iPad Productivity Report: 10/8/18 – The Brooks Review

Scraping websites: I’ve seen a bunch of actions for grabbing Instagram profiles/stories/posts/everything in Shortcuts and saving it all in high resolution. I’m sure there’s nothing nefarious going on with that, but that is something which seemed damned near impossible on iOS to most users for quite some time — at least without downloading a specific app for it.
— Read on brooksreview.net/2018/10/ipad-report-10818/

Interesting, this. I’ve been unimpressed so far by Shortcuts (as a non-Siri current Workflow user) but something like this is compelling. Where most other use cases encourage laziness versus solving actual problems, this might provide some value.

Also on:

The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies – Bloomberg

The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.
— Read on www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies

I like this quote from the TV show Elementary:

Are governments capable of evil? Yes. Of corse they are. All institutions are. But they are more capable of incompetence.

Apply a bit of Occam’s Razor as well and the puzzle gets a bit less scary.

Again, the news is still forthcoming so I may well eat my words.

Also on:

Mastering the Art of Japanese Home Cooking on sale for $3 in Kindle edition / Boing Boing

Last year Carla and I took a day long Japanese cooking class in Tokyo. We learned how to make Japanese omelettes (tamagoyaki) and a basic soup stock (dashi). I can’t wait to go back and take another class. I love the book Mastering the Art of Japanese Home Cooking by Masaharu Morimoto, which has recipes for all the classic Japanese dishes. It’s available in the Kindle edition (with lots of color photos) right now for $3. I bought it because it is nice to use cookbooks on an iPad and be able to do word searches for things.
— Read on boingboing.net/2018/10/05/mastering-the-art-of-japanese.html

I picked up a copy. You should, too!

Also on:

TaoSecurity: Network Security Monitoring vs Supply Chain Backdoors

The limitations of this approach are worth noting. First, if the intruders never activated their backdoors, then there would be no evidence of communications with C2 servers. Hardware inspection would be the main way to deal with this problem. Second, the intruders may leverage popular Internet services for their C2. Historical examples include command and control via Twitter, domain fronting via Google or other Web sites, and other covert channels. Depending on the nature of the communication, it would be difficult, though not impossible, to deal with this situation, mainly through careful analysis. Third, traditional network-centric monitoring would be challenging if the intruders employed an out-of-band C2 channel, such as a cellular or radio network. This has been seen in the wild but does not appear to be the case in this incident. Technical countermeasures, whereby rooms are swept for unauthorized signals, would have to be employed. Fourth, it’s possible, albeit unlikely, that NSM sensors tasked with watching for suspicious and malicious activity are themselves hosted on compromised hardware, making their reporting also untrustworthy.

The remedy for the last instance is easier than that for the previous three. Proper architecture and deployment can radically improve the trust one can place in NSM sensors. First, the sensors should not be able to connect to arbitrary systems on the Internet. The most security conscious administrators apply patches and modifications using direct access to trusted local sources, and do not allow access for any reason other than data retrieval and system maintenance. In other words, no one browses Web sites or checks their email from NSM sensors! Second, this moratorium on arbitrary connections should be enforced by firewalls outside the NSM sensors, and any connection attempts that violate the firewall policy should generate a high-priority alert. It is again theoretically possible for an extremely advanced intruder to circumvent these controls, but this approach increases the likelihood of an adversary tripping a wire at some point, revealing his or her presence.

— Read on taosecurity.blogspot.com/2018/10/network-security-monitoring-vs-supply.html

An assessment of the Bloomberg hardware compromise report which provides insights I hinted at but are better articulated here.

I remain skeptical this happened. It seems cheaper and easier to introduce fear, uncertainty, and doubt (FUD) into the supply chain than to actually compromise it (beyond what the Chinese supply chain already does to skim money). Again, time will tell.

Also on:

Gloom (and doom) | Seth’s Blog

Doom is inevitable.

Gloom is optional.

Gloom has no positive effects on ameliorating doom.

Doom happens. Gloom is a choice.

— Read on seths.blog/2018/10/gloom-and-doom/

Yep.

Also on:

Hyperbole Much?

From “Introduction to OKRs”, www.oreilly.com/business/free/files/introduction-to-okrs.pdf:

OKR is an acronym, and like most acronyms, the words behind the letters are often forgotten. This is a deadly mistake.

How Objectives and Key Results are life-and-death is not covered on that page or the entire document.

O’Reilly editors, please note:

  • Acronyms as titles, even in short works, rarely drive readership
  • Overuse of the acronym in the text dilutes its meaning
  • Watch the dead space – nothing starts until page 6, four pages are blank, and another page has a two line sentence
  • Getting Started with OKRs is the title of the last chapter?
<li>This is a PDF, not a print pamphlet. Treat it as such.</li>As it is, <a href="https://medium.com/@cwodtke" target="_blank" rel="noopener">Christina Wodtke</a> provides some useful bits if you dig through the dry text. These aren't new. You've seen their like before and will again. Christina needed a narrative (she hinted at stories from her storied career) and a real editor to make this pop.

This piece is a free PDF. Maybe this is new to you. If so, dive in! If not, the only cost is that you could be reading something else. Taking a few minutes to review or reacquaint yourself is valuable, too.

Also on:

Privacy Badger Now Fights More Sneaky Google Tracking | Electronic Frontier Foundation

With its latest update, Privacy Badger now fights “link tracking” in a number of Google products.

Link tracking allows a company to follow you whenever you click on a link to leave its website. Earlier this year, EFF rolled out a Privacy Badger update targeting Facebook’s use of this practice. As it turns out, Google performs the same style of tracking, both in web search and, more concerning, in spaces for private conversation like Hangouts and comments on Google Docs. From now on, Privacy Badger will protect you from Google’s use of link tracking in all of these domains.

— Read on www.eff.org/deeplinks/2018/10/privacy-badger-now-fights-more-sneaky-google-tracking

Yikes!

More reason to move off of Google properties and when you have no choice but use them, protect yourself.

Also on:

Phone makers, pls: ditch new cameras & displays for ‘15-era kit. Give me great battery, headphone jack, touch auth, wireless charge, best global NFC payment experience, current gen wifi+BT, HW switched (1 on at a time) USB-C power/data port, & slim e-ink display full body case
Also on:

1 week ago I moved my revived iPod 6 gen to iOS 12 to test. Went OK, tho I’m undecided on the benefits. iPod isn’t faster. Shortcuts? A mild update of Workflow (no Siri, TYVM). All in all, an unremarkable upgrade for all the press, IMO. No rush to upgrade the rest of my iOS kit.
Also on:

Playing with Gutenberg

The WordPress folks decided a new post editing metaphor, one copied from many other services, is the future of WordPress. It’s called Gutenberg with no sense of irony or semblance of modesty.

I am playing with Gutenberg in case I might like it or find value in it.

At face value, there’s an audience for Gutenberg that is not me. It takes the pieces of Medium with which I disliked interacting and used them to replace the fine tuned control of my content in WordPress’ admittedly 90’s era editing interface.

My content is not toy blocks.

WordPress’ marketing on this move is markedly tone deaf. There is nothing from Matt & the team that actually explains what problem they endeavor to solve with the change.

The thing is, the current editing metaphor is easy to understand. It’s not sexy. It works. There is room for improvement, especially in removing formatting. For example, I have on particular iOS integration that makes quoting content look terrible. I have to manually edit the HTML to clear it out. Posting tight, clean HTML (and CSS and …) should be goal #1 assuming content is king.

Anyway, please stay tuned to what happens here. I am running the test for a spell.

Also on: