Links for Resilience #4

Security

An Operating System Bug Exposes 200 Million Critical Devices

This is a big one, and in an area where we’re unlikely to have good update processes.

This ties back to an important property of resilient software:

  • design for safe auto-updates

This is not a solved problem in all domains, but one we should continue to work towards solving. It’s especially important as we have more and more connected and Internet-of-Things (IOT) devices.

Related: Huge Survey of Firmware Finds No Security Gains in 15 Years


If you haven’t seen this post going deep on the Capital One / AWS Server-Side Request Forgery exploit, check it out. There are interesting parallels to the protections we can use for Cross-Site Request Forgery.

Of import here is how the author looks at root causes and examines how the platforms do (Google) or don’t (AWS) help fix this at scale.

Sustainability

“paper straws put the lie to the belief that we can consume our way out of the problems created by consumerism”

from The Case Against Paper Straws. Several good insights in this one. Discussions of sustainability continue to place the blame on consumer buying patterns, but effective changes will have to come at a systems and society levels.


Is using public cloud scalable for your organization? Will Larson has thoughts about how to assess the answer.


An important story about the person who is swimming through the Pacific garbage/plastic patch. May it inspire us to do better.


Interactive maps from Reveal showing how climate change may impact various national parks. Visualization tools are powerful for helping us see the problems more clearly.


E-scooters may not be as eco-friendly as we thought? Other options may still be better for the “last mile”.

Full Disclosure: I have a professional affiliation with the publisher of this article.

Society

Worlds of Ursula K. Le Guin, a beautiful documentary on the life of the legendary author, is now available on PBS. If you’re not familiar with her work, I highly recommend it. Ursula writes with both deep thought and deep beauty, and I’ve thoroughly enjoyed everything I have read so far.

A couple of the classic favorites are The Dispossessed and Wizard of Earthsea.

Also in the news: Ice, Ice, Baby: Ursula Le Guin's 'Left Hand Of Darkness'


Activism is ramping up around Palantir and Amazon supplying the technology of tyranny. Reporting from Vice.

Related transparency reporting:

Amazon Told Police It Has Partnered With 200 Law Enforcement Agencies

Revealed: This Is Palantir’s Top-Secret User Manual for Cops


Compare and contrast these stories on the future of meat:

This Is the Beginning of the End of the Beef Industry

The Vegetarians Who Turned Into Butchers

While they may seem incongruous, one thread running between them is that mass beef consumption and CAFO farming are not sustainable.


We live in an “oil-powered” era. As prices to extract and process oil increase beyond the value they provide, how will society change? Here is one person’s thoughts on the issue. What are yours?

Self

Scouting in the Netherlands has a meaningful upgrade to American snipe-hunting: “Dropping”. Did you grow up in a community with a resilience building tradition for youths? What was it?


No surprise: “loot boxes” are a pernicious form of user manipulation.

In similar news, Reveal says ‘If you have an addiction, you’re screwed’ – How Facebook and social casinos target the vulnerable

How are you opting out of these technological patterns and/or discouraging their misuse?


Summary

Read any interesting things lately? Leave a note in the comments or record a message on anchor.fm

Links for Resilience #3

Security

Capital One is one of the most advanced users of the cloud, from a scaling, automation, and security perspective. Still, they had a major security issue. This is a reminder of how hard this is to get correct at scale, and how the “insider threat” continues to be a challenge. What lessons can we learn from this?

(Update: more details here and here.)

Sustainability

Exploitation leads, with perfect logic, to exhaustion. And our ways of land use exploit both land and people.

This, and a lot of other great wisdom, is available in this conversation with Wendell Berry.

Self

for stress, you need to sleep an extra two-and-a-half hours to get the same benefit as just 20 minutes of walking.

Balance: What is the Goldilocks Day?


[Mindfulness,] in claiming to offer a multipurpose, multi-user remedy for all occasions, mindfulness oversimplifies the difficult business of understanding oneself. It fits oh-so-neatly into a culture of techno-fixes, easy answers and self-hacks, where we can all just tinker with the contents of our heads to solve problems, instead of probing why we’re so dissatisfied with our lives in the first place.

The Problem of Mindfulness

Summary

Read any interesting things lately? Leave a note in the comments or record a message on anchor.fm

I 'm a delegate at the Mennonite USA convention next week. AMA.

(AMA=Ask me anything)

Are you surprised I work in tech & cybersecurity and am a Mennonite? Are you surprised that Mennonites have a national convention? Do you wonder what the difference is between Mennonite and Amish? Do you wonder what this has at all to do with Resilience?

I’ll try to answer all questions that appear to be on topic and made in good faith.

Reply →

Loading more posts…