Saturday, December 20, 2014

Oh, we’ve changed our minds again, have we? 
FBI Officially Fingers North Korea As Source Of Sony Breach
At first, the Federal Bureau of Investigation (FBI) wasn’t so certain that North Korea was the responsible party for the massive cyberattack on Sony.  Earlier this month, FBI cyber division assistant director Joe Demarest simply stated, “There is no attribution to North Korea at this point.” 
Today, however, there is no doubt that North Korea was behind the attack.
   The FBI released a statement this afternoon concluding that it "now has enough information to conclude that the North Korean government is responsible for these actions.” 
   While Sony will have to deal with the aftermath of the hack and the controversy surrounding its decision to cancel the film in the days, weeks, and months to come, the FBI is at least letting American corporations know that it has their backs should such an incident occur in the future. 
“The FBI stands ready to assist any U.S. company that is the victim of a destructive cyber attack or breach of confidential business information,” the FBI added.  “Working together, the FBI will identify, pursue, and impose costs and consequences on individuals, groups, or nation states [A new role for the FBI?  Bob] who use cyber means to threaten the United States or U.S. interests.”

(Related)  But we don’t seem to stick to the FBI’s “official” version.  Probably no Chinese sanctions. 
Sony hack: China may have helped North Korea, US states
China may have helped North Korea carry out the hacking attack on Sony Pictures, a US official has told Reuters.  
The official, who spoke on condition of anonymity, said the conclusion of the US investigation was to be announced later by federal authorities.  
The Chinese embassy in Washington later stated that China does not support "cyber illegalities".  

(Related)  Perhaps we should take them up on their offer, since we don't seem to know what we're doing.  Actually, it might be a great opportunity to learn what they are capable of – but I doubt they'd actually do it. 
North Korea Seeks Joint Investigation Into Sony Hack With U.S.
North Korea’s government said it had nothing to do with the hacking of Sony Corp.’s computer systems and called on the U.S. to hold a joint investigation into the incident. 
North Korea can prove its innocence and warned of “grave consequences” if the U.S. fails to take up its offer, the country’s foreign ministry said in an e-mailed statement today cited by the state-run Korea Central News Agency.  “As the U.S. is spreading groundless allegations and slandering us, we propose a joint investigation,” the ministry said.  

Just in case you thought we learned anything from Sony…  Don’t release any information during peak shopping season.  Upgrade your security after the hack (Add this expense to the cost of the hack, making it an “Extraordinary Item” on the Annual Report?)  DO NOT mention the T J Hooper or any “duty to use technology to reduce risk.” 
Staples hack exposes 1.2 million credit cards
After a two-month wait, Staples on Friday evening announced hackers broke into its computers and stole data on 1.16 million shoppers' credit cards and debit cards. 
Staples first announced it was investigating a potential data breach in the Northeast in October.  Staples released details of its investigation on Friday, just as the holiday shopping season comes to a close.  
The breach affects those who shopped at a small fraction of Staples (SPLS) stores nationwide between July 20 and Sept. 16 this year.  Cybercriminals now know a shopper's name, card number, its expiration date and card verification code.
The breach affected 115 of the company's approximately 1,400 office supply stores in the United States.  A web page has been set up noting which stores were affected.  
   Staples is also offering free identity protection, identity theft insurance and a free credit report.  
That might be a good public relations move for the company, but in reality, it's useless gesture.  It doesn't take the valuable stolen data out of criminal's hands.  Criminals now know your name and bank, which is useful information when paired with other personal data available on the black market.   
Staples apology is a familiar template for any company that loses your data: "Staples is committed to protecting customer data and... has taken steps to enhance the security of its point-of-sale systems, including the use of new encryption tools."
It's unclear why Staples hadn't installed these protections sooner, given that the Target hack in late 2013 was a wake-up call for the retail industry.  
Staples now joins the lengthy list of companies whose payment systems were attacked by hackers in the past 12 months: Albertson's, Home Depot (HD), Michaels (MIK), Neiman Marcus, P.F. Chang's, Target (TGT)and SuperValu (SVU).

For your Computer Security manager: This is (probably) what breached Sony.  Can you afford to ignore it?  If you said “Yes,” pretend you are on the witness stand and explain it to the jury.   
Indicators of Compromise for Malware Used by Sony Hackers
Just hours after the FBI and President Obama called out North Korea as being responsible for the destructive cyber attack against Sony Pictures, US-CERT issued an alert, describing the primary malware used by the attackers, along with indicators of compromise.
While not mentioning Sony by name in its advisory, instead referring to the victim as a “major entertainment company,” US-CERT said that the attackers used a Server Message Block (SMB) Worm Tool to conduct the attacks. 
According to the advisory, the SMB Worm Tool is equipped with five componments, including a Listening Implant, Lightweight Backdoor, Proxy Tool, Destructive Hard Drive Tool, and Destructive Target Cleaning Tool. 

This also has ties to the Sony breach.  Did the MPAA induce the Mississippi AG to file this subpoena?  (If not, why the quick back-down?) 
Google lawsuit forces MPAA-backed attorney general to retreat
Remember that post Google put up this week that accused the MPAA of trying to resurrect the spirit of SOPA with the help of state prosecutors (that included evidence based on some of Sony Pictures' leaked emails)?  It just turned into a lawsuit -- and it's already having an affect.  The search giant has updated the page to explain that it's asking federal courts to dismiss a subpoena Attorney General Jim Hood sent to Google back in October.  That 72-page document asserted that he believed that Google has violated the Mississippi Consumer Protection Act, and had failed to take actions to prevent crimes committed by using its services.  Now that Google is suing, Hood made a statement via the New York Times, calling for a "time out" and saying he will call the company to "negotiate a peaceful resolution of the issues affecting consumers." 

Perspective.  Would this apply to Big Brother too? 
Because of HIPAA constraints, I can’t provide a lot of details, but when a teenaged patient was in my office with a parent, the teen complained that the parent had required the teen to download an app that enabled the parent to track the teen. 
“What do you think about parents tracking teens that way?” my patient asked me in front of the parent. 
“I think it’s an invasion of privacy,” I immediately answered. 
The teen’s parent was very unhappy with that answer, but I stand by it.  If you can’t trust your teen to tell you the truth about where they’re going, then you have a problem that a tracking app will not solve. 
And if your justification is that you’re worried about their safety, then is your anxiety their problem or your problem?  I’ve often heard parents say, “Well, I wouldn’t let them go out if I didn’t have the peace of mind from knowing that I can tell where they are.”  So wait: you would keep your teen a prisoner in their home because you’re worried?  Seriously?  Unless your teen poses a threat to themselves or others, do you really want to convey that you don’t trust them?  Even though they’ll be moving out or going off to college in a year or two?  Will they suddenly become responsible then?  Will the world suddenly become a safer place? 
What are you teaching them now? 
There are alternative ways to communicate with your teen and to develop trust.  Start when they’re young and build a relationship with them whereby they know they need to call you and let you know where they will be – and that they need to be there or call you in advance if they are about to change their plans/location.  My kids learned early on to be responsible about letting me know where they’d be, and in turn, I almost never told them that they couldn’t go somewhere.  I got peace of mind from our arrangement.  What they got was a sense of responsibility and the absence of guilt most of their friends who lied to their parents had. 
It really isn’t that difficult, folks.  Don’t rely on privacy-invasive technology as a substitute for good communication and parent/child relationships. 

At least they didn’t call it “The Matrix.” 
Orin Kerr writes:
Regular readers will recall the mosaic theory of the Fourth Amendmentintroduced by the DC Circuit in United States v. Maynard, by which law enforcement steps that aren’t searches in isolation can become searches when aggregated over time.  For the most part, judges have been pretty skeptical of the mosaic theory.  For example, in the recent oral argument in the Fourth Circuit in United States v. Graham, on whether the Fourth Amendment protects historical cell-site data, the mosaic arguments didn’t gain a lot of traction for the defense. 
In this post, however, I want to focus on two recent federal district court decisions that cut against this trend and adopted the mosaic theory. 
Read more on WaPo Volokh Conspiracy.

“Papers, Citizen!  Without papers, you don’t exist in the eyes of your government.” 
Beginning in 2015, many federal facilities will require a “Real ID” for entry where identification is required.  Several states have opted out of the Real ID Act, a federal mandate to modify the design of state drivers licenses, raising questions about the ability of people in those states to access federal buildings and board commercial aircraft.  EPIC, supported by a broad coalition, opposed the Real ID regulations, arguing that many of the required identification techniques, such as facial recognition and RFID tags, compromise privacy and enable surveillance.  EPIC, joined by technical experts and legal scholars, also provided detailed comments to the Department of Homeland Security about the program and later issued a L6[report:  “REAL ID Implementation Review: Few Benefits, Staggering Costs” (May 2008).  For more information see:  EPIC: National ID and the Real ID Act.

I see business opportunities here. 
Feds make path for Internet television
   Specifically, the rules would give companies operating over the Web or any other method of communication the same rights to buy rights to TV programming that companies such as Comcast and DirecTV currently enjoy. 

I’ll use the first one with my students. 
Strategic Humor: Cartoons from the January-February 2015 Issue

Never fails to amuse me. 
   According to an Inspector General audit of how it handles student loans, the Department of Education lacks “a coordinated plan for preventing borrowers from defaulting.”  [Imagine that  Bob] 
   Oh look. LAUSD students can start to take their iPads home.  I’m struck by this comment about the students getting their devices home safely: “School Police Chief Jose Santome estimated it would take 80 more officers to scale up the patrols to the district’s 800 campuses.” 
   The Class of 2015 – the writers whose work will enter the public domain * next year. (* Except in the US, where nothing will enter the public domain.) 

Friday, December 19, 2014

There has never been a security breach like Sony.
Still no credible information. That means the press gets to speculate like mad.
Are we a nation of over-reacting, “ready, fire, aim,” “We don't need no stinking logic!” wimps? Judge for yourself.
(What would happen if this eventually got traced back to my Ethical Hacking class? After I flunked them for getting caught.)
US: Sony Cyberattack is ‘Serious’ National Security Matter
U.S. officials are treating a cyberattack on Sony Pictures as a "serious national security matter," with the National Security Council considering a proportionate response, the White House said Thursday.
… The U.S. Department of Homeland Security says "there is no credible intelligence to indicate an active plot against movie theaters."
President Barack Obama also downplayed the threat, saying his "recommendation would be that people go to the movies."
The U.S. State Department has denied media reports it had given its backing to the film.
… In an interview late Wednesday with ABC News, Obama called the cyberattack on Sony Pictures "very serious."
"We’re investigating it. We’re taking it seriously. We’ll be vigilant," Obama said. "If we see something that we think is serious and credible, we’ll alert the public. But, for now, my recommendation would be that people go to the movies."

White House Doesn’t Rule Out Cybercounterattack in Sony Hack
… Earnest said there have been a number of daily meetings at the White House about the hack, and that there are “a range of options that are under consideration right now” for a response. Earnest would not rule out a U.S. cybercounterattack on those behind the Sony hack, saying officials are mindful of the need for a “proportional response.”
… “Administration officials were consulted about the film prior to its release at the request of the company that was producing the movie,” Earnest said, confirming that officials had screened the film.

Hack attack spurs call for more NKorea sanctions
… Rep. Ed Royce, R-Calif., chairman of the House Foreign Affairs Committee, said he did not doubt North Korea was involved. He called for tougher U.S. sanctions to cut Pyongyang's access to hard currency, by excluding from the U.S. financial system banks in other countries that hold North Korean funds.

(Related) On the other hand...
Think North Korea hacked Sony? Think about this
… If the hack was all about stopping the release of "The Interview," why didn't that come up earlier? For the first couple of weeks, the messages that accompanied leaked data didn't mention the movie at all. It was more about Sony and its executives -- something underlined by the vindictiveness of the leaks.
… The movie wasn't mentioned until a message on Dec. 8, and then it was in addition to previous demands made by the group.
… The movie wasn't mentioned by name until Dec. 10, when the hackers also issued their threat to movie theaters.

Evidence in Sony hack attack suggests possible involvement by Iran, China or Russia, intel source says

Hackers May Have Planted Their 'Time Bomb' Inside Sony Months Ago
Trend Micro says that the particular type of software used to hack into Sony's network wasn't a specialist virus, instead it was widely available on the black market and was modified to specifically target Sony.
The hackers have probably been working inside Sony's systems for months, Bloomberg says.
Masayoshi Someya, a security "evangelist" at Trend Micro, claims that hackers took the computer virus and changed it to include account names, passwords and security software found within Sony's network. That would suggest that the hackers had detailed knowledge of Sony's corporate computer network.
… Multiple messages have flashed up on Sony Pictures computers in recent weeks, meaning that employees are left using fax machines and handwritten notes to communicate because the hackers still have access to their computer system.
That's perhaps the scariest part, for Sony: As of a few days ago the hackers were still inside Sony's network, according to The New York Times.

A question for Computer Security managers everywhere...
Are you working for the next Sony Pictures? Here’s some things to check at work

Strange and pathetic too.
“this is not intended to be a list of the biggest breaches, and not all of them are supposed to be funny. Think of this as our curated list of the most interesting data security events of 2014 in the VCDB.”
Read their roundup here.

Tools & Techniques for my Ethical Hackers. Adding “portable Apps” is simple. Source code is available.
"USBdriveby" Emulates Mouse and Keyboard to Hijack Computers
Security researcher Samy Kamkar has taken a Teensy 3.1 USB-based microcontroller and fitted it with software that can emulate a mouse and a keyboard when connected to a computer. The gadget, dubbed USBdriveby, leverages the fact that many systems blindly trust USB devices connected to them.
Once it's plugged in to a machine, USBdriveby immediately starts performing mouse and keyboard actions, which allows it to carry out a wide range of tasks, such as opening a backdoor, disabling the firewall, and controlling traffic flow by changing DNS settings. After the device is disconnected, the attacker has full access to the targeted computer.
"When you normally plug in a mouse or keyboard into a machine, no authorization is required to begin using them," the researcher explained. "The devices can simply begin typing and clicking. We exploit this fact
These types of attacks are not new, and there is reason to believe that the NSA has already been using such devices in its operations.
Earlier this year, at the Black Hat security conference, researchers at Germany-based SRLabs demonstrated that a USB device's firmware can be reprogrammed for malicious purposes. They called the attack "BadUSB." The methods developed by SRLabs are more sophisticated than the ones used for USBdriveby, but the German researchers had not released the source code for their modified USB controller firmware.
In September, researchers Adam Caudill and Brandon Wilson released BadUSB source code after a presentation at the DerbyCon security conference. They argued that the code had to be made public so that people can learn how to protect themselves against such attacks.

Surveillance is becoming ubiquitous-er.
Top 5 Ways You Are Spied On Every Day And Don’t Know It
Many people are oblivious to the ways in which they are monitored nearly every day, in some aspect of their lives. It might be while conducting business at a store, getting money out of an ATM, or even just talking on their cellphone while walking down a city street.

I can't imagine why...
Andrej Sokolow reports:
…the steady spread of sensors means more data is being accumulated all the time. Everything from blood pressure, to the time of day one typically leaves one’s house to a person’s standard bedtime to how many times one rolls over in bed – it’s all potentially captured by this new, personal technology.
Some see the flood of information as a source of potential. Start-up Vivametrica plans to take anonymized data from fitness data and try to forecast cases of health problems like diabetes or heart disease.
Taking it even further, Sension – an app for Google Glass, the company’s networked spectacles – can track 76 points on the face of a person being viewed with the glasses and put together an analysis of the subject’s emotional well-being. The idea is that this could help workers in sales as they try to assess how customers feel. But how might the customers feel about such analysis?
Read more on Government Technology.

Not much new that I see...
OVERNIGHT TECH: Obama signs cyber bills
President Obama on Thursday signed five cybersecurity bills into law, after an unexpected spate of legislative activity on the issue.
The five bills won’t satisfy the strongest backers of tough cyber protections, but they should help many government officials beef up their networks and were cheered by supporters when they rushed through Congress in the final days of its 2014 session.
… The Cybersecurity Enhancement Act, for instance, allows the Commerce Department to write voluntary standards to protect critical infrastructure and tells the White House’s Office of Science and Technology Policy to develop a federal cyber research plan.
… The National Cybersecurity Protection Act establishes in law the department’s national cybersecurity center, while
the Federal Information Security Modernization Act updates 12-year-old federal information security laws.
The Cybersecurity Workforce Assessment Act directs the DHS to build out a new strategy to recruit and hang onto the best and brightest workers in the field, and
the Border Patrol Agent Pay Reform Act allows the department to exempt some cyber staffers from normal government hiring rules.
… GOP Rep.-elect Will Hurd (Texas), a former CIA officer, was picked Thursday to lead the new House Oversight subcommittee on Information Technology.

Thursday, December 18, 2014

Sorry for the Sony rant that follows, but too much is unexplained or incredible. Even my Intro to Computer Security students think something smells here.
The only quote attributed to a real person in the FBI (as opposed to “sources” or “officials”) denied North Korea's involvement. The word from “federal officials” or “American officials” is that a compromised computer, once used by North Korea was used in this hack. Thank God they didn't tie my Ethical Hackers to the same computer. A compromised computer is a compromised computer, not one owned by North Korea.
Did Sony (or the US or Japanese governments) know something they did not release? Almost certainly. (It could be that the movie is such a stinker that it is cheaper to pull it than to sink more millions into promoting it.)
U.S. Said to Find North Korea Ordered Cyberattack on Sony
American officials have concluded that North Korea was “centrally involved” in the hacking of Sony Pictures computers, even as the studio canceled the release of a far-fetched comedy about the assassination of the North’s leader that is believed to have led to the cyberattack.
Senior administration officials, who would not speak on the record about the intelligence findings, said the White House was debating whether to publicly accuse North Korea of what amounts to a cyberterrorism attack. Sony capitulated after the hackers threatened additional attacks, perhaps on theaters themselves, if the movie, “The Interview,” was released.

Sony Cancels December 25 Theatrical Release of ‘The Interview’, Set For Huge Loss
The terrorists win!

(Related) Why?
Exclusive: Sony Emails Say State Department Blessed Kim Jong-Un Assassination in ‘The Interview’

(Related) Remember, they are writing off a $40 million picture for starters...
Breach insurance might not cover losses at Sony Pictures
Documents leaked by the group claiming responsibility for the attack on Sony Pictures show that the company has upwards of $60 million in cyber insurance coverage after consolidating coverage with Sony Corporation of America. But will that be enough?

Sony shuts down filming in the wake of hacking attack that has ruined its financial software as well as leaking thousands of embarrassing emails
Sony Pictures has reportedly suspended all filming in the wake of a devastating hacker attack that has crippled the company's ability to make payments.
The entertainment giant is allegedly unable to make transactions, or make any use of a huge number of computers, after a hacking cell linked to North Korea disabled its security measures and stole valuable information.
A source told the Times of London that the company can't process any payments, [Still? Bob] which has in turn led third parties to cancel shoots. The scale of the suspension was not immediately clear.

(Related) The lawyers will have no trouble making “Case Studies” out of the Sony breach, even if Sony remains mute.
It took Reddit one day to pull down Sony hack data — and a week to remove nude celebrity photos
Sony has more resources — and more legal precedent — to challenge hacked materials when they leak into the public domain.
… Reddit executives, most likely, removed Sony's information because it reeked of legal troubles for the company that they didn't want to deal with. By quickly removing the Sony files, Reddit is preaching that words matter. Ethics matter. Trust matters. That is, so long as those ethics and words and trust protect large corporations and their interests.

(Related) ...and just for the lawyers...

(Related) Very nice summary.
The Evidence That North Korea Hacked Sony Is Flimsy

Just another lawsuit or one of the first “T J Hooper” style suits?
Jack Bouboushian reports:
Kmart’s failure to protect customer information with “elementary” security measures left banks liable for the resulting fraud, a federal class action claims.
First NBC Bank filed the class action Tuesday against Kmart Corp. and parent company Sears Holding Corp, regarding an announcement that hackers had breached Kmart’s payment-data systems in early September.
Kmart warned that customers who had used a credit card there for the past five weeks may have had their financial information stolen.
First NBC Bank says the infiltration occurred because Kmart’s outdated anti-virus system had not been updated to detect the malware that the hackers used.
Read more on Courthouse News.

“We've got all your data already, so we should be able to do anything we want with it, right?”
Consumer Watchdog today urged consumers to opt out of the new electronic health information exchange, Cal INDEX, that is being set up by Blue Cross and Blue Shield until key questions about patient privacy are answered.
… Consumers’ medical information is already being collected by Cal INDEX from Blue Cross and Blue Shield, but the organization has not yet made its privacy policy public, or clearly disclosed to the public how their medical information will be used.
… “If the exchange will do so much to benefit our health care, Cal INDEX should make that case and ask us to opt in,” said John M. Simpson, Consumer Watchdog’s Privacy Project Director. “Instead, Blue Cross and Blue Shield are telling enrollees they can opt out during the busy holiday season when we are all distracted. Worse, Cal INDEX fails to clearly explain its privacy protections and how it will operate. Consumers can’t make an informed decision based on what they’ve said so far.”
Visit our website at

...and it's all on video!
I wanted to make sure Just Security readers were aware of the inaugural Cato Institute Surveillance Conference held last week
… If you missed it live, I will suggest, with towering immodesty, that the whole thing’s worth watching—and hopefully we’ll see you at the Second Annual Cato Surveillance Conference.

“We can't tell you that.”
“Why can't you tell me that?”
“We can't tell you why we can't tell you?”
Sounds very much like “doublethink”
JPatBrown writes:
Last year, in response to a FOIA request from the ACLU regarding the Obama Administration’s policy regarding intercepting cell phone text messages, the Justice Department released 15 pages of documents – all of which had been completely redacted by b(7) and b(5) exemptions.
In response, MuckRock’s Michael Morisy requested the processing files for the case, which just came in earlier this week. Unsurprisingly, the documents are themselves heavily redacted, but the notes that were left in tell the fascinating story of FOIA officers who seem to be genuinely struggling with what – if anything – they could actually release.
Read more on and view the redacted responses.

Who writes the new definition?
By 2025, the Definition of 'Privacy' Will Have Changed
When living a public life becomes the new default, what does privacy even mean?
That's one of the central questions in a new report about the future of privacy from Pew Research Center, which collected the opinions of more than 2,500 experts in computer programming, engineering, publishing, data science, and related fields.

Maybe it just sounds delusional...
HIGHLIGHTS-Putin says economy to rebound, wants end to Ukraine crisis
Below are some of his comments.
"We think the crisis should be solved, the sooner the better."
"Clearly the current situation is caused mainly by external factors."
"It's certain that the budget will have a surplus."
"I believe that the central bank and the government are taking adequate measures."

(Related) What the non-delusional think is happening.
10 things you need to know about Russia

(Related) Of course he does.
Putin blames the West for Russia's misery

On the other end of the economic curve...
Swiss central bank introduces negative interest rates
Switzerland’s central bank on Thursday said it would introduce negative interest rates next year, a measure designed to cool the strength of the Swiss franc and ward off deflation.
Beginning Jan. 22, the Swiss National Bank will charge banks 0.25% to deposit overnight funds with it, the central bank said in a statement. The move will push the three-month Swiss franc Libor rate, currently in a range between 0.0% and 0.25%, into negative territory.

This will have to do until we all have 3D printers capable of printing anything instantly.
Amazon Confirms Rollout of One-Hour Delivery Service

(Related) Could Jeff Bezos be planning to “take over” the postal service? Think about it.
Postal workers overwhelmed by flood of Amazon Sunday deliveries
The U.S. Postal Service is straining to keep up with the volume of packages being delivered on Sundays, with some carriers complaining of 12-hour days and weeks without a single day off. The flood of packages can be traced back to Amazon, which kicked off a partnership with the USPS more than a year ago to deliver parcels seven days a week.

Interesting, as I read this as a way to “back into” Big Data analysis. How else would you find the relevant data?
Forget Big Data; Focus on Relevant Data

So more than 60% have to deal with monopolies? There is no logical reason to continue this policy as far as I can see.
Study: Most Americans lack choice in high-speed Internet providers
Less than 4 in 10 Americans have multiple options when choosing a broadband Internet provider offering higher than average speeds, according to a report Tuesday from the Commerce Department.
The report from the department's Economic and Statistics Administration highlights a point Federal Communications Commission Chairman Tom Wheeler has been making for months — there are few options for consumers looking for higher Web speeds.

For my students in the Geek Club.
So You Want To Make iPhone Apps? 6 Projects For Beginners
When you’re trying to pick a programming language to learn, it’s easy to gravitate toward the big ones that developers use to create masterpieces of digital content — things like Java, C++, Ruby, and Python. But there are a lot of programming languages out there (including some very weird ones), and they each excel at different things. Why not try learning Swift, the language that will let you create iPhone and iPad apps? These six projects will walk you through it.
… To get started, you’ll need a Mac with OS X Yosemite or Mavericks, and the latest version of Xcode 6. Beyond that, all you need is some patience and a willingness to learn!

I may use this for some Math handouts next year.
CK-12 Announces the Top Flexbooks of the Year
The CK-12 Foundation's FlexBook tool allows teachers to develop their own multimedia textbooks. Those books can be shared publicly with the CK-12 community.
… If you would like to try developing your own FlexBooks, the tutorials embedded below will help you get started.

Wednesday, December 17, 2014

NOW do you believe that Russia is in serious trouble?
Apple Halts Online Sales In Russia As The Ruble Collapses
… Russia’s currency has dropped by more than 20% this week, even after the country’s central bank raised interest rates to 17% in a bid to stem the decline. Wednesday alone the rule is down 5%, to 71 rubles against the dollar. The currency is falling because of the falling price of oil and Western sanctions over Russia’s military actions in Crimea.
… Apple had held back from raising its prices in Russia to offset the drop, up until November 26, when it raised the price of the iPhone 6 and iPhone 6 Plus by 25%. Yet even after raising the price of the iPhone 6 to 39,990 rubles, the value of the sale to Apple in dollar terms had dropped from $847 to $585.

Markets rule, 'Russia is on its knees': Altman
… What Russia's currency crisis has exposed is how profoundly weak the country has become, the investment bank's founder and executive chairman said on "Squawk Box." The commodity-centered economy now faces massive financial flight, a lack of meaningful foreign investment and highly leveraged corporations, Altman added.
"We live in an era where the global capital markets are the super power in the world, and when they move against you, as they've moved against Russia as we've all seen in the ruble, there's nothing that can stop that," Altman said. "The global capital markets have spoken, and Russia is on its knees."

Strange that the hackers keep communicating. Makes them easier to trace.
Sony hackers threaten terror attacks on theaters
The hackers who attacked Sony threatened terrorist attacks against the United States on Tuesday, warning people who plan to go see "The Interview" in theaters could face a "bitter fate."
The hacking group, which goes by "Guardians of Peace," referenced the Sept. 11, 2001, attacks as they warned people not to go see the comedy about a fictional plot to assassinate North Korean leader Kim Jong-un.
“Warning[.] We will clearly show it to you at the very time and places ‘The Interview’ be shown, including the premiere, how bitter fate those who seek fun in terror should be doomed to,” the hackers proclaimed.
… The Department of Homeland Security (DHS) is aware of the threat and analyzing its credibility, according to an official.
“At this time there is no credible intelligence to indicate an active plot against movie theaters within the United States.

(Related) Apparently, Sony (or the actors) don't trust DHS to protect them?
Seth Rogen, James Franco cancel publicity tour after hacker threats
… Multiple outlets reported on Tuesday that the movie studio has pulled back the comedy duo’s planned appearances ahead of the Christmas Day opening of their movie “The Interview.”
BuzzFeed News reported that the comedy pair canceled all of their public appearances ahead of the film’s opening. Variety confirmed the report, but added that the two are still planning to appear at a special screening of the film in New York on Thursday.
… The ongoing repercussions of the hack have been a disaster for the studio and could cost Sony well more than $100 million when all is said and done. [Sony's not talking, so this is likely a guess. Bob]

So a “Best Practice” might be to hold back a “significant” improvement in case you need to cover up a significant change that impacts the competition?
Apple Wins Decade-Old Suit Over iTunes Updates
A jury took about three hours to reject an antitrust lawsuit — 10 years in the making — that accused Apple of using a software update to secure a monopoly over the digital music market.
The eight-member jury in federal court here unanimously determined that Apple had, in fact, used an update of the iTunes software that it issued eight years ago to deliver genuine improvements for older iPods.

What's going on here? Because your photos don't rise to the level of quality Facebook expects? Because you are frightening off other users?
Facebook Automatically Enhances Photos
Facebook thinks it knows better than you… because you’re wholly incapable of editing your own photos. Hence, from now on, Facebook will automatically enhance any photos you upload to the social networking site from your smartphone.
Previously, you were presented with your unedited photo and given the option to add a filter or adjust its quality in another way. Now, each photo will be auto-enhanced, with a simple slider allowing you to adjust the level of enhancement.

For my students.
How To Get A Chromecast For Free
U.S. retailer Best Buy is running a deal at the moment which effectively makes the Google Chromecast free to buy. The Chromecast is priced at $30, Google is giving $20 of Google Play credit to buyers, and Best Buy are giving away an extra $20 of Google Play credit on top of that.
For those who suck at maths, that’s a Chromecast and $40 of credits for an outlay of just $30. Which means Google is now paying you to take the brilliant little media streaming stick off its hands. The one caveat being you need to register your device and redeem the offers by December 21. What a hardship.

For my fellow academics.
Achieving human and machine accessibility of cited data in scholarly publications
Achieving human and machine accessibility of cited data in scholarly publications. PeerJ PrePrints 2:e697v2
“This brief article provides operational guidance on implementing scholarly data citation and data deposition, in conformance with the Joint Declaration of Data Citation Principles (JDDCP, to help achieve widespread, uniform human and machine accessibility of deposited data. The JDDCP is the outcome of a cross-domain effort to establish core principles around cited data in scholarly publications. It deals with important issues in identification, deposition, description, accessibility, persistence, and evidential status of cited data. Eighty-five scholarly, governmental, and funding institutions have now endorsed the JDDCP. The purpose of this article is to provide the necessary guidance for JDDCP-endorsing organizations to implement these principles and to achieve their widespread adoption.”

Part of my ongoing research into beer technology! [Translation: Can you send me a few cases so I can taste that? Bob]
The Magic of Beer and Magnets
… What they found was that when the brew passed through the magnetic field, the hops broke apart and spread throughout the beverage, effectively increasing their surface area. With more surface area, the tiny antifoaming particles bound with more hydrophobins than whole hops could, the team reported in a paper set to appear in the January edition of the Journal of Food Engineering.

Interesting video? My computer thinks so.
Jeremy Howard: The wonderful and terrifying implications of computers that can learn
What happens when we teach a computer how to learn? Technologist Jeremy Howard shares some surprising new developments in the fast-moving field of deep learning, a technique that can give computers the ability to learn Chinese, or to recognize objects in photos, or to help think through a medical diagnosis. (One deep learning tool, after watching hours of YouTube, taught itself the concept of “cats.”) Get caught up on a field that will change the way the computers around you behave … sooner than you probably think.

Most of my classes include at least a mention of the “strategic implications of X” Dilbert explains how valuable that is...