Can you believe it’s already December? It’s hoodie weather in Phoenix, and has been a long time coming!

If you’re in Phoenix, there are a few events coming up you should know about. First, I’m celebrating my 7-year freelance-

First, I’m celebrating my 7-year freelance-versary at Mod Phoenix today (December 1st), so swing by for champagne and cupcakes at noon if you’re around.

Second, we are hosting a crypto party at the Burton Barr (Downtown Phoenix) library this Sunday from 2:00 to 4:00pm. I’ll be presenting some basics on operational security and threat modeling, Jordan Savoca will talk about VPNs and Tor and secure email systems, and David Huerta will give a PGP crash course. For more information, check out our event page on Facebook and on CryptoParty.IN.

Also, here are four posts and one podcast I worked on in November.

A Third-Party App Helps Walmart Workers Understand Company Policies (Vice/Motherboard) The app Walmart doesn’t want its employees to download.

How To Trump-Proof Your Electronic Communications (Slate/Future Tense) A nuanced, common-sense guide to electronic security in the upcoming administration.

Apple’s New Touch Bar May Present Usability Challenges For Blind Users (Vice/Motherboard) I take a closer look!

Tips For Visiting A New Brazilian Jiu-Jitsu Gym (Performance Menu, paywall) Whether you’re on the road or just dropping in.

[Podcast] Trump University Settles For $25 Million (Monday Morning Dumpster Dive)

I still have four posts in purgatory, and will hopefully be able to link to them next month. For now, happy holidays, and here’s to you finishing your year out strong!

Last month was so busy that I somehow forgot to hit “publish” on this post!  In September, I brushed up on business skills at a bunch of classes at K’e, and then turned around and taught a series of classes on copywriting and social media marketing and storytelling for a handful of local businesses. I cranked out two new podcast episodes with Jimmy Jenkins, about the Clinton email saga continuing, and about the EPA saying that Roundup is not a carcinogen. I also wrote nine posts for five different sites. Check those out below.

Overcoming Gender Bias In Job Hunting (Dice.com)

Has Arizona Found a Solution to Gerrymandering? (Yes! Magazine)

Sixteen years ago, Arizona stripped state lawmakers of the right to draw electoral districts. Many lawsuits later, democracy is stronger—in some ways.

Expert Answers: Natural Pain Relief (Experience Life)

Consider these remedies for post-workout pain. (Unfortunately, the edited version of this conflates DOMS with systemic inflammation, but many of the tips are still solid.)

What Happens In The Gym Stays In The Gym Part 2: Technical Tips (Performance Menu, paywall)

In the second part of a series, I shared some nuts and bolts steps you can take to keep your gym private and secure.

Mr. Robot Season 2, Episode 9: Rubber Duckie, You’re The One (Forbes)

We discuss the Pwn Phone, whistleblowing, and so much more.

Mr. Robot Season 2, Episode 10: The Chickens Come Home To Roost (Forbes)

Mr. Robot Season 2, Episode 11: Twin Peaks Edition (Forbes)

Mr. Robot Season 2, Episode 12: The Grand Finale (Forbes)

What To Do When Facebook Says Your Apple Computer Is Infected With A Virus Or Malware (Forbes)

The anti-virus software link it sends you to won’t help. Here’s what to do instead.

June has been a busy month! Below please find a roundup of posts I wrote that were published this month, including my first-ever posts for The Kernel (Daily Dot) and Ars Technica.

• Snowden’s Favorite Cloud Service Now Has a Group Chat App (Motherboard) SpiderOak, the cloud service that earned Edward Snowden’s trust, is now taking on the likes of Slack with a new collaborative messaging tool called Semaphor.

• Meet The Plaid Parliament of Pwning, One of the World’s Elite Hacking Teams(The Kernel) At Carnegie Mellon University, a loose crew of hackers has become a force to be reckoned with.

• The impossible task of creating a “Best VPNs” list today (Ars Technica) I set out to make a list of reliable VPNs; turns out the task is complicated.

• Here’s Why Emoji Can Break Apps (Motherboard) Emoji are all fun and games until they cause software problems…

• ACLU Files Lawsuit On Behalf of Researchers And Journalists Seeking To Uncover Discrimination Online (Forbes) The lawsuit  states that a provision of the Computer Fraud and Abuse Act could be used to criminalize research uncovering algorithmic bias.

• Check Out These 3 Women In Tech Organizations (Dice Insights) I took a look at Girl Develop It, Women Who Code, and The National Center for Women & Information Technology.

• 3 Tech Jobs That Didn’t Exist Last Decade (Dice Insights) I spoke with Daniel Burrus, an expert on global trends and innovations, about autonomous driving software engineers, augmented reality engineers and designers, and Internet of Things architects.

• Expert Answers: High Temperature Workouts (Experience Life) I spoke with Kru Strength + Fitness owner Josha Kruvand about how to determine whether training in heat is a good idea for your goals.

• Expert Answers: Safe Rotational Exercises (Experience Life) I spoke with physical therapist Jamie Yang about ways to incorporate rotational exercises in your fitness routine while keeping your movements safe and stable.<(In addition to these two expert answers, the magazine also has a Q+A on blurry vision.)

• The Workout: Spiral Power Qigong (Experience Life) Technically in the July/August issue of the magazine, this piece is a description and images of a grounding qigong routine that trains your body to move as an integrated unit — increasing mobility, enhancing mental focus, and building strength. It was designed by Mela Carreira and Frank Paolillo.

• My Geeky Grappling Gym Selection Process (Performance Menu, paywall) I pulled out the spreadsheet I made when deciding where to train Brazilian jiu-jitsu.

• Cyber Security Executives Need To Step Up Their Game: Here’s Why (Forbes) Board members are taking the risk of security breaches so seriously that the majority of cyber security executives will lose their jobs for poor reporting, new survey data indicates.

•  Security News You Might Have Missed, a weekly news roundup I was doing. This month we’ve got “Dystopian Edition,” “Twitter Hacks And Snowden Concerns,” and “Cell Phone Hijacking and DNC Hack.”

• Oh! It’s not really an article, but I put together a quick tipsheet as part of a panel I was on, in which we discussed how journalists and hackers can work together on investigations.

That’s it for now. Catch you next month!

This month, I taught a MidWeek MindTweak at CoHoots on securing small businesses, which was a really fun session with a great audience. I also held my final Phoenix Freelance Spark event, and you can read all about why I stepped down if you’re interested. Next month I’ll be at the IRE conference in New Orleans–drop me a line if you’ll be there, too. Here’s to escaping Phoenix’s summer heat for… other cities’ summer heat!

It’s always hard for me to do a roundup of my posts for the month when I know I have some really good posts on the first of June, but I do have nine posts for you to check out. 

On Lockpicking, Sexism, And Your Tech Conference’s Code of Conduct (Or Lack Thereof) (Forbes)

There are no easy answers for sexism and sexual harassment at hacker conferences or tech events, but there are a few ways to minimize incidents and handle them when they arise. (Oh yeah, and nobody at the lockpicking village wants to hear your creepy handcuff jokes.)

How To Run A Gym Without Being A Classist Asshole (Performance Menu) (paywall, $5.99)

Don’t be that douchebag telling people who literally can’t afford a gym membership that they’re lying and will never get results, and other tips.

Reporter Plays Softball With Hardass (Medium)

This was my recap of the Society for Professional Journalists’ regional conference, in which Arizona Republic columnist E.J. Montini and the controversial Sheriff Joe Arpaio engaged in a keynote “interview” that not only more closely resembled amateur comedy hour, but was entirely devoid of substance. SPJ advocates for fearless journalism, believe it or not… I’d be embarrassed.

Complaining to HR Without Blowback (Dice Insights)

Complaining to HR should be your last resort, but if it’s your only option, these are some things to keep in mind.

3 BAD Food Combinations to Avoid and 6 Good Ones (LiveStrong)

I spoke with three nutrition experts to find out which food combining combos you should really avoid and some that can help optimize your health.

Security News You Might Have Missed: Criminal Risk Assessment Software is Racially Biased (Forbes)

Also, a security researcher was raided by FBI after pointing out a vulnerability in a dental database, anti-choice groups use smartphone surveillance to target “abortion-minded women,” an Israeli startup claims its tech can determine whether a person is a terrorist based on facial analysis, Chicago police use secret information to determine shooting perpetrators, Canary Watch sunseted, and more. Oh, and  it’s time to change your Reddit and MySpace passwords.

Security News You Might Have Missed: I Don’t Know Why You Say Allo, I Say Goodbye (Forbes)

Google’s new messaging app will offer end-to-end encryption, but not by default. Apple makes it harder for feds to unlock devices. LinkedIn finally resets passwords for users whose accounts were apparently compromised back in 2012. (Oops!) The Intercept releases the NSA’s juicy, top secret internal newsletters. And a new report takes a look at media use of the whistleblower platform SecureDrop.

Security News You Might Have Missed: If Math Is Outlawed, Only Outlaws Will Do Math (Forbes)

Alleged British hacker wins court battle over encryption keys, Twitter bars Dataminr from sending alerts to intelligence agencies, federal agents planted hidden mics and videos at a courthouse, Senate contemplates reauthorizing the NSA’s controversial 702 surveillance, a government spy truck poses as a Google Street View car, and more.

Security News You Might Have Missed: Brazil Blocks WhatsApp, Stingray Parallel Construction, More (Forbes)

A roundup of security news this week, including Brazil’s short-lived WhatsApp shutdown, Maryland cops relying on Stingray tech for petty theft, parallel construction in Stingray use in Oklahoma City, Rule 41 changes to increase mass surveillance, and passwords being sold on the dark web.

Tips and comments are welcome at yael@yaelwrites.com (I do use PGP). I’m on Twitter@yaelwrites and on Jabber and Tor Messenger at yael@jabber.calyxinstitute.org. Additional ways to contact me securely are here: https://yaelwrites.com/contact/.

In January, I wrote about administrative backdoors, shitty passwords, and a whole lot more. As always, I’ve rounded up everything I had published for the month, this time divided by publications rather than by topic.

A note for Forbes readers (or non-readers, as the case may be): Unfortunately, Forbes is blocking ad blockers, and I’ve been getting a lot of comments from folks who’d like to read these posts but don’t want to put themselves at risk of malware. There are certain ad blockers that still seem to work (like uBlock Origin), and Tor is always an option, but if you really want to read something and can’t access it, feel free to email me–the terms of my contract allow me to share my own work privately or repurpose it after it’s published.

Forbes Tech

• Peerio Co-Founder On Why He Left The Company (Hint: It Had To Do With Admin Backdoors) I wrote about why 25-year-old programmer and privacy advocate Nadim Kobeïssi says he quit the company he co-founded. And for the record, I believe him.

• 2015’s Worst Passwords Are Still Really Bad (So Please Tell Me Yours Is Not On The List) This post got 60,000+ views, and I’m not really exactly sure why, but I’ll take it.

• Many Americans Are Willing To Sacrifice Personal Information For Good Deals This is about an interesting Pew Research Center study which gets into a bit of detail on when people will give up their privacy, and when they say they’d find a certain tradeoff unacceptable.

• I Tried To Shop Online Anonymously (And It Was A Pain In The Butt) It really was.

• Twitter Restores Politwoops’ API Access, Allowing It To Post Politicians’ Deleted Tweets Once Again This was actually a bit of a followup to my first post about Politwoops and Donald Trump’s deleted tweet.

The Freelancer

• How Investigative Journalists Can Protect Themselves Some great technical and legal tips from cybernetic lawyer Aaron Williamson and digital security trainer Harlo Holmes to help us stay safe.

• This Tool Wants to Help Writers Break News The scoop on Sqoop.

WIRED

• Security This Week: License Plate Readers in Texas Are Now Also Debt Collectors. This roundup also includes information on the UK allowing firms to sell invasive spying equipment to human rights abusers, Chicago police sabotaging their own dashcams, an espionage campaign targeting minority activists, Israel’s electric authority getting hacked, a new Android ransomware, Lenovo SHAREit’s poor security, and how easy it is to get an address from Amazon over chat.

• Security News This Week: Now California Wants to Ban Encrypted Phones, Too Also the FBI ran a child porn site for two weeks, a UK court ruled that the Terrorism Act violates the rights of a free press, a GCHQ-built phone messaging app has a massive backdoor, and more.

• Security News This Week: Tim Cook Demands That the White House Defend Encryption  This roundup also includes information on Spamhaus Project accusing Verizon of routing millions of IP addresses for spammers, Homeland Security asking hotel staff to essentially spy on guests, a graduate center purging interlibrary loan records to protect the privacy of its patrons, and more.

• Security News This Week: Hacked Toymaker VTech Now Makes Home Monitoring Tech Plus news on the monkey selfie, Ukraine’s malware-induced power outage, the Dutch government formally rejecting backdoors, the FTC fining a dental practices software provider for misleading ads about encryption, and more.

Sherdog

• Beating the Odds: UFC 195 (Sherdog) I wrote about the four upsets on the January 2nd card.

That’s it for now! I’ll see you next month.