Last week came the report that there are bugs in the processor chips that run pretty much every computer that’s been built in the past 10 years. Maybe more.
Meltdown and Spectre.
Two days after I first saw it come across my Twitter feed, NBC Nightly News reported it. They made it sound like it was mostly Apple products that were affected. It’s not just Apple. It’s just about anything with a processor chip in it.
I’m not a computer security guru, nor do I pretend to be. Here’s Randall Monroe’s explanation that’s as good a high-level view for ordinary people as it gets:
![xkcd explanation of Meltdown and Spectre](https://imgs.xkcd.com/comics/meltdown_and_spectre.png)Obviously, these security holes are cause for concern. But there’s just not a lot that most of us can do about them. It’s a problem for other people smarter than us to figure out.
For the rest of us, there are things we can do to make life with computers slightly less risky. There is low-hanging fruit that is easy enough to grab, that can go a long way.
Start with passwords. (I’m talking to “Joe Average” readers.) If you don’t have a password manager, you should.
Stop using the same password for everything. If one site gets hacked, you’re pretty much screwed on all the sites you use that password for.
Stop using easy passwords. Longer passwords are better. Passwords that are single words you can find in the dictionary are pretty much the same as not having a password at all.
Of course, you can’t remember all those different and long passwords. That’s why you need a manager. I use and recommend
Dashlane. I’ve tried LastPass and hated it. (Like it says in the masthead, it’s my opinion.) I can’t say anything about the others. But having one is better than not having one, because you start using better passwords.
For those of us who are developers, know the basic security concepts of the language you’re programming in. For PHP developers, here’s the page to bookmark for your
2018 PHP security reference courtesy of the people at the Paragon Initiative. (Hat Tip to Cal Evans at Nomad PHP.)
While you’re at it, here’s a story from David Gilbertson at
Hackernoon that will help you understand the importance of taking some time for due diligence with the code you’re probably importing from other people’s repositories.
All this to say, there are some things about computer security that, by and large, are beyond us ordinary folk. But there’s a lot we can do to avoid the vast majority of threats that aren’t sexy enough to make the national evening news.