SoylentNews is people
SoylentNews
I'm just informed enough about IT security to know that I really know very very little about it. That said, I probably know ten times as much as do 99% of people. I'm an expert in my field, and while I've been a jack of all trades on many fronts, today's threats to privacy and IT security require expert knowledge to combat.
I do not have time.
- For example, I hear that Microsoft added updates to Win7/8 that threaten my family's privacy...yet I have not yet gone and removed the offending updates. I moved myself to Ubuntu/xfce, but my son is still using Win8. I'll get to it eventually.
- For example, java script is a security risk, and I have No-Script, turn off 3rd party cookies, etc, but invariably I have to turn it off for some website (i.e. to pay my bill), and eventually, I stop turning it back to full security.
- I installed Cyanogenmod and Fdroid on my phone. And for the most part its great..and I have very few apps with permissive permissions settings....but my wife is still using an iphone and ipad, with all sorts of apps...with ridiculous permission leaks..and that is a struggle.
The long winded point I have is that it is now just too damn much work to do it all right. I'm tired after a 10 hour workday. I've obviously taken more steps than most, but it is still leaky as hell...
I need a company/organization that I can reasonably trust to manage my information security/property, to manage my computers, manage my vpns, e.g., to isolate my web browser windows over multiple vpns, ... all of it, and it can't be GOOGLE. My data is my property, as long as I can hold it, so it needs to be a company/organization that built in privacy obligations (like lawyers and doctors supposedly do).
-Signed: A Frustrated Tired Old Nerd (with children)
[Ed's Comment: Does such a company exist? Is it even possible to provide such a service? Or have we just identified a niche in the market for some enterprising person to fill?]
(Score: 5, Insightful) by Yog-Yogguth on Monday October 05 2015, @03:11PM
(By the time I'm done writing this it's most likely redundant many times over, sorry about that).
What can I actually say except that I share almost but not all the same problems and I'm also a frustrated and very tired old nerd. You have my total sympathy and empathy.
So this is all probably shit advice :D
Sacriledgeous as it may be you probably need to try less hard and narrow your focus. This is mightily difficult in my opinion. I find I need more “downtime” than ever for my brain, it needs time to churn, more time than I'll ever have. Don't exhaust yourself (I did), don't burn out (I did), don't blame yourself (…). Don't cry: laugh if you have to and it's okay to go a little bit insane as long as you realize you have. Don't destroy who you are to yourself.
Now more than ever before it's important to force yourself to take one step back on a regular basis. Let yourself catch up to where you/we are.
Get out and off the screen more if you can. Learn fishing or archery or gardening or knitting (or weaving, did you know it was originally exclusively a male job?) or whatever you fancy. If you can't get out much or at all then find perhaps a nice “serious” YouTube (or similar) channel (I like guns so there's plenty for me, I recommend the Hickok45 channel [youtube.com] (not everything goes on the front page so I link directly to the video list), there's also some great archery channels and this one [youtube.com] might be a good starting point (I like the guy and his cheap self-made bows, seems he's doing knives too now)) or tidbits of distractions like futilitycloset.org [futilitycloset.com] or games or crazy/alien japanese anime or anything you fancy that manages to let you disconnect and unwind.
Or maybe a good book will do it, maybe something soppy, maybe something hard. There are some interesting free books out there like Street-Fighting Mathematics [mit.edu] and (same author) The Art of Insight [mit.edu], I haven't read through them yet but they seem promising.
Let the systems that are beyond hopeless burn if they have to: don't waste your time beyond what you already have solutions to as far as they are concerned. The environment is evolving and evolution is nasty business.
No one is likely to actually be anything close to secure. With the systems that exist (a 100 billion —billion with a b— records daily by the end of this year in/through KARMA POLICE and BLACK HOLE —and these aren't even massively funded US programs but British!— is apparently too large a number to truly fit into our brains) any specific machine does not have to be compromised to compromise the individuals (everyone) they belong to.
Can you save the Tyrannosaurus Rex (or any cuddlier choice) from extinction? Of course not, it's long gone, so leave stuff like that to any would-be genius/mad scientist or imaginary future time-travellers.
I don't want this or the following to be interpreted as not doing whatever each on his or her own feel is reasonable, or like giving up (because you're not, you're just in the process of adjusting to a sustainable level which might be a lot lower), or not learning anything new ever again, or not doing anything any more.
But by now a lot depends on luck anyway.
At the turn of the century I still used Windows both at work and at home (I really liked nt4.0 and then w2k and also Cisco), not long after I felt the same way as now: overwhelmed and realizing I had no chance of any confidence in the Windows systems. So I switched to Linux and also looked a bit at BSDs back then. Maybe in the not so distant future it will become an option to switch to less complex systems, maybe it will become possible to switch to systems based on open hardware (neither will be enough but it should be better).
There are too many threats and most or nearly all of those who were supposed to help secure systems are breaking them. This is what it looks like when all trust is gone.
One can only get so much (or little) done. There's far too much for any individual or small group of individuals to handle, so much so that one only has to laugh. Available information on its own far surpasses my capability and it would make no discernible difference if I spent every second on it (which I of course like anybody else can not and will not do).
Just don't stop because you accept reality.
The silver lining is that one is aware that ones own (and all) systems are insecure. Not because one doesn't continue to try to the extent one can handle but because that extent is rapidly vanishing into what seems like insignificance compared to the capabilities, people, organizations, knowledge, funds, and experience stacked against everyone.
I try to avoid the worst. I don't own a smartphone. I don't use un-free systems.
I speak freely, it's not going to help not to, but I try (increasingly harder) not to tilt completely if I'm trying to explain it all from my point of view.
I'd like to get around to using Firejail [wordpress.com] but haven't so far despite the excellent documentation. I second guess myself far too much and too easily end up going in loops instead of just getting stuff done, I'm also way too easily distracted. The browser is the largest attack vector for most (including me) and for some uses I would like to have multiple versions locked down according to different rules, something which Firejail should manage to do quite well. Maybe even run Firejail in a Docker container (I'd like to try) and also figure out some way that I could allow different instances to save specific data in limited ways, but I haven't learnt/done it yet and to be honest a lot of the time my mind feels like mush (and I don't want to do anything too important when I'm like that) :3
(I will share my experiences once/if I get around to it).
And no: there is no such company or organization as you wish for and I strongly doubt there ever will be because anything such is by definition insecure since it centralizes your/our weakness. Everybody is just as human as you are. Not redcode.is [codered.is] (involving Bruce Schneier who despite being who he is is just as fallible as you and me and likely wrong about quite a few things), not snowdentreaty.org [snowdentreaty.org] (I haven't even allowed that site in my browser, who thought/why did they think it was a good idea to base it on fifteen or whatever sources of scripts, it's a potential injection nightmare, not https either as far as I know, maybe I've got the wrong link?), not anything. They might turn out to be interesting places though. However in the very big picture I think SpoylentNews is much more interesting both specifically as one is in an environment where many share the outlook/situation and all but also generally in deeper ways of free discussion and debate.
Let the future prove me wrong one way or the other :)
P.S. I have considered ditching the internet and maybe also computers but the truth is it wouldn't actually make any difference except for the worse unless and only perhaps if one goes fully native in some secluded wilderness (and even then Amazon tribes that have had no contact with the outside world end up in videos on the internet).
Bite harder Ouroboros, bite! tails.boum.org/ linux USB CD secure desktop IRC *crypt tor (not endorsements (XKeyScore))
(Score: 0) by Anonymous Coward on Monday October 05 2015, @03:51PM
You are one cool cat Yog-Yogguth, and we appear to think along very similar lines...thanks for the insights.
(Score: 2) by Yog-Yogguth on Monday October 05 2015, @05:26PM
Thanks :)
Bite harder Ouroboros, bite! tails.boum.org/ linux USB CD secure desktop IRC *crypt tor (not endorsements (XKeyScore))
(Score: 2) by janrinok on Monday October 05 2015, @05:49PM
(Score: 3, Interesting) by Gaaark on Tuesday October 06 2015, @01:02AM
I just installed firejail (on arch/antergos linux using yaourt).
Can any experts here tell me how to use an alias/or whatever, to make all programs i want (from the command line) use firejail:
as in typing 'firefox' will automatically enact "firejail firefox"?
Thanks for any help.
Install was easy: the hard part was figuring the command to use on arch/aur package, lol.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 2, Informative) by linuxunlimited on Tuesday October 06 2015, @12:27PM
I've been using it for some time. The easiest way is to create a bash script with the same name as the executable and put the script in the path before the real executable. For firefox I have the script as /usr/local/bin/firefox:
$ cat /usr/local/bin/firefox
#!/bin/bash
firejail /usr/bin/firefox
Every time you call firefox, the script will run and it will redirect you to the real firefox.
(Score: 2) by Gaaark on Tuesday October 06 2015, @03:06PM
Thanks, linuxunlimited. Works like a charm... now i just have to set it up for other things! :)
Wow... just wanted to hit CTRL+o to save this, lol.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---