#1 - Complicating, generating... new newsletter
2022 is born and many of us are thinking about what we want to call in during the new year. After my 2021 scandalous list of unmet goals, this year I’m focusing on setting intentions, instead of resolutions. If you are reading this, you are taking part in one of the intentions for 2022: keep a curated logbook of interesting news, articles, blogs, podcasts, and other content with some random thoughts.
I will also share some music snippets. I think this Depeche Mode’s New Life is fair for a start.
Enjoy! And you think friends and colleagues can enjoy it as well, please spread the word!
Everything can be PII
Wired published a piece about how company data brokers and great data gatherers are lobbying to keep their activity unregulated in the US. They claim that they already “anonymize” the datasets to remove all kinds of information that can uniquely identify an individual (a name, a social security number, etc) before sharing it with their business partners. But, what is Personal Identifiable Information (PII) in the age of Big Data, with hundreds of different data facts about us? How easy is ‘reversing’ our identity from anonymized data? Do our Netflix selections or Tinder matches identify us uniquely enough to regulate the trading of these datasets?
LastPass master password database breached? Not so fast…
Last week a member of the HackerNews site asked others how could a bad actor compromise his Lastpass master password. Things got tricky when other members of the tech-savvy forum claimed they got similar warnings from the same source IP address. As a popular Password Manager, all alarms were raised and an explanation from the company came after: it was a Credential Stuffing attack. Some users claimed that’s not possible because their password for LastPass was unique. 24 hours later, another company speak person explained that they triggered some alerts by mistake and the accounts have not been compromised. It was a bug. But some security researchers don’t buy it and think a breach is plausible. It sounds like a conspiracy theory to me: hiding a breach like this would be devasting in terms of reputation and possibly a lawsuit for fraud in the courts.
Rich OSS, poor OSS
It came by surprise this text on the donate page of the popular GnuPG software:
Fortunately, and this is still not common with free software, we have now established a way of financing the development while keeping all our software free and freely available for everyone.
Wow, this is the wet dream of any OSS developer. GnuPG (aka GPG) is a very popular security software tool and it’s part of almost any secure email communication. If we compare the situation of the developers of Log4J, we can understand how lucky they are. As big as the Apache Foundation is, it seems funding from small organizations and individuals is still a pending issue. Maybe initiatives like Github Sponsors could help. It’s obvious that if the core members of the Foundation (developers) are not fairly paid then there is something wrong it needs to be fixed.
Apple will tackle the freedom to change your mobile operator
Apple loves walled gardens. They are experts in building the most beautiful and engaging ones. Everybody is happy in their slavery in their garden. Now that the rumors about a SIMless only iPhone are coming to true, they are going to put inside these walls the freedom of choice about what Telecommunications company to use. Some could say this is not new and it’s already happening, but it’s the definitive change in the balance of power between Telcos and mobile manufacturers. It’s Apple the one making the territorial pissings and not the Telcos. Telcos will have to pass a certification process to be included in the list of allowed eSIM carriers, and not the other way around, something it was the norm only a few years ago.