CNET recently published a list of cables to keep and cables to discard. I like to keep things for historical interest as well as for practical reasons. Historical examples allow me to show students different ways of doing the same thing. The picture on the left illustrates “serial vs parallel” and I use a similar image in my textbook. I don’t collect ancient types of wire for investment purposes: values don’t justify it.
You need to decide why you want to keep cables, and keep the cables accordingly. Like most Web journalism, CNET largely ignored that question. Here are some reasons:
- I have equipment that uses a particular cable
- I’ll probably buy equipment that uses a particular cable.
Let’s look at those reasons and consider CNET’s recommendations.
Continue reading Which cables to keep, which to discard?
Members of the University of Minnesota’s MSSE Class of 2017: the cybersecurity course (titled “Data and Network Security” or something like that) is one of your options for next spring. After talking with students in the class right now, I’m posting more information about the class.
Continue reading MSSE Cybersecurity Course 2017
[UPDATE: Apple now claims this was a bug; see the updated post]
This is perhaps the worst example of entertainment engineering I’ve ever heard. Blogger and musician jamespinkstone claims that Apple Music deleted countless unusual tracks in his music collection. It “matched” the tracks with entries in its library. Then it deleted the matched ones from his hard drive. When he tried to play a rare piano version of “Sister Jack” he instead heard a common demo version. Apple Music apparently decided the tracks were similar enough to treat as identical.
This is worse than Sony planting malware on PCs to as a sort of copy protection. I’m no musician, but I appreciate the differences in my 3 or 4 versions of early Bonnie Raitt songs.
This is why I don’t trust the big vendors like Apple or Google to host my private ebook library.
The University of Minnesota’s HR department send me an email in January telling me that I had to submit to a background check. The good news: I do them all the time.
The bad news: the background check company can only complete the check if you follow a URL embedded in an email.
This is how phishing emails work. The email comes from a convincing-sounding source, like the University’s HR department, or some third-party on their behalf. You respond to it, only to find that it really wasn’t the HR department collecting the information.
Bottom line: you can’t trust email. No matter how many times it says “This isn’t a spam email,” or “This isn’t a phishing email,” you can’t trust email.
Continue reading University: Anti-phishing not really a “policy”
The current fight is about whether we will impose a technological infrastructure which will be exceptionally vulnerable to attackers in order to provide nothing more useful than some very, very short-term advantages to people investigating crimes.
Let me say it differently: We put everyone in danger if we weaken cybersecurity. We only help a few detectives in a few investigations.
I don’t want hackers playing with my home thermostats, my car’s computer, my water or electric utility systems, or financial computers. If we make it convenient for police to reach into our computers, we also make it easy for hackers. This threatens peoples lives directly.
Continue reading The Apple case isn’t “privacy” versus “safety”
Computing technology is insanely reliable when you look at statistical error rates. Hard drives read and write trillions of bits while rarely producing a reportable error. But when you want some data to live forever (like family photos or critical business records), even an occasional error is a problem.
I’ve been using OS X and Time Machine for at least a decade now. I rely on RAID 1 “mirrored” backups. In other words, my Time Machine storage contains 2 separate hard drives. Everything is written to both of them. If one fails, I replace it with a new one, and rebuild from the good drive.
I also like to encrypt my hard drives. OS X provides convenient and capable hard drive encryption, but it doesn’t play well with the OS X RAID service. I’ve found it best to use an external RAID enclosure which handles the mirroring. I let OS X handle the crypto.
Continue reading Backing Up OS X with Mirrored Encrypted RAID
A threat agent is an active entity motivated to attack our mobile devices and activities. We may identify threat agents as specific organizations or individuals, like Anonymous, or we may classify them by goals or methods of operation (MOs). For example, shoplifters are a class of threat agent that attacks retail stores.
[This post is another piece of text I’m writing as part of a mobile security writing project. It was originally part of another post, but it can stand on its own.]
Continue reading Threat Agents
[This post contains text I’m trying out for a new writing project on cybersecurity in the mobile age. I might be posting more such stuff in the future]
In an ideal world, we share with other people directly. We speak quietly face-to-face, gesture, and draw occasional images.
In the real world, most people are too far away to hear our words. We use cell phones and other mobile devices to carry our words farther.
Today’s mobile devices try to solve the deceptively simple problem of sharing text, images, and words. The natural world restricts the power of our voices and the range of our messages. Misunderstandings that already happen face-to-face are multiplied when we restrict our messages to text, images, and sounds.
Continue reading Communication is Hard
I’m a fan of Boak’s Lectures – they cover the fundamentals of military cryptography just before the information revolution.David Boak developed the lectures for the National Security Agency’s Cryptologic School.
Even though the lectures are from the ’60s and ’70s, they remain relevant to today’s cybersecurity threats. Cryptographic techniques that were classified Secret in Boak’s work are prominent in modern commercial cryptosystems. A sanitized version of Boak’s Lectures (Vol 1, Vol 2) was released in 2008.
I’m happy to report that the Interagency Security Classification Appeals Panel has released a more complete (less redacted) version. It’s available from the Government Attic.
Continue reading NSA re-releases Boak’s Lectures
I’m upgrading my iPhone and trading in the old one. I had to erase the old one completely and unhook “Find my iPhone” from it.
I’d seen headlines hinting that recycled iPhones aren’t often erased. Some headlines suggest that the erasing operation itself doesn’t really work.
It works. It’s just time consuming. I turned off TouchID and the lock code. I disabled “Find my iPhone” and all the iCloud connections. Then I went on line and made sure the old phone wasn’t listed on my Apple account. Finally, I hit the “Erase All Contents and Settings” option.
The phone restarted with the Hello setup screen. I went through guided setup without hooking up iCloud or anything personal. I looked through the phone to make sure nothing was there. It was clean. I looked on Find My iPhone, and the old phone didn’t appear.
Continue reading Recycling an iPhone – not a picnic