Picture of Darren P Meyer

Darren P Meyer

an information security researcher, technology hobbyist, maker, parent, and rabid moderate. I work at Veracode, but I don't speak for them here.

Most LGBT discrimination should considered sex discrimination

There is a current trend of passing laws and enacting regulations to establish sexual orientation and gender identity as “protected classes”. A protected class is “a characteristic of a person which cannot be targeted for discrimination”. As I write this, race, color, religion, national origin, age (40+), sex, pregnancy, citizenship, familial status, disability, veteran status, and genetic information are all protected classes.

As these laws and regulations come into effect, it becomes illegal to fire or refuse to hire or remove from housing (etc.) anyone on the basis of their sexual orientation or gender identity. I think this is a good thing.

I also think it shouldn’t be necessary, because most discrimination on the basis of sexual orientation or gender identity should be considered sex discrimination already.

If I fire a woman for doing something that men are allowed to do, that’s sex discrimination. If that something is “have sex with women”, I don’t see the difference. And this basic construction seems to apply to a lot of things relvant to trans* and gender issues:

  • wearing women’s or men’s clothing
  • wearing makeup
  • wearing gender-identified hair or jewelry
  • indicating a sexual romantic interest in a particular gender

Now, I’m not a lawyer, so I’m sure there’s nuance here; but it seems to me that where orientation and gender identity are not explicitly protected, there ought to be a fair amount of protection already.

No-Bullshit Meditation

If you wish to learn how to meditate, there are a lot of resources. Nearly every one I’ve seen is filled with breathy woo, and most of them have a bunch of other bullshit that serves no purpose but to try (and usually fail) to make the author sound profound.

Meditation—even beginner meditation—has well-established benefits for mood, focus, and creativity; having to put up with pseudo-spiritual nonsense to get those benefits sucks. So here is a simple method to start meditation, as well as a brief discussion about some misconceptions that may mess with your practice.

Be clear and realistic about your objectives

The goal of a meditation practice is often described with such bullshit terms as “emptiness of mind”, which lead people to think the goal of meditation is to think of nothing. That’s not really a useful way to think about it.

Your ultimate goal in meditation is to have all your attention focused on what’s going on right now. This is hard because we’ve been trained our whole lives to think a lot about the past or the future, with all the stresses involved. Thinking only about right now once in a while is like a brain vacation.

You will absolutely fail to do this. A lot. Hardly anyone can manage to do it for any significant period of time, even without all the distractions that will annoy you every time you try. That’s totally OK because even shitty meditation ...

Meetings Are A Terrible Way To Communicate

Several people need to have a conversation about something: let’s call a meeting,that will help “facilitate communication”, right? Probably not.

Meetings are almost always a terrible way to communicate. Don’t get me wrong, there’s are ways to have an effective meeting. But if your goal is to encourage effective communication, having a meeting means you’re fighting uphill.

Meetings tend to favor people who are outspoken, think quickly, and are self-assured. But on every effective team on which I’ve worked, there are valuable contributions to be had from those who are quiet, who think deeply, or who are a unsure of themselves. Meetings are not good outlets for those folks, which means you’re leaving the value they can add on the table whenever you have a meeting.

Some of this can be improved by changes to the meeting. A good moderator will ensure that quiet people have an opportunity to speak. But:

  • a 30-60 minute session will not ever be conducive to getting value from people who need to time to think deeply before they contribute.

  • putting someone who’s unsure of themselves on-the-spot will only discourage them from contributing

We live in a wonderful world where written communication is faster and easier than ever; having conversations in text (strings of replies on GitHub or Stash or JIRA or whatever, chats on IRC or Slack, even just email threads) is almost always a better choice than a meeting when you want everyone on your ...

Dropbox Is Probably Not Stealing All Your Files

A bit of additional material has been added to clarify why “a few hundered KB isn’t much”

There is a pretty serious allegation that Dropbox is stealing all your files making the rounds. The allegation is based on the following observations:

  • An unnamed DLP product noted that the Dropbox application accesses newly-created files outside the Dropbox folder

  • Firewall logs show the Dropbox application accessing Dropbox itself and Dropbox-controlled AWS endpoints around the same time as the above file access.

Seems pretty damning, right? Well… maybe not so much.

The Dropbox application uses a filesystem monitor to detect when changes are made by monitoring filesystem write events. This is, by necessity, a system-wide process. So DLP alerting that Dropbox is “acccessing” a new file shouldn’t be surprising.

Update: it turns out that it’s the Dropbox shell extension that’s most likely triggering these events. Thanks to @razvanh’s Medium explanation that clarifies this important point.

Likewise, the Dropbox application routinely communicates with its sync infrastructure at Dropbox and AWS endpoints, so it’s not surprising to see Dropbox communicating regularly to check whether there is a new sync point or the like.

So the provided evidence doesn’t show that Dropbox is reading or transmitting any files outside your Dropbox folder; but it doesn’t disprove it either. So how can we test?

A simple protocol can give us an idea of whether data is being sent to Dropbox:

  1. Create a large-ish file (1MB) outside of the Dropbox ...

An open letter to the FCC

I sent this letter to the FCC’s public commentary mailbox; I’m posting it here in the spirit of openness.

The Age of the Internet has brought untold benefits, innovation, and prosperity. Such benefits are possible because there has always been a sort of “gentlemen’s agreement” that the ISPs are neutral when it comes to who is sending data to them.

Data from a tiny startup is treated the same as data from giants like Microsoft. People providing services using the Internet pay their providers for the Internet service they need, and subscribers do likewise.

However, large ISPs want an end to this ‘Net Neutrality. Not content with record profits from large and small providers alike, these ISPs want to charge again for “fast lane” access to the homes and offices of their subscribers. Businesses will pass these increased costs to consumers, and small organizations will have find themselves with greatly increased barriers to serving their potential customers.

Our lack of effective last-mile provider competition has already made the US struggle to compete with Europe and Asia; allowing ISPs to dispense with network neutrality will only pump their profits—without significant benefit to consumers, and with harm to small innovators.

The FCC should be acting to preserve network neutrality, thus continuing to protect the fertile environment for Internet innovation. Instead, the chairman is proposing rules that will undermine it.

Page 1 / 2 »