Thursday, April 10, 2014

Thing 11 : Sudden technology news

Heartbleed, from xkcd.com

 So, news happens... 

Generally when you were expecting to be doing something else. If you've been following the news the last few days, you'll have heard about Heartbleed, and you're probably wondering what it means for you.

Short version: A technology tool used to make secure websites secure turns out not to have been as secure as was thought. It's hard to tell how much, because it depends on a lot of factors. (Just because there is a vulnerability doesn't mean anyone tried to use it - think of it like leaving your car unlocked. Someone could steal something in it, but lots of times, they won't, and lots of times they won't even notice the car's unlocked in the first place.)

Your best practice is to
  1. first make sure the sites have fixed the problem and
  2. change your password on any site whose security matters to you (bank, financial records, email, anything that could cost you money or be used to get access to accounts that could cost you money.) 
You probably don't need to change passwords on, say, a random forum site about your hobby, or a newspaper comment login, but you might choose to do that anyway.

(This page from LifeHacker will help you figure out which sites have fixed everything. The BBC has a great roundup of information that's less technical. There's a fairly technical explanation over here from the people who found the bug.)

A lot of places are advising that if you're not already using one, using a password manager might be a sensible thing. (I've been checking out LastPass, which gets great reviews, but there's lots of others out there.)

But in general - how do we sort this stuff out? 

This series is about technological literacy in general, so I want to use this as a chance to talk about ways to find out more when the next tech thing like this hits.

My own basic process is pretty simple:
  1. Don't panic. (It doesn't help, and sometimes the advice in the first flush of an announcement isn't the useful advice.) 
  2. Look at sites I know give good information and see what they advise. 
  3. Learn how to evaluate what I'm reading. 
Obviously, steps 2 and 3 are the tricky ones. But they're like all the other information evaluation things we do. We learn to figure out whose movie reviews (or music reviews, or book reviews) we trust, because they tell us information that helps us make decisions that line up with our priorities. We learn how to figure out how to be informed about our health care. We learn how to figure out what shoes or clothes or cars to buy.

Learning to sort out technology information is pretty much the same process, just - well, add more technology. It can definitely be easy to get overwhelmed, or to get lost in jargon. But there's lots of great resources out there to help you out. What about the not-so-great resources? If you get information from a friend (especially someone who doesn't have strong skills at the thing they're talking about) do what you'd do with any recommendation from a friend - check it out somewhere else. If they're right, it'll be obvious pretty quickly.

Some places to try:

Your local technology resources: This, it depends on what the issue is. UMF isn't going to go into detail about, say, a security thing that affects Facebook or Tumblr. But they might about other issues.  
LifeHacker runs (lots!) of stories about all sorts of technology things, and also links to other sources. (Some of these are more reliable than others, but over time, I've learned which ones to pay attention to.) Even if you don't read it regularly, you might bookmark it to check if something comes up.  

A trusted online site. Some sites just have people (either running them or long-time members) who are good at explaining stuff, and highlighting the bits you really need to know. One of my current go-tos is Dreamwidth (a social journalling site) where they had a great explanation (and links to other resources) of what was going on - but I've seen similar things on a number of other sites from interested and thoughtful people.

 A news site: A lot of technology news reporting is really lousy (Sometimes they get things wrong. Sometimes they panic about the wrong thing.) But if you find a resource that seems to be good and reliable, definitely use that. I tend to default to NPR (National Public Radio), but I've seen very useful summaries come out of other sources.

Things to try:

  1. If you don't already have a good password management system (and change the important ones regularly), this would be a great time to start.
  2. Find one or two sources of technology information that are new to you. Check them out. Compare them to sources you already know. Do they help you understand what's going on? Do they seem to be accurate? 
  3. If you get a chance, share good resources with other people. (Maybe pass this post along on Facebook for people who are wondering about Heartbleed. Maybe tell a friend. Maybe explain something to your friend or parent or grandparent.) Sharing information is a really great way to make the world better.