<dd id="77r0n"></dd>
    <th id="77r0n"></th>
  1. <em id="77r0n"></em><em id="77r0n"><acronym id="77r0n"></acronym></em>
    <progress id="77r0n"></progress>

  2. Tuesday, June 16, 2020

    Apple ARM Mac rumors

    The latest rumor is that Apple is going to announce Macintoshes based on ARM processors at their developer conference. I thought I'd write up some perspectives on this.

    Sunday, May 31, 2020

    What is Boolean?

    My mother asks the following question, so I'm writing up a blogpost in response.
    I am watching a George Boole bio on Prime but still don’t get it.
    I started watching the first few minutes of the "Genius of George Boole" on Amazon Prime, and it was garbage. It's the typical content that's been dumbed-down so much that any useful content has been removed. It's the typical sort of hero worshipping biography that credits the subject with everything that it plausible can.

    Tuesday, May 19, 2020

    Securing work-at-home apps

    In today's post, I answer the following question:
    Our customer's employees are now using our corporate application while working from home. They are concerned about security, protecting their trade secrets. What security feature can we add for these customers?
    The tl;dr answer is this: don't add gimmicky features, but instead, take this opportunity to do security things you should already be doing, starting with a "vulnerability disclosure program" or "vuln program".

    Wednesday, May 13, 2020

    CISSP is at most equivalent to a 2-year associates degree

    There are few college programs for "cybersecurity". Instead, people rely upon industry "certifications", programs that attempt to certify a person has the requisite skills. The most popular is known as the "CISSP". In the news today, European authorities decided a "CISSP was equivalent to a masters degree". I think this news is garbled. Looking into the details, studying things like "UK NARIK RQF level 11", it seems instead that equivalency isn't with master's "degrees" so much as with post-graduate professional awards and certifications that are common in industry. Even then, it places CISSP at too high a level: it's an entry level certification that doesn't require a college degree, and teaches students only familiarity with buzzwords used in the industry rather than the deeper level of understanding of how things work.

    Thursday, April 02, 2020

    About them Zoom vulns...

    Today a couple vulnerabilities were announced in Zoom, the popular work-from-home conferencing app. Hackers can possibly exploit these to do evil things to you, such as steal your password. Because of the COVID-19, these vulns have hit the mainstream media. This means my non-techy friends and relatives have been asking about it. I thought I'd write up a blogpost answering their questions.

    The short answer is that you don't need to worry about it. Unless you do bad things, like using the same password everywhere, it's unlikely to affect you. You should worry more about wearing pants on your Zoom video conferences in case you forget and stand up.

    Friday, March 06, 2020

    Huawei backdoors explanation, explained

    Today Huawei published a video explaining the concept of "backdoors" in telco equipment. Many are criticizing the video for being tone deaf. I don't understand this concept of "tone deafness". Instead, I want to explore the facts.

    Wednesday, March 04, 2020

    A requirements spec for voting

    In software development, we start with a "requirements specification" defining what the software is supposed to do. Voting machine security is often in the news, with suspicion the Russians are trying to subvert our elections. Would blockchain or mobile phone voting work? I don't know. These things have tradeoffs that may or may not work, depending upon what the requirements are. I haven't seen the requirements written down anywhere. So I thought I'd write some.
    斗地主棋牌赚钱提现金 提现扎金花 捕鱼赢现金技巧 真人在线棋牌炸金花 真钱扎金花游戏 网上炸金花技巧 元气棋牌 炸金花在线玩 宝博棋牌现金打鱼下载 街机捕鱼达人手机版下载 提现斗地主注册送钱 手机现金斗牛能提现 天天捕鱼游戏手机版 下载捕鱼送金币 真人欢乐捕鱼最新版