Adventures in Metered Internet Access #

April 20th, 2015 2:23

I’m spending the month driving around New Zealand and I figure I’d write about one interesting tech travel challenges (and one of the major reasons that I’m in the process of switching to Linux from OS X). Those specifically interested in my yak shaving experiences on getting Linux set up on a Lenovo X250 of course can follow along, but this will be more focused.

I am currently on “Milford Sound Lodge Internet Access” which is a pretty decent satellite connection (about 20KB/s) considering that cell phone reception ended over 100km back (I have a Vodafone and Spark prepaid sims for this trip). The pricing is tiered, and the best per-MB pricing is 50MB for 10NZD (0.20NZD/MB) – I’m on day 2 and my third voucher right now. The captive portal is a short code provided by receipt-printed vouchers, and it’s actually pretty good/reliable as far as these things go. The portal itself is a simple Python cgi-bin, and I wouldn’t be surprised to find it backed by a solid embedded FreeBSD setup (curiousity got the better of me, It’s running an ancient Debian Linux (2.6 kernel), the web server is lighthttp).

I haven’t bothered using my Macbook Air – it chewed through 20MB of even more expensive internationl airplane wifi in a matter of minutes. There’s no way for me to effectively control all the various daemons or lock down the network (Little Snitch tracks and shows me everything, but inexplicably gives me know way to go into a lockdown mode).

I’m running Ubuntu 15.04 on my X250 at the moment. iptraf and iftop work well for tracking connections, and nethogs lets you see connections on a per-process basis. OOTB, things were decent – I wrote a script to stop unattended-upgrades and dropbox to avoid any surprises, however a few surprises: avahi-daemon doesn’t seem to stop chattering even when turned off. It’s purely local, but it was running up charges so I ended up uninstalling it for now. The other thing that was (not surprising) was that both Chromium/Chrome and Firefox chew through networking with their auto-updates. I could probably disable the updates (there may be other extensions as well though) and various syncing things, but instead I’m using uzbl at the moment (surf and vimprobable are other options) for lightweight browsing. I’m also using elinks (links/lynx as backups), which is much more efficient, of course. On my yak-shaving list: finding a terminal-based webkit browser, setting up a travel Firefox profile w/ uBlock, Noscript, images and all updates disabled for travel mode.

Besides the browser hijinks, my current setup is incredibly well behaved – a few bytes for occasional ntp updates that I haven’t been able to track down (it’s not in my init.d…), but I can live with that.

Interesting notes on mobile usage:

It turns out that iOS 8 is almost as badly behaved as OS X on Wifi. I turned off “Background App Refresh” and scoured all the other settings available to me, but iOS still ate up 5MB+ of data immediately after signing in. I haven’t let it get online again. I must be missing something. I’d assume that there are many places in the world with metered wifi connections?

Android 5.1 is slightly better behaved. You can Restrict Background Data (Settings > Data Usage > Menu), but of course, by default this only restricts cellular, not wifi connections. There’s a separate Network Restrictions option that lets you specify Metered Wifi Networks, however that works. Once this is set (after I burned through a couple MB of data) then it works as expected.

Blog Post #

March 25th, 2015 2:23

Man, I should really post some of these cute pics to a blog or something. Oh yeah, I have one of those!



Desk.pm Review #

January 26th, 2015 7:03

I just picked up a copy of Desk.pm after reading about it on HN. At the base, it’s an ingenious, but long overdue idea – an offline/local blog-publishing tool that adopts the style of a focused-writing editor.

I’m very hopeful that this lowered friction will have me publishing more often. Desk.pm is relatively expensive to drop sight unseen ($30 on the Mac App Store) and still quite young, so we’ll see how it works out.

Current Summary (2015-01-27, v1.1 (5)):

  • While it has potential, it also has a bunch of deal-breakers for me so I can’t really recommend it right now, but this may change as it gets updated.
      • Basic editing stuff is slightly buggy (paragraphs!) or missing (embeds/source-editing)
      • Publishing model feels wrong
  • Be sure to check out the forums: http://talk.desk.pm/c/support/ideas

Here are some thoughts so far (I’ll be adding to this as I use it more)


  • The minimal approach is nice, but there probably should be a bit more of a getting started guide (dismissable, of course). Also, there are a lot of hidden options, like spell-checking and some other globals should probably be something that you can set-up on start.
  • Changing the blog-post title is a lot less obvious that it should be. It took me forever to figure out that it’s under “Rename…” in the File menu or you need to hover over over the topbar and click to rename. It feels like maybe “Rename…” should be replaced with a “Post Info” palette or something, and that there should be an option for having a Title Bar/Field that can auto-hide or stick at the top (especially useful if there’s support for tags, categories, post-date, what have you).
  • Publishing is actually more confusing than I’d like as well. Ideally, I’d like to be able to simply see my state and toggle it. For example, here’s how bad/confusing things are.  Currently, I’m editing a new draft that’s saved in a “Blog”.  Great. However, when I go to “Blog > Publish”, it brings up a sidebar where I have to select my blog again, and then use a pull-down to update the status? As far as I can tell, I have to do this every time I want to update my post. It seems like I should only have to set my publish settings for a blog post in a modal once, and simply be able to publish after that. Also, it seems like I should be able to have some sort of auto-publish behavior or barring that, some sort of way to be able to tell when this saved post is different from my published post. (A slick way would be a diffing view I suppose, but something should show my last saved vs last published time and if it’s different at least).


  • I like the Medium-style inline callouts on selection in theory, but in practice, they’re sort of annoying: I wish I could just disable it. There’s nothing there that I shouldn’t be able to do better keyboard-only.
  • Markdown auto-conversion is nice, although I do wish it was a bit more responsive. Hackpad does a better job of doing per-character vs end-of-line conversion.
      • BUG: Markdown italics doesn’t appear to auto-convert in the editor although it will work once posted.
  • The first thing I did was go to System Preferences > Keyboard > App Shortcuts and add CMD-K for link creation. I don’t know why it’s not the shortcut in the first place. However, sadly, the linking behavior is still a bit broken. If you try CMD-K on an empty selection, it does nothing, which is arguably OK behavior, but if you CMD-K with the cursor within an existing link, it should let you edit it, right? Furthermore, if you create a link with CMD-K and then with the word still selected, try to CMD-K again (say to edit the URL) it fails.
  • Doing things like adding an embed are currently impossible. I would have liked to embed a Desk.pm video, for example, but I can’t. As far as I can tell there’s no “manual HTML insertion” ability or any way to extend formatting (personally, I embed Flickr photos a lot in my posts, also I tend to use a fair amount of <blockquote> and <code> tags (<– see how that’d would be useful there?)
  • Full-screen is nice, but it’d be nice just to have an adjustable defocus/darken feature. 
  • It’d be nice to have preview as a split-screen or a sidebar view.
  • Has some serious indents on lists. Wish there was a way to style the editor.
  • BUG: There is wonky stuff going on with line-breaks/paragraphing…

Keyboard Support:

  • In general, Desk is sadly not as keyboard-driven as I would like, and not in a vim-emulation mode either, but lots of little things like the lack of proper focusing when sidebars come up, and less than ideal formatting shortcuts (compare say vs iA Writer), or the way say the linking popup disappears if you use a clipboard manager (I use ClipMenu) or tab out to grab a link. In general, I would just like to be able to use Desk.pm w/o having to touch my mouse, which doesn’t seem like too much to ask, but currently seems impossible.
  • I wish there was a Keyboard Help keyboard shortcut (cmd-/ or cmd-?)
  • Tooltips should have keyboard shortcuts appended
  • Sidebar panes are not keyboard navigable. Since those panes disappear if you type anyway, it seems like focus should change, and you should be able to get out of a pane then by either using the keyboard-shortcut again, Escape, or clicking the main editor pane.

Firefox Developer Edition #

November 26th, 2014 2:38

I run a lot of browsers – I’ll usually have 3-4 running, a mix of Chrome, Canary, Safari, and Firefox Nightly. With Mavericks, I switched to Safari as my default browser on my MBA due to its power efficiency.  Unfortunately, Yosemite breaks the SIMBL plugin I was dependent on, so it was time to move on.

Chrome has been getting sluggish and I’ve really been liking what Firefox has been up to, but the latest Nightly builds have been not so dependable (I blame e10s but maybe that’s unfair) and since I’m traveling again, daily 90MB downloads isn’t ideal, so I decided to give Firefox Developer Edition a shot.

Turns out, it’s pretty great! It has a dark simple, theme, by default. Is pretty snappy, and the developer tools look great (although at this point I’m so used to Chrome’s keybindings that it’s been a bit awkward switching).

The one fly in the ointment was that 1Password wasn’t playing nice. Luckily, there is a solution. Just upgrade to the latest beta extension and the latest beta version of the app and it’ll work.

If you use Evernote, you’ll also want the beta Clipper that brings it to parity w/ Chrome and Safari.

Lastly, one of the things that I really got spoiled by was Chrome’s particularly elegant “hold CMD-Q to quit” option. While, ever so slightly less elegant, meta-q-override/warn-before-quit does the trick.

I’m currently using Firefox Developer Edition as my new default browser.

Microsoft Band Overview/Review #

October 30th, 2014 8:56

This is going to be a work in progress for the next few days, so feel free to check back (or just ask questions in the comments)… I’ll be making notes my experience with the new Microsoft Band an activity/fitness/slightly-smart-watchish wearable device. I will be making comparisons to the Basis B1 I’ve been wearing for the past year and a half, and maybe some other activity devices as well.

The Basis B1 hasn’t been the worst thing ever, but my band has been falling apart, and in general, everything from the syncing, to the heart rate monitoring, to basic things like telling time is janky/less-than-great. Still, even a couple years on, the Basis is practically the only game in town for a general activity tracker that’s actually more than a glorified pedometer (I previously had a BodyMedia FIT but their form factor and service model was a turn-off).

Earlier this year, I finally received my long delayed, Amiigo wristband, which, while making big promises, ended up being a pretty half-baked disappointment. I kept using my B1.

Last month, Basis (acquired by Intel earlier this year) announced their new tracker, the Peak. It promised a much improved heart rate sensor that would be useful for fitness tracking, Bluetooth Smart connectivity, 4 day battery life, and 5ATM water resistance (good enough for swimming laps). It also promised a host of software improvements, including sleep-cycle detection, better alerts/habit forming reminders, and some smartwatch style notifications and alerts in the unspecified future.

While the BodyIQ automatic activity tracking (walking, running, biking, and sleep) they introduced a while back actually works pretty well, the Basis has had many long-standing unsolved problems. The support forums are filled with requests begging for features that are always “not ruled out as a future feature”, but over the past couple years, these new features have never been implemented. My personal bugbear is that the Basis doesn’t actually update time/time-zone except after completing the interminably slow full-sync. This means that you can’t update the time on the watch if you’re on a plane, or in an international airport or anywhere without several minutes and solid data.

A few weeks ago, the Fitbit Surge leaked and was finally announced. It doesn’t include GSR, skin, or ambient temperature, but has optical heart rate and also GPS tracking, a digital compass, and altimeter. It claims a 5-day battery life and 5ATM of water resistance. Of course, Fitbit has its detractors as well. Some people popped up in the HN thread complaining about the broken app. For me, the biggest drawback is that while Fitbit stores your second-by-second raw biometric data, you need to pay $50/yr to export your information.  While there’s an API, you can only retrieve daily information unless you have “Partner API” access. That’s total bullshit and really precludes me from giving them any of my money.

The Microsoft Band first leaked last night (due to an OS X App Store publishing slipup), and then subsequently was announced last night (along with the website and online purchasing). It includes a nice suite of sensors including a very responsive optical heart rate sensor, GPS (turned on only for workouts), skin temp, GSR, and UV sensor (manually activated). It has apps for syncing via Windows and OS X via USB, and iOS, Android, and WP via BTLE. Battery life is lower than the Peak or Surge (2 days) and it’s “splashproof” and not submersible, but you get some slick alerts and a capacitive (OLED?) display.

Here’s some running commentary:

  • After the Band website had launched, I called a nearby Microsoft Store (in West LA) shortly before closing to see if they would have these in stock tomorrow. I got a “we can’t talk about future products” response, event after telling them I could order it online. What’s crazy is that when I checked the Microsoft Store site later, their main promo carousel was talking about the fitness launch event. After I saw that I just ended up just rolling into the local store in the morning (who knew that even existed?) and they had the displays set up w/ demo models for sizing. Of course, the store was empty, but it still took a bit of waiting around to get helped. Coming from the clockwork customer-oriented efficiency of Apple Stores, the whole shopping experience was a bit surreal to be honest.
  • I set up the Band right outside the store – it took about 10 minutes to do an initial sync and registration via USB on the OS X app and to download the iOS app and pair it with my iPhone 5S. I think the instructions/guidance could have been a little better, but I didn’t run into any problems – it all worked rather pleasantly, and I was up and running. Syncs/updating preferences from the apps have all worked quickly and seamlessly, which is very different from the sluggish/always-seems-like-it’s-going-to-fail feeling I get when syncing my B1.
  • I spent most of the day wearing both the Band and B1 on my left wrist. I first went walking counting 100 steps a couple times, and both devices did a pretty good job (+/- 2 steps).  When I checked, the B1 was at 1035 and the Band was at 360 (+675). Right now, the B1 is at 3602 and the Band is at 2958 (+644). That’s pretty good.
  • The heart rate sensitivity looks very good – the numbers between the two seemed to be pretty similar between the B1 and the Band, however, while the B1 was static, the Band looks like it refreshes every second on the main screen. That being said, it seems to be pretty sensitive to position/how secure the device is on the write. Right now when drilling into the details (tap on the main screen, two swipes left) was “locked” vs “acquiring” about half the time. Locking seems to take about 3s on average. Earlier in the day this seemed a lot better. It seemed to be very responsive when I was trying a workout.
  • The UI on the Band itself is pretty good – swipes are responsive and it wasn’t hard to figure anything out. You sometimes have a dialog to choose from (alarms, notifications, etc).  The only really annoying thing so far is that you need to press the somewhat inconvenient center button to activate the device. I wonder if it’d be better on the left corner (since the way it’s shaped means it’s less embedded there) or if there’s a way for a purely capacitive unlock (like a full swipe, or even a tap). The tiles metaphor works great – these tiles (and all notifications) are also completely customizable (order, on/off) from the mobile app. There’s a watch mode which shows the time, but it’d be nice if there was an option for the display to be inactive and for it to show the main-screen info when you lift your wrist a-la Android Wear/Apple Watch. Interestingly, it appears to be an LCD, not an OLED (the blacks aren’t true black). I wonder what that means in terms of power consumption for the display.
  • The UI on the iOS app is clean and very Metro-ish. The only real weird thing with it was the “Save”/”Cancel” buttons. I sort of just want to be able to apply or swipe out I guess? Syncing/pushing updates/preferences seems to happen reliably/not take too long. The “Home” screen is not so useful to start out with. A bunch of these aren’t clickable.  I also wish it’d display battery time remaining on the Band device as well.
  • I did a “Run” to test out the GPS and fitness tracking.  It records in your “activity history.” When you start, it enables the GPS, and allows you to start your workout while it gets a fix, or you can wait for the GPS fix (took about 30s). I did a 10-minute walk around the block and it ends up w/ a summary w/ all the information you’d expect (start time, duration, calories burned, pace, avg/hi/lo hr, ending hr,  splits, etc).. .The GPS trace looked pretty good to me:
  • So, that’s all good, but what I haven’t figured out yet is how to access all the passive data it’s tracking. There doesn’t seem to be anything in the mobile app. Here’s the data that the Basis web app provides for example:
    Basis B1 Data
  • I tested some notifications (text, incoming call) and they seem to work fine. There’s a whole bunch built in that you can individually enable/disable (and also remove the tiles entirely from the device. There’s also a notification center tile that presumably shows you all notifications from your phone. I don’t really care/can’t be too bothered by any of that -Google Now/Siri support would be useful, but honestly what I’d most like is to be able to be able to simply tell the Band when to switch modes or annotate activities via voice.
  • The last big thing right now I’d say is comfort. While it’s not that physically bulky, it’s actually pretty dense and feels much heavier than the Amiigo or the B1. Also the shape is awkward – the inside of the main screen/processing unit is completely flat, and the optical HR sensor is raised up on the bottom size. In order to get good readings it seems that you need to make sure it doesn’t wiggle too much so you have to press your wrist into a pretty funny shape.  I’ve actually found that I can’t comfortably wear the Band with the screen facing outward. On the other hand, with the wrist band inward, it makes typing on a desk incredibly awkward.  There’s a adjustable buckle which is clever, but I sort of want to be able to slide it around.  Honestly, it makes me a bit sad because while I really like this device, if I can’t get used to wearing it in the next few days, I’ll probably return it.

My current two questions:

  • Comfort: can I get used to wearing the Band? (it took me a couple weeks to get used to wearing a watch after a decade without one)
  • Data: can I access all the data that the Band is recording
    • You can see the step and HR details when clicking on the Home summaries
    • Other sensors?
    • How is Calories calculated? Is it also extrapolated when you’re not wearing it?
    • Can BMR be factored in?

I’ll be updating this as I use this/discover more, and maybe with some more links as well…

Update 10/31: I went back and added a bit of a description on the notifications and UI. I also wore my band overnight, and got sleep details. The data looks pretty good, although you have to manual start/stop sleep mode for now. Interestingly, it was pretty comfortable to leave on, whereas I never want to wear my Basis in bed. I haven’t been too bothered wearing the Band today, so I may be getting used to it. I’m jonesing to get my data out of the app though…

Update 11/1: I got around to testing out my personal use case of having the correct time on the Band. The bad news: with time “auto set,” you must sync with your phone to update the time. The Microsoft Health app won’t let you sync if you’re not online. WAH WAH.  That being said, you can disable “auto set” and manually update either the time zone or the date/time on the device itself. That wasn’t so hard. Note: Basis has been selling a watch for the past two years where the time can’t be updated without an Internet connection.

Update 11/26: Just a quick update on time zones/travel. Unfortunately, like the Basis, you can’t sync the time to your phone without online access. You can manually set the time, however the issue there is that it’ll show a field for time zones, but you aren’t able to change it. You will have to change the time leaving the time zone, which will actually offset the actual absolute time, probably leading to all kinds of data recording weirdness. Boo-urns.

CITIZENFOUR (Yes, you should watch it) #

October 27th, 2014 10:28

If you’ve been subjected to my tweets, you probably know that I was following the NSA leaks (and larger questions) pretty closely last year. And, since I’m currently back in one of the few cities that Laura Poitras’ new documentary on the subject, CITIZENFOUR is playing, it’s probably no surprise that I went to see it when I got a chance.

The short summary is that it’s a great documentary (currently 98% fresh on Rotten Tomatoes, 89 (Universal Acclaim) on Metacritic) but more importantly, it’s an important film, especially if you haven’t been following along with this story. While some have complained both wasy, IMO Poitras strikes a nice balance that nicely encapsulates the larger story of total surveillance while providing fascinating footage of the initial leaks as they happened (funnily enough, both of these made possible by modern technology).

Seeing this side of the story reminded me of when the leaks first broke last year – I was in Berlin for the first time for work (the PRISM story was literally “breaking news” on the TVs as we were boarding), and we made a toast after dinner to the then-anonymous leaker who without a doubt was totally and completely fucked. I hope it’s not a spoiler to say that yes, there is a scene in the documentary footage that captures that moment perfectly. It’s honestly breathtakingly terrifying, but also extremely thought provoking. Also, spoiler alert, it turns out that even with the tables stacked against you, sometimes you can luck out.

(One last Berlin aside, it was interesting digesting the surveillance revelations walking through the Holocaust and Berlin Wall Memorials, where the spectre of the Stasi is still in living, even recent memory. It was also eye-opening returning to the US and seeing how different the reactions were after a weekend of swapping reactions with Berliners, Germans, and Europeans.)

The biggest shame about the film is that it isn’t showing more widely, but I’m sure it’ll be on all types of digital distribution, licit or otherwise, soon.

  • Godfrey Cheshire (a former chairman of the New York Film Critics Circle) declared in his review (I only read reviews post-facto these days, but this is actually a quite intersting review, beyond the catchy opening):

    Though superlatives can mischaracterize any movie’s qualities, it is not an overstatement, I think, to call “Citizenfour,” Laura Poitras’ film about Edward Snowden, the movie of the century (to date).

  • The Nation just posted a very lengthy (wide-ranging and deep I suppose they’d say) interview with Snowden – it’s one of the more interesting Snowden interviews and if you are looking for more insight into his current political/policy/technology thoughts, it’s well worth the read.
  • For those that like video, Larry Lessig interviewed Snowden the other week at Harvard Law School which is similar in tone/scope to a lot of the other telepresent interviews/Q&A’s he’s done.
  • Glenn Greenwald also gave a fantastic talk on Why Privacy Matters at TEDGlobal this year:

The Future Might Be OK #

October 17th, 2014 9:05

It’s easy to get caught up in the news of the day (right this minute: Ebola epidemic, global economic instability), or the latest big tech announcements (slightly thinner and shinier gadgets) and miss some of the mind-blowing things that continue to happen all around us.

Since I’m posting links:

The Future of Social Networking #

September 29th, 2014 12:25

Ello blew up this week. It’s new and shiny and does some interesting things. That being said, it’s not where social networking or how we use the Internet needs to go.

If you want more reading:

I had posted some of my own initial thoughts, which is that the ideal social network should be end-user controlled and distributed and decentralized. A natural pre-condition is there should be an open protocol, but it’d be worth fleshing out the type of functionality that’s required (I’ll have to revisit some relevant thinking I did in the early 2000s in decentralized SNSs, the mid-2000s on permeability/privacy, and the late-2000s on Y!OS).

FWIW, the more interesting social networking-related project I discovered is an open source, decentralized, massively-distributed 3D simulation engine called Lucidscape. It is explicitly designed for an open metaverse. (See also: Open Cobalt née Croquet)

VR Link Dump #

September 18th, 2014 2:43

Most people I’ve talked to the past year probably aware that VR has been something that I’ve been getting more excited/focused on.


Oh, somewhat unrelated, but an awesome Cashmere Cat set:

Apple: Untrustable #

September 9th, 2014 2:25

As excitement of Apple’s new product announcements dominate today’s press coverage, and the memory of the celebrity iCloud hacks fade to obscurity (already seemingly long forgotten), completely un-remarked and un-addressed at today’s event (a good PR move, to be sure), I felt it might be worth posting some of my personal thoughts on the matter, as the silence from Apple on the issue has been quite disquieting.

To be clear, I’m a long-time fan of Apple design and engineering, and today’s keynote is a reminder of
Apple’s best-in-class in hardware and device software. I also own a not-insignificant amount of AAPL shares, but while I’d like to give them the benefit of the doubt, it seems to be increasingly clear that Apple should not be trusted with my personal information.

It’s famously well known that despite their technical prowess in hardware and software, Apple is just not very good at hosted services. Terrible at it really. From their earliest web-based apps, to their ongoing capacity problems, or their laughable attempts at building social services (Ping, anyone?), Apple’s online components are sometimes passable or on par, but more commonly they are mediocre, not-well thought out, clunky, outdated, or just plain broken; “not serious,” was the phrase a friend used. The problem is that today, the online components are as integral to a product as the device hardware or software. They are bound together, and sadly, the weakest link will cause the chain to break. Also, unfortunately, these traits seem to carry through for security for these services as well, which is definitely serious.

Over two years ago now, a friend, Mat Honan, had his Apple account (and digital life) hacked, in much the same way (via an almost identical vector) as the recent celebrity hacks. He’s a journalist, so he wrote all about it, and got a fair amount of press along the way, appearing on news shows, getting writeups, and generally making a big hubbub about it.

If you’re not familiar with that incident, it’s worth taking a look. Also worth reading is some of the analysis on the latest compromises:

Apple issued a terse official statement last week which denied any “breach” in any Apple systems and claimed that the accounts were compromised due to “targeted attack[s].” From a lawyerly perspective, this is perhaps technically accurate, aimed at deflecting blame and absolving responsibility, if not liability. Of course, like most such statements, especially looked at in context of the afore-mentioned writeups, it is quite misleading.

The attacks used to reset passwords via security questions and acquire iCloud access and backups were so frequent and common-place that discussions and communities had formed not just on the darknet, but on public forums/websites.

Either Apple’s security was so incompetent or negligent that they have not been aware of what was going on, or they knew, but actively ignored the issue and decided that it was not worth fixing. I’ll leave it to the reader to decide which scenario is worse.

Today, Apple announced their “Most Personal Device Ever”. They also announced Apple Pay (the only mentions of “security” and “privacy” in today’s event), and are rolling out health tracking and home automation in iOS 8.

Given their feckless track record, would you really trust Apple with (even more of) your digital life?

Some notes:

  • Last week, the same day where the big Apple news was the hiring of designer Marc Newson, Mike Hearn published a fascinating writeup of his anti-spam/abuse work at Google. Maybe unfair, but it struck me as an interesting contrast.
  • Over the years that these compromises have been happening, I haven’t heard of anyone that has been informed by Apple of a compromised account, or any information on their customer-facing forensic abuse team. Ignoring the larger issues of systemic security-holes (Apple can talk about “no breaches” but between non rate-limited/info-leaking endpoints, allowing resets via VPNs, lack of device pinning/access notices, they’ve left the door wide open for widely known attack vectors), what kind of support does Apple give you once your information is stolen?
  • Much hoopla has been made on 2FA. iCloud’s 2FA is less useful than you might think.
  • Not Safe For Not Working On – Dan Kaminsky writes about some of the implications of cloud security; also worth a read is What if I was a cloud? by iBrute‘s author. It’s obvious that cloud services need to seriously rethink how they store and authenticate personal information.
  • If you’re not already using fake security answers to security questions, you should. If you are, it may also be worth considering using a password manager to store unique nonsense answers for those questions