Saturday, April 06, 2013

Another unencrypted laptop stolen. I try not to report too many of these – but I don't want anyone to think the frequency of laptop theft has dropped either. Or the frequency with which management fails to ensure they are encrypted.
Renee Slandera reports that the William Jennings Bryan Dorn VA Medical Center in Columbia, South Carolina is notifying more than 7,000 patients that a laptop stolen from the Respiratory Therapy Department in February contained their names, dates of birth, and partial Social Security numbers.
Since the laptop was stolen, Dorn officials say all laptops connected to medical devices have been protected.
Why the heck weren’t they already protected before now?
WIS has uploaded a copy of the notification letter, here. It indicates that the laptop was discovered missing on February 11, and may also have included patients’ weight, race, and the results of their respiratory tests.

“It doesn't have to be true, it only has to fool the voters!”
"Rep. Mike Rogers (R-Mich.) should know better. The chairman of the House Intelligence Committee claimed to told NBC News that the Operation Ababil U.S. bank disruption DDoS campaign could be stopped, if only private businesses had unfettered access to top-flight U.S. government threat intelligence. Not coincidentally, Rogers is the author of CISPA (now v2.0), a bill that would provide legal immunity for businesses that share threat data with the government, while allowing intelligence agencies to use it for 'national security' purposes, thus raising the ire of privacy rights groups. Just one problem: Numerous security experts have rubbished Rogers' assertion that threat intelligence would have any effect on banks' ability to defend themselves. The bank disruptions aren't cutting-edge or stealthy. They're just about packets overwhelming targeted sites, despite what Congressionally delivered intelligence [I like that phrase Bob] might suggest."

House to amend CISPA in secret

Now is a good time to ask for more money to “solve the gun problem.”
The ATF Wants ‘Massive’ Online Database to Find Out Who Your Friends Are
The ATF doesn’t just want a huge database to reveal everything about you with a few keywords. It wants one that can find out who you know. And it won’t even try to friend you on Facebook first.
According to a recent solicitation from the Bureau of Alcohol, Tobacco, Firearms and Explosives, the bureau is looking to buy a “massive online data repository system” for its Office of Strategic Intelligence and Information (OSII).
… A follow-up document from the ATF clarifies a few things. The database will not “consolidate multiple databases” the ATF already has access to — like LexisNexis and Thomas Reuters. The bureau is seeking to buy an existing database system and not fund the development of a completely new one.

This is just one reason why I'm proud to be FROM, (as in, far from) New Jersey...
Remember that ridiculous lawsuit by Vernon Township against individuals to whom it had accidentally released employees’ Social Security numbers? There’s an update. Jessica Masulli Reyes reports:
The individuals who received the Social Security numbers of 119 Vernon employees were ordered by a judge to sign certification saying that the confidential information was deleted and not disseminated.
But, in turn, state Superior Court Judge Edward Gannon determined on Friday that Vernon, which filed the suit, must pay all of the individuals’ attorney and court costs, while also creating a township corrective action plan to ensure the release of private information does not happen again.
Read more on the New Jersey Herald. Apparently, the township had a brief shining moment of rational thought after their initial intention to sue for invasion of privacy:
Vernon initially accused the individuals and newspaper of tampering with the document to unveil the hidden columns in the computer spreadsheet, but Kelly later said that this was no longer the case and did not include it in a brief field with the court.
All in all, this is still one of the stupidest lawsuits I’ve seen, and I’ve seen a bunch. The township should have just asked the recipients to delete the files from their drives and sign a certificate saying they had done so. Instead, the town jumped to a heavy-handed approach that may have defamed the hapless recipients of the township’s breach. So now in addition to the costs of offering credit monitoring to the 119 employees whose SSN were disclosed, the town also incurred court costs for itself and the defendants.
Just. Plain. Stupid.

Clearly, “French intelligence” is 'le oxymoron” which will invoke the “effet Streisand.”
"The French domestic intelligence agency DCRI has forced a Wikipedia administrator to delete an article about a local military base. The administrator, who is also the president of Wikimédia France, has been threatened by the agency with immediate reprisals after his initial refusal to comply. Following a discussion on the administrator's noticeboard, the article (which is said to violate a law on the secrecy of the national defense) has been reinstated by a foreign user. Prior to pressuring the admin, DCRI contacted the Wikimedia Foundation (WMF), which refused to remove the article. WMF claimed the article only contained publicly available information, in accordance with Wikipedia's verifiability policy. While the consequences for Wikimedia's community remain unclear, one thing is certain: The military base article – now available in English – will get more public awareness than ever before."

This is typical of the confusion we have in this country over guns. My experience with “wet paper” ammunition was called a 'spitball” and required only an easily concealed straw and a mouthful of paper. It was unlikely to cause an overreaction (school lockdown and the SWAT team) Can't wait to see how bad this could become.
This DIY Cardboard Rifle Can Fire Paper Pellets 75 Feet
Paper pellets make great projectiles — just ask any schoolkid. Paper Shooters, rifles made primarily out of cardboard, can fire those paper pellets up to a distance of 75 feet, lending a degree of professionalism to a pursuit that is usually more of a hobby.
Developed by a team of designers that includes former Nerf engineers, in collaboration with Bang Creations, the Paper Shooters kit comes with all the tools needed to build the working gun. Apart from the plastic firing mechanism, the gun is pretty much all cardboard, and the three varieties — Digital Ops, Golden Touch and Zombie Slayer — look surprisingly realistic (although perhaps only if you’re James Bond in the case of Golden Touch).
The creators have just launched an Indiegogo campaign for $72.000, to satisfy the minimum order number required to begin manufacturing kits in China, and to raise additional funds for further die-cutting tools and molds.
“I’m an entrepreneurial 29-year-old from Manchester who loves designing new products,” said Mike Howarth of Team Paper Shooters by email. “This is my first product — designed initially in my apartment — and has just blossomed from there into a really great piece of kit. This is my first product, although there are lots more to come!”
Each kit contains a plastic firing mechanism and skeleton, layers of cardboard “skin” for the gun that are either glued or clipped on, eight gold shells, 50 pieces of pre-made ammunition, a mold for making new ammunition out of paper (any soft paper will do) and a target in the shape of a zombie’s head.
Howarth said: “The plastic is merely a ‘skeleton’ (minimum amount) as it shoots wet paper ammo that the user makes themselves.” The soft paper pellet ammunition fits into cartridges the shape of real bullets, and creating a cardboard gun that could handle moisture was a particular challenge.
The cartridge casings eject out of the side every time the user reloads, just like a real semiautomatic rifle. Apparently, the pellets have aerodynamic qualities similar to Airsof  rounds (“the accuracy is very good up to 65 feet [20m], then probably drops slightly after that,” says Howarth), so they are actually quite dangerous if not treated with respect. It’s very much for teenagers, not children, with an age guidance of 14-years-old and up. According to Howarth, “the ‘gunsmith experience’ is definitely the main selling point”.
Also, while the kits come predesigned, “users can absolutely print their own card frame as we supply the card template blueprints via email with every kit,” Howarth said.
It’s not quite 3D-printing an actual gun, but it’s a lot safer and a lot more legal.

Meet the 'Crypto Anarchist' Who Wants Everyone to Print Their Own Guns
Just because you have the ability to 3D print guns, doesn't, of course, mean that you have to. But -- law of large numbers -- somebody is going to. And that somebody isn't just going to print their own guns, but they're going to make it their cause, and devote their time and energy to making sure other people can too. That person, in America today, is 25-year-old Cody R. Wilson.
Motherboard's excellent documentary, above, has given us a deep dive into the mind of this person -- his political beliefs, his hopes, the ideologies he seeks to undo. What you see is someone who is deeply engaged in the ideas behind his project; someone who isn't just making, but who sees his creations as political acts, as arguments. He directly says: "We're trying to prove a point."

Tools for my Ethical Hackers.
Wi-Fi Guard is a great little piece of freeware that works on Windows, Mac and Linux with the aim of making your home Wi-Fi connection more secure. It works by detecting currently connected devices and notifying you when new devices show up on your network. This makes it easy to detect if someone else has connected to your wireless without you knowing.

My weekly amusement...
… A new bill proposed in the California state legislature would create a fourth division of the state’s higher education system. According to The Chronicle of Higher Education, it would establish the “New University of California,” “an institution with no faculty and no tuition that, like the University of California, would be governed by a board of 11 trustees and one chancellor.”
… The open-access publishing startup (one of my picks for the best education startups of 2012) announced this week that textbook publisher De Gruyter will offer 100 of its titles on the crowdfunding platform. Books that raise $2100 will be “unglued” — released in a DRM-free digital format under a Creative Commons license.
The Saylor Foundation announced that it’s made agreements with 7 colleges and universities that will offer transfer credits to students who pass exams after taking Saylor’s free online courses. The institutions: Charter Oak State College, The City University of New York (CUNY) Baccalaureate for Unique and Interdisciplinary Studies, Colorado Technical University, Excelsior College, Granite State College, Thomas Edison State College, and the University of Maryland - University College; and the classes are Corporate Communications, Western Political Thought, and Business Law & Ethics.
Arizona Phoenix College math instructor James Sousa has posted some 2,600 video tutorials online, all under a CC BY-NC-SA license. Sousa, who has been teaching math for 15+ years, has posted all the work on YouTube as well as on More details via the Creative Commons blog.

Friday, April 05, 2013

The problem with commanding millions of fanatically loyal followers is not the high ranking ones who know you are bluffing and posturing, it's the low-level ones who don't.
Ex-CIA Analyst Expects North Korea to Attack South Korea Before Tensions End

Yet another case of bad reporting and no editing? ...and really dumb wording of the Press Release?
I’m having one of those “WTH???” moments.
Read this report from Associated Press:
Some state employees and vendors who do business with Alabama are being notified that their personal information was accessed when hackers infiltrated a state computer system.
The state Department of Homeland Security [It never occurred t me that states would create their own, but that is one way to spend Federal grants Bob] announced today that it was making the notifications, but wouldn’t say how many employees or vendors were affected. The department said the hackers accessed personal information such as names, Social Security numbers and taxpayer identification numbers. They didn’t access taxpayer records or tax returns. In mid-September, hackers gained accessed to tax records at South Carolina’s Department of Revenue.
Does the mid-September hack of SCDOR have anything to do with this? If not, why include that there, AP?
Alabama Homeland Security Director Spencer Collier said those affected will be connected with credit monitoring services, and the state will provide a one-year service with an identity theft service company to help detect misuse of personal information.
Department spokeswoman Leah Garner said the department could not release more information because of an ongoing criminal investigation. But she said the department believes the people behind the hacking Jan. 16 do not have a history of maliciously using personal information.
So they know who the hackers are? Were they employees or did they have an employee’s assistance? Have they been arrested? Why would people hack to obtain these data if not to use them maliciously? What does the state believe their motivation was, then?
And is this story related to any other hacking of Alabama state computers previously reported by the media?
The computer system that got hacked is operated by the state Information Services Division.
OK. So now we know there was a hack on January 16 involving the Information Services Division system. And we know what types of data were accessed. But the state’s statement re: the hackers not having a history of using data maliciously in somewhat stunning, and I wish they’d disclosed more about this.
Update: WSFA also covers this case, without the distraction of references to the SCDOR breach.

A HIPPA failure, or much a broader failure that that? Perhaps this guy was having plastic surgery to make himself look like the drivers license photo?
A man is being accused of racking up hundreds of thousands of dollars in medical services while using another person’s identification.
Kenneth A. Marshall, 41, is charged with identity theft, receiving stolen property and obstructing official business.
Marshall allegedly gained possession of a stolen license six years ago in Terre Haute, Ind.
Officials at the Ohio State University Wexner Medical Center discovered that Marshall used the victim’s ID multiple times, according to court documents.
Read more on 10TV.
The Columbus Dispatch reports that the fraudulent use of a South Carolina man’s ID went on for 5 years, and was only detected because the South Carolina man, Michael Weatherford, questioned why he continued to get bills from OSU for services he never received. The report doesn’t indicate when the real Michael Weatherford first contacted OSU about the erroneous bills, and why OSU didn’t catch this problem sooner.

Coming soon to a neighborhood near you...
Presto Vivace writes with this snippet from the New York Times:
"'In the six months since the Domain Awareness System was unveiled, officials of Microsoft, which designed the system with the New York Police Department, said they have been surprised by the response and are actively negotiating with a number of prospective buyers, whom Microsoft declined to identify.' Don't want this in your city? You might want to let your local leadership know how you feel."

...on the other hand.
Karen Gullo reports:
Google Inc (GOOG)., operator of the world’s largest search engine, is challenging a demand by the U.S. government for private user information in a national security probe, according to a court filing.
It “appears” to be the first time a major communications company is pushing back after getting a so-called National Security Letter, said the Electronic Frontier Foundation, an Internet privacy group. The challenge comes three weeks after a federal judge in San Francisco ruled that NSLs, which are issued without a warrant, are unconstitutional.
Read more on Bloomberg. Kim Zetter of Threat Level provides some context and background here.

That's not Niagra Falls, that's thousands of Class Action lawyers salivating...
Jaikumar Vijayan reports:
A federal court in Chicago this week granted class action status to a lawsuit accusing comScore, one of the Internet’s largest user tracking firms, of secretly collecting and selling Social Security numbers, credit card numbers, passwords and other personal data collected from consumer systems.
The court’s decision paves the way for what a lawyer for the two named plaintiffs in the case claimed could be the largest privacy case to ever go to trial in terms of class size and potential damages.
Read more on Computerworld.
[From the article:
ComScore claims that it captures more than 1.5 trillion user-interactions monthly, or roughly 40% of the monthly page views of the Internet.
… ComScore maintains that all of the data it collects is purged of identifying information and personal data before it's sold.
… The court granted class certification with regard to all of the primary claims pertaining to violations of the SCA, ECPA and CFAA he said. Under the SCA and ECPA each class member would be entitled to a maximum of $1,000 in statutory damages, he said.
The judge, however, denied class action status for a third claim relating to unjust enrichment against comScore.

(Related) Even if this fails, expect “copy cat” legislation to break out everwhere.
Antone Gonsalves reports that the California Chamber of Commerce and TechAmerica have squared off against the ACLU of Northern California and EFF over AB 1291, a bill that would give consumers the right to see all the information a company holds about them and to find out what other companies – specifically – the data are shared with.
On Monday, lawmakers amended the bill, introduced in February by Democratic Assemblywoman Bonnie Lowenthal, to increase its chances of getting through the Legislature. To opponents, the changes were not enough.
“TechAmerica has some obvious high-level concerns with the bill,” said Robert Callahan, director of state government affairs for the industry trade group. “In addition to several of its provisions being unworkable from a compliance standpoint for tech companies, the new language specifically states that any violation of the law will constitute injury to consumer, opening the door wide open for abusive lawsuits.
Read more on CSO.
Callahan’s argument could apply to any law that incorporates statutory awards. Of course businesses hate the thought, but it would go far towards addressing the issue that consumers have typically not been able to collect anything despite being harmed by breaches or nonconsensual data-sharing. At least now, they’d get something if a company did not respond in a timely fashion with disclosure of what information the company holds about them and whom they share it with.

We can, therefore we must!
There has been an incredible amount of hype and fear and confusion and excitement surrounding inBloom, a Gates Foundation-funded initiative to build a new data infrastructure for public schools.
… One major fear: more thorough data capture and data processing will result in an unprecedented invasion of student privacy.
InBloom, which had its formal launch at SXSWedu, boasts 9 states (Delaware, Massachusetts, Colorado, Louisiana, New York, Illinois, North Carolina, Georgia, and Kentucky) that will pilot the program. Many companies are on board too, with plans to use and integrate inBloom data. These include Amazon, Clever, Compass Learning, Dell, eScholar, Goalbook, Kickboard, LearnSprout, Promethean, Scholastic, and Schoology (for the complete list of inBloom partners, see here).

Technology that “solves” thousands of crimes but no arrests? Were these crimes matched to the tooth fairy or what?
WFTV reports:
More local police officers are getting a new crime fighting tool. Oviedo just agreed to allow police to tap into facial recognition software developed by the Pinellas County Sheriff’s Office.
The technology allows law enforcement to run photos through a database to help identify crime suspects.
What Oviedo just approved has been put to use in Winter Springs for almost a year.
Read more on WFTV.
[From the article:
The system is somewhat controversial because it allows law enforcement to search through driver's license photos, even if you've never been accused of a crime.
… In all, there are 150 agencies in Florida using the database. It is free for law enforcement agencies. They are just required to go through training.
Channel 9 was told the system has helped solve thousands of crimes, though Winter Springs Police said it hasn't helped them arrest anyone.

Should we label these “Meta-Takedowns” or have studios just learned of the Streisand Effect?”
"Two film studios have asked Google to take down links to messages sent by them requesting the removal of links connected to film piracy. Google receives 20 million 'takedown' requests, officially known as DMCA (Digital Millennium Copyright Act) notices, every month. They are all published online. Recent submissions by Fox and Universal Studios include requests for the removal of previous takedown notices. ... By making the notices available, Google is unintentionally highlighting the location of allegedly pirated material, say some experts. 'It would only take one skilled coder to index the URLs from the DMCA notices in order to create one of the largest pirate search engines available,' [Thanks for the suggestion Bob] wrote Torrent Freak editor Ernesto Van Der Sar on the site."

You rarely see an audit report that says (in essence) “We have no idea what's going on here”
Political Intelligence - Financial Market Value of Government Information Hinges on Materiality and Timing
Companies and individuals use political intelligence to understand the potential effects of legislative and executive branch actions on business, finance, and other decisions. The STOCK Act of 2012 directed GAO to report to Congress on the role of political intelligence in the financial markets.

Could be fun, if they allow it.
BitTorrent Site IsoHunt Demands Jury Trial
… A three-judge panel of the 9th U.S. Circuit Court of Appeals ruled against Gary Fung and said the Motion Picture Association of America automatically won on the merits of the case, without a trial. The decision marked the first time a federal appeals court had ruled against a BitTorrent search engine.
“Fung submits that, in a serious miscarriage of justice in a landmark case, he has been wrongfully denied trial by jury and found liable by judges on disputed facts through application of erroneous legal standards,” Fung’s attorney, Ira Rothken, wrote the 9th U.S. Circuit Court of Appeals late Wednesday. In a bid to acquire a jury trial, Rothken asked the appeals court to rehear the case with a larger panel of judges, in what is known as an en banc panel.
… Rothken demanded a trial, saying Fung’s activities are no different than Google, for example, which also hosts links to infringing material.
“No infringing materials touch Fung’s websites; he has no capacity to investigate or to police the internet,” Rothken wrote.

For my Statistics students...
"R, a popular software environment for statistical computing and graphics, version 3.0.0 codename "Masked Marvel" was released. From the announcement: 'Major R releases have not previously marked great landslides in terms of new features. Rather, they represent that the codebase has developed to a new level of maturity. This is not going to be an exception to the rule. Version 3.0.0, as of this writing, contains only [one] really major new feature: The inclusion of long vectors (containing more than 2^31-1 elements!). More changes are likely to make it into the final release, but the main reason for having it as a new major release is that R over the last 8.5 years has reached a new level: we now have 64 bit support on all platforms, support for parallel processing, the Matrix package, and much more.'"

For all my students?
Essay-Grading Software Offers Professors a Break
EdX, the nonprofit enterprise founded by Harvard and the Massachusetts Institute of Technology to offer courses on the Internet, has just introduced such a system and will make its automated software available free on the Web to any institution that wants to use it. The software uses artificial intelligence to grade student essays and short written answers, freeing professors for other tasks.
… Anant Agarwal, an electrical engineer who is president of EdX, predicted that the instant-grading software would be a useful pedagogical tool, enabling students to take tests and write essays over and over and improve the quality of their answers. He said the technology would offer distinct advantages over the traditional classroom system, where students often wait days or weeks for grades.

Thursday, April 04, 2013

They're small breaches, but they seem to be poping up everywhere...
Yet another Florida medical facility is notifying patients that their information was compromised by an insider who provided their details to others for a tax refund fraud scheme.
According to multiple media sources, the University of Florida is notifying 14,339 patients of the UF&Shands Family Medicine at Main practice that they may have become victims of ID theft. UF learned that an employee may have been acquiring and providing patients’ insurance information, including names, addresses, dates of birth and Social Security numbers, to a third party.
The breach was disclosed in a press release today, and may impact anyone who was a patient between March 2009 and October 2012. UF was informed of the breach by law enforcement on October 25, but disclosure to patients was delayed at the request of law enforcement so as not to interfere with the criminal investigation.

April 03, 2013
FireEye Advanced Threat Report – 2H 2012
"This report provides a detailed, current look at the nature of advanced threats targeting organizations today. Drawing on data gathered by FireEye® from several thousands of appliances at customer sites around the world, across 89 million events, this report provides an overview of the current threat landscape, evolving advanced persistent threat (APT) tactics, and the level of infiltration seen in organizations' networks today. Key findings include:
  • On average, a malware event occurs at a single organization once every three minutes. Malware activity has become so pervasive and attacks so successful at penetrating legacy defenses—network firewalls, Intrusion Prevention Systems (IPS), and anti-virus (AV), that once every three minutes organizations on average will experience a malicious e-mail file attachment or web link, as well as malware communication—or callback—to a command and control (CnC) server. Across industries, the rate of malware activity varies, with technology experiencing the highest volume with about one event per minute."

Interesting, if somewhat confusing. They appear to be saying they can't grab the encrypted messages AND they couldn't read them even if they could. If there is no way to identify an iMessage, how does it find its way to the recipient? The Internet needs a clear (unencrypted) address to properly route the message.
Apple's iMessage encryption trips up feds' surveillance
Encryption used in Apple's iMessage chat service has stymied attempts by federal drug enforcement agents to eavesdrop on suspects' conversations, an internal government document reveals.
An internal Drug Enforcement Administration document seen by CNET discusses a February 2013 criminal investigation and warns that because of the use of encryption, "it is impossible to intercept iMessages between two Apple devices" even with a court order approved by a federal judge.

Action without thought (AKA: Ready, Fire!, Aim) is what the University is supposed to teach us NOT to do. Scandal driven policy is never as valuable as policy that avoids scandal in the first place.
Jaikumar Vijayan reports that Harvard University will be reviewing and revamping its email privacy policies after a recent controversial search of 16 deans’ email to identify the source of a leak turned out to be more extensive than they had originally claimed:
At Tuesday’s meeting, Harvard Dean Evelyn Hammond noted that two additional searches had taken place that were not previously disclosed. After the initial search identified the resident dean responsible for forwarding the email, Hammond said she authorized another search to look specifically for correspondence between that individual and two student reporters from the Crimson.
In addition, Hammond said she also authorized a search of the same dean’s personal email account for correspondence with the reporters
Read more on Computerworld.

"A bill amendment proposed Tuesday could allow employers to ask for a worker's Facebook or other social media password during company investigations. [Keeping it vague? Bob] The provision was proposed for a bill that safeguards social network passwords of workers and job applicants. The measure bars employers from asking for social media credentials during job interviews. The amendment says that an employer conducting an investigation may require or demand access to a personal account if an employee or prospective employee has allegations of work-place misconduct or giving away an employer's proprietary information. The amendment would require an investigation to ensure compliance with applicable laws or regulatory requirements."
[From the article:
Under the amendment, employees would be present when their social network profiles are searched and whatever information found is kept confidential, unless it is relevant to a criminal investigation.
"Rather than just referring everything to law enforcement, we have the opportunity to work with the employee and to investigate," said Denny Eliason, who is representing the banking industry.

This could be very impolrtant, but I'd be surprised if the big audit firms didn't have the tools for this already.
Interview: Voting-Machine Hacker Tackles Your Next TSA Pat-Down
… But Felten’s latest project may be his most ambitious yet. He’s investigating what he calls “accountable algorithms.” Felten and his Princeton team are trying to develop ways to test that the computerized algorithms that loom so large over our daily lives. Take, for example, the algorithm the TSA uses to select travelers for extra security checks. Felten wants to develop a way to check that these algorithms are fair.

“We're Google! We're larger than France.”
April 03, 2013
EPIC: EU Takes Action Against Google for Privacy Policy Meltdown
EPIC: "Data protection agencies in six European countries have announced enforcement actions against Google. The agencies acted after Google ignored recommendations to comply with European data protection law. "It is now up to each national data protection authority to carry out further investigations according to the provisions of its national law transposing European legislation," the French data protection authority said. The enforcement action follows from Google's March 2012 decision to combine user data across 60 Internet services to create detailed profiles on Internet users. Last year, EPIC sued the Federal Trade Commission to force the FTC to enforce the terms of a settlement with Google that would have prohibited Google's changes in business practices. Google's revised privacy policies also prompted objections from state attorneys general, members of Congress, and IT managers in the government and private sectors. For more information, see EPIC: Google Buzz and EPIC: Enforcement of Google Consent Order."

Virtual everything?
Start an Online Store With No Skills, No Stuff — And Now No Money
The idea seems so obvious once it occurs to you: Why don’t I make a comfortable passive income selling things online? Why, I could even do that kind of work from the comfort of my own home!
After all, starting an online store today has become simpler than ever. You don’t need to build a website or an online shopping cart yourself — a cloud-based company such as BigCommerce can handle that for you. Marketing? Try Google AdWords. Selling? Through Amazon and eBay, I can reach hundreds of millions of customers with a click.
OK, I’ve got all the computer stuff covered. But what about the stuff stuff? Don’t worry! A plug-and-play third-party logistics provider such as ShipWire will store your inventory in its own warehouses, connect with the least expensive parcel carriers and send your customers’ packages on their way. Don’t have anything to sell? Not a problem! Just decide what you want to sell, connect with a drop shipper who takes on all the inventory risk and costs for you and start stumping for clicks!

Video tools
YouTube doesn’t expose some in-demand features on its website – including playing videos on repeat, downloading them, automatically enabling HD mode, and more. You can do all these things, but you’ll need to know these URL hacks.
Repeat YouTube Videos
You can use a variety of websites to repeat a YouTube video, such as To repeat any YouTube video, go to the address bar, change the part of the web page address to, and the video will load on the YouTube Repeater website, repeating itself every time the video ends. You can even use the website to specify a custom stop and start time, just in case you only want to repeat specific parts of the video.
Link Directly To Times In a Video
To link directly to a time in a video, simply add &t=#m#s to the end of the URL, where the first # is a minute and the second # is a second. For example, to link to the 2:30 point in a video, you’d add &t=2m30s to the end of the video’s address.
If you don’t want to remember this trick, you can always use Provide a video address, minute, and second, and it will create the link for you.
Download YouTube Videos
To download a YouTube video, you’ll need to use a third-party website. One convenient one is, which gives you links to easily download YouTube videos. While viewing any video on Youtube, change the part of the URL in your address bar to and the video will open on and give you download options. You can download the video as an FLV, MP4, or even MP3 audio file.
Automatically Play Videos in HD Quality
To automatically play videos back in HD mode, you can install a browser extension. Whenever you start watching a video, the browser extension will do the dirty work, automatically enabling your preferred HD video quality setting for you. Chrome users can use Auto HD for YouTube, while Firefox users can use the YouTube High Definition browser extension.
Create Video Mashups
To do this, use YouTube Doubler at Enter the addresses of two YouTube videos on the box at the bottom of the page.

Dilbert finally agrees that we need someone to dictate Internet Manners!

Wednesday, April 03, 2013

“It's for their own good! Except of course when it causes great harm, but we have agreed that doesn't matter...”
Project Inform, an HIV and hepatitis advocacy and education group has published recommendations drafted by a diverse group of advocates and public health professionals guiding the use of laboratory data collected by public health surveillance agencies to link and retain people with HIV in health care. These recommendations were developed at a Think Tank held by Project Inform November 6 and 7 in San Francisco.
“The CDC has confirmed that only about half of all people with HIV are in consistent care in the United States.
… For several years now a majority of states and U.S. territories have mandated that labs report the results of CD4 and viral load tests to public health departments. Put in place originally to monitor the health of people living with HIV, in more recent years public health departments have used the data to identify people with HIV who were never linked to care or who have fallen out of care, and then reach out to those individuals directly or through a provider.
Such activities are not without controversy or risks to the person being contacted.
… “The risks of harm to individuals from improper use of HIV information can indeed be very real, especially in states with punitive laws related to HIV status disclosure,” said Walt Senterfitt, a Think Tank attendee and long time activist, public health epidemiologist and ethicist. “The group decided, however, that there is a potentially much greater harm in not doing everything possible to ensure access to treatment, care and support of those with HIV who are marginalized by the system.
… The report may be found online at:

(Related) Not sure the “group” in the previous article ever saw these. Certainly not “Principle # 3.
Patients decide if they want to participate.
Patient Privacy Rights (PPR) is pleased to announce the publication of its Privacy Trust Framework©, a set of 75+ auditable criteria based on 15 key privacy principles. The framework enables objective measurement of how well health IT, platforms, applications, electronic systems, and research projects protect data privacy and ensure patient control over the collection, use, and disclosure of their health data. The published paper outlining the principles and standards set forth in the Trust Framework© is available in the Social Science Research Network library [ ] and on PPR’s website [ ].
The copyrighted Trust Framework© was developed by the bipartisan Coalition for Patient Privacy, in concert with Microsoft and PricewaterhouseCoopers (PwC). The Framework© was developed, tested, and validated on HealthVault over an 18 month period. It is grounded in Americans’ longstanding civil, human, and ethical rights to health information privacy and enables identification of health IT systems and products that comply with the 15 ‘gold standard’ privacy principles established by the bipartisan Coalition for Patient Privacy.
The Framework© benefits patients by allowing them to easily see and compare which systems, applications, platforms, websites, and research projects are worthy of their trust. At the same time, companies and organizations will benefit as citizens reward them by participating in systems and using applications that distinguish themselves as trustworthy.
The Trust Framework© [ ] can also play an integral role in building a vibrant, trusted research ecosystem. Individuals are more willing to participate in research when they know they control the use and further disclosure of personal health information and can choose which research projects they want to participate in. The Trust Framework© offers research organizations and institutions the opportunity to demonstrate their commitment to informed consent and strong data security and privacy protections. The Framework can also be used for research about consent and factors that influence trust and data donation for research.

An interesting school of thought: limiting the number of possible passwords results in greater security.
WTF? AT&T’s profane-password ban lets some swears through
No, it's not an April Fool's prank. AT&T really is forbidding passwords that contain obscene language. Or at least that's what the company's password reset page says.

This could be truly expensive... Imagine that I ask Company A if they have data on me. They don't and they tell me so. Next month I ask again. Now they have to tell me that they had my name and address from my earlier inquiry (otherwise, how did I get their previous denial letter?) This will revitalize the Postal Service (unless everyone uses e-mail)
Rainey Reitman writes:
… A new proposal in California, supported by a diverse coalition including EFF and the ACLU of Northern California, is fighting to bring transparency and access to the seedy underbelly of digital data exchanges. The Right to Know Act (AB 1291) would require a company to give users access to the personal data the company has stored on themas well as a list of all the other companies with whom that original company has shared the users’ personal data—when a user requests it. It would cover California residents and would apply to both offline and online companies. If you live in California, click here to support this bill.
Read more on EFF.

I read this as, “You can let the Feds run it or you can run it and let the Feds pay for it.” I see that as similar to Mao's “Let 1,000 flowers bloom.”
Real State Power Means Getting in the Obamacare Game
After a hard-fought legislative battle and a Supreme Court challenge, the fight over Obamacare now rages at the state level, as states decide whether to run their own health-care exchanges under the auspices of the Affordable Care Act (ACA).
Over half of the states have refused to set up their own health exchanges; most of those have also rejected the Act's Medicaid expansion. Politics are obviously at work here, as Republicans seek to block Obama's agenda. But there are principles at stake as well. Texas governor Rick Perry calls Obamacare a "brazen intrusion into the sovereignty of our state." He and other governors believe that boycotting the program is the right way to protect state power.
That is a mistake. In fact, the governors have it precisely backwards. If they care about state power or have doubts about Obamacare, they shouldn't be sitting on the sidelines by boycotting — they should be suiting up and getting in the game. The reality is that they would have much more power, and influence over the shape of the program, by administering it under a flexible federal law.
A few Republican governors have recently figured out why it's worth playing ball with the federal executive. When Florida's Rick Scott and New Jersey's Chris Christie did an about face on the new Medicaid expansion last month, they were granted immense discretion to run their programs as they saw fit. Arkansas Governor Mike Beebe cut an even better deal. He agreed to expand health care to his state's poor not through more Medicaid but through a bigger private health insurance exchange, with the feds picking up 100% of the tab. As Beebe put it, "basically [HHS] agreed to give us about everything that we've asked for."

So you could Tweet, “Google wants to buy us,” but only if you had already told your investors that you might be Tweeting newsworth stuff they should be looking for...
April 02, 2013
SEC Says Social Media OK for Company Announcements if Investors Are Alerted
"The Securities and Exchange Commission today issued a report that makes clear that companies can use social media outlets like Facebook and Twitter to announce key information in compliance with Regulation Fair Disclosure (Regulation FD) so long as investors have been alerted about which social media will be used to disseminate such information. The SEC’s report of investigation confirms that Regulation FD applies to social media and other emerging means of communication used by public companies the same way it applies to company websites. The SEC issued guidance in 2008 clarifying that websites can serve as an effective means for disseminating information to investors if they’ve been made aware that’s where to look for it. Today’s report clarifies that company communications made through social media channels could constitute selective disclosures and, therefore, require careful Regulation FD analysis."

Einstein would be confused. Since space-time was “discovered,” a time-shift is automatically a location-shift. So why don't two legal technologies (TV antenna and Internet) also add up to legal?
"While Redigi is illegal, Aereo, the service that allows users to time-shift over-the-air TV programming, isn't. 'We conclude that Aereo's transmissions of unique copies of broadcast television programs created at its users' requests and transmitted while the programs are still airing on broadcast television are not 'public performances' of the plaintiffs' copyrighted works,' said the ruling (PDF). Of course, both decisions are going to be appealed. 'The outcome also answers the question, at least momentarily, of whether online television would be controlled by a stodgy industry that once shunned the VCR, or whether third-party innovators embracing technological advances have a chance to build on the openness of public airwaves. ... Aereo’s technological setup, the court found, basically allows it to do what cable companies could not: retransmit broadcast airwaves without paying licensing fees. In short, the Aereo service is as legal as somebody putting an antenna on top of their house to capture broadcast signals. The court said Aereo “provides the functionality of three devices: a standard TV antenna, a DVR, and a Slingbox” device. “Each of these devices is legal, so it stands to reason that a service that combines them is also legal. Only in the world of copyright maximalists do people need to get special permission to watch over-the-air television with an antenna,” said John Bergmayer, an attorney with the digital-rights group Public Knowledge. “Just because ‘the internet’ is involved doesn’t change this."'"

This is important, because I wouldn't want to say, “KaBoom!” when I should be saying, “KaBlooie!”
April 02, 2013
Department of Defense Dictionary of Military and Associated Terms
Department of Defense Dictionary of Military and Associated Terms, 8 November 2010 (As Amended Through 15 March 2013)
1. "Scope - The Joint Publication 1-02, Department of Defense Dictionary of Military and Associated Terms sets forth standard US military and associated terminology to encompass the joint activity of the Armed Forces of the United States. These military and associated terms, together with their definitions, constitute approved Department of Defense (DOD) terminology for general use by all DOD components.
2. Purpose = This publication supplements standard English-language dictionaries and standardizes military and associated terminology to improve communication and mutualunderstanding within DOD, with other federal agencies, and among the United States and its allies..."

Tuesday, April 02, 2013

For those who think everything on my Blog is the truth, I give you, the April Fool – me. ...but, it seemed so right! real! French!
Newspapers, Delivered by Drone

Should be interesting...
ID Theft Case Uncovers New Snooping Gizmo
… Rigmaiden was arrested in August 2008 and a "plethora of evidence" was found in his apartment and on his computer, the government says.
Rigmaiden's attorneys filed a motion to suppress evidence the government found by using the stingray to pinpoint his location. The ACLU and the Electronic Frontier Foundation filed an amicus brief supporting his position.
"The government cannot obtain judicial approval for a search using sophisticated, uniquely invasive technology that it never explained to the magistrate," the amicus brief states.
The application for a search warrant filed with the judge failed to "apprise the magistrate that it intended to use a stingray, what the device is, and how it works, [and] it prevented the judge from exercising his constitutional function of ensuring that warrants are not overly intrusive and all aspects of the search are supported by probable cause," according to the amicus brief.
It adds: "The Application and Affidavit indicated only that the government sought to obtain information from Verizon, not that the government sought to engage in its own search of Mr. Rigmaiden's home.
… In its response to the motion to suppress, Uncle Sam wrote that there was no "intentional misconduct" by agents who "were using a relatively new technology, and they faced a lack of legal precedent regarding the proper form of a warrant to obtain the location information they sought."

April 01, 2013
Court Rules for EPIC, Denies FBI Request for Delay in StingRay Case
"A federal judge in Washington, DC today issued an Opinion denying the FBI's motion to delay the release of records sought under the Freedom of Information Act. The decision follows from a lawsuit filed by EPIC against the FBI for records about the agency's use of cell-site simulator technology, commonly referred to as "StingRay." These devices track cell phones and collect a vast amount of data from telephone customers. The Court found that the FBI was not facing the "exceptional circumstances" necessary to justify its proposed two-year delay. The Court ordered the agency to produce all records, except those subject to classification review, by August 1, 2013. For more information, see EPIC v. FBI - StingRay."

I know the Privacy Foundation is always looking for interesting speakers. I'll put in a good word for ya.
Kashmir Hill reports:
When Alma Whitten was tapped to be Google‘s first director of privacy in 2010, CNet declared hers the “hardest job at Google.” A long time engineer at the company with expertise in computer security, she was put in charge of a program overseeing products in development at Google to try to prevent the release of those that got privacy wrong.
Now she’s giving that job up.
Read more on Forbes.
[From the article:
Whitten, who has been overseeing privacy at Google from the company’s London office, will be replaced by Lawrence You, an engineer who has been with the company for eight years, and importantly, at least from my perspective, is based in Mountain View, where much of the privacy-violating magic happens

I suppose we will need one eventually.
April 01, 2013
Toward an International Law of the Internet
Toward an International Law of the Internet, Molly Land, New York Law School, November 19, 2012, Harvard International Law Journal, Vol. 54, 2013 (Forthcoming) via SSRN.
  • "This Article presents the first and only analysis of Article 19 of the International Covenant on Civil and Political Rights as it applies to new technologies and uses this analysis to develop the foundation for an “international law of the Internet.” Although Article 19 does not guarantee a right to the “Internet” per se, it explicitly protects the technologies of connection and access to information, and it limits states’ ability to burden content originating abroad. The principles derived from Article 19 provide an important normative reorientation on individual rights for both domestic and international Internet governance debates. Article 19’s guarantee of a right to the technologies of connection also fills a critical gap in human rights law. [Not sure I like this part Bob] Protecting technology allows advocates to intervene in discussions about technological design that affect, but do not themselves violate, international human rights law. Failure to attend to these choices — to weigh in, ahead of time, on the human rights implications of software code, architecture design, and technological standards — can have significant consequences for human rights that may not be easily undone after the fact."

One nice thing about the “legal bidness,” even when an argument is dead (Supreme Court stake through the heart) you can always restart the argument. Think of it as Zombie Law!
Reselling Digital Goods Is Copyright Infringement, Judge Rules
A federal judge is declaring as unlawful a one-of-a-kind website enabling the online sale of pre-owned digital music files.
ReDigi, which opened in late 2011, provides a platform to buy and sell used MP3s that were once purchased lawfully through iTunes.
The case weighed the so-called first-sale doctrine, the legal theory that people in lawful possession of copyright material have the right to resell it. U.S. District Judge Richard Sullivan, ruling in a suit brought by Vivendi’s Capitol Records, said the doctrine did not apply to digital goods.
Saturday’s decision (.pdf) comes as online retailers such as Amazon and even Apple have patented platforms for the reselling of used digital goods such as books, music, videos and apps. Judge Sullivan’s ruling, if it withstands appellate scrutiny, likely means used digital sales venues must first acquire the permission of rights holders. ['cause selling it to you doesn't mean the rights holder actually sold it... (Huh?) Bob]
“The novel question presented in this action is whether a digital music file, lawfully made and purchased, may be resold by its owner through ReDigi under the first sale doctrine. The court determines that it cannot,” the judge ruled.
The reason, the judge ruled, is because copying, or an illegal “reproduction” of a music file, takes place, despite ReDigi’s claims to the contrary. [All “copying” is illegal. I read that in the RIAA's brief... Bob]

For my Website students...
If you are planning on building a new website today, it would be wise to start learning the best HTML5 practices to future-proof your website. HTML5 Boilerplate is a collection of front end template that you can use to create and set up websites. The great thing about HTML5 Boilerplate is that you can just select the bits and pieces that you only want to integrate in your project.
To use the HTML5 Boilerplate, simply download the zip file which contains all the basic files you need when making and designing websites (HTML, CSS and JavaScript templates). Just extract the contents of the file and start using them as the template for your website project. Some of the modern features that are already incorporated into the HTML5 Boilerplate include cross-browser compatibility, mobile browser optimizations, jQuery and Modernizr libraries, Normalize.css, and many more.
Similar tools: Eenox and Swiffy.

For my students who haven't done it yet...
You may have noticed that I have a thing for online résumé creators. In the past, I’ve looked at SlashCV – a simple tool for creating PDF résumés – and, which is more like an online portfolio of your past work and your online presence.
… Presenting: Répresent. In the spirit of minimalism and doing one thing well, Répresent is a super-simple Web app that is going to help you build a slick online résumé. No, it’s not going write it for you, it’s not that sophisticated, but its nice interface makes a tough job suddenly seem a whole lot easier
… There are 6 parts to create your Répresent résumé: About, Experience, Education, Skills, Contact, and Design. You don’t necessarily have to complete them in this order – you can jump back and forth until you’ve included all the important details.
… If you’re looking for an easy way to create a classic and solid online résumé builder, Répresent is an excellent option. There are no bells and whistles here, but it sure beats creating your own PDF document, and is also easier to share.
If you’re using LinkedIn, however, Répresent might not be the best option for you. In this case, you should check out these 2 tools to turn your LinkedIn profile into a neat-looking résumé.

For my students who write, so they can write right.
Grammar Base
Grammar Base is a simple to use web based grammar and plagiarism checker. This site is no-frills, but has a seemingly smart grammar check that goes deeper than some of the built in word processing programs we have come to know and love. Students can access this site from anywhere in order to check their writing for appropriate structure, syntax, and citation.

For my entrepreneurial students, maybe. I have friends in most large TV markets. Perhaps a “Content Collectors Club” that swaps content for free, paying only an “infrastructure maintanence fee” to my not-for-profit? Start the whole thing on KickStarter?
Cord-Cutters Rejoice: Streaming Broadcast TV Wins Big in Court
A divided federal appeals court, ruling 2-1 Monday, declined to block a unique, antenna-based subscription service that enables the streaming of broadcast television to any internet-enabled device.
NBC, ABC, CBS, PBS, Fox and others sued Aereo, a subscription service that went live in New York last year and is expanding to other markets. The suit claimed that the upstart, backed by media mogul Barry Diller, had failed to acquire licenses from the networks who deliver their broadcasts over the air.
Broadcasters claimed the redistribution of the material, without a license, infringed their copyrights because it amounted to Aereo briefly buffering or copying the broadcast and “facilitating” a public performance without permission.
“We conclude that Aereo’s transmissions of unique copies of broadcast television programs created at its users’ requests and transmitted while the programs are still airing on broadcast television are not ‘public performances’ of the plaintiffs’ copyrighted works,” wrote Judge Christopher Droney of the New York-based 2nd U.S. Circuit Court of Appeals. He was joined by Judge John Gleeson.
The case is being closely watched as many suspect it could shape the manner and method by which people watch television in the future.