This page exists only to help migrate existing data encrypted by TrueCrypt. The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.”

So has the site been hacked? Is this a hoax? Are they really suggesting that everyone should stop using their software with no further comment or explanation? Who knows? It certainly bears watching for those of us who’ve been using it!

Tags: , ,

Interested in Mobile Forensics?

Pardon me for a moment while I shill for the company I work for.

Actually, no I’m not really shilling, I’m promoting a free resource that is being offered up by our mobile forensics division, a podcast that is all about mobile forensics.

Join Lee Reiber as he discusses Today’s approach, and tomorrow’s data from mobile devices. The Mobile Forensic Examiner focuses on the problems and their solutions that are encountered by real examiners using today’s mobile forensic tools. Examiners will speak on current cases utilizing AccessData’s Mobile Phone Examiner Plus along with other mobile forensic solutions.

So if this eciting area of forensics interest you, and you want to hear from some people out there working in real world situations, check it out!

Tags: , ,

If They Sell Advertising We Aren’t Their Customers

I found much of what Doc Searls wrote about Mozilla to be true of just about all of the services we use online these days.

By becoming an advertising company (in addition to everything else it is), Mozilla now experiences a problem that has plagued ad-supported media for the duration: its customers and consumers are different populations. I saw it in when I worked in commercial broadcasting, and I see it today in the online world with Google, Facebook, Twitter… and Mozilla. The customers (or at least the main ones) are either advertisers or proxies for them (Google in Mozilla’s case). The consumers are you and me.

This is what we’ve been seeing with Google’s pushing their users toward their social network, Facebook pushing business pages towards becoming customers and buying advertising, and we will continue to see it more and more. These companies, much like broadcast radio and the old days of broadcast television, only create products that will assist in selling advertising.

So, yes, Google, Facebook, Twitter, Mozilla, etc. have an interest in creating popular products that people like to use. After all, without the users, there’s no advertising market. But it’s not quite that straightforward. Because there’s always that third party involvement, the relationship between the user and the company is never a direct relationship. The company has another master to satisfy and sometimes, that master’s interests will be in direct contrast to the user’s interest. When two master’s interests are in competition, it’s usually going to be the one who signs the checks who wins.

You might not think that’s fair, and maybe it isn’t. There’s definitely a line that companies probably can’t cross with their users before they lose them and thus lose the advertisers as well, but we’ve gotten pretty entrenched with these products. It will hurt to walk away from using Facebook, probably more than it costs to continue using it, but there’s always a line in the sand, or at least a point where the law of the land and government agencies would step in and protect consumers.

Then again, with Google taking up lobbying the government as an arm of their business, I wouldn’t count on that.

Tags: ,

OneNote and Evernote Oh My!


I’ll be honest, I’ve always had a good feeling for Microsoft’s OneNote application. The only reason I have used Evernote instead of it was because the copies of OneNote that I’ve had over the years have all been part of MS Office, which I “owned” by way of the company I worked for at the time. Not wanting to be left high and dry should I move to a company that didn’t provide OneNote, I’ve always opted to use the free version of Evernote to keep notes and have them synched up whether I was using my PC, my MacBook, my iPad or just a web browser from any computer.

Now that Microsoft has basically given OneNote the same treatment, I’m tempted to switch. Except, I also really like Evernote. And Evernote already has all of my stuff. Perhaps I can start playing around with both and figure out some way to keep some things in OneNote and some things in Evernote.

That’s the take Computerworld had on it, which I found pretty interesting:

If you’re primarily looking for a tool that lets you easily capture, organize and find content from the Web, you’ll clearly want Evernote, because its tools for doing that are exemplary. If you instead want to create notes from scratch and have them in well-organized notebooks, clearly OneNote is the way to go.

Then again, you may be like me. I’ve been using both of them for years. OneNote is my go-to tool for organizing and taking notes for projects such as books and articles. I use Evernote for research. Given that they’re now both free, it gives me the best of both worlds.

Personally, I’m hard pressed to find a clear delineation. I’m already using Penultimate on the iPad for handwritten notes in Evernote, does ONeNote give me anything I don’t get there? Should OneNote be my go-to for longer form organization? Which one do you use? Why? Would you consider using both at some point?

Tags: , , ,

WordPress Sites Being Used in DDOS Attack?

This article caught my interest:

Just in the course of a few hours, over 162,000 different and legitimate WordPress sites tried to attack his site. We would likely have detected a lot more sites, but we decided we had seen enough and blocked the requests at the edge firewall, mostly to avoid filling the logs with junk.

Can you see how powerful it can be? One attacker can use thousands of popular and clean WordPress sites to perform their DDOS attack, while being hidden in the shadows, and that all happens with a simple ping back request to the XML-RPC file:

It caught my interest because for the last couple of months, I’ve been dealing with a problem on this site, tens of thousands of requests to post via XML-RPC, causing huge traffic bursts, time outs, and all sorts of other problems. So much so, in fact, that I’ve taken some pretty drastic measures to re-route requests to that file to null.

Continue reading

Tags: ,