infosec privacy productivity technology

Worth reading this week: Checklists, privacy and more oopses

Quote I’ve been pondering:

“Man is condemned to be free; because once thrown into the world, he is responsible for everything he does.” – Jean-Paul Sartre

b-17-bomber-pilot-checklistDo you ever get to the grocery store and forget all of items you came to get, or miss a step in something you’re doing, or do repetitive work and sometimes lose your place? The results are inconvenient, but not catastrophic. It’s a far different story when you’re test piloting a brand new state-of-the-art airplane or landing on the moon. The Simple Genius of Checklists, from B-17 to the Apollo Missions provides a brilliant articulation of the importance of checklists. If even surgeons (who are pretty smart) can use a checklist to help improve patient safety, why would anyone think them a waste of time?

Have you read the privacy policies behind your favourite websites like Facebook, Google and the like? Me neither. And you know what… we’d probably struggle to read them even if we tried. In We Read 150 Privacy Policies. They Were an Incomprehensible Disaster, Kevin Litman-Navarro from the New York Times provides some great visuals to help articulate the readability of the privacy policies from 150 major tech and media companies. Not surprisingly, the bulk of these privacy policies are a mess that only a PhD could understand. Welcome the a world in which everyone needs to CYA.

eurofinsOops for this week: Hacked forensic firm pays ransom after malware attack. As The Guardian and BBC report, “Britain’s largest private forensics provider [Eurofins] has paid a ransom to hackers after its IT systems were brought to a standstill by a cyber-attack.” Eurofin “carries out DNA testing, toxicology analysis, firearms testing and computer forensics for police forces across the UK.” It’s probably bad for business when a company who does work for the police gets hacked and held for ransom. On the other hand, if companies associated with law enforcement can get hacked, what chance do people like my mom have?

Enjoy the heatwave and have a great weekend!



infosec journalism privacy technology

Worth reading this week – Cyberstalking, Leaks, Pi, startups, Libra, Internet trends

Quote I’ve been pondering:

“A mind all logic is like a knife all blade. It makes the hand bleed that uses it.” – Rabindranath Tagore

And this one came into my inbox last minute and had to include it this week as well:

“I will have to remember ‘I am here today to cross the swamp, not to fight all the alligators.’”
— From The Art of Possibility by Rosamund and Benjamin Zander

He Cyberstalked Teen Girls for Years—Then They Fought Back – excellent reporting (as always) from Wired on the dangers of cyber stalking and the dangers that teens face in the never ending attempts by creeps to extort over nude selfies. Kids shouldn’t have to feel this way:

“Any type of security thing can happen,” she said. “They can hack anything.” Her shoulders slouched, and she directed her voice to the table where we were sitting. “I just never envisioned that, and it’s just … We shouldn’t have to live in a world where we don’t know if people are real or not.” She folded her arms around herself and bit her lip to stop herself from crying.

Parents need to be better informed about this and they need to equip their kids to be safe online.

Oops: Personal data of 2.7 million people leaked from Desjardins (more coverage). A rogue employee took the data with him/her. This is difficult to prevent. As an infosec pro, I know firsthand just how difficult it is to find a balance between security and business productivity. In many cases, companies err on the side of convenience and ease of access to data. Unfortunately, we continue to see the results of not locking down data sufficiently. That said, there is lots that can be done.

AttunityOops – part 2: TD Bank internal files found online in ‘keys-to-the-kingdom’ cloud data exposure (more from ZDNet) This one is simply shameful: “Attunity, a company that manages and safeguards data, left internal files exposed on the internet for clients including Ford and TD“. “Exposed data includes passwords and private keys for production systems, employee details, sales information.” “A company that manages and safeguards data”? Wow. It’s one thing for a non-security company to bungle access to their data, but it is quite another when a company who specializes in safeguarding data does it. I suspect Attunity sales / technical reps are fielding calls from their major clients today to discuss the status of their data and their contract renewals.

RPi-Logo-SCREENNew Raspberry Pi 4: I love these tiny computers (buy now!). My only problem is that I don’t have much time to tinker anymore. Probably a good thing or I’d have a whole army of them around the house. HackerNews doesn’t disappoint with a crowdsourced list of plenty of interesting (or not) things to do with a Pi.


Wanna do a start up? I’ve tinkered with starting my own business for years, but find it difficult to make the leap when I have been fortunate enough to have an interesting career working for other people. That said, I’ll always be a dreamer. My latest trigger article: Startup idea checklist. Such a good sanity check on building a business. And, some motivational reading as well: How I bootstrapped my side project into a $20k/mo lifestyle business (and my new indie business motivation website)

companyofoneSpeaking of startups, I stumbled across this book online: Company of One: Why Staying Small Is the Next Big Thing for Business by Paul Jarvis . It looks similar to The Million-Dollar, One-Person Business: Make Great Money. Work the Way You Like. Have the Life You Want by Elaine Pofeldt, which I loved. Tons of great tips and motivation on building a sustainable, profitable one person business. We are all experts at something and we’ve all got something to sell. I haven’t purchased Company of One yet, as my backlog of books to read is huge, but I suspect I’ll pick up a copy soon to motivate me while distracting me from actually doing the work of building my own side hustle.

I missed last week’s post, but had this queued to go out, so I’ll still keep this in this week’s post: The big news last week: Libra – a Facebook-led digital crypto-currency. Plenty of press on this one. The best quick summary I’ve read thus far is by the entertaining writers at The Hustle. Hard to say how well adoption will go – government oversight (boosted by financial industry lobbyists, no doubt) could yet hobble it. But, if they make it easy (embedded in existing systems like Facebook and the gang), secure and stable (the lack of a financial bubble a la bitcoin), then I suspect it’ll take off.

Key findings from the Internet Trends report (as reported in The Idea’s June 17 email):

Mary Meeker released her latest annual Internet Trends report at Recode’s Code Conference. Below are some of the findings most pertinent to the news media industry:

  • 15% of all retail sales are now though e-commerce. E-commerce is growing at 12.4%, and regular retail is growing at just 2%. (Ed note: look out for how publishers continue to capitalize on this growing industry through affiliate links.)
  • Digital ad spending grew 22% in 2018
  • Google and Facebook still dominate the digital ad market, but Amazon and Twitter are growing
  • 62% of all digital display ad buying is of programmatic ads, and that number is growing
  • Customer acquisition costs are increasing, sometimes exceeding customers’ lifetime values for digital subscription companies. Meeker suggests that free trials can be a cost effective way to alleviate that cost.
  • Time spent with digital media is still going up. Americans in 2018 spent 6.3 hours a day, 7% higher than the year before. More than 25% of U.S. adults are “almost constantly online.”

Note: the above stats were all taken from Atlantic Media’s The Idea June 17 email – I don’t want to claim any credit for the summary presented above! If you are interested in the media industry, I highly recommend subscribing to their mailing list.

I think that’s it for this week. For my Canuck readers, enjoy the long weekend!



journalism privacy technology

Worth reading this week – Cherynobyl, online shopping, Google as God?, online reading tools, music playlist portability

Quote I’ve been pondering this week:

“It is by logic that we prove, but by intuition that we discover.” ― Henri Poincaré, French mathematician, theoretical physicist, and engineer

I recently watched Cherynobyl (five part miniseries from HBO). I kept hearing buzz about the series and it did not disappoint. It was really well done and it definitely instilled a healthy respect for nuclear power and has made me want to read more about the discovery and development of nuclear power. There have been many nuclear accidents over the last century, but saying “oops” and ignoring them is an impossible response as the fallout from a nuclear event will stick around long after we are gone (can you say Fukushima). The SL-1 experimental US military reactor accident in 1961 clearly demonstrates the scary power and unforgivable reactions that nuclear power can deliver:

During the accident the core power level reached nearly 20 GW in just four milliseconds, precipitating the steam explosion.


The spray of water and steam knocked two operators onto the floor, killing one and severely injuring another. The No. 7 shield plug from the top of the reactor vessel impaled the third man through his groin and exited his shoulder, pinning him to the ceiling.

With great power comes great responsibility. There are quite a few books on the advent of nuclear power (Dark Sun and The Making of the Atomic Bomb are highly rated). I’d love some recommendations to help me winnow down my choices. I’d love your feedback on what’s worth reading!

We all know that online shopping allows retailers to manipulate us and extract as much money from us as possible. How Online Shopping Makes Suckers of Us All really brings it home to us, highlighting the many ways that we really don’t have a chance in today’s increasingly data-driven economy.

google-trackHere’s a great in-depth series on our lack of privacy online:

Key quote from this series:

For as long as you’ve been using Google, Google has been building a “citizen profile” on you.

Watch for subsequent parts in this series from Patrick Berlinquette at Medium in the near future.

Think about what that means… Google knows pretty much everything about your online behaviour. Some of it is innocuous: age, income, gender, parental status, relationship status. But it can quickly get creepy:

I remember being told when I was little that God knew everything we did, everywhere we went, everyone we talked to and everything we thought. God was all knowing. Sure seems to me like Google is becoming God-like and our cell phones are the primary conduit to that reality. In today’s hyper-connected world, even atheists can no longer avoid an all-knowing, all-seeing entity in our midst.

This week, I’m wrapping up with a question and a complaint:

Question: What media do you regularly read and how do you read it? For me, I read (and in some cases pay for) a bunch of stuff regularly: NYTimes, The Economist and The Athletic are at the top of my list. I use Feedly for tracking my RSS feeds. And I use Instapaper to save long reads for times that are more convenient. What do you do?

And my complaint: Why can’t we easily transfer music playlists from one music service to another? (yes, I know this is also phrased as a question!) I am on Google Play music but I’d really like to try out Apple’s Music service. But, I’ve built up a ton of playlists that won’t port over. Why the hell not? It’s just data! How hard can it be to build a migration tool for playlists? (this is my highest priority consumer feature request at the moment!)

Thanks for reading and enjoy the weekend!



privacy technology

Worth reading this week – fake WB, men’s mental health, abortion, WWDC, privacy

Quote I’ve been pondering this week:

“You will continue to suffer if you have an emotional reaction to everything that is said to you. True power is sitting back and observing things with logic. True power is restraint. If words control you that means everyone else can control you. Breathe and allow things to pass.” – (fake?) Warren Buffett

(I couldn’t actually attribute this to WB. I suspect it’s not from him, but, can’t say for sure. Regardless, I love the quote, so here it is.)

mh-mentalhealthMen’s Health is running a series on men’s mental health. Such an under-discussed topic, even in this era of self awareness and self care. Men don’t shouldn’t need permission to think and feel how they want, but, here goes anyways:


“It’s okay to not have your shit together. It’s okay to feel depressed. It’s okay to feel overwhelmed. It’s okay to be sad. It’s okay to be anxious. It’s okay to be scared. It’s okay to not have everything figured out, to feel a wave of uncertainty come crashing over you and not know which way is up, or when your next gulp of air will come. These are perfectly normal feelings that every man experiences. And it’s okay to talk about it.” (link)

I’ve been pretty vocal with a few close friends about my challenges over the years – I am lucky to have had friends I can go to when things get tough. Thanks friends – you know who you are. And for any of my friends who need someone to talk to, I’m here. Reach out. To me. Or someone else. But do it. Talk. It’s an important first step.

fetusI really don’t want to get into the abortion debate and I am not going to take a stance in this post, but this article really struck a chord with me in terms of articulating government policy priorities pertaining to abortion: “So, Sam Oosterhoff, you want to make abortion ‘unthinkable’? Here’s where to start” Sam Oosterhoff is clearly playing to his base (conservative Christians), but there are clearly much more pressing issues that he could be focusing on. Thanks Julie MacLellan of Burnaby Now for this great article.

Apple made the news this week (what else is new). Lots of cool new toys released at their annual WWDC. New Mac Pros, lots of OS upgrades (all new Mac Pro, iOS 13, iPad OS, watch OS 6, and a Pro Display XDR with optional stand.) The new tech does look really cool and I’m excited by the new iPad OS and watch OS improvements. watchAs much as I want to be a digital minimalist, it’s my Apple Watch that most keeps me tethered to my digital life and I just can’t bring myself to want to part with my silent wrist partner – my watch really has made me appreciate the benefits of cyborg-type tech. However, Apple is losing the plot a bit when they sell a monitor stand for $1,000! This clearly reminds us that Apple has always been and always will be a premium play, but it is still insane to see this kind of cost for… a. monitor. stand.

And what would my weekly update be without a mention of privacy: “A Brief History of How Your Privacy Was Stolen – Google and Facebook took our data — and made a ton of money from it. We must fight back”. Thanks to the NY Times for their ongoing privacy coverage in The Privacy Project. Awareness is key.

But more important is what we do once we are aware? There is no shortage of advice and best practices online for protecting our privacy. The only real way to stay private is to stay off the grid – but that isn’t realistic for most. So, in the absence of that, here are some tips (and this is by no means exhaustive – watch for future blog posts. I’ll put together something more exhaustive in the near future):

  • Mozilla’s Firefox browser has some awesome privacy features built in. Here is some advice straight from the dragon’s mouth: When it comes to privacy, default settings matter!
  • And, an interesting article from Fast Company offers some suggestions with this scary first person account of what info the ad industry has on us (hint: pretty much anything our phone does is theirs for the taking): I left the ad industry because our use of data tracking terrified me (make sure you read to the bottom to the suggestions under the section titled “HOW TO UNWIND THIS SURVEILLANCE ECONOMY”.

So put your involuntary spy device (phone) down for a bit, get outside in this beautiful weather and have a great weekend!



infosec privacy technology

Worth reading this week – privacy, playtime and emotions

Quote I’ve been pondering this week:

“Care about what other people think and you will always be their prisoner.” – Lao Tzu

I’m a huge security and privacy proponent. Stumbled across this great visual example of ways we all expect privacy in our everyday lives – and it highlights why our digital privacy should be no different:

And it helps that it’s an Apple ad. I’m a huge Apple fanboy. I’m a big Google user too though, so I’m really a fan of both. Especially when I see optimism in Google making strides towards better privacy protections as well. #GoPrivacy

My kids love our Springfree trampoline. Next time they say they are bored, I’m gonna go through these lists (one idea I hadn’t thought of: Make a laser course on the mat out of yarn and try not to touch it) :

Suck it up buttercup: Forget Your Feelings (summary: There’s no meaning attached to feelings)

And, a bit more privacy related goodness: Here are all of the ways that Google tracks you (I am doubtful this is ALL of the ways, but it sure looks like a good start). And here’s a great primer on removing your info from the web – mainly focused on mailing lists a la “do not call lists”.

And, I’m a bit bummed because I don’t think I’ll be able to attend my local Wordcamp Hamilton this weekend. I bought my ticket, but life sometimes gets in the way. (In this case, it’s my son’s birthday – and family comes first!)

Have a great weekend!