security

Greg Pierce, the developer behind Drafts and the man behind the X-Callback URL specification: As a creator and advocate of x-callback-URL, security implications have been something I’ve thought about and tried to draw attention to in talks I’ve done on the topic. In the zeal to encourage adoption I may not have done a good job of reminding other developers to keep security in mind planning their URL schemes.

From Quartz: This completely unexpected turn, which Chambers said was the fastest swing he had ever seen in emerging markets, comes just as Cisco is trying to establish itself as a bedrock technology provider for of the internet of things, which industry analysis firm IDC says will be an $8.9 trillion market by 2020. This quarter Cisco unveiled the nPower chip, a super-fast processor designed to funnel the enormous volumes of data that the internet of things will generate.

The Dark Mail Alliance is partly founded by the previous owner of Lavabit. To bring the world a unique end-to-end encrypted protocol and architecture that is the ‘next-generation’ of private and secure email. What we call ‘Email 3.0.’ is an urgent replacement for today’s decades old email protocols (‘1.0’) and mail that is encrypted but still relies on vulnerable protocols leaking metadata (‘2.0’). They probably want to at least host their VCS outside of the US.

Bishop Fox goes into detail why LinkedIn’s new Intro service is a bad idea. Cory Scott of LinkedIn responds. I think LinkedIn is among the most disgusting, hostile, deceitful and technologically malignant services available. If you use it, their security is probably the least of your worries.1 But, it’s already too late. They have your data and will not give it up. I deleted my account two years ago because they lacked any sense of responsibility for the users.

From FastMail’s blog: As noted in our recently updated privacy policy, we are an Australian company subject to Australian law. We are required to disclose information about specific individual accounts to properly authorised Australian law enforcement with the appropriate supporting documentation, which means a warrant signed by an Australian judge. We do not co-operate with any kind of blanket surveillance, monitoring or “fishing expeditions”, and we do not give out user information to anyone outside Australia.

On the heels of BitTorrent server-less file sync comes BitTorrent server-less chat: So over at Labs, we’re working on something that could solve for conversation security. BitTorrent Chat applies distributed technology to the idea of IM. Our goal is to ensure that your messages stay yours: private, secure, and free. Something tells me 2014 is going to see a dramatic increase in secure chat, email and file sharing services.

I use Find My Friends regularly. It’s a great way to see when my wife will be home so I can have dinner ready and not bug her. With iOS 7 you can now1 ask Siri to locate someone linked with Find My Friends. If you have your relationship set for your spouse, just ask Siri “Where’s my wife”. Siri will dutifully return a map showing their current location. Tapping the pin will open Find My Friends.

Dave Addey has a nice article about iBeacons. I’m both excited and terrified of this new prospect. It could enable some pretty amazing conveniences. I am concerned about where the data gets used and stored.

Two contrasting perspectives here. Chaos Computer Club: “In reality, Apple’s sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake”, said the hacker with the nickname Starbug, who performed the critical experiments that led to the successful circumvention of the fingerprint locking. From Owen Wilson: For those of you following at home, taking a 2400DPI image of a fingerprint is not exactly a simple task and will require quite a bit of digital cleanup before it can be used, as per the how-to walk though.

Yeah, I’m sure all of this would have been addressed without Snowden. From the Guardian: The NSA spends $250m a year on a program which, among other goals, works with technology companies to “covertly influence” their product designs. I guess I’m not surprised about any of this, but this will seriously undermine the tech sector. It’s already going to impact sales of Windows. If you were the Chinese or German government (or pretty much anyone), would you want to run software from a US company?