Is SMS a secure second factor?

Jack Dorsey, famous for co-founding Twitter, is in the news currently as his Twitter account was hijacked. Most stories have been pains to point out that Twitter wasn’t directly attacked: instead, they went for his mobile phone. This raises the question: if you use your phone for authentication, how secure is it?

Read More

Libra: a usable digital currency?

The Libra Association de-cloaked today. With Facebook amongst the initial backers, this is being seen – fairly or not – as the Facebook cryptocurrency. The reputation of the system, and potentially the take-up, may end up being harmed by that alliance. However, I’m slightly more interested in another question: is it likely to be any good as a digital currency?

Read More

Carbon Neutral: thoughts on energy

For at least a couple of days, climate change has been back on the agenda with the protests happening in London by Extinction Rebellion. The coverage has fallen into the usual “adversarial” pattern: weighing the protestors’ points against the need for people to travel, or asking whether it is hypocritical that some protestors arrived by car / train / plane. Fundamentally, the point has been somewhat lost, but it makes me think anyway.

Read More

Encryption-at-rest under question: SSDs, hardware support and Bitlocker

Many of us deal with personal and sensitive data these days. Best practice in computing circles is to make use of “encryption at rest”: ensuring data remains secure by encrypting it on a device (whether it’s a laptop, mobile phone or USB key). Some researchers at Radboud University in the Netherlands have discovered that widely used data storage devices with self-encrypting drives don’t do the job very well. Worse, they weaken the security of the popular Bitlocker solution.

Read More

UK High St in is cascade failure

For those who aren’t from the UK, the “High Street” is what we call the shopping parade in a typical town or city. It lies at the heart of the town, quite different to a mall, and is more of a European concept. “Cascade failure” is what we say when one part of a system causes another part of the system to fail, often like a set of dominoes falling. Putting two and two together: I believe that the UK High St is in such a failure mode right now, and that over the next five years we’re going to see some very rapid changes.

Read More

Simple software can cost lives

No doubt many people will have read the story about how an error in a piece of software has prevented a number of women being invited to a standard screening. The current estimate is that this could have led to as many as 270 lives being lost or curtailed, although it will be difficult to say for some time. As a ex-CTO in a healthcare business, this is the type of problem that used to keep me awake at nights – a small mistake leading to tragic results. How did this happen?

Read More

C[IT]O’s Guide to Serverless Costs

My estimable Twitter-pal Paul Johnson has put together a very reasonable thread about his thinking on serverless costs (ie. AWS Lambda, in this case). He makes a great case for the design of functions being done in such a way as to allow cost efficiency improvements, and I think the point on architecture is generally well-made. However, there are a few aspects of this which I think are generally not well understood, and Twitter is much too short a form to get them in. Hence this post.

Read More

Don’t ship the microservices

Steven Sinofsky of a16z (previously Microsoft) probably first coined the phrase, “Don’t ship the org chart”. I think there’s a new variant of this worth discussing: shipping the microservices. I’ve been reviewing a few products in depth recently for different reaasons, and once you see it, it actually becomes really obvious.

Read More

Trying AliCloud

There are few options in the cloud that are really worth investing time in. Amazon (AWS) is clearly important as the market leader, and Google Cloud (GCP) offers a variety of very interesting technology. Microsoft (Azure) has some remarkable technology, especially for Windows-oriented shops. After that, options are much smaller scale: there are big names like IBM (BlueMix) to much newer startups (such as Digital Ocean). None of them are very distinct. However, if we’re willing to take a slightly less western-centric approach, there is another: AliCloud.

Read More

Spectre attack: why is it unpatchable?

Everyone is now talking about the CPU security problems that are now being fully disclosed: they’re dubbed Meltdown and Spectre. Meltdown is a problem that mainly or entirely affects Intel CPUs, but Spectre is a problem that affects all designs.

I haven’t seen any “explain it like I’m 5” on the Spectre paper yet, so here’s my take. Sadly, it’s not 5-year-old level, but I’ve tried to make it a bit more accessible. If you want a lot more detail, the Google blog has code.

Read More

Page 1 of 19