Jesper Writes About Security

  Prioritizing your work is absolutely critical. You can do all kinds of things, but if you don’t with some regularity do the right things you won’t be moving forward. A couple of weeks ago in a round-table discussion, someone mentioned prioritizing work based on the principle of maximum benefit for minimum effort. That reminded me that I needed to write up some thoughts and a job aid that I created a few years ago related to that very valuable principle.  The theory underlying it is really intuitive and straightforward: ensure you maximize the benefit you get from any unit of work. There’s just two problems with that: 1) how do you determine how much work something is, and 2) how do you determine how much benefit you get from the work? Work estimation is not exactly our strongest point in IT. There was a joke when I started out in software engineering back in,... well, it doesn’t matter when. To estimate how long a software project would take you ask the developer. Then you take thei

  November 12, 2019: Apple finally released FIDO2 support in Safari.  June 9, 2020: A review of several websites reveals that a number of them still block FIDO2 in Safari.  On November 12 last year I thought that we finally would start seeing some adoption of FIDO2. However, this industry has a strange approach to protocol support. 7 months after Apple added FIDO2 support to Safari, AWS, Microsoft, and, yes, even GoDaddy, have code that blocks you from using FIDO2 security keys in Safari.  However, while so many vendors still block support of modern security protocols, they still support old and outdated ones. For instance, all of them support TLS 1.0 and 1.1. The major browser vendors coordinated an announcement in 2018 that TLS 1.0 would be deprecated in their products in March 2020. This was hailed as a major precedent setting announcement at the time. However, less than 1% of the traffic in each of those browsers, even then, was over TLS 1.1 and 1.0. Microsoft claimed at the time t