Archive for the ‘Technology’ Category

YubiKeys are neat

I recently picked up a YubiKey, because we use them at work and I was impressed with how simple and easy-to-use they are. I’ve been really happy with it so far – enough to write a blog post about it.

Photo of my YubiKeys on a keychain on a table

Basically, YubiKey works like this: whenever you need to do two-factor authentication (2FA), you just plug this little wafer into a USB port and tap a button, and it types out your one-time pass code. Interestingly, it does this by pretending to be a keyboard, which means it doesn’t require any special drivers. (Although it’s funny how Mac pops up a window saying, “Set up your keyboard…”)

The YubiKey Neo, which is the one I got, also supports NFC, so you can use it on a phone or tablet as well. I’ve only tested it on Android, but apparently iOS has some support too.

YubiKey is especially nice for sites like Google, GitHub, and Dropbox, because it runs directly in the browser using the FIDO U2F standard. Currently this is only supported in Chrome, but in Firefox you can also set security.webauth.u2f to true in about:config and it works just fine. (I use Firefox as my main browser, so I can confirm that this works across a variety of websites.)

One thing that pleasantly surprised me about YubiKey is that you can even use it for websites that don’t support U2F devices. Just download the Yubico Authenticator app, plug in your YubiKey, and now your YubiKey is an OTP app, i.e. a replacement for Google Authenticator, Authy, FreeOTP, etc. (Note that Yubico Authenticator doesn’t seem to support iOS, but it runs on desktops and Android, and is even open source on F-Droid.)

What I like the most about Yubico Authenticator is that it works the same across multiple devices, as long as you’re using the same YubiKey. This is great for me, because I have a weird Android setup, and so I’m frequently factory-resetting my phone, meaning I’d normally have to go through the hassle of setting up all my 2FA accounts again. But with YubiKey, I just have to remember to hold onto this little device that’s smaller than a stick of gum and fits on a keyring.

One thing I did find a bit annoying, though, is that the NFC communication between my YubiKey and OnePlus 5T is pretty spotty. To get it to work, I have to remove my phone from its case and the YubiKey from my keyring and clumsily mash them together a few times until it finally registers. But it does work.

Overall though, YubiKey is really cool. Definitely a worthy addition to one’s keyring, and as a bonus it makes me feel like a 21st-century James Bond. (I mean, when I plug it in and it “just works,” not when I’m mashing it into my phone like a monkey.)

If you’d like to read more about YubiKey and security, you might enjoy this article by Maciej Ceglowski on “basic security precautions for non-profits and journalists in the United States.”

Update: In addition to U2F, there is also an emerging standard called WebAuthn which is supported in Chrome, Firefox, and Edge without flags and is supported by YubiKey. So far though, website support seems limited, with Dropbox being a major exception.

Should computers serve humans, or should humans serve computers?

The best science fiction doesn’t necessarily tell us something about the future, but it might tell us something about the present.

At its best, sci-fi finds something true about human nature or human society and then places it in a new context, where we can look at it with fresh eyes. Sci-fi helps us see ourselves more clearly.

This is a video made by Microsoft in 2011 that shows one sci-fi vision of the future:

This is a utopian vision of technology. Computers exist to make people more productive, to extend the natural capabilities of our bodies, to serve as a true “bicycle of the mind”. Computers are omnipresent, but they are at our beck and call, and they exist to serve us.

This is a video showing a different vision of the future:

 

This is a dystopian vision of technology. Computers are omnipresent, but instead of enabling us to be more productive or to grant us more leisure time, they exist to distract us, harass us, and cajole us. In this world, the goal of technology is to convince us to buy more things, or to earn points in a useless game, or to send us on odd jobs the computer chose for us.

A similar vision of the future comes from Audrey Schulman’s Theory of Bastards. The protagonist rides a self-driving car, but she can’t turn off the video advertisements because her implant is six months out of date, and so the commands she barks at the car fail with an “unknown” error.

She blames herself for failing to upgrade her implant, in the way you might chide yourself for forgetting to see the dentist.

As the car arrives, she pays for the trip. Then she notes:

“At least in terms of payment, the manufacturers made sure there was never any difficulty with version differences. It was only the actual applications that gradually became impossible to control.”

Between the utopian and dystopian, which vision of the future seems more likely to you? Which vision seems more true to how we currently live with technology, in the form of our smartphones and social media apps?

I know which one seems more likely to me, and it gives me the willies.

The core question we technologists should be asking ourselves is: do we want to live in a world where computers serve humans, or where humans serve computers?

Or to put it another way: do we want to live in a world where the users of technology are in control of their devices? Or do we want to live in a world where the owners of technology use it as yet another means of control over those without the resources, the knowledge, or the privilege to fight back?

Are we building technology for a world of masters, or a world of slaves?