Random links #14

Written on 26 March 2019, 07:01pm

Tagged with: , , , , ,

Kano allows your kid to build their own computer and learn to code. It’s an amazing tool that will help your kids improve their digital skills.

Make your own computer. Then learn to code

*********

Trypophobia is an aversion to the sight of irregular patterns or clusters of small holes, or bumps. Didn’t know this is really a thing…

Lego bumps

*****

Glass vs plastic when it comes to bottled water

When glass is recycled it gets turned in to more glass. It can be recycled over and over and never lose its integrity.
Plastic bottles, however, are not recycled into plastic bottles. The plastic loses its integrity and needs to be turned into something different such as plastic lumber or carpet padding. Because of this, some people say that plastic isn’t truly recycled; it’s downcycled.
Every time a product is packaged in a plastic bottle, jar, or other container, it’s new plastic. All new resources went into making it. Glass jars, on the other hand, can be made from recycled glass. 

https://www.mnn.com/food/healthy-eating/blogs/glass-vs-plastic

******

Protanomaly: a type of red-green color blindness in which the red cones do not detect enough red and are too sensitive to greens, yellows, and oranges.
As a result, greens, yellows, oranges, reds, and browns may appear similar, especially in low light. It can also be difficult to tell the difference between blues and purples, or pinks and grays. Red and black might be hard to tell apart, especially when red text is against a black background. Read more

******

How to Build a Successful Career in Information Security / Cybersecurity
Some great advice from Daniel Miessler:

  • learn to code
  • build your lab
  • build your portfolio of projects (make sure you own your data)
  • practice with bounties
  • get involved – contribute to open source projects
  • be active, engage in conversations
  • network with others
  • participate to conferences
  • find a mentor
  • get certified:
    CISSP is the closest thing to a standard baseline that our industry has. It’s actually better than a computer science degree in a lot of organizations
  • most importantly: have passion!


Some notes following the Identity Management Europe event, 14 March 2019, Frankfurt.

  • Ever wondered which are the biggest risks that we face? According to the World Economic Forum, a massive data fraud/theft or a large scale cyber attack rank in Top 5 most likely global risks, while the large scale cyber attack has the 7th most devastating impact. Worrying, no?
  • The fraud triangle: pressure (motive) – rationalisation – opportunity
  • Need-to-know – has strictly limited use cases (it comes from the military). In real life, we want the information to flow – don’t kill the business. There is always a fine balance between over-entitlement (leading to security risk) and under-entitlement (business risk).
  • MFA with yubikeys is the Graal of authentication – superior to everything else.
  • NIH: Not invented here: the strong bias against ideas from the outside.
  • Build vs buy: the main advantage of ‘buy’ is the fact that it allows the customer to concentrate on their core business.
  • In the cloud infrastructure there is the concept of zero trust. Deny all by default. Never trust. Always verify. Never trust the client. Never trust the server. Never trust the network.
  • Friendly reminder that the cybercrime became a 1.5 trillion business

Some emerging technologies:

Finally, some notes on automation:

  • Robotic process automation can be used for automatic testing (auto-filling of forms)
  • DevOPS (combining responsibilities of DEV, Q&A and OPS) – only possible if a big chunk of the work is automated
  • Workflow: Code > Build > Test > Deploy > Monitor – all of this automated (maybe except for the coding part 🙂 )
  • Remediation using automation: service not responding: auto-restart; load spike: auto scale instances; service fail: redeploy a new instance
  • Use automatic monitoring tools to detect bugs before your users (Splunk)
Rainy Frankfurt

Random links #12

Written on 12 March 2019, 09:27am

Tagged with: , ,

I believe that the Airpods success can be explained by the bandwagon effect: “the rate of uptake of […] trends increases the more that they have already been adopted by others“. They slowly made their way from mockery to status symbol.

~~~

At first sight, a bank card with a built-in fingerprint reader seems to be an excellent idea, right? You trade the PIN code (something that you know) for your fingerprint (something that you are). From an usability point of view, it’s a major step forward (PIN codes can be forgotten, misplaced, shoulder-surfed, reused, social engineered, etc). But from a privacy point of view things don’t look so good anymore. The initial plans indicate that the users still have to walk in a branch to enroll their fingerprints – which
(probably) means that the bank will get to know your biometric data. Which cannot be reset, as we all know.
A possible alternative is to ditch the bank card altogether and use something that you have with you all the time: your smartphone (see Apple Pay, Google Pay) – in addition to your biometric data which never leaves your device. But this solution is not inclusive: not everybody owns a smartphone.

~~~

The results of this study are really sad and shows that in reality, we are far, far away from secure-by-design principles. “Researchers asked 43 freelance developers to code the user registration for a web app and assessed how they implemented password storage. 26 devs initially chose to leave passwords as plaintext ” (via)

~~~

Read this thread in full. Brilliant

~~~