It seems increasingly unwise to allow an Intel-made CPU to talk to the outside world. But the NUC-style machines are almost exclusively Intel. What should we do for a new firewall?

You'll recall that I prefer firewalls to run Debian Stable, so that security updates are available promptly. While there …

Several people have asked me recently what hardware I would buy today for use as a home firewall.

About a year ago, we switched ISPs from RCN to Verizon. I had no particular issues with RCN except that their prices went up each year without providing better service. (It's true that RCN also fails to handle IPv6 natively, but Verizon shares that failure.) What's happened in that year …

One problem: we have built an immense network of supercomputers that is essentially a Commons. An abuse of this Commons that would be ridiculously unprofitable if it had to be carried out by humans -- say, an expected return of one one-hundredth cent per attempt -- is highly attractive to unscrupulous actors …

Definitions:

• A policy is an organization's stated objectives and methods for accomplishing a goal.

• Sustainable means a model of a system that easily fits into a person's head and can be used as an accurate prediction of how another person accomplished a goal.

So a sustainable software policy is a …

In farming, monoculture is the practice of raising a single crop over and over again. You can figure out exactly what fertilizers it needs, how much water, and predict your yield accurately, year after year.

Then, one year, a blight or a virus or a bacterium or a weevil comes …

Nobody likes you when you're 23 / And are still more amused by prank phone calls / What the hell is caller ID?

Blink-182, "What's My Age Again?", 1992

You probably already know that Caller ID is useful, and that it can be faked. If you want to know how it works …

Attackers change their behavior, so we have to change in response.

Way back in the olden days, someone with evil intent would ping your IP address to make sure it was up, run nmap to figure out which of four or five exploitable services were available, and then pound their …

Nintendo's 3DS pocket-sized game system includes "Streetpass", a method of sharing your high scores, Mii avatars and other game information with random strangers who also have 3DS systems. That includes the levels designed by Super Mario Maker, which are a few megabytes apiece.

The swap happens anonymously and automatically whenever …

People just don't take security seriously, because security is hard to understand and hard to implement and hard to maintain. We need a new way of "doing" security, and I've got an idea. Let's go back to the notion of skeuomorphism: we use pictorial representations of real-world objects to represent …

Information security (infosec) is very simple and very hard.

Infosec is simple: there are only three steps:

1. Figure out how you are giving information to people.
2. In each case, evaluate whether you want to do that.
3. Stop giving information to people who you don't want to have it.

Actual implementation …

In security nomenclature, "trusted system" or "trusted device" does not mean the ordinary usage. It does not mean "we think this system is trustworthy".

It means "we have no choice but to trust this system".

The two are not even remotely synonymous, and the difference has probably been literally fatal …

These are the basic strategies for securing what you care about. I will make certain assumptions: you are living in the early 21st century; you are living in a highly connected information state; you are not intent on committing crime, and therefore have no reason to spend an outsized portion …