Saturday, August 22, 2015

Worth reading. (Stop smirking.)
Why The Ashley Madison Hack Is More Scary Than Funny
After almost two years of unending data breaches, everyone knows cybercrime is bad, damaging and dangerous. And yet the Ashley Madison hack made us smile
At the time of the breach, the group claiming credit, the Impact Team, made the breach known by posting a small amount of a supposedly larger cache of stolen (and identifying) user data and made Ashley Madison’s owner, Avid Life Media, an offer: take down the site, or see all the data go up for public consumption.
And then … nothing. For about a month the issue didn’t progress – Ashley Madison stayed up, and the data remained under wraps.
Until this week.
That’s when the whole breach went up on the Web in the form of a giant data dump. And this time around, smirks certainly abound.
The Ashley Madison hack in terms of the sheer amount of data was massive — 10 GB of data (and that was compressed) from over 33 million accounts
The Ashley Madison hack in terms of the sheer amount of data was massive — 10 GB of data (and that was compressed) from over 33 million accounts — or the equivalent of four motion pictures worth of data. And within those accounts is a virtual buffet of personal information.
Home addresses, 36 million email addresses, phone numbers, partial payment data, first and last names and hashed passwords — and financial transactions.
Paid extra for the premium “guaranteed affair within three months” service? That’s in the records. Paid the company to delete your account and forget they ever saw you? That’s there too. All in, records documenting 9.6 million transactions were included in the full data dump – all of which appeared on an Onion (Tor) website.
TrustedSec researcher Dave Kennedy wrote in a blog post. “This is much more problematic as it’s not just a database dump, this is a full scale compromise of the entire company’s infrastructure including Windows domain and more.”

(Related) An interview of the hackers. Apparently, there was no security.
Ashley Madison Hackers Speak Out: 'Nobody Was Watching'

(Related) Now this is curious. I wonder whose name they are trying to hide?
Now the UK’s Information Commissioner’s Office has posted something about the legalities concerning the Ashley Madison data leak. Simon Rice writes, in part:
Wherever your sympathies might lie in relation to the people identified in the published data set, the fact remains that such details are personal information, with certain protections in law.
Like many online attacks, the data protection response is international. In this case, we’re liaising with our counterparts in Canada, where the company is based.
But with cases like this, there is still a domestic aspect to consider.
Anyone in the UK who might download, collect or otherwise process the leaked data needs to be aware they could be taking on data protection responsibilities defined in the UK’s Data Protection Act.
Similarly, seeking to identify an individual from a leaked dataset will be an intrusion into their private life and could also lead to a breach of the DPA.
It’s worth noting too that any individual or organisation seeking to rely on the journalism exemption should be reminded that this is not a blanket exemption to the DPA and be encouraged to read our detailed guide on how the DPA applies to journalism.
Read more on the ICO’s blog.

How does a company screw up so spectacularly? What did they do wrong?
Peter Kafka reports:
No, Spotify doesn’t want to root around your phone’s address book, or your photos.
That’s the message the music service is sending out today — after clumsily suggesting otherwise earlier this week.
“We should have done a better job in communicating what these policies mean and how any information you choose to share will — and will not — be used,” the company says in a post attributed to CEO Daniel Ek. “We understand people’s concerns about their personal information and are 100 percent committed to protecting our users’ privacy and ensuring that you have control over the information you share.”
Read more on Re/Code.

This may come up in other elections this year. (There is still the possibility the comments were factual.)
Comcast releases username that suggested U.S. politician molested children
Comcast Cable Communications has given a northern Illinois politician the identity of an Internet service subscriber whose account was used to post an anonymous comment online suggesting the politician molests children.
Comcast turned over the name of the subscriber on Aug. 14, attorney Andrew Smith said Thursday, almost two months after the Illinois Supreme Court upheld lower court rulings that Internet service providers have no obligation to withhold the identity of a commenter if their comments could be considered defamatory.

This should raise “sexting” to interesting heights. Perhaps I can connect my dash-cam directly to my lawyer…
Comcast releases its livestreaming app to all subscribers
Comcast says its livestreaming app did very well during its limited release, so the company's now making it available to all Xfinity customers. The app, called Xfinity Share, gives you a way to broadcast video streams, photos and even previously recorded videos not just on your own TVs, but on other subscribers' TVs. It also lets you share from mobile to mobile, though, if that's more convenient. Xfinity Share used to be exclusive to Triple Play package customers, but now it can be accessed by every voice, video, home and internet subscriber. However, the recipient still needs to have an X1 DVR-ready set-top box to see what you're trying to send them on a bigger screen.
Say, you want to livestream your kids' next game to their grandparents' TV: just grab the app from iTunes or Google Play, then follow these instructions:
To stream to the TV, users just need to follow these simple steps: open the Xfinity Share app, select "Stream Live," select "Stream to other contacts," enter the home phone number or email address for the person you want to see the video, and click "Stream." A notification will pop up on that person's TV, and all that person needs to do to watch the live streaming is click the "Info" button on the X1 TV remote.

For my Website students.
Learn HTML and CSS with These Step by Step Tutorials

For all my students.
Turn Your iPhone Into A Personal Security Device for Emergencies

I must have a couple of students who are Dr Who fans…
How to Make Your Own Doctor Who Adventure for the BBC

I smile when I see this post. Evil ain't I?
Hack Education Weekly News
Via Education Week: “The Department of Education is asking for bids to design a prototype system to quickly evaluate ed-tech in K–12 schools, in hopes of making it easier for educators to figure out what works in products they purchase with federal funding.” [This will never happen. Bob]
… A US District Court judge has begun hearing a lawsuit brought against Compton Unified School District, claiming “trauma is a disability and that schools are required – by federal law – to make accommodations for traumatized students, not expel them.
… The ACT makes the case for multiple choice tests – they “can and do efficiently assess students’ higher-order thinking skills and reflect their real-world problem solving skills.”
Inside Higher Ed reports that there are 74,468 unique email addresses from .edu domains released as part of the hack of the Ashley Madison website.
… Gallup has released the results of a poll about the availability of computer science in schools. Among the findings, “just 7% of principals and 6% of superintendents surveyed report that demand for it is high among parents in their school or district.”

Friday, August 21, 2015

I think we'll see lots of this.
Prying eyes, alibis and a global hunt for Ashley Madison users
Two Republican politicians from Louisiana took the initiative and confessed Thursday that their names are on a list of clients for the cheating Web site Ashley Madison. But both were quick to say that while they know what people might be thinking, it wasn’t that, the old “I can explain everything” line.

(Related) Ah, the Class Actions begin. (For a minute there I thought the lawyers had been “customers.”
Jenny Yuen of Toronto Sun reports on a potential class action lawsuit filed in Toronto.
The plaintiff in the lawsuit is Eliot Shore, a disabled widower in Ottawa, who after 30 years of marriage lost his wife to breast cancer. He joined Ashley Madison for a short time seeking companionship, but never met anyone online.
The data breach includes users’ personal names, e-mails, home addresses and profile information for public viewing.
Charney said since the first information dump on Tuesday, more than 50 people — one-third of which are women — approached the lawyers — and more should come forward, he said.
Read more on Toronto Sun.
[From the article:
“It seems massive in some respects, but for us, it’s a classic privacy breach case where you’ve got a number of people who are similarly situated, who the corporation made the same promises to, in terms of confidentiality and ... their personal information disclosed to the public at large.”

(Related) ...and it will get worse.

Yeah, it's complicated. And expensive.
Google ordered to remove 'right to be forgotten' links
Google has been ordered to remove nine links to news stories by the UK's Information Commissioner's Office (ICO) under the "right to be forgotten".
… In a statement, the ICO revealed that Google had refused to remove the links when asked by the complainant, which is why officials are now stepping in.
Being able to access the links by searching for the complainant by name constitutes a breach of the Data Protection Act, according to the ICO.
… Dr Walden added that as the complexity of removal requests grows, it's possible that search engines like Google may become less willing to challenge them.
"In five years' time perhaps Google will say, 'It's not worth the hassle, let's take down more stuff, let's not spend as much time evaluating the case,' - they obviously have to employ people for this," he said.

How to ruin a perfectly good business model?
Spotify's new privacy policy angers users
Some high-profile Spotify users say they have left the music service over changes in its terms and conditions.
The streaming platform now wants access to pictures, contact phone numbers and sensor data stored on the user's smartphone as well as permission to view social media activity.
… Spotify said the changes would help it "tailor improved user experience".
Sensor data, such as how fast the user's phone is moving, helped the Swedish firm develop Spotify Running, a new feature that tailors music playlists to physical activity.
… The firm has 75 million active users and 20 million subscribers in 58 countries, according to its own figures. [Let's see how many leave. Bob]

Somehow this does not inspire confidence.
Background check company that screened Snowden to forfeit $30M
The personnel vetting company that screened government leaker Edward Snowden and Washington Navy Yard shooter Aaron Alexis has agreed to give up $30 million to settle federal fraud charges.
In order to pay the settlement, the Justice Department announced on Wednesday that United States Investigations Services (USIS) — the largest private background check firm used by the government, based in Falls Church, Va. — has agreed to forgo payments that it was otherwise owed by the Office of Personnel Management (OPM).
According to federal law enforcement officials, USIS officials carried out a plot to “flush” or “dump” individual cases that they deemed to be low-level in order to meet internal goals.

Very curious to see how quickly this is adopted and what difference it makes.
Review Federal Agencies on Yelp
by Sabrina I. Pacifici on Aug 20, 2015
Yelp Official Blog: “We are excited to announce that Yelp has concluded an agreement with the federal government that will allow federal agencies and offices to claim their Yelp pages, read and respond to reviews, and incorporate that feedback into service improvements. We encourage Yelpers to review any of the thousands of agency field offices, TSA checkpoints, national parks, Social Security Administration offices, landmarks and other places already listed on Yelp if you have good or bad feedback to share about your experiences. Not only is it helpful to others who are looking for information on these services, but you can actually make an impact by sharing your feedback directly with the source. It’s clear Washington is eager to engage with people directly through social media. Earlier this year a group of 46 lawmakers called for the creation of a “Yelp for Government” in order to boost transparency and accountability, and Representative Ron Kind reiterated this call in a letter to the General Services Administration (GSA). Luckily for them, there’s no need to create a new platform now that government agencies can engage directly on Yelp. As this agreement is fully implemented in the weeks and months ahead, we’re excited to help the federal government more directly interact with and respond to the needs of citizens and to further empower the millions of Americans who use Yelp every day. In addition to working with the federal government, last week we announced our our partnership with ProPublica to incorporate health care statistics and consumer opinion survey data onto the Yelp business pages of more than 25,000 medical treatment facilities. We’ve also partnered with local governments in expanding the LIVES open data standard to show restaurant health scores on Yelp. All of these things fall under Yelp’s Consumer Protection Initiative, a concerted effort to empower and protect consumers on our site. We’re constantly looking for new ways to improve our user experience, so if you have other ideas for this initiative or feedback on efforts Yelp currently has underway, including this new agreement with the federal government, please share it here.”

So... Talking favorably about a Copyright infringer can get you arrested?
Police Arrest Men For Spreading Popcorn Time Information
Police in Denmark have arrested the alleged operators of two Popcorn Time guide websites. The domains of both operations have also been seized by the authorities. The case is controversial in that both sites were Popcorn Time information resources and neither linked to copyright-infringing material.
… Popcorn Time is increasingly attracting the attention of copyright holders, anti-piracy groups and law enforcement agencies.
While neither of the main forks have yet been targeted, others around them are feeling the heat. In fact, the latest news coming out of Denmark suggests that the authorities are even prepared to hit those barely on the perimeter.
… While arrests of file-sharers and those running sites that closely facilitate infringement are nothing new, this week’s arrests appear to go way beyond anything seen before. The two men are not connected to the development of Popcorn Time and have not been offering copyrighted content for download.
Both sites were information resources, offering recent news on Popcorn Time related developments, guides, FAQ sections and tips on how to use the software.

I always have time for a good argument.
Eric F. Barton, Esq. of Seyfarth Shaw LLP writes:
There is no question that social media privacy issues now permeate the workplace. In an attempt to provide further guidance and regulation in this area, since April 2012, a growing number of state legislatures in the United States have passed various forms of social media privacy legislation. In fact, to date, nearly all state legislatures, as well as the United States Congress, have considered or are considering some kind of social media privacy legislation.
The precise impact that these new social media privacy laws have on existing trade secret law is still very much in its infancy. Compounding matters, the plain language of several recently enacted privacy laws directly conflicts with judicial decisions regarding “company vs. employee” ownership of social media content that may otherwise constitute protectable trade secrets, including contact lists and business relationships. Moreover, very few court decisions have yet to interpret any of the new social media privacy laws.

Interesting business model: Every tool you'll ever need all in one place. Great if it works.
Search App Vurb Adds Messaging To Become The U.S. WeChat
WeChat dominates China with its messaging hub that lets you shop, call a taxi, and pay bills — all from one app. Now, mobile search startup Vurb wants to bring the monolithic app style to the United States with the help of Tencent, WeChat’s developer which has secretly been an investor in Vurb’s $10 million of funding.
… But what’s perhaps more interesting is the opportunity this primes for Vurb. In China, rather than every little business or utility getting its own app, they create “official accounts” on WeChat. These work similar to connecting with a new friend to talk, but instead offer unique functionality like ecommerce that taps into WeChat’s mobile payments wallet.
Vurb’s founder Bobby Lo tells me that’s the direction his app is going. Eventually, businesses could build official accounts into Vurb so people could order their movie tickets, book reservations, and more without leaving the app.

Trying to keep my students current.
5 Best Practices for Fast Data
Big Data is so 2012. Fast Data is the latest data processing and analytics trend. Best practices are beginning to emerge, based on early use cases.

(Related) It can't hurt to read this one too.
What the 'Internet of Things' Means For Small Business
Twenty years ago, tech experts urged small businesses to get on the World Wide Web or die. Perhaps they overstated things a bit, but it certainly held true for many industries. Now the call is to get ready for the Internet of Things (IoT) or face extinction. Again, it may not apply to all fields, but it certainly does apply to many—and probably more than you think.

...and you might not even notice. Worth reading.
4 Machine Learning Algorithms That Shape Your Life
Software is getting smart. It’s a slow, uneven process — but it’s also seemingly unstoppable. One by one, the hard problems of machine learning are falling to powerful new theoretical tools, letting us build software that can do some truly impressive things.
Some applications, like self-driving cars, are a few years off. What you may not realize, though, is that machine learning is already all around you, and it can exert a surprising degree of influence over your life. Don’t believe me? You might be surprised.

Tools I might use...
8 Formatting Tips for Perfect Tables in Microsoft Word

10 Simple Microsoft Word Hacks Everyone Can Do

Dilbert points out a future legal issue!

Thursday, August 20, 2015

Something my Computer Security students should be talking about.
Ashley Madison data breach Q&A
This was always going to be a huge incident given not just the scale of the number of accounts impacted by the Ashley Madison breach (well over 30M), but the sensitivity of the data within it. However the interest has surprised even me – I loaded the breached data into Have I been pwned? (HIBP) about 8 hours ago and I’m presently seeing about 30k visitors an hour to the site. I’ve had a commensurate number of media and support queries such that I just can’t respond to them all individually so I’m putting together this Q&A instead.

(Related) Do you think they will be treated as fairly as any other company that suffered a breach?
The mind-bending messiness of the Ashley Madison data dump
… The apparent release last night of personal information for 32 million registered users of, a website for connecting people who want to have affairs, is likely to have much more profound consequences. Impact Team, the group of anonymous hackers who are taking credit for the breach, sought to have Ashley Madison’s website taken down in protest of the company’s business practices and its encouragement of adultery. But the practical impact of the breach is likely to be much broader. There are a lot of threads here, and it’s worth sorting them out.
The consequences for Ashley Madison are likely to be catastrophic. A CEO who routinely bragged about the company’s privacy features now seems likely to face a barrage of lawsuits from members who have found their information exposed. And a site that depends on privacy and security to earn members’ trust may find it impossible to win it back.

You should try hard to learn from bad management so you don't need to make the same mistake.
How Victims Can Regain Control Mitigate Threats in Wake of OPM Breach
by Sabrina I. Pacifici on Aug 19, 2015
“In June 2015, the Nation learned that the personnel records of 21.5 million United States citizens had been exfiltrated by an unknown adversary from the Office of Personnel Management, one of the largest known breaches in the history of the U.S. Government. The immediate public outcry included congressional hearings attributing the breach to OPM administrators and nation states and a nationwide media frenzy consumed with criticizing the government’s cybersecurity posture. Noticeably absent from the response however has been sustained and meaningful support for the victims of the breach. In ICIT’s most recent legislative brief entitled “Moving Forward: How Victims Can Regain Control & Mitigate Threats in the Wake of the OPM Breach“, the Institute for Critical Infrastructure Technology (ICIT) Fellows discuss the short-term (6-12 months), medium-term (1-5 years) and long-term (5-10+ years) threats faced by federal agencies and victims of the OPM breach. The brief also provides recommendations on how agencies and victims can mitigate these risks through a combination of vigilance, governance, and technology. This brief will be distributed and presented to members of the House and Senate, federal agency technology leaders and members of the critical infrastructure community.”

For my IT Governance students who might have thought really big companies never made mistakes.
Google lost data after lightning hit Belgian data center
Despite the popular saying, lightning does strike twice, or even four times — as it did at a Google data center in Belgium last Thursday, causing problems for the next several days and leading to permanent data loss for a small percentage of unlucky users.
The problem began when the facility lost power briefly during one of the late-summer thunderstorms common in the area. That caused problems with reading or writing data for about five percent of disks in the data center. Most were fixed but data on .000001% of the center’s total disk space was lost. “In these cases, full recovery is not possible,” the company said in a statement.
Google accepts full responsibility for the incident and says it is making upgrades to prevent something like this from happening again.

In retaliation, detect the Ad Blockers and require a Captcha to prove the user is human? Add a very obvious watermark?
Ad Blockers and the Nuisance at the Heart of the Modern Web
The great philosopher Homer Simpson once memorably described alcohol as “the cause of and solution to all of life’s problems.” Internet advertising is a bit like that — the funder of and terrible nuisance baked into everything you do online.
… Now, more and more web users are escaping the daily bombardment of online advertising by installing an ad blocker. This simple, free software lets you roam the web without encountering any ads that shunt themselves between you and the content you want to read or watch. With an ad blocker, your web browser will generally run faster, you’ll waste less bandwidth downloading ads, and you’ll suffer fewer annoyances when navigating the Internet.
Ad blocking has been around for years, but adoption is now rising steeply, at a pace that some in the ad industry say could prove catastrophic for the economic structure underlying the web. That has spurred a debate about the ethic of ad blocking. Some publishers and advertisers say ad blocking violates the implicit contract that girds the Internet — the idea that in return for free content, we all tolerate a constant barrage of ads.

An interesting application of the Internet of Things and some wise advice.
Meet Ring, the connected door bell company that just scored Richard Branson as an investor
… The doorbell attaches to the side of the house and can connect to existing wiring or work off a battery. When someone rings the doorbell it opens an app that runs on the user’s mobile phone. The user can see and communicate with the person at the door through the app, which comes in handy for home security, or if you’d simply like to tell the FedEx carrier where to drop a package.
That last use case is how Branson found the company. A visitor to his island spoke with a delivery person who rang his doorbell, all while thousands of miles away. Branson was intrigued enough to ask questions—immediately—of Siminoff over email. Later Branson offered to invest. “When Richard Branson asks if he can invest in your company, I think there’s only one answer you can give,” Siminoff says.

The “gig economy” keeps expanding.
Uber expanding 'UberEats' food delivery service
Popular ride-hailing company Uber is expanding its food delivery service, UberEats, to San Francisco.
… Uber has touted its food service as an "ultrafast" alternative to traditional delivery and online competitors such as GrubHub and TakeoutTaxi.
… It’s same cashless payment as an Uber ride. So just tap the app, meet your driver outside, and enjoy."

Mobile Messaging and Social Media 2015
… 2015 marks the first time Pew Research Center has asked specifically about mobile messaging apps as a separate kind of mobile activity apart from cell phone texting. And already, according to a new survey, 36% of smartphone owners report using messaging apps such as WhatsApp, Kik or iMessage, and 17% use apps that automatically delete sent messages such as Snapchat or Wickr.
… The results in this report reflect the noteworthy and rapid emergence of different kinds of communications tools serving different social needs.

Interesting. Is Australia the cheapest place to sell bonds?
Apple launches iBonds in Australia
US technology giant Apple has formally launched a "benchmark"-sized Australian dollar corporate bond issue, its first ever sale in the currency, with order books swelling to $1.2 billion within two hours.
… The company said the intended use of proceeds are for 'general corporate purposes' including share buy-backs, dividend payments and to fund working capital, capital expenditure, acquisitions and debt repayments.
Apple which has so far raised $US50 billion ($68 billion) of debt since May 2013 has a cash balance of over $US200 billion, but since most of the funds are in offshore jurisdictions it borrows money to return funds to shareholders to avoid paying a large tax bill.

Yep, the Democrats are distancing themselves because they think she's going to tank. Small players so far, but I expect it will grow.
Clinton comes under friendly fire
… Martin O’Malley (D), the former governor of Maryland who remains mired in low single digits in most polls, said during an appearance on CBS’s “Face the Nation” on Sunday that Clinton faced “a legitimate question” over her use of the server.
O’Malley also pointedly asserted that such a question could be answered by “Secretary Clinton and her lawyers,” a clear reference to the choppy legal waters into which Clinton appears to be sailing.
On Monday, Eugene Robinson, the Pulitzer Prize-winning liberal opinion-writer for the Washington Post, published a column excoriating the Democratic frontrunner, under the headline, “Hillary Clinton is her own worst enemy.”
… Before her latest comments, Dan Pfeiffer, a former senior adviser to President Obama, offered a backhanded compliment in an interview with the Washington Post while seeking to defend Clinton.
“She isn’t as natural a politician as Barack Obama or Bill Clinton, but that’s like saying Scottie Pippen isn’t as talented as Michael Jordan or Magic Johnson,” Pfeiffer said.
Given the comparison, and Clinton’s new stumbles on Tuesday, Pfeiffer’s comments only seemed to underline Hillary Clinton’s perceived political deficiencies to both her husband and Obama.
… Julie Roginsky, a former aide to Sen. Frank Lautenberg (D-N.J.), told Fox News’s “Media Buzz” over the weekend that the criticism Clinton had received was “deserved and it is entirely self-inflicted by Hillary Clinton…

You don't need to actually meet anyone, just use your App to find the skills you need, then email them.
LinkedIn's New Employee Directory App 'Lookup' Could Boost Daily Activity On Its Network
On Wednesday, the Mountain View, Calif.-based professional social network launched Lookup, an employee directory app aimed at letting users easily find, learn about and contact their coworkers, through in-app messaging or by email. Lookup is available on Apple iOS and will reach Android soon, the company said.
… LinkedIn also says the app doesn’t compete with office chatroom services like Slack or Hipchat. Instead, it’s intended to spark just enough dialogue to lead to a phone call, meeting or email exchange. The standalone app is free and currently isn’t monetized.
… Lookup is part of a larger plan by LinkedIn to make more products that satisfy companies’ internal needs.

The next Big Thing? Probably not, but definitely a trend.
5 Best Practices for Fast Data
As vendors and users testified at last month's In-Memory Computing Summit, the relatively low cost of flash memory is driving databases and apps toward leveraging Fast Data – mobile and sensor cloud data – using systems whose storage is predominantly or even entirely composed of main and flash memory. One use case cited by a presenter employed one terabyte of main memory and one petabyte of flash.
What is driving this shift in databases and the applications that use them?
Increasingly, enterprises are realizing that "almost-real-time" handling of massive streams of data from cars, cell phones, GPS and the like is the new frontier -- not only of analytics but also of operational systems that handle the Internet of Things (IoT). As one participant noted, this kind of real-time data-chewing not only allows your car to warn of traffic ahead, but also to detect another car parked around the corner in a dangerous position.

(Related) How to make fast, faster.
… Today, at the ACM SIGCOMM conference, we are presenting a paper with the technical details on five generations of our in-house data center network architecture. This paper presents the technical details behind a talk we presented at Open Network Summit a few months ago.
From relatively humble beginnings, and after a misstep or two, we’ve built and deployed five generations of datacenter network infrastructure. Our latest-generation Jupiter network has improved capacity by more than 100x relative to our first generation network, delivering more than 1 petabit/sec of total bisection bandwidth. This means that each of 100,000 servers can communicate with one another in an arbitrary pattern at 10Gb/s.

For my Python programming students (and my Math students). Download the free ebook!
This company is using insanely complicated math to save its customers tons of cash
Analysts estimate that the market for data analytics — the industry term for sifting through mountains of data until you actually learn something useful from it — will hit $125 billion this year.
… To get all of your data nice and tidy for analysis, it has to go through a process called "ETL," which stands for "extract, transform, load." It can be a costly, time-consuming, and error-prone process.
ETL software can cost big enterprises hundreds of thousands of dollars in licensing; hiring consultants to put it all into place can drive the price tag into the millions.
Enter Algebraix Data, a California-based data analytics startup that's changing the equation with what it calls "data algebra."
… For the first five years of the company's existence, Algebraix played its cards close to the chest and kept data algebra as a company secret.
But just recently, the company has started to open the door a little bit: It's published a book by two of its in-house mathematicians called "The Algebra of Data," and it's made the core data algebra algorithms available for any programmer anywhere to download.
The gist is that Algebraix is hoping to force data algebra into the spotlight, placing itself into the center of what it hopes becomes the next wave of analytics. Other programmers can use Algebraix's technology, but as the inventors, and the holders of the patents, the company stands to profit most.
The Algebraix Technology Core Library is available as a Python library at

More arrows in Cable's back?
Cut the Cord Forever With These 15 TV Streaming Channels

Tools for students. Make following easier.
How to Turn Any Website into an RSS Feed

Wednesday, August 19, 2015

Still paying for the breach.
Target to Settle Claims Over Data Breach
Target Corp. agreed to reimburse thousands of financial institutions as much as $67 million for costs incurred from a massive 2013 data breach that damaged the retailer’s reputation with shoppers and cut into sales.
… Target also said it is working with MasterCard Inc. on a similar deal for its card issuers.
The size of the two settlements could rival a 2010 agreement in which Heartland Payment Systems Inc. agreed to pay more than $100 million to Visa and MasterCard for a large 2008 breach.
Target’s data breach exposed 40 million credit and debit cards to fraud during the 2013 holiday season.
… The exact amount of fraud that resulted from the Target breach still isn’t known. Trade groups representing community banks and credit unions estimate that they spent more than $350 million to reissue credit and debit cards and deal with other issues tied to the Target breach and the subsequent Home Depot hack.

(Related) Apparently, the breach didn't turn customers away.
Target’s Earnings Beat Estimates After CEO Reins In Expenses

I doubt this embarrasses them at all...
People searching for the Ashley Madison data on Pirate Bay will also find ... an ad for Ashley Madison
… And, in a further embarrassment for Ashley Madison, people looking to get their hands on the data by searching the popular bittorrent indexer The Pirate Bay have also been served banner ads for Ashley Madison.

Interesting argument?
The Madison Record reports:
Yahoo answers a class action complaint of privacy invasion by pleading that no one can call its scanning practices surreptitious.
Yahoo’s scanning of emails has been the subject of media reports for years,” Peter Herzog of St. Louis wrote on Aug. 17.
He moved to dismiss a suit that Kaylynn Rehberger of Highland filed at U.S. district court in June, alleging violation of the Illinois Eavesdropping Statute.
Read more on Madison Record.

We knew that, right?
Henry Farrell reports:
Facebook’s privacy practices have always been controversial. It doesn’t charge its users–because its users are the product. The company sells information on its users, their social networks, services they like, and a multitude of other forms of information to advertisers and marketers. This gives Facebook a strong incentive to push privacy boundaries constantly, since the more personal information Facebook gathers on its users, the more money Facebook will be able to make by selling this information on to marketers.
This has meant, for example, that Facebook has frequently changed its privacy policies, often in confusing ways. Jennifer Shore and Jill Steinman, two undergraduate students at Harvard have just published a new research article in Technology Science showing that, over time, these changes have led to Facebook’s privacy policy becoming much, much worse.
Read more on Washington Post.

A tool for anyone who does not want people reading over their shoulders?
Confide brings ephemeral messaging to desktop, with Mac and Windows clients
When off-the-record messenger Confide launched more than a year ago, its main goal was to secure business communications. It started by making a mobile app for ephemeral text messaging and then expanded to include document and photo sharing. Now the company is rolling out a desktop version for both Windows and Mac to help employees share sensitive documents without having to reach for their phone.
… To make its app more widely available, Confide will be launching a paid business version later this year.
The service will allow businesses to deploy Confide broadly, rather than relying on individuals to download the app. Confide in its current incarnation is free, but Co-founder Jon Brod says the enterprise level Confide will charge companies a monthly fee per-user when it does launch.

For my Computer Security students. The Coasties are unusually effective, I think because of a very low BS factor. Let's follow this.
Maritime Experts Gather to Define Cybersecurity Research Challenges
In June, the Maritime Cyber Research Summit (MCRS) was held at the Cal Maritime Safety and Security Center. This summit was an intensive focus session on maritime cybersecurity risks and vulnerabilities.
… In a fortuitous combination of events, the USCG released its Cyber Strategy (PDF) one day prior to the event, which was made available to all MCRS participants.
… The purpose of the summit was to address the research challenges put forth by Vice Admiral Chuck Michel during the Maritime Cyber Security Symposium. The admiral challenged the assembled academics, industry, and federal, state, and local attendees to leverage their collective capability to help the USCG rigorously explore research areas and identify research priorities.
… During the summit, participants fleshed out six research challenges, identifying key priority topics and important research questions. The challenge areas are as follows:
  1. Vulnerabilities: What analysis could be employed to identify the greatest cyber vulnerabilities in the maritime domain/Maritime Transportation System (MTS), both shipboard and ashore?
  2. Resilience: Identify the best options for operational and systems cyber resilience. This research would include definition, operational, and legal considerations.
  3. Threats: What analysis framework and tools could be used to map and predict dynamic maritime cyber threats?
  4. Impacts: What framework should be employed for impact analysis for the MTS? What are the cascading consequences to the nation and economy of a cyber incident?
  5. Critical Points: What approach should be used to conduct nodal analysis to identify single points of failure for maritime cyber events within the MTS, including navigation systems?
  6. Info Sharing: How would a framework for network analysis be developed to support optimal information sharing with partners to address maritime cyber issues?

See? It's not just police-cams and license plate readers and cellphone interception and facial recognition and …
Internet Technology Could Aid Police, Courts and Prisons; Resolving Privacy Issues Key to Future Use
New Internet-based technology may aid criminal justice agencies through tools such as better criminal databases, remotely conducted criminal trials and electronic monitoring of parolees in the community, according to a new RAND Corporation study.
Top criminal justice priorities for new Internet tools include developing a common criminal history record that can be shared across agencies, developing real-time language translation tools and improved video displays for law enforcement officers to adapt to changing needs, according to the analysis.

Background for my IT Governance class as we consider unregulated technologies.
Regulation of Emerging Risks
by Sabrina I. Pacifici on Aug 18, 2015
Wansley, Matthew, Regulation of Emerging Risks (August 17, 2015). Vanderbilt Law Review, Forthcoming. Available for download at SSRN:
“Why has the EPA not regulated fracking? Why has the FDA not regulated e-cigarettes? Why has NHTSA not regulated autonomous vehicles? This Article argues that administrative agencies predictably fail to regulate emerging risks when the political environment for regulation is favorable. The cause is a combination of administrative law and interest group politics. Agencies must satisfy high, initial informational thresholds to regulate, so they postpone rulemaking in the face of uncertainty about the effects of new technologies. But while regulators passively acquire more information, fledgling industries consolidate and become politically entrenched. By the time agencies can justify regulation, the newly entrenched industries have the political capital to thwart them. This Article offers a prophylactic against this predictable regulatory failure. It defends an experimentalist model of regulation, in which agencies are empowered to impose moratoria on risky emerging technologies while regulators organize experiments to learn about the risks they pose and the means to mitigate them. The agency-coordinated experiments would expedite the promulgation of empirically informed rules. The moratoria would extend the political window for regulatory action and protect the public in the interim. The Article applies this experimentalist model to the regulation of fracking, e-cigarettes, and autonomous vehicles. It also identifies legal strategies for implementing experimental regulation under existing law. It challenges the conventional wisdom that agencies should postpone regulation until they can confidently predict the effects of new risky technologies.”

(Related) Speaking of unregulated... Another article for my future executives. (That's you, students!)
McKinsey – An executive’s guide to the Internet of Things
by Sabrina I. Pacifici on Aug 18, 2015
“As the Internet of Things (IoT) has gained popular attention in the five years since we first published on the topic, it has also beguiled executives. When physical assets equipped with sensors give an information system the ability to capture, communicate, and process data—and even, in a sense, to collaborate—they create game-changing opportunities: production efficiency, distribution, and innovation all stand to benefit immensely. While the consumer’s adoption of fitness bands and connected household appliances might generate more media buzz, the potential for business usage is much greater. Research from the McKinsey Global Institute suggests that the operational efficiencies and greater market reach IoT affords will create substantial value in many industries. (For more, see the video “What’s the one piece of advice for a business leader interested in the Internet of Things?” And to see how experts believe the Internet of Things will evolve, see “The Internet of Things: Five critical questions.”)

She doesn't seem “above the fray” rather she seems “deliberately ignorant” for someone who must know the questions will be asked again and again.
Hillary Clinton had a testy press conference filled with questions about her email server
Democratic presidential front-runner Hillary Clinton endured an at-times combative press conference Tuesday, during which she could not answer whether her email server, which was turned over to the FBI last week, had been "wiped" clean of data.
… "What, like with a cloth or something?" Clinton joked, before saying she didn't "know how it works digitally at all." [You'd think she would ask. Bob]
… Two sources close to the FBI investigation told NBC that an "attempt" was made to wipe Clinton's server sometime before it was handed over to the FBI. (It is unclear, however, when that attempt was made.) But federal agents are reportedly confident they can recover at least some of the deleted files.

This should be really interesting.
The government wants your Yelp reviews
… Yelp on Tuesday announced it reached a terms of service agreement with the federal government that will allow agencies and branch offices to set up their own Yelp pages and respond to constituent comments.
… “With the addition of Public Services and Government under the Yelp umbrella, agencies can continue to find new ways to use customer insights to improve citizen services,” said Justin Herman, who works for DigitalGov, within the General Services Administration.
Herman revealed the agreement earlier this month in a little noticed blog post.
It is unclear exactly which agencies and branch departments will utilize the new tool. A host of government pages have existed for years for local post offices, libraries and TSA posts.
The agreement will allow those branches to claim the existing pages if they want.

Making my students employable.
The 59 Commandments of Business Networking

Not free, but I bet my students will want it anyway.
This new dictation app is more powerful than any you've ever seen
Nuance plans to launch its new Dragon Anywhere dictation app this fall on iOS and Android, the Verge reports.
Most of us already have basic dictation features that come with our phones, but this app is much more powerful than any of the features offered by Apple and Google. Those companies’ features require you to constantly stop and wait, and with varying levels of success. Dragon Anywhere, on the other hand, has proved to be “quite accurate.”
… The only downside about this app is that it will exclusively be available as a subscription, the price of which has yet to be determined because running the servers to keep up with all the transcriptions will be expensive for Nuance. The desktop application will be sold at a flat rate.

Another toy for my students. (Digest Item #2)
Get Stephen Hawking’s Voice Software
The speech software that gives Stephen Hawking a voice despite his severe physical disabilities is now available for free. Intel has released the Assistive Context-Aware Toolkit (ACAT) as open-source code in the hopes that developers will expand its capabilities to a wider range of disabilities.
ACAT allows Hawking to express himself using nothing more than small facial movements, which are translated into text. The software has allowed Hawking, the world’s most famous theoretical physicist, to enjoy a long and illustrious career despite being diagnosed with ALS (amyotrophic lateral sclerosis) at the age of 21.
Sai Prasad, ACAT’s project owner, said, “Our hope is that, by open sourcing this configurable platform, developers will continue to expand on this system by adding new user interfaces, new sensing modalities, word prediction and many other features”. The software and user guide can be found on Github.

Dilbert on “undue reliance.”

Tuesday, August 18, 2015

Health monitor or Privacy risk? If it works here, can government health systems be far behind?
Humana Using Analytics to Improve Health Outcomes
Earlier this year a CDW survey revealed that analytics is a top priority for two thirds of decision-makers in the health care industry. Nearly 70 percent of respondents said they were planning for or already implementing analytics.
This is no surprise, given the strong results seen by analytics from early adopters like Humana.
The health insurer has made analytics a foundational piece of its clinical operations and consumer engagement efforts. Humana uses predictive models to identify members who would benefit from regular contact with clinical professionals, helping them coordinate care and making needed changes in healthy lifestyle, diet and other areas. This proactive approach results in improved quality of life for members, at a lower cost, said Dr. Vipin Gopal, Enterprise VP, Clinical Analytics.
According to Humana, it identified 1.9 million members with high risk for some aspect of their health through predictive models in 2014. It also used analytics to detect and close 4.3 million instances where recommended care, such as an eye exam for a member with diabetes, had not been given. In those cases, Humana notified members and their physicians, through which such gaps in care were addressed.

Does the constitution apply in the Cloud?
Dan Horowitz writes:
Why is the Second Circuit being forced to defend our electronic privacy and preserve an international agreement from the Obama administration?
Recently, a Federal Judge in New York was convinced by lawyers from the Obama administration that international agreements and the Fourth Amendment were simply minor impediments to be brushed aside at the behest of the Department of Justice (DoJ) and their insatiable desire to have automatic access to any electronic data U.S. citizens and companies possess.
How is this possible? Why have very few people heard of this? Why aren’t the Netizens up in arms over it?
Read more on The Hill.

You may not be a criminal, but you might sue me? Maybe everyone should wear a camera.
Rachel Levinson-Waldman writes that the use of police body cameras has spread to schools:
…. As these programs began to proliferate, schools took notice. In Houston, Texas, 25 school officers have started wearing body cameras in a pilot program, and the school district plans to expand the program to all 210 members of the force.
An Iowa school district has even taken this initiative one step further, buying cameras for principals and assistant principals to wear while interacting with students and parents. While the administrator overseeing the program has said the cameras are not intended to monitor every activity, he expressed the hope that any complaint could be investigated through body camera footage, suggesting that principals would need to record early and often.
The spread of body cameras into our schools may come as surprise to some, but it shouldn’t. It is not unusual for surveillance technologies to leap from one world to another, or to be deployed for one purpose and gradually used for many more.

(Related) Another interesting question.
Should Everyone Get to See Body-Camera Video?
… If a police officer has a hostile encounter with a teenager on the street, but neither of them are badly injured, does the teenager have a right to see video of the incident recorded from the officer’s body camera? If an officer is invited inside the home of a domestic-violence victim, will that victim be able to tell the cop not to record?
And, most importantly, if someone is killed in an altercation with an officer, could that officer watch the video before testifying to a grand jury? Because if so, critics say, that cop would be able to alter his or her account of the event to match what was on video—even if their initial account was wildly different.

I'm surprised the government could buy anything that cheaply.
Price for TSA's failed body scanners: $160 million

CRS – National Security Letters in Foreign Intelligence Investigations
by Sabrina I. Pacifici on Aug 17, 2015
National Security Letters in Foreign Intelligence Investigations: A Glimpse at the Legal Background, Charles Doyle, Senior Specialist in American Public Law. July 31, 2015.
“Five federal statutes authorize intelligence officials to request certain business record information in connection with national security investigations. The authority to issue these national security letters (NSLs) is comparable to the authority to issue administrative subpoenas. The USA PATRIOT Act (P.L. 107-56) expanded the authority under the original four NSL statutes and created a fifth. Thereafter, the authority was reported to have been widely used. Then, a report by the Department of Justice’s Inspector General (IG) found that in its use of expanded USA PATRIOT Act authority the FBI had “used NSLs in violation of applicable NSL statutes, Attorney General Guidelines, and internal FBI policies,” although it concluded that no criminal laws had been broken. A year later, a second IG report confirmed the findings of the first, and noted the corrective measures taken in response. A third IG report, critical of the FBI’s use of exigent letters and informal NSL alternatives, noted that the practice had been stopped and related problems addressed.”

When dealing with police, you become a second class citizen?
Spanish woman fined for posting picture of police parked in disabled bay
A Spanish woman has been fined €800 (£570) under the country’s controversial new gagging law for posting a photograph of a police car parked illegally in a disabled bay.
… The police tracked her down within 48 hours and fined her.
The Citizens Security Law, popularly known as the gagging law and which came into force on 1 July, prohibits “the unauthorised use of images of police officers that might jeopardise their or their family’s safety or that of protected facilities or police operations”.
… Asked how the photo had put the police at risk, he said the officers felt the woman had impugned their honour by posting the picture and referred the incident to the town hall authorities. “We would have preferred a different solution but they have the legal right to impose the fine,” Portillo said.

Aggressive lawyering or simply testing the legal waters?
Movie Studios Pull Injunction Demand in MovieTube Lawsuit
In the face of objections raised by prominent tech companies, the Motion Picture Association of America is declaring that it has already accomplished its primary mission in its lawsuit against the anonymous operators of various MovieTube websites.
… Such a demand for injunctive relief triggered an angry response from Google, Yahoo, Facebook, Twitter and Tumblr, which in an amicus brief accused the MPAA of attempting to "resurrect" the Stop Online Piracy Act by seeking an injunction on "non-parties in a lawsuit without proof that the nonparty was acting in concert with the defendant."
… The big legal issues pertaining to the standards under which web-hosting providers, digital advertising service providers, social media services and others must take action with respect to piracy sites has thus been dodged. However, this likely won't be the last time the controversy comes up.

Is Walmart a bad neighbor?
Mayor to Walmart: Pay for Your Own Security
Violent incidents at a local Walmart (WMT) in Beech Grove, Indiana have the town’s mayor declaring the store a public nuisance. With more than three police visits a day, the mayor argues Walmart is sapping tight resources for a little town of 14,000 that sits southeast from Indianapolis.
… Or is there another storyline here, that Walmart, with nearly a half a trillion dollars in annual revenue, $482 billion, isn’t doing enough to provide security at its local stores, as customers get assaulted, shoppers brawl, and even killings occur?
The Beech Grove mayor’s move comes as big cities like San Francisco, New York, Boston, and Washington, DC fight Walmart’s continued expansion.

Sua Sponte ("Of their own accord") Rangers Lead The Way! As Yogi said, "Baseball is 90% mental -- the other half is physical." Same with Ranger school.
Two women pass Army Ranger school – historic first raises big questions
For the first time ever, two women have passed Army Ranger School – widely considered one of the most physically and mentally grueling courses in the United States military.
… But it raises questions, too, about the future of Ranger School and the broader ban on women in combat roles.
The decision on women in combat roles is expected to come in January, when each of the services is required to either lift the exclusion or ask for an exemption to extend it, backed by scientific research showing why women can’t fulfill the tasks necessary to serve on the front lines.

Is it me or is the State Department tossing Hillary under the bus? Or perhaps they are the best example of government mismanagement I've ever found for my students.
Earlier this year, Gawker Media sued the State Department over its response to a Freedom of Information Act request we filed in 2013, in which we sought emails exchanged between reporters at 33 news outlets and Philippe Reines, the former deputy assistant secretary of state and aggressive defender of Hillary Clinton. Over two years ago, the department claimed that “no records responsive to your request were located”—a baffling assertion, given Reines’ well-documented correspondence with journalists. Late last week, however, the State Department came up with a very different answer: It had located an estimated 17,000 emails responsive to Gawker’s request.
On August 13, lawyers for the U.S. Attorney General submitted a court-ordered status report to the U.S. District Court of the District of Columbia in which it disclosed that State employees had somehow discovered “5.5 gigabytes of data containing 81,159 emails of varying length” that were sent or received by Reines during his government tenure. Of those emails, the attorneys added, “an estimated 17,855” were likely responsive to Gawker’s request

New Clinton email count: 305 documents with potentially classified information
More than 300 of former Secretary of State Hillary Rodham Clinton’s emails — or 5.1 percent of those processed so far — have been flagged for potential secret information, the State Department reported to a federal court Monday as the political furor continued to grow for the Democratic presidential candidate and her aides.

(Related) Yet amazingly, her poll numbers are improving!
Poll: 2% of Americans Believe Hillary Clinton

Coming soon to a home near you?
How Much Can You Save With Solar Panels? Just Ask Google
… On Monday, the company unveiled Project Sunroof, a tool that calculates your home’s solar power potential using the same high-resolution aerial photos Google Earth uses to map the planet. After creating a 3-D model of your roof, the service estimates how much sun will hit those solar panels during the year and how much money the panels could save you over the next two decades.
… The service is now available for homes in the San Francisco Bay Area, central California, and the greater Boston area. Google is headquartered in California, you see, and project creator Carl Elkin lives in Boston.

For my Ethical Hacking students with young children? Also for my Excel students.
Hack Amazon's Dash buttons to do things other than buying stuff
Amazon's Dash buttons are tiny adhesive physical triggers that can order for you, through the magic of WiFi, anything you need to stock up on. But that's not the limits of their power, if you're willing to tinker with them. Ted Benson, (who works at a company that likes to regularly perform such shenanigans with the aid of its web tools), reckons it''ll you take under 10 minutes to repurpose Amazon's physical iteration of Buy It Now. (I think he's underestimating the degree of incompetence this editor possesses, but anyhow.) Benson managed to hack a diaper-ordering Dash button to act as an Internet Of Things-style tracker for how often his (adorable) baby poops. Or how many times he wakes up in a night. The trick lies in the fact that Amazon's buttons aren't constantly connected to WiFi. For the sake of battery life, the buttons only come to life when pushed, meaning the workaround picks up when your button is trying to access the internet, and registers that as a trigger for anything but buying stuff from Amazon.
With a little bit of python code, a simple program can track when the button tries to connect to the WiFi, and once it gets a hit, record a datapoint. (In this case, inside a Google Doc spreadsheet.) Of course, you need to ensure you've setup the button not to order something every time you press it --easily done when you first start using the button. If you're looking to make the idea of smart diapers seem suddenly very stupid, you can find all the code and instruction needed in the Medium post right here

How to Get Started With Apple's ResearchKit
Earlier in the year, we reported on Apple's announcement of ResearchKit, an open source framework that researchers can use to create apps that leverage the iPhone to help gather new types of data. Here, we let you know what you need to get started with your own ResearchKit-powered app.

For my Computer Security students.
This Is How They Hack You: The Murky World of Exploit Kits

Stop in the morning to wake up, stop after work to mellow out? Perhaps they will sell weed here in Colorado?
Starbucks serving wine, craft beer and small plates in South Florida starting Wednesday

For the student Movie Club?
7 Places To Find Free Movie Rentals Online

Perhaps we could use this to make short tutorials for our students? (See # 4 & 8)
12 Ways to Use Periscope for Business

Perhaps a tool for students to learn the “Terms of Art” in my classes?
How to Quickly Create Vocabulary Lists from a Document
Last winter I was contacted by a high school student who had developed a neat tool for generating vocabulary lists and study sheets from a document. That tool is called Vocabulist. Vocabulist enables students to upload a document and have it extract words and definitions from it. Each word in the document is matched to a definition. If the definition rendered isn't exactly right, students can modify it within Vocabulist. Once the list of words and definitions is set students can download the list as a PDF or export the list to Quizlet where it will then be turned into a set of digital flashcards. (Students must have a Quizlet account). In the video embedded below I demonstrate how easy it is to create a vocabulary study sheet through Vocabulist.