Good advice, doomed to be wasted on folks who just want a quick, easy solution that lets them move on to the next item on their To Do list…
I cringe when I hear self-proclaimed experts implore everyone to “use a password manager for all your passwords” and “turn on two-factor authentication for every site that offers it.” As most of us who perform user research in security quickly learn, advice that may protect one individual may harm another. Each person uses technology differently, has a unique set of skills, and faces different risks.
…because who wants to spend time thinking about all this stuff:
In this article, I’ll start by examining the benefits and risks of using a password manager. It’s hard to overstate the importance of protecting the data in your password manager, and having a recovery strategy for that data, so I’ll cover that next. I’ll then present a low-risk approach to experimenting with using a password manager, which will help you understand the tough choices you’ll need to make before using it for your most-important passwords. I’ll close with a handy list of the most important decisions you’ll need to make when using a password manager.
Visiting the comment thread on the Bruce Schneier post to see just how many different ways a bunch of (presumably) bright people can devise to avoid using a password manager in favour of their own home-brewed solutions.
[Via Schneier on Security]
I’m more than a little in awe of some of the pieces of work laid out in Explaining Code using ASCII Art.
Fine work by all involved.
[Via Accidental Tech Podcast]
Geoff Manaugh opens his story about spending six months following round a professional safecracker with an image that might have been hand-crafted to get my attention:
The house was gone, consumed by the November 2018 Woolsey Fire that left swaths of Los Angeles covered in ash and reduced whole neighborhoods to charcoaled ruins. Amidst the tangle of blackened debris that was once a house in the suburbs northwest of Los Angeles, only one identifiable feature stood intact. It was a high-security jewel safe, its metal case discolored by the recent flames, looming in the wreckage like the monolith in 2001: A Space Odyssey.
No mysterious alien structures show up in Manaugh’s story, but it’s interesting just how much demand there apparently is for a legal safecracker. Me, I’ve never owned a safe in my life and don’t have anything I’d want to keep in one if I did have access to one.
Coming soon (with any luck) to a screen near you: General Magic, A Documentary Feature:
Judging by the trailer, John Sculley is not going to come out of this smelling of roses.
General Magic, the upcoming documentary, is a tale of how great vision and epic failure can change the world. The film features members of the original Mac team along with the creators of the iPhone, Android and eBay.
These designers, engineers and entrepreneurs saw the future decades before it happened. General Magic captures the spirit of those of us who dare to dream big and the life-changing consequences when we fail, fail again, fail better, and ultimately succeed.
I realise it’s not going to be showing up in my local multiplex: I’ll settle for it eventually turning up somewhere I can (legally) pay for it, download it and watch it.
[Via Cake, via Extenuating Circumstances]
Note to self: if you’re going into business with David Heinemeier Hansson have all your ducks lined up and know what you’re doing. Because otherwise, he’ll end up calling you out for your failings online:
[…] Now I’ve ended up writing a long tirade, and I completely accept that some people might gag with summary like: “So they gave you a bunch of money, fucked up a few things, but now the books are back in stock, so why do you care?”. Because I do care. Because we didn’t write this book primarily to make money, but because we had something urgent to say, and wanted as many people as could benefit from that message to hear it. But yes, I’m writing this to process my own frustration, if not outright rage, as well.
A bridge pretty thoroughly burned, I’d say.
There’s a certain amount of irony in the proposition that one response in the comments on Jeff Atwood’s post commemorating the 10th anniversary of the launch of Stack Overflow was to suggest that the post be marked as a duplicate of https://stackoverflow.blog/2018/09/27/stack-overflow-is-10/.
I think Jeff Atwood puts it best himself:
Interesting, so we can close posts as duplicates across completely different websites now? Fascinating. I hope all websites on the internet get the memo on this exciting new policy!
For what it’s worth I’m the most amateurish of programmers, and over the years I’ve found Stack Overflow immensely useful. Read the answers carefully and there’s an astounding amount of useful information in there.
On my radar, for if (when) Evernote stumbles: Standard Notes
A writing experience unlike any other. Standard Notes is free to use on every platform, and comes standard with cross-platform sync and end-to-end privacy. For those wanting a little more power and flexibility, we created Extended, which unlocks powerful editors, themes, and automated backups.
There’s an argument to be made that Evernote has been stumbling from the moment it aspired to become a Unicorn, but I’m thinking more of the way the company recently started haemorrhaging senior executives and seems directionless. The only saving grace it has right now from where I’m sitting is that it isn’t OneNote, which I have use of at work and which plainly satisfies the needs of lots of people who are deeply tied into the Microsoft Office ecosystem but which definitely isn’t for me, especially not when I do my personal computing nowadays on iOS.
[Via 4 Short Links, via Things That Have Caught My Attention]
Darius Kazemi might just be some kind of evil genius:
I gave a talk at CornCon 2018 about the history of the cron utility in UNIX systems, in the character of a man who gradually realizes that he is not speaking at CronCon, a conference about the time-based scheduler, but rather at CornCon, a conference about the cereal grain, also known as “maize”. Thanks to Casey Kolderup for taking video, and Jen Tam for hosting me.
Be sure to follow the link to see his entire performance. The moment when he started on the significance of root in the two contexts at hand, I just lost it.
[Via A Whole Lotta Nothing]
As of Google Chrome version 69, Google are treating being logged in to any Google service as the same thing as being logged in to Google Chrome:
Most Google services have for me this in common with Facebook: these services are too deeply integrated and impossible to use in part or isolation. It’s either the entire system or nothing, based on how the question of consent is approached. You would like to use GMail (logged in obviously) but Google search, Youtube, Chrome etc without a login? No can do. You selected strict settings in Facebook for your profile data? You’re just an API/permission redesign away from having your choices nullified. Part of me feels that this Chrome shared computer issue that Googlers mentioned is real, but it’s also just too convenient to solve this by tieing Chrome closer to Google, you know? Note to Google: any time you find the software engineering decisions you’ve made being compared with those made by Facebook, that’s probably not a good thing for your end users these days.
[Via Extenuating Circumstances]
From Memex 1.1:
“More fiction is written in Excel than in Word”
Amen to that, brother.
Sometimes by design, sometimes by accident.