Security, Security, Security! Semiconductor Shortage, and Apple Cracks Down on App Developers

Global Privacy Control

by Artie Kaye

A little over a decade ago, the Do Not Track header was proposed as something which would prevent websites from tracking personal information online. It wasn’t well implemented and gradually died off. The concept, however, stayed alive. Global Privacy Control is an updated concept in the same vein that is well-defined in its purpose. If a user doesn’t want their information shared or sold, this header will communicate that desire when connecting to websites. California, Colorado, Virginia, and Utah have already adopted laws that will make this legally enforceable, as have some countries. If you are interested in learning more about it, please check out their website at globalprivacycontrol.org.

---

Connecticut Privacy Bill

by Artie Kaye

Connecticut passed a bill that would improve their citizens’ privacy online. It covers a wide scope and is on the whole good for the people. Citizens will have a say in whether their personal data can be sold or used by companies without their knowledge.  The big thing to consider is how this affects interstate business.  If your company does business with one of these states through a website, your business will have to comply with the laws governing data privacy.  With many states having different laws and requirements, it could be difficult to traverse.  Contact your IT support and maybe a lawyer to discuss the best way of handling these changes.  The Connecticut law will go into effect on July 1, 2023.  Similar laws are already in effect in some states as well.

---

Department of Defense Cyber Security Program

by Artie Kaye

A year-long cyber security pilot program by the Department of Defense ended recently. The Defense Industrial Base Vulnerability Disclosure Program. This program was devised to seek out vulnerabilities in the infrastructure by researchers. When something was discovered, the company in question would be contacted with information regarding what was done and how it was found. Solutions for fixing the problems came next. The trial has been successful, finding and securing many potential exploits across the companies that took part in it. This proactive approach of fixing before a problem arises is a great direction to be headed in.  Hopefully, we’ll see the effects of this program reaching the private sector.

---

Abandoned Apple Apps

by Artie Kaye

Apple is giving developers 90 days to update their apps for the iOS store. This isn’t an arbitrary decision on Apple’s part, they cite no updates to the app in 3 years or low download rates as their main criteria. They prune the app store regularly to make sure programs are compliant with their latest security measures or with the operating system. If you have developed an iOS app and have received an email from Apple about it being removed, it’s going to be in your best interest to comply if you want to keep it available through the iOS store. If your app does get removed from the store, it will still remain on users’ devices and its name will still be registered to your account.

---

Microsoft’s New Edge VPN

by Artie Kaye

Virtual Private Networks—more commonly called VPNs—are used by many people the world over. Microsoft has decided to add a free one to their Edge browser for Microsoft users. It sounds like a good deal initially, but there are a couple of caveats. There will be a data limit per month, and it’s currently set extremely low at 1 gigabyte. The other would be that it only affects traffic that is directed through the Edge browser. That being said, when this goes live—even with those limitations—it could be something to use for interactions that require an extra level of protection, like email or financials. Microsoft has an official support page for their VPN setup if you want to learn more about it.

---

Intel CEO Weighs In On Semiconductor Shortage

by Artie Kaye

The semiconductor shortage that’s been persistent during the pandemic won’t be over until 2024 according to Intel CEO Pat Gelsinger. Many factors are at play with why the shortage is happening, from crypto miners, to trade dysfunction, to lack of raw materials. But Gelsinger’s prediction about the shortage is due to production infrastructure. The machines required for manufacturing are not widely available. To help alleviate the problem, Intel is building new production facilities in the US and Europe. With the new facilities Intel will be able to continue production even if disaster hits one of them, preventing a shortage as major as the one we’ve been facing.

---

Open Source Security

by Artie Kaye

A lot of software is open source. If you’re reading this on a chrome based browser, you’re using a program that was built on open source programming. What is open source? It’s code that is made available for use, usually with some stipulations, but at no cost. (Though many do ask for donations to help keep the project open source.) It’s a wonderful resource and addition to programming. A problem that’s becoming more and more apparent as time goes on is that there is no standard for security in many of these projects. Recently, You may have heard about programmers inserting “protestware” into their software modules. This kind of action destroys trust in the open source community. 

The Open Source Security Foundation was created to work towards developing protocols and practices that would help the open source community as a whole. By creating a central organization to address problems, their hope is to speed up reaction time and make their programs safer. If the programs created are more secure, we all benefit. 

If you want to learn more about the foundation, you can visit its website at openssf.org.

---