I'm moving my mastodon account over to https://librem.one. If you want to follow me going forward, you can find me at https://social.librem.one/@kyle #LibremOne #privacy
Awesome #lfnw talks today @kylerankin! Very inspiring and helpful. Thanks!
Interesting that Sri Lankan govt. response to the terrorist bombings includes temp blocks on FB, Instagram, WhatApp and other social media both to "stop the spread of misinformation" and "to prevent further extremist attacks and retaliatory violence." https://www.nytimes.com/2019/04/22/world/asia/sri-lanka-bombing-explosion.html
@kylerankin So ultimately human teachers become a luxury good and cash-strapped school boards save money by hiring fewer teachers and buying heavily-subsidized tech to replace them.
@kylerankin You see this in Silicon Valley today. Tech billionaires send kids to private schools that tout being tech-free and hands-on with human teachers.
@kylerankin Of course they are using Chromebooks, so Google gets to share in the data bonanza.
Zuckerberg funded FB engineers to make a "personalized learning" platform for Kansas kids. Besides the educational concerns, how much personal data is this program storing indefinitely? Who gets access to it? #privacy https://www.nytimes.com/2019/04/21/technology/silicon-valley-kansas-schools.html
How exactly do you "accidentally" write software that logs into an email account, pulls down the contact list and stores it in a FB database? #privacy https://www.businessinsider.com/facebook-uploaded-1-5-million-users-email-contacts-without-permission-2019-4
@kylerankin I'm encouraged by the new emphasis on ethics in engineering and how many engineers are starting to speak up (or vote with their feet) when companies order them to build unethical machines.
Software engineers are indoctrinated to believe: "People only hate ads when they aren't relevant." This doctrine has led to over 20 years of mass data collection. It's a lie, and if more engineers dared to question it, we'd get a lot further on #privacy.
@kylerankin 3: Great early post-mortem given circumstances. Affected servers, what attackers did, what Matrix did, what users should do, timelines, promises of more detail later.
@kylerankin 2a: One approach is CI signing/shipping code to dev repo, admin logs into prod to trigger prod pkgs sync from dev to prod. Make attacker have to backdoor the code itself.
@kylerankin 2: Many #devops orgs deploy to prod straight from CI. Jenkins is red team gold. Always separate dev/prod completely. Dev access should never lead to prod access.
@kylerankin Takeaway 1: Matrix response to take down prod, rebuild from scratch in relatively short order, is commendable and all orgs should be aim to be able to do the same in similar circumstances.
This post-mortem of today's Matrix prod compromise is great for its transparency and cautious response. Also a clear demonstration why dev infrastructure (Jenkins or otherwise) should not be allowed to access prod. #keepemseparated #infosec #devops https://matrix.org/blog/2019/04/11/security-incident/index.html
Will Google be contributing to the #FOSS "community" software these companies are named for, or the proprietary "enterprise" software these companies sell and spend most of their efforts on? #opencore #devops https://www.zdnet.com/article/google-challenges-aws-with-open-source-support/
@kylerankin In short, why stop with killing the stalkerware industry when you can kill the worst parts of the adtech industry too?
I hope @evacide can kill stalkerware. Solving for that threat solves so many others. Real solutions would also stop general-purpose tracking from far too many phone apps (and phone vendors). #privacy https://www.wired.com/story/eva-galperin-stalkerware-kaspersky-antivirus/
If marketing is a conversation, then Social Media marketing is a conversation with Apollo Robbins https://www.youtube.com/watch?v=LoUSO_Mj1TQ
Linux sysadmin and security geek, author of Linux Hardening in Hostile Networks, and Linux Journal columnist. CSO at Purism