Use the Defcon Wifi (new blog)

Many security professionals, especially on social media, have an unfortunate tendency towards what we might call performative security. It’s where people broadcast their security measures to show how aware they are, and they suggest others follow their lead. It’s the inverse of security theater where ineffective security is imposed on us by organizations. It’s often ineffective, inconvenient, or both.

And today’s bad advice is “Don't use the defcon wifi.”

The #Defcon and #Blackhat networks are some of the most monitored networks anywhere. No one's going to blow an 0-day by using it on either network. This assumes everything's up to date and fully patched, and that you join the official networks, which are listed on signage around the venues. It also assumes that all your apps are using TLS everywhere. In contrast, there is a never-ending parade of warnings about malware in telecom infrastructure. There are routinely reports of extra base stations around Las Vegas. (I’ve heard numbers on the order of an extra 50, of which I’d guess many are simply just-in-time capacity from authorized suppliers.) The lack of authentication of base stations is apparently a ...feature... that’s never going to be fixed.

Now, there’s another way to interpret this, which is to put your devices in airplane mode or a Faraday cage, and that’s not awful advice. Disconnect. Be present. Enjoy the events. Talk to the people around you. If you want to disconnect, a well-constructed Faraday cage is safer than airplane mode, which let bluetooth and wifi work.

When I was at Microsoft, some of my co-workers made a big deal of how they locked down their laptop, or bought a burner for Defcon. Me? I asked why our products weren’t safe enough to use in that environment, given that they’re certainly used in more dangerous places.

https://shostack.org/blog/use-the-defcon-wifi/

How #science shows that small act of #kindness benefit not only others but ourselves.

"Being kind to other people, doing nice things for others — those are the activities that tend to improve our well-being."

#psychology #PositiveVibes

https://www.vox.com/even-better/23670005/small-acts-kindness-matter-liking-gap

Instance admins are often targeted by the instances they block, with the admins of the toxic instances emailing them straw man arguments and sealioning questions meant to have them question their decisions and trick them into thinking they're being unfair.

As I'm often asked for advice with how .art deals with these shitheels, in the next toot I'm going to provide a simple guide that anyone can use the next time the disingenuous admin of Another Toxic Instance emails them.

Let me tell you the secret of the "Everything App".

It's real, it's not called X, and it's about 33 years old. It's called a Web Browser.

Despite a decade of walled gardens trying hard to ruin it, you can still do pretty much any task you need on the web.

You can even make websites into apps with Progressive Web Apps (two clicks on WordPress).

The everything app is old, and under siege daily. But it works, it's resilient, and it's magical.

#x #Twitter #webdev #tech #web