Saturday, June 09, 2012


So who are the new (cyber)War mongers? I can see my next class: Making e-nukes for fun and profit.
"Scott Kemp writes about the similarities between the nuclear arms race and the use of cyberweaponry for offensive purposes. As the article points out, offensive cyberwarfare leaves a nation's own citizenry vulnerable to attack as government agencies seek to keep weaknesses in operating systems (such as Windows) secret. Quoting: 'In the world of armaments, cyber weapons may require the fewest national resources to build. That is not to say that highly developed nations are not without their advantages during early stages. Countries like Israel and the United States may have more money and more talented hackers. Their software engineers may be more skilled and exhibit more creativity and critical thinking owing to better training and education. However, each new cyberattack becomes a template for other nations — or sub-national actors — looking for ideas.'"


I'm thinking this could be the basis for a fun Quiz for my Computer Security students...
"A common joke in infosec is that you can't hack a server that is turned off. You better make sure that the power cord is unplugged, too. Otherwise, you may be exposed via IPMI, a component present on many servers for remote management that can be used to flash firmware, get a remote console and power cycle the server even after the normal power button has been pressed to turn the server off."
[From the article:
  • IPMI is active once the server is connected to power. It does not depend on the server to be actually "switched on".
  • IPMI is implemented as a specific circuit on the motherboard. Sometimes, you may find it on an optional plugin board. But it does not require CPU, RAM or other components


Reducing “what you could see if you were there” to “what you can see online.” The difference doesn't seem to be a workable definition of privacy...
Swiss Court Orders Modifications to Google Street View
Switzerland’s highest court on Friday upheld Google’s basic right to document residential street fronts with its Street View technology, but imposed some limitations on the kinds of images the company can take.
… The Swiss ruling did not involve the collection of private Internet data but focused on the conditions for Street View cars to photograph the country’s streets.
… In its ruling Friday, the Swiss Federal Supreme Court, the Bundesgericht, said Google did not have to guarantee 100 percent blurring of the faces of pedestrians, auto license plates and other identifying markers captured by Google’s Street View cars; 99 percent would be acceptable. The company, based in Mountain View, Calif., says its technology blurs faces and license plates in 99 percent of cases.
While the Swiss court sided with Google on the adequacy of its digital pixilation methods, the panel upheld several conditions demanded by the national regulator. Those conditions would require Google to lower the height of its Street View cameras so they would not peer over garden walls and hedges, to completely blur out sensitive facilities like women’s shelters, prisons, retirement homes and schools, and to advise communities in advance of scheduled tapings.


Be careful who you ask for what you ask for...
"Seventh Circuit Court of Appeals Judge Richard Posner, voluntarily sitting as a district court judge, in the patent infringement dispute between Apple and Motorola has, tentatively, dismissed the case on the eve of trial. In this hilariously short order, Judge Posner states, 'I have tentatively decided that the case should be dismissed with prejudice because neither party can establish a right to relief.' Because it is 'with prejudice' the parties cannot refile their case. The parties are likely to appeal the order (when it's finalized)."


Because the speed of light is a drag...
Google and Netflix Make Land Grab On Edge Of Internet
Behind the scenes, there’s a big change happening on internet. It’s something that’s mostly hidden from web surfers, but it’s becoming critical to big internet companies such as Google and Netflix.
They’re moving servers — usually free of charge — next to the service providers’ networking gear so that people trying to watch a popular YouTube video don’t have to send traffic across the network to servers back to the website’s data center. It can save companies like Google and Comcast lots of money, and it speeds things up for consumers.
According to Craig Labovitz, founder of network analysis company Deepfield Networks, it’s also changing the way that internet companies work. “The business they’re in isn’t delivering bits anymore. It’s delivering content,” he says. And while not everyone agrees, Labovitz says there’s a bit of a land rush going on as more companies move to get their content closer to consumers.
… Many of these deals are secret, but Deepfield Networks knows of about 40 companies that are setting up their own content delivery networks with service providers, according to Craig Labovitz.
… Of course, five years ago, did anyone really think that Netflix would be responsible for 20 percent of U.S. Internet traffic? Back then, they were just the guys who mailed you CDs.


Perspective
A Golden Age of Books? There Were Only 500 Real Bookstores in 1931
… Of these five hundred, most were refined, old-fashioned 'carriage trade' stores catering to an elite clientele in the nation's twelve largest cities."
… It's my contention -- and I've made this point in other ways -- that when people look at the sprawling mess of Internet publishing and decide that the quality of writing has declined, they are comparing apples to oranges.
They're taking the most elite offerings that could be imagined, which were based on the tastes of the most educated people in 12 cities, and comparing them to the now-visible reading habits of everyone on the Internet. That's just not a good way to draw smart conclusions about the relationship between technology and culture.


Take that, you young whipper-snappers!
Online Seniors: Tech-Savvier Than You Think
It’s not often that we come across startups that focus on seniors, but according to a new report by analyst firm Forrester Research, seniors ages 65 and up are probably more connected and tech-savvy than you think. Forrester found that about 60% of U.S. seniors are online. That’s about 20 million people and while this obviously means that 40% don’t care much about the Internet, those 60% who are online are tech-savvy and happily use technology to connect to their friends and family.


This explains a lot...
"The Atlantic has an article discussing how 18- to 35-year-old males are losing their place as the most important demographic for tech adoption. 'Let me break out the categories where women are leading tech adoption: internet usage, mobile phone voice usage, mobile phone location-based services, text messaging, Skype, every social networking site aside from LinkedIn, all Internet-enabled devices, e-readers, health-care devices, and GPS. Also, because women still are the primary caretakers of children in many places, guess who controls which gadgets the young male and female members of the family get to purchase or even use?' The article points out that most of the tech industry hasn't figured this out yet — perhaps in part to a dearth of women running these companies."

Friday, June 08, 2012


Makes for an interesting Strategy discussion in the Ethical Hacking class. One obvious reason would be that they “own” many computers that we don't yet know about.
Flame authors order infected computers to remove all traces of the malware
The creators of the Flame cyber-espionage threat ordered infected computers still under their control to download and execute a component designed to remove all traces of the malware and prevent forensic analysis, security researchers from Symantec said on Wednesday.
Flame has a built-in feature called SUICIDE that can be used to uninstall the malware from infected computers. However, late last week, Flame's creators decided to distribute a different self-removal module to infected computers that connected to servers still under their control, Symantec's security response team said in a blog post. [Again obvious. If you wanted to study Flame, you would remove the “self-destruct” option. Bob]


Ubiquitous Surveillance. Something for Mom, Dad, and the neighborhood stalker... (and apparently there is a market)
ZenTracker is an application that is compatible with major smartphones. It allows parents to keep a watch on their children’s location through their phone. By defining places on the map, you can also get alerts and notifications by text, e-mail or Twitter messages as your child leaves or enters that defined place.
There are two pricing plans for ZenTracker. The Lite plan is free and supports only up to two mobile devices with no e-mail, SMS or Twitter alerts. However, the Premium package supports up to six mobile devices, with every alert and up to five days of Location history.


God help all mystery writers... If “could they” becomes “they must” who assumes liability for failures?
Could Cops Use Google To Prevent Murder?
At around 3:45 a.m. on March 24, someone in Fort Lauderdale, Fla., used a mobile phone to Google “chemicals to passout a person.” Then the person searched Ask.com for “making people faint.” Then Google again, for “ways to kill people in their sleep,” “how to suffocate someone,” and “how to poison someone.”
The phone belonged to 23-year-old Nicole Okrzesik. Later that morning, police allege, she and her boyfriend strangled 19-year-old Juliana Mensch as she slept on the floor of their apartment. The Google searches, along with incriminating text messages between Okrzesik and her boyfriend, came to light as authorities investigated Mensch’s death. But what if they could have been alerted to the suspicious-sounding searches immediately? Could they have rushed to the apartment and saved the girl’s life?


This was inevitable... I can see a market for video streamed directly to your lawyer's office.
ACLU Phone App Lets You Shoot the Cops
The New York chapter of the American Civil Liberties Union has released an Android application allowing mobile-phone users to easily capture police patdowns on video, which is then automatically uploaded to the rights group’s servers.
The “Stop & Frisk Watch” application, which is soon coming to the iPhone, is in response to the New York Police Department having stopped, frisked and interrogated people at least 685,724 times last year alone. About 87 percent of those stopped were black or Latino, and 90 percent of those stopped were neither ticketed nor arrested.
The app is programmed to work only in New York City


No problem. We just change that to a “definite 99 years.”
Court Halts Law Allowing Indefinite Detention of Americans
A federal judge is blocking legislation authorizing the government to indefinitely detain without trial an “individual who was part of or substantially supported” groups “engaged in hostilities against the United States or its coalition partners.”
Tuesday’s decision by a New York federal judge halts a key terror-fighting feature of the 2011 National Defense Authorization Act and is a blow to the Obama administration. The government urged U.S. District Judge Katherine B. Forrest not to adopt a nationwide ban on the measure, saying the move would be “extraordinary” and “unwarranted” (.pdf).
But the judge, ruling in a case brought by journalists and political activists, said the law was too vague and did not provide clear guidance on whom the government could indefinitely detain.


“We use words that don't mean what they mean just as we use laws that aren't really laws and improbable probable cause and uberpoenas rather than subpoenas...”
Holder Claims Emails Using Words ‘Fast and Furious’ Don’t Refer to Operation Fast and Furious
Attorney General Eric Holder claimed during congressional testimony today that internal Justice Department emails that use the phrase “Fast and Furious” do not refer to the controversial gun-walking operation Fast and Furious.
Under questioning from Rep. Jason Chaffetz (R-Utah), who read excerpts of the emails at a House Judiciary Committee hearing on Justice Department oversight, Holder claimed that the phrase “Fast and Furious” did not refer to Fast and Furious but instead referred to another gun-walking operation known as “Wide Receiver.”
However, the emails refer to both programs -- "Fast and Furious" and the "Tucson case," from where Wide Receiver was launched -- and reveal Justice Department officials discussing how to handle media scrutiny when both operations become public


Another technology I get to learn. Isn't that cool?
"As the self-proclaimed 'cloud OS for the datacenter,' OpenStack is fast becoming one of the more intriguing movements in open source — complete with lofty ambitions, community in-fighting, and commercial appeal. But questions remain whether this project can reach its potential of becoming the new Linux. 'The allure of OpenStack is clear: Like Linux, OpenStack aims to provide a kernel around which all kinds of software vendors can build businesses. But with OpenStack, we're talking multiple projects to provide agile cloud management of compute, storage, and networking resources across the data center — plus authentication, self-service, resource monitoring, and a slew of other projects. It's hugely ambitious, perhaps the most far-reaching open source project ever, although still at a very early stage. ... Clearly, the sky-high aspirations of OpenStack both fuel its outrageous momentum and incur the risk of overreach and collapse, as it incites all manner of competition. The promise is big, but the success of OpenStack is by no means assured.'"


Neither Google nor Facebook rules them all...
It's a Googly World: A Map of the Planet's Most Visited Websites by Country


Another way I could consolidate my handouts and links and videos and...
Booktype is an open source program for creating ebooks and preparing them for distribution on Kindle and iBooks. Booktype is designed for collaborative use by a group of writers. You can update your books and redistribute them even after your initial publishing date.
To clarify, Booktype is not a service it's an open source program that you can download and install on your own server. If you have the skills to manage it, Booktype could be a good in-house solution for digital publishing.


My Statistics students will hate me for this...
Attention Nerds: Here's the Census Bureau API You've Been Waiting For
… The old system for accessing Census data was called American FactFinder, which, Buckner says, is fine for an expert, but for a novice, it's just not very intuitive. "People are used to just Googling and getting an immediate answer. They don't want to hunt for it," Buckner says. With the release of the API, the old tools will remain available for people who have figured out how to use them and are comfortable with those formats.

Thursday, June 07, 2012

Who's who for the Internet age? Who knows who. Who works with who Who is looking to date who.
eHarmony member passwords compromised
Dating site eHarmony confirmed today that passwords used by its members were compromised following reports of references to the site among allegedly stolen passwords that were posted to a hacker site.
… Earlier today LinkedIn said that some of its members' passwords were on a list that ostensibly had 6.5 million encrypted passwords.

(Related) “I can check your bank account, password, secret questions and pin number – for FREE!”
Do yourself a favor, don't check if your password was leaked. Ever.
Almost just as fast as the story started spreading, a link to LeakedIn.org was being passed around as a way to check if your password was leaked in the security breach. To figure out if you're affected, LeakedIn requires you to enter your account password. Your password is then converted to its SHA-1 equivalent and then is compared to the list of leaked passwords.
A red light means your password appears on the list, a green light means you are in the clear. At least, in theory.
Before you jump at the chance to check your password, ask yourself if it's really a good idea to enter your password on some random Web site. The answer should be an unequivocal no. You have no idea what is really being done with the information you enter.


If Mommy and Daddy can do this, what could NSA (or any nation so inclined) do?
… Kids are brilliant when it comes to the Internet and technology, and if you ask many parents what their kids are doing on that computer up in their bedroom, parents wouldn’t even know where to start looking to find out.
Monitor Teenage Computer With Care4Teen
To help those parents, there is a powerful, free online service available called Care4Teen. Care4Teen is both an application and an online service. You install the application on the PC that you want to monitor, and then you can create an account at the Care5Teen website that serves as your “dashboard” into all activities that take place on that computer.
… When you first install the application, you have the option to install it as an Invisible application so your kids won’t be able to uninstall the app from the computer.
… Once it’s installed, the first thing you’ll want to do is select the level of security that you want to enable. The restricted mode basically blocks all of the websites in the Care4Teen database where that most parents have identified as inappropriate for teens. Unrestricted mode allows everything through, but all websites are still monitored for inappropriate content – and those URL’s will get logged whenever such a webpage is identified.


Even more ubiquitous surveillance?
Google Reveals an Image-Capturing Street View Backpack and New 3-D Maps
Google’s Maps team introduced three new technologies on Wednesday: a feature to save offline maps in the Android Maps app, advanced 3-D models of entire cities in Google Earth, and a new Android-controlled “Street View Trekker” backpack for capturing Street View images where bikes, cars and planes can’t go.
… The Trekker is essentially a miniaturized version of all the gear Google packs into its Street View cars and tricycles, including a 15-lens camera that can shoot 46MP images.

(Related)
Airtime curtails privacy for the sake of safety
The way Airtime works is by using Facebook as its log-in platform. At its basic level, Airtime allows simple video chat with users' Facebook friends, but take it up a notch and it lets people chat with strangers that have common interests.
So, as a way to keep its users safe, the service takes random secret photos of video conversations between anonymous users that are then scanned and reviewed for indecent behavior, according to MSNBC.


One aspect of “lawful”
June 06, 2012
Acting General Counsel releases report on employer social media policies
News release: "NLRB Acting General Counsel Lafe Solomon today issued a third report on social media cases brought to the agency, this time focusing exclusively on policies governing the use of social media by employees. The Operations Management Memo details seven cases involving such policies. In six cases, the General Counsel’s office found some provisions of the employer’s social media policy to be lawful. In the seventh case, the entire policy was found to be lawful. Provisions are found to be unlawful when they interfere with the rights of employees under the National Labor Relations Act, such as the right to discuss wages and working conditions with co-workers. “I hope that this report, with its specific examples of various employer policies and rules, will provide additional guidance in this area,” Mr. Solomon said in releasing the memo. Two previous memos on social media cases, which involved discharges based on Facebook posts, issued in January 2012 and in August 2011."


Is the FBI treating New Zealand law like it only applies to “second class citizens? (Like they do in the US) Well, yeah. But clearly the NZ government lawyers are pleading ignorance in many areas – e.g. apparently data isn't treated like 'real' evidence. If they must return the data, does that 'taint' their case?
FBI Illegally Pirated Kim Dotcom’s Data Out of New Zealand, File-Sharing King Charges
New Zealand lawyers for Kim Dotcom and associates allege that FBI agents committed an “illegal act” by cloning data from the file-sharing tycoon’s seized computers and FedExing it to the United States.
The cloned data was sent overseas just days after a judge decided a court hearing was needed to work out if the FBI agents were allowed to take the material, Dotcom’s lawyer Willy Akel told the High Court of Auckland Wednesday.
Akel said the FBI sent material back to the States without the New Zealand police having any say in the matter and that the police force had effectively lost control over it.
… The NZ government doesn’t deny the FBI whisked the data out of the country via sneakernet. But Crown lawyer John Pike, acting for the NZ Solicitor-General, denied that sending the cloned data overseas was illegal.
According to Pike, the relevant law only applies to physical material and not information, even though he acknowledged that information may be the most valuable thing seized in the January raid of Kim Dotcom’s mansion. Therefore, he argued, the content of the hard drives could be shipped overseas to the FBI.
Pike added that the none of the physical possessions had gone, and that that was the actual subject of the Solicitor-General’s undertaking.
Justice Winkelmann, who is hearing the case, may not be swayed by that sophistry, as she said material irrelevant to the case must be returned to Dotcom.
This was countered by Pike, who says it was too difficult to know what was relevant and what was not. Police have no clue what is relevant to the case, Pike said.


“Well, we kinda, sorta tried to do the right thing.”
IE 10′s ‘Do-Not-Track’ Default Dies Quick Death
The latest proposed draft of the Do Not Track specification published Wednesday requires that users must choose to turn on the anti-behavioral tracking feature in their browsers and software.
That means that Microsoft IE 10, which the company announced last week will have Do Not Track turned on by default, won’t be compliant with the official spec. Which means that tech and ad companies who say they comply with Do Not Track could simply ignore the flag set by IE 10 and track those who use that browser. Which means Microsoft has no choice but to change the setting.


Be careful what you wish for...
Pirate Bay cordially accepts RIAA's quest for censorship
The Recording Industry Association of America's CEO, Cary Sherman, testified before Congress today on "The Future of Audio." Although the minutes of the hearing aren't yet available, Sherman did publish a statement of his speech, according to TorrentFreak, which first reported this news.
In Sherman's statement, he stresses that online piracy must be stopped and one of the ways to do this is by having search engines, like Google and Bing, censor any results that could lead users to sites with illegally obtained copyrighted material.
… The Pirate Bay, being one of the biggest proprietors of pirated material, thinks this idea is just swell, according to TorrentFreak.
This is what it had to say on its blog:
Our competitors at the Recording Industry A**holes of America is trying to make sure that the search engines that compete with us have to stop linking back to us. This is really great news!
Right now about 10% of our traffic comes from these competiting search engines. With that ban in place that means that our traffic numbers probably will increase. Users will go directly to us instead and use our search instead. We'll grow even more massive. It's really hard to compete with Google, but if they can't index media search engines like us, we'll be the dominant player in the end.


Perspective. What would make a $100 degree worth $100? (What makes an online degree worth more than the paper it's not printed on?)
"Forbes reports on the latest project of Google Fellow Sebastian Thrun (the proponent of self-driving cars.) He's moved on to education now, believing that conventional university teaching is way too costly, inefficient and ineffective to survive for long. So he started Udacity, which aims to deliver an online version of a master's degree for $100 per student. From the article: 'Udacity’s earliest course offerings have been free, and although Thrun eventually plans to charge something, he wants his tuition schedule to be shockingly low. Getting a master’s degree might cost just $100. After teaching his own artificial intelligence class at Stanford last year—and attracting 160,000 online signups—Thrun believes online formats can be far more effective than traditional classroom lectures. “So many people can be helped right now,” Thrun declares. “I see this as a mission.”'"

(Related) Let's hope the baseline they establish is more effective than TSA screening.
"Secretary of Homeland Security Janet Napolitano today said the agency will form a cybersecurity workforce task group that will consider strategies such as expanding DHS involvement in cyber competitions and university programs, enhancing public-private security partnerships and working with other government agencies to develop a more agile cyber workforce across the federal government. The new task force will be co-chaired by hacking expert Jeff Moss who now works for the Homeland Security Advisory Council and Alan Paller is director of research at the SANS Institute."


I may require my Ethical Hacking students to use this on their collaborative project...
Hangouts is Google’s take on chat rooms. Like many times before, Google has turned a good idea into something incredibly useful, while preserving simplicity and ease of use and thus making it fantastic.
1. Free Video Chat With Up To 10 Participants
2. A More Intuitive Interface
Once you are in a Hangout that is. … figuring out how to join a Hangout can be a challenge
3. Integrated Apps
Unfortunately, you cannot broadcast and save your Hangouts privately.
5. Minimal Setup & Maintenance Requirements


A little Math humor and the answer to a very common question.
Terry Moore: Why is 'x' the unknown?


Wednesday, June 06, 2012


I would be a lot more comfortable if this question didn't keep coming up.
Is It Possible to Wage a Just Cyberwar?
In the last week or so, cyberwarfare has made front-page news: the United States may have been behind the Stuxnet cyberattack on Iran; Iran may have suffered another digital attack with the Flame virus; and our military and industrial computer chips may or may not be compromised by backdoor switches implanted by China. These revelations suggest that the way we fight wars is changing, and so are the rules.
This digital evolution means that it is now less clear what kind of events should reasonably trigger a war, as well as how and when new technologies may be used. With cyberweapons, a war theoretically could be waged without casualties or political risk, [The belief that “political risk” is minimized or eliminated is freightening, since war occurs only between two polities... Bob] so their attractiveness is great -- maybe so irresistible that nations are tempted to use them before such aggression is justified. This essay identifies some important ethical issues that have been upturned by these emerging digital weapons, which in turn help explain why national cyberdefense is such a difficult policy area.


“It's like they are one of us!”
Google to Warn Possible Victims of State-Sponsored Spying
Two years ago, Google took the unusual move of going public with information that its network had been hacked and that the intruders were interested in getting into the Gmail accounts of political activists.
Now the company has taken the unprecedented move of providing online security warnings for users who might be the target of state-sponsored spying.
In a blog post published Tuesday, the company said that for a “subset” of users who the company believes may be the target of state-sponsored attacks, they would be providing a message, in black type on a pink background, that will appear at the top of the user’s account page.
… This raises the obvious question, of course–how Google can determine that the activity is state-sponsored. Google anticipated the question:
“We can’t go into the details without giving away information that would be helpful to these bad actors, but our detailed analysis—as well as victim reports—strongly suggest the involvement of states or groups that are state-sponsored.”


Ubiquitous surveillance. Perspective. With the current US population at 311,591,917, that means there is surveillance on about 1 in 10,000... Sound like a reasonable number?
"U.S. Magistrate Judge Stephen Smith estimates in a new paper (PDF) that 30,000 secret surveillance orders are approved each year in U.S. courts. 'Though such orders have judicial oversight, few emerge from any sort of adversarial proceeding and many are never unsealed at all.' Smith writes, 'To put this figure in context, magistrate judges in one year generated a volume of secret electronic surveillance cases more than thirty times the annual number of FISA cases; in fact, this volume of ECPA cases is greater than the combined yearly total of all antitrust, employment discrimination, environmental, copyright, patent, trademark, and securities cases filed in federal court.' He also adds a warning: 'Lack of transparency in judicial proceedings has long been recognized as a threat to the rule of law and roundly condemned in ringing phrases by many Supreme Court opinions.'"


Ubiquitous surveillance. What the well dressed patrol officer is wearing this year.
Police Body-Worn Video Evidence Hits the Cloud
With body-worn video cameras only being used by little more than 6 percent of police nationwide, VIEVU is looking to make the technology more affordable and practical by storing video evidence in the cloud.
… Body-worn cameras, about the size of a pager that clips onto a lapel or belt, are said to be more effective than in-car cameras, providing a “‘police perspective’ and factual accuracy into critical incidents while dismissing erroneous ‘eye-witness’ accounts, and offers the only foil against the staggering monetary lawsuits brought against law enforcement agencies nationwide,” VIEVU said.
The company cites a study sponsored by the International Association of Chiefs of Police (PDF), which finds that in 93 percent of police-misconduct cases where video is available result in the officer’s exoneration, and half of complaints are immediately withdrawn when video evidence is used. It also said 94 percent of citizens support the use of video.


Soon we won't need Lawyers at all!
"It's not unusual for a freelance Web designer or developer to be burnt when a client refuses to pay up, citing one excuse or another. And what can you do about it? If a contract only amounts to a few thousand dollars, litigation to recover your fee can be far too expensive, and an increasingly vituperative exchange of emails is often not enough for client and contractor to come to agreement over who owes whom what. Into this gap steps judge.me: A start-up founded by Peter-Jan Celis that aims to provide internet-based, legally binding arbitration services — a 'small claims court' for the internet — with a particular eye on settling the conflicts that arise over freelance development and Web design."


For those of us who occasionally need to be a Twit...
The Twitter website interface has undergone a number of changes since its inception, and some would argue that the current Twitter interface is all good and dandy.
But then there are others, like me, who don’t particularly enjoy using Twitter’s home interface. Whether it’s due to aesthetic reasons (it’s ugly!) or simply a matter of inconvenience (I have to keep that tab open!), you may want to look into a more standalone solution – a desktop Twitter client.
These free desktop Twitter clients will allow you to interact with all of Twitter’s goodness without having to pop open a new browser tab. These programs run in the background and continually update with new tweets and messages. And the best part is that you won’t have to pay a cent.
If you’re looking for Twitter clients for other platforms, check out these lists for Mac, Linux, and the iPad.


Websites for young loopy managers...
It doesn’t really matter how you got into IT management, you still need to know both how to manage well and how to lead a team of geeks.
As far as online entertainment goes, this means your ideal morning RSS feed should contain both management gems and important news in the world of IT.

Tuesday, June 05, 2012


I want one! Of course, their first reply may be “I can't open the pod bay door Dave.”
Siri, Kill That Guy’: Drones Might Get Voice Controls


No doubt someone has to figure out how those X-ray scanner work... OPT is “optional practical training ”
"In mid-May, the Department of Homeland Security quietly expanded a program that allows foreign science, technology, engineering and math grads to work in the U.S. for 29 months without a work visa. 'Attracting the best and brightest international talent to our colleges and universities and enabling them to contribute to their professional growth is an important part of our nation's economic, scientific and technological competitiveness,' explained DHS Chief Janet Napolitano. But last week, Senator Chuck Grassley called on the GAO to 'fully investigate' the student visa program, citing reports of abuse and other concerns in his letter. Now, Computerworld reports that the DHS STEM Visa Extension Program continues to be dominated by Stratford University and the University of Bridgeport (as it was in 2010), prompting some tongues to wag. It is 'obvious to any reasonable person that the schools producing most of the OPT students are not prestigious research universities,' quipped policy analyst Daniel Costa, 'which means that many of the OPT students across the country are not in fact the "best and brightest."' While conceding that top students can come from lesser-known schools, 'those will be the exception to the rule,' argued Costa, who suggested the government should include performance metrics in the OPT program, such as grades and university rankings."


Let's see if they get beyond the tip of the iceberg...
By Dissent, June 4, 2012
Patient Privacy Rights and Georgetown University Law Center’sO’Neill Institute for National and Global Health Law Host Event
Psychiatry Patient’s Story Highlights Growing Threat to Privacy
WASHINGTON–(BUSINESS WIRE)– When a lawyer named “Julie” sought psychiatric treatment in Boston, she never imagined that the notes of sessions with her therapist would be digitized and made available to thousands of doctors and nurses—even dermatologists and podiatrists with no conceivable need for such private records. But that is precisely what happened. “Personal details that took me years to disclose during therapy are being shared throughout my medical network, against my will,” Julie says. “It’s destroyed my trust with my doctors.”
Julie will tell her story for the first time at the 2nd International Summit on the Future of Health Privacy, to be held in Washington, DC, on June 6-7. Sponsored by Patient Privacy Rights, the nation’s leading health privacy watchdog, and Georgetown University Law Center’s O’Neill Institute for National and Global Health Law, the Summit will explore the often-alarming privacy implications of the nation’s race to digitize patient medical records.
Read more about what promises to be an exciting conference on PatientPrivacyRights.org.


Nothing special. Looking for that “Let's do anything to get these guys” email.
BP Demands Scientist Emails in Gulf Oil Spill Lawsuit


'cause we want to move all those Saturday morning cartoon ads onto Facebook...
Facebook may be working to bring in users under 13
Speculation is flying that Facebook executives may be developing technology that would enable kids under the age of 13 to join the site with parental supervision.
Interest by Facebook in lowering the minimum age to under 13 years old to join the world's most popular social network was first reported in the Wall Street Journal. The network is reportedly testing ways to link a child's Facebook page to his or her parents', along with tools that would enable parents to decide who their children can "friend" and what apps they can use.


I hope this kind of article educates my students who want to start their own “record label.” They are not yet technophobic nor are the Luddites. Might be interesting to see what they come up with...
E-Publishing May Be Doing Everything Right, But We Can’t Ignore The Spectre Of Piracy
I’m a full supporter of e-books, e-book devices, and agree (mostly) with this excellent WSJ assessment by Rob Reid of the the e-book business. In short, Reid points out that 10 years ago this month the music industry began prosecuting its users and implementing draconian DRM to stave off an impending piracy revolution. That was the year Napster closed shop and pirates, however briefly, lived in a hostile environment. Since then, the music industry has lost $7 billion in music sales. Their war is lost and that sum, however paltry it looks, is pretty much the new normal.
The e-book industry, on the other hand, has been quick to embrace all things digital, creating a number of great distribution channels thanks to strong partnerships with major booksellers. As Reid notes, publishers embraced the Kindle while music distributors saw everything as a threat.

(Related) Local
As an undergrad at the University of Colorado in 2002, Nathan Seidle blew some stuff up. When he searched the internet for replacement parts for the electronic things he was working on, he found himself frustrated at both the lack of parts available and by the lack of pictures of the parts that were available.


Not normal. Releasing classified technology gives analysts an accurate benchmark at a point in time. Assuming a growth formula of 0.047% per year (completely arbitrary you understand) it then becomes trivial to determine what current surveillance satellite tech can do. Exceptions: 1) We found a way to “jump up the curve” or 2) We don't care...
"The U.S. government's secret space program has decided to give NASA two telescopes as big as, and even more powerful than, the Hubble Space Telescope. Designed for surveillance, the telescopes from the National Reconnaissance Office were no longer needed for spy missions and can now be used to study the heavens."


The latest from “Mr. Everything you ever wanted to know about _____” OR What happens when you look through ALL the results of a Google search.
June 04, 2012
New on LLRX.com - Academic and Scholar Search Engines and Sources - An Annotated Link Compilation
via LLRX.com - Academic and Scholar Search Engines and Sources - An Annotated Link Compilation - This new guide by research guru Marcus P. Zillman focuses on the latest and most significant academic and scholar search engines and sources. With the addition of new and pertinent information released online from every sector continually, it is very easy to experience information overload. A real asset in responding to the challenges of so much data is to apply techniques to identify and locate significant, reliable academic and scholarly information that resides in both the visible and invisible web. The following selected academic and scholar search engines and sources offer a wide range of actionable information retrieval and extraction sources to help you accomplish your research goals.


I want my students to write their own textbook. Something like this may be the tool to use.
Widbook is a new service that is part multimedia book authoring tool and part social network. On Widbook you can create a digital book that contains text, images, and videos. Widbook is collaborative because you can invite others to make contributions to your books. To use Widbook you have to create a profile on the service. The books that you create become a part of your profile. If you allow it, other Widbook users can add content and or comments to your books. Likewise, you can search for others' books and make contributions to their books.
Widbook allows you to create a virtual bookshelf of books that you create and or find on Widbook.
One drawback to Widbook in its beta current version is that your books can only be viewed on Widbook right now. Hopefully, in the future they will allow embeds on other sites.
Applications for Education
Widbook has the potential to be a good web-based platform for students to use to construct multimedia research papers. Widbook could also be a good platform for teachers to use to create their own multimedia textbooks to use in their classrooms.

Monday, June 04, 2012


Amen!
Entities need to up their game when it comes to breach disclosures
June 4, 2012 by admin
Help Net Security reports on a new Experian/Ponemon survey, “Consumers confused about data breaches.” Over 60% of respondents had trouble understanding the notification letters or felt the entity did not give them sufficient details.
One take-home message is what I’ve been saying for years: breach notifications need to be written in plain language and include sufficient detail. While overall, my impression is that the quality of notifications has generally increased over the years, and that more consumers are dissatisfied because they’ve become more savvy about what they want to know, there are still many notices that do not answer the questions consumers are likely to have. Here’s my list/opinion as to what elements should be included in plain language:
1. What happened?
If an outsider was involved, what do you know about them? If a contractor or business associate or vendor was involved, where they following procedures you had specified in a contract? If an insider was involved, have they been arrested?
2. How did it happen?
3. When did it (first) happen and for how long did this breach go on?
4. When did you first find out about this?
5, How did you find out?
6. What kinds of information about me are involved?
7. What should I do?
8. What will you do to help restore me to my pre-breach state?
9, What will you do to reduce the likelihood that this or another breach will happen again?
The survey points out that notifications should also include an estimate of risk of harm. That’s something that I’ve had recurring concerns about because many notifications seem to be so reassuring that individuals may not act to protect themselves even though their odds of becoming a victim of fraud or ID theft have increased. Consider even a “crime of opportunity” where a laptop with sensitive data is stolen in a smash and grab. The thief may have no interest in the data, true, but when the thief sells the laptop, can we say the same for the person who purchases it after it’s been inexpertly wiped (if it’s been wiped at all)?

(Related) See how easy it is to find a bad example?
Penn Station issues warning to customers after data breach
Penn Station East Coast Subs, a popular food chain in the Midwest, issued a warning to customers via its website on Friday, after some 20% of their franchisee-owned restaurants suffered a data breach. The breach resulted in unauthorized access to an untold number of debit and credit cards.
… According to Penn Station, the breach impacted less than 20% of their chain, exposing names and credit/debit card numbers, but it’s the missing information that makes this breach notification seem strange.
For example, the company says that the breach likely started at the beginning of March, and warns that customers who ate at the chain between then and April be on alert. How many customers are we talking about, hundreds? Is it thousands, or tens of thousands? Penn Station didn’t say.
Also missing from the basic notification letter on the website is Penn Station’s reason for waiting a month to tell anyone, and exactly how the breach was detected – which is odd given that it’s mentioned the franchisees switched card processing methods due to the breach itself.


Of course they knew nothing about it. Some guys in black helicopters drop in one night and ask for your support, but you turn them down... (At least they guy who had your job before he disappeared turned them down...)
"Microsoft disclosed that 'unauthorized digital certificates derived from a Microsoft Certificate Authority' were used to sign components of the recently discovered Flame malware. 'We have discovered through our analysis that some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft,' Microsoft Security Response Center's Jonathan Ness wrote in a blog post. Microsoft is also warning that the same techniques could be leveraged by less sophisticated attackers [Are we suggesting that cirtification is worthless? Bob] to conduct more widespread attacks. In response to the discovery, Microsoft released a security advisory detailing steps that organizations should take in order block software signed by the unauthorized certificates, and also released an update to automatically protect customers. Also as part of its response effort, Microsoft said its Terminal Server Licensing Service no longer issues certificates that allow code to be signed."


“There are some things man was not meant to know,” and there are “some things we wouldn't understand even if we did know.”
UK: Google was allowed to destroy data haul after ICO spent less than three hours examining information collected by Street Cars
June 3, 2012 by Dissent
Daniel Martin reports:
Britain’s privacy watchdog spent less than three hours examining the private information stolen by Google’s fleet of Street Cars, it emerged yesterday.
Phil Jones, formerly a senior member of the Information Commissioner’s Office, said it had not wanted to spend money on hiring a computer expert to fully analyse the material.
Instead they spent just over two hours looking at a small sample of the information which had been captured from home computers.
The commission then gave Google permission to destroy the evidence even though it had not been properly sifted.
Read more on The Daily Mail.
That’s pretty….. irresponsible, no?


“What;s for dinner?”
June 03, 2012
Google's' Zagat Restaurant Guide with Reviews and Ratings Now Free
"We’re excited to announce that our content is now free on Zagat.com and a cornerstone of the new Google+ Local experience. Now, the world’s highest quality reviews are available to more people, whether they are at their desks or on the go, As we’ve always done, we will continue to develop high quality content based on consumer surveys, and make that content available in print, online and on mobile. We hope you will participate by sharing your opinions with the growing community on Google+ -- helping more people find great places around the world. But today is just the first step. You’ve welcomed us into new areas from Dublin to Dubai and Portland to Paris, and we’re looking forward to hearing what you have to say about the new places you discover."


I can honestly say I have no scientific value what-so-ever...
June 03, 2012
Research Blogs and the Discussion of Scholarly Information
Research Blogs and the Discussion of Scholarly Information, Shema H, Bar-Ilan J, Thelwall M (2012) Research Blogs and the Discussion of Scholarly Information. PLoS ONE 7(5): e35869. doi:10.1371/journal.pone.0035869: "The research blog has become a popular mechanism for the quick discussion of scholarly information. However, unlike peer-reviewed journals, the characteristics of this form of scientific discourse are not well understood, for example in terms of the spread of blogger levels of education, gender and institutional affiliations. In this paper we fill this gap by analyzing a sample of blog posts discussing science via an aggregator called ResearchBlogging.org (RB). ResearchBlogging.org aggregates posts based on peer-reviewed research and allows bloggers to cite their sources in a scholarly manner. We studied the bloggers, blog posts and referenced journals of bloggers who posted at least 20 items. We found that RB bloggers show a preference for papers from high-impact journals and blog mostly about research in the life and behavioral sciences. The most frequently referenced journal sources in the sample were: Science, Nature, PNAS and PLoS One. Most of the bloggers in our sample had active Twitter accounts connected with their blogs, and at least 90% of these accounts connect to at least one other RB-related Twitter account. The average RB blogger in our sample is male, either a graduate student or has been awarded a PhD and blogs under his own name."


Interesting
June 03, 2012
NYT Infographic - 32 Innovations that will change your tomorrow
New York Times Magazine - 32 Innovations that will change your tomorrow - topics include: morning routine; commute; work; play; health; and home.
  • "We tend to rewrite the histories of technological innovation, making myths about a guy who had a great idea that changed the world. In reality, though, innovation isn’t the goal; it’s everything that gets you there. It’s bad financial decisions and blueprints for machines that weren’t built until decades later. It’s the important leaps forward that synthesize lots of ideas, and it’s the belly-up failures that teach us what not to do. When we ignore how innovation actually works, we make it hard to see what’s happening right in front of us today. If you don’t know that the incandescent light was a failure before it was a success, it’s easy to write off some modern energy innovations — like solar panels — because they haven’t hit the big time fast enough. Worse, the fairy-tale view of history implies that innovation has an end. It doesn’t. What we want and what we need keeps changing. The incandescent light was a 19th-century failure and a 20th- century success. Now it’s a failure again, edged out by new technologies, like LEDs, that were, themselves, failures for many years. That’s what this issue is about: all the little failures, trivialities and not-quite-solved mysteries that make the successes possible. This is what innovation looks like. It’s messy, and it’s awesome. Maggie Koerth-Baker."


Now there is even an App for this!
Asus to bring Android to Windows with BlueStacks
Asus has revealed a new partnership at Computex today to make its computers more Android-friendly. By teaming with BlueStacks (download), which makes an "app player" for running Android apps on Windows, the company will make Android apps available on 30 million Windows computers around the world.

(Related) So, now that you don't even need an Android phone...
Sunday, June 3, 2012
In my part of the world many school years won't start again until the day after Labor Day. As I write this, Wolfram Alpha tells me that day is 93 days away. Therefore, I decided to select 93 apps that teachers may be interested in trying this summer. I divided the list into sections for pre-K, elementary school, middle school, high school, and apps for all. Some of the apps could have been put into one than more category so even if you teach middle school you'll want to look at the elementary school and high school categories for apps that your students could probably use too.
[Slideshow on the website and on http://android4schools.com/


It's a poorly designed course that allows undetectable cheating...
"As online courses become mainstream, some students are finding they are often easy to game. A group of clever students at one public university describe how they used a Google Doc during on open-book test for a new kind of 'cloud cheating.'"
Instead of "cloud" all the time, can't we switch it up with "on the internet"?
[From the article:
Mr. Smith figured out that the actual number of possible questions in the test bank was pretty small. If he and his friends got together to take the test jointly, they could paste the questions they saw into the shared Google Doc, along with the right or wrong answers. The schemers would go through the test quickly, one at a time, logging their work as they went. The first student often did poorly, since he had never seen the material before, though he would search an online version of the textbook on Google Books for relevant keywords to make informed guesses. The next student did significantly better, thanks to the cheat sheet, and subsequent test-takers upped their scores even further. They took turns going first. Students in the course were allowed to take each test twice, with the two results averaged into a final score.
"So the grades are bouncing back and forth, but we're all guaranteed an A in the end," Mr. Smith told me. "We're playing the system, and we're playing the system pretty well."


I'll add this to my “Would you like to pass?” toolkit.
Soshiku is a free personal planner designed for high school and college students. Soshiku lets students organize their assignments by course, add assignments, and receive text message and or email reminders before each assignment is due. Students can add assignments to their calendars directly on the Soshiku website or via text message. Registering and getting started with Soshiku is quick and the user interface is very intuitive and easy to learn. Soshiku has been optimized to run on iPads and Android tablets too.
Applications for Education
Soshiku is a good service for students to manage their assignment due dates. The options for assignment reminders can be received via email or text days or weeks before each assignment is due.


This looks very interesting... (You don't need a phone)
The popular visual bookmarking and homepage service Symbaloo now offers a free Android app and a free iPhone/ iPad app. Symbaloo allows you to bookmark your favorite websites and arrange them into tile boards that you can share or keep private. Symbaloo calls the tile boards webmixes. You can create multiple webmixes arranged according to topics of your choosing. Now those webmixes can be created, accessed, and remixed on your favorite tablet or phone.
Here's an overview of Symbaloo.
Here's an overview of Symbaloo for Android.
Here's an overview of Symbaloo for iPhone.
Applications for Education
Symbaloo does offer an education version, but the education version is not free except for individual use which doesn't make it different than signing up for a regular Symbaloo account. Symbaloo can be good for organizing a set of resources to share with your students or colleagues. You could also have students create their own Symbaloo accounts and create webmixes around topics that they are researching.