• Home
  • Now
  • RSS

HPSHELTON

Programming, Privacy, Politics, Photography

Jan 17, 2024

Uncertainty, as mantra →

“If you can’t understand, predict, and control, what is there to do?” muses system theorist Donella Meadows. Her answer: dance.

Jan 14, 2024

Strong Opinions Loosely Held Might be the Worst Idea in Tech →

The idea of strong opinions, loosely held is that you can make bombastic statements, and everyone should implicitly assume that you’ll happily change your mind in a heartbeat if new data suggests you are wrong. It is supposed to lead to a collegial, competitive environment in which ideas get a vigorous defense, the best of them survive, and no-one gets their feelings hurt in the process.

On a certain kind of team […] this can work well.

[…]

Unfortunately, that ideal is seldom achieved.

A great suggestion to make this culture work well is to temper your statement with a degree of uncertainty in order to make it safer to change your own mind and invite discussion.

Jan 13, 2024

Russian hackers were inside Ukraine telecoms giant for months →

The attack wiped "almost everything", including thousands of virtual servers and PCs, [Illia Vitiuk, head of the Security Service of Ukraine's (SBU) cybersecurity department] said, describing it as probably the first example of a destructive cyberattack that "completely destroyed the core of a telecoms operator."

Kyivstar and the SBU believe the Russian military intelligence cyberwarfare unit known as Sandworm lingered in Kyivstar’s network since May 2023.

Jan 11, 2024

Death by a thousand microservices →

There is no standard tooling for microservices-based development - there is no common framework. Working on distributed systems has gotten only marginally easier in 2020s. The Dockers and the Kuberneteses of the world did not magically take away the inherent complexity of a distributed setup.

Lots of good points in this “maybe you don’t need microservices” article, but this one in particular resonated with me. As we’ve migrated our stack to k8s, we’ve largely just containerized our snowflake microservices and their patterns.

Jan 10, 2024

The Ambiguous Zone →

Because [the] "right" thing is really hard to figure out. It requires understanding the business context, priorities, and time constraints. It requires understanding the needs, preferences, and behaviors of the users. And it requires understanding the existing implementation and the scope and impact of what is to be built. All of this must be hashed through to get it "right", and this "hashing through" process is what happens in the Ambiguous Zone.

Jan 9, 2024

Icelandic Has the Best Words for Technology →

When the University of Iceland got its first computer in 1964, Icelandic did not have a word for “computer.” So the guardians of the language invented one: tölva—a fusion of tala (number) and völva (prophetess) that adds up to the wonderfully poetic “prophetess of numbers.”

Delightful.

Jan 8, 2024

What Is ChatGPT Doing … and Why Does It Work? →

That ChatGPT can automatically generate something that reads even superficially like human-written text is remarkable, and unexpected. But how does it do it? And why does it work?

Best thing I read last year on how large language models actually work.

Jan 7, 2024

Biden admin’s cloud security problem: ‘It could take down the internet like a stack of dominos’ →

The Biden administration is embarking on the nation’s first comprehensive plan to regulate the security practices of cloud providers.

Jan 6, 2024

Automatic disruption of human-operated attacks through containment of compromised user accounts →

Identifying and containing [...] compromised user accounts, therefore, prevents attacks from progressing, even if attackers gain initial access. This is why, as announced today, we added user containment to the automatic attack disruption capability in Microsoft Defender for Endpoint, a unique and innovative defense mechanism that stops human-operated attacks in their tracks. User containment prevents a compromised user account from accessing endpoints and other resources in the network, limiting attackers’ ability to move laterally regardless of the account’s Active Directory state or privilege level. It is automatically triggered by high-fidelity signals indicating that a compromised user account is being used in an ongoing attack. With user containment, even compromised domain admin accounts cannot help attackers access other devices in the network.

Jan 5, 2024

C2PA's Butterfly Effect →

Unlike my typical blog entries, this blog is a very serious deep-dive into the C2PA provenance solution for photos, video, and other kinds of media. This solution is in the process of being adopted by hundreds of commercial organizations, from newsrooms and human rights observers to camera manufacturers and financial institutions. I explicitly cover multiple security-related issues in the C2PA specification that enable a wide range of fraudulent activities, from the small-time catphishers and online merchant scammers to nation-state propaganda efforts and large-scale financial fraud. Consumers and corporations need to be aware: C2PA does not provide reliable and validated information about a photo's origins.

Older →

← Newer

 

Links

  • RSS
  • GitHub
  • Liked Posts
  • LinkedIn

H. Parker Shelton

I'm just an ordinary thirty-something who's had some extraordinary opportunities. I graduated from Johns Hopkins University, work for Microsoft in Silicon Valley, code websites and applications, take the occasional photograph, and keep a constant eye on current events, politics, and technology. This blog is the best of what catches that eye.

 
  • © 2010 – Present, H. Parker Shelton (Except Where Noted)
  • Hosted by GitHub Pages
  • Design by Ian P. Hines