I was born too late and missed most of the fun, but still managed to catch the trailing end of fidonet in the late 2000s. Pretty much everything was over IP already, there wasn't a single proper dial-up node in my local network (which was pretty small already, around 20 nodes in its heyday), but for me this IP connection happened to be a pay-by-the-minute dialup ISP, so the offline nature of fidonet helped me stay glued to the computer and actively participate in dozens of communities with just a few expensive online minutes per day. Later in highschool (I even managed to find a teenage crush my age from another city in some echo! we exchanged pics with uuencode in netmail =D) I ran my own dialup node just for fun on an old PII with NT4 in a cardboard box under my bed. It survived multiple hardware and geographical moves and was running over IP up to about 2012-ish, and was finally nuked from the nodelist in 2018. I still have all the configs in the backups somewhere and the active NCs contact, so technically could get it back up if really wanted to. Too bad there's nobody there to speak to.
Addition: turned out, nowadays you can just run the "normal" FTN stack (binkd, husky, golded) in a docker container and access it with a browser. "It's not dead, it's just smells like it". https://kuehlbox.wtf/projects,fidian - no affiliation.
Just curious, what come first and second in this use of the phrase applied to computer security? I came to know the expression from fire circus performance and adjacent circles, where first and second are safety of the audience and the venue, and third is your own. I use it often when I'm about to knowingly do something sketchy or potentially dangerous without applying safety practices required "by the book", acknowledging the present danger to myself and accepting the risk. I never saw it used in infosec context.
Interesting, I haven't heard of safety third from circus circles, I've always known it as more along the liens of if safety were actually the number one priority, no one would actually do anything because it's too risky.
In terms of cybersecurity, I see it as "security first" culture means people rely on the system to keep them safe. "Safety third" (or security third) emphasizes that everyone should already know they are operating in a risky and dangerous environment and take security as a personal responsibility.
It's just a reminder that no one cares about your life more than you do, so stay vigilant and take personal responsibility.
edit just realized I didn't actually answer your question on the first and second priorities.
I suppose First would be the reason the system exists in the first place (buy something online, for example). Second would be the user experience of doing the thing. Security should help you take calculated risks rather than prevent you from taking any risks at all.
Nitpicking, IBM did non develop _the_ Apollo Guidance Computer (the one in the spacecraft with people), it was Raytheon. They did, however, developed the Launch Vehicle Digital Computer that controlled the Saturn rocket in Apollo missions. AGC had very innovative design, while LVDC was more conventional for that time.
Some pocket calculators from not too long ago supported this unit for some reason, along with radians and degrees. That's the third option on "DRG" button.
For a short while, I worked at one of Samsung subsidiaries on their TV firmware, mostly fixing Linux kernel bugs introduced by the product teams cannibalizing upstream features to serve their needs (including intentionally disabling reasonable kernel security measures that happened to be in their way). I've seen things, both technical and organizational, that led me to pledge never to give my money to that company, or have their devices connected to networks I care about. I don't trust any of it, if not due to evil intent, but just incompetence.
"Letting go" belongs in the same HR phrasebook. They didn't ask permission to quit and the company were so generous to let them, the initiative was from the other side.
I thought the modern lingo was "impacted". So and so was impacted. Ten thousand employees were impacted. It avoids let go, but detaches as much as possible from the personal crisis.
That reads differently to me. The company is doing the letting go. Like letting loose. Or letting fly. It's agency on the part of the company. Letting them see. All of these will have euphemistic overtones as no company will want to say that they axed 10,000 people.
He is a great source of knowledge on physical security for laymen and professionals alike, and leaves an impression of an extremely amicable and well-rounded human being.
Here in Finland mechanical locks with electronic keying are pretty common in some places. Some of them like iLOQ or Abloy eCLIQ are actually pretty clever: electrical bits of the lock are powered from mechanical action of inserting and turning the key, so you don't have to worry about batteries. In theory, they promise significant cost savings in scenarios like rental apartment buildings where tenants move in and out, need access to common areas, lose keys, etc, without compromising security or having to replace or recode locks - they just give you a generic key, click some buttons in the admin panel, and your key could be provisioned accordingly once you first enter the building and interact with one of the "smarter" locks that are externally powered and networked to the mothership.
In practice, in addition to the usual bugs you would expect from a software-based system managed and maintained by a plethora of organizations and contractors, they tend to become very annoying as parts wear out, so you have to fiddle with the key reinserting it repeatedly trying to find just the right angle so it will make a good contact to be recognized by the lock (for example the iLOQ system by my landlord communicates over a thin contact strip molded into the key opposite of the cutting and separated from the rest of the key with a thin layer of plastic).
Sounds about right for Abloy. They own Yale and their app-based alarm is subcontracted dogshit (by https://mobilepeople.dk) that didn't get updated for years on end, logs you out constantly, has less functionally than a 90s keypad model and even the hub thing sometimes just falls over and needs a power cycle, etc etc etc. Presumably they are entirely unable to handle any of it in house and are at the mercy of the contractor to fix anything.
reply