security

pi-hole.net pi-hole.net
image from pi-hole.net
Pi-hole: A black hole for Internet advertisements
I'm a big fan of goofing around with a Raspberry Pi. At times I've used mine as a game emulator, media center, and caller ID server. Recently it has been sitting in a box, but now it's a DNS server that blocks ads on my home network thanks to Pi-hole. Pi-hole is software you install on a raspberry pi that filters the addresses you or your devices request through shared lists of known advertisers. It's simple to set up and it just works. I'm seeing 98% fewer ads across the web—no browser ad-blocker required. Once installed it has a nice web admin interface and it gives you statistics about which domains have been blocked. (8.7% of all my DNS queries have been blocked as I write this.) It was also easy to add my favorite ad-supported sites to a whitelist so they'll still get paid. It does bother me that this kind of tool leads to a nerds vs. everyone else experience (great interview, btw) but tracking, malware, and general browsing performance has gotten so bad due to ads that we need these tools. If you already have a tiny computer, Pi-hole plus an hour to set it up on a weekend will improve your web experience.
Recommended · Feb 19th, 2019, 12:04 am
washingtonpost.com washingtonpost.com
Food inspections by the FDA have been sharply reduced, alarming critics
We have recently had regular E. coli outbreaks while the FDA was fully staffed. It seems like a bad idea to understaff them right now.

Update (1/11): Oh good.
Recommended · Jan 10th, 2019, 6:40 am
Medium Medium | Javascript
image from Medium
Exploiting developer infrastructure is insanely easy
The headline is a little alarmist, but this is a great explanation of some bitcoin scam code that someone placed into a popular node package. I agree that building businesses on top of volunteers is not sustainable and I hope the Node community can work on a solution. Reusing community code is a fast way to develop but you trade away some security.
Recommended · Nov 27th, 2018, 7:54 am
Freedom to Tinker Freedom to Tinker
End-to-End Verifiable Elections
With elections on our minds (vote Tuesday!) here's Ed Felton describing a new voting system called E2E-V. I'm not sure I get the nuances of the coin-flip challenge voters but it sounds like a much better system than our current black-box, insecure, privately owned machines. And of course my favorite system is Oregon's statewide mail-in system. I'm sure it's not as secure as end-to-end verifiable cryptography but I think the convenience and ease of understanding how it works means more people participate.
Recommended · Nov 5th, 2018, 8:11 am
Strange Loop IP Spoofing Talk

An engineer at Cloudflare shares some data from the front lines of fighting DDoS attacks. He also makes the connection between DDoS and service centralization and offers some potential solutions. (Unfortunately I don't see any incentive for big companies to fix this problem.)
Oct 7th, 2016, 9:03 am
Jun 16th, 2016, 5:00 pm
  • Let's Encrypt
    This is a fantastic idea! You install a bit of software on your server to automate the security certificate garbage. It'd be great for low-stakes sites where the hassle of setup is the barrier.
Dec 4th, 2015, 5:00 pm
  • Apple: Untrustable « random($foo)
    Leonard has a great summary of the Apple security problem: "Either Apple’s security was so incompetent or negligent that they have not been aware of what was going on, or they knew, but actively ignored the issue and decided that it was not worth fixing."
Sep 10th, 2014, 5:00 pm
Apr 9th, 2014, 5:00 pm
  • Keybase
    This looks like a nice stab at making public key cryptography more user-friendly.
Mar 6th, 2014, 5:00 pm
Feb 5th, 2014, 5:00 pm
Sep 26th, 2013, 5:00 pm
« Older posts  /  Newer posts »
Showing 13 through 24 of 60 posts tagged security.