Saturday, March 30, 2013

Apparently, nothing much happened yesterday...

There is no “Security through Obscurity.” It isn't difficult to watch who enters a school. No cops, no guns.
Des Moines Register Maps Which Public Schools Are Totally Unguarded
The Des Moines Register is in a bit of hot water after they published an interactive Google Map revealing the level of security in most Iowa's school districts. The map has since been taken down due to complaints from people who were upset that it was basically putting a target on the schools where any troublemakers would face no resistance from security guards or police officers.
As you probably know, the National Rifle Association and other gun advocates have pushed more armed guards to be placed in schools arguing that "gun-free zone" actually draw criminals to schools, because they know no one there we able to challenge them.

For my amusement...
… Legislation in North Carolina will force schools to use digital materials in lieu of printed textbooks by 2017. Schools will be allowed to spend money that’s been allocated for textbooks on technology. But according to the, the state has slashed textbook funding in order to balance the budget, and there isn’t any money earmarked for devices. Sounds like a winning plan.
A proposed bill in Tennessee would cut a family’s welfare benefits by 30% if a child fails a grade. “It’s really just something to try to get parents involved with their kids,” said the bill’s sponsor, state Senator Stacey Campfield, who has no plans to punish affluent families for poor school performance.
Dave Winer, podcasting and blogging pioneer and developer of RSS, has a new company, Small Pictures, which released its first product this week: Little Outliner. As the name would suggest, the browser-based tool is great for outlining writing projects.

Friday, March 29, 2013

It is simple to tell most “Criminal Hacker Gang” attacks from “Military Grade” attacks – Criminals rely on victims who fail to implement and update their security while the Military attacker assumes all the security is top shelf and workinig.
How the Spamhaus DDoS attack could have been prevented
Nearly 13 years ago, the wizardly band of engineers who invented and continue to defend the Internet published a prescient document they called BCP38, which described ways to thwart the most common forms of distributed denial-of-service attack.
BCP38, short for Best Current Practice #38, was published soon after debilitating denial of service attacks crippled eBay, Amazon, Yahoo, and other major sites in February 2000. If those guidelines to stop malcontents from forging Internet addresses had been widely adopted by the companies, universities, and government agencies that operate the modern Internet, this week's electronic onslaught targeting Spamhaus would have been prevented.
… BCP38 outlined how providers can detect and then ignore the kind of forged Internet addresses that were used in this week's DDoS attack. Since its publication, though, adoption has been haphazard. Hardware generally needs to be upgraded. Employees and customers need to be trained. Routers definitely need to be reconfigured. The cost for most providers, in other words, has exceeded the benefits.

(Related) An example of an attack your security software might not handle?
You Won't Believe How Adorable This Kitty Is! Click for More!
Employees beware: Don't fall prey to a cat named Dr. Zaius.
"Check out these kitties! :-)" read emails featuring the photo of a Turkish Angora cat with a purple mohawk, sent to nearly two million cubicle dwellers so far. It includes an attachment or link promising more feline photos. Those who click get a surprise: stern warnings from their tech departments.
The Dr. Zaius email is a simulated cyberattack. It is among the ploys companies are using to dupe employees into committing unsafe computing as a way to train them not to be so easily fooled.

Well golly gosh. If you can't trust your government, who can you trust!
Mike Masnick writes that the DOJ’s lack of forthrightness with the courts about its use of Stingray technology is becoming more evident:
The ACLU filed a bunch of FOIA (Freedom of Information Act) requests to dig into this and newly released documents show that, indeed, it was apparently standard practice by the DOJ to be “less than explicit” and less than “forthright” with judges in seeking warrants and court orders to make use of this technology. Here’s an email that was revealed:
As some of you may be aware, our office has been working closely with the magistrate judges in an effort to address their collective concerns regarding whether a pen register is sufficient to authorize the use of law enforcement’s WIT technology (a box that simulates a cell tower and can be placed inside a van to help pinpoint an individual’s location with some specificity) to locate an individual. It has recently come to my attention that many agents are still using WIT technology in the field although the pen register application does not make that explicit.
While we continue work on a long term fix for this problem, it is important that we are consistent and forthright in our pen register requests to the magistrates…
Read more on TechDirt.

“Know your enemy” vs “Saturate the target market” Remember, statistically half the world is below average.
Here’s How Far-Right Extremists Recruit on Twitter
It’s not hard to find extremists on the internet. But it’s really hard finding out who’s the most successful at spreading extremism, which can make counteracting their influence difficult. Now a pair of researchers think they’ve figured out how to do it — which could make extremist threats easier to identify and block.
The researchers also discovered some peculiar data about how extremists on both the far right and left use Twitter and how online extremist networks are organized. In a new report, terrorism analyst J.M. Berger his co-author Bill Strathearn found that traditional leaders on the far right are losing influence to new forms of extremist media, spread online by a small group of influential activists who are relative unknowns, but can communicate to a much larger audience of potential recruits. These activists are even attempting to make inroads into mainstream politics.

I still think the winner of the “Car Talk” Bumper Sticker competition says it best: “Honk if you love Jesus, Text if you want to meet Him”
March 28, 2013
New Study via AT&T - Nearly Half of Commuters Admit to Texting While Driving
"Nearly half of commuters self-reported texting while driving in a recent poll, and 43% of those who did called it a “habit.” Commuters are texting and driving even more than teens – 49%1, compared to 43%2. And the problem has gotten worse. Six in 10 commuters say they never texted while driving three years ago. So while efforts to raise awareness of the are working – 98% of commuters surveyed said they know sending a text or email while driving isn’t safe – there’s clearly more work to be done to change behaviors. Survey sponsor AT&T is calling on employers to help end texting while driving by taking action during National Distracted Driving Awareness Month in April, and beyond. It’s asking businesses to join the more than 165 organizations already engaged in the Texting & Driving-It Can Wait movement, and to use the policies, technologies and communications materials available free at to help move their employees beyond being aware of the danger to making a personal commitment not to text and drive."

For my students...
"Google has announced the Open Patent Non-Assertion (OPN) Pledge. In the pledge Google says that they will not sue any user, distributor, or developer of Open Source software on specified patents, unless first attacked. Under this pledge, Google is starting off with 10 patents relating to MapReduce, a computing model for processing large data sets first developed at Google. Google says that over time they intend to expand the set of Google's patents covered by the pledge to other technologies."
This is in addition to the Open Invention Network, and their general work toward reforming the patent system. The patents covered in the OPN will be free to use in Free/Open Source software for the life of the patent, even if Google should transfer ownership to another party. Read the text of the pledge. It appears that interaction with non-copyleft licenses (MIT/BSD/Apache) is a bit weird: if you create a non-free fork it appears you are no longer covered under the pledge.

Thursday, March 28, 2013

Is this a cyber-attack that equates to a Pearl Harbor, or a mini-Pearl Harbor, or perhaps a childish prank? Does a physical attack on cyber infrastructure equal a cyber-attack on physical infrastructure?
Egypt's Naval forces claim they have captured three scuba divers who were trying to cut an undersea Internet cable in the Mediterranean. Col. Ahmed Mohammed Ali said in a statement that the divers were caught while “cutting the undersea cable” of Telecom Egypt. Internet services have been disrupted since March 22 in Egypt. From the article: "The statement was accompanied by a photo showing three young men, apparently Egyptian, staring up at the camera in what looks like an inflatable launch. It did not have further details on who they were or why they would have wanted to cut a cable."

(Related) Now what do you think?

(Related) Still just a series of coinkydinks?
UAE Etisalat users face disruption after cable cut

This is the equivalent of giving people who rent storage lockers a brand new shiney padlock!
Amazon Woos the Paranoid With Crypto Cloud Service
Amazon’s cloud services just keep getting bigger, but the fact remains that many people are still worried that this cloud computing thing just isn’t as secure as the systems you might set up in your own data center.
If Amazon wants its service to continue growing at their current rate it has to change this perception. This week the company stepped up this crusade, unveiling a new service for creating and managing encryption keys in the cloud.
The service is called CloudHSM. HSM stands for Hardware Security Modules — physical devices that handle the creation and management of cryptographic keys. These aren’t a new thing, but they’re new to Amazon Web Services, or AWS, a set of online services that provide access to all sorts of computing power, including virtual servers and data storage and more.

(Related) Now all they need to do is actually use the padlock...
How Private Data Became Public on Amazon's Cloud
Companies that use Amazon's popular cloud computing service have accidentally [This is clearly NOT an accident. Someone (probably an entry level IT guy) turned this off and no one (management) checked! Bob] disclosed confidential information including sales records and source code, highlighting the risks of moving sensitive data to the Web, according to new research.
… Rapid7 said the documents were public because many of Amazon's customers overrode a key security mechanism intended to keep such information private, likely by accident as the result of poorly designed third-party management software.
Apparently this is just one company that hired some computers from some e-crooks. Imagine a case where a country takes control of all the computers they can locate, and uses them to attack another country.
March 27, 2013
BBC News - Global internet slows after 'biggest attack in history'
"The internet around the world has been slowed down in what security experts are describing as the biggest cyber-attack of its kind in history. A row between a spam-fighting group and hosting firm has sparked retaliation attacks affecting the wider internet. It is having an impact on popular services like Netflix - and experts worry it could escalate to affect banking and email systems. Five national cyber-police-forces are investigating the attacks. Spamhaus, a group based in both London and Geneva, is a non-profit organisation which aims to help email providers filter out spam and other unwanted content. To do this, the group maintains a number of blocklists - a database of servers known to be being used for malicious purposes. Recently, Spamhaus blocked servers maintained by Cyberbunker, a Dutch web host which states it will host anything with the exception of child pornography or terrorism-related material."
[From the article:
Spamhaus has alleged that Cyberbunker, in cooperation with "criminal gangs" from Eastern Europe and Russia, is behind the attack.
… Mr Linford said the attack's power would be strong enough to take down government internet infrastructure.
"If you aimed this at Downing Street they would be down instantly," he said. "They would be completely off the internet."
He added: "These attacks are peaking at 300 Gbps (gigabits per second).
"Normally when there are attacks against major banks, we're talking about 50 Gbps"
… Spamhaus said it was able to cope as it has highly distributed infrastructure in a number of countries.
The group is supported by many of the world's largest internet companies who rely on it to filter unwanted material.
Mr Linford told the BBC that several companies, such as Google, had made their resources available to help "absorb all of this traffic".
The attacks typically happened in intermittent bursts of high activity. [When the criminal computers are “between jobs?” Bob]

Find a similar, less technical example and see what has truly changed...
"The Supreme Court of Canada has ruled that text messages are private communication (Official Ruling) and therefore police are required to get a warrant to gain access to the text messages of private citizens. The CBC reports: '[Supreme Court Justice Rosalie Silberman] Abella said the only practical difference between text messaging and traditional voice communications is the transmission process. "This distinction should not take text messages outside the protection to which private communications are entitled," she wrote.'"
Quite different from the attitude in the U.S.

Perhaps we should read this...
March 27, 2013
EFF Commentary on Expanded Powers of Computer Fraud And Abuse Act Reform
EFF: "Law professor and historian Tim Wu has called the Computer Fraud and Abuse Act (CFAA) the “worst law in technology.” The Ninth Circuit Court of Appeals has described the government’s interpretation of it “expansive,” “broad,” and “sweeping.” And Orin Kerr, former federal prosecutor and law professor, has detailed how the government could use it to put "any Internet user they want [in jail]." So it's pretty surprising to see that now, instead of reining in the CFAA’s dangerous reach, the House Judiciary Committee is floating a proposal to dramatically expand it and is reportedly planning to rush it to the floor of Congress during its April “cyber” week... Techdirt’s Mike Masnick posted a new draft and analysis of the CFAA expansion bill on Monday."

I expect a lot of my students will telecommute.
March 27, 2013
Costs and Benefits Advantages of Telecommuting For Companies
The Telework Research Network: "We’re read over 500 studies about telecommuting and here are what we’ve found to be the most common advantages for the companies that establish work from home programs. The following pros and cons of work from home programs aren’t just our view, they’re the outcomes from a wide range of studies. Visit our Research: Pros & Cons page for additional information about how individuals and communities can benefit from telecommuting as well."

Think of the infrastructure Walmart is creating here. First in-store lockers and then customers for store-to-door delivery. Revise that to mailboxes and postal carriers and you can immediately see they are trying to take over the Postal Service and probably all the express services... (Or perhaps split it with Amazon to avoid the taint of monopoly)
"Amazon has been placing lockers in brick-and-mortar retail stores, such as 7-Eleven, for pickup of online purchases. Walmart plans to pilot a similar program, presumably making it easier to pick up online purchases at Wal-Mart. 'Wal-Mart hopes its network of physical stores, which number about 4,000 in the United States, will give it an edge as consumers increasingly use smart phones while they shop. Wal-Mart has been testing the shipping of online orders from a small number of its physical stores for about two years. In 2013, the company plans to expand this program from about 25 stores currently to a total of roughly 50 stores. ... Two-thirds of the U.S. population live within five miles of a Wal-Mart store."

Wal-Mart may get customers to deliver packages to online buyers
… Wal-Mart has millions of customers visiting its stores each week. Some of these shoppers could tell the retailer where they live and sign up to drop off packages for online customers who live on their route back home, Anderson explained.
Wal-Mart would offer a discount on the customers' shopping bill, effectively covering the cost of their gas in return for the delivery of packages, he added.

Amusing. Perhaps I'll be able to point out some of the things I did...
NSA Declassifies — Sort Of — Its Super-Secret Internal Magazine
… Titled Cryptolog: The Journal of Technical Health, its existence has been known for years, having been mentioned in books about the agency by authors like James Bamford. But its contents, like so much else about the agency and its work, have remained a secret.
That changed today, when the NSA declassified about a quarter century of back issues of the publication running from 1974 to 1997. You can have a look at the results here.

We probably should start thinking about this. They are showing the classic signs... “When in doubt, yell louder!”
What happens if North Korea collapses?
North Korea shut down its last military hotline to South Korea on Wednesday, warning that nuclear war was imminent. The threat was the latest in a series of increasingly belligerent statements made by the Hermit Kingdom since world leaders imposed sanctions as punishment for the communist regime's recent missile and nuclear tests. Pyongyang has threatened to nuke both South Korea and the U.S.

Wednesday, March 27, 2013

Perhaps they don't take time for a “Lessons Learned” analysis. Perhaps they don't know how to learn.
By Dissent, March 26, 2013 7:45 pm
As I read coverage around the internet, I saw a few reports on the recent OSHU breach that mentioned it was OHSU’s third reported HIPAA breach since 2009. Actually, it’s only the second breach that will appear on HHS’s breach tool, but it’s important to note that this was OHSU’s fourth HIPAA breach that we know about since 2008. And disturbingly, all four of them involved stolen devices with unencrypted patient information:
  • In December 2008, OHSU notified 890 patients that a laptop stolen from a hotel where an employee was staying on business might contain patient records.
  • In June 2009 – also before HITECH went into effect – OHSU notified 1000 patients that their names, treatment information and medical record numbers were on a laptop stolen from a physician’s car outside the doctor’s home.
  • In July 2012, OHSU disclosed that 14,495 names and addresses with 14,300 dates of birth, phone numbers, medical numbers, 195 Social Security numbers and vaccination information were on a USB drive stolen from an employee’s home. OHSU only notified 702 of those affected, primarily those whose records “referenced health conditions that are a bit more personal or might be an embarrassment for a patient if disclosed.”
  • And now, OHSU is notifying 4,022 patients whose information was on a researcher’s laptop stolen from a vacation rental home.
The question seems obvious: what the hell will it take before OHSU encrypts all devices? At what point do we – and HHS – say “enough is enough” and this is just downright negligent or failure to learn from experience? Maybe the doctor who left the laptop in the car violated protocols, but if the data had been encrypted, there wouldn’t have been a reportable breach. Maybe the employee who accidentally took the USB drive home made a mistake, but if the data had been encrypted, there wouldn’t have been a reportable breach. And maybe if OHSU had a policy of encrypting devices used for research purposes, the most recent laptop theft wouldn’t have been a reportable incident.
Approximately 20,000 people had their protected health information needlessly exposed and stolen because OHSU didn’t – and doesn’t – encrypt all devices containing PHI.
HHS has seemingly not closed its investigation of the July 2012 reported incident. The newest incident hasn’t even been added to their breach tool yet. But because HHS does not have records on the 2008 and 2009 incidents, they are likely to miss the big picture – that OHSU has had repeated and easily avoidable breaches.
And that’s a shame.

...because someone, somewhere might be a terrorist!
…. Because Gmail is sent between a user’s computer and Google’s servers using SSL encryption, for instance, the FBI can’t intercept it as it is flowing across networks and relies on the company to provide it with access. Google spokesman Chris Gaither hinted that it is already possible for the company to set up live surveillance under some circumstances. “CALEA doesn’t apply to Gmail but an order under the Wiretap Act may,” Gaither told me in an email. “At some point we may expand our transparency report to cover this topic in more depth, but until then I’m not able to provide additional information.”
Either way, the FBI is not happy with the current arrangement and is on a crusade for more surveillance authority.
Read more on Slate.
[From the article:
According to Weissmann, the bureau is working with “members of intelligence community” to craft a proposal for new Internet spy powers as “a top priority this year.” Citing security concerns, he declined to reveal any specifics. “It's a very hard thing to talk about publicly,” he said, though acknowledged that “it's something that there should be a public debate about.”

Beware of flowery phrases meaning nothing...
"Want to be invisible to Google? Apparently you can't, at least according to the European Commission and Information Commissioner's Office. '"The right to be forgotten worries us as it makes people expect too much," said [deputy commissioner David Smith]. Instead, Smith said the focus should be on the "right to object" to how personal data is used, as this places the onus on businesses to justify the collection and processing of citizens' data. "It is a reversal of the burden of proof system used in the existing process. It will strengthen the person's position but it won't stop people processing their data." EC data protection supervisor Peter Hustinx added the right to be forgotten is currently unworkable as most countries are divided on what qualifies as sensitive personal data. "I believe the right to be forgotten is an overstatement," said Hustinx."

Perhaps not the best use of social media...
App tracks the wise who hate their bosses on Twitter
FireMe! takes note of all those who tweet about how much they loathe their hardworking bosses. It even has a leaderboard.
… Now, some kindly Germans have come along to fully expose those who are temporarily taken by a need to express job-loathing. They have created an app called FireMe!, which lovingly collates tweets that could most politely be described as injudicious.
… The tweets that FireMe! collects are separated into four categories: "Sexual Intercourses," "Haters," "Horrible Bosses" and the quite riveting "Potential Killers."

Location, location, location. Perhaps I'll write a paper on “Camouflague in the Digital Age.” (Start by using the name, address and phone number of your lawyer or congressman whenever you register on a website...)
March 26, 2013 - Unique in the Crowd: The privacy bounds of human mobility
Unique in the Crowd: The privacy bounds of human mobility, Yves-Alexandre de Montjoye, César A. Hidalgo, Michel Verleysen & Vincent D. Blondel. Scientific Reports 3; Article number:1376; doi:10.1038/srep01376; Published 25 March 2013
  • "We study fifteen months of human mobility data for one and a half million individuals and find that human mobility traces are highly unique. In fact, in a dataset where the location of an individual is specified hourly, and with a spatial resolution equal to that given by the carrier's antennas, four spatio-temporal points are enough to uniquely identify 95% of the individuals. We coarsen the data spatially and temporally to find a formula for the uniqueness of human mobility traces given their resolution and the available outside information. This formula shows that the uniqueness of mobility traces decays approximately as the 1/10 power of their resolution. Hence, even coarse datasets provide little anonymity. These findings represent fundamental constraints to an individual's privacy and have important implications for the design of frameworks and institutions dedicated to protect the privacy of individuals."

Since the government knows everything about you anyway...
How the Maker of TurboTax Fought Free, Simple Tax Filing
Imagine filing your income taxes in five minutes — and for free. You'd open up a pre-filled return, see what the government thinks you owe, make any needed changes and be done. The miserable annual IRS shuffle, gone.
It's already a reality in Denmark, Sweden and Spain. The government-prepared return would estimate your taxes using information your employer and bank already send it. Advocates say tens of millions of taxpayers could use such a system each year, saving them a collective $2 billion and 225 million hours in prep costs and time, according to one estimate.
The idea, known as "return-free filing," would be a voluntary alternative to hiring a tax preparer or using commercial tax software. The concept has been around for decades and has been endorsed by both President Ronald Reagan and a campaigning President Obama.
Intuit argues that allowing the IRS to act as a tax preparer could result in taxpayers paying more money. It is also a member of the Computer & Communications Industry Association (CCIA), which sponsors a "STOP IRS TAKEOVER" campaign and a website calling return-free filing a "massive expansion of the U.S. government through a big government program."

Might be a preview of debates here...
March 26, 2013
Proposed new EU General Data Protection Regulation
Proposed new EU General Data Protection Regulation: Article-by-article analysis paper, V1.0
12 February 2013. UK Information Commission Office (ICO).
  • "We originally produced this document for two main audiences – the ICO’s own staff and the Ministry of Justice, to help to inform the UK’s negotiations in Europe. However, it has become clear that the information contained in this paper could be of use more widely, as a resource for all those with an interest in the data protection reform process and the ICO’s views. Therefore we have decided to publish it."

If I understand this, now my wife has to train her dogs to “casually trot around a neighborhood and act as a 'confidential canine informant' when they get a whiff of some illegal substances...” Should be a piece of cake.
Prior to hearing oral argument in the Proposition 8 case this morning, the Supreme Court handed down its decision in Florida v. Jardines, the other dog sniff case (Florida v. Harris was decided last month). In an opinion written by Justice Scalia, the Court affirmed the Florida Supreme Court. The Court held a dog sniff at the front door of a house where the police suspected drugs were being grown constitutes a search for purposes of the Fourth Amendment. Justice Kagan filed a concurrence joined by Justices Ginsburg and Sotomayor. Justice Alito filed a dissent joined by the Chief Justice, and Justices Kennedy and Breyer.
Read more on SCOTUSblog.
Orin Kerr commented on the decision:
This morning the Supreme Court handed down Florida v. Jardines, the case on use of a drug-sniffing dog at a suspect’s front porch to sniff around for narcotics inside. Held, in a 5-4 decision by Justice Scalia: Entry onto the porch was an unconstitutional search because it was a physical intrusion into the curtilage around the home under Jones that was beyond the scope of any implied consent. In light of my Supreme Court Review article on how there was no “trespass test” before Katz, I was particularly interested to see that the majority’s application of Jones does not use the word “trespass.” Instead, the Court refers to the Jones test as a test of “physical intrusion.”
Ryan Calo, however, had a somewhat different perspective, writing on Concurring Opinions that the decision leaves him somewhat puzzled/worried. He raises three thought-provoking questions.

“Future Crime” If this test predicts reoffenders 51% of the time (no numbers in the article) in a environment where 67.5% reoffend, is it truly ready for prome time?
Brain Scans Predict Which Criminals Are Most Likely to Reoffend
Brain scans of convicted felons can predict which ones are most likely to get arrested after they get out of prison, scientists have found in a study of 96 male offenders.
“It’s the first time brain scans have been used to predict recidivism,” said neuroscientist Kent Kiehl of the Mind Research Network in Albuquerque, New Mexico, who led the new study. Even so, Kiehl and others caution that the method is nowhere near ready to be used in real-life decisions about sentencing or parole.

This could become interesting. There are lasers that do not use visible light (e.g. X-ray) and those that are guaranteed to be safe for eyes at the classtroom range, let alone a few thousand feet. If Google uses one of those to hunt for potential sinkholes in Florida or to create accurate topographical maps, are the people on the ground victims?
Aiming Laser Pointer at Airplane Gets Man 2.5 Years in Prison
A 19-year-old North Hollywood man has been sentenced to 2.5 years in prison for aiming a laser pointer at a commercial aircraft — a steep punishment going well beyond the year federal prosecutors were seeking.
“In this case the judge really felt it was serious behavior and he wanted to make sure that people understood it was not a joke,” Los Angeles federal prosecutor Melissa Mills said in a telephone interview Tuesday.
… Defense attorneys, who did not respond for comment, were seeking two years of probation and community service.

Perspective I make that 40,000 man years. Thank goodness “Computer” no longer means “some guy with a green eyeshade”
"It may be a movie about a stone age family, but DreamWorks said its latest 3D animated movie The Croods took more compute cycles to create than any other movie they've made. The movie required a whopping 80 million compute hours to render, 15 million more hours than DreamWorks' last record holder, The Rise of the Guardians. The production studio said between 300 and 400 animators worked on The Croods over the past three years. The images they created, from raw sketches to stereoscopic high-definition shots, required about 250TB of data storage capacity. When the movie industry moved from producing 2D to 3D high-definition movies over the past decade, the data required to produce the films increased tremendously. For DreamWorks, the amount of data needed to create a stereoscopic film leaped by 30%."

Simple? Yes Useful? …
Wednesday, March 27, 2013
Quizdini - Create Online Quizzes That Give Students Instant Feedback
Quizdini is a free tool for creating online quizzes. The best feature of Quizdini is that you can create explanations of the correct answer for your students to view immediately after trying each question in your quiz. Your explanation can include text and or links to online resources like videos and images. Quizdini quizzes can be created in a traditional linear format or in a matching format that asks students to pair answers to terms.
Learn how to create a Quizdini quiz by watching the video below.

Tuesday, March 26, 2013

If the US had been the target, would we consider ourselves at war? And with whom?
NATO Researchers: Stuxnet Attack on Iran Was Illegal ‘Act of Force’
A cyberattack that sabotaged Iran’s uranium enrichment program was an “act of force” and was likely illegal, according to research commissioned by NATO’s cyberwarfare center.
“Acts that kill or injure persons or destroy or damage objects are unambiguously uses of force” and likely violate international law, according to the Tallinn Manual on the International Law Applicable to Cyber Warfare, a study produced by international legal experts at the request of NATO’s Cooperative Cyber Defense Center of Excellence in Estonia.
Acts of force are prohibited under the United Nations charter, except when done in self-defense, Michael Schmitt, professor of international law at the U.S. Naval War College in Rhode Island and lead author of the study, told the Washington Times.
The 20 experts who produced the study were unanimous that Stuxnet was an act of force, but were less clear about whether the cyber sabotage against Iran’s nuclear program constituted an “armed attack,” which would entitle Iran to use counterforce in self-defense. An armed attack constitutes a start of international hostilities under which the Geneva Convention’s laws of war would apply.

Why? Is Saudi Arabia far less stable than we think? Could Arab Spring come again? Is it only the disruption of old technologies?
Saudi Arabia 'threatens Skype ban'
Encrypted messaging services such as Skype, Viber and WhatsApp could be blocked in Saudi Arabia, the telecommunications regulator there is reported to have warned.
It is demanding a means to monitor such applications, but Saudis say that would seriously inhibit their communications.
Saudi newspapers are reporting that the companies behind the applications have been given a week to respond.
No explanation has been given of why the demand has been made.
Ahmed Omran, a Saudi blogger who runs the Riyadh Bureau site, says that Saudi telecom companies may be tempted to go along with the request from the regulator - even though it will upset their customers - because of the loss of revenue they suffer from the free apps, which are hugely popular in the country.
… Outside interest in the phenomenon has largely focused on how this has allowed Saudis to express themselves in a public forum on social or political issues in an unprecedented way.
Saudis see this latest threat a little differently, our correspondent says. Any move to monitor or block sites like Skype and WhatsApp would potentially deprive them of what has become an essential means of simply communicating with friends and family.
If it did happen, though, one Saudi told the BBC that it would not take long for people to find a new way to communicate for free.

Drones as advertising? Attach Behavioral Advertising techniques and I expect a swarm of drones over my house spelling out “Still uses last year's technology!”
"As a harbinger for the Paramount film 'Star Trek — Into Darkness', starting in May in Europe's cinemas, last night a swarm of 30 mini-helicopters equipped with the LED lights drew the Star Trek logo into the skies over London. The choreography for the show was developed by Ars Electronica Futurelab from Linz (Austria). Quadrocopter maker Ascending Technologies GmbH from Munich (Germany) provided the aircrafts."

The postal service's hidden cost factor? As far as I can determine from this fluffy article, the “fraud” they catch is phoney postage meters... I don't see how that pays for the system.
The postal service's hidden cool factor
The United States Postal Service is at the cutting edge of supercomputing technologies and the big data revolution, operating one of the most powerful non-classified supercomputing databases on the planet to process and detect fraud on over 528 million mail pieces every day.
… The technological specs of the facility Atkins is allowed to publicly share are impressive: 16 terabytes of in-memory computing coupled with transactional database record ingest rates that allow it to run comparative analysis on a database of about 400 billion records faster than you can blink.
… The information from each mail piece is then compared in the database to some 400 billion records, and complex algorithms help carry out fraud detection and other tests on the data before it is routed back through the Postal Routed Network to the delivery center.

Congress asked for information on the Cloud? Uh-oh...
March 25, 2013
Cloud Computing: Constitutional and Statutory Privacy Protections
CRS - Cloud Computing: Constitutional and Statutory Privacy Protections, Richard M. Thompson II, Legislative Attorney. March 22, 2013
  • " computing is a web-based service that allows users to access anything from e-mail to social media on a third-party computer. For instance, Gmail and Yahoo are cloud-based email services that allow users to access and store emails that are saved on each respective service’s computer, rather than on the individual’s computer. As more communications are facilitated through these cloud-based programs, it is no surprise that government and law enforcement would seek to access this stored information to conduct criminal investigations, prevent cyber threats, and thwart terrorist attacks, among other purposes. This prompts the following questions: (1) What legal protections are in place for information shared and stored in the cloud? (2) What legal process must the government follow to obtain this information? and (3) How do these rules differ from those applied in the physical world?"

It's always amusing to watch the bureaucratic brain at work...
"3D-printing gun parts has taken off, thanks to the likes of Cody Wilson and Defense Distributed. While the technology adds a rather interesting wrinkle to the gun control debate, the ATF currently is pretty hands-off, ... 'We are aware of all the 3D printing of firearms and have been tracking it for quite a while,' Earl Woodham, spokesperson for the ATF field office in Charlotte, said. 'Our firearms technology people have looked at it, and we have not yet seen a consistently reliable firearm made with 3D printing.' A reporter called the ATF's Washington headquarters to get a better idea of what it took to make a gun 'consistently reliable,' and program manager George Semonick said the guns should be 'made to last years or generations.' In other words, because 3D-printed guns aren't yet as durable as their metal counterparts, the ATF doesn't yet consider them as much of a concern."

Interesting. Leave the processing and storage and Internet connections in your home computer closet and connect a touch screen via WiFi...
"GeekWire reports on Amazon CEO Jeff Bezos' pending patent on remote displays that communicate with base stations and operate on wireless power. Reducing devices to mere screens with minimal storage that receive pre-rendered content (e.g., bitmap images), the patent application explains, eliminates the need for bulky batteries or processors, and employing techniques like electromagnetic or electrostatic induction allows one to cut the cord completely. Such remote displays, Amazon suggests, could find a home on college campuses (tablets), in your car (windshield displays or DVD players), and even on your face (eyeglasses)."
There's already a (not wirelessly powered) device similar to the one described in the patent.

For my spreadsheet students...
A Canadian accountant has built a role playing game (RPG) inside of Excel. It’s called Arena.Xlsm, and it does in fact work.
Why build an RPG inside of Excel? The question is backwards. Why the hell wouldn’t we? Anyone who spent the majority of math in High School programming their TI-83 to prevent boredom knows what I’m talking about.
Note: While TNW tested it on Excel 2010, your mileage may vary. Also, you have to enable the spreadsheet twice, one for editing and second for content. Excel’s protections built to keep you safe in this case are roadblocks in between you and some fun.

“Stuff Students Should Know” At least, my Intro to IT class... We need the next e-Mily Post?
How We’re Turning Digital Natives Into Etiquette Sociopaths
Let’s face it: Technology and etiquette have been colliding for some time now, and things have finally boiled over if the recent spate of media criticisms is anything to go by. There’s the voicemail, not to be left unless you’re “dying.” There’s the e-mail signoff that we need to “kill.” And then there’s the observation that what was once normal — like asking someone for directions — is now considered “uncivilized.”
Cyber-savvy folks are arguing for such new etiquette rules because in an information-overloaded world, time-wasting communication is not just outdated — it’s rude. But while living according to the gospel of technological efficiency and frictionless sharing is fine as a Silicon Valley innovation ethos, it makes for a downright depressing social ethic.
People like Nick Bilton over at The New York Times Bits blog argue that norms like thank-you messages can cost more in time and efficiency than they are worth. However, such etiquette norms aren’t just about efficiency: They’re actually about building thoughtful and pro-social character.

A version for “Student Success? Might be an interesting e-book project for my Intro to IT students.
The Most Effective Strategies for Success
For years, I've been trying to convince people that success is not about who you are, but about what you do.
Roughly two years ago, I wrote about the "Nine Things Successful People Do Differently," which became HBR's most-read piece of content over that time span. It was a list of strategies, based on decades of scientific research, proven effective for setting and reaching challenging goals. I later expanded that post into a short e-book, explaining how you can make each one a habit. But how would readers know if they were doing enough of each "Thing"? (After all, we're terrible judges of ourselves.) To help answer that question, last spring I created something I called the Nine Things Diagnostics — it's a free, online set of questionnaires designed to measure your own use of each of the nine things in pursuit of your personal and professional goals.

Monday, March 25, 2013

Somehow this strikes me as a really, really bad idea. If it's a lie, what little credibility they had is gone. If it's true, they just made a final, perhaps fatal error. Is there an up-side?
When HackRead reported, #OpIsrael: Mossad Website breached, Personal Details of over 30,000 Agents Leaked by Anonymous, my first thought was that I wished they didn’t just uncritically repeat claims.
Did they examine the database/spread sheets before repeating tweets and claims? I did a random check of the database, and frankly, I find it extremely unlikely that the hackers obtained any information on Mossad agents, much less all their agents as well as government officials and politicians.
The data seem to include the names, addresses, phone and fax numbers, ID numbers, and email addresses of approximately 35,000 individuals. Some of the individuals in the database have multiple entries. Many seem to be merchants or others with no connection to the government at all.
Maybe some of the data are from people applying to become part of Mossad, but even that is a stretch when you start Googling some of the individuals in the database.
Think what you want of Mossad’s actions, but they are not stupid. They’ve known that they are targets, and not just by Anonymous or hacker groups. Covert operatives’ names and contact details thrown into a large database connected to the Internet? Highly unlikely. So unless someone has some proof that this database really has data on Mossad agents, I remain skeptical, to say the least.
I’ve emailed the Prime Minister’s Office on behalf of the Open Security Foundation to ask for their response to the claimed hack and leak. If I ever get an answer, I’ll post it.
Update: I’m not the only one who doesn’t accept claims about what the data represents. See this article and this one. Blog headline now revised.

Simple question: Is it your data or the doctor's?
World’s Health Data Patiently Awaits Inevitable Hack
Eugene Vasserman is uneasy about his digital pedometer. The company that makes the thing doesn’t know his name, age, or gender, but it does track his every step and his location. “They know where I sleep. They know my address,” says the Kansas State University cybersecurity and privacy researcher.
Some might think he’s paranoid. But he hasn’t stopped using the device. It’s just that he sees the worst-case scenario — and he’s adamant that the rest of us should see it too. Once health data leaves your immediate possession, he explains, it’s out of your control.
… What we do know is that security breaches surrounding healthcare information have been on the rise, according to the Ponemon Institute. And according to the The Washington Post, there are “gaping security holes” in many of the systems that hold our healthcare data.

(Related) We're inventing new ways to monitor our patients health...
This Pill Bottle Is a Smartphone Wannabe
The technologies that made you fall in love with your iPhone or Galaxy are now making their way into pill bottles.
To help patients take their medications on time, AdhereTech is remaking that ubiquitous orange bottle and giving it a high-tech facelift with the addition of lights, speakers, a 45-day-long battery, 3G and LTE capabilities, and sensors that measure humidity and how many pills are left in the bottle.
“We’ve built cellphone technology into the bottle,” said Josh Stein, the CEO of the New York City-based startup. “The bottle [will be] constantly connected to the cloud, just like a cell phone. Patients don’t have to link it to WiFi or Bluetooth. They don’t have to set it up in any way.”
… Down the line, if users want to merge their AdhereTech data with other apps or with their activity, glucose or blood pressure monitors, they’ll be able to thanks to AdhereTech’s open API. “It’s very important to us for patients to own their personal adherence data,” Stein says. “We want to be the pill bottle that plugs into other systems and integrates with all these other apps.”

My students are always amazed at how little data it takes...
Jason Palmer reports on a new study, “Unique in the Crowd: The privacy bounds of human mobility:”
Individuals can be uniquely identified with just four points of location data, a study of mobile phone records shows.
Countless mobile applications make use of location data, and such information is increasingly used to tailor both services for users and advertisements.
But a study in Scientific Reports warns that human mobility patterns are unique identifiers, even when data are scarce.
Read more on BBC. Their link to the study doesn’t work for me, but you can access the full study here.
Reference: Unique in the Crowd: The privacy bounds of human mobility Yves-Alexandre de Montjoye, César A. Hidalgo, Michel Verleysen & Vincent D. Blondel; Scientific Reports 3, Article number: 1376 doi:10.1038/srep01376 Received 01 October 2012 Accepted 04 February 2013 Published 25 March 2013

For years, SciFi has assumed all journalists will be using drones. Just another tool for the paparazzi...
Why All Reporters (Not Just J-School Students) Should Learn to Fly Drones
These days the future of journalism may look cloudy. But one thing about the future of the business is clear, according to ABC News. It will be full of drones.
In fact, the emergence of drone journalism is expected to become such a mainstay of the media industry in the next few years that “undergraduate journalism students at the University of Missouri Journalism School, in Columbia, Mo., are now taking courses on how to use drones to report stories,” ABC News reported March 22.

Someone is practicing law without a brain. A wise judge would recommend remedial law school...
Jessica Masulli Reyes reports that Vernon Township in New Jersey is suing the recipients of an inadequately redacted email attachment with town employees’ Social Security numbers. They are also reportedly suing the newspaper that published a story about the breach.
Reyes writes:
The lawsuit, filed by Kevin Kelly in state Superior Court in Newton on Friday, is seeking financial compensation, as well as stopping the individuals — Sally Rinker, Jesse Wolosky, Curious George (anonymous name), Lynn Van Gorder and Sandra Ooms — from disseminating the confidential information.
The lawsuit stems from an incident reported in the New Jersey Herald on Friday about these individuals who made Open Public Records Act requests to the township for payroll information. Municipal Clerk Sue Nelson responded by sending an attachment that she believed redacted the Social Security numbers and other personal information, but those hidden columns in the document were still visible.
The town alleges that viewing all columns and data on a spreadsheet sent them to is an “intentional invasion of (employee’s) privacy and constitutional rights.” So if you open a file the government sends you, you’re intentionally invading privacy and constitutional rights? I don’t think so.
The judge was not convinced and declined to issue the order sought by the township, although he noted that anyone misusing the information might be subject to criminal penalties and/or civil damages.
Herald Publisher Jack Findley said, “I think that by trying to place the blame on the recipients of these documents, Kevin Kelly’s lawsuit is entirely frivolous. He should explain on what grounds he is pursuing this lawsuit which does nothing but waste the taxpayers’ money and township resources. If Kelly is trying to divert attention away from himself, it looks like his tactic backfired.”
Jesse Wolosky and Sally Rinker are also arguing that the blame should instead be placed on Vernon, rather than on those who received the documents under OPRA.
Read more on The New Jersey Herald.

Tools for Stalkers or your local surveillance hobbyist.
There are certain situations in which you would want to take pictures through your phone discreetly. But even if you turn your phone to silent and disable its flash, anybody who is looking at your phone’s screen will be able to tell that you are taking a picture. Offering a solution to that is a phone app called Sneaky Cam.
Sneaky Cam is a free to use phone application that is compatible with Android devices.
… The camera’s preview screen can be replaced by a screen of your choosing, and the preview can be set at a transparency level so you can see what you are photographing. You can also opt to get a notification each time a photograph has been successfully taken.
Similar tool: Gallery Private.

For my amusement...
… The Utah legislature has passed a law that would create a “cloud-based student achievement ‘backpack,”” allowing students and parents to access their education records from their entire school career, all in one place. [Making hacking easier by placing all their eggs in one basket. Bob] Utah has earmarked $250,000 for this — a budget and a process to keep an eye on, particularly in light of the $100,000,000 that the Gates Foundation has poured into its student data infrastructure, InBloom.

Because I like lists (and I'm cheap)

Attention Trekies! It's couch potato time!
Star Trek fans, you’re looking at the best week of your lives. To celebrate William Shatner’s birthday on March 22nd, Hulu has made every episode of every Star Trek series available for free. Yes, you heard right, every episode of The Original Series, The Next Generation, Deep Space Nine, Voyager and Enterprise is now free on Hulu, until the end of March.
According to a tally made by TheNextWeb, this makes a total of 693 episodes of Star Trek from 30 different seasons, which means you’d have to watch over 69 episodes per day to make it before April 1st.

(Related) Of course, if you can start multiple sessions on each of your devices, you could grab everything in an hour or so...

Sunday, March 24, 2013

At a recent seminar I attended, a Colorado “Health Expert” proudly mentioned that they would be developing their own record system from scratch. I asked why they various free versions were unacceptable, but she had apparently never heard of such a thing. No doubt we'll spend a billion or so before we throw the system out and start over... and over...
"Free Software Foundation president Richard M. Stallman announced the winners of the FSF's annual Free Software Awards at a ceremony held during the LibrePlanet 2013 conference. The Award for the Advancement of Free Software is given annually to an individual who has made a great contribution to the progress and development of free software, through activities that accord with the spirit of free software. This year, it was given to Dr. Fernando Perez, the creator of IPython, a rich architecture for interactive computing. The Award for Projects of Social Benefit is presented to the project or team responsible for applying free software, or the ideas of the free software movement, in a project that intentionally and significantly benefits society in other aspects of life. This award stresses the use of free software in the service of humanity. This year, the award went to OpenMRS, a free software medical record system for developing countries."

It's a shame I had to read this online... Wait. No it isn't. That's how I get 95% of my news! I will mention that Baen Publishing is offering a leather bound edition of the first book in the Honor Harrington series. (for a mere $102) Clearly they believe that fans of the series will appreciate a high-end (dare we say, “collector's”) edition.
March 23, 2013
Commentary - Books aren’t dead yet
  • "You’ve probably read that bookstores, like traditional book publishers, are in trouble. They are, especially if they’re big, overextended, relatively impersonal chain stores like Barnes & Noble. But, as the Christian Science Monitor recently reported, there are now many indications that a once-beleaguered portion of the bookselling landscape, independent bookstores, are enjoying a “quiet resurgence.” Sales are up this year; established stores, such as Brooklyn’s WORD, are doing well enough to expand and new stores are opening. Indies have been helped by the closure of the Borders chain and a campaign to remind their customers that if they want local bookstores to survive, they have to patronize them, even if that means paying a dollar or two more than they would on Amazon."

No comment. I can't stop laughing long enough to come up with a comment that isn't a double entendre.
For years Japan’s leading producers of pornographic movies have been battling to protect their content overseas. In particular they have focused on Taiwan where websites openly sell their videos and TV channels air their content without permission. The studios eventually took legal action, but to no avail. This week prosecutors made the decision not to prosecute any of the alleged pirates, ruling that since pornography is obscene it isn’t worthy of copyright protection.

Who says Math teachers get no respect? Unfortunately, lots of Math teachers...
Jörn Loviscach: The Story Of A German Math Teaching Sensation
Bespectacled, bearded and donning a tweed jacket, Jörn Loviscach speaks with a measured cadence that demonstrates a concern for his students to grasp what he’s saying.
It’s that careful communication style that has helped Loviscach gain nearly 8 million views and more than 16,000 subscribers to his YouTube channel of math instructional videos in German language. He’s also now teaching a Udacity course that challenges thousands of students to use numerical methods to solve real world problems such as rescuing the Apollo 13 astronauts, stopping the spread of epidemics and fighting forest fires.
… A few years ago, Loviscach started recording screencasts of his lectures – that is: the spoken word as audio, plus the computer screen’s content as video – using an old tablet PC notebook that runs Windows. He flipped his classroom, posting the videos to a channel on YouTube and requiring students to watch the lectures he’s recorded before. They can then use more class time for trouble-shooting and problem solving together.
Similar to Sal Khan’s viral experience, other German university and high school students started watching Loviscach’s videos. Before long, his videos were seeing 10,000 view per day, “which is not too much compared to Lady Gaga,“ he quips. “But it’s good for a math channel.“