Jonkman Microblog
  • Login
Show Navigation

  • Public

    • Public
    • Network
    • Groups
    • Popular
    • People

Notices by Mike Gerwitz (mikegerwitz@social.mikegerwitz.com), page 10

  1. Yale Privacy Lab (privacylab@mastodon.social)'s status on Tuesday, 08-May-2018 15:18:49 EDT Yale Privacy Lab Yale Privacy Lab

    "Of the 146.6 million individuals affected by the breach:
    145.5 million had Social Security numbers exposed.
    99 million had address information exposed.
    27.3 million had gender information exposed.
    20.3 million had phone numbers exposed.
    17.6 million had driver's license numbers exposed.
    1.8 million had email addresses exposed.
    209,000 had credit card numbers exposed.
    97,500 had Tax Identification numbers exposed.
    27,000 had the state of their driver's license exposed."

    https://arstechnica.com/information-technology/2018/05/equifax-breach-exposed-millions-of-drivers-licenses-phone-numbers-emails/

    In conversation Tuesday, 08-May-2018 15:18:49 EDT from mastodon.social permalink Repeated by mikegerwitz

    Attachments

    1. Equifax breach exposed millions of driver’s licenses, phone numbers, emails
      from Ars Technica
      17.6 million driver's license numbers, thousands of ID images stolen in breach.
  2. Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Thursday, 03-May-2018 21:31:12 EDT Mike Gerwitz Mike Gerwitz
    • Sean [main]
    @afterconnery Yes that's a bad problem. Have you seen the EFF's Student Privacy campaign?

    https://www.eff.org/issues/student-privacy
    In conversation Thursday, 03-May-2018 21:31:12 EDT from social.mikegerwitz.com permalink

    Attachments

    1. Student Privacy
      from Electronic Frontier Foundation
      Understanding and using technology is fundamental to education in the 21st century. As a result, many school districts around the country are making use of cloud-based educational platforms and assigning laptops and tablets to students. Almost one third of all students—elementary through high school—already use school-issued digital devices, and many of these devices present a serious risk to student privacy. They collect far more information on kids than is necessary, store this information indefinitely, and sometimes even upload it to the cloud automatically. In short, they’re spying on students—and school districts, which often provide inadequate privacy policies (or no privacy policy at all), are helping them. Now, EFF is spreading the word about companies collecting students’ data and launching a campaign to educate parents and administrators about these risks to student privacy. Children usually have little or no say about which devices they’re assigned, and we believe that the safety of their sensitive personal information should lie in the hands of parents and trusted school officials – not private companies. Learn more in our FAQ. Case Studies Student privacy is about more than data collection and legal protections; it is about real students and their families. What does it look like on the ground when edtech company policies and state and federal legislation interact with students and their data? EFF is interviewing stakeholders across the country to learn more about their experiences with student privacy. Roseville City School District Embraces Chromebooks, But At What Cost? Katherine W. was seven years old, in the third grade, when her teacher first issued Google Chromebooks to the class. When her father Jeff learned about the Chromebooks, he acted quickly and was able to negotiate with his daughter’s teacher so she could use a different computer and not have to use a Google account. But as third grade came to a close, Roseville City School District made clear that there would be no exception made the next year. Many people—including Jeff—assumed that the law would prevent Google from collecting data on his daughter for advertising purposes. But the truth is more complicated. Fewer Resources, Fewer Choices: A School Administrator in Indiana Works to Protect Student Privacy Eric M. is the Director of Technology at a public K-12 school district in a rural area of Indiana. The district is relatively small, with about 2100 students. School administrators like Eric are on the frontlines of student privacy battles, and those at rural schools fight those battles with fewer resources and choices. Looking at student privacy from a rural administrator’s perspective—especially one who specializes in technology—reveals the limitations schools face when they try to protect students online. It also points to how schools can empower students and families to choose how they use technology. A School Librarian Caught in the Middle of Student Privacy Extremes As a school librarian at a small K-12 district in Illinois, Angela K. is at the center of a battle of extremes in educational technology and student privacy. On one side, her district is careful and privacy-conscious when it comes to technology, with key administrators who take extreme caution with any potentially identifying information required to use online services. On the other side, the district has enough technology “cheerleaders” that now students as young as second grade are using Google’s G Suite for Education. School librarians like Angela are uniquely positioned to navigate a middle ground and advocate for privacy. Privacy by Practice, Not Just By Policy: A System Administrator Advocating for Student Privacy When Matt L. started to raise the alarm about educational technology in his school district, he knew it would ruffle some feathers. Matt has had a front-row seat to the increasing use of technology in his rural, public school district. At first, the district only issued Chromebooks to students in guest “kiosk” mode for test-taking. Over time, though, each of the district’s 10,000 students got individual access to school-issued devices. Matt and his sysadmin colleagues are at the center of deploying, configuring, and maintaining Google devices and software for the entire district, giving them opportunities to identify privacy problems with ed tech implementation and to propose solutions. _
  3. Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Wednesday, 02-May-2018 20:46:17 EDT Mike Gerwitz Mike Gerwitz
    Amazon Echo Dot for kids?

    I got an e-mail from Mozilla to put pressure on Amazon to say what they do with the data they collect from children.

    How about educating parents as to why the original Dot is a bad idea, and why this is even worse. These children are defenseless in a #surveillance society without the help of their guardians---having every aspect of their being dissected and analyzed before they even know what is happening or that they should care. By the time they have grown and maybe _do_ care, it is already far too late; they are already compromised. Most of the things learned about children won't change into adulthood. And further, Amazon will help to shape what these children become based on how they interact with Alexa, whether they intend to or not.

    #children #privacy
    In conversation Wednesday, 02-May-2018 20:46:17 EDT from social.mikegerwitz.com permalink
  4. Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Wednesday, 25-Apr-2018 12:45:43 EDT Mike Gerwitz Mike Gerwitz
    • Abbie Normal
    @catonano Ah thank you I was trying to remember the name of mvp. I haven't tried youtube-viewer yet. I just need it on occasion to watch e.g. talks.

    @gyrosgeier Sorry I meant non-free JavaScript _code_. rms summarizes the problem in https://www.gnu.org/philosophy/javascript-trap.en.html. I gave a talk on it at #LibrePlanet 2016 about this and other related issues here: https://media.libreplanet.org/u/libreplanet/collection/restore-online-freedom/
    In conversation Wednesday, 25-Apr-2018 12:45:43 EDT from social.mikegerwitz.com permalink
  5. Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Tuesday, 24-Apr-2018 23:56:28 EDT Mike Gerwitz Mike Gerwitz
    I didn't discover until a few months ago that #VLC has support to playing YouTube videos by URL. I had always used youtube-dl, even if I just wanted to stream a video quick. (YouTube's website is a proprietary web app that does not work without non-free JavaScript.)

    Life is simpler now.
    In conversation Tuesday, 24-Apr-2018 23:56:28 EDT from social.mikegerwitz.com permalink
  6. Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Tuesday, 24-Apr-2018 23:53:08 EDT Mike Gerwitz Mike Gerwitz
    in reply to
    • MMN-o ✅⃠
    • Christine Lemmer-Webber
    @cwebber @up201705417 @mmn This is excellent news!

    Thanks for taking this on, Diogo!
    In conversation Tuesday, 24-Apr-2018 23:53:08 EDT from social.mikegerwitz.com permalink
  7. Christine Lemmer-Webber (cwebber@octodon.social)'s status on Tuesday, 24-Apr-2018 09:53:39 EDT Christine Lemmer-Webber Christine Lemmer-Webber

    Congrats to Diogo Cordeiro on getting a GSoC internship this summer to add ActivityPub to GNU Social!
    https://summerofcode.withgoogle.com/projects/#4717538026455040

    And thanks to GNU Social maintainer mmn-o for mentoring!

    In conversation Tuesday, 24-Apr-2018 09:53:39 EDT from octodon.social permalink Repeated by mikegerwitz

    Attachments

    1. Google Summer of Code
  8. Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Tuesday, 24-Apr-2018 23:50:12 EDT Mike Gerwitz Mike Gerwitz
    • dave stranding
    @dthompson I had the same thing! I found it recently, but not the charger. It's still around somewhere in a box of relics.

    Another relic from what feels like a lifetime ago:

    https://social.mikegerwitz.com/url/37276
    In conversation Tuesday, 24-Apr-2018 23:50:12 EDT from social.mikegerwitz.com permalink
  9. Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Tuesday, 24-Apr-2018 23:32:36 EDT Mike Gerwitz Mike Gerwitz
    If you don't like typing "git" dozens (or more) times a day, I created short 2--3-character commands for Git with Bash completion support. I've been using it for a number of years, and haven't really told many people about it:

    https://mikegerwitz.com/projects/git-shortmaps/about/

    When the cwd is a Git repository, rather than typing `git commit -m foo`, you'd just type `c -m foo`. `git commit --amend` would be `ca`. `git rebase --interactive` would be `Ri`. `git pull` and `git push` are `P` and `p` respectively. And so on. Simply typing `?` will list all of the commands. And tab-completion works as expected with all of these, as if you were using the long Git commands.

    This helps my fingers keep up with my mind and makes CLI work with Git much more enjoyable. Hopefully others can enjoy it as well.
    In conversation Tuesday, 24-Apr-2018 23:32:36 EDT from social.mikegerwitz.com permalink
  10. Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Saturday, 21-Apr-2018 02:20:01 EDT Mike Gerwitz Mike Gerwitz
    Stayed up late learning a little bit about some #Minetest and certain mod APIs to fulfill the requests of my two children: one dragon that "shoots" (spawns) ghosts, and another orange dragon that shoots oranges.

    I don't have time to re-learn 3d modelling with Blender, so we just modified textures of existing dragons of one of the mods during the day (in #GIMP), which they had fun with. I did some hacking during the day, but I needed to do too much research, so it was hard to keep them engaged with a combination of Lua scripting and web browsing.

    So they'll be excited in the morning. I added other small features they won't be expecting and learned (from code) some gameplay features we were unaware of. Maybe they'll get interested in hacking it themselves if I show them how easy it is to make certain tweaks, and if factor any new code I write in such a way as well.
    In conversation Saturday, 21-Apr-2018 02:20:01 EDT from social.mikegerwitz.com permalink
  11. Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Thursday, 19-Apr-2018 23:51:18 EDT Mike Gerwitz Mike Gerwitz
    • Christine Lemmer-Webber
    @cwebber I'm really excited to hear how things go for you, my fellow guinea pi---er, hacker. I'm not switching laptops yet, but I certainly won't until I can be confident it runs GuixSD without critical issues.

    Did you end up getting a USB-C dock? And how's the fan noise compared to the X200?

    I'll rate-limit my questions to you to give you time to play around with it for a few weeks/months. :)
    In conversation Thursday, 19-Apr-2018 23:51:18 EDT from social.mikegerwitz.com permalink
  12. Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Thursday, 19-Apr-2018 23:35:52 EDT Mike Gerwitz Mike Gerwitz
    There's an old project of mine from a decade or so ago that I've been trying to find on and off for many years, with no luck (my entire RAID array was wiped out by a faulty PSU a long time ago). As it turns out, I have it in the form of SVN commit e-mails with diffs from 2008!

    Imagine that.
    In conversation Thursday, 19-Apr-2018 23:35:52 EDT from social.mikegerwitz.com permalink
  13. Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Tuesday, 17-Apr-2018 23:41:14 EDT Mike Gerwitz Mike Gerwitz
    I have hosted my own mailserver (Dovecot, Postfix) for the past 15 years or so, but my mail has always been on a remote server that I also used as my webserver. That sucks because it makes it virtually impossible for me to audit who has accessed it (hopefully only me!). I also have my GNU mail merged with that mailbox using fetchmail on my remote webserver.

    I've had my own local IMAP server (Dovecot) at home for some time and use offlineimap to keep them in sync, mostly for performance. So it was a pretty easy switch to install Postfix locally without a remote relay, enable POP3 on my remote mailserver, and use fetchmail on my local server to pull messages from my remote mailserver over POP3. I kept all bounce (redirect/reject) Sieve rules on the remote box and moved all other rules to my local box. I moved the GNU fetchmail config to my local box. Finally, I disabled IMAP on the remote mailserver and stopped offlineimap.

    I feel much more liberated and comfortable now.
    In conversation Tuesday, 17-Apr-2018 23:41:14 EDT from social.mikegerwitz.com permalink
  14. Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Tuesday, 17-Apr-2018 21:44:01 EDT Mike Gerwitz Mike Gerwitz
    • Christine Lemmer-Webber
    @cwebber Well, sticking with the Arch wiki, I really like this example (using openssl) because it uses pv to display visual progress:

    https://wiki.archlinux.org/index.php/Securely_wipe_disk/Tips_and_tricks#dd_-_advanced_example
    In conversation Tuesday, 17-Apr-2018 21:44:01 EDT from social.mikegerwitz.com permalink
  15. Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Tuesday, 17-Apr-2018 21:29:57 EDT Mike Gerwitz Mike Gerwitz
    • Christine Lemmer-Webber
    @cwebber I have seen symmetric ciphers with random, ephemeral keys used for producing pseudorandomness for wiping drives (and have done so myself)...perhaps this is just a lazy/familiar way of doing the same thing from the perspective of whoever authored that? openssl is often used instead.

    dd with /dev/urandom is most often avoided not because it's a bad idea, but because it's relatively slow compared to e.g. using openssl for the aforementioned purpose.
    In conversation Tuesday, 17-Apr-2018 21:29:57 EDT from social.mikegerwitz.com permalink
  16. Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Monday, 16-Apr-2018 21:48:04 EDT Mike Gerwitz Mike Gerwitz
    #Facebook on why they track users across the web:

    https://newsroom.fb.com/news/2018/04/data-off-facebook/

    Translation: "Everyone else does it too, so it's okay."

    And trying to lead the user to believe that they really do need all of this stuff. Do they "need" it to provide those services? Perhaps. Do they "need" to provide these services to millions of people that don't want, have never asked for, or are completely unaware of them? I think not.
    In conversation Monday, 16-Apr-2018 21:48:04 EDT from social.mikegerwitz.com permalink

    Attachments

    1. Hard Questions: What Data Does Facebook Collect When I’m Not Using Facebook, and Why?
      By bdarwell from Facebook Newsroom
      Explaining more about the information we get from other websites and apps; how we use the data they send to us; and the controls you have.
  17. Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Monday, 16-Apr-2018 12:52:42 EDT Mike Gerwitz Mike Gerwitz
    • Daniel Taylor
    @randomdamage I agree. The nice thing about hardware switches is that almost anyone could open up their device and observe that there is a physical disconnect and rest assured that no software update or malware could ever change that---physical access to the device is needed.

    Of course, that wouldn't prevent hardware issues from wear or defects. Maybe the hardware switch becomes a bit floppy over time and slides without physical force, or wears inside and shorts.

    We'll need to only trust simple, clearly built switches that do nothing fancy or creative and are built out of quality materials.
    In conversation Monday, 16-Apr-2018 12:52:42 EDT from social.mikegerwitz.com permalink
  18. Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Sunday, 15-Apr-2018 21:40:25 EDT Mike Gerwitz Mike Gerwitz
    • Daniel Taylor
    @randomdamage This is why a hardware switch (like the Purism Librem 5) is ideal.

    It's possible to measure whether or not a phone is attempting a connection (emitting radio waves), so someone can determine whether the phone is lying to do if you put it in e.g. airplane mode. Manufacturers have incentive to have airplane mode do what it claims to do since there are FAA regulations that customers have to adhere to when on certain flights. Another option is to place your phone in a bag that acts as a Faraday cage; I have one (though I haven't used it in some time).

    This doesn't prevent malware, malicious OS's, or targeted attacks from modifying phone software, though. But for your average phone user concerned about privacy with a modest threat model, something like airplane mode may be good enough.

    If your threat model is higher, you probably know what more you should be doing.
    In conversation Sunday, 15-Apr-2018 21:40:25 EDT from social.mikegerwitz.com permalink
  • After
  • Before
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

Jonkman Microblog is a social network, courtesy of SOBAC Microcomputer Services. It runs on GNU social, version 1.2.0-beta5, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All Jonkman Microblog content and data are available under the Creative Commons Attribution 3.0 license.

Switch to desktop site layout.