On Watering Holes, Trust, Defensible Systems and Data Science Community Security

I’ve been threatening to do a series on “data science community security” for a while and had cause to issue this inaugural post today. It all started with this: Hey #rstats folks: don't do this. Srsly. Don't do this. Pls. Will blog why. Just don't do this. https://t.co/qkem5ruEBi— boB Rudis (@hrbrmstr) February 23, 2017 Let… Continue reading

Clandestine DNS lookups with gdns

Google recently announced their DNS-over-HTTPS API, which “enhances privacy and security between a client and a recursive resolver, and complements DNSSEC to provide end-to-end authenticated DNS lookups”. The REST API they provided was pretty simple to wrap into a package and I tossed in some SPF functions that I had lying around to bulk it… Continue reading

Beware of sideloading f.lux for iOS from files obtained on sharing/torrent sites

Apple made the @justgetflux folks remove their iOS sideloaded app due to the use of private APIs (which are a violation of the Apple Developer agreement). The ZIP archive has been pulled from their site (and it really has, too). This “sideloading”—i.e. installing directly to your device after compiling it from source—was an interesting way… Continue reading

π, Awareness, DataVis, VAST 2013, Moar data! & GReader Machinations

Far too many interesting bits to spam on Twitter individually but each is worth getting the word out on: It’s π Day* Unless you’re living in a hole, you probably know that Google Reader is on a death march. I’m really liking self-hosting Tiny Tiny RSS so far, and will follow up with a standalone… Continue reading

Security Hobos

If you haven’t viewed/read Wendy Nather’s (@451Wendy) insightful Living Below The Security Poverty Line you really need to do that before continuing (we’ll still be here when you get back). Unfortunately, the catalyst for this post came from two recent, real-world events: my returned exposure to the apparent ever-increasing homeless issue in San Francisco (a… Continue reading