Security
I recently received a notice from my kid’s after-school care provider that they had setup an online service to check on the bill and update personal information, etc. Well, that’s nice — I thought — so I hopped right on setup the account.
At first, some good signs. All the accounts were pre-setup with the registered email and a password was pre-set that was based on some information most people wouldn’t have. Not perfect, but better than most.
Troy Hunt: The “Cobra Effect” that is disabling paste on password fields:
There are many, many valid reasons why people would want to paste passwords in order to increase their security profile yet the perception of those blocking this practice is that it actually decreases security. Why? Interesting you should ask…
Meijer is first MCX member to break ranks, continuing to support Apple Pay:
When Re/code asked MCX for a comment, COO Scott Rankin said:
I think if they want to go forward and continue to accept Apple Pay, down the road at some point if they want to be a customer of MCX and roll out CurrentC and offer it to customers that’s great.
No, we don’t know what that means, either.

The certificate is invalid because either they or Akamai are experimenting with self-signed certs on the CDN. To fix it, open https://devimages.apple.com in Safari and choose to trust the certificate.
What gets me the most though? “Would you like to connect to the server anyway?” has one choice: “OK” — which then cancels instead.
This Wouldn’t Have Happened Under Steve (Except Yes, It Would).
US top cop decries encryption, demands backdoors:
"It is fully possible to permit law enforcement to do its job while still adequately protecting personal privacy,” Holder said
Well, maybe if you’d tried that first we wouldn’t be here, now would we?
ComputerCOP: the dubious “Internet Safety Software” given to US families | Ars Technica:
Furthermore, by providing a free keylogging program—software that operates without even the most basic security safeguards—law enforcement agencies are passing around what amounts to a spying tool that could easily be abused by people who want to snoop on spouses, roommates, or co-workers.EFF conducted a security review of ComputerCOP while also following the paper trail of public records to see how widely the software has spread. Based on ComputerCOP’s own marketing information, we identified approximately 245 agencies in more than 35 states, plus the US Marshals, that have used public funds (often the proceeds from property seized during criminal investigations) to purchase and distribute ComputerCOP. One sheriff’s department even bought a copy for every family in its county.
The Weird Way the Heartbleed Bug Made the Web More Secure | WIRED:
Over the weekend, the world wide web became a lot more secure. That’s because a San Francisco started called CloudFlare turned on a free service that will let its 2 million customers add SSL encryption to their websites.
U.S. Law Enforcement Seeks to Halt Apple-Google Encryption of Mobile Data - Bloomberg:
“This is a very bad idea,” said Cathy Lanier, chief of the Washington Metropolitan Police Department, in an interview. Smartphone communication is “going to be the preferred method of the pedophile and the criminal. We are going to lose a lot of investigative opportunities.”
You know they’re scared when they skip the terrorist line and go straight to bringing out the pedo language.
OpenBSD forks, prunes, fixes OpenSSL | ZDNet:
Theo de Raadt, founder and leader of the OpenBSD and OpenSSH, tells ZDNet that the project has already removed 90,000 lines of C code and 150,000 lines of content. de Raadt: “Some of that is indentation, because we are trying to make the code more comprehensible. 99.99% of the community does not care for VMS support, and 98% do not care for Windows support. They care for POSIX support, so that the Unix and Unix derivatives can run. They don’t care for FIPS. Code must be simple. Even after all those changes, the codebase is still API compatible. Our entire ports tree (8700 applications) continue to compile and work, after all these changes.”
A series of events unfolded recently that led me to reconsider a lot about my digital life. The short story — and there is a long one — is that my home was broken into and my computers were stolen. The thieves also managed to take some accessories and drives but, astonishingly, left my Time Machine drives for the two computers. While it’s bad, it could have been so much worse.