How to Safely Update Your Apple Devices

The release of iOS 10 didn’t exactly go smoothly.

Many iOS users found their devices bricked – after installing the update they were stuck asking to be connected to iTunes. iTunes would only replace the OS, wiping out all data on the device – and even that wouldn’t succeed.

If you only use an iPhone for phone calls and don’t use a lot of apps or media with it then you can probably skip this and throw caution to the wind. Otherwise it helps to be aware of best update practices and what they can and can’t protect you from.

Continue reading

Public Domain image from

Please Don’t Get Off My Lawn: Abundance, Scarcity and Problem Solving

This isn’t a “get off my lawn you kids!” story. If anything, it’s the opposite.

During my early days in the computer industry we lived in a severely resource constrained world.

The old days: scarcity

I learned to program in 1978 on a TRS-80 – a computer with a 1.77MHz 8 bit CPU and 4KB of RAM. Just imagine trying to do anything in 4KB of RAM today. Imagine trying to get anything done with less than 2 million instructions per second. And for persistent storage… it wasn’t just that it was small and slow, it was a cassette tape and you were lucky if you could even read back your program at all.

Continue reading

SMS two factor authentication

Two Factor Authentication, SMS and NIST

How many movies and TV shows have you seen where asks somebody else about a secret that they share? If they give the right answer, their identity is confirmed. If they don’t, they’re an imposter, an alien from Planet X in disguise.

Shared secrets are the basis of authentication in computer security. And two shared secrets – two factor – are even better than one, especially when the first is a password that many people have difficulty managing in a secure way. This is what we’re doing when we use both a password and a code that’s texted to us. And this week, we got told to stop using text messages for the second secret.

Continue reading

Stream: A Black Box for WordPress Security

You’re searching your blog for spam for the fourth time in the last few days. Not only can’t you figure out how the spammer keeps getting in, you also can’t figure out what they’re trying to sell with the mangled English in their posts… hand bags? sports drinks? Something with too many consonants and not enough vowels?

If only your web site had some kind of “black box” so that you could find out what they’re doing to post the spam.

Continue reading

Pokémon NO – Oh Hai All My Google Information

Pokémon GoPokémon Go has been all over my newsfeed today. I tried it over the weekend and found it oddly compelling – the mix of the real world, accentuated by the Pokémon world layered on top of it – makes me want to walk a few blocks to check out what’s there.

The app uses a common shortcut to identify users – logging in via Google. When you do this you grant access to your Google account. Most apps ask for just the access they need – “basic access” is common – this grants the app your name, email address, gender and country without giving it access to your files, photos, email, location history and all the other stuff that Google knows about your life.

Continue reading

%d bloggers like this:
var _gaq = _gaq || []; var pluginUrl = '//'; _gaq.push(['_require', 'inpage_linkid', pluginUrl]); _gaq.push(['_setAccount', 'UA-239812-12']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://' : 'http://') + ''; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })();