On March 28 Andres Freund discovered malicious code in the XZ Utils package that could have compromised the security of around half the servers on the internet. The attack was audacious in its scope, planning and timescale, leading many to speculate that it was conducted by a state agency. What’s really terrifying is that it was discovered by accident by a database developer. Security researchers failed to spot it.
Read More
Machine translation has come a long way since researchers figured out that it was better to translate phrases than individual words. It works best when there are many texts in the source and destination languages. So if you’re translating to and from languages that both have a small number of digitized texts, it’s likely that translation will use English as a middle step. In this case, the accuracy of the translation can be affected. And I wouldn’t trust even the best machine translation without some level of review. In my case, I use DeepL in conjunction with LanguageTool (see the links at the bottom of the page).
Read More
You’re probably familiar with the social media memes that try to elicit password reminders from you to access your accounts. For example, your Steinbeck character name is the make of the first car you drove and the name of your elementary school. It shouldn’t need to be said, but don’t reply to those memes. And the reason these memes exist is because your bank demands that you provide this kind of personally identifiable information for password recovery, so you can access its online services.
Read More
Today’s article is based on a presentation I gave at a security conference in the 2010s. It’s a bit longer than what I’d normally share, but I think it’s still relevant, possibly more so than when it was originally written.
Read More
Changing email provider is simple, right? Wrong. After the week I’ve had, I think there’s an argument that you should be able to transfer your email address to another provider, just like you can with a cell number. Of course, there are technical impediments to this. But I can foresee a future where your email address is unique to you and isn’t tied to the service provider’s domain at all. Or maybe we’ll all just use a DNA reader to log in.
Read More