Andrew Ford Lyons is a user on You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

Andrew Ford Lyons

What's a good domain name for blog of current, real infosec disasters written about in a 3rd person fiction narrative style?

Rearrange those deck chairs on the Titanic. And keep rearranging them. Don't give up until they're in the shape of another boat.

Sometimes you need to run a social engineering campaign to convince people of things that are true and to do things that are actually helpful.

I like putting my calendar on "daily view" on the days where no meetings are schedule and every once in a while between tasks, just toggle over to it to marvel at the still open vista.

Dystopia is populated with buskers on packed trains at rush hour.

If you get enough office chairs together and put a sheet on top and climb inside, you've basically beat your work's open office plan.

Office temperature battles is one more point against open-office floor plans.

Jean-Paul Sartre must have gone to the British seaside town for the weekend to share an Airbnb with other people.

Other people's panic is not your emergency. Let them work through it and get back to you on the other side.

John Parry Barlow is being remembered a lot on Facebook and Twitter platforms, but I think this one is far closer to the internet he had in mind, architecturally.

Just sayin' people do actually trust mobiles to use private encryption keys on them now since we all use encryption apps.

Every so often people remember that Facebook and Google are data gobbling behemoths and have a freak out. Then these platforms will push out more things that make people giddy about how easy something became, and it will go away for a while. It's a mass psychology boomerang.

Getting angry is great for inspiration for movements, but it seldom solves anything if it isn't shortly followed up by objectively assessing the problem and taking some rational action.

I find Gandi's "no bullshit" strap line increasingly ironic. It's UX, tick boxes, data requirements and entire workflow is just barely behind Godaddy in terms of ridiculousness.

The Yahoo address is for things you'll never look at; the Hotmail address is for the other accounts you don't want any association with; the Gmail address is to make it easy on your contacts and yourself; the Protonmail account lets them think they're special to you; and GPG is to make them work for your attention.

How are people finding people they want to follow on Mastodon?

Searches, people sharing their profile link on other networks, skim reading the local or global timeline?

What gets you the interesting feeds?

The publicly advertised open procurement process for digital is by-in-large a broken model that many organisations still pretend they're using.

Either they do use it as advertised and produce sub-par, short lifespan work, or they are going through recommendations and a small, cultivated and tested community of trustworthy providers (usually with 1 in mind that ticks all the boxes for what's needed), getting the desired results and spinning yarns in the procurement documentation.

I made an InfoSec 2018 calendar for people who made digital security their new year resolution and then promptly forgot about it because where to start? Semi-arbitrary monthly things to do.

Every time I mention Wire, someone gets all up in my timeline about how it leaks metadata and that Signal is the most secure. Having to use your phone number is a pretty impressive hunk of metadata to leak, yo.

"But there are workarounds!" If your first response is to suggest a *workaround*, you've ignored the fundamental design flaw.

Of course, neither of them use #IPv6, so it's hard for me get excited about either one. I go where my friends are (firmly entrenched).

Globalist manifesto: Everyone should all be on ISO 8601 calendars and Swatch time. More to follow as they occur. Or not.