Monday, December 23, 2019

Oh Good, A Secure IoT Standard At Long Bloody Last, Kind Of... Sort Of... Maybe...

I'll believe it when I see it. 
Don't count your horses just yet. ;-)

Meanwhile, read with hope in your heart:

The IoT wars are over, maybe? Amazon, Apple, Google give up on smart-home domination dreams, agree to develop common standards
The bad news: You may have to buy all new kit if you want things to work
By Kieren McCarthy in San Francisco 18 Dec 2019 at 19:41
After years of trying and failing to dominate the smart home market with their own standards, tech giants Amazon, Apple and Google have finally agreed to work on a set of common code that will allow smart home products, from thermostats to cameras to plugs to digital assistants, to work together seamlessly. 
The new “Connected Home over IP” approach will be developed through a new working group within smart home veteran organization the Zigbee Alliance, and the broad brush blueprint of the new standard is stark in its obviousness. It will be an IP-based protocol so it can connect directly to the internet rather than require a hub; it will be open-source and royalty-free and allow for end-to-end secure communication; and it will work with core standards like Bluetooth and Wi-Fi. 
The new standard should emerge in draft form in late 2020, meaning that 2021 will be the start of a new era in smart home tech, where Alexa talks to Nest and you can have a single app on your phone to talk to everything else....
But wait!
What about...?

Microsoft built its own custom Linux OS to secure IoT devices


FIDO Alliance looks to create standards for internet of things devices


Tuesday, October 15, 2019

Filler: What I'm Up To...


An explanation of what I've been up to. For visitors who've wished I had been around lately, thank you.

I continue to keep up with Mac security news every day. Somehow, it's play time for my brain. But I've lost a sense that I have much to contribute to it here at Blogger. The blog sometimes had 1000 readers a day, but that hasn't been enough of an incentive for me. Doing the routine of collecting and repeating what's going on in the field isn't inspiring or useful. Instead, I've been posting around the net about ongoing Mac security situations when I see a need for comments. I'm a regular at both Ars Technica and The Register.

Recently, the majority of the Mac security gestalt I've been part of has gone professional. My oft-times collaborator Al Varnell and I continue to contribute to the group when something unique, obscure and important shows up. But generally, we wander and stray where we are needed. Most of the rest of the group is now in a semi-state of competition. That's a good thing as it is part of the maturing of the Mac security community. It means blogs like this one are less necessary and useful. There are now some excellent places to keep up with Mac security news and methods.

Locally, I'm still working with the computer/technology user group as it inevitably shrinks. I tend to present something each month about security. Lately, I've been presenting about block chain and cryptocurrency.

Meanwhile, the computer security business in general, both practical and journalistic, remains unprofessional, unscientific, unstandardized, haphazard, detrimentally lazy and ignorant. The more I chatter about this fact, the less inclined I am to bother. There is little ongoing change apart from the very beneficial proliferation of people involved with computer security and places to learn about and keep up with what's going on. There is still plenty of wrong information being proliferated, a standard ignorance of best security practices and standards. Software and hardware coding quality isn't improving. General cynicism regarding human comprehension of technology and coding increases, not decreases, over time. Scapegoating technology for the failings of we humans subsequently increases via the usual default human behaviors. Short-term thinking in pursuit of quick cash remains the norm, along with the inevitable long-term catastrophes. A simple example, IMHO, is continued blight that is the Android operating system, despite supposed efforts to bring its security under control.

I can also point at Apple's periodic lackadaisical attitude toward security. This has been a relatively horrible year for Mac and iOS device security with some outright stunning and occasionally irreparable harm done. Still, Apple gets accolades because their lethargy is far superior to the vast majority of the rest of the technology industry. 

The most extreme ongoing example of worthless garbage, absent of reliable security, is IOT: The Internet Of dangerous Things. Abominable. If I were to write a blog about IOT, it would consist of the same statement every day: DON'T. There is at last a working security standard for IOT. But whether it catches on, whether it actually helps, we'll have to wait and see. For now, IOT is GeeWhiz! techno garbage for the tech-ignorant consuming masses. Again, the lack of professionalism in computer security resounds. Or is this assumed incompetence actually or partially a method of extending hacker, business and governmental surveillance of the world's citizenry? Time will tell.

So, be careful out there. If something critical shows up in the Mac security community, if I have something insightful or professorial to offer, I'll still be around.