Staying Safe on the InternetFriday October 25, 2019
Just in time to catch the last few days of National Cybersecurity Awareness Month, my long-time colleague and friend John Bennett has written a helpful and inexpensive ebook about staying safe on the Internet for lay people. Its name is Safety Net, and it is available for the Kindle.
I was one of the reviewers and I think John did a great job of covering the essentials for Internet safety, and explaining how the bad guys think and work to steal your money and your personal information. I highly recommend it.
Disclaimer: John interviewed me for the book, so I may gain publicity for my consulting practice as a result of your purchase, and, he and I are discussing other information that we might publish together in the future. I do not receive any part of the money that you pay for the book, however.
Zoom FatigueThursday April 30, 2020
I read an interesting article on the downside of online communications of all sorts over on IFLScience. As someone who has worked from home three or more days a week since 1997, I know that what the author refers to as Zoom Fatigue is real, and not just limited to Zoom. The takeaway for me is that if you are doing a non-trivial amount of Zooming, your setup is worth spending some effort on. Proper camera angle, lighting, background (visual and aural), and sound quality are all key points that help reduce Zoom Fatigue. It is also important to pay attention to the performance of your Internet connection. If your image and voice, or the images and voices of those with whom you communicate, are constantly breaking up, that is not going to facilitate effective communications.
Video Teleconferencing TipsTuesday March 17, 2020
Here are some tips that can help your video teleconferencing experience be a pleasurable one.
Check it out ahead of time. Make sure your audio and video work, and so forth. If you wait till the last minute your experience may be suboptimal.
Let others in your household know that you are in a video meeting. It has happened in the past that people have had family members be surprised when they accidentally wandered onto camera.
Check out your lighting. Please don’t have all the light in your room be directly behind you. The meeting participants won’t see you, they’ll just see the halo :-) I myself have lights to each side that reflect off the walls (although, if you have walls that are painted green, the results may be below par :-)
Check your camera angle. A low camera angle often gives other participants a less-than-flattering view of your countenance. You might want to place your laptop or monitor on a pile of books or reams of printer paper to get the camera high enough for the ideal view.
Open the chat window. Most conferencing software has a chat facility. You can use it if there is an audio problem, or to ask questions.
Be conscious of background noise. People clearing dishes or using a leaf blower or a TV in an adjacent room can be distracting. If that happens, the meeting host may mute your microphone. You can use the chat window to ask to be unmuted. You can mute your own mike if you wish, using the on-screen controls. If you are hosting a large meeting it may be best if your start all the participants with their microphones muted, and let them unmute when they need to speak.
Experiment! I am a big fan of the “grid” view – it reminds me of the old Hollywood Squares program.
If you are going to share your screen, make sure you look it over carefully ahead of time. There might be something on there that you don’t want the other meeting participants to see.
Another tip for screen sharing. Some computers will pop up little message windows when you receive text or email messages, or when it is time for an appointment. You will want to turn those off. They are distracting at best and might be embarrassing to boot. On a Mac you can control them at Apple Menu > System Preferences > Notifications > Do Not Disturb . If you know how to do this on a Windows system, please leave a comment and I’ll add that to this item and give you credit.
A headset can make your voice easier for others to understand and vice versa. If you have a headset, give it a try and see how you like it.
Center your video window below your camera so that when you look at the other participants, it will appear to them that you are looking them in the eyes.
Real time media streams like live video and audio are sensitive to other traffic on your Internet connection, so it may help if other users abstain from using the net during your conference. This can be particularly true if you have a relatively low-bandwidth connection such as 3G wireless or DSL.
When you schedule new Zoom meetings, please make sure that the “Require Password” box is checked. There is an existing situation (called Zoom-bombing) where attackers are able to identify active public Zoom meetings (i.e. non-password-protected meetings) and join them uninvited, then deliberately disrupt the meetings in various ways, like playing loud music, shouting streams of invective and profanity, or displaying disturbing / pornographic images. This type of attack can be avoided if you use a password with the meeting.
Remember that if one uses a free Zoom account to host a meeting with three or more participants, the meeting will be limited in length to 40 minutes. At the 40 minute mark it shuts down abruptly and without warning. So it might be best if these meetings are planned to be 35-ish minutes long, and that the host set a timer to warn them when the end is near.
Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people via email or text message.
Unless your meeting requires screensharing by participants, change screensharing to “Host Only.”
Make sure that you and your meeting participants are using the updated version of remote access/meeting software. In January and March 2020, Zoom updated their software, adding security and privacy bug fixes and features that you will want to have.
As time goes by you will become accustomed to the software and you’ll appreciate the convenience of this technology.
Product Security Reviews – Where to StartSunday September 29, 2019
If your development team is reviewing your product for security vulnerabilities, start where everyone else’s products are vulnerable. In work funded by the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA), MITRE Corporation maintains the Common Weakness Enumeration (CWE), a formal list of software weakness types. It was created to:
Serve as a common language for describing software security weaknesses in architecture, design, or code.
Serve as a standard measuring stick for software security tools targeting these weaknesses.
Provide a common baseline standard for weakness identification, mitigation, and prevention efforts.
Each year, MITRE publishes the Top 25 Most Dangerous Software Errors, a compilation of the most frequent and critical errors that can lead to serious vulnerabilities in software. An attacker can often exploit these vulnerabilities to take control of an affected system, obtain sensitive information, or cause a denial-of-service condition. This year’s list is now available:
2019 CWE Top 25 Most Dangerous Software Errors
Lessons Learned Operating Uber's Payment SystemFriday July 19, 2019
Gergely Orosz wrote this article on the lessons he learned operating Uber’s payment system. I enjoy reading about other people’s experiences and perhaps you do as well. Some of the things that Gergely presents here resonate with my experiences running systems for Cengage Learning and InSpeed Networks, and performing reviews of the systems of my consulting clients. At least a few these lessons I learned operating nuclear power plants on submarines in the Navy. Yes, I still have the scars, both mental and physical.
Operating a Large, Distributed System in a Reliable Way: Practices I Learned
HTTP Security Headers and Security ScorecardsFriday July 19, 2019
If you wander around the exhibition floor of your favorite Information Security conference, you will certainly find companies that sell a security scorecard service for web applications and web sites in general. My first question to these folks is always “how do you score the sites?” In this handy article, Charlie Belmer explains the connection between HTTP Security Headers and Security Scorecard scores, and provides a convenient reference to HTTP Security Headers as well.
HTTP Security Headers – A Complete Guide
Sleep DeprivationMonday May 29, 2017
Sailors and other military personnel. Medical residents. Students. Truck drivers. Software developers. All are known to experience extended periods without sleep, required by their jobs or circumstances. Others can’t sleep even when they want or need to. But lack of sleep can have serious implications for the affected individual and for those around them, and often, the sleep-deprived person doesn’t even realize that they are performing at a sub-par level.
Growing Coffee in CaliforniaMonday May 29, 2017
Here’s a fascinating story about how avocado growers in California are looking to coffee as their next crop as their trees age and the climate changes.
Your Coffee Is From Where? California?