July 24th, 2017
posted by [syndicated profile] xkcd_feed at 04:00am on 24/07/2017
July 23rd, 2017


Click here to go see the bonus panel!

Hovertext:
I guess I'd better not tell him about my collection of uncountably infinite rocks.

New comic!
Today's News:

Hey geeks! You can win a copy of Soonish in this Goodreads giveaway!

July 22nd, 2017
posted by [syndicated profile] krugman_feed at 04:56pm on 22/07/2017


Click here to go see the bonus panel!

Hovertext:
What I really want is a Star Wars Lego kit made of exactly two enormous pieces.

New comic!
Today's News:

Hey geeks! The submission round is now open for BAHFest Seattle (it's back!) and BAHFest SF. WOOP!

July 21st, 2017

Posted by Bruce Schneier

It's the second in two months. Video.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.



Click here to go see the bonus panel!

Hovertext:
I really don't understand why we load down rockets with centers of mass.

New comic!
Today's News:

PSSST

 

posted by [syndicated profile] bruce_schneier_feed at 11:23am on 21/07/2017

Posted by Bruce Schneier

The Segway has a mobile app. It is hackable:

While analyzing the communication between the app and the Segway scooter itself, Kilbride noticed that a user PIN number meant to protect the Bluetooth communication from unauthorized access wasn't being used for authentication at every level of the system. As a result, Kilbride could send arbitrary commands to the scooter without needing the user-chosen PIN.

He also discovered that the hoverboard's software update platform didn't have a mechanism in place to confirm that firmware updates sent to the device were really from Segway (often called an "integrity check"). This meant that in addition to sending the scooter commands, an attacker could easily trick the device into installing a malicious firmware update that could override its fundamental programming. In this way an attacker would be able to nullify built-in safety mechanisms that prevented the app from remote-controlling or shutting off the vehicle while someone was on it.

"The app allows you to do things like change LED colors, it allows you to remote-control the hoverboard and also apply firmware updates, which is the interesting part," Kilbride says. "Under the right circumstances, if somebody applies a malicious firmware update, any attacker who knows the right assembly language could then leverage this to basically do as they wish with the hoverboard."

posted by [syndicated profile] xkcd_feed at 04:00am on 21/07/2017
July 20th, 2017


Click here to go see the bonus panel!

Hovertext:
You must've been a HIDEOUS baby.

New comic!
Today's News:

Thanks, everyone. That was an incredibly successful kickstarter. We had some internal goals that were more than doubled. We are working now to deliver those books as fast as possible!

posted by [syndicated profile] bruce_schneier_feed at 02:12pm on 20/07/2017

Posted by Bruce Schneier

The press is reporting a $32M theft of the cryptocurrency Ethereum. Like all such thefts, they're not a result of a cryptographic failure in the currencies, but instead a software vulnerability in the software surrounding the currency -- in this case, digital wallets.

This is the second Ethereum hack this week. The first tricked people in sending their Ethereum to another address.

This is my concern about digital cash. The cryptography can be bulletproof, but the computer security will always be an issue.

July 19th, 2017
posted by [syndicated profile] bruce_schneier_feed at 03:35pm on 19/07/2017

Posted by Bruce Schneier

Slashdot asks if password masking -- replacing password characters with asterisks as you type them -- is on the way out. I don't know if that's true, but I would be happy to see it go. Shoulder surfing, the threat is defends against, is largely nonexistent. And it is becoming harder to type in passwords on small screens and annoying interfaces. The IoT will only exacerbate this problem, and when passwords are harder to type in, users choose weaker ones.



Click here to go see the bonus panel!

Hovertext:
I swear, I don't mean this comic to harbor any political perspective. I just thought it was funny.

New comic!
Today's News:

Thanks so much for your support, geeks. It means so much to us.



Click here to go see the bonus panel!

Hovertext:
When I said you should compromise, I didn't mean about the thing that matters to ME!

New comic!
Today's News:
posted by [syndicated profile] xkcd_feed at 04:00am on 19/07/2017
posted by [syndicated profile] savagelove_feed at 04:00am on 19/07/2017

Posted by Dan Savage

Man's roommate is in a femdom relationship by Dan Savage

I'm a 35-year-old straight woman, recently married, and everything is great. But I have been having problems reaching orgasm. When we first started dating, I had them all the time. It was only after we got engaged that it became an issue. He is not doing anything differently, and he works hard to give me oral pleasure, last longer, and include more foreplay. He's sexy and attractive and has a great working penis. I am very aroused when we have sex, but I just can't climax. It is weird because I used to very easily, and still can when I masturbate. I have never been so in love before and I have definitely never been with a man who is so good to me. Honestly, all of my previous boyfriends did not treat me that well, but I never had a problem having orgasms. My husband is willing to do whatever it takes, but it's been almost a year since I came during vaginal intercourse! Is this just a temporary problem that will fix itself?

My Orgasms Are Now Shy

"This is a temporary problem that will fix itself," said Dr. Meredith Chivers, an associate professor of psychology at Queen's University and a world-renowned sex researcher who has done—and is still doing—groundbreaking work on female sexuality, desire, and arousal.

"And here's why it will fix itself," said Dr. Chivers. "First, MOANS has enjoyed being orgasmic with her partner and previous partners. Second, even though she's had a hiatus in orgasms through vaginal intercourse, she is able to have orgasms when masturbating. Third, she describes no concerns with becoming sexually aroused physically and mentally. Fourth, MOANS has a great relationship, has good sexual communication, and is sexually attracted to her partner. Fifth, what she's experiencing is a completely normal and expected variation in sexual functioning that probably relates to stress."

The orgasms you're not having right now—orgasms during PIV sex with your husband—the lack of which is causing you stress? Most likely the result of stress, MOANS, so stressing out about the situation will only make the problem worse.

"I wonder if the background stress of a big life change—getting married is among the top 10 most stressful life events—might be distracting or anxiety-provoking," said Dr. Chivers. "Absolutely normal if it were."

Distracting, anxiety-provoking thoughts can also make it harder to come.

"Being able to have an orgasm is about giving yourself over to pleasure in the moment," said Dr. Chivers. "Research on brain activation during orgasm suggests that a key feature is deactivation in parts of the brain associated with emotion and cognitive control. So difficulties reaching orgasm can arise from distracting, anxiety-provoking thoughts that wiggle their way in when you're really aroused, maybe on the edge, but just can't seem to make it over. They interfere with that deactivation."

Dr. Chivers's advice will be familiar to anyone with a daughter under the age of 12: Let it go.

"Let go of working toward vaginal orgasm during sex," Dr. Chivers advised. "Take vaginal orgasm off the table for at least a month—you're allowed to do other things and come other ways, just not through vaginal-penile intercourse. Instead of working toward the goal of bringing back your vaginal orgasm, enjoy being with your sexy husband and experiment with other ways of sharing pleasure, and if the vaginal orgasms don't immediately come back, oh well. There are, fortunately, many roads to Rome. Enjoy!"

My advice? Buy some stress-busting pot edibles if you're lucky enough to live in a state that has legal weed, MOANS, or make your own if you live in a suck-ass state that doesn't. And tell your husband to stop trying so hard—if his efforts are making you feel guilty, that's going to be hugely counterproductive.

But last word goes to Dr. Chivers: "If your vaginal orgasms don't return, and you're unhappy about that, consider connecting with a sex therapist in your area. In the USA, AASECT, the (AASECT.org) is a great resource for finding a therapist or counselor.”

Follow Dr. Chivers on Twitter @DrMLChivers.


I'm a straight man who recently moved in with a rich, straight friend. He sent me an e-mail before I moved in letting me know he was in a femdom relationship. He was only telling me this, he said, because I might notice "small, subtle rituals meant to reinforce [their] D/s dynamic." If it bothered me, I shouldn't move in. Finding an affordable place in Central London is hard, so I told him I didn't mind. But I do. Their many "rituals" run the gamut from the subtle to the not-so-subtle: He can't sit on the furniture without her permission, which she grants with a little nod (subtle); when he buzzes her in, he has to wait by the door on his hands and knees and kiss her feet when she enters and keep at it until she tells him to stop (NOT SUBTLE!). She's normal with me—she doesn't attempt to order me around—but these "rituals" make me uncomfortable and I worry they're getting off from my witnessing them.

Rituals Often Observed Mortifying In Extreme

His apartment, his rules—or her rules, actually. If you don't want to witness the shit your rich and submissive friend with the great apartment warned you about before you moved in, ROOMIE, you'll have to move your ass out.


I know a teenager in a theater production who is receiving inappropriate advances from an older member of the cast. Her refusals are met with aggression and threats that he'll make a scene, ruining the show for everyone. I believe that fear is causing her to follow through with things she isn't interested in or comfortable with. What advice would you have on how she gets out of this situation? She's otherwise enjoying the theater experience.

Theatrical Harassment Really Enrages Adult Torontonian

The awesome band Whitehorse invited me to Toronto to celebrate their new album, Panther in the Dollhouse, which features songs inspired by sex-workers-rights activists and—blushing—the Savage Lovecast. (Luke and Melissa and the band rehearsed and played the Savage Lovecast theme live, which was magical.) Anyway, THREAT, I answered your question during the show and I kindasorta jumped down your throat. I thought you were a member of the theater company and an eyewitness—and passive bystander—to this harassment. ("You ask what this kid can do about this," I recall saying, "but the better question is why haven't you done something about it?")

But there was nothing in your question to indicate you were an eyewitness and a passive bystander, THREAT, which I didn't realize until rereading your question after the show. Sigh. I have more time to digest the questions that appear in the column or on the podcast, and my copy editor (peace be upon her) and the tech-savvy at-risk youth live to point out a detail I may have missed or gotten wrong, prompting me to rewrite or rerecord an answer. But I'm on my own at live shows—no copy editor, no TSARY, no net—upping the odds of a screwup. My apologies, THREAT.

But even if you're not an eyewitness, THREAT, there are still a few things you can do. First, keep listening to your friend. In addition to offering her your moral support, encourage her to speak to the director of the play and the artistic director of the theater. This fucking creep needs to be fired—and if the people running the show are made aware of the situation and don't act, they need to be held accountable. A detailed Facebook post brought to the attention of the local media should do the trick. Hopefully it won't come to that, THREAT, but let me know if it does. Because I'm happy to help make that Facebook post go viral. recommended


On the Lovecast, Amanda Marcotte on Game of Thrones: savagelovecast.com.

mail@savagelove.net

@fakedansavage

ITMFA.org

[ Comment on this story ]

[ Subscribe to the comments on this story ]

July 18th, 2017


Click here to go see the bonus panel!

Hovertext:
I am prepared to fight about this, Internet. Come at me.

New comic!
Today's News:

Last full day to support the latest launch. Thanks, geeks!

posted by [syndicated profile] bruce_schneier_feed at 11:38am on 18/07/2017

Posted by Bruce Schneier

Humble Bundle is selling a bunch of cybersecurity books very cheaply. You can get copies of Applied Cryptography, Secrets and Lies, and Cryptography Engineering -- and also Ross Anderson's Security Engineering, Adam Shostack's Threat Modeling, and many others.

This is the cheapest you'll ever see these books. And they're all DRM-free.

Posted by Leigh Honeywell

This post was co-authored by Valerie Aurora and Leigh Honeywell and cross-posted on both of our blogs.

We’re thrilled with the recent trend towards sexual harassment in the tech industry having actual consequences – for the perpetrator, not the target, for a change. We decided it was time to write a post explaining what we’ve been calling “the Al Capone Theory of Sexual Harassment.” (We can’t remember which of us came up with the name, Leigh or Valerie, so we’re taking joint credit for it.) We developed the Al Capone Theory over several years of researching and recording racism and sexism in computer security, open source software, venture capital, and other parts of the tech industry. To explain, we’ll need a brief historical detour – stick with us.

As you may already know, Al Capone was a famous Prohibition-era bootlegger who, among other things, ordered murders to expand his massively successful alcohol smuggling business. The U.S. government was having difficulty prosecuting him for either the murdering or the smuggling, so they instead convicted Capone for failing to pay taxes on the income from his illegal business. This technique is standard today – hence the importance of money-laundering for modern successful criminal enterprises – but at the time it was a novel approach.

al_capone_mural_cropped_480
A mural depicting Al Capone smoking a cigar in front of a bridge and a subway, used under CC-SA from Wikipedia

The U.S. government recognized a pattern in the Al Capone case: smuggling goods was a crime often paired with failing to pay taxes on the proceeds of the smuggling. We noticed a similar pattern in reports of sexual harassment and assault: often people who engage in sexually predatory behavior also faked expense reports, plagiarized writing, or stole credit for other people’s work. Just three examples: Mark Hurd, the former CEO of HP, was accused of sexual harassment by a contractor, but resigned for falsifying expense reports to cover up the contractor’s unnecessary presence on his business trips. Jacob Appelbaum, the former Tor evangelist, left the Tor Foundation after he was accused of both sexual misconduct and plagiarism. And Randy Komisar, a general partner at venture capital firm KPCB, gave a book of erotic poetry to another partner at the firm, and accepted a board seat (and the credit for a successful IPO) at RPX that would ordinarily have gone to her.

Initially, the connection eluded us: why would the same person who made unwanted sexual advances also fake expense reports, plagiarize, or take credit for other people’s work? We remembered that people who will admit to attempting or committing sexual assault also disproportionately commit other types of violence and that “criminal versatility” is a hallmark of sexual predators. And we noted that taking credit for others’ work is a highly gendered behavior.

Then we realized what the connection was: all of these behaviors are the actions of someone who feels entitled to other people’s property – regardless of whether it’s someone else’s ideas, work, money, or body. Another common factor was the desire to dominate and control other people. In venture capital, you see the same people accused of sexual harassment and assault also doing things like blacklisting founders for objecting to abuse and calling people nasty epithets on stage at conferences. This connection between dominance and sexual harassment also shows up as overt, personal racism (that’s one reason why we track both racism and sexism in venture capital).

So what is the Al Capone theory of sexual harassment? It’s simple: people who engage in sexual harassment or assault are also likely to steal, plagiarize, embezzle, engage in overt racism, or otherwise harm their business. (Of course, sexual harassment and assault harms a business – and even entire fields of endeavor – but in ways that are often discounted or ignored.) Ask around about the person who gets handsy with the receptionist, or makes sex jokes when they get drunk, and you’ll often find out that they also violated the company expense policy, or exaggerated on their résumé, or took credit for a colleague’s project. More than likely, they’ve engaged in sexual misconduct multiple times, and a little research (such as calling previous employers) will show this, as we saw in the case of former Uber and Google employee Amit Singhal.

Organizations that understand the Al Capone theory of sexual harassment have an advantage: they know that reports or rumors of sexual misconduct are a sign they need to investigate for other incidents of misconduct, sexual or otherwise. Sometimes sexual misconduct is hard to verify because a careful perpetrator will make sure there aren’t any additional witnesses or records beyond the target and the target’s memory (although with the increase in use of text messaging in the United States over the past decade, we are seeing more and more cases where victims have substantial written evidence). But one of the implications of the Al Capone theory is that even if an organization can’t prove allegations of sexual misconduct, the allegations themselves are sign to also urgently investigate a wide range of aspects of an employee’s conduct.

Some questions you might ask: Can you verify their previous employment and degrees listed on their résumé? Do their expense reports fall within normal guidelines and include original receipts? Does their previous employer refuse to comment on why they left? When they give references, are there odd patterns of omission? For example, a manager who doesn’t give a single reference from a person who reported to them can be a hint that they have mistreated people they had power over.

Another implication of the Al Capone theory is that organizations should put more energy into screening potential employees or business partners for allegations of sexual misconduct before entering into a business relationship with them, as recently advocated by LinkedIn cofounder and Greylock partner Reid Hoffman. This is where tapping into the existing whisper network of targets of sexual harassment is incredibly valuable. The more marginalized a person is, the more likely they are to be the target of this kind of behavior and to be connected with other people who have experienced this behavior. People of color, queer people, people with working class jobs, disabled people, people with less money, and women are all more likely to know who sends creepy text messages after a business meeting. Being a member of more than one of these groups makes people even more vulnerable to this kind of harassment – we don’t think it was a coincidence that many of the victims of sexual harassment who spoke out last month were women of color.

What about people whose well-intentioned actions are unfairly misinterpreted, or people who make a single mistake and immediately regret it? The Al Capone theory of sexual harassment protects these people, because when the organization investigates their overall behavior, they won’t find a pattern of sexual harassment, plagiarism, or theft. A broad-ranging investigation in this kind of case will find only minor mistakes in expense reports or an ambiguous job title in a resume, not a pervasive pattern of deliberate deception, theft, or abuse. To be perfectly clear, it is possible for someone to sexually harass someone without engaging in other types of misconduct. In the absence of clear evidence, we always recommend erring on the side of believing accusers who have less power or privilege than the people they are accusing, to counteract the common unconscious bias against believing those with less structural power and to take into account the enormous risk of retaliation against the accuser.

Some people ask whether the Al Capone theory of sexual harassment will subject men to unfair scrutiny. It’s true, the majority of sexual harassment is committed by men. However, people of all genders commit sexual harassment. We personally know of two women who have sexually touched other people without consent at tech-related events, and we personally took action to stop these women from abusing other people. At the same time, abuse more often occurs when the abuser has more power than the target – and that imbalance of power is often the result of systemic oppression such as racism, sexism, cissexism, or heterosexism. That’s at least one reason why a typical sexual harasser is more likely to be one or all of straight, white, cis, or male.

What does the Al Capone theory of sexual harassment mean if you are a venture capitalist or a limited partner in a venture fund? Your first priority should be to carefully vet potential business partners for a history of unethical behavior, whether it is sexual misconduct, lying about qualifications, plagiarism, or financial misdeeds. If you find any hint of sexual misconduct, take the allegations seriously and step up your investigation into related kinds of misconduct (plagiarism, lying on expense reports, embezzlement) as well as other incidents of sexual misconduct.

Because sexual harassers sometimes go to great lengths to hide their behavior, you almost certainly need to expand your professional network to include more people who are likely to be targets of sexual harassment by your colleagues – and gain their trust. If you aren’t already tapped into this crucial network, here are some things you can do to get more access:

These are all aspects of ally skills – concrete actions that people with more power and privilege can take to support people who have less.

Finally, we’ve seen a bunch of VCs pledging to donate the profits of their investments in funds run by accused sexual harassers to charities supporting women in tech. We will echo many other women entrepreneurs and say: don’t donate that money, invest it in women-led ventures – especially those led by women of color.


April

SunMonTueWedThuFriSat
        1
 
2
 
3
 
4
 
5
 
6
 
7
 
8
 
9
 
10
 
11
 
12
 
13 14
 
15
 
16
 
17
 
18
 
19
 
20
 
21
 
22
 
23
 
24
 
25
 
26
 
27
 
28
 
29
 
30