Black Friday/Cyber Monday Alternatives

A number of campaigns have sprung up to combat the unsustainable and unhealthy practices of Black Friday and Cyber Monday. Events such as #OptOutside or #BuyNothingDay are becoming more common. Did you (or are you planning to) engage in an alternative activity? If so, which and why?

Reply →

Links for Resilience #5


I’ve mentioned before that multifcator authentication (MFA) is very powerful. Microsoft shares data that it can block 99% of attacks.

However, like Facebook before, Twitter has has used those secondary security factors as marketing tools. On advertising platforms (like Twitter, Google, and Facebook), advertising will always take top priority, so other factors like security may suffer.

In related news: advertising companies are also unlikely to support end-to-end encryption (as with Google), and thus your data and systems are vulnerable to government interventions & pressures.

Speaking of those pressures, Coercion-Resistant Design refers the idea of building things such that it’s harder for outside parties to force you to subvert the security of your system, whether due to “rubber hose-cryptanalysis”, nation-state impositions, extortion, or any other type of coercion. In the linked article, Elanor Saitta considers many angles on how to build in coercion-resistance.

In Continuous Compliance, Dave Farley talks about how teams might build in compliance verification into their CI/CD processes. As IT auditors frequently lag behind technology trends, this is one way to build in compliance requirements and demonstrate them in a way that is understandable.

The FBI’s warrantless searches have been declared illegal. This is good news, as searches need to be:

  • Based on cause

  • More targeted

  • Given strong oversight

As stated in the news article, though, this is not the end of the struggle to make this program safer.


More research and planning is needed, but it looks like adding a small amount of a certain type of seaweed to cattle feed will have a major impact on methane emisssions, and thus greenhouse gases.

The practically, morally, and financially responsible thing to do is to use your current phone for as long as possible. This is an important reminder when new devices come out. Similar for cars, continuing to service whatever you have is better for sustainability than the making of a new one, even if that new one is zero emissions once it gets on the road.

I was totally unaware of the role that horseshoe crabs play in our medical system. Hopefully we can find another way to meet these needs.


Over at Waging Nonviolence, they demonstrate how pundits and politicians fabricate narratives, by examining the news cycle of how antifascists got scapegoated as the “real danger”, instead of the fascists that they organize against.

No wonder we’re all so skeptical and cynical these days. Because we have a million good A/B-optimized reasons to be.

A quote from “let’s stop shaking people down for their email addresses”, where the folks at Basecamp once again bring some much-needed simplicity and intentionality to business.


Leading Above the Line is another great interview of Jim Dethmer.

A personal reflection on minimalism and loss: “what if minimalism is the best tribute to a memory or person?”

A short video from Aeon: on time-perception and aging. (Short version: it has to do with habits and novelty. So we should seek out new things and experiences if we want to slow the passing of time.)


Read any interesting things lately? Leave a note in the comments or record a message on

Books for Resilience


I’m at one of OWASP’s annual conferences, AppSecUSA.

Have questions about the OWASP, the conference, topics being discussed, or general application/product security?

Ask below!

View 3 comments →

Links for Resilience #4


An Operating System Bug Exposes 200 Million Critical Devices

This is a big one, and in an area where we’re unlikely to have good update processes.

This ties back to an important property of resilient software:

  • design for safe auto-updates

This is not a solved problem in all domains, but one we should continue to work towards solving. It’s especially important as we have more and more connected and Internet-of-Things (IOT) devices.

Related: Huge Survey of Firmware Finds No Security Gains in 15 Years

If you haven’t seen this post going deep on the Capital One / AWS Server-Side Request Forgery exploit, check it out. There are interesting parallels to the protections we can use for Cross-Site Request Forgery.

Of import here is how the author looks at root causes and examines how the platforms do (Google) or don’t (AWS) help fix this at scale.


“paper straws put the lie to the belief that we can consume our way out of the problems created by consumerism”

from The Case Against Paper Straws. Several good insights in this one. Discussions of sustainability continue to place the blame on consumer buying patterns, but effective changes will have to come at a systems and society levels.

Is using public cloud scalable for your organization? Will Larson has thoughts about how to assess the answer.

An important story about the person who is swimming through the Pacific garbage/plastic patch. May it inspire us to do better.

Interactive maps from Reveal showing how climate change may impact various national parks. Visualization tools are powerful for helping us see the problems more clearly.

E-scooters may not be as eco-friendly as we thought? Other options may still be better for the “last mile”.

Full Disclosure: I have a professional affiliation with the publisher of this article.


Worlds of Ursula K. Le Guin, a beautiful documentary on the life of the legendary author, is now available on PBS. If you’re not familiar with her work, I highly recommend it. Ursula writes with both deep thought and deep beauty, and I’ve thoroughly enjoyed everything I have read so far.

A couple of the classic favorites are The Dispossessed and Wizard of Earthsea.

Also in the news: Ice, Ice, Baby: Ursula Le Guin's 'Left Hand Of Darkness'

Activism is ramping up around Palantir and Amazon supplying the technology of tyranny. Reporting from Vice.

Related transparency reporting:

Amazon Told Police It Has Partnered With 200 Law Enforcement Agencies

Revealed: This Is Palantir’s Top-Secret User Manual for Cops

Compare and contrast these stories on the future of meat:

This Is the Beginning of the End of the Beef Industry

The Vegetarians Who Turned Into Butchers

While they may seem incongruous, one thread running between them is that mass beef consumption and CAFO farming are not sustainable.

We live in an “oil-powered” era. As prices to extract and process oil increase beyond the value they provide, how will society change? Here is one person’s thoughts on the issue. What are yours?


Scouting in the Netherlands has a meaningful upgrade to American snipe-hunting: “Dropping”. Did you grow up in a community with a resilience building tradition for youths? What was it?

No surprise: “loot boxes” are a pernicious form of user manipulation.

In similar news, Reveal says ‘If you have an addiction, you’re screwed’ – How Facebook and social casinos target the vulnerable

How are you opting out of these technological patterns and/or discouraging their misuse?


Read any interesting things lately? Leave a note in the comments or record a message on

Loading more posts…