Category: Uncategorized

In my last blog post, I talked about how a seriously compromised supply chain prevents us from ever building a secure computer. This morning I logged into my Instagram account and found that I had 7 followers even though my account was set to private and 2FA. I’m hoping this is a bug, but even so, it just shows that nothing presents as secure.

Let’s assume – and this is a big assumption – that we can build a secure computer because we now have a secure supply chain. So you buy a CPU, a motherboard, a hard drive, some memory, a power supply, input devices like a mouse and keyboard, something to connect to the Internet with, and a bootable USB stick with the OS of choice on it, for the wiring there are professionals that build them and for more top technology on wiring contact EMS Solutions in Ogden. I won’t go into the specifics of building a computer from these parts, but suffice it to say, you should be asking, “How will I know the OS is secure?” On some level, this is hard to do. Can you imagine reading all those lines of code? Historically, Red Hat Linux 5.2 was insecure. If you installed it with an FTP server running and exposed to the Internets, you would get hacked in days, if not hours. The hacker would just use a buffer over flow attack. For years, SSL, one of the central encryption layers for web browsing, was compromised.

OK, so you boot up your newly built computer with a “secure” OS like Kali Linux or Parrot. You create an account with a super secure, never used before password, and maybe some biometric protection. Nevermind that these OS’s are complicated to use and not consumer friendly. But you can be sure they won’t expose you to the Internet the way something like Mac OS or iOS will with bluetooth, or some other services with file, music sharing and Active Directory.

Are we secure? Well, right now the OS might be asking to run an update to make your OS really secure. However, in doing so, you give up your IP address, and thus an 80/20 chance of giving up your location. So before even getting to this point, you will want to proxy all your connections, but then again this begs the question: how can you even trust the proxy? Does chaining proxies you can’t trust equal security?

Let’s assume we trust a company like NordVPN or a network like TOR. We’ll also setup and turn on a firewall, too. Great, now we can download software updates. We’re not going to use social media though. That will surely give us away, even when we share an alias account with friends and family. When we browse the web we’ll just be using a browser like Brave with ad blocking with JavaScript turned off because we all know JavaScript is insecure – except for the JavaScript subset, CAJA. When we search, we’ll hope that Duck Duck Go doesn’t give up our privacy. We will use proxies all the time to keep our privacy. Still this will leave some sort of fingerprint. If you go to a website like Am I Unique, you can see if your browsing configuration & habits have set you up to be tracked.

Let’s review what we’ve done:

1. Built a computer with components from a secure supply chain.
2. Used a USB stick to install a secure OS. Make sure you’re account is secured by a password and if your computer has it some sort of biometric protection. We won’t connect to the Internet yet. Nevermind we haven’t even discussed vetting the security of the USB stick.
3. Set up a proxy / tor and firewall.
4. Update the OS.
5. Use a secure browser like Brave.
6. Turn off JavaScript except maybe for CAJA.
7. Use only Duck Duck Go for searching since they supposedly don’t keep records.
8. Don’t use social media. Even an alias can betray you.
9. Check to make sure you’re web fingerprint isn’t unique.

We haven’t even discussed email yet. And your set up isn’t really secure. All I really need is your fingerprint and password. Anyone remember Dark Knight Rises? In my next piece, I’ll discuss secure email. If you’re not using a PGP key to secure your email, it’s not secure. It’s basically yelling in public. We’ll also discuss adding a VM running off of an encrypted key on a USB stick to really secure your computer.

How do you keep up with new music? Spotify? Rdio?

I’d love to know! 🙂

On Instagram, the wildly popular app, and iPhone app of the year, there’s an account run by Afra. She has a cat named Uncle Liu. Apparently, this awfully cute cat will get castrated unless… well, check out the picture of the cat below and then the note Uncle Liu’s owner left.

Can you help? It looks like the only way to get in contact is on Instagram.

This is a polemic against the well-written blog post of Adam Conrad called “Do What You Love or You Will Destroy Yourself.”

The same warning that he applied to his post, I am applying here. There’s lots of stuff, but feel free to skip down to the useful bits at the end.

I start off by presenting what I took away from Adam’s impassioned piece. Like me, Adam had an early career in computing. I wasn’t lucky enough to have the web be the thing when I turned 19, but I knew enough Perl to get a job coding at the university. I used Perl to create mailing labels that would be stuck on envelopes for snail mail.

My aha moment came with a Perl-CGI freelance gig that I got in the 90s. I spent most of the 90s as a sysadmin. When I saw that my code was “live.” That was such a great high and experience. I felt powerful and influential, even though it was just a dentist’s website.

In a similar “listening to my internship moment,” I decided working on the Internet was where I wanted to be. I took about 2 years from this aha moment until I code work as a coder.

Where’s the problem?

My true love in life is philosophy.

For me this means reading and writing in a way that brings up questions and edifies, an existence that sees the beauty of a question not answered, a life that from a coder perspective is highly suspect and irrelevant. How many coders do you know *love* philosophy?

I would honestly love to spend my days having sex, drinking coffee, reading, writing and more sex – with travel and several residences on the Mediterranean coast of Spain and Costa Rica (Pacific side), thrown in.

I lived in such a way for nearly two years without the residences but with travel to London and Rome. The sad, sad truth of it is that there is no money at the end of it, and I ended up very much in debt and almost bankrupt. I just became credit card debt free 2 years ago after starting to learn about investing with mexc uk. *phew*

If you believe that if you do what you love and you will save yourself, you are believing in something that is not true for everyone, and it wreaks of the Cargo Cult. What you love will not determine what makes you thrive; the world figures that out for you.

There’s a bunch of Joseph Campbell crap floating around that goes, “Follow your bliss.” So many people have followed it blindly to their doom. But you know what? “Follow your bliss,” sells books because it makes people feel better.

Let me leave you a quote from one of the great philosophers of the Golden Age of Advertising, Don Draper:

“I hate to break it to you, but there is no big lie, there is no system, the universe is indifferent.”

Here are the take aways and useful bits:

• As a coder you have to be logical and realistic. Don’t let your sources of inspiration lead you astray.
• Doing what you love can either make you thrive or ruin you. If it’s choosing between front-end or back-end dev, you’ll thrive either way right now. Think things through.
• It is all about work-life balance but going all-in makes a great story.

First off, I’m very grateful to my parents for getting me a computer when I was 8. I am not sure where I’d be if it wasn’t for that.

I got inspiration from this HN article and did the same. My #s are way higher.

http://news.ycombinator.com/item?id=2608900

As an experiment, I submitted my resume to Dice, Monster and CareerBuilder seeking a Ruby on Rails application developer position.

The result:

day	calls	voicemails	emails
Monday	46	22	39
Tuesday	58	13	42
Wednesday	23	11	34
Totals	136	46	115

I turned off Monster, Dice and CareerBuilder at 11 am on Tuesday and I’m still getting calls & emails.

Recruiters were submitting resumes to one particular job twice without my permission. This happened 4 times and is definitely unethical behavior. It hurts candidates because you can’t interview at these places anymore.

The question I’ve asked is: How much are you willing to offer?

Most of the jobs are in the 80k – 100k range.

This means that if you got to a startup with no recruiter and are making 120k, the recruiter’s company is making 20k – 40k on the sale of you.

The better recruiters have connections to companies mentioned in Techcrunch and these are at the 130k range and up.

The best rates are at Fortune 500 companies, where 200k is market. Heck, you can get an HTML5 / CSS3 position at one and get that rate.

Another question: How long has this job been advertised?

Sure demand is high, but a great job will never be on the market long. If it’s been there awhile or has been re-branded with a different buzzword, beware.

The technology:

I totally agree with folks who say that Facebook has made us closer, but recruiting technologies and its industry have made hiring managers and candidates farther apart. Someone or a group of people need to create a technology to disrupt this industry of selling people.

http://socialrecruitingreport.com/2011/06/02/removing-the-middle-man/

Recruiters are people who are trying to solve a pattern matching problem with crappy tools, but the better those tools get, the more in jeopardy their jobs are.

How I feel? I feel objectified. It’s hard to swallow the image of a bunch of douchebags submitting your resume for jobs you never applied for.

I guess this is what it’s like to be extremely attractive woman who has just become single. Some of the recruiters are total players and won’t leave you alone when moving on would be more efficient and a better bet. Others are really, really bad, and you can tell they are reading lines from a script.

The recruiters I go with work like this:

1. They tell me *their* story. Why are they in recruiting? What do they want out of life?

2. They really listen. This means asking questions like, “How is Javascript different from AJAX?” Or deciding that what is on paper doesn’t match what they are hearing, and that you’re underselling yourself.

3. They get you lunch for your time. This is totally optional, but very nice.

4. They wrap up the meeting by telling you something about you that you might’ve not known about. E.G. one recruiter told me that I saw myself as more than just my job and that I like to protect people.

5. They are very efficient without seeming so.

What to do instead:

If finding a job is a pattern matching problem, and you are a coder, then code that regex that brings you the job of your dreams.

You’re looking at 20k – 40k more / year if you can just cut out the middle.

{EAV_BLOG_VER:b09730a5ab0973e6}
I’m currently hooked on this virtual stockmarket for Social Media: empireavenue.com.