Teaching and Preaching

Have you ever logged onto Facebook to find “Recommended Friends” that you didn’t expect to see? Maybe someone you briefly met on Tinder, or a co-worker you hate? I think many people are unaware that, by default, the Facebook app on mobile devices automatically imports your contact list, continuously (this includes, so far as I can tell, every piece of information about them that you have stored).

I started noticing this a long time ago, but I sense that there are many who just assume Facebook is omniscient and don’t give it another thought. There are many reasons you may not want to give up this power, and so far as I can tell, the only way to stop importing this information is to delete the Facebook app from your phone. If anyone is aware of a specific privacy setting one can use to disable this behavior, leave a comment on this post!

Recently, while looking at a JavaScript function intended to generate a cryptographically-secure random IV to be used in AES-GCM, I noticed something interesting which I immediately suspected was not unique to this project. Sure enough, Matt, my awesome colleague, sent me a link to a how-to article describing the process of generating random values in Node.js that included the exact same quirk.

Here is their example (with minor edits so as not to call out the author of that how-to post too explicitly):

I recently paid for something online using what I considered a secure online payments processor, and they asked that I provide a password to create an account to complete the transaction. You will understand in a second (if you don’t already) why I was so angry when, a few seconds later, I got this:

I couldn’t believe it. Please enter a shorter password.

Why does this make me mad? Because it means one of three things:

Checking out Hacker News for a refreshing end to my work day, I was instead greeted with the worst of all tech-related bad news: Heartbleed , an exploit in popular versions of OpenSSL allowing attackers anonymous (read: no way to figure out how widely it’s been exploited up to this point) access to 64kb of memory of an affected client or server .

How bad is it? Tor had this to offer in its blog post on the subject :

You might want to grab a cup of coffee #

My last article about the importance of getting started on your programming education is my most-read article on Medium so far. Like anything in my life, my writing is an experiment. When I see as many people getting excited about programming as I have because of this, it excites me too, and tells me I’ve hit a nerve.