TechCrunch published an article that gives class-action lawyers suing 23andMe a mouthpiece to editorialize about password security practices, masquerading as a news article. The upshot of the ~article~ editorial is this:
I want to focus here on the third point: credential stuffing attack mitigations. I’ve worked quite a bit on analyzing large credential stuffing attacks and recommending mitigations for them. I also served as a technical escalation point for customers who had a wide variety of strongly held false beliefs about password security credential stuffing mitigation. In reading various social media responses the 23andMe case, I see all these false beliefs turning up again. Let’s have a look at some.
The first question we need to answer here is: what do you mean by rate limiting? Usually there are two main rate limits that people Continue reading
I read at least 41 books in 2020. Here are some highlights.
This is the category I’m using for my two overall favorites for the year, although it doesn’t quite fit. I love books like this that tell the stories of historic figures in unusual ways.
This is generally described as a “philosophical novel”, a description which is both accurate and suitably vague, as the novel is difficult to describe. Janna Levin is famous for a lot of things: she’s possibly the most influential living black hole physicist, an author of a number of well-known books, and a well-known science communicator. This was her first book (I think), and doesn’t seem to be particularly well-known despite being an amazing work.
It’s a fictionalized account of the lives of Kurt Gödel and Alan Turing. The writing is alernately strange and beautiful. I can’t recommend it highly enough.
I read this back to back with the previous book, and they will always be connected in my mind although they don’t intersect except for a few biographical years.
The book explores the Continue reading
I read at least 32 books in 2019. The high count is due primarily to burning through a bunch of mediocre thriller novels on road trips, but I also read a number of really good books in diverse categories. Here are some highlights:
I love wide-ranging intellectual histories, and this fits that description completely. While I am not a huge fan of existentialism as a philosophical movement, its history and personalities are fascinating, and this book does justice to all of it. I particularly enjoyed the chapters about Simone de Beauvoir, Iris Murdoch, and Maurice Merleau-Ponty.
I don’t read a lot of mysteries, but Sara Gran’s Claire DeWitt series is certainly one of my all-time favorites. Detective noir with a touch of magical realism. This is the latest; I recommend reading them in order. I hope there are more to come.
This memoir is out of print, but worth finding if you have any interest in Pacific Northwest history. Battling alcoholism during the Great Depression, the author Continue reading
Jean Hatzfeld’s Machete Season: the Killers in Rwanda Speak is a much different book than the Pol Pot history that I covered a couple of weeks ago. It’s harder to write about, because it’s just what the title describes: the killers in their own words, interspersed with short contextual explanations of the events surrounding the Rwandan genocide.
Hatzfeld – who has also written two books about the horrific Baltic wars of the 1990s – argues that many of what the mainstream media call genocides should be described as war crimes instead: brutal, unacceptable mass killings of defenseless humans that nonetheless take place in the the context of reducing a population’s ability to wage war. Genocide, he argues, is a term that should be reserved to describe an effort to completely exterminate a population and leave it incapable of ever recovering. In the Rwandan genocide, for example, the Hutu killers often preferred to murder women and children first, because it would leave the Tutsi population less capable of carrying on to the next generation.
Modern Rwanda has three main ethnic groups: the majority Hutu, the minority Tutsi, and a small population of Twa jungle-dwelling hunter-gatherers. At the time of Continue reading
I’ve decided to start a reading project on genocides and violent totalitarian dictators. Most education about these topics in the US is focused around Nazi Germany, or occasionally the Soviet Union under Stalin. While I’d like to come back to those events if I can endure the topic that long, I’m starting with non-Western events.
First up is Pol Pot and the Khmer Rouge, partly because I grew up in the 1980s around a lot of first or second-generation Cambodian and Vietnamese immigrants, but never knew much about the politics behind their flight from Southeast Asia. It’s a particularly strange case of different cultural, political, and historic influences converging in a disastrous way. The term “genocide” has been controversial with reference to the Khmer Rouge regime: while they systematically murdered or starved somewhere between 1.7 and 2.3 million people, for the most part the killings didn’t target a specific racial, ethnic, or religious group. While there were certainly elements of this – as I’ll discuss – Pol Pot’s regime was more about brutal slavery and vicious punishment of any deviance, regardless of the person.
Last winter I had to recertify CCIE. This time it felt like a negative, adversarial ordeal: reviewing and relearning a lot of stuff that I don’t use in order to justify the sunk costs of obtaining the certification. It’s also a zero-sum game: time spent on recertification is time not spent learning newer, more relevant things. I’ve seen a couple of blog posts (here and here) lately related to this issue. How could recertification be done better?
Outside my professional life, I’ve long been a search and rescue volunteer here in rural Colorado. As part of that, I maintain a Wilderness First Responder (WFR) certification. WFR is a certification for remote emergency medical care that starts as an 80-hour class. It’s required for most types of guiding and outdoor education careers.
Unlike with the CCIE, I always look forward to WFR recertification, even though it’s expensive and I have to take vacation time in order to do it. Why? It’s fun, cooperative, progressive, educational, and encouraging. It’s done as a 16-24 hour class that mixes classroom review, hands-on lab practice, and new material that’s been introduced or updated in the preceding years. This allows recertification candidates to interact Continue reading
monitor.virtual_mmu = "hardware"
monitor.virtual_exec = "hardware"
vhv.enable = "TRUE"
monitor_control.restrict_backdoor = "true"