Last time we talked about strong passwords, but what if there was a better way to secure your account? We look at options for two-factor authentication, including text messages, apps, and security keys. Plus, security news from Apple, one of Liz's accounts got breached, and Geoffrey wants to celebrate a special birthday.
I just launched a new project with Geoffrey Thomas: Loose Leaf Security, a podcast about making good computer security for everyone. We believe you don't need to be a software engineer or security professional to understand how to keep your devices and data safe. In every episode, we tackle a typical security concern or walk you through a recent incident.
Our first episode is about securing your online account passwords:
You've heard for years about how to come up with strong passwords, but are those guidelines really true? Liz and Geoffrey talk about new risks to your online accounts, especially with the news of clear-text passwords being mishandled at Twitter and GitHub, and whether you should trust a password manager to solve all your password problems for you. Plus, what's happening to the green lock icon in Chrome, and should you worry about EFAIL?
I just added Open Graph support to this Pelican-generated site so pretty previews would show up when people shared my posts, and I figured I'd share the fairly tidy way I went about it in case other people were interested. I only added support for articles, my journal entries, and pages, the other headers on this site, because adding it for things like tags didn't make a lot of sense (why would anyone share those?).
The changes were pretty simple. First, I added the following to the <head> section of template.html, the part of my custom theme from which every webpage on my site inherits its style:
It was obvious to treat what Pelican calls articles, my journal/blog entries, as articles, and I decided to treat my Pelican pages, basic information about me, as websites. My article titles stand well on their own, but my page titles are accompanied by Liz Denys, my SITENAME, because they don't make as much sense on their own. Everything else - my journal's timeline and tag pages - doesn't have a lot of information in Pelican, so they just got a boring default.
Raw double quotes would be problematic in meta tags, so I make sure to replace them with the friendlier HTML entity " in both the titles and descriptions with Jinja's replace function. I've found that double quotes in article titles mess other things up in Pelican, but still applied the replace to titles here just in case that changes.
The Open Graph description property, og:description, is generally a preview of the website's content, and since I don't use Pelican's summary attributes in my theme, I opted to grab a bit of the content directly with article.content or page.content. I couldn't find a definitive answer as to how much that should be - Open Graph says a description is "a one to two sentence description of your object," Facebook defines a description as "a clear description, at least two sentences long," and Twitter specifies that a description has a maximum of 200 characters. These seemed a bit conflicting, so I followed the clearest instruction, Twitter's, and limited my descriptions to 200 characters, including the possible trailing " ..." with Jinja's truncate function.
Some, but not all, of my articles and pages contain images, so I wanted a default og:image for the entire site that could get overridden on webpages where something specific made more sense. I briefly considered progamatically taking the first image to appear in a post for its preview, but when I looked through some older posts, I noticed this wasn't always the right choice both in terms of content and size - you need at least a 200px square for Facebook and probably want even larger. I uploaded a default og:image to "{{ SITEURL }}/images/opengraph-default.jpg". I named the file that instead of something that describes its content (currently an old photo of me in SIPB's machine room) so that I would only need to upload a new image to the same location to change it later. When I want to override this default for an article or page, I'd simply define opengraph_image in the meta information of its Markdown file like so:
Title: Inbox by Gmail's accidentally abusive algorithm
Slug: inboxs-accidentally-abusive-algorithm
Date: 2016-05-14 11:03
Category:
Tags: a little too helpful; content algorithms; email; gmail; Google; harassment; inbox; product design
opengraph_image: software/inboxs-accidentally-abusive-algorithm/inbox-speed-dial.jpg
The code in the template checks whether or not this meta information exists, so if I want to use the site default, I simply leave it out.
Once I added this to my site, I checked that my new Open Graph information rendered as I expected with Facebook's Sharing Debugger and Twitter's Card Validator. I also sent direct messages containing links to my posts on Slack to see how they rendered there with the new Open Graph information. Here's what one of my articles now looks like when someone posts it to Facebook:
That same article when it's shared on Twitter:
And finally, what it looks like when posted to Slack:
Dealing with impostor syndromeisn'tfun, but playing Dungeons & Dragons is! Here's a quick little 5e spell combining the two:
Impostor syndrome
5th-level enchantment
Casting Time: 1 action Range: 60 feet Components: V, S Duration: Concentration, up to 1 minute
You create an overwhelming sense of doubt in the mind of a creature that you can see within range. The target must make a Wisdom saving throw. On a success, the spell ends. On a failed save, the target firmly believes it is less talented than it actually is, and its Intelligence score is reduced by 2 until this spell ends. Additionally, the target becomes very anxious, and any Constitution saving throws made to maintain concentration are made with disadvantage until this spell ends.
While a target is affected by this spell, the target rationalizes all previous accomplishments as luck and deeply fears its magic will fail and reveal it as a fraud.
On each of your turns for the duration, you can use your action to deal 4d8 psychic damage to the target. You do not need to be able to see the target or continue to be within range to deal this damage.
At the end of each of the affected target's turns, it can make a Wisdom saving throw. If you can no longer see the target, it has advantage on this saving throw. On a successful save, this spell ends.
At Higher Levels. When you cast this spell using a 6th-level spell slot, the target's Intelligence score is reduced by 3 on a failed save. When you use a spell slot of 7th level or higher, its Intelligence score is reduced by 4 on a failed save.
Available to classes: Bard, Sorcerer, Warlock, Wizard
But she wasn't just the fearless young woman standing up to capitalism she seems to be. A plaque was placed next to her that read:
Know the power of women in leadership
SHE makes a difference.
State Street Global Advisors
The plaque said "State Street Global Advisors" and emphasized the word "SHE" because Fearless Girl was commissioned by State Street Global Advisors as an advertisement for their SHE index ETF. A lot of people, including the bull's artist, are upset because Fearless Girl's origins are partially related to an advertisement.
Interestingly, Fearless Girl and its plaque were rather ineffective as an ad. (The plaque has now been taken down.) It certainly looks weird to have something that says "State Street Global Advisors" on it by the statue, but it's not at all obvious that this is a reference to the SHE ticker. When I asked people who saw it in person, most of them told me they saw a strong young woman standing up against capitalism. When I myself moved closer and saw the plaque, I felt my eyes roll because it felt like a poor effort on behalf of a finance company to promote women. I didn't recognize it as a publicity stunt for a ticker, and I work in finance. The average visitor is probably much less likely to realize "SHE" meant the ticker. I actually only know a few people who recognized the reference to State Street's ticker, and they all specifically pay attention to new financial products as part of their job. It took the internet to explain the ad to the masses, and it seemed to have gone viral in a way that didn't benefit State Street unless you really, truly believe that all press is good press.
Honestly, I don't love that this otherwise wonderful statue started as an ad; I'd love it a little bit more if it weren't one. However, public art is incredibly expensive to create - Arturo Di Modica spent $350,000 of his own money to create Charging Bull. Not everyone is independently wealthy enough to have a whopping 350 thousand dollars in 1989, which is roughly 700 thousand dollars today, around to drop on a statue that they don't even expect to see returns on. If we believe that "true" art is self-funded, we let art only be the domain of the rich and lose the viewpoints of everyone who doesn't have that kind of privilege. That isn't right.
Di Modica is upset not just because Fearless Girl was in part an advertisement: he is also upset that people are misinterpreting his Charging Bull. He says his statue is about "the strength and power of the American people" and does not like that people view it differently. Specifically, he does not like that some people interpret the bull as the strength and power of capitalism or men in the United States. But once you release your art into the world, your intentions as the artist no longer comprise the only valid interpretation of your art. You cannot control how people react to your art, nor should you be allowed to.
Fearless Girl also changes the meaning of Charging Bull. Instead of being a symbol of "the strength and power of the American people" as Di Modica intended, it's now seen as an aggressive threat to women and girls — a symbol of patriarchal oppression.
Fallis notes that Fearless Girl highlighted the interpretation of Charging Bull as "a symbol of patriarchal oppression" as a valid interpretation. He shows that he understands that authorial intent isn't everything. He continues:
In effect, Fearless Girl has appropriated the strength and power of Charging Bull. Of course Di Modica is outraged by that. A global investment firm has used a global advertising firm to create a faux work of guerrilla art to subvert and change the meaning of his actual work of guerrilla art. That would piss off any artist.
See? It's not as simple as it seems on the surface. It's especially complicated for somebody (like me, for example) who appreciates the notion of appropriation in art. I've engaged in a wee bit of appropriation my ownself. Appropriation art is, almost by definition, subversive - and subversion is (also almost by definition) usually the province of marginalized populations attempting to undermine the social order maintained by tradition and the establishments of power. In the case of Fearless Girl, however, the subversion is being done by global corporatists as part of a marketing campaign. That makes it hard to cheer them on. There's some serious irony here.
Fallis's belief that subverting Charging Bull as "a symbol of patriarchal oppression" should solely be the "province of marginalized populations attempting to undermine the social order maintained by tradition and the establishments of power" leaves no room for works funded for corporate interests. Specifically, he states that the "global corporatists" who funded Fearless Girl as "part of a marketing campaign" invalidates it as subversive art. He implies that it only disrespects Di Modica's statue because it has, as Fallis later states, "hijacked the meaning of his work" under false pretenses.
What Fallis is really saying is that it's valid to see Charging Bull in lenses other than Di Modica's authorial intent, but Fearless Girl will always primarily be marred by its associations to State Street's SHE index ETF. Not only does this imply that some concept of authorial intent has to be the primary interpretation of Fearless Girl, but that the authorial intent of Fearless Girl is solely the province of State Street and is thus completely disconnected from its creator, Kristen Visbal.
"But I made sure to keep her features soft; she's not defiant, she's brave, proud and strong, not belligerent."
She made a deliberate choice as to who the girl should represent:
The sculptor based her work on two Delaware children - a friend's daughter she said had "great style and a great stance, and I told her to pretend she was facing a bull." The second was a "beautiful Latina girl, so everyone could relate to the Fearless Girl."
Removing Visbal's creativity from an examination of the authorial intent behind Fearless Girl just doesn't make sense. Whatever value authorial intent holds aside, her creative decisions undoubtedly influenced why I relate to a girl proud to face capitalism and take on Wall Street.
Later in his piece, Fallis focuses even more on State Street's intentions when trying to evaluate the merits of Fearless Girl:
And yet, there she is, the Fearless Girl. I love the little statue of the girl in the Peter Pan pose. And I resent that she's a marketing tool. I love that she actually IS inspiring to young women and girls. And I resent that she's a fraud. I love that she exists. And I resent the reasons she was created.
On its surface, this paragraph sounds like an understandable set of mixed feelings on the piece that I largely agree with, but Fallis hides something much, much more insidious - the idea that Fearless Girl is a "fraud" because State Street funded her creation.
Calling the girl a "fraud" has deeper underpinnings than only the unjust idea that getting funding invalidates art mentioned above. Women's ideas have been erased by men who restate their ideas, take get credit for them, and successfully erase women's involvement in them - much as Visbal's creative decisions are being erased because State Street funded her sculpture. Women's contributions have been consistently devalued because they have been supported by the money of others, usually men who collectively hold the keys to significantly more money than women do - much like how Di Modica's self-funded $350,000 work is considered true guerilla art while Visbal's has no such value because she didn't pay for it herself. Finally, as much as it pains me to say it, women's progress often depends on the approval of men and their willingness to take up their cause - much as State Street chose to fund Visbal's work.
Do I think we should stop thinking critically about Fearless Girl? Absolutely not, but I definitely think we can't consider the context surrounding how the statues were funded and their authorial intents in a vacuum - they are fundamentally intertwined with the patriarchy.
