Getting your brain back

Luckily, this problem has a solution: I call it Getting Your Brain Back, but it is a time-honored problem that has been solved by many people in the past. Originally limited only to company CEOs and world leaders, the excess of information has trickled down to the rest of us. To survive in this flood, we need to learn how to swim, in much the same way as busy and important people have always done.

~ Peter Adeney

…and just how bad have things become? Try this short TED talk:


Data privacy is not about consent

For example, as part of GDPR, we’re now constantly seeing pop-ups that say, “Hey, we use cookies — click here.” This doesn’t help. You have no idea what you’re doing, what you’re consenting to. A meaningful choice would be, say, “I’m OK that you’re using cookies to track me” or “I don’t want to be tracked but still want to enjoy the service” or “It’s fine to use cookies for this particular transaction, but throw unnecessary data out and never share it with others.” But none of these choices are provided. In what sense is this a matter of choosing (versus mere picking)?

~ Scott Berinato

One cannot legislate morality. GDPR does nothing to change people’s morals. The same people are still working within those same corporations with their same unconsidered morals. A new law simply changes the playing field in which those same people continue working towards the same goals they already had.


Don’t turn on two-factor authentication

Before you require a second factor to login to your accounts, you should understand the risks, have a recovery plan for when you lose your second factor(s), and know the tricks attackers may use to defeat two-factor authentication.

~ Stuart Schechter

I repeat: Do not enable two-factor authentication until you understand how it works and what you are doing. You know who is usually locked out of your car, house, etc. right? You are!

This is a great article surveying a myriad of things you should consider before enabling two-factor security. Yes, it is more secure, but that means it is also more likely that you’ll lock yourself out, permanently.


Are you currently really good at keeping track of passwords and security questions?
Do you use a unique password for every service and web site?
…are the answers to your security questions completely random things you made up and stored in your security system, or did you really use your easily-learned mother’s maiden name?
…and is your “security system” not post-it’s on your monitor, but rather a real, secure, system?

And how about…

Do you have a system in place to give your beneficiaries access to your stuff—and ways to permanently lock-and-destroy things you don’t want passed along?

…if not, then turning on two-factor is not a good idea. You’re about to make things even more complicated when you are currently not doing the basic things well. Instead of blindly enabling two-factor authentication, you should move off of the bell curve and stop being an easy traget.

Step one: Learn how to use a password manager like 1Password or LastPass, and start using unique passwords.


News addiction

After a couple weeks without news, I got past the hump and wasn’t craving it so much anymore. At this point I began reflecting on the habit from a distance, and I made the following observations …

~ Steve Pavlina


I substituted a syndication reader‡ and never looked back. I now read only the sources I want, when I want. Nothing beats my morning caffeine accompanied by a scroll through my feed reader. NOTHING I read is a “standard” news source. :)

‡ I suggest collecting your feeds into and then using Reeder (IOS, Mac).


The bullshit web

The vast majority of these resources are not directly related to the information on the page, and I’m including advertising. Many of the scripts that were loaded are purely for surveillance purposes: self-hosted analytics, of which there are several examples; various third-party analytics firms like Salesforce, Chartbeat, and Optimizely; and social network sharing widgets. They churn through CPU cycles and cause my six-year-old computer to cry out in pain and fury. I’m not asking much of it; I have opened a text-based document on the web.

~ Nick Heer

This is a long, in-depth read. You will be an immensely more well-informed user of the Interwebs after you read it— about six times.

Meanwhile, have you heard of the magical analysis tool that is ? You have now! Start dropping your favorite web sites into its analysis magic, sit back and weep at what we’re using the Internet for.

These screenshots are just the tip of the iceberg. GTMetrix shows an insane amount of detail.

This. Shit. Has. To. Stop.


We need to remake the Internet

I don’t believe our species can survive unless we fix this. We cannot have a society, in which, if two people wish to communicate, the only way that can happen is if it’s financed by a third person who wishes to manipulate them.

~ Jaron Lanier

Hear! Hear!

Take control of your use of the Internet — that is to say: Do not let it control you. Choose what apps, sites, etc you use. WHENEVER YOU CAN, PAY FOR SERVICES AND APPS. If something is free, then realize that YOU are product being sold to whomever is paying for the service.


Election hacking

Security is never something we actually want. Security is something we need in order to avoid what we don’t want. It’s also more abstract, concerned with hypothetical future possibilities. Of course it’s lower on the priorities list than fundraising and press coverage. They’re more tangible, and they’re more immediate.

~ Bruce Schneier

I think the only thing “protecting” us from someone successfully hacking an election, is the sheer number of polling places. You’ve voted, right? Sure, it’s a busy spot with maybe a dozen machines and hundreds of poeple… but there are thousands and thousands of polling places, and the voting machines are not networked. Yet.

Don’t misunderstand: This is security through obscrurity, is not actually security at all, and is a recipe for disaster.

Data ethics

This is like lashing a rope around the cracking foundation of a building. What we need is for an ethics of data to be engineered right into the information skyscrapers being built today. We need data ethics by design. Any good building must comply with a complex array of codes, standards and detailed studies of patterns of use by its eventual inhabitants. But technical systems are today being built with a minimal concern for compliance and a total disregard for the downstream consequences of decades of identifiable data being collected on the babies being born into the most complicated information ecology that has ever existed.

~ Colin Koopman

Presented without commentary.

So obscure it confused _ME_

I think the problem is more subtle. It’s an example of two systems without a security vulnerability coming together to create a security vulnerability. As we connect more systems directly to each other, we’re going to see a lot more of these. And like this Google/Netflix interaction, it’s going to be hard to figure out who to blame and who — if anyone — has the responsibility of fixing it.

~ Bruce Schneier

I had to read the entire thing twice.

I’m on a “security” tirade here for a few days, so here’s my strategy for security: Get off the peak of the bell curve.

If someone wants your stuff, they will take it. Actors can always, if sufficiently motivated, apply more resources than you have available for defense. Therefore, one should not bother defending (worry, spending crazy amounts of resources,) against a “motivated” attacker. Instead, deploy defense in depth and then make incremental improvements everywhere.