U.S. President Joe Biden has informed Americans that a potential cyberwar with Russia is likely. And we should be prepared for the consequences and havoc it can cause on such a society. It is common knowledge many of our industries, corporations, and infrastructure services, such as the electrical grid, are weak and can fall victim to large-scale attacks. Even Americans have weak defenses on our computers.  

“Given the administration’s stellar track record in predicting Russian moves in its attack on Ukraine, we should take this warning seriously,” wrote Richard Bennett, a writer, and analyst focusing on telecom and network. “Cyberwar is a business conducted by firms and individual actors with a rapidly changing arsenal of software-based tools.” 

The timing of the White House release was at best a coincidence, and at worst, curious since it came on the same day Apple experienced a massive outage in its online services. To be very clear, what I am about to write is hypothetical, and I am putting it in my “what if” buckets. 

An odd and somewhat crazy thought crossed my mind — what if the outage resulted from an attempt to compromise Apple’s crown jewel — its Keychain, end-to-end encryption, and the iMessage. Like many, I have had blind faith in Apple’s capabilities to protect my privacy and data. I am not alone, and many folks in the government and corporate America have faith in Apple’s capabilities. So this keychain could be a single point of information security failure that could impact a lot of folks across America. Forget America — with hundreds of millions of iPhones, a breach’s impact will likely have an impact globally. 

If the cyberwar starts to unfold, password management services such 1Password, could find themselves under extreme pressure. Yes, they all have pretty blue chip reputations, and impecable infrastucture. It is crazy to even suggest as much. However, read the headlines just from today — a ransomware group is rumored to have accessed Okta’s database, which provides trusted authentication services to about 15,000 companies. The same ransomware group has claimed that it stole source code from Microsoft. If this is even fractionally true, then basically every company is vulnerable. 

No matter how secure we might feel, at this point, our password defense is our biggest strength and our biggest weakness. 

PS: Bennett has some good advice: follow the news, check for patches, and update daily. Keep a local copy of your data, just in case you need to wipe your computer and restore it. That’s the best for now. 

March 22, 2022. San Francisco


The Pursuit of Productivity is a trap: “in a culture so focused on managing time, we have become subservient to it,” writes Lawrence Yeo. “By scheduling your day down to the last minute, you introduce an anxiety from managing your real-time progress to an imagined vision.”

The Joy of Physical Media: David Mitchell, a British comedian, points to the growing sales of physical media formats (including books) as a sign that digital (streaming) lacks a loving feeling. I am sadly in the “streaming is convenient” camp, though I tend to buy my music from Bandcamp to support the artists, not because I want a download taking up space on my hard drive.

We all still don’t understand Substack: Nathan Baschez, who was with Substack in its earliest days, explains why the newsletter platform differs from most other media startups. I kind of agree with Nathan.

Some thoughts on iPassword funding + How to do strong passwords

There has been so much angst about 1Password raising $200 million in new funding and many are expecting that the 14-year old company is going to be ruined by an influx of cash. It is understandable that their fans are worried — too much money corrupts. But why are reporters showing paranoia when instead they … Continue reading Some thoughts on iPassword funding + How to do strong passwords