My friend Paul Mason sent me an article in late April about how cyber attacks are putting student data at risk. I read the article with interest, but couldn't help rolling my eyes throughout, as I know that what was reported in this article is only a tiny hint at the real problems in cyber security for universities. This isn't just a problem in Scotland. It's a problem for most -- for all I know, maybe all -- universities.
Let me start off by saying that leading the article with the huge volume of spam email and the potential malware in that email was a complete non-story. Your personal email has more spam than real mail. If you have decent spam filters, you are saved from most of that. If not, gods help you. I wouldn't want to see the Inbox of an unfiltered account.
Last night I watched the second half of a documentary about Richard Feynman on TV. It was great. He was such a character as well as a brilliant man. He's become a icon for science geeks of all stripes. Obviously, I loved the show.
Today, I decided to close down some open tabs in my browser, deciding what to read now, what to send to Pocket, and what to just close because I'd never get around to it anyway. The last tab left to be closed had the title, My Mother, The Scientist. Of course, I had to read that one.
Imagine my surprise when I realized that it was a post about Joan Feynman, Richard's little sister. Did you know that Richard Feynman's little sister is an astrophysicist? I didn't. Why didn't I know that?
When some people see a trigger warning, they just walk the other way and avoid it. I'm the sort of person who sees a trigger warning and just walks right in to it. There are a more than a few images that I will turn my head away from, but in most cases, I'll watch the rest even though I know that the story itself is triggery because I want to know the story.
That being said, a friend posted a link on Facebook to this short movie embedded in a Buzzfeed blog post called "If 'Heterophobia' Were Real". She said it made her cry. I decided to watch it anyway. The movie is well worth the 20 minutes to watch and however many minutes after you may need to stop crying.
I've come to the conclusion that it must be. The way that the US and other governments prosecute computer related crimes makes no real sense. Look at the absurd level of pressure that was leveled against Aaron Swartz. Look at what happened to the founders of The Pirate Bay. Look at the punishment that Andrew ‘Weev’ Auernheimer just received. It's nuts. Completely nuts. There is no connection between the crimes and the punishments.
Weev is not a nice guy. He's an idiot and a jerk. He has been no Aaron Swartz, that's for darned sure, but he just got sentenced to 41 months in prison for doing something that didn't even break the security of AT&T. The Next Web describes his actions as being equivalent to pinging a server and having it tell you all its secrets. What Weev did was write a script that ran a program exactly as it was written to run. That's no more criminal than writing a web spider to find all the web pages on a single web server.
This past weekend I taught a workshop at Workshop Weekend on basic cybersecurity. I covered things like social media privacy settings, why you should use https for all your web-based email, banking, and other important communication and how to use encryption with your IM chats. I showed people why it's so important to change the default passwords on home internet routers. There was also a demonstration of what your traffic looks like when someone snags it out of the air with a tool like Wireshark.
The class was hugely popular, so I'm giving it again!
Next Thursday, April 14, 2013 (that's PI DAY!!!) from 10 - 11:30 AM at Tech Liminal.
The Eventbrite calls the class Web Security for All, but think of it is general security for your identity, your data and your devices. It's a bargain at $30!
Over the last few years the Washington State government has been decreasing the funding to services and the safety net for the state's most vulnerable populations. The rural poor, like my mother, are getting the worst of it. In the midst of cuts that directly hit the pockets of people who rely on Social Security, Food Stamps and Medicare, the quality of the food provided through the commodities program and other nutrition programs has deteriorated. In Whitman county, local growers and grocery store chains have stepped in to try to correct these wrongs, but they can't do it alone.
Tonight I'm teaching a class in which all the students will be able to log into my server, create a database, download Drupal 7, install the site, and then go and look at the apache logs to see what they've done. The class is aimed at newbies, and I could just give everyone an account with full sudoers privileges on my server and hope that no one does anything nasty, but I'm not so dumb as to think that a clever student won't get bored and start poking around at other things.
So, how am I going to do this and keep everything safe for my own websites, and those of my clients, that sit on that server? Essentially, I have built sandboxes for the students to play in.
First off, I created users for each of the students using a format that identifies them as students of this class. I'm not bothering with their names at all, actually. Just giving them usernames like "student1", "student2", etc.
Each account has a home directory at the usual place (eg /home/student1) plus two more directories underneath that: web and log.
Wendesday February 13 from 6:30 to 8:30pm at Tech Liminal in Oakland.
Learn how to make Drupal look nice and do what you want with third party contributed themes and modules. We will find, install and configure a theme and a module and then learn how to keep them updated using drush on the command line. We'll also learn how to bring content from different parts of the website together onto any page.
This is a lecture and demonstration class. Feel free to ask questions at any time.