Load and performance testing is just like many other types of testing (beta testing, functional, acceptance, regression, unit testing, integration testing) but like them it also has a specific goal. That goal is that a system or service can run when under a specific load. Unlike other types of testing this is not intended to uncover bugs but to ensure that the system continues to run when it encounters the expected number of users or amount of data.
Load testing is not the only type of testing of this type. There is also stress testing which verifies that the system continues to run when encountering unexpected workloads. Volume testing covers situations testing larger or expanding amounts of data. Performance testing is another related type of testing. Performance testing is perhaps less well defined but usually refers to expected amount of time that is expected for performing a specific act or acts. Stability testing would be that the given system or service can continue to function over a longer period of time. This type of testing might also be done in conjunction with load testing to verify that a system can perform over time with a specific amount of traffic. Unsurprisingly these terms are sometimes used interchangeably.
The number of tools available for load testing is not quite as many as the leaves on the trees but it is safe to say that there are quite a few different tools which can help automate this process. Even the goal of load testing can be split up into testing a the GUI, perhaps web applications, or testing the services and hardware behind the GUI. I am going to be focusing on the backend which is to say the servers and services.
These tools do not cover the entire market for this type of testing but they are both fairly well represented and have been around for a long enough time that there is both a fair amount of other support information available on the internet and the concern that any of these tools will fade away seems unlikely.
Over the next few articles I will be covering to a greater or lessor amount the following testing tools.
After moving to a
new apartment I needed to get some hardware in order to hang a few
pictures in the livingroom. A quick trip to the hardware store should
allow me to make my apartment a home. While walking through the
store I was surprised to see smart sockets wedged in between fans and
light bulbs. Not only smart sockets but also a small selection other
smart components such as light bulbs and light switches.
When seeing that I
had to decide on a smart socket, smart light bulbs, or smart light
switches. I thought that perhaps the most flexible item that I could
use would be smart socket, no electrician required.
Smart sockets are
just a rather clever bit of hardware which includes a small relay for
switching on the power on and off. The real brains for the smart
solution is the phone app that controls the device.
I thought I would get a few more smart sockets and see how smart I could make my apartment.
The first device
tested was that first smart socket from the hardware store. The first
real step for all these smart sockets is install the corresponding
app from your app store – this app was in both the Google store and
the Apple store.
that came with the device instructed to install the app with the name
“REC Smart” by Ankuoo. The app requires that you create an
account and once the account is created you log into the app
everything works pretty much as you might expect.
Pairing a new device is just a matter of holding down the power button on the smart switch for at least five seconds and then it is in discover mode. You can see that by the blue led flashing on the device and then just follow the prompts to add the device Illustration 1.
This smart socket
and its supporting app really does provide a lot of basic
functionality. The app will keep a list of all the sockets that have
been registered. Initially the app will give each device a generic
name but it is also possible to assign a friendly names to each
that makes the smart sockets smart is the ability, with the addition
of software, to create schedules when it should be switched on or
off. One of the nice features is the countdown timer. The timer
offers six predefined times (5, 10, 15, 30, 60 and 120 minutes).
There is actually one little quirk for this particular feature. The
timer functionality assumes that the socket is already turned on.
timers make it is possible to schedule when the socket should turn on
or off. With software it is easier to make this a bit more flexible.
The rules can be setup for either individual days or to run at the
same time on multiple days.
Scheduling tasks is fairly orthogonal, it is possible to add schedules, remove schedules but more important they can be disabled and re-enabled at a later time.
The final bit of
functionality is called “anti-theft timer”. Much like the
schedule functionality you select a time range for a day or for days.
The app will turn the socket on and off at random intervals during
this time period.
Note: When you
enable the anti-theft timer a warning comes up that the other
functionality will be disabled while the anti-theft timer is running.
I used wireshark to
watch the traffic when adding a device to the app. The smart switch
does make a number of connections over the internet. Once this
connection has been defined it is possible to control the device
using the data connection from a cell phone.
between the device seems to be UDP messages. However, despite the
information available on how to control such a device on the internet
I was unable to control the socket myself. The information that I
did find implied that the packets were unencrypted and it was
possible to resend packets to control the device. My experience did
not match that of the other users from the internet. It is possible
that over the last few years that the manufacturer has modified
their devices to put security first and remove this avenue of
control. It is also a bit sad as I did not find any API that would
allow me to control this device from Linux.
next device I tested was the “S1 Series WiFi socket”. This
socket is marketed as also working with Alexa which is some
additional functionality that the Malmberg socket does not support. I
do not have an Alexa so my tests were focused on the basic
intelligence on the socket and the app that controls it. Like the
Malmberg device, it appears that most of the intelligence is not in
the device itself but is actually in the smart app that controls the
Just like the Malmberg socket, adding a device is actually quite easy. Press the power switch for 5 or more seconds until the led starts to flash. From that point follow the steps in the app to add a device. (Illustration 2)
The only complicated part about adding a new device is the wide breadth of types of devices that are supported by this app. This is a double edged sword for the technically less savy as you need to be aware of which type of device you are trying to join up.
ZigBee Low power digital radio
Bluetooth Short wavelength UHF radio waves
WiFi Standard wireless networking
like the Malmberg device, it is required that you create an account
with the manufacturer, Tuya, in order to use the app.
unsurprisingly the app has a fairly simple set of features, quite
similar to the previous app but Tuya seemed to give more attention to
the development of the app, it just felt more polished.
timer also has a much finer level of granularity. The timer can be
defined for how many hours and minutes before the device is switched
off but it can also be defined to switch on after a given amount of
is also possible to setup a schedule to turn devices on and off at
different times. I found it to be a bit odd that this device only
allowed you to define a day and time for switching the device either
on or off. This does obviously maximize flexibility but it
also creates a larger list to be searched when matching up the pairs
of on/off times as the number of entries increases.
S1 Series device is different from the other two devices reviewed as
it supports Alexa and that the Tuya corporation appears they have
made some libraries and documentation available. This should
allow people the ability to control their own devices.
did take a look at the documentation that was available but it is not
for the faint of heart. I was unable to create anything myself using
this but it is possible due to the number of projects on github.
Just search for project with Tuya in the name.
looking at the website of the Tuya corporation, it seems that they
might be licensing the design of their smart switch solution. This
is because their web site allows for the creation of your own app
with using your own branding.
The Sonoff S20 smart
socket is only one of many different Sonoff smart devices. The
company also sells smart sockets that also measure temperature,
monitor humidity as well as remote controlled light switches.
The S20 is
controlled by the eWeLink app to support setting up a timer for
creating a schedule for turning the device on and off.
The pairing of devices is as simple as starting the synchronization on the switch itself while adding a connection from the smartphone app. One of the things that make the Sonoff app different from the other two is that it does assume that there can be difficulties in the pairing process, illustration 3. Based on the realization that difficulties can occur, the app included a frequently asked questions section with a list of the most common problems, illustration 14. The list is both long and very helpful.
applications are generally friendly and are localized to the language
that has been selected on my smart phone. One difference in the
eWeLink app, used by the Sonoff, is that it explicitly supports 22
different languages. You can select the language on the app itself
which does allow you to select a language on the application that is
actually different than the underlying phone operating system.
the application language does work for all of the application menus
and status’s there is one tiny little inconsistency for the eWeLink
app. All of the text that is available under the frequently asked
questions remain in English and does not change despite what language
is selected for the application.
of these smart sockets are well built and the smart phone apps are
easy enough to use. Unfortunately all of these smart sockets are
produced by separate companies each with incompatible protocols which
prevents a single app from controlling them all. The solution is to
either purchase only from one manufacturer or modify these smart
sockets with some open source software.
Posted inprogramming|Comments Off on Hammers and Saws and IOT – oh my
It doesn’t seem
like all that long ago that I purchased an EDIMAX repeater to fill in
the gaps in my home wifi network. This solution did seem to work out
for me, which actually means me and my laptop, over time it did not
prove to be the best solution for the rest of the family. Everyone
else, actually uses other types of equipment such as smart phones,
tablets and ipad and they were uniformly less happy. During the
intervening months I had to turn the repeater off and on again as
well as to use the following rational to quell unrest.
It works for me. I am also using wifi so it must be fine.
I don’t want to imply that a ultimatum from my spouse is all that it takes to cause a revolution but the device stopped working for me as well so it needed to be replaced. The question is do I want or need to get a different solution.
connects your router to your power wires. It is then possible to
plug another device in to a socket in another room and use the
internet from there. There is a limit to the number of devices you
can use but the technology doesn’t always have the throughput that
is advertised. This might not be a fault of the technology but my
experience in old old apartment buildings.
This solution picks
up the existing wifi network and then transmits a boosted signal.
A bridge is used to
connect two separate network segments together.
I want the new
device to work longer than the previous one and I want it to make all
of the “hard to please” members of the family fully satisfied, so
I have splashed out and purchased a new Fritz!Repeater3000.
I didn’t purchase this device because I knew with certainty the best one on the market but rather because it looked pretty good, had good reviews and I already owned a Fritzbox 7590 router. It was an odd coincidence but the day I was shopping for a solution I met someone who works for TP Link at the store and he was trying to convince me to purchase their solution. Despite being fairly well convinced I went with the more boring solution of all devices from a single vendor. Who wants a couple of devices and a problem and the difficulty of proving where the problem actually lies.
The biggest decision
was how exactly should I configure my device. The Repeater3000
actually supported three different modes.
I just want to extend the network into the living-room so I set this up as a repeater. Before I could begin I did need to make sure that my firmware for the router was updated to 7.12. There were a couple of setup methods but I did take a rather less traditional approach (for me) and used the wps button on the router. The repeater and the router were joined without any fanfare.
Once the repeater was setup it worked just fine. The specifications are also pretty impressive.
Maximum WiFi performance thanks to the intelligent use of three radio units (2 x 5 GHz and 1 x 2.4 GHz)
Wireless AC with up to 1,733 Mbit/s in the first 5-GHz band
Wireless AC with up to 866 Mbit/s in the second 5-GHz band
Wireless N with up to 400 Mbit/s in the 2.4-GHz band
Connects to a router/FRITZ!Box via the dedicated 5-GHz band
Compatible with all wireless routers compliant with the 802.11 ac/n/g/b/a radio standards
Adopts the configured encryption of the wireless network (WPA2)
Wi-Fi Protected Setup (WPS) – easy and safe configuration of wireless network at the touch of a button
I cannot say if this solution will make everyone happy but over the last few weeks I have only happy family members who.
Every couple of
years, sometimes more often, some politician or law enforcement
officer brings up that encryption is preventing them from doing their
job. Just recently reported in Arstechnica was such an article about
the US Attorney General William Barr.
It is true that when messages or data is encrypted it is difficult to impossible to decrypt depending on how well the encryption was done. I do have to agree that as a law professional it must be frustrating to be thwarted by locked phones, encrypted messages, mail or documents. In the “good old days” you only needed to turn on the device to be able to browse through it looking for something incriminating. In retrospect that should probably be thought of the as the golden age of law enforcement starting with the creation of the personal computer and lasting up until about 2000. It is a subjective date but at the time the new kid on the block was the BlackBerry which was a cell phone with secure encryption. This was the first wake up call that information could be encrypted so that it could not be simply intercepted and examined. This allowed anti-government groups to both communicate in real time without the fear of that information getting out.
Over the years since then more and more security (ie encryption) technology has become main-stream. So simple in fact that you only need to know how to make a call or send a message and not be forced to use other intrusive methods to protect your message.
The argument of Mr. Barr and all of these other well meaning people is that if this information was not encrypted it would allow law enforcement the ability to prevent bad things from happening. This is both a very admirable goal but quite lofty as well. The number of emails sent per day is 269 billion while the number of text messages are 18 billion per day. I am not sure what the US infrastructure would need to be in order to process this bulk of information, but it would be substantial. It is not the few computers needed to sift through the data but what happens to the threats that are found. If the goal was to prevent crimes then coordination between a group of potential bank robbers in rural Nebraska should be reported to the nearest authorities.
To be honest, I
cannot see this level of access by the government being all that
helpful for local crimes. I would imagine that they would focus on
Federal crimes such as threats to the nation’s leaders or general
Terrorism. Unless the terrorists are pretty stupid, they would not
be telegraphing their movements.
We will all meet at the corner of 3rd street as planned on Tuesday 13 March at 5pm.
We are meeting on Tuesday at 5pm
The plan is on, meet next Tuesday at the spot we agreed.
These exact messages are not so much help unless you have the context. These messages could be for some sort of terrorist plot or it could be meeting for a bachelor party. The context may be found in a single email but more than likely it would need to be gathered through many mails with other methods (ie humans interacting with bad guys). The emails, despite the massive volume, may not provide enough information.
Improve access or
Allowing lawful access to encrypted information without prior approval or assistance of the party being surveilled would be really nice. The government has knowledge that you are purchasing very questionable materials and would like to take a peek into your communications to verify this. This request, if guarded by impartial people, on the ground of national security does seem reasonable. Nobody wants a bombing or a plane crash to occur if it can be prevented.
Yet there is always mission creep. If this ability to access emails were possible and the government decided that they would also use this power to tackle large scale fraud and corruption it would probably be viewed as good. It would not be long before some ambitious person decided that people cheating on their taxes would also be a good target for this as well. What about helping to prosecute spouses that do not pay their alimony or child support?
None of these are bad uses but what is the person who had this access was not impartial and had a chip on his or her shoulder. This would be a great way to do the same thing in a directed manner. Trying to dig up dirt on an ex-boyfriend. Getting hints on what your political opponent is doing and find ways to undermine them – part of the problem is that people are flawed.
access to the data is referred to as a back door. Basically, a
hidden way to monitor or access data in a given system. It seems to
be that it should really be referred to as the front door. To enable
this functionality, you are giving either a key for that particular
user or for all users of that particular system to the government.
Would you trust that some government official, policeman or other
political appointee had access to all your data? Would you trust
them to have the key to your house or apartment?
No encryption would provide effective access
Well, at least if this power would be given over it would be effective? It would be probably 98% effective or perhaps even more emails or social media accounts. The problem is the smartest “bad people” would be able to cover their tracks pretty effectively.
Private mode browsing to reduce browsing history
Using docker or virtual machines to reduce browsing history
Old fashioned couriers for transferring messages or materials
Dead drops for transmitting information in an unseen manner
Use messaging services that have not been compromised
The ability for law
enforcement to have access to the contents of a smart phone is not
useless but it is more useful for prosecuting people who have already
done bad things. Depending on the crime, the criminal is no longer
alive to have justice meted out to him.
Presumably, just having access to the SIM card in the smart phone would allow the investigators a trail of people or phones that they can follow. This information would (currently) provides a digital footprint to where the phone went.
What could it hurt to provide this “back door”?
People are basically honest and hard working so we have little to fear. Many people have access to other types of high security materials. Well, that may be the case but people are also basically lazy and have a tendency to do the least possible work to get the most possible income.
Not only that but
this provides a very juicy target for people with bad intentions.
Look at the problems that occurred due to incompetence, laziness or
It is truely difficult to ensure that personal data is kept secure even with no back door as these companies can attest to.
The benefit of
providing such a “secret back door” is questionable while the
damage would be immeasurable if this access made its way into the
wrong hands. This “leak” wouldn’t have to be sabotage or ill
will, it could be carelessness by someone who had legitimate access.
After all, if the NSA cannot manage to keep their secret tools and methods secret what are the odds that a group that is controlled by politicians will fare any better?
Posted insecurity, Soapbox|Comments Off on More like postcards than like letters
When the internet started, a long long time ago, things were a bit more trusting. This isn’t all that surprising as the internet actually started as ARPANET which was a research network created with funding from the US department of defense.
The network of networks experiment, that later became the internet, was in its infancy and the level of trust was actually relatively high. In the intervening years we still see from time to time references about some technology along with the inevitable quote that this bit of technology springs from a more trusting time.
One important example of this is the DNS service. This service is the address book of the internet and an important piece of infrastructure. Why isn’t that service more secure? Well that is because of the origins of the internet.
It was this level of trust that has caused more than one security problem over the last 40 or so years. I cannot find the actual researcher who first came up with the theoretical possibility of the man-in-the-middle attack.
It isn’t really that complicated to understand. In a man in the middle attack, someone secretly relays and possibly alters your communications with another party.
Over the years this process has become so simple that you can use this technique to view what your victim is viewing with just a 5 minute tutorial on youtube.
The problem was known fairly early on and nobody really wanted to other people to view what they were doing so came the introduction of HTTPS.
It is still possible to see where people are going but with this new level of encryption it is not possible to see what exactly is being communicated. It is necessary that the web site has a signed certificate to verify its authenticity. Thus is it possible to verify that you are communicating directly with the person or site that you think you are. This is a good solution unless somebody comes up with a way to circumvent this.
Anything that can be done can be worked around. If you install another certificate for the man in the middle it would allow that person or organization to decrypt the users HTTPS traffic, examine it and then encrypt it again with this certificate. This would completely undo the security of using HTTPS. If this were in place it would no longer be possible to trust a web page or email had not been altered or read.
Nobody in their right mind would volunteer to be part of such a technical solution. Would they?
Small time experiment
Such a solution would work if there were a “small” coordinated effort from the local ISP’s forwarding all traffic to a central point.
This situation is no longer a piece of fiction due to the actions of the Kazakhstan government. Just a few days ago, July 17 2019, came a change that required the local ISP’s to install the government certificate and the government has begun to intercept all HTTPS traffic.
It is undoubtedly an experiment that is being closely monitored by other governments around the world. It is not too far of a leap to governments or security apparatus petitioning their local politicians that such efforts are necessary due to terrorism concerns. It is unclear if such a change would cause an uproar but there have been a lot of other changes that have been done in the name of security.
Patriot act and domestic spying
Dept of Homeland security
Military Tibunals and Guantanamo bay
Millimeter wave full body scanners
Removing shoes and belts
Extra scanning of phones, tablet and laptops
Increased surveillance via CCTV
This is not an extensive list but even so some of these changes have even been analyzed and the results have not proven that these security results to be effective.
In 2016 a 86 year old defended herself WITH BACON! All i thought was i would have loved to be there just imagine in a supermarket in Altrincham, UK it was posted by the greater Manchester police Facebook page so it was in front of the shopping mall the older lady deposited a large amount of money before she went in. While she was shopping an unknown female grabbed her trolley and demanded the money. The woman took a pack of bacon and whacked the other lady over the head. The offender then retreated and made off from the supermarket. A lot of people liked the story also righting stuff like: One person wrote: “Sounds like a Hambush to me…” or the post i found the best was “Well done lady, that’ll teach her not to assume old people are easy targets. Hope you’re not too stressed about it”.
Also if i should wright about something just say it.
All of this information is from https://www.telegraph.co.uk/news/2016/07/20/86-year-old-woman-uses-bacon-to-fight-off-thief/
Posted inprogramming|Comments Off on 86 year old defends herself with bacon
CCTV means closed circuit television. At my mothers work her car was scratched hugely. So the next time I was at my mothers work I noticed that there were security cameras around the building. So yesterday my mothers friends bike was stolen so I asked “what is with the security cameras?” And it turns out they don´t record anything that happened. So why didn´t they stop it so it also turns out they don´t even watch it.
It was the exciting part of the movie when my son came into the living-room asking where the screwdriver was. The tool box is pretty organised so I hardly looked up from my movie. Yet a few minutes it really sunk in
I need to work on my cell phone, where is the screwdriver set”
I wandered into the kitchen to see what exactly he was up to. It was a shock to see that the back of his phone was off and most of the screws were already taken out – he is nothing if not industrious.
I don’t think I even raised my voice when I asked what in the heck he was doing. Just a quick bit of background. I am about the farthest thing from a certified technician of cell phones and neither is my 13 year old son.
Well, if you have an audio headset plugged into your phone and it falls the wrong way part of the audio jack will break off in the device. This has the negative problem with the music going to the output jack or in this case nowhere, but it has the other side effect of having all other music, noise, notifications and alarms going nowhere too.
After I caught my breath I thought about my boy’s approach. It actually didn’t sound all that different from what I might try but I thought I would take a quick peek on youtube. I needed to know how much is involved with the dissassembly of a smart phone.
Yup, between the many tiny flat cables and prying with various tools that I didn’t have it looked to be a nightmare.
Well, if youtube can scare your pants off then perhaps it can also give you some good ideas. I am slightly paraphrasing but the solution is to stick a stick with glue into the audio jack plugin.
This was the best sounding option of the various choices. The idea was to put a bit of glue inside the ink tube of a bic pen and push that hard into the audio plugin.
The instructions are easy it just requires you get the amount of super glue right. I didn’t think that I had the right amount so I stood the phone up so the glue would run down towards the stuck audio plug.
Just leave this in the phone until it dries. I waited until the next morning to ensure that it was either really attached (or really destroyed). Super glue doesn’t specifically create a strong bond with the metal but I suspect it was attaching itself to the plastic core.
Of course it worked. Not because I am a certified technician. If it didn’t work I probably wouldn’t be publishing this latest exploit – nobody wants to advertise personal failures.
Now the phone once again works, and my lego toy “Steve” has his own lightsaber.
However, everything else being equal I would not want to be building toy light saber’s in this way on my day off.
My Youtube solution
A bit more theory about the problem
Posted inDIY|Comments Off on Making lightsabers for lego characters
I have had a problem with my home computer for some time. It doesn’t quite boot right. That is to say, when you turn it on, it actually doesn’t start windows or anything. I have done some investigations and found out that when the computer is booting up it encounters a POST request of 36 and then it stops. The workaround for this problem was to turn it off, and then after about 10-15 seconds turn it back on.
Yet, as this has bothered me for some time and eventually I did do a bit of research. The answer that most people seemed to agree on was that the CMOS needed to be reset. I guess must have been living under a lucky star as with all of my computers I have never actually had this problem. I have seen the battery go bad, problems with hard disks, windows patches mess things up, but never had this exact problem.
Perhaps I should set the stage. My personal computer is fairly old as I have had it for six or seven years. It was assembled with some assistance from my friend out of the following main parts.
Gigabyte FX v4.0 eXtreme
blue ray dvd
The machine had Windows 7 installed but it also had a dual boot for Linux Mint. I didn’t want a hodgepodge of boot screens so I installed rEFInd as a unifying boot manager. One boot manager to allow me to easily and graphically decide which operating system.
Resetting the CMOS won’t really be removing any of the files or changing the flle system but I keep putting this off this “small fix”. That nagging little part of my brain that probably knows better but just last weekend I decided to cross that item off my list. The process took about 15 minutes if you include moving the computer, cleaning out the dust bunnies, and replacing one of my fans.
The computer booted into windows on the very first try – one problem down. This would have been good news except the boot manager should be the one getting booted. It only took me a minute to discover that my boot manager was now gone. That is to say, it was no longer considered to be a boot device by the motherboard. Just the drives and the windows boot manager were the only possibilities. It must have taken me 10 minutes to remember that last time I was fooling around with a linux tool to install rEFInd as an option to the listed among the boot devices.
$ sudo efibootmgr
Timeout: 4 seconds
Boot0001* Windows Boot Manager
Boot0003* Hard Drive
Boot0004* CD/DVD Drive
Boot0006* UEFI: Built-in EFI Shell
Google did help me to find that this tool was probably efibootmgr but what was the exact syntax. I booted up with a boot DVD and mounted the UEFI boot partition but I must have had a typo as it was showing me the old 8.3 files with two versions of rEFInd.
That didn’t seem right. I suspected that at that time I was fooling with a new version and simply failed to delete the old files. Reboot, mount the boot partition correctly and then take a closer look.
The file system is correctly mounted but I am not sure why I have both the 32 and 64 bit versions in my refind directory. Type first, think later. I take a look some other examples of how to add back my boot manager but now I have quite a few different combinations ahead of me.
Each time I try one of these options I have to reboot everything. If this doesn’t work then I need to delete that boot manager entry.
efibootmgr -Bb 0000
The only problem is that my entry is not 0000 but 0001. Copy, fix, run, reboot, copy, fix, run, reboot, ….
I imagine it was fate that had me delete entry 0000 not 0001. I am not happy that Linux wasn’t working but now I am less happy that the windows boot process has been deleted.
Can I possibly stay cool long enough to fix this? Maybe. I have gone through all the possibilities in my list but I have had no success.
I could have tried to install a newer version of Linux but that both feels like cheating but also may be delaying the problem another 30 minutes. I decided to go back to the source and take a look at the excellent page by Rod Smith. . I was actually a victim of Microsoft and their backslashes, well that and my apparent inability to delete the old unused configurations and files.
After using a few more slashes everything comes up roses.
Indeed this book does discuss all the technology that you could use in an attempt to become invisible as far as internet tracking is concerned. The book goes even further if you wanted to disappear. It explains all of the technological actions you need to keep in mind as well as how to achieve them.
Truly becoming invisible will be extremely difficult for most people due to the constant vigilance and separation between your “invisible profile” and physical life.
This is not to say that this book doesn’t offer some good reminders of best practice (ie never share your passwords) as well as other hints and technologies that you can use to enhance your privacy (ie proxies, metadata on cell phone pictures) Not only that I managed to learn one very specific obscure bit of US law.
First a bit of esoteric bit of US law.
Did you know you could be arrested for possession
of a short tail lobster?
The answer is yes, it is illegal to be in possession of a short-tailed lobster no matter how you received it. I am not worried that I will somehow end up acquiring such an “illegal” lobster but in this book, I did learn about one very scary bit of related US tech law.
Public Company and Accounting Reform and Investor Protection Act
more commonly called Sarbanes Oxley Act of 2002
Khairullozhon Matanov, a friend of the Boston bombers, was arrested because he cleared his browser history. I am not suggesting that any acts of terrorism or support of terrorism should be condoned but just like an episode of “Law and Order” it is a bit scary where some laws may be only marginally relevant are used in another context entirely to convict people.
What is most important to take away from this is that under US law it is possible to be convicted of clearing your browser history.
The best way to not be convicted of deleting your browser cache might be to start up your browser in private browsing mode. This way there is nothing in your cache that would need to be deleted.
This is a fascinating book that contains a lot of technical details but also talks a bit about the techniques used when others are trying to obtain your personal information. It is a good read and helps to remind to keep security and privacy in mind at all times.
Posted inSoapbox|Comments Off on The art of invisibility
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.