Saturday, June 30, 2018

A model for the coming US elections?
Meet The 29-Year-Old Trying To Become The King Of Mexican Fake News
The first tweets using the hashtag #GanaConVictoryLab started appearing around 6 p.m. on the afternoon of June 15. Within two hours, it began rising through Mexico’s national trending topics on Twitter. By 8 p.m., it was the fourth-most-tweeted hashtag in Mexico, pushing down mentions of Cristiano Ronaldo’s World Cup performance that afternoon.
The only problem: Every one of the accounts tweeting the hashtag was a fake.
… Merlo’s Victory Lab is one of the estimated hundreds of homegrown Mexican Cambridge Analytica – like marketing firms that are constantly filling up the country’s social media platforms with junk. Victory Lab will make anything trend on any platform for a fee.
… Merlo estimates that these days, around 90% of all trending topics in Mexico are controlled by digital marketing firms. He said that Mexico is still trailing behind the US, though, which most Mexican digital marketing firms see as the global capital of misinformation.

Disaster Recovery: Interesting that a system intended to ensure communications during a nuclear war can be brought down by a backhoe cutting a cable. (Or was this not an accident?)
Comcast outage brings down internet, TV service across US
… The outage, triggered by cut fiber lines, brought down internet, television and phone service for Comcast XFINITY customers in markets including New York and Philadelphia. Opens a New Window a website that follows outages, also tracked large outages in Chicago, Pittsburgh, Boston, Dallas, Denver and Seattle.
… “We identified two, separate and unrelated fiber cuts to our network backbone providers,” the Philadelphia-based company said.

Who can sort out this mess? Lawyers? The big audit firms?
The arrival of the General Data Protection Regulation a month ago led to a flurry of activity, clogging email inboxes and flooding people with tracking consent notices. But experts say much of that activity was for show because much of it fails to render companies compliant with GDPR.
Part of the issue, experts say, is the vague regulation has been interpreted in wildly different ways. GDPR consent-request messages vary wildly across sites. There are default pre-ticked opt-ins, buried options that require users to hunt for them, consent banners with information only available at a further click but no button to reject, and implied consent approaches. Others have used what some industry execs refer to as “nuke buttons,” which let the user reject everything without explaining what they’re rejecting or what they’re agreeing to. Others have simply reskinned cookie-banner messages required under the existing ePrivacy directive.

Limits to search…
Orin Kerr writes:
As regular readers know, I have argued in my academic writing that the Fourth Amendment should be interpreted to impose use restrictions on nonresponsive data seized pursuant to a computer search warrant. In a new decision, State v. Mansor, the Oregon Supreme Court appears to have adopted my approach under Oregon’s state equivalent of the Fourth Amendment.
Read more on The Volokh Conspiracy.
[From the article:
Computer warrant searches require the government to find a needle in an enormous electronic haystack. When the police execute a warrant to search for and find the needle of evidence, they usually need to seize the haystack first to search it. I have argued that a warrant to seize the needle should allow the police to seize the haystack to search for the needle. But there's a catch: The government should ordinarily not be allowed to use whatever else they find in the haystack. If the warrant is only to seize a needle, the police can only take away and use the needle, unless there are exigent circumstances exposed by the discovery of other evidence. The nonresponsive data – other evidence that may exist in the haystack but is not described in the warrant – ordinarily can't be used. For the details of my view, see this article.

“acceptable to technology firms?” How about citizens?
Google no longer accepting state, local election ads in Maryland as result of new law
Google stopped accepting state and local election ads in Maryland Friday as a result of a new law passed by the General Assembly that requires disclosure of who is paying for political advertising and how much is being spent.
Google spokeswoman Alex Krasov said the Silicon Valley company is unsure it can comply with the law’s regulations, which state officials are reviewing to forge into a national model acceptable to technology firms.
“Our systems are not currently built to collect and provide the information in the time frame required by Maryland’s new disclosure law,” Krasov said.

You can see where this might be useful.
DARPA Is Racing To Develop Tech That Can Identify Hoax Videos
Fake videos have become such a potentially disruptive threat that the high-tech research arm of the Pentagon is launching a contest in early July aimed at detecting “deepfakes,” hoax videos so realistic that they could trigger political scandal or even spark violent conflict.
… “The goal is to provide the general public — a set of tools that we can use to verify images, video and audio,” said Siwei Lyu, a computer scientist at the University at Albany that leads one of the research teams taking part in the contest, sponsored by the U.S. Defense Advanced Research Projects Agency.
Fake videos, sometimes known as deepfakes, harness artificial intelligence and can be used to place people where they did not go, and say things they never said. As fake videos improve, they could rock both people and nations, even inflame religious tensions, experts said.

Tilting at windmills? Un-faking the news?
Steve Ballmer: Why Good Data Are Hard to Find – and How to Fix That
When former Microsoft CEO Steve Ballmer retired in 2014, a lot of media attention was focused on his new passion as the owner of a professional basketball team, after he bought the L.A. Clippers for a reported $2 billion. Far less attention went to his creation of USAFacts, a nonprofit, nonpartisan organization that strives to shine a light on the U.S. government’s financial status and report the findings to its stakeholders, the American people.
… Ballmer began searching for government data and he found a lot of figures, but they weren’t always organized coherently. Government agencies tend to be siloed and their figures don’t always fit with each other. Because of how the data is kept, he pointed out, politicians can rattle off an isolated figure devoid of context to support their agendas. “Government data is not always timely or accessible, or frankly, it doesn’t always agree with itself,” he said. “How does anybody make a decision with data which sometimes doesn’t reconcile and isn’t out on a timely basis?”

Perspective. It’s called ‘Mission Creep.’
It started with your shoes, then your water. Now the TSA wants your snacks.
… Passengers at airports across the country — including all three of the Washington region’s major airports — are reporting a rise in TSA agents instructing them to remove their snacks and other food items from their carry-ons and place them in those ubiquitous plastic bins for a separate screening.
It’s not part of the agency’s standard policy, according to TSA spokesman Mike England. It’s simply a recommendation issued by the agency last year to help speed the bag-check process.
… The line, Gaul said, was moving noticeably slower than normal.
“It definitely caused a delay — not huge, but at least by like five or 10 minutes,” the Georgetown University PhD student said. “Mostly it was just bizarre and absurd.”
… England said the concern is not that people may be hiding explosives or other illicit material inside of food. Rather, it’s that the food itself can look similar to the components of an explosive — therefore making it more likely that bags with snacks would be flagged for a time-consuming manual search. Officials thought it might be more efficient, in some cases, to have passengers remove the snacks from their bags ahead of time.
England said he could not provide specific information on how a pack of pretzels could resemble an explosive.
… “Some terrorist is making bombs out of Frito-Lay,” mused a passenger waiting at Orlando International Airport.

Perspective. “You better not ignore us!”
Trump’s Pentagon Quietly Made A Change To The Stated Mission It’s Had For Two Decades
For at least two decades, the Department of Defense has explicitly defined its mission on its website as providing “the military forces needed to deter war and to protect the security of our country.” But earlier this year, it quietly changed that statement, perhaps suggesting a more ominous approach to national security.
The Pentagon’s official website now defines its mission this way: “The mission of the Department of Defense is to provide a lethal Joint Force to defend the security of our country and sustain American influence abroad.”
The new mission statement — featured at the bottom of every page on the site — removes the words “to deter war” while adding that it is the Pentagon’s job to “sustain American influence” overseas.

The self-driving vehicle market just got bigger.
This self-driving grocery delivery car will sacrifice itself to save pedestrians
… A pilot program involving Nuro and the grocery chain Kroger is scheduled to kick off this fall in a to-be-announced city, meaning that in the autumn, people in a test urban area should be able to order groceries by app, then have them delivered by a little independent car.
… “If you’re no longer trying to protect an occupant above all else, and in fact you’re trying to protect the most vulnerable road users—a pedestrian, cyclists—at all costs, then you can do things like self-sacrificing the vehicle,” he says. Given a situation where the car has to decide between hitting a person or a tree, Ferguson imagines, “we will always drive into the tree.” Or even, he says, a parked car.

For my smartphone using students.

Friday, June 29, 2018

A good update.
Massive data leak could affect nearly all American adults, security researcher says
… No evidence has surfaced that anyone with malicious intent actually obtained the Exactis data. That makes it different from the Equifax hack, which was a cyberattack on the company’s data.
… Troia told Wired he was curious about the security of ElasticSearch, which the magazine described as “a popular type of database that’s designed to be easily queried over the internet using just the command line.” When he did a search on the database, he found the Exactis database, which was unprotected. He said he also told the Federal Bureau of Investigation about his findings. [Much more likely to get the company moving… Bob]
… The information leaked by Exactis did not include Social Security numbers like the Equifax breach did. But it did include some general financial information, Troia said Thursday.
“When I looked myself up, I found the name of my mortgage lender, the value class of my home and whether or not I had certain kind of credit card,” Troia said.

The Elastic Stack
Built on an open source foundation, the Elastic Stack lets you reliably and securely take data from any source, in any format, and search, analyze, and visualize it in real time.

A much smaller breach. Note that they suggest this is only a “possible” breach, but definitely say it is “limited in scope.” Someone told them about the breach, they did not detect it.
Adidas Warns Millions of U.S. Customers About a Potential Data Breach
Adidas has warned millions of U.S. customers of a potential data breach.
The athletic-wear company announced in a press release on Thursday that an “unauthorized party” claims to have acquired customer data from its U.S. website. According to a preliminary investigation conducted by outside data security firms and law enforcement, the leaked data is believed to be limited in scope.
… Adidas first became aware of the security issue on June 26, but did not say when the breach occurred.
“We are alerting certain consumers who purchased on about a potential data security incident. At this time this is a few million consumers,” a spokesperson told Bloomberg.

Another miss-handled breach?
Bank says Ticketmaster knew of breach months before taking action
Ticketmaster UK announced on its site yesterday that it identified malicious malware on June 23rd that had affected nearly five percent of their customers, allowing an unknown third-party access to customers’ names, email addresses, telephone numbers, payment details and login information between February 2017 and June 23rd, 2018.
… But, according to U.K. digital bank Monzo, Ticketmaster was informed of the breach in April.
In a statement released by its Financial Crime team today, Monzo describes the events from its perspective.
… On April 12th, Monzo says it expressed its concerns directly to Ticketmaster and that the company said it would “investigate internally.” In the week to follow, Monzo received several more Ticketmaster-related fraud alerts and made the decision to replace roughly 6,000 compromised cards over the course of April 19th and 20th, without mentioning Ticketmaster.
During that same period, Ticketmaster told Monzo that its completed internal investigation had shown no evidence of a breach.
This puts Ticketmaster in an awkward position, because under the 2018 General Data Protection Regulations (GDPR), companies are required to report information of a breach within 72 hours. Not 76 days.

A third-party breach.
Facebook’s race to prove it’s a good and trustworthy company over the last few months kicked off when it was revealed that a quiz app sold user data to a political firm. Now, a different quiz app is getting some heat. A researcher discovered that a third-party app called NameTests left the data of 120 million Facebook users exposed to anyone who happened to find it.
… On Wednesday, De Ceukelaire described the process of reporting a flaw in the website behind the quiz app to Facebook’s newly founded Data Abuse Bounty program. Having never personally used a quiz app, De Ceukelaire started looking at the apps his friends on Facebook had installed. He elected to take his first quiz through the NameTests app. As he started tracing how his data was being handled, he noticed that NameTest’s website was fetching his information from the URL “” His personal data was held in a JavaScript file that could easily be requested by any website that knew to ask.
… De Ceukelaire wrote, “depending on what quizzes you took, the javascript could leak your Facebook ID, first name, last name, language, gender, date of birth, profile picture, cover photo, currency, devices you use, when your information was last updated, your posts and statuses, your photos and your friends.” He made a video of a dummy website he set up to take advantage of the flaw if you’d like to see how it works in practice.
The NameTest vulnerability may have been a simple mistake or an example of negligence, but it’s certainly a visceral example of how little oversight Facebook has over user data as it floats out to the world across thousands of apps.

If you are the Computer Security manager, you may be an insider.
Equifax Engineer Who Designed Breach Website Charged With Insider Trading
… In August 2017, Bonthu was asked to participate in Project Sparta, which Bonthu's bosses described as a major project for one of the company's clients who suffered a major breach that exposed details of over 100 million users.
Unknown to Bonthu, that client was Equifax itself, which a month prior discovered that it was hacked and an intruder stole details for over 145.5 million US and international users.
… SEC investigators say that Bonthu concluded on his own that the secret client in Project Spart was Equifax itself.
Using this information, the SEC says Bonthu used his wife's brokerage account to sell Equifax stock and eventually made more than $75,000, a return of more than 3,500% on his initial investment.

A non-breach for my Computer Security students to consider.
The Federal Communications Commission just settled an investigation into AT&T 911 outages from last year, hitting the telecom company with a $5.25 million fine. The FCC’s Enforcement Bureau made the announcement on Thursday, stating that “such preventable outages are unacceptable.”
Aside from the fine—which is really a drop in the bucket for the billion-dollar behemoth—AT&T must also make changes and enhancements to its systems to mitigate and soften the blow of future outages, as well as “regularly file compliance reports with the FCC.”
… The two AT&T 911 outages investigated by the FCC, which occurred on March 8 and May 1 of 2017, lasted about five hours and 47 minutes, respectively. Around 12,600 users were unable to complete 911 calls during the March outage, with 2,600 failed 911 calls during the May outage.
“The FCC’s investigation also found that, during the March outage, the company failed to quickly, clearly, and fully notify all affected 911 call centers,” [Remember, the phones are out… Bob] the news release states.

The GDPR era is beginning, as expected, in California.
California just passed one of the toughest data privacy laws in the country
… The California Consumer Privacy Act of 2018 is set to dramatically change how businesses handle data in the most populous state. Companies that store personal information — from major players like Google and Facebook, down to small businesses — will be required to disclose the types of data they collect, as well as allow consumers to opt out of having their data sold. The bill, which passed both chambers unanimously, was signed later in the day by Gov. Jerry Brown.
The legislation, which is similar to Europe’s new GDPR protections, is the result of a last-minute attempt to head off a ballot measure that would have brought a slightly different set of privacy rules to the state. The just-passed bill does not fully reproduce the initiative — it would, among other differences, require the disclosure of only the “category” of a third-party that receives personal information, instead of the identity of the third-party itself. But the legislation was close enough that the campaign for the ballot measure agreed to pull its proposal if the bill was signed into law by the deadline to withdraw today.
Perhaps most importantly, passing the privacy rules as legislation allows lawmakers to more easily change them, while a ballot measure would be more difficult to amend. The law is set to come into effect at the start of 2020, giving the tech industry an opportunity to address its grievances.

Probably won’t solve everything, but it’s a start.
Twitter launches its Ads Transparency Center, where you can see ads bought by any account
… Twitter says that with this tool, you should be able to search for any Twitter handle and bring up all the ad campaigns from that account that have run for the past seven days. For political advertisers in the U.S., there will be additional data, including information around billing, ad spend, impressions per tweet and demographic targeting.
Everyone should be able to access the Ads Transparency Center, no login required.

Another small step on Amazon’s path to world domination.
Buying PillPack would have cost Walmart about $700 million. Not buying it wiped $3 billion off the stock
Walmart was the lead buyer for months in talks to buy online pharmacy start-up PillPack. But Amazon swooped in, ultimately making a higher offer of around $1 billion. Losing that deal ended up costing Walmart about $2.3 billion, at least in terms of market value. Here's how.
According to a person familiar with the discussions, Walmart's original offer was just over $700 million, but Walmart dallied in closing the deal because of regulatory concerns. Meanwhile, Amazon had already been interested, then ramped up talks after CNBC's April report that PillPack was in acquisition talks.
After the news was announced on Thursday by the two companies, Walmart's stock took a tumble, along with the largest drug supply chains. The company lost $1.03 between Wednesday's close and Thursday's close, falling from $86.89 to $85.86. That loss, multiplied by 2,950,844,393 shares outstanding based on their 10-Q from earlier this month, yields a loss in market value of $3.04 billion.

Walgreens, CVS and Rite-Aid lose $11 billion in value after Amazon buys online pharmacy PillPack
Rite Aid plunged 11.1 percent, Walgreens Boots Alliance sank 9.9 percent and CVS Health fell 6.1 percent, respectively. The three companies collectively lost approximately $11 billion in market value on Thursday alone. Conversely, Amazon shares rose nearly 2.5 percent, adding more than $19.8 billion in market value.

(Related) Brilliant or wacky? Either way, it points out how difficult it must be for new businesses to enter this market.
Analyst: Google should give everyone in U.S. a free Home Mini speaker to stop Amazon
… Arguably what’s at stake, as conversational AI grows more reliable and robust, is who gets to act as a portal to streaming video services, streaming audio, web searches, shopping, and someday a bevy of in-home services.
… That’s also why Morgan Stanley analyst Brian Nowak told Marketplace today that Google parent company Alphabet should buy every household in the United States a $49 Home Mini smart speaker. At a price of $3.3 billion, doing so could help the company compete with Amazon and return profits five times over in retail search gains.

When Mark Zuckerberg said, “Move fast and break things,” he probably didn’t mean break the law.
Read more at:
Bird scooters arrive in downtown Milwaukee, but city attorney says they're illegal to use on streets, sidewalks
The Bird scooters that landed in downtown Milwaukee this week need to be returned to the cage and cannot be legally operated on city streets or sidewalks, a city attorney says.
… "BIRD’s Motorized Scooters may NOT be lawfully operated on any public street or sidewalk in the City of Milwaukee," he wrote.
Riders of the scooters could be issued a $98.80 citation and could also be cited for operating while intoxicated if they have been drinking, he wrote.

Thursday, June 28, 2018

Another ‘under the radar’ data aggregation firm screws the pooch. Another breach the company had to be told about! Just in time for my new Computer Security class to examine their errors. (Rather depressing how frequently this happens.)
Exactis said to have exposed 340 million records, more than Equifax breach
If you're a US citizen, your personal information – your phone number, home address, email address, even how many children you have – may have just become easily available to hackers in an alleged massive data leak.
Florida-based marketing and data aggregation firm Exactis exposed a database containing nearly 340 million individual records on a publicly accessible server, Wired reported. Earlier this month, security researcher Vinny Troia found that nearly 2 terabytes of data was exposed, which seems to include personal information on hundreds of millions of US adults and millions of businesses, the report said.
"It seems like this is a database with pretty much every US citizen in it," Troia told Wired.
… Because Exactis hasn't confirmed the leak, and the data is reportedly no longer accessible, it's hard to know exactly how many people are affected. But Troia found two versions of the database that each had around 340 million records, with roughly 230 million on consumers and 110 million on business contacts, according to Wired. Exactis says on its website that it has over 3.5 billion consumer, business and digital records.
The data leak is noteworthy not only for its breadth, but also for the depth of information the records have on people. Every record reportedly has entries that include more than 400 variables on characteristics like whether the person smokes, what their religion is and whether they have dogs or cats. But Wired noted that in some instances, the information is inaccurate or outdated.

Dan M. Clark reports on six major actions Equifax agreed to take to settle eight states’ charges against them over the 2017 data breach. From his report, because I cannot find a copy of the actual consent decree online just yet:
  • The company’s board members will have to review and approve a written risk assessment plan for future digital threats.
  • Equifax will also have to improve oversight of its information security program.
  • The board is also tasked with reviewing digital security policies and keeping them up to date and applicable to current threats.
  • An audit committee of the Equifax board will also be tasked with evaluating information technology controls at the company.
  • Similar rules apply to vendors with the company.
Read more on New York Law Journal.

Dan Clark reports:
Credit reporting agencies will now be required to register with the state and comply with its cybersecurity regulations, the state Department of Financial Services announced Monday.
The new rules are the state’s response to last year’s data breach at Equifax, a credit reporting agency, that exposed the personal information of 143 million people. If a credit reporting agency is found to have violated the new regulations, the DFS will now have the power to block them from serving New York state residents.
Under the new rules, any credit reporting agency that ran more than 1,000 credit reports in New York state in the last year will have to register with the DFS by the beginning of September and then again at the beginning of February each year.
Read more on New York Law Journal (free sub. Required)

The ignorant leading the incompetent?
UK Publishes Minimum Cyber Security Standard for Government Departments
The UK government's Cabinet Office has published the first iteration of its Minimum Cyber Security Standard, which will be incorporated into the Government Functional Standard for Security. The standard is mandatory for all government departments (which includes 'organizations, agencies, Arm’s Length Bodies and contractors'); but provides an excellent security checklist/framework for all commercial organizations.
It is a surprisingly short document (PDF); just seven pages comprising 10 sections under five categories: Identify, Protect, Detect, Respond and Recover. It largely follows the wider European approach of mandating outcomes rather than specific means to achieve those outcomes – but is not entirely devoid of specific instructions.

An increase suggests they are getting better. A decrease would signal that they have won the battle.
Twitter’s spam removal is up 214 percent compared to 2017
Twitter dropped a blog post yesterday explaining how it’s currently handling malicious spam and bots. The company says that in May, its system found and questioned over 9.9 million accounts for spamming or being automated.
Twitter says it’s also monitoring its APIs more strictly. During Q1 this year, it suspended more than 142,000 apps that violated rules and tweeted out over 130 million spam tweets, and kept up the momentum in the following months, removing an average of 49,000 apps each month.
Compared to last year, Twitter says it has removed 214 percent more accounts for violating spam policies. It also notes that the average number of spam reports has dropped from 25,000 a day in March to 17,000 a day in May, which Twitter is taking to mean that spam is being effectively combatted, but it could really just mean that people are getting tired of reporting spam.

Facebook’s fight against fake news has gone global. In Mexico, just a handful of vetters are on the front lines.
This spring, a doctored image claiming that the wife of the leading Mexican presidential candidate was the granddaughter of a Nazi ricocheted across Facebook and its messaging service, WhatsApp.
The post, shared 8,000 times before it was disproved, was part of a flood of fabricated stories that have spread on Facebook and its other services, including Instagram, ahead of Mexico’s July 1 presidential election — the country’s own version of the divisive misinformation that sought to influence the 2016 campaign across the border.
Determined to prevent a repeat of the abuses of its platform ahead of the U.S. midterm elections in November, Facebook has poured resources into election integrity, hiring thousands of content moderators and fact-checkers, deploying artificial intelligence, and conducting large sweeps of problematic accounts. Each new election is a test: Facebook’s security and civic teams are actively tracking 50 different elections in 2018 — and triaging for those deemed “high risk” — amounting to a national election practically every week.

Facebook’s Latest Problem: It Can’t Track Where Much of the Data Went
Company’s internal probe finds that some developers who scooped up data are now out of business, and others won’t cooperate
… Three months after CEO Mark Zuckerberg pledged to investigate all apps that had access to large amounts of Facebook data, the company is still combing its system to locate the developers behind those products and find out how they used the information between 2007 and 2015, when the company officially cut data access...

Should be interesting.
Mike Stunson reports:
Lexington must release information about the city’s surveillance cameras and the policies surrounding their use, a judge ordered last week.
Mike Maharrey, an activist and organizer for “We See You Watching Lexington,” said his victory over the city is huge for the people of Lexington.
“Now, hopefully, we will get the kind of transparency we deserve,” Maharrey wrote.

So, Google will be listening on even more phones. Paranoia?
Google invests in OS that will put its Assistant on feature phones
Google has just invested $22 million in KaiOS, the company that built an app-packed operating system for feature phones. The move, which gives Google access to previously-untapped markets, will see KaiOS integrate Google services such as maps, Assistant, YouTube and search into devices, which are considered mid-point phones between basic phones and smartphones.

Facebook, Google Manipulate Users to Share Personal Data Despite GDPR
Despite the new GDPR regulation entering into effect across Europe, Facebook and Google are manipulating users into sharing personal data by leveraging misleading wording and confusing interfaces, according to a report released today by the Norwegian Consumer Council (NCC).
In its 44-page report, the Norwegian agency accuses Google and Facebook of using so-called "dark patterns" user interface elements into "nudging" users towards accepting privacy options.
These dark patterns include misleading privacy-intrusive default settings, misleading wording, giving users an illusion of control, hiding away privacy-friendly choices, take-it-or-leave-it choices, and choice architectures where choosing the privacy-friendly option requires more effort for the users.

Perspective. Is Amazon Uber-izing the delivery business?
Amazon’s new blue crew: Tech giant enlists entrepreneurs to own the ‘last mile,’ delivering packages in Prime vans and uniforms
Amazon is expanding further into package delivery and promising to support a new wave of small business owners with the launch of a program that helps entrepreneurs start and run their own companies — delivering items purchased on in distinctive blue Prime-branded shirts and vans.
It’s “the next big building block of our end-to-end supply chain,” said Dave Clark, the Amazon executive who oversees the worldwide delivery logistics infrastructure for the e-commerce giant
… The new program lets anyone run their own package delivery fleet of up to 40 vehicles with up to 100 employees. Amazon works with the entrepreneurs — referred to as “Delivery Service Partners” — and pays them to deliver packages while providing discounts on vehicles, uniforms, fuel, insurance, and more. They operate their own businesses and hire their own employees, though Amazon requires them to offer healthcare, paid time off, and competitive wages. Amazon said entrepreneurs can get started with as low as $10,000 and earn up to $300,000 annually in profit.

Distracted Driving Is Out of Control, and There's No Single Cure
One study found that young drivers spend 12 percent of time behind the wheel looking at their phones. This is getting bad, people.
… a new, small study released today by AAA’s Foundation for Traffic Safety suggests that those infotainment systems built into vehicles’ consoles make driving a bit more dangerous, by demanding too much of those who are supposed to be watching the road.

Perspective. Give up Michael Porter? Never! Well, maybe….
Why Companies Need a New Playbook to Succeed in the Digital Age
… A new playbook requires companies to move beyond Michael Porter’s idea of controlled value chains, where companies focus on control and doing one thing really well. In a value chain, companies know a lot about their products, including where they are physically and when they are sold.
In the digital world, companies need to move to more complex, networked systems. They must create ecosystems or webs of relationships with partners that help them become a go-to for customers. The key is using digital to differentiate a company, offering customers something new and compelling — to create a destination they want to visit.

A resource to draw from.
BBC releases computer history archive
BBC Technology – “A slice of computing history has been made public, giving people the opportunity to delve into an archive that inspired a generation of coders. The Computer Literacy Project led to the introduction of the BBC Micro alongside programmes which introduced viewers to the principles of computing. It included interviews with innovators such as Bill Gates and Steve Wozniak. The BBC hopes the 1980s archive will encourage today’s youngsters to become involved in computing. With the release of the archive, viewers can now search and browse all of the programmes from the project. They will be able to:
  • watch any of the 267 programmes
  • explore clips by topic or text search
  • run 166 BBC Micro programmes that were used on-screen
  • find out the history of the Computer Literacy Project…”

The new ROTC uniform?
Make The Galaxy Great Again T-Shirt