The Trials of Contact Tracing

The UK NHSX “contact tracing” app is being deployed today, in one small place, to test whether or not this approach might help get us out of lockdown. Unfortunately, the launch is beset with published argument one way and the other about whether or not this app is technically good, meets privacy expectations, or simply whether it will work.

Read More

A No Drama Action Plan for Covid 19

It’s all over the news, and this is Yet Another Hot Take. Don’t completely despair: I’m not going to tell you what the virus is, or cover why you should (or shouldn’t) be worried. What I am going to tell you is that your business should be prepared. Even if you have a decent business continuity plan in place, there are reasons to review it now.

Read More

Debugging generic errors: yarn could not resolve host registry.yarnpkg.com

I rarely blog about purely technical errors, but this specific message from yarn is something I’ve seen a number of people struggling with. I’m going to explain a bit more about why it comes about, and how I solved it in my situation. This will not work for everyone, but it may give you a hint.

Read More

The 'No Code' Delusion

Increasingly popular in the last couple of years, I think 2020 is going to be the year of “no code”: the movement that say you can write business logic and even entire applications without having the training of a software developer. I empathise with people doing this, and I think some of the “no code” tools are great. But I also thing it’s wrong at heart.

Read More

On Becoming a CTO in 2020

A good friend recently wrote to me to ask what it takes to become a CTO in this day and age. Unfortunately, he DM’d me over Twitter: try as I might, there was nothing of note I could squeeze into that format (usual adage of “if I’d had the time, it would have been briefer”). So, I wrote this largely for him, but I think it’s generally useful.

Read More

Making sense of information security certification

I regularly get asked by businesses - often start-ups - how to approach information security. This has become an increasingly frequent question for those looking for some kind of formal recognition, usually certification. Everyone knows that these will take time and cost money. At the end of the day, is it worth it?

Read More

Is SMS a secure second factor?

Jack Dorsey, famous for co-founding Twitter, is in the news currently as his Twitter account was hijacked. Most stories have been pains to point out that Twitter wasn’t directly attacked: instead, they went for his mobile phone. This raises the question: if you use your phone for authentication, how secure is it?

Read More

Libra: a usable digital currency?

The Libra Association de-cloaked today. With Facebook amongst the initial backers, this is being seen – fairly or not – as the Facebook cryptocurrency. The reputation of the system, and potentially the take-up, may end up being harmed by that alliance. However, I’m slightly more interested in another question: is it likely to be any good as a digital currency?

Read More

Carbon Neutral: thoughts on energy

For at least a couple of days, climate change has been back on the agenda with the protests happening in London by Extinction Rebellion. The coverage has fallen into the usual “adversarial” pattern: weighing the protestors’ points against the need for people to travel, or asking whether it is hypocritical that some protestors arrived by car / train / plane. Fundamentally, the point has been somewhat lost, but it makes me think anyway.

Read More

Encryption-at-rest under question: SSDs, hardware support and Bitlocker

Many of us deal with personal and sensitive data these days. Best practice in computing circles is to make use of “encryption at rest”: ensuring data remains secure by encrypting it on a device (whether it’s a laptop, mobile phone or USB key). Some researchers at Radboud University in the Netherlands have discovered that widely used data storage devices with self-encrypting drives don’t do the job very well. Worse, they weaken the security of the popular Bitlocker solution.

Read More

Page 1 of 20