Saturday, March 22, 2014

Books as objects

It was perhaps the Argentinian writer Borges who better framed books as objects for me. I somewhat remember watching an interview of him describing his passion for books, saying that on some level just having the physical presence of certain tomes in his library was enough for him even if he could no longer read them, while passing his hand fondingly over the covers of the Britannica.

It was a happy discovery the invention of the codex. The format is easily portable, readable and allows easy flipping to any part which is unmatched by any other.  In fact, for all the listening and approbation of audiobooks I've made and that still will be doing, I still miss the flipping aspect. How can one search through audio?

The fondness of books can still reach unhealthy levels. Liking them is ok up to some point, but  loving them too much isn't. There's a sort of hylotheism (had to use the word for once) somewhere down there, investing passion on material objects.  Guess that my take is to appreciate  the nice volumes you already have and distract yourself away from those you've not.

Now, I don't want to act as if having the moral high ground. For my part I resist any markings, marginalia,  or annotations to books of other's or my own. Some say that's the way to really own a book. I believe that on one part it defaces their pristine beauty, even more if the tome in question is special in any sort of way, such as being a first or deluxe edition; on the other, it robs intellectual spontaneity from whoever might read next by imposing one's own, possibly wrong or shifting opinions, then and there. I also have bad handwriting. 

Now, if you're a yet-to-be-discovered Leonardo or are the author one my books you and your pen welcome to them.

If you can resist the temptation of physical books and still appreciate them, check:
  • Used & Rare by Goldstone & Goldstone, which deals on second-hand books in general from a collector's standpoint
  • The Man Who Loved Books Too Much by Hoover, which is on book theft and itself is a steal
  • My favorite 6128 books article on the WSJ:

I diametrically stand opposite on most of the author's views, but his stance is interesting nonetheless. In a similar vein there's:
  •  The Solitary Vice: Against Reading by Brottmann. Stemming from her own experience and building on that of others', the author makes a case against reading and its immediate reach. Not as bad as it sounds, but she does make some valid points. Fortunately in my view, I do pass her test on page 19. In the section titled 'Of human bondage' she touches briefly on bibliomania.

Saturday, March 8, 2014

Is oneself the greatest threat to LastPass security?

I wrote this letter as a Q&A submission for the Security Now! podcast. It didn't make it into the show, but I thought about sharing it here. I think there's a valid point to my argument, but who knows? Am I right? Overly exaggerating? You tell us!

Dear Steve,

I'm currently moving away from a algorithm based password system. I have been testing out LastPass with some sites and have been more or less liking it. I'm already convinced that its technology can keep me safe from threats from without. However, I still have a cause for concern. As I see it, and as it currently stands, the greatest threat to a LastPass based security scheme is: *myself*.

Although I use good habits and have not had a problem for the last decade, I cannot completely trust myself not to bring malware to my system: I can be served a malicious banner on a trusted site, open a file from a contact that has been previously compromised, or click a link in an e-mail message while distracted ("so-and-so sent you a message!").

So, if I happen to get malware in my system, what is there to stop it from taking advantage from my LastPass sessions? As I see it, there are at least two ways in which it could harm me. The first one, taking advantage of an open LastPass session to look into my vault and grab whatever it can in one fell swoop; and secondly,  passively detecting the presence of LastPass and recording the unencrypted passwords on their way from LastPass to each webpage; key logging is surely not the only tool available for hackers. And, still a third one, if one wants to go over the top, what's to stop the malware from interacting concurrently with me on an open webpage? No doubt it can beat me on speed ("look! A banking site! Let's attempt a quick transaction").

The PPP option doesn't look as if it could help me here, because it would only protect the LastPass data when closed or from without, not when open and in use.

By the looks of it, LastPass is great with holding my passwords and populating fields quickly, but not much else. I still need some sort of second factor authentication for each site, preferably a global one.

Are these cause for concern or have the LastPass people have come with a solution for this too?