TRINET SHARES EMPLOYEE PII WITHOUT CONTROLS
My employer's HR department asked me to validate a coworker's identification documents and attest that they're legitimate, for government tax form purposes. I got an email from our payroll vendor, TriNet, with a link to attest to those documents' authenticity. Clicking it took me to a page with scans of my friend's driver's license and Social Security card without requiring me to log in first. My coworker hadn't entered their driver's license number into the form, so I used the scanned image to enter it for them.
Read moreVEILID IN THE WASHINGTON POST
I've been helping on a fun project with some incredibly brilliant friends. I found myself talking about it to a reporter at The Washington Post. The story just came out. My part was crucial, insightful, and far, far down the page: Once known for distributing hacking tools and shaming software companies into improving their security, a famed group of technology activists is now working to develop a system that will allow the creation of messaging and social networking apps that won’t keep hold of users’ personal data.
Read moreSIMPLY SABOTAGING AN OFFICE
The US Office of Strategic Services, the precursor of today's CIA, wrote the Simple Sabotage Field Manual in 1944. Its goal was clear: The purpose of this paper is to characterize simple sabotage, to outline its possible effects, and to present suggestions for inciting and executing it. The target audience was people living in countries occupied by foreign armies, and it aimed to give them tools to surreptitiously fight back against the invaders.
Read moreHAPPY 25TH BIRTHDAY, HONEYPOT.NET!
In times of yore, my friends gave their computers cool cyberpunky names so that they sounded cool at LAN parties: "Hey, can you toss me an Ethernet cable for suntzu?" "Sure. Here's the switch I'm using for chaosium." My Amiga had a few hard drives to store all the, ahem, public domain music files that we traded around. I don't know what prompted me to think of it as the honeypot full of music, but it stuck, and I christened it honeypot to be one of the cool kids.
Read moreTWITTER WENT DARK. NOW WHAT?
Twitter is in a race with Reddit to see who can ruin their service more quickly. That's the simplest explanation I have for Twitter's change today that hides all of their users' posts behind a login page. Until today, you could still view a favorite company's messages, or a sport team's highlights, or an interesting author's opinions, without logging on to the site. If you wanted to interact with that page by liking a post or replying to it, you needed an account.
Read moreQUITTING REDDIT
I've spent way more time on Reddit than I should have. I justified it to myself by saying it was a great way to stay current on news and technology trends. Really, it was just a slow drip of tiny endorphin hits that felt good but ultimately didn't make my life better. Thanks to Reddit CEO Steve Huffman's ham-fisted community management and the resulting moderator and user boycott, I deleted its apps off my devices and stopped visiting the site altogether.
Read moreFAKE LANDLORD TRIED TO SCAM MY KID
My kid and their friend are looking for a house to rent. They found a perfect match, with a nice house in a pretty neighborhood and accommodating landlords, but there were a few red flags. The last was when the landlords wanted kid and friend to send them money, supposedly because they live in a different state, and then they'd mail the house keys. The landlord also sent the kids a signed lease to sign and return.
Read moreLANGUAGE SERVER PROTOCOL LAUNCHED A GOLDEN AGE OF EDITORS
Microsoft developed Language Server Protocol ("LSP") a few years ago to make it easier to add support for new languages to VS Code. Lots of smart people have written interesting things about LSP and I don't want to rehash all that, but in summary: it gives people who like using a computer language a standard way to tell VS Code how to work with it. Thing is, I don't like VS Code at all.
Read moreI USE THINGS WITHOUT ENCRYPTION
Update 2023-11-03: No, I don't. I tell people not to use Readdle's Spark email app. Then I turn around and use the Things task manager, which lacks end-to-end encryption (E2EE). That concerns me. I have a PKM note called "Task managers", and under "Things" my first bullet point is: Lacks end-to-end encryption I realize I'm being hypocritical here, but perhaps only a little bit. There's a difference in exposure between Things and, say, my PKM notes, archive of scanned documents, email, etc.
Read moreIA PRESENTER PUBLIC LAUNCH
I've used iA Writer on Mac and iPad for years as my main writing environment. I'm typing this in it now. It's strongly opinionated in the right ways: iA made a lot of design decisions on my behalf so that I'm not distracted by the temptation to fiddle with a thousand configuration knobs instead of, well, writing. I leaped at the chance to try an early beta of their new iA Presenter app last year.
Read more