Monday, July 23, 2018

Preparing for the November election. Also, think about other things that may be influenced.
Report – Challenging Truth and Trust: A Global Inventory of Organized Social Media Manipulation
Computational Propaganda Research Program – Oxford Internet Institute – Challenging Truth and Trust: A Global Inventory of Organized Social Media Manipulation, July 20, 2018: “The manipulation of public opinion over social media platforms has emerged as a critical threat to public life. Around the world, a range of government agencies and political parties are exploiting social media platforms to spread junk news and disinformation, exercise censorship and control, and undermine trust in the media, public institutions, and science. At a time when news consumption is increasingly digital, artificial intelligence, big data analytics, and “blackbox” algorithms are being leveraged to challenge truth and trust: the cornerstones of our democratic society. In 2017, the first Global Cyber Troops inventory shed light on the global organization of social media manipulation by government and political party actors. This 2018 report analyses the new trends of organized media manipulation, and the growing capacities, strategies and resources that support this phenomenon. Our key findings are:
  1. We have found evidence of formally organized social media manipulation campaigns in 48 countries, up from 28 countries last year. In each country there is at least one political party or government agency using social media to manipulate public opinion domestically.
  2. Much of this growth comes from countries where political parties are spreading disinformation during elections, or countries where government agencies feel threatened by junk news and foreign interference and are responding by developing their own computational propaganda campaigns in response.
  3. In a fifth of these 48 countries—mostly across the Global South—we found evidence of disinformation campaigns operating over chat applications such as WhatsApp, Telegram and WeChat.
  4. Computational propaganda still involves social media account automation and online commentary teams, but is making increasing use of paid advertisements and search engine optimization on a widening array of Internet platforms.
  5. Social media manipulation is big business. Since 2010, political parties and governments have spent more than half a billion dollars on the research, development, and implementation of psychological operations and public opinion manipulation over social media. In a few countries this includes efforts to counter extremism, but in most countries this involves the spread junk news and misinformation during elections, military crises, and complex humanitarian disasters…”

Not the most common vector of attack. Consider why this data might be valuable.
State-Actors Likely Behind Singapore Cyberattack: Experts
State-actors were likely behind Singapore's biggest ever cyberattack to date, security experts say, citing the scale and sophistication of the hack which hit medical data of about a quarter of the population.
The city-state announced Friday that hackers had broken into a government database and stolen the health records of 1.5 million Singaporeans, including Prime Minister Lee Hsien Loong who was specifically targeted in the "unprecedented" attack.
Singapore's health minister said the strike was "a deliberate, targeted, and well-planned cyberattack and not the work of casual hackers or criminal gangs".
While officials refused to comment on the identity of the hackers citing "operational security", experts told AFP that the complexity of the attack and its focus on high-profile targets like the prime minister pointed to the hand of a state-actor.
"A cyber espionage threat actor could leverage disclosure of sensitive health information... to coerce an individual in (a) position of interest to conduct espionage" on its behalf, said Eric Hoh, Asia-Pacific president of cybersecurity firm FireEye.
Jeff Middleton, chief executive of cybersecurity consultancy Lantium, said healthcare data is of particular interest to hackers because it can be used to blackmail people in positions of power.
"A lot of information about a person's health can be gleaned from the medications that they take," Middleton told AFP Saturday.
The hackers used a computer infected with malware to gain access to the database between June 27 and July 4 before administrators spotted "unusual activity", authorities said.

Something is off here. A privacy App that violates privacy?
India threatens iPhone ban if Apple doesn’t accept regulator’s anti-spam app
The last few years have seen Apple expanding into India with the iPhone, but now the company is facing a serious problem if it doesn’t cater to the demands of the country’s telecom regulator. The Telecom Regulatory Authority of India (TRAI) has put new rules in place in an effort to protect mobile users’ privacy and block spam calls and messages. Part of this policy involves making an app available to every subscriber, but Apple refuses to allow it on the App Store, ironically, due to privacy concerns.
The regulator requires that all carriers in India make TRAI’s “Do Not Disturb” app available for users to download and install on their device. The app then gives users the ability to report unsolicited calls and messages. Apple has not allowed it on their App Store, however, due to the fact that the app requires access to call history and message logs in order to send reports to the agency.
While Apple has been butting heads with TRAI for over a year now, the regulator has moved forward with the policy, giving all carriers six months to make sure the app can be installed on every device they offer. Any phones that can’t install the app after that period will be cut off from the carrier’s network. As for Android, the app is already available via Google’s Play Store.

How do you explain religion to a computer? Or the a-religious?
Can Artificial Intelligence Predict Religious Violence?
Imagine you’re the president of a European country. You’re slated to take in 50,000 refugees from the Middle East this year. Most of them are very religious, while most of your population is very secular. You want to integrate the newcomers seamlessly, minimizing the risk of economic malaise or violence, but you have limited resources. One of your advisers tells you to invest in the refugees’ education; another says providing jobs is the key; yet another insists the most important thing is giving the youth opportunities to socialize with local kids. What do you do?
Well, you make your best guess and hope the policy you chose works out. But it might not. Even a policy that yielded great results in another place or time may fail miserably in your particular country under its present circumstances. If that happens, you might find yourself wishing you could hit a giant reset button and run the whole experiment over again, this time choosing a different policy. But of course, you can’t experiment like that, not with real people.
You can, however, experiment like that with virtual people. And that’s exactly what the Modeling Religion Project does.

One source of “Big Data.”
NASA helps businesses make use of its satellite data
NASA has made its raw satellite data widely available for a long while. Now that it has a privatization-minded leader, though, it's looking to make that data more palatable for the business crowd. The administration has released a Remote Sensing Toolkit that should make it easier to use observational satellite info for commercial purposes, including straightforward business uses as well as conservation and research. The move consolidates info that used to be scattered across "dozens" of websites, and helps you search that unified database for helpful knowledge – you don't have to go to one place for atmospheric studies and another to learn about forests.
The kit includes both some ready-to-use tools for making sense of satellite content as well as the code companies can use to craft their own tools.

For the Movie Club.
1,150 Free Movies Online: Great Classics, Indies, Noir, Westerns, etc.
Watch 1,150 movies free online. Includes classics, indies, film noir, documentaries and other films, created by some of our greatest actors, actresses and directors. The collection is divided into the following categories: Comedy & Drama; Film Noir, Horror & Hitchcock; Westerns (many with John Wayne); Martial Arts Movies; Silent Films; Documentaries, and Animation. We also have special collections of Oscar Winning Movies and Films by Andrei Tarkovsky and Charlie Chaplin.”

Sunday, July 22, 2018

With articles like these, it is easy to keep my students interested.
If you shopped at these 15 stores in the last year, your data might have been stolen

Never rely on the word of a vendor? Several flaws are detailed.
Between You, Me, and Google: Problems With Gmail's “Confidential Mode”
With Gmail’s new design rolled out to more and more users, many have had a chance to try out its new “Confidential Mode.” While many of its features sound promising, what “Confidential Mode” provides isn’t confidentiality. At best, the new mode might create expectations that it fails to meet around security and privacy in Gmail.
… With its new Confidential Mode, Google purports to allow you to restrict how the emails you send can be viewed and shared: the recipient of your Confidential Mode email will not be able to forward or print it. You can also set an “expiration date” at which time the email will be deleted from your recipient’s inbox, and even require a text message code as an added layer of security before the email can be viewed.
Unfortunately, each of these “security” features comes with serious security problems for users.
… It’s important to note at the outset that because Confidential Mode emails are not end-to-end encrypted, Google can see the contents of your messages and has the technical capability to store them indefinitely, regardless of any “expiration date” you set. In other words, Confidential Mode provides zero confidentiality with regard to Google.

Moving forensics into the cloud.
Netflix Cloud Security SIRT releases Diffy: A Differencing Engine for Digital Forensics in the Cloud
The Netflix Security Intelligence and Response Team (SIRT) announces the release of Diffy under an Apache 2.0 license. Diffy is a triage tool to help digital forensics and incident response (DFIR) teams quickly identify compromised hosts on which to focus their response, during a security incident on cloud architectures.
… It's called "Diffy" because it helps a human investigator to identify the differences between instances

Why I had my Software Architecture students design a mobile banking app.
Banks Freed From Branches Use Mobile Apps to Go After Customers
U.S. Bancorp this week was the latest to say it will build a nationally available checking-account product as lenders introduce mobile offerings that let consumers do their full banking without a branch. The move follows similar announcements by some of the country’s largest banks including JPMorgan Chase & Co., Citigroup Inc. and PNC Financial Services Group Inc.

The “fake news” concept seems to be catching on. Definitions seem to vary a bit.
Egypt targets social media with new law
Egypt’s parliament has passed a law giving the state powers to block social media accounts and penalize journalists held to be publishing fake news.
Under the law passed on Monday social media accounts and blogs with more than 5,000 followers on sites such as Twitter and Facebook will be treated as media outlets, which makes them subject to prosecution for publishing false news or incitement to break the law.

Perspective. Holy Mackerel! It’s not an error, it’s a message from God?
Why Is Google Translate Spitting Out Sinister Religious Prophecies?
Type the word “dog” into Google Translate 19 times, request that the nonsensical message be flipped from Maori into English, and out pops what appears to be a garbled religious prophecy.
“Doomsday Clock is three minutes at twelve,” it reads. “We are experiencing characters and a dramatic developments in the world, which indicate that we are increasingly approaching the end times and Jesus' return.”

I still don’t get it.

Saturday, July 21, 2018

Apparently a really boring day on the World Wide Web.

I wouldn’t give this a passing grade. Note that they address topics similar to those being debated by the US Congress.
Scott Ikeda reports:
On June 12th the Vietnamese National Assembly voted in a new cybersecurity law. The legislation did not come easily having gone through more than 12 drafts and much debate in government and the business sector. The claimed purposes of the legislation are to increase Vietnam’s Internet sovereignty, that is the data of Vietnamese people should remain within and under the control of Vietnam, and to improve the cybersecurity of the country by controlling what and how people communicate online.
The Law on Cybersecurity regulates all companies, both domestic and foreign with online activities used by customers in Vietnam.

Highlights of the new cybersecurity law

  1. Website owners, no matter what their type, must not allow people to post any material that might be considered ‘anti-state’, inciting opposition or offensive. Owners must have mechanisms for monitoring, verifying, and removing such content from their sites.
  2. Vietnamese or foreign businesses that offer service over the Internet or other telecom networks must:
    • authenticate user information when they register
    • keep that user information confidential
    • cooperate with the Vietnamese authorities and share user information during investigations or users breach cybersecurity law
Read more on CPO Magazine.
[From the article:
    • foreign service providers are required to set up representative offices or branches within Vietnam

Friday, July 20, 2018

Just so you know I’m not always about the doom and gloom. On occasion I like to point to people who get it right!
US clinical lab recovers within 50 minutes of getting hit by SamSam ransomware
LabCorp, a clinical lab based in Burlington, North Carolina, fell victim to a ransomware attack last week, in the latest in a long string of hacker attacks on the healthcare sector.
The healthcare testing & diagnostics company reportedly noticed suspicious activity on its information technology network during the weekend of July 14. According to CSO Online, the company made the attack public in an 8K filing with the Securities and Exchange Commission. It later released an advisory to all parties concerned, saying:
“The activity was subsequently determined to be a new variant of ransomware.
… This particular strain was also used recently to infect the Colorado Department of Transportation, as well as the City of Atlanta.
LabCorp estimated it was able to contain the attack within 50 minutes. The lab is currently at 90 percent capacity and expects to fully recover soon, suggesting it had some solid backups on hand as part of an internal anti-breach program.

Imaging how much more damage a deliberate attack could cause…
Belgian airspace closed over computer glitch
Belgium on Thursday closed its airspace following a computer glitch linked to problems downloading data related to flight plans, said Belgocontrol, the company tasked with controlling the country's skies.
… "The airspace was closed for security reasons, in what we refer to as a 'clear the sky' (procedure)," Belgocontrol's spokesman Alain Kniebs told AFP, describing the incident as "very exceptional."

I was just explaining to my students how fake news and shorting a stock could make hackers a lot of money. I don’t think this has anything to do with my highly detailed purely hypothetical lecture.
Fake CNN website claimed Elon Musk was leaving Tesla
Elon Musk has not announced plans to leave Tesla to start a digital currency company despite a false report circulating online.
The report, carried on a webpage made to look like the CNN Tech site, claims that Musk is leaving his job as CEO of the company so he can focus on "Bitcoin Profit," which is described as "a new company that he thinks will change the world." Links in the story for Bitcoin Profit redirect the user to advertisements or video streaming sites. A similar report made headlines in September and has circulated since then, sometimes with slightly different details.

An amazing statistic. I wonder if it’s true?
Hackers account for 90% of login attempts at online retailers
… Online retailers are hit the most by these attacks, according to a report by cyber security firm Shape Security. Hackers use programs to apply stolen data in a flood of login attempts, called “credential stuffing.” These days, more than 90% of e-commerce sites’ global login traffic comes from these attacks. The airline and consumer banking industries are also under siege, with about 60% of login attempts coming from criminals.

Ignore the fact that it looks like a giant conspiracy.
States slow to prepare for hacking threats
Most states aren’t planning to use federal funds to make major election upgrades before November.
U.S. intelligence officials and security experts have spent years urging states to shore up their elections’ digital defenses, and the latest indictments from special counsel Robert Mueller drew fresh attention to Russia’s cyberattacks on the 2016 presidential election.
But less than four months before the midterm elections that will shape the rest of Donald Trump’s presidency, most states’ election offices have failed to fix their most glaring security weaknesses, according to a POLITICO survey of all 50 states.
And few states are planning steps that would improve their safeguards before November, even after they receive their shares of the $380 million in election security funding that Congress approved in March.
Only 13 states said they intend to use the federal dollars to buy new voting machines. At least 22 said they have no plans to replace their machines before the election — including all five states that rely solely on paperless electronic voting devices, which cybersecurity experts consider a top vulnerability.
In addition, almost no states conduct robust, statistic-based post-election audits to look for evidence of tampering after the fact.

(Related) No doubt they’ll ignore this too.
Cloudflare launches free protection for election websites
Cloudflare has launched a new initiative, called the Athenian Project, to protect electoral websites from online attacks.
The service is available free of charge to state and local governments, and offers Cloudflare’s enterprise-level security and reliability services.

(Related) I wonder if even this will work.
DOJ Cybersecurity Task Force Outlines Plans for Protecting Elections
The U.S. Justice Department’s Cyber-Digital Task Force made public its first report on Thursday, covering the threat to elections, cybercrime schemes, and various other topics.
The first chapter of the 156-page report focuses on what the Attorney General describes as “one of the most pressing cyber-enabled threats” confronting the U.S., specifically “malign foreign influence operations” and their impact on elections and other democratic institutions.
The types of threats described in the report include operations targeting voting machines, voter registration databases and other election infrastructure; operations targeting political entities; and covert influence operations whose goal is to harm political organizations and public officials.
The complete report is available from the DOJ in PDF format.

Oh yeah, them guys again.
A Cyber Axis of Evil is Rewriting the Cyber Kill Chain
The cyber kill chain employed by advanced adversaries is changing. Defenders need to evolve their defensive strategies to meet the new challenge; and they need to develop silent hunting skills.
A new study from Carbon Black queried 37 incident response firms that use its threat hunting tool to gain insight into what is happening after an attacker has breached the network.
Key statistics from the report picked out by Kellerman include the predominance of Russia and China as adversaries. Eighty-one percent of respondents highlighted Russia, and 76% highlighted China. Thirty-five percent say that the end goal is espionage.
… "This evolution coincides with mounting geopolitical tensions," suggests the report. "Nation-states such as Russia, China, Iran and North Korea are actively operationalizing and supporting technologically advanced cyber militias."

Great management and great technology and still the unexpected can happen.
Internal documents show how Amazon scrambled to fix Prime Day glitches
Amazon failed to secure enough servers to handle the traffic surge on Prime Day, causing it to launch a scaled-down backup front page and temporarily kill off all international traffic, according to internal Amazon documents obtained by CNBC.
And that took place within 15 minutes of the start of Prime Day — one of Amazon's biggest sales days every year.
The e-commerce giant also had to add servers manually to meet the traffic demand, indicating its auto-scaling feature may have failed to work properly leading up to the crash, according to external experts who reviewed the documents. “Currently out of capacity for scaling,” one of the updates said about the status of Amazon’s servers, roughly an hour after Prime Day’s launch. “Looking at scavenging hardware.”
A breakdown in an internal system called Sable, which Amazon uses to provide computation and storage services to its retail and digital businesses, caused a series of glitches across other services that depend on it, including Prime, authentication and video playback, the documents show.
Other teams, including Alexa, Prime Now and Twitch, also reported problems, while some warehouses said they weren’t even able to scan products or pack orders for a period of time.

Perspective. Apparently not even the NYT has the answers.
What Stays on Facebook and What Goes? The Social Network Cannot Answer
… it’s been two years since an American presidential campaign in which the company was a primary vector for misinformation and state-sponsored political interference — and Facebook still seems paralyzed over how to respond.
… Presented with straightforward queries about real-world harm caused by misinformation on their service, Facebook’s executives express their pain, ask for patience, proclaim their unwavering commitment to political neutrality and insist they are as surprised as anyone that they are even in the position of having to come up with speech rules for billions of people.
… So to recap: Facebook is deeply committed to free expression and will allow people to post just about anything, including even denying the Holocaust. Unless, that is, if a Holocaust denial constitutes hate speech, in which case the company may take it down. But if a post contains a factual inaccuracy, it would not be removed, but it may be shown to very few people, reducing its impact.
On the other hand, if the misinformation has been determined to be inciting imminent violence, Facebook will remove it — even if it’s not hate speech. On the other other hand, if a site lies repeatedly, spouts conspiracy theories or even incites violence, it can maintain a presence on the site, because ultimately, there’s no falsehood that will get you kicked off Facebook.
All of this fails a basic test: It’s not even coherent. It is a hodgepodge of declarations and exceptions and exceptions to the exceptions.

Simple is too often ignored. This actually looks useful.
Amazon's new Part Finder scans your nuts and bolts to find odd parts
A new Amazon feature first spotted by TechCrunch helps anyone with an iPhone find odd parts that might otherwise involve a trip to the hardware store.
Called “Part Finder,” Amazon‘s new tool is one of the more useful computer vision tools to date. It takes advantage of the iPhone‘s excellent optics to scan, measure, and identify all types of fasteners or other pieces of small hardware. Once found, the app asks for some additional information — screw type, head style, and drive type: Phillips, flathead, etc. — before leading you to the appropriate product on Amazon
To get to the tool, just click the camera from the home screen.
From there it’ll take you to the scanner tool, the same instrument you’d use for scanning barcodes to reorder laundry detergent, for example. Once there, click the bottom of the screen where it says “See more” and the Part Finder tool is hiding in that menu.

For my geeks.
Top 10 Free Books And Resources For Learning TensorFlow
TensorFlow, the open source software library developed by the Google Brain team, is a framework for building deep learning neural networks. It is also considered one of the best ways to build deep learning models by machine learning practitioners across the globe. In deep learning models, which rely on a lot of data and computing resources, TensorFlow is used significantly.
While there are many tutorials, books, projects, videos, white papers, and other resources available, we bring you these 10 free resources to get started with TensorFlow and get your concepts clear.

We need a signing App…
Starbucks first ever U.S. "Signing Store" will allow customers to order in sign language
Starbucks announced Thursday that they will open its first American "Signing Store," in Washington D.C. this fall, which will be designed with the deaf community in mind. The cafe plans to hire 20-25 employees, from across the United States, who will be proficient in American Sign Language (ASL), meaning deaf individuals will be able to step up to the counter knowing they can communicate easily and effectively.

For some reason, not many of my students have Kindles.
How to Check Out and Read Library Ebooks on Your Phone or Tablet
If your library offers ebooks, one of the easiest ways to search for and check out ebooks is through Overdrive, the leading digital reading platform for libraries and schools worldwide.
But you’re probably not thinking about reading those ebooks on your computer are you? Enter Libby, a mobile app (Android, iOS, Microsoft) meant precisely for reading library ebooks, particularly if you don’t have a Kindle.

Thursday, July 19, 2018

Because when people fail to secure their data, “breaching” that data is really really simple. I can see it as a Audit tool. I’ll ask my students to debate the ethics.
New tool helps you find 48,000+ open Amazon S3 buckets
The Daily Swig: “Hundreds of thousands of potentially sensitive files are publically available through open Amazon buckets, a new online tool can reveal. The free tool, created by software engineer GrayhatWarfare, is a searchable database where a current list of 48,623 open S3 buckets can be found. Amazon’s S3 cloud storage, or Simple Storage Service, is used by the private and public sector alike as a popular way to cache content. Files are allocated buckets, which are secured and private by default, but can easily be set for public access. While it is perfectly acceptable to set S3 buckets as available for all to read, numerous data breaches have been the result of an administrator’s misconfiguration. In March of this year, for example, an unsecured bucket at a US-based jewelry company resulted in the exposure of the personal details of over 1.3 million people, including addresses, emails, and IP identifiers. Bob Diachenko of Kromtech Security was the first to report the incident, and has helped create a tool aimed at detecting bucket permissions, similar to the one created by GrayhatWarefare.
“On the one hand, it [GrayhatWarfare’s tool] follows the same path as Shodan does,” Diachenko told The Daily Swig. “It gives researchers and the general audience a possibility to check if their infrastructure is safe. At the same time, it opens doors for ‘passwords-seekers’ and people with malicious intents to leverage upon data found in this ‘Semsem’ cave…”

(Related) We have access to many tools that are so easy to use we don’t bother to learn how to use them securely.
Thousands of US voters' data exposed by robocall firm
… A Virginia-based political campaign and robocalling company, which claims it can "reach thousands of voters instantly," left a huge batch of files containing hundreds of thousands of voter records on a public and exposed Amazon S3 bucket that anyone could access without a password.

One way to secure the November election?
Suing South Carolina Because Its Election Machines Are Insecure
A group called Protect Democracy is suing South Carolina because its insecure voting machines are effectively denying people the right to vote.
Note: I am an advisor to Protect Democracy on its work related to election cybersecurity, and submitted a declaration in litigation it filed, challenging President Trump's now-defunct "election integrity" commission.
[From the ‘effectively’ link:
South Carolina's thousands of digital voting machines are antiquated, break down, leave no paper trail of votes that can be audited, and have "deep security flaws" that make them vulnerable to hacking by Russians and others, the 45-page lawsuit alleges.

Security standards can become obsolete. Back in the mainframe days, “Close the door” was a universal standard.
NIST to Withdraw 11 Outdated Cybersecurity Publications
The U.S. National Institute of Standards and Technology (NIST) announced on Tuesday that its Computer Security Division has decided to withdraw eleven outdated SP 800 publications.
NIST’s website currently lists over 180 SP 800 publications, including drafts and final versions. Eleven of them, which are now considered out of date, will be withdrawn on August 1, 2018, and will not be revised or superseded.
The documents will still be available for historical reference, but their status will be changed from “final” to “withdrawn.”

Perspective. And here I thought Congress had to confirm Kavanaugh…
The Biggest Spender of Political Ads on Facebook? President Trump
President Trump’s operation has run dozens of ads on Facebook recently that seek to rally support to confirm Judge Brett M. Kavanaugh to the vacant spot on the Supreme Court.
… Facebook in May began an archive of political ads, which is a publicly searchable database that catalogs the ads and identifies which groups or individuals paid for them. Facebook hopes the database will include any ad that has political content and that was aimed at Americans. The researchers conducted their study by scraping all of that raw data.
Their work provides one of the most comprehensive pictures so far of who is placing political ads on the world’s biggest social network and how much they are spending ahead of the midterm elections in November. Reaching voters through social media has become one of the most effective ways to get a message out, but up until now, the transparency around the practice has been limited.

Perspective. Who’s afraid of the big bad Bezos?
The False Tale of Amazon's Industry-Conquering Juggernaut
Amazon is one of the largest and most formidable companies in the world. It’s run with brutal efficiency, a keen focus on keeping its customers happy, and a deep thirst for innovation. Its $50 billion of revenue per quarter makes the company worth more than $850 billion, which is enough to buy Walmart three times over and still have more than $100 billion in change. (It’s also enough to make founder Jeff Bezos the richest man in modern history.) There’s no industry that Amazon feels incapable of taking on — not even the Google and Facebook fief of advertising, where Amazon is already bringing in some $2 billion in revenues every quarter.
Still, it’s really nothing to be scared of.
… It’s a testament to the cultural salience of the publishing industry that the books precedent looms so large in the mind of the public and stock traders, because today, 24 years after Amazon was founded, the company has failed to achieve similar market power in any other sector. Quite the opposite, in fact. By opening up its platform to third-party sellers, Amazon has ensured that it will nearly always face competition, even on its own website. And as Amazon has become one of the most valuable companies in the world, it has taken increasing pains to avoid doing anything that antitrust authorities might disapprove of. Amazon’s book monopsony is valuable, but it also comes at significant reputational cost; it’s not at all clear that building a similar monopsony in some other market would be a net positive for the company.
Not that it’s threatening to do so. When Amazon bought Whole Foods, it gained no particular control over the food industry: it merely went from having 0.2 percent of the groceries market to having 1.4 percent. When it bought PillPack, for all that it wiped $11 billion off the market capitalization of the likes of CVS and Walgreens, it still acquired a company that only has $100 million in revenue. (Walgreens, by contrast, has over $100 billion.) However Amazon intends to compete in such markets, it’s not going to do so by being the dominant player.

No more “double secret probation!”
Court Vacates Injunction Against Publishing the Law
EFF – Win for Public Right to Know: Court Vacates Injunction Against Publishing the Law – Industry Groups Want to Control Access to Legal Rules and Regulation: “San Francisco – A federal appeals court today ruled that industry groups cannot control publication of binding laws and standards. This decision protects the work of (PRO), a nonprofit organization that works to improve access to government documents. PRO is represented by the Electronic Frontier Foundation (EFF), the law firm of Fenwick & West, and attorney David Halperin. Six large industry groups that work on building and product safety, energy efficiency, and educational testing filed suit against PRO in 2013. These groups publish thousands of standards that are developed by industry and government employees. Some of those standards are incorporated into federal and state regulations, becoming binding law. As part of helping the public access the law, PRO posts those binding standards on its website. The industry groups, known as standards development organizations, accused PRO of copyright and trademark infringement for posting those standards online. In effect, they claimed the right to decide who can copy, share, and speak the law. The federal district court for the District of Columbia ruled in favor of the standards organizations in 2017, and ordered PRO not to post the standards…”

For my friends who live/camp/fish in the mountains.
This Twitterbot keeps you up-to-date on fires burning near you
FastCompany: “As fire seasons in the U.S. gets hotter and drier, a new Twitterbot will show you if a wildfire is burning near your house, where the fire is headed, and if a plume of smoke is traveling in your direction by posting an updated time-lapse video and infrared images every six hours. The tool, called @WildfireSignal, went live on Twitter on July 18. Scientists and programmers at Descartes Labs, a startup that processes images from satellites, designed the tool to pull a list of active fires from a government database, then clean up near-real-time images from the GOES-16 satellite at each fire’s location. Using the massive amount of data generated by the satellite, it automatically builds a time-lapse video of each fire and embeds it in a tweet with a hashtag of the fire’s name…”

For my geeks.

For my students. It seems to work!
Formatically Offers a New Instant Citation Tool
Formatically is a service that was designed by college students to help other students create properly formatted works cited pages. Last year I published a tutorial about how to use it. This week Formatically introduced a new instant citation tool. The instant citation tool can be used by anyone to format an APA, MLA, Chicago, or Harvard citation for a book or web page.
To use Formatically's instant citation tool just paste the URL of the page that you want to cite into the instant citation tool. Once pasted into the tool you can choose the format that you want to use for your citation. If there is an error in the citation, you can correct it by clicking the edit icon at the end of the written citation. The system works the same way for books except that rather than entering a web page URL you enter a book title. Watch the video embedded below to learn more about Formatically's instant citation tool.

Wednesday, July 18, 2018

Who would you like to win and by how much? Perhaps now some election districts will ask for independent verification? (Probably not)
Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States
The nation's top voting machine maker has admitted in a letter to a federal lawmaker that the company installed remote-access software on election-management systems it sold over a period of six years, raising questions about the security of those systems and the integrity of elections that were conducted with them.
In a letter sent to Sen. Ron Wyden (D-OR) in April and obtained recently by Motherboard, Election Systems and Software acknowledged that it had "provided pcAnywhere remote connection software … to a small number of customers between 2000 and 2006," which was installed on the election-management system ES&S sold them.
The statement contradicts what the company told me and fact checkers for a story I wrote for the New York Times in February. At that time, a spokesperson said ES&S had never installed pcAnywhere on any election system it sold.

A parallel guide for Computer Security students. (Only 232 pages, about 20% of your textbook)
Updating Government Auditing Standards – The 2018 Yellow Book
GAO WatchBlog: “Today we issued a new revision of the Generally Accepted Government Auditing Standards, also known as the “Yellow Book,” which supersedes the 2011 revision of the standards. What kind of training and experience make a competent auditor? How is audit quality control to be maintained? How can an auditor tell if he or she has come across material waste and abuse? The Yellow Book has answers to these questions. Government auditors are required to objectively evaluate government operations, gather sufficient, appropriate evidence, and report the result. To do this, auditors rely on these standards to provide a framework for conducting high-quality audits with competence, integrity, objectivity, and independence…”

I wonder what insurance will cost now in the EU GDPR, big fine era?
Google fined a record $5B for breaking EU antitrust laws
It’s been confirmed: the EU has fined Google a record €4.34 billion ($5 billion). This is in response to the technology giant’s mobile operating software, Android, breaking European antitrust laws.
Announced at 1pm in Brussels by the EU’s Competition Commissioner Margrethe Vestager, she declared that Google must “put an effective end to this conduct in 90 days” or face penalties.

I would imaging some costs will go down as the insurance companies see healthy lifestyles. More granular than simple actuarial tables, but has to average out the same.
Health Insurers Increasing Data Collection on Patients and Rates are Rising
Joint reporting – ProPublica and NPR: “Without any public scrutiny, insurers and data brokers are predicting your health costs based on data about things like race, marital status, how much TV you watch, whether you pay your bills on time or even buy plus-size clothing… With little public scrutiny, the health insurance industry has joined forces with data brokers to vacuum up personal details about hundreds of millions of Americans, including, odds are, many readers of this story. The companies are tracking your race, education level, TV habits, marital status, net worth. They’re collecting what you post on social media, whether you’re behind on your bills, what you order online. Then they feed this information into complicated computer algorithms that spit out predictions about how much your health care could cost them…”

Perspective. I was taught to play to my strengths. Just saying…
Walmart is reportedly building a video streaming service to take on Netflix
The Information reports that retail giant Walmart is thinking about getting into the streaming video business with a new platform – and edge out the likes of Netflix and Amazon Prime Video with cheaper subscriptions.
The company is said to be considering offering plans at under $8 a month, along with an ad-supported free tier. That’d come in at less than Netflix’s cheapest plan in the US ($8 a month) and Amazon Prime Video ($8.99 a month).
That’s all well and good, but it’s worth noting that Walmart already has a video streaming service: Vudu. It acquired the platform back in March 2010, but hasn’t really been able to capitalize on its investment in the past eight years. In March, Bloomberg cited comScore research that saw Vudu users spending less than two hours a month on the platform, while folks spent about 25 hours a month on Netflix.
There’s also the question of catching up to the heavy hitters. Both Netflix and Amazon are busy expanding worldwide and spending billions of dollars producing original content (Netflix intends to burn through $8 billion in 2018 alone). Meanwhile, Facebook and Apple are dipping their toes into the water too – and both have tremendous clout with their users.

(Related) You can see why everyone wants to get into this market.
I’ve been following Netflix since 2005, when I first visited its headquarters in Silicon Valley and interviewed Reed Hastings, its founder and CEO. I don’t think I’ve learned more about strategy, technology, and culture from any other company I’ve studied. It’s a stretch to claim that everything I know about business I learned from watching Netflix, but there’s no doubt that many leaders can see glimpses of the future of competition and innovation by looking at how the company does business.
Despite this week’s news that the company had added fewer new subscribers than expected, if there were an Academy Awards show for business performance, Netflix would still sweep this year’s categories — the corporate equivalent of “Titanic” or “Lord of the Rings.” Wealth creation? The company, which is barely 20 years old, has a stock-market value of nearly $165 billion, more than Disney. Cultural sway? Netflix recently got 112 Emmy nominations, the most of any network or streaming service, toppling HBO, which had received the most nominations for 17 years. Management cred? Its reputation is so strong that a simple PowerPoint slideshow about its culture and HR policies has been viewed more than 18 million times.
Here are three lessons from the rise of Netflix that apply to every company:
Big data is powerful, but big data plus big ideas is transformational.
If you aim to disrupt an industry, you must be willing to disrupt yourself.
Strategy is culture, culture is strategy.

We’re going to be hip deep in lawyer-robots!
AI To Create More Legal Jobs Than Losses’ – Landmark PwC Report
Artificial Lawyer: “AI will create more jobs than it displaces by boosting economic growth, and in particular more legal jobs will be created than lost in the long run, says a major report by Big Four firm, PwC. The study was focused on the UK, which is a useful standard model to compare to other large, highly developed economies. The key finding was that over the next 20 years AI and automation will radically impact the economy ‘displacing’ 7 million roles nationally, but also creating 7.2 million new roles, i.e. a net boost to employment. The main area of losses will be manufacturing, which will see a quarter of jobs disappear in the next 20 years. But, for lawyers it’s an interesting picture (see table below for full details of different employment types). Artificial Lawyer spoke to PwC about the results and they stated that lawyers would be classed in the ‘Professional, scientific and technical’ segment of the economy. Though an amalgamated group, PwC therefore suggests that some legal roles will see a 33% increase, while other types of role decline by 18%, giving a net increase of 16% (when figures are rounded). The AI data, which is contained in the new edition of PwC’s regular UK Economic Outlook, does not get into granular reasons for why or how AI will change the legal jobs outlook. But here are some thoughts from Artificial Lawyer…”

Things my students will need to study. (10 minute Video)
Whiteboard Session: Why Every Organization Needs an AR Strategy
Michael Porter and Jim Heppelman explain how augmented reality will change how we work. For more, read "A Manager's Guide to Augmented Reality."

Perspective. Looks like it needs a bot of work…
Hearing – Facebook, Google and Twitter: Examining the Content Filtering Practice
“House Judiciary Committee Chairman Bob Goodlatte (R-Va.) today delivered the following statement during the House Judiciary Committee’s hearing on “Facebook, Google, and Twitter: Examining the Content Filtering Practices of Social Media Giants.” …Today, we continue to examine how social media companies filter content on their platforms. At our last hearing, which we held April, this Committee heard from Members of Congress, social media personalities, legal experts, and a representative of the news media industry to better understand the concerns surrounding content filtering. Despite our invitations, Facebook, Google, and Twitter declined to send witnesses. Today, we finally have them here. Since our last hearing, we’ve seen numerous efforts by these companies to improve transparency. Conversely, we’ve also seen numerous stories in the news of content that’s still being unfairly restricted. Just before July Fourth, for example, Facebook automatically blocked a post from a Texas newspaper that it claimed contained hate speech. Facebook then asked the paper to “review the contents of its page and remove anything that does not comply with Facebook’s policies.” The text at issue was the Declaration of Independence…”
Witness Statements:

Twitter says it doesn’t ‘have the bandwidth’ to fix verification right now
Twitter doesn’t presently “have the bandwidth” to overhaul its verification system, the company’s new head of product announced today. This comes despite Twitter’s continued acknowledgement that it must bring transparency and a clear process to verification and the blue checkmark, which has been stamped on accounts belonging to an erratic mix of world leaders, celebrities, athletes, business executives, journalists, and also alt-right nationalists. The company maintains that verification is fundamentally intended to confirm an account’s authenticity — not signal any sort of endorsement.
… But this afternoon, product lead Kayvon Beykpour said that his team is pausing work on retooling verification and the task “isn’t a top priority for us right now.” Instead, Twitter’s “health” team is focused on election integrity and combatting disinformation ahead of the coming US midterm elections this November and political contests elsewhere.

Tuesday, July 17, 2018

Hacking the self-driving world. (Clear military application!)
Researchers Stealthily Manipulate Road Navigation Systems
A team of researchers from Virginia Tech, the University of Electronic Science and Technology of China, and Microsoft Research has discovered a new and stealthy GPS spoofing method that has been proven to be highly effective against road navigation systems.
GPS spoofing has been around for many years. This attack method can in theory be used to trick drivers into going to an arbitrary location, but in practice the instructions provided by the targeted navigation system often contradict the physical road (e.g. make a left turn on a highway), making it less likely to work in a real-world scenario.
Researchers now claim to have discovered a more efficient method that is less likely to raise suspicion. Using this technique an attacker could trick the victim into following an incorrect route (e.g. cause ambulances and police cars to enter a loop route), deviate a targeted vehicle to a specific location, or cause the target to enter a dangerous situation (e.g. enter a highway the wrong way).
For the attack to work, the attacker needs to know the target’s approximate destination and the most likely victim of this technique would be an individual who is not familiar with the area.

Timely course. Not free, but there is a free trial.
New Pluralsight Course: The State of GDPR - Common Questions and Misperceptions
… We wanted to produce this course now – after GDPR was in action – so that we could have a narrative on what we're learning since it's come into effect. There's a million resources telling everyone all the things they should and should not do (and a good whack of those disagreeing with each other too), this course is a fresh take on things and is far more focused on what's actually happening than it is speculating how the regs will be enforced.

The future for all those transportation services?
How Helsinki Arrived at the Future of Urban Travel First
Harri Nieminen decided it was time to replace his car with an app.
He had owned a car in Helsinki for the past nine years but recently found he’d lost the patience for parking on crowded city-center streets, especially in snowy months. His almost-new Opel Astra had been sitting mostly idle, so he decided to get rid of it. This lifestyle shift came about with the help of an app offering unlimited rides on public transit, access to city bikes, cheap short-distance taxis and rental cars—all for one monthly fee.
… The concept that reshaped Nieminen’s transportation life has an unwieldy name in the industry: mobility as a service, or MaaS. It may become the biggest revolution in personal travel since Ford Motor Co.’s Model T popularized private ownership of motor vehicles a century ago.
The elements of mobility-as-a-service products are already familiar digital services—trip planning, ride hailing, car sharing—alongside the seamless booking, ticketing and payment common to every kind of mobile app. Instead of using one app for rides and local government apps for public transport, Whim offers a single app with a single fee. Users get to pick the most efficient way to get between any two places.
The aim is to eventually make personal cars obsolete by offering people a superior experience. “Your mobile operator can get you all your calls and all the mobile data you need,” said Sampo Hietanen, chief executive officer of MaaS Global Oy, the company behind Whim. “We’re trying to solve the big question in transportation: What do we need to offer to compete with car ownership?”
The cost of cars accounts for as much as 85 percent of personal transportation spending, according to Hietanen, even though the average car is used only 4 percent of the time. That implies a great potential for more efficient allocation: fewer cars shared by a larger group of part-time users.

The roots of privacy are rather tangled. An interesting read.
What Roe v. Wade Means for Internet Privacy
Roe v. Wade left Americans with the idea that privacy is something we can expect as citizens. But does the SCOTUS consider privacy a constitutional right?

Trying to legitimize Bitcoins or at least make it understandable?
IBM Is Helping Launch a Price-Stable Cryptocurrency Insured By the FDIC
The latest attempt to create a cryptocurrency pegged to the U.S. dollar, or "stablecoin," combines 21st-century technology with an invention from the Great Depression.
Announced Tuesday, a startup called Stronghold is launching USD Anchor, which will run on the rails of the Stellar blockchain and use its consensus mechanism to verify transactions. The token will be backed one-for-one with U.S. dollars held at a Nevada-charted trust company called Prime Trust, which in turn will deposit the cash at banks insured by the Federal Deposit Insurance Corp.
IBM is partnering on the initiative with Stronghold, and said it will explore various use cases for the token with its financial institution clients.

Why Bank of America branches are disappearing
Bank of America (BAC) announced on Monday that deposits made on mobile devices like smartphones and tablets are outpacing those made at branches for the first time.
Customers logged into Bank of America's mobile app 1.4 billion times last quarter.
… Bank of America's vast network of branches fell to 4,411 at the end of June, compared with 4,542 a year ago. The company has 1,720 fewer branches than it did in June 2008. That's a 28% drop.

Something for my students to play with? Can we do it right?
FBI Wish List: An App That Can Recognize the Meaning of Your Tattoos
EFF: “We’ve long known that the FBI is heavily invested in developing face recognition technology as a key component in its criminal investigations. But new records, obtained by EFF through a Freedom of Information Act (FOIA) lawsuit, show that’s not the only biometric marker the agency has its eyes on. The FBI’s wish list also includes image recognition technology and mobile devices to attempt to use tattoos to map out people’s relationships and identify their beliefs. EFF began looking at tattoo recognition technology in 2015, after discovering that the National Institute for Standards & Technology (NIST), in collaboration with the FBI, was promoting experiments using tattoo images gathered involuntarily from prison inmates and arrestees. The agencies had provided a dataset of thousands of prisoner tattoos to some 19 outside groups, including companies and academic institutions, that are developing image recognition and biometric technology. Government officials instructed the groups to demonstrate how the technology could be used to identify people by their tattoos and match tattoos with similar imagery. Our investigation found that NIST was targeting people who shared common beliefs, with a heavy emphasis on religious imagery. NIST researchers, we discovered, had also bypassed basic oversight measures. Despite rigid requirements designed to protect prisoners who might be used as subjects in government research, the researchers failed to seek sign-off from the in-house watchdog before embarking on the project…”

I might use this when my handouts reach critical mass. Hardcover, paperback or ebook…