- LibreSSL — OpenBSD take on OpenSSL. Unclear how sustainable this effort is, or how well adopted it will be. Competing with OpenSSL is obviously an alternative to tackling the OpenSSL sustainability question by funding and supporting the existing OpenSSL team.
- Game Mechanic Explorer — helps learners by turning what they see in games into the simple code and math that makes it happen.
- HMRC to Sell Taxpayers’ Data (The Guardian) — between this and the UK govt’s plans to sell patient healthcare data, it’s clear that the new government question isn’t whether data have value, but rather whether the collective has the right to retail the individual’s privacy.
ENTRIES TAGGED "security"
The IoT isn't just a new attack surface to get into your enterprise — it's giving the Internet eyes and arms.
Your computer is important. It has access to your Amazon account, probably your bank, your tax returns, and maybe even your medical records. It’s scary when it gets pwnd, and it gets pwned regularly because it’s essentially impossible to fully secure a general purpose computing device. But the good news is that, at least for now, your computer can’t climb up the stairs and bludgeon you to death in your sleep. The things it manipulates are important to you, but they are (mostly) contained in the abstract virtual realm of money and likes.
The Internet of Things is different. We are embarking on an era where the things we own will be as vulnerable as our PCs, but now they interact with the real world via sensors and actuators. They have eyes and arms, and some of them in the not-too-distant future really will be able to climb the stairs and punch you in the face.
This piece from the New York Times has been getting some attention because it highlights how smart things represent an increased attack surface for infiltration. It views smart devices as springboards into an enterprise rather than the object of the attack, and that will certainly be true in many cases. Read more…
LibrePlanet explores hopes and hurdles.
Free and open source software creates a natural — and even necessary — fit with government. I joined a panel this past weekend at the Free Software Foundation conference LibrePlanet on this topic and have covered it previously in a journal article and talk. Our panel focused on barriers to its adoption and steps that free software advocates could take to reach out to government agencies.
LibrePlanet itself is a unique conference: a techfest with mission — an entirely serious, feasible exploration of a world that could be different. Participants constantly ask: how can we replace the current computing environment of locked-down systems, opaque interfaces, intrusive advertising-dominated services, and expensive communications systems with those that are open and free? I’ll report a bit on this unusual gathering after talking about government.
MIT workshop kicks off Obama campaign on privacy
Thrust into controversy by Edward Snowden’s first revelations last year, President Obama belatedly welcomed a “conversation” about privacy. As cynical as you may feel about US spying, that conversation with the federal government has now begun. In particular, the first of three public workshops took place Monday at MIT.
Given the locale, a focus on the technical aspects of privacy was appropriate for this discussion. Speakers cheered about the value of data (invoking the “big data” buzzword often), delineated the trade-offs between accumulating useful data and preserving privacy, and introduced technologies that could analyze encrypted data without revealing facts about individuals. Two more workshops will be held in other cities, one focusing on ethics and the other on law.