Friday, January 25, 2013

The US military just got a whole lot better. Just because they (got / will get) this one right does not mean they now have a firm grasp of the obvious in other areas...
Here’s How the Military Will Finally Accept (Most) Women in Combat
… As of Thursday afternoon, by act of Defense Secretary Leon Panetta and Army Gen. Martin Dempsey, the chairman of the Joint Chiefs of Staff, the 1994 Direct Combat Exclusion Rule for women is no more. But it won’t be gone gone until 2016. Between now and then, the services will present plans for gender integration, due May 15, and then gradually integrate women into combat occupations — as well as assess which tasks they’re going to keep all-male.
… “Female servicemembers have faced the reality of combat,” Panetta recognized in a Thursday press conference at the Pentagon. [A prime example of a “Well, DUH!” moment. Bob]


"Never ascribe to malice that which is adequately explained by incompetence" Napolean (maybe) Key management is an interesting problem.
"Github has killed its search function to safeguard users who were caught out storing keys and passwords in public repositories. 'Users found that quite a large number of users who had added private keys to their repositories and then pushed the files up to GitHub. Searching on id_rsa, a file which contains the private key for SSH logins, returned over 600 results. Projects had live configuration files from cloud services such as Amazon Web Services and Azure with the encryption keys still included. Configuration and private key files are intended to be kept secret, since if it falls into wrong hands, that person can impersonate the user (or at least, the user's machine) and easily connect to that remote machine.' Search links popped up throughout Twitter pointing to stored keys, including what was reportedly account credentials for the Google Chrome source code repository. The keys can still be found using search engines, so check your repos."


Others are echoing my thoughts... Does this mean I got something right?
"The first shot was probably the release of Stuxnet sometime during or before 2009. Even though no one has officially claimed responsibility everyone knows who was behind it. Stuxnet hit with a bang and did a whole lot of damage to Iran's uranium-enrichment capabilities. We followed up Stuxnet with Flame — the Ebola virus of spyware. What did the Iranians fire back with? A series of massive, on-going and ineffective DDoS attacks on American banks. This is a disproportionate response but not in the way military experts usually mean that phrase. It's the equivalent of someone stealing your car and you throwing an ever-increasing number of eggs at his house in response. It's fascinating that Iran continues to do nothing more despite the fact that U.S. critical infrastructure currently has the defensive posture of a dog waiting for a belly rub. Keep that in mind the next time you hear that a 'cyber Pearl Harbor' is imminent."
[From the article:
“Whenever I'm asked whether this or that is an act of war my reply is: would it be in our interests to consider it an act of war,” [Interesting way to phrase the question Bob] Martin Libicki of the Rand Corp. told BankInfoSecurity. “Similarly, would it be in the United States' interests to consider itself at cyber war with Iran? Could we convince others that our perception is reality? Would they reply that, with Stuxnet, the United States fired first?

(Related) Is it a Cyber Pearl Harbor or a Cyber 9/11 or Cyber Sandy or just a bid for a bigger budget?
'Cyber 9/11' may be on horizon, Homeland Security chief warns
"A cyber attack perpetrated by nation states or violent extremist groups could be as destructive as the terrorist attack of 9/11," he said during a speech. "Such a destructive cyber terrorist attack could paralyze the nation."
According to Reuters, Napolitano said today that a massive cyber attack could cause the same amount of damage as last year's Superstorm Sandy, which downed electricity and information networks throughout the Northeastern U.S. [As big as “9/11”, “Sandy” or “The nation” What to believe, what to believe... Bob]


We always have room for an Ethical Hacker. The kid appears to be better at finding security flaws than the college. Are they sure they want him on the outside looking in?
"The Security Ledger writes that the expulsion of Ahmed Al-Khabaz, a 20-year-old computer sciences major at Dawson College in Montreal, has exposed a yawning culture gap between academic computer science programs and the contemporary marketplace for software engineering talent. In an opinion piece in the Montreal Gazette on Tuesday, Dawson computer science professor Alex Simonelis said his department forbids hacking as an 'extreme example' of 'behavior that is unacceptable in a computing professional.' And, in a news conference on Tuesday, Dawson's administration stuck to that line, saying that Al-Khabaz's actions show he is 'no longer suited for the profession.' In the meantime, Al-Khabaz has received more than one job offer from technology firms, including Skytech, the company that makes Omnivox. Chris Wysopal, the CTO of Veracode, said that the incident shows that 'most computer science departments are still living in the pre-Internet era when it comes to computer security.' 'Computer Science is taught in this idealized world separate from reality. They're not dealing with the reality that software has to run in a hostile environment,' he said. 'Teaching students how to write applications without taking into account the hostile environment of the Internet is like teaching architects how to make buildings without taking into account environmental conditions like earthquakes, wind and rain,' Wysopal said."


Rights is rights!
Sex Offenders Can’t Be Banned From Facebook, Court Rules
A federal appeals court ruled Wednesday that a 2008 Indiana law forbidding registered sex offenders from using instant-messaging and social-networking sites like Facebook is an unconstitutional infringement of First Amendment-protected speech.
The 7th U.S. Circuit Court of Appeals said the legislation “broadly prohibits substantial protected speech rather than specifically targeting the evil of improper communications to minors.” (.pdf)

(Related) On the other hand...
Twitter has been criticized in the past for not being as vigilant as other social networks as far as removing offensive content, and it looks like a French court is taking matters into their own hands by ordering Twitter to hand over the usernames and information of users who post racist and offensive tweets.
… The court also ordered Twitter to set up an “easily accessible and visible” system that would allow users to alert the site of illegal content specifically for “crimes against humanity and incitement to racial hatred.” Back in October, Twitter removed a neo-Nazi group that would post racist tweets on the site, but only after German police stepped in.


Ubiquitous surveillance – that pretty much says it all...
Cell phones that can identify you by how you walk. Fingerprint scanners that work from 25 feet away. Radars that pick up your heartbeat from behind concrete walls. Algorithms that can tell identical twins apart. Eyebrows and earlobes that give you away. A new generation of technologies is emerging that can identify you by your physiology. And unlike the old crop of biometric systems, you don't need to be right up close to the scanner in order to be identified. If they work as advertised, they may be able to identify you without you ever knowing you've been spotted.

(Related) ...and when I say ubiquitous... Think they can tell what kind of newly legalized plants we are growing here in Colorado?
Timothy Lord starts this video with these words: "Sensors are a big deal at CES this year. They are small devices that track everything from the location of your pets to how many steps you have taken today." And so he chatted with Phillip Bolliger, founder of Swiss company Koubachi AG, which makes Wi-Fi sensors that help you give your plants the right amount of water and light and to keep them at the right temperature. As of this writing, the prices on their online store are in Euros, not dollars, but the sensors are now available through Amazon with U.S. pricing. Koubachi also has a free app for your iOS device, and a Facebook app for your computer or Android device, that will help you give your plants the right amount of fertilizer and other love even if you don't buy a Koubachi sensor.

(Related) Self-surveillance and cheap drones, what's not to like?
There’s a little quad-helicopter device coming to the market relatively soon known as the MeCam, developed and manufactured by the friendly folks at Always Innovating. This little chopper has its own video camera and will connect to your smartphone as well as follow you around automatically while otherwise accepting voice-commands galore. This little monster will also only cost you $49 USD.


Yes this is a source of Golden Eggs, but we want roast goose!” Can you say, Silicon Death Valley?
"Engineers and hackers don't think much about tax policy, but there's a bizarre development in California that they should know about, since it could reduce the pool of angel-investment money available for tech startups. Under a tax break available since the 1990s, startup founders and other investors in California were allowed to exclude or defer their gains when they sold stock in California-based small businesses. Last year, a California appeals court ruled that the tax break was unconstitutional, since it discriminated against investors in out-of-state companies. Now the Franchise Tax Board, California's version of the IRS, has issued a notice saying how it intends to implement the ruling — and it's a doozie. Not only is the tax break gone, but anyone who claimed an exclusion or deferral on the sale of small-business stock since 2008 is about to get a big retroactive tax bill. Investors, entrepreneurs, and even the plaintiffs in the original lawsuit are up in arms about the FTB's notice, saying that it goes beyond the court's intent and that it will drive investors out of the state. This Xconomy article takes an in-depth look at the history of the court case, the FTB's ruling, and the reaction in the technology and investing communities."


The time has come... Every survey for the last 5 years says the same thing.
"Internet access is as crucial to everyday life as having a phone connection and the loss of connectivity is deserving of financial compensation, the German Federal Court of Justice has ruled. Because having an internet connection is so significant for a large part of the German population, a customer whose service provider failed to provide connectivity between December 2008 and February 2009 is entitled to compensation, the court ruled today. 'It is the first time the court ruled that an internet connection is as important a commodity as having a phone,' said court spokeswoman Dietlind Weinland. The court, however, denied the plaintiff's request of €50 a day for his fax machine not working."

(Related)
From Concerned Privacy Advocates, Internet Activists, Journalists & Other Organizations:
Skype Division President Tony Bates
Microsoft Chief Privacy Officer Brendon Lynch
Microsoft General Counsel Brad Smith
Dear Mr. Bates, Mr. Lynch and Mr. Smith,
Skype is a voice, video and chat communications platform with over 600 million users worldwide, effectively making it one of the world’s largest telecommunications companies. Many of its users rely on Skype for secure communications—whether they are activists operating in countries governed by authoritarian regimes, journalists communicating with sensitive sources, or users who wish to talk privately in confidence with business associates, family, or friends.
It is unfortunate that these users, and those who advise them on best security practices, work in the face of persistently unclear and confusing statements about the confidentiality of Skype conversations, and in particular the access that governments and other third parties have to Skype user data and communications.
We understand that the transition of ownership to Microsoft, and the corresponding shifts in jurisdiction and management, may have made some questions of lawful access, user data collection, and the degree of security of Skype communications temporarily difficult to authoritatively answer. However, we believe that from the time of the original announcement of a merger in October 2011, and on the eve of Microsoft’s integration of Skype into many of its key software and services, the time has come for Microsoft to publicly document Skype’s security and privacy practices.
Read the full letter here.
And yes, PogoWasRight.org would have signed on to this – if someone had thought to let this site know or asked for a signature.


Who will scream and how loud?
"The Government of Antigua is planning to launch a website selling movies, music and software, without paying U.S. copyright holders. The Caribbean island is taking the unprecedented step because the United States refuses to lift a trade 'blockade' preventing the island from offering Internet gambling services, despite several WTO decisions in Antigua's favor. The country now hopes to recoup some of the lost income through a WTO approved 'warez' site."


Well this makes me feel all fuzzy. Wait, does the fact that the government commissioned the government to study the government suggest a potential conflict of interest? “Nope. We got ethics!”
Pentagon Watchdog Clears Darpa in Ethics Probe
The Pentagon’s far-out research agency is something of a revolving door. Program managers enter; defense consultants and academics leave; and then they come back a few years later. The Pentagon’s watchdog has concluded that’s completely above board.
Darpa’s ethics training “appropriately mitigated the potential for conflicts-of-interest,” concludes Jacqueline L. Wicecarver, the Pentagon’s assistant inspector general, in a report released on Thursday.


For my entrepreneurial students...
"Network World is running a guest article by Outercurve Foundation's technical director Stephen Walli discussing how FOSS license choice can affect a company's business model. Walli disagrees that a FOSS license dictates the business model or that the business model dictates the license."
[From the article:
Red Hat packages an asset that they neither own nor control. They influence the Linux kernel through participation in the Linux kernel community. They use the Linux kernel in their Red Hat Enterprise Linux and Fedora Project operating systems. They surround the kernel with considerable other software (most of it free and open source project-based from a collection of other project communities in which they participate). They support and warrant their product solution, as well as develop and enable the Fedora project community. They are the most profitable and successful Linux vendor and indeed the most successful open source company to date, finally cracking the US$1B revenue barrier in 2012.


Interesting idea. The White House now requires 100,000 “signitures” but what changes would be possible if petitions started with “I'll vote for you (your party's candidate) if...”
"Internet activists in Finland, upset with the country's strict copyright laws, are ready to take advantage of the country's promise to vote on any citizen-proposed bill that reaches 50,000 signatures. Digital rights group Common Sense in Copyright has proposed sweeping changes to Finland's Lex Karpela, a 2006 amendment to the Finnish copyright law that more firmly criminalized digital piracy. Under it, 'countless youngsters have been found guilty of copyright crimes and sentenced to pay thousands, in some cases hundreds of thousands, of euros in punitive damages to the copyright organizations.' The proposal to fix copyright is the best-rated and most-commented petition on the Open Ministry site."


Thought so...
January 24, 2013
Columbia Journalism Report - Post Industrial Journalism
Post Industrial Journalism by C.W. Anderson, Emily Bell and Clay Shirky
  • "The effect of the current changes in the news ecosystem has already been a reduction in the quality of news in the United States. On present evidence, we are convinced that journalism in this country will get worse before it gets better, and, in some places (principally midsize and small cities with no daily paper) it will get markedly worse. Our hope is to limit the scope, depth and duration of that decay by pointing to ways to create useful journalism using tools, techniques and assumptions that weren’t even possible 10 years ago."


Unlimited free power, version 946.2? Let's hope they don't fall into the ocean and breed..
"Researchers at the University of Buffalo have created spherical silicon nanoparticles they claim could lead to hydrogen generation on demand becoming a 'just add water' affair. When the particles are combined with water, they rapidly form hydrogen and silicic acid, a nontoxic byproduct, in a reaction that requires no light, heat or electricity. In experiments, the hydrogen produced was shown to be relatively pure by successfully being used to power a small fan via a small fuel cell."


For my students...
… You may have put a little thought into your profile at some point and then probably let it stagnate somewhat between moments of enthusiasm for career-building behaviour.
However, this need not be the case. There are a number of great hacks you can use with LinkedIn, some of which will help to keep your profile looking fresh for longer, and all of which will help to further your career in some way. It’s well worth taking a quick look at a few of them to see what you can incorporate into your regular activities.


For my researching students?
The ultimate tablet magazine is ready for your Android. Long an iPad-only offering, Flipboard arrived for Android tablets in December – and I’ve barely put my tablet down since. With the ability to pull in content from thousands of sites, Flipboard can also access your Google Reader, YouTube, Twitter, and Facebook accounts, meaning everything you care about on the web is literally at your fingertips.


Perhaps we could fit this in to our programming classes?
"Yesterday in a post at the White House website, the U.S. government announced that June 1-2 would be the National Day of Civic Hacking. 'Civic Hacking Day is an opportunity for software developers, technologists, and entrepreneurs to unleash their can-do American spirit by collaboratively harnessing publicly-released data and code to create innovative solutions for problems that affect Americans.' It will be a joint project with Random Hacks of Kindness, Code for America. Activities are being planned in many cities across the country, and you can also sign up to host your own event. It's nice to see the government use the word 'hacking' in a positive way, since most uses of the term these days involve malicious activity."

No comments: