View profile

Security | Life | Cynicism - Issue #2

February 22 · Issue #2 · View online
Security | Life | Cynicism
A bit of a monster of an issue this week. It’s for the best, I like to keep you people on your toes.

Not so much a security story as this is one about business models, but seeing as it’s about a security company, why don’t you pull up a chair and let’s talk about it. 
Many people are up in arms over password manager provider LastPass making changes to its free tier by limiting account holders to one type of device in a move that many are claiming are effectively making the service useless. 
I posed the question on Twitter as to why a business that makes changes to a free service was causing so much grief.
The Javvad Malik A.I.
We've become so accustomed to getting most things for free online (well paying with our data) that @LastPass charging for its free tier is somehow controversial?

I mean sure, it's a change, but I'm a bit confused as to the outrage. Or am I missing something?
There were tons of great responses and discussion with good points being made on both sides ranging from, “this is drug dealer tactics” to “Infosec pros complain about orgs not giving budget while not wanting to spend their own money on security.”
I believe there are three things at play here,
  1. The reality-expectation gap
  2. Understanding businesses
  3. Our relationship with software
1. The reality-expectation gap, as its name states is when reality does not match our expectations. For example, you study really hard for an exam and expect an A grade but end up with a B. The B grade isn’t bad, but the disappointment lies in what you expected and what you got.
Whenever we make the decision to use a software, make a purchase, or recommend something, we’ve made an investment. Whether that be a monetary investment, or time, or emotional. We expect things to work as they are, and when that is unexpectedly changed, it causes disappointment.
2. Understanding businesses is a vital part of the equation, especially tech companies. Many tech companies are not profitable, they have investment and often offer services at a loss in order to build market share. But this isn’t something that is sustainable indefinitely, and there comes a point where the user base needs to be monetised *cough* Facebook *cough* or culled.
This isn’t just for startups, we saw a few months back Google announced a change to its Photos services whereby from June 1 users will no longer get free unlimited photo storage.
The last point on this is that any tech company’s primary objective is to make money. Sure, if they can make the world a better place in the process that’s good. But very rarely will a company try to make the world a better place without profiting from it. While we all would love all of our friends and families to use password managers or other security tools and software and be better at managing their online risk. Vendors don’t care if everyone does, they just want enough people using their service to allow them to turn over a nice profit.
3. Our relationship with software today is not the same as it was back in the days when you got software on CD’s from magazines. As consumers, we have very little control. Even when there’s a physical product attached to the service, because everything is linked to a cloud backend, vendors can make any changes at any time. While sometimes public pressure can force a company to rethink any major change, like when Sonos did a U-turn over bricking its older smart speakers, other vendors remain firm in their battle to force their customers to remain within their grasp, as the long-running dispute between John Deere and farmers has shown.
Is this a good thing? Well call me old-fashioned, but I grew up in a time when if you bought and paid for something, it was yours forever to do with as you pleased. We’ve entered into a weird muddled up world where we don’t know what direction a software will take or how our relationship will change with the provider on a day to day basis - whether that be paid or free. On the other hand, I’m sympathetic towards vendors and providers who may want to tweak or change an offering knowing that whatever changes are made will alienate a portion of its user base.
Procrastination is a topic near and dear to my heart. Research from Griffith University in Queensland, Australia, suggests an interesting approach to dealing with procrastination.
The approach is based on ‘Temporal Motivation Theory’, which suggests that procrastination stems from four interlinked factors:
Expectancy: we underestimate our chances of completing tasks successfully.
Delay: we fail to appreciate how delaying tactics diminish our chances of meeting future deadlines.
Value: we tend to over-value present rewards and under-value future rewards.
Impulsiveness: we are susceptible to distractions.
The study suggests that we can overcome procrastination by thinking through the following four ‘reflection points’, which are designed to address the psychological roots of procrastination:
  • How would someone successful complete the goal?
  • How would I feel if I don’t do the required task?
  • What is the next immediate step I need to do?
  • If I could do one thing to achieve the goal on time, what would it be?
In an experiment involving more than 100 students, the researchers found evidence that this approach can help, although the results suggest that the reflection points must be considered multiple times in order to be effective.
If you’re a prepper, then you should really make sure you’re prepared… but as this twitter thread shows, not everyone who prepares is actually prepared. 
We discussed this on the Host Unknown podcast and Thom summed it up by saying it’s a good case of testing your business continuity and disaster recovery plans.
Jean-Michel Connard
so my eldest brother, who is a moron, has been playing soldier with his moron friends in the deserts of texas for the last year preparing for the collapse of civilization if biden won (lol). they were burying food and ammo stashes out in the desert, running drills, crazy stuff
Jean-Michel Connard
this included getting a cb license so he could be their lifeline to other groups of white idiots when the cell towers all went offline. wouldn't want to violate federal law while communicating with your resistance groups after the fall of the federal government i guess.
Jean-Michel Connard
anyways, you would assume given that they've been prepping for the end of the world for at least a year they're well situated to ride out the rolling blackouts right?

Jean-Michel Connard
their plan for cooking and heating during an extended power outage was natural gas, but like a lot of homes their gas service is out. the food in their freezer and fridge is already toast due to the power outrages, so they're down to canned stuff, but there's a catch.
Jean-Michel Connard
they can get into the pull top cans just fine, but the ones that require an opener? their only can opener is electric. so a good 3/4 of his canned food store is inaccessible to him unless he goes after it with a knife, which i sincerely hope he does.
Jean-Michel Connard
so captain survival was eating unheated ravioli out of a can yesterday because i guess he doesn't know how to start a fire? they have a fire pit but it too is gas fired.

he told my mom they're probably going to break into the survival buckets soon. i'm sure that's great food.
In closing
It’s worth going to read the rest of the thread, I won’t post it all here. But on a serious note, I hope everyone in Texas is staying safe and healthy. There’s little I can do for anyone sitting behind a keyboard in lockdown - but if there’s anything I can do for anyone, anywhere in the world, even if it’s just a chat, you can just shine the spotlight into the sky with the big J on it!
Stay secure my friends.
Did you enjoy this issue?
If you don't want these updates anymore, please unsubscribe here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue