Philosophy Mondays: Human-AI Collaboration
Today's Philosophy Monday is an important interlude. I want to reveal that I have not been writing the posts in this series entirely by myself. Instead I have been working with Claude, not just for the graphic illustrations, but also for the text. My method has been to write a rough draft and then ask Claude for improvement suggestions. I will expand this collaboration to other intelligences going forward, including open source models such as Llama and DeepSeek. I will also explore other moda...
Intent-based Collaboration Environments
AI Native IDEs for Code, Engineering, Science
Web3/Crypto: Why Bother?
One thing that keeps surprising me is how quite a few people see absolutely nothing redeeming in web3 (née crypto). Maybe this is their genuine belief. Maybe it is a reaction to the extreme boosterism of some proponents who present web3 as bringing about a libertarian nirvana. From early on I have tried to provide a more rounded perspective, pointing to both the good and the bad that can come from it as in my talks at the Blockstack Summits. Today, however, I want to attempt to provide a coge...
Philosophy Mondays: Human-AI Collaboration
Today's Philosophy Monday is an important interlude. I want to reveal that I have not been writing the posts in this series entirely by myself. Instead I have been working with Claude, not just for the graphic illustrations, but also for the text. My method has been to write a rough draft and then ask Claude for improvement suggestions. I will expand this collaboration to other intelligences going forward, including open source models such as Llama and DeepSeek. I will also explore other moda...
Intent-based Collaboration Environments
AI Native IDEs for Code, Engineering, Science
Web3/Crypto: Why Bother?
One thing that keeps surprising me is how quite a few people see absolutely nothing redeeming in web3 (née crypto). Maybe this is their genuine belief. Maybe it is a reaction to the extreme boosterism of some proponents who present web3 as bringing about a libertarian nirvana. From early on I have tried to provide a more rounded perspective, pointing to both the good and the bad that can come from it as in my talks at the Blockstack Summits. Today, however, I want to attempt to provide a coge...
>400 subscribers
>400 subscribers
Share Dialog
Share Dialog
Securing your site or service has become ever more important as the number of attacks is rapidly on the rise. As I have written before on Continuations I am not a fan of overreaching security legislation as a response. If we don’t want to keep these efforts at bay it will help if we do a better job with security. Increasingly that means you are only as secure as some of your key vendors.
In particular hosted email and DNS have proven to be big holes. If you use hosted email make sure that it has two factor auth which cannot be overridden through social engineering. A lot of damage can be done with access to email as Cloudflare discovered a while back. This should really also be a requirement for your DNS provider. If your DNS can be repointed that opens up all sorts of crazy security holes including the potential for a massive man-in-the-middle attack. Or, as BitInstant found out recently, DNS control can be used to lock you out of your own systems if you don’t have IP based access.
So what should you do? Start by making a list of all the external systems that are security relevant and put hosted email and DNS at the top of the list. Make sure all of these external systems ideally use two factor auth. If not, make password resets and security questions for these systems as difficult as possible (and certainly never use factual answers such as your mother’s real maiden name).
Securing your site or service has become ever more important as the number of attacks is rapidly on the rise. As I have written before on Continuations I am not a fan of overreaching security legislation as a response. If we don’t want to keep these efforts at bay it will help if we do a better job with security. Increasingly that means you are only as secure as some of your key vendors.
In particular hosted email and DNS have proven to be big holes. If you use hosted email make sure that it has two factor auth which cannot be overridden through social engineering. A lot of damage can be done with access to email as Cloudflare discovered a while back. This should really also be a requirement for your DNS provider. If your DNS can be repointed that opens up all sorts of crazy security holes including the potential for a massive man-in-the-middle attack. Or, as BitInstant found out recently, DNS control can be used to lock you out of your own systems if you don’t have IP based access.
So what should you do? Start by making a list of all the external systems that are security relevant and put hosted email and DNS at the top of the list. Make sure all of these external systems ideally use two factor auth. If not, make password resets and security questions for these systems as difficult as possible (and certainly never use factual answers such as your mother’s real maiden name).
No comments yet