Saturday, September 14, 2013

So is the court saying they should have been doing this all along or just “Now that the cat is out of the bag?”
Spencer Ackerman reports:
The court that oversees US surveillance has ordered the government to review for declassification a set of secret rulings about the National Security Agency’s bulk trawls of Americans’ phone records, acknowledging that disclosures by the whistleblower Edward Snowden had triggered an important public debate.
The Fisa court ordered the Justice Department to identify the court’s own rulings after May 2011 that concern a section of the Patriot Act used by the NSA to justify its mass database of American phone data. The ruling was a significant step towards their publication.
Read more on The Guardian. See also emptywheel’s coverage.


Do the crooks know this? For my Ethical hackers. What can we get for a guillotine that's still in the box?
Don't worry, your severed fingers won't unlock your iPhone 5S
… It explains that Apple's scanner doesn't work by optics. Rather, Apple's new system probes beneath the layer of you skin to see the real live action beneath.


I consider myself a clipping service (with commentary)
Much has been tweeted and written about the media shield law that made it out of the Senate Judiciary Committee yesterday. The bill gave me cause for concern as I listened to the debate about it and read the coverage on Politico, because I got the sense that bloggers/citizen journalists like myself would not be covered, even though I engage in a lot of the same behaviors that paid journalists working for big outlets like the NYT do.
It turns out that at least one prominent media lawyer thinks I definitely would be covered, and I’ve asked him to write up his analysis of the language of the bill to explain under what conditions folks like me could claim the shield privilege. I’ll post a link to his analysis once it’s online.
In the meantime, you may want to read David Savage’s coverage in the Los Angeles Times (via Joe Cadillic).


Still not on this list...
Bloomberg Visual Charts of Billionaires
Today’s rankings of the world’s richest people – Index is a daily ranking of the world’s richest – Visual charts provide bios. Provides the ability to: Explore – Rank – Plot – Map specific individuals and groups. Includes key data points: citizenships, genders, ages, sources of wealth.


Very useful tools. Pick one.
Tools for Creating Creating Screen Capture Images and Videos
This evening I received a question from a reader who was wondering what I use to create the annotated screen capture images that you see in the guides that I produce. I create those images by using Jing which I have installed on my Mac and Windows computers. There are other services that I have tried from time to time. Those services along with Jing are described below.


Every week...
From the press release: the California Community Colleges Board of Governors has voted to require that any works created under contracts or grants funded by the California Community Colleges Chancellor’s Office carry the Creative Commons Attribution license that gives permission to the public to reproduce, distribute, perform, display or adapt the licensed materials for any purpose so long as the user gives attribution to the author." [Potential resource? Bob]
The Open University has released a report on “Innovating Pedagogy,” which offers a look at 10 education theories, tools, and practices which it says “have the potential to provoke major shifts in educational practice, particularly in post-school education.” Among the 10: gaming, MOOCs, and badges.

Friday, September 13, 2013

For my Computer Security students. If not Best Practices, at least consider these “Things you can do to avoid hassles by the FTC.” Note that all of these are in Chapter One of the Intro to Computer Security textbook. More importantly, look at all the practices they don't mention! For my regular Blog readers: Told ya so!
The Federal Trade Commission has released a provisionally redacted public version of its complaint against LabMD (PHIprivacy.net’s coverage of LabMD linked here).
The complaint provides what could be useful guidance as to what types of practices the FTC considers to be problematic practices under the Act:
10. At all relevant times, respondent engaged in a number of practices that, taken together, failed to provide reasonable and appropriate security for personal information on its computer networks. Among other things, respondent:
(a) did not develop, implement, or maintain a comprehensive information security program to protect consumers’ personal information. Thus, for example, employees were allowed to send emails with such information to their personal email accounts without using readily available measures to protect the information from unauthorized disclosure;
(b) did not use readily available measures to identify commonly known or reasonably foreseeable security risks and vulnerabilities on its networks. By not using measures such as penetration tests, for example, respondent could not adequately assess the extent of the risks and vulnerabilities of its networks;
(c) did not use adequate measures to prevent employees from accessing personal information not needed to perform their jobs;
(d) did not adequately train employees to safeguard personal information;
(e) did not require employees, or other users with remote access to the networks, to use common authentication-related security measures, such as periodically changing passwords, prohibiting the use of the same password across applications and programs, or using two-factor authentication;
(f) did not maintain and update operating systems of computers and other devices on its networks. For example, on some computers respondent used operating systems that were unsupported by the vendor, making it unlikely that the systems would be updated to address newly discovered vulnerabilities; and
(g) did not employ readily available measures to prevent or detect unauthorized access to personal information on its computer networks. For example, respondent did not use appropriate measures to prevent employees from installing on computers applications or materials that were not needed to perform their jobs or adequately maintain or review records of activity on its networks. As a result, respondent did not detect the installation or use of an unauthorized file sharing application on its networks.
11. Respondent could have corrected its security failures at relatively low cost using readily available security measures.
12. Consumers have no way of independently knowing about respondent’s security failures and could not reasonably avoid possible harms from such failures, including identity theft, medical identity theft, and other harms, such as disclosure of sensitive, private medical information.
LabMD will likely respond that the FTC should have published these as a guideline before going after companies for not complying with them, but other businesses may want to use this complaint for their own guidance. In the meantime, LabMD continues complaining vociferously about the FTC’s action.

(Related) This is a peak at Data Brokers. Moer Privacy than Security
EFF – Data Broker Acxiom Launches Transparency Tool, But Consumers Still Lack Control
EFF: “Acxiom, a data broker that collects 1,500 data points per person [How many can you name of the top of your head? Bob] on over 700 million consumers total and sells analysis of such information, is trying to ward off federal privacy regulations by flaunting transparency—a diluted term, in this case—around user data. The company just launched AboutTheData.com, a site that will let users see and edit some information that Acxiom has about them—only “some,” since Acxiom’s analytics reveal far more information about you (living habits and personal preferences) that isn’t readily available to you, but is sold to partner companies. Everyone should be deeply concerned about data brokers. These companies are scavengers [Data Miners and Big Data analysts? Bob] for very personal data, amassing details about everything from “major life events” (like a wedding or a baby) to your browsing history and shopping habits, and they have even begun exploring business relationships with social media giants like Facebook and Twitter. And once this data is collected, it’s a small step away from government agencies and law enforcement. (There was hubbub around Acxiom and travel information, which the government collected and inadvertently shared.) ACLU has an excellent breakdown of Acxiom after the company released operational details in response to a Congressional inquiry. The Federal Trade Commission (FTC) has launched an in-depth investigation into data brokers to see what information they gather and how it is used. Commissioner Julie Brill recently wrote an op-ed demanding transparency around what user data is being collected through a voluntary “Reclaim Your Name” campaign.”


So fingerprints should not become a “Best Practice.”
Marcia Hofmann writes:
There’s a lot of talk around biometric authentication since Apple introduced its newest iPhone, which will let users unlock their device with a fingerprint. Given Apple’s industry-leading position, it’s probably not a far stretch to expect this kind of authentication to take off. Some even argue that Apple’s move is a death knell for authenticators based on what a user knows (like passwords and PIN numbers).
While there’s a great deal of discussion around the pros and cons of fingerprint authentication — from the hackability of the technique to the reliability of readers — no one’s focusing on the legal effects of moving from PINs to fingerprints.
Because the constitutional protection of the Fifth Amendment, which guarantees that “no person shall be compelled in any criminal case to be a witness against himself,” may not apply when it comes to biometric-based fingerprints (things that reflect who we are) as opposed to memory-based passwords and PINs (things we need to know and remember).
Read more of her excellent OpEd on Wired.


Politics is the art of “anything you can get away with.” This is a case of “We can, therefore we must.”
Tesla Rodriquez reports:
State Rep. Steve Drazkowski is one of 18 plaintiffs in a lawsuit filed Thursday that claims employees from Wabasha and Winona counties, the city of Winona and nearly 50 other counties and cities illegally accessed personal information hundreds of times.
The lawsuit claims that an unknown number of state employees used the state’s driver’s license database more than 600 times since April 2003 to look up their records, which include photos, Social Security numbers, addresses, weight, height and other private information.
Read more on Winona Daily News.
[From the article:
The lawsuit claims that an unknown number of state employees used the state’s driver’s license database more than 600 times since April 2003 to look up their records, which include photos, Social Security numbers, addresses, weight, height and other private information.
The 18 plaintiffs, a majority of whom are from Wabasha County, say they were targeted because of political reasons, such as for writing a letter to a newspaper, running for election, supporting a campaign or pushing for government reform.
“My clients do something (political),” said attorney Erick Kaardal, who represents the clients. “Police identify them and then run a check.”


Lots of information, so I'm not going to reproduce it here. Worth scanning!
Medical identity theft affected about 1.84 million adults or their family members this year at a projected out-of-pocket cost to the victims of over $12 billion, according to a new report released today.


Are the judges on the Ninth Circuit so far behind the average high school student that they think unencrypted wi-fi is hard to detect and record? Do they still use quill pens? Did they even consider a Google search?
EPIC – Federal Appellate Court Upholds Privacy Protection for Wi-Fi Communications
“The Court of Appeals for the Ninth Circuit has upheld a lower court ruling against Google in a case arising out of the Street View interception of private Wi-Fi communications. The lawsuit alleges that Google’s ongoing interception of Wi-Fi payload data through its Street View program violated several laws, including the federal Wiretap Act. The court rejected Google’s arguments that the interception was permissible. The court said that Google’s interpretation could have the absurd result of rendering private communications, like email, unprotected simply because the recipient fails to encrypt their Wi-Fi network. [I would agree with Google. That's why encryption is a “Best Practice!” Bob] Furthermore, the court explained that the unencrypted nature of the Wi-Fi networks did not make the data transmitted over them “readily accessible to the general public” because the data was still difficult for an ordinary person to intercept. [Nonsense. Bob] EPIC filed a “friend of the court” brief in the case urging the court to uphold legal protections for Wi-Fi communications, and discussing both the intent of the federal law and the operation of a typical home W-Fi network. For more information, see EPIC: Ben Joffe v. Google and EPIC: Google Street View.”

[See also:
Everyone knows that unencrypted wireless traffic can be viewed by anyone, and your data can easily be compromised.


This is really interesting. I wonder if there are similar sites for other professions? MBA, Computer Security, etc. (Sturm is there)
Law School News Aggregator
Elmer Masters: “Law School News. You can check it out at http://lsn.symphora.com/. In a nutshell it’s a site that aggregates RSS/Atom news feeds from just over 100 law schools in the US. There are more details about how it got built and what’s there on my blog at http://elide.us/2L.”


Come to thing of it, this could make lots of things easier!
To Enjoy Driverless Cars, First Kill All the Lawyers


Perspective: My students could at least try reading the textbook...
Welcome to the 72-Hour Work Week
How many hours do you think the average American professional works each week? If you think 40, 50 or even 60, think again. For many, 72 hours is the new norm.


Could be handy
– allows you to design your own personal startpage with your most important bookmarks and RSS feeds. Easy to use, reliable and completely (ad) free. Your startpage is stored in the cloud so that you can access it anywhere and on any device. Categorize bookmarks and RSS feeds in pages and lists. Import and export your bookmarks and RSS feeds. Make your pages public and share them.


For all my students. (At least the ones who like Chrome.)
Turn Chrome Into a Research Hub With These Extensions
We’ve covered a few tools like this before, like Diigo and Google Drive, but I’ll be going through four of the extensions that help me out the most as a student, and they can help you too.
OverTask is a like a homebase for organizing all of your tabs. It replaces your New Tab page with the OverTask main page where you can create tasks and view all of your tasks in a nice, simple, colorful layout. When you select a task or create one, it will close all of your tabs and leave you with just one tab for your task.
Citelighter is a toolbar that sits at the top of your window and help you keep your research organized and cited.
Joining the hordes of vowel-deprived services like Tumblr and Flickr is Stay Focusd; this app, as the name implies, attempts to keep you focused on your work. It does this by limiting the amount of time you can spend on a certain list of websites.
Citable is a tool for organizing your sources, similar to Citelighter. It creates a button in the upper right hand of Chrome that you can click to cite the website you are on.


For my students with thumbdrives...
5 Websites For Every Portable Application On The Web
Applications are linked to reviews that already exist on MakeUseOf.
As the name implies, everything you’ll find here is 100% free and portable.
Pendriveapps.com is a very large and organized directory that is quite similar to The Portable Freeware Collection, but just structured differently.
The huge majority of the applications here are portable (I’ve yet to find one otherwise) and they are all extremely small in size.
PortableApps.com is one of the most well-known places on the web to go for portable applications, most specifically their famous PortableApps.com Suite. However, PortableApps.com also offers their applications in a standalone format through a directory of more than 300 apps.

Thursday, September 12, 2013

Does your phone company have your bank account numbers?
Richard Weiss reports:
An intruder hacked into a Vodafone Group Plc (VOD) server in Germany, gaining access to 2 million customers’ personal details and banking information.
A person with insider knowledge stole data including names, addresses, birth dates, and bank account information, the world’s second-biggest mobile-phone carrier said in a statement today. The hacker had no access to credit-card information, passwords, PIN numbers or mobile-phone numbers, Vodafone said.
Read more on Bloomberg News. via @Cyber_War_News


No doubt the end of the world...
So much for DNI Clapper’s blathering on about how he was releasing documents consistent with the President’s directive. Trevor Timm of EFF writes:
The Director of National Intelligence (DNI) just today released hundreds of pages of documents related to the government’s secret interpretation of Patriot Act Section 215 and the NSA’s (mis)use of its massive database of every American’s phone records. The documents were released as a result of EFF’s ongoing Freedom of Information Act lawsuit.
Our legal team is currently poring over them and will have much more analysis soon, but intelligence officials held a call with reporters about the content of the documents this morning, and made several revealing comments.
First, intelligence officials said they were releasing this information in response to the presidential directive on transparency surrounding the NSA. That statement is misleading. They are releasing this information because a court ordered them to as part of EFF’s Freedom of Information Act lawsuit, filed almost two years ago on the tenth anniversary of the Patriot Act.
In fact, up until the Snowden revelations started a couple months ago, the government was fighting tooth and nail to not only avoid releasing the content of the government’s secret interpretation of the Patriot Act, but even the number of pages that were involved. The government argued releasing a single word of today’s release would cause “serious and exceptionally grave damage to the national security of the United States.”
[More...

(Related) No doubt the senators will claim full credit.
So we learned more today, but according to Senators Wyden and Udall, there’s still much more to be learned:


One of the many problems with secret court orders is that I never know how concerned I should be. Do they impact me? I s my privacy at risk? Can I count on the court to secretly protect my non-secret rights?
Lavabit’s Owner Appeals Secret Surveillance Order That Led Him to Shutter Site
The owner of the encrypted email company Lavabit has formally appealed the secret surveillance order that led him to defiantly shutter the site last month. But the details of the case were immediately placed under seal in the 4th Circuit Court of Appeals, records show.
The Texas-based email service shut down on August 8, blaming a court battle it had been fighting, and losing, in secret. The closure occurred about a month after news reports revealed that NSA leaker Edward Snowden was using a Lavabit email account to communicate from Russia.
In a statement announcing the closure, and in subsequent interviews, Lavabit owner Ladar Levison complained that he’s prevented from revealing exactly what the government asked him to do, or who it was targeting. The circumstances suggest Lavabit had been ordered to actively circumvent its own security, either by providing the government with its private SSL certificate — allowing its users to be wiretapped — or by modifying its software to store a user’s private encryption keys.


You can't tell the players without a scorecard...
Mark Jaycox writes:
The veil of secrecy around the government’s illegal and unconstitutional use of both Section 215 of the PATRIOT Act and Section 702 of the Foreign Intelligence Surveillance Act (FISA) is being lifted. As a result, Congress has seen a flurry of legislation to try and fix the problems; however, as we’ve been saying since June there are far more questions than answers about the spying. And Congress must create a special investigative committee to find out the answers. Right now, the current investigations are unable to provide the American public with the information it needs.
For now, here’s a quick summary of the bills in Congress drafted after the June leaks that have a chance to go forward.
Read more on EFF.


So if every Friday I drive 83 miles, most of it at highway speed, I might be going to my ski shack for the weekend.
Yes, those “pay as you drive” programs used by insurance companies to record your driving habits sometimes can be used to accurately infer your destination — a long-time concern of privacy advocates.
That’s what four University of Denver computer scientists found in an experiment.
“With access to simple features such as driving speed and distance travelled, inferring the destinations of driving trips is possible,” they write in a paper published in the proceedings of the 2013 ACM Workshop on Privacy in the Electronic Society in November. “Privacy advocates have presumed the existence of location privacy threats in non-tracking telematics data collection practices. Our work shows that the threats are real.”
Read more on Science Daily.
[From the article:
That's what four University of Denver computer scientists found in an experiment.
… The scientists, Rinku Dewri, Prasad Annadata, Wisam Eltarjarnan and Ramakrishna Thurimella, developed an algorithm and applied it to data from 30 routine trips made in and around the Denver area. In 18 of the trips, the algorithm was able to place the actual destination within the top three projected destinations.
… The University of Denver scientists, however, working through the Colorado Research Institute for Security and Privacy, found that a mixture of "quasi-identifiers" can be used to infer destinations even without GPS data. "Quasi-identifiers" are driving data that are non-tracking by themselves but can be used to infer driving routes when used in combination.
In addition to measuring driving speed and distance travelled, they tracked traffic stops and turns. They matched this information to road maps to determine the potential destinations of a trip, and then ranked them to deduce the most likely destination.
… Their paper is titled, "Inferring Trip Destinations from Driving Habits Data."


Trivial or significant. I wonder what my students will say?
Orin Kerr writes:
Here’s an oddball Fourth Amendment case involving an issue I have never seen litigated: How does the Fourth Amendment apply to deleting a picture from a digital camera? In Burch v. City of Florence, Ala., 913 F.Supp.2d 1221 (N.D.Ala. 2012), the police had received various complaints that the plaintiff was causing concern because he was taking pictures of lots of people and cars in town. He would apparently follow people and take lots of pictures of them, all without any apparent reason. A police officer who knew about the complaints spotted the plaintiff and pulled him over for a traffic violation. When the car was stopped, the officer saw the camera in the car. The officer grabbed the camera and started looking through its pictures. When the officer found a picture of the officer’s own license plate (of his personal car), the officer deleted the picture from the camera. The officer then let the plaintiff go. The plaintiff then filed a pro se civil suit under the Fourth Amendment, claiming that searching the camera and deleting the image violated his Fourth Amendment.
Read more on The Volokh Conspiracy.

(Related) Again, the police don't like it...
Victoria Kim reports that a California judge denied an attempt from the union representing the Los Angeles Sheriff’s Department to block the L.A. Times from reporting on sheriff’s deputies. The union had alleged that the Times and a reporter were unlawfully in possession of – and would use – background investigation files containing personal information of about 500 deputies and possibly their families.
Los Angeles County Superior Court Judge Joanne O’Donnell denied the union’s motion, writing in her ruling that the union failed to present “the evidence most critical to the showing of irreparable harm or immediate danger.”
“The court declines to issue [an order] imposing a prior restraint on defendants’ free speech based on the speculative hearsay testimony of anonymous witnesses,” she wrote.
Read more on the Los Angeles Times.


For all my students.
Back To School? How To Organize Your Classroom Work With Evernote
School time can become stressful for both students and teachers, especially in high school and later in college. Therefore, it’s absolutely crucial that you stay as organized as possible so that you know where to find the information you need and make things as easy as possible for yourself. Evernote is a fantastic tool to take care of all of this as there are many reasons to use Evernote, so here are a few tips which you can use to get an advantage in school.


Another “all students” tool.
– to turn any connected device into a full-blown, fully featured communication device offering free IM, text messaging, voice and video calling. Unlimited Free texting and calling to any phone. Get a free personal phone number and voicemail. Send and receive pictures and videos for free. Keep in touch with your friends and enjoy the group chat and video call feature.


For me and any students what gots kulture...
Resources for Teaching and Learning About Classical Music
Open Culture recently published an article about Musopen's collection of free recordings of performances of the works of more than 150 composers. You can stream the music from Musopen for free. You can also download five recordings per day for free from Musopen. The recordings could be useful in a music appreciation course. Looking at the Musopen collection prompted me to look at some other resources for teaching about classical music.

Keeping Score is a comprehensive website full of educational materials about composers, scores, musical techniques, and symphonies. There are two elements of Keeping Score that should be of particular interest to educators. The most immediately accessible section of Keeping Score is the interactive education elements that contain videos, images, and texts that tell the stories of composers. The interactive section also features explanations of musical techniques, the history of notable events and themes in the symphonic world, and analysis of various scores. The second section of Keeping Score that teachers will be drawn to is the lesson plan library. In the lesson plan library teachers will find lesson plans developed to incorporate elements of the Keeping Score website.

Classics for Kids, produced by Cincinnati Public Radio, offers lesson plans, podcasts, and games for teaching kids about classical music. The lesson plans are designed for use in K-5 settings. All of the lesson plans are available as PDFs. Activity sheets are also available as accompaniments to recordings of classical composers. In the games section of Classics for Kids students can develop their own compositions or practice identifying music and composers. As a reference for students, Classics for Kids offers a dictionary of music terms.

Wednesday, September 11, 2013

A couple of things to consider. Anyone – military units or teenage hackers – can attack you at any time. Successful military penetrations could be compromised by amateurs tripping alarms and bringing attention to the holes exploited.
Ilan Gattegno reports:
A pro-Syrian hacking group breached Israeli and American websites and released the personal information of over 165,000 Israelis.
The biggest breach, part of an organized cyberattack on numerous websites over the past few days, was in a website that offered web hosting services. The breached site provided all information on its users, including names, phone numbers, email addresses, home addresses and passwords.
More than 40,000 of the compromised records were reviewed and verified as real by Internet security firm Maglan. Some of those whose information was released, however, told Israel Hayom that the passwords leaked were not up to date and had been changed a long time ago. [Suggests this hack was done a long time ago? Bob]
Read more on Israel Hayom.
[From the article:
Maglan's cyber intelligence systems intercepted dozens of encrypted communiques between the hackers. According to Maglan CEO Shai Blitzblau, the messages intercepted included attack details and methods, some of which he said were quite advanced. [Were they decrypted or is this speculation? Bob]


Someone changed (inserted malware into) their programs and no one noticed for six months?
Outdoor Network LLC in Hollywood, Florida is notifying customers who engaged in credit card transactions between December 2012 and July 2013 that their personal information may have been exfiltrated [Sounds better than “Stolen?” Bob] to unauthorized third parties.
In a letter dated September 11, Martin Polo, the firm’s CEO, writes that they recently learned of a breach affecting their boats.net and partzilla.com web sites. Malware was reportedly inserted into the sites’ shopping carts.
The malware may have collected customers’ names, addresses, credit card numbers, card expiration dates and card security codes (CVV or CVC code).
The firm hired ConsumerInfo.com, Inc., ”to provide certain notification and call center related services.” ConsumerInfo.com provides free credit reports and credit monitoring services.
The notice to consumers, a copy of which was posted on the California Attorney General’s web site, does not provide any information as to what steps ODN is taking to prevent a recurrence of a similar breach. Nor does it indicate whether they are aware of any reports that the customer data may have been misused or how they discovered the breach.
This might be a good time to remind you that you see all these nifty-looking seals on a web site and still have your data stolen:

(Related) If there are several claims that you have been breached, what can you do? I doubt “We don't think so” or “Trust us” will work. Perhaps an immediate third-party security audit?
Resorthoppa and A2B Transfers have insisted their websites are secure following complaints posted online from customers claiming to have been victims of fraud.
The customer claimed their credit cards were used to make fraudulent transactions after booking with the sister transfer companies.
Clients writing on internet forums said hundreds of pounds worth of unauthorised payments, mostly to mobile phone companies, had been made in the months after they booked a transfer.
Read more on Travel Weekly.
We’ll have to wait and see what their investigation reveals. For now, they could be right that there might be some other explanation for the reports of fraud.


For my Ethical Hackers. See what you have to look forward to...
In its 2013 Data Breach Investigations Report, Verizon said that it had analysed more than 47,000 reported security incidents last year and found 621 “confirmed data disclosures” where at least 44 million records had been “compromised”. More than half of the 621 data disclosures involved hacking, it said.
“52% of breaches affecting all organisations involved hacking,” the report said. “That figure changes to 72% of small organizations and 40% of large organisations.”
Read more on Out-Law.com. You can access the full DBIR here (pdf).


Business models for my head-bobbing students.
Locker, Library, Stream: The 5 Big Digital Music Models of 2013
Apple’s long-awaited streaming music service was announced today. Called iTunes Radio, it’s a familiar model: Choose an artist, album or genre and it plays an unending stream of related music. You can tell it that you like one song in particular or that you never want to hear a certain song again. It promises exclusive access to new releases, and it’ll be available on desktops, iPhones and iPads.
It is, in short, Pandora for iTunes.
… So, on the occasion of Apple’s iTunes Radio, it’s worth taking a moment to taxonomize the models which have sprouted up around digital tunes:
The Store Now, the classic model for online music distribution. You search for the song on iTunes or Amazon; you hit the “buy” button; and some amount of money near $1.00 is transferred from your bank account to Apple’s coffers. In return, you get an MP3 of the song forever -- and, since 2009, that song has come without any restrictions on its use.
The Locker For some yearly fee, Apple (or, again, Amazon) will store all the music you own on its servers. It is one of the more recent entrants to the field and relatively simple to understand: All the music you have already purchased, just online.
The Stream The prototypical example here is Pandora. You tell a company a song or artist or genre you like, and its algorithm selects music you also might like. Notice the severe restrictions on use (you can’t make a movie and use Pandora music as your soundtrack!) and the lack of choice (the service limits you from playing too many songs from the same artist or album!). Often, these services are ad-supported, although, last month, Rdio tacked this feature onto its subscription service.
The Library A service maintains a large library of recorded music on its servers, and you can listen to whatever you want from that library however much you want. (If you want fifteen straight hours of Genesis, you can play fifteen straight hours of Genesis!) The two big Library companies are Spotify, which is owned by Facebook and which allows free users to listen to music intermixed with ads; and Rdio, which has no ads but is only available to paid subscribers. Though it gives the user more choice, The Library shares many economics with The Stream: there are restrictions on what you do with the music (you still can’t set it to a montage!), and its payments for the musicians tend to be pretty paltry.
The YouTube The website, owned by Google and ostensibly for sharing video, is without peer in the world of music services. According to a 2012 Nielsen study, “nearly two-thirds” of American teenagers listen to music on the site, “more than any other any other medium.” And it’s not hard to see why: With its ubiquity, large library, recommendation engine, and cost (free!), it combines some of the most attractive aspects of The Library, The Stream, and The Locker. And, thanks to pre-roll and display ads, listening to music on the service also supports musicians and record labels, though at Library-like levels.


For my Data Mining and Data Analysis students. Looks like more jobs for everyone! Free download with registration ($46 printed and delivered)
Frontiers in Massive Data Analysis
“Data mining of massive data sets is transforming the way we think about crisis response, marketing, entertainment, cybersecurity and national intelligence. Collections of documents, images, videos, and networks are being thought of not merely as bit strings to be stored, indexed, and retrieved, but as potential sources of discovery and knowledge, requiring sophisticated analysis techniques that go far beyond classical indexing and keyword counting, aiming to find relational and semantic interpretations of the phenomena underlying the data. Frontiers in Massive Data Analysis examines the frontier of analyzing massive amounts of data, whether in a static database or streaming through a system. Data at that scale–terabytes and petabytes–is increasingly common in science (e.g., particle physics, remote sensing, genomics), Internet commerce, business analytics, national security, communications, and elsewhere. The tools that work to infer knowledge from data at smaller scales do not necessarily work, or work well, at such massive scale. New tools, skills, and approaches are necessary, and this report identifies many of them, plus promising research directions to explore. Frontiers in Massive Data Analysis discusses pitfalls in trying to infer knowledge from massive data, and it characterizes seven major classes of computation that are common in the analysis of massive data. Overall, this report illustrates the cross-disciplinary knowledge–from computer science, statistics, machine learning, and application disciplines–that must be brought to bear to make useful inferences from massive data.”


For my Ethical Hackers' toolkit
3 Ways To Remove EXIF MetaData From Photos (And Why You Might Want To)


For all my students: Learn how I fry the smartphones that are watching TV in my classrooms.
How I Watch TV On My Smartphone
The tide is turning against the traditional TV model of schedules and weekly serials. You can now easily watch television on your smartphone thanks to a handful of apps and a data connection – this is how I do it.

(Related) I will also cause your drone to fly out the window!
8 Cool Smartphone-Controlled Toys You Secretly Desire!


Good on them!
Microsoft offers free versions of Office 365 to nonprofits
… Microsoft announced Tuesday that it will be giving nonprofits Office 365 licenses to use in their workplace -- free of charge. Any organization that qualifies can get the cloud-based service, which comes with Office applications, e-mail, calendar, HD video conferencing, and more.
… If organizations want to upgrade from the cloud-only version of the service to desktop versions, they will be charged a reduced monthly rate of $4.50 per organization from the usual $20.

Tuesday, September 10, 2013

Strange reporting. Has Bradley Manning had his sex change and is now Chelsea Manning? If someone is “wanted for questioning” can they leave the country?
New details in how the feds take laptops at border
Newly disclosed U.S. government files provide an inside look at the Homeland Security Department's practice of seizing and searching electronic devices at the border without showing reasonable suspicion of a crime or getting a judge's approval.
The documents published Monday describe the case of David House, a young computer programmer in Boston who had befriended Army Pvt. Chelsea Manning, the soldier convicted of giving classified documents to WikiLeaks. U.S. agents quietly waited for months for House to leave the country then seized his laptop, thumb drive, digital camera and cellphone when he re-entered the United States. They held his laptop for weeks before returning it, acknowledging one year later that House had committed no crime and promising to destroy copies the government made of House's personal data.
… Border agents were told that House was "wanted for questioning" regarding the "leak of classified material." They were given explicit instructions: If House attempted to cross the U.S. border, "secure digital media," and "ID all companions."
… Because House had refused to give the agents his password and apparently had configured his computer in such a way that appeared to stump computer forensics experts, [Interesting claim Bob] it wasn't until June 2011 that investigators were satisfied that House's computer didn't contain anything illegal. By then, they had already sent a second image of his hard drive to Army criminal investigators familiar with the Manning case. In August 2011, the Army agreed that House's laptop was clean and promised to destroy any files from House's computer.


Believe what you will. I doubt the ISPs never noticed.
Phil Muncaster reports:
India’s authorities are carrying out wide-ranging and indiscriminate internet surveillance of their citizens thanks to secret intercept systems located at the international gateways of several large ISPs, according to The Hindu.
The Chennai-based paper claimed after an investigation that Lawful Intercept and Monitoring (LIM) systems had been deployed by the Centre for Development of Telematics (C-DoT), in violation of the government’s own communications and privacy rules.
Read more on The Register.


Possibly innocent, but something smells here. Are any other AGs sending similar letters?
AP reports:
A West Virginia nonprofit has turned down a federal grant it received to help residents navigate new health insurance options under the Affordable Care Act after it received an inquiry from Attorney General Patrick Morrisey about how it would protect consumer information.
Read more on The Intelligencer.
[From the article:
Clarksburg-based West Virginia Parent Training Inc. did not respond to a letter it received from Morrisey directing it to answer 26 questions about the group's personnel and hiring practices, including employee background checks and employee monitoring programs.
"We've declined (the grant) because of unforeseen circumstances," WVPTI Executive Director Pat Haberbosch said.


If the FCC can't do it by regulation, would Congress risk their campaign contributions from Google, Amazon, et al?
Federal judges may be ready to rule against Net neutrality
… The Hill reports that judges in a federal court seemed unconvinced Monday of the Federal Communications Commission's arguments regarding the regulations during a landmark case involving Verizon.
… Two out of three judges on a panel of the D.C. Circuit Court of Appeals indicated that they agree with Verizon's position that the FCC doesn't have the authority to make the restriction, according to the article.


Perspective. A very interesting read.
The data factory revolution
"Today, more than half of the most valuable Internet companies are not in the US. It's never been the case for such a huge, abrupt shift in the nature of human work," Sequoia Capital's Michael Moritz said.
"Between San Francisco and San Jose something utterly remarkable is going on, something that has only occurred in one or two other places in the whole course of human history," said Sequoia Capital's Michael Mortiz, speaking at TechCrunch Disrupt conference on Monday.
He is talking about the shift from Industrial Age, which took root in places such as northwest England and Detroit and ushered in factories and centralized tools and distribution channels, to what he calls the "data factory." In the case of the data factories of Silicon Valley, increased bandwidth, storage, and computational power, as well as the explosion in apps, are transforming the nature of work. "There's never been anything like it in human history ... never before have people been empowered with tools like the smartphone," Moritz said.
The data factory doesn't just make tools accessible to the masses, it also does so for free or close to free
… At the center of the data factory revolution are the large scale companies, such as Google, Apple, Facebook, Twitter, eBay, LinkedIn, and Priceline, who attract hundreds of million or billions of users.


How the Pros do it!
New on LLRX – Competitive Intelligence: A Selective Resource Guide – September 2013
by Sabrina I. Pacifici on September 8, 2013
Sabrina I. Pacifici’s comprehensive current awareness guide focuses on leveraging a selected but wide range of reliable, topical, predominantly free websites and resources. The goal is to support an effective research process to search, discover, access, monitor, analyze and review current and historical data, news, reports, statistics and profiles on companies, markets, countries, people and issues, from a national and a global perspective. Sabrina’s guide is a “best of the Web” resource that encompasses search engines, portals, government sponsored open source databases, alerts, data archives, publisher specific services and applications. All of her recommendations are accompanied by links to trusted content targeted sources that are produced by top media and publishing companies, business, government, academe, IGOs and NGOs.


Serious question girls & boys: What else should we do this for? Shakespeare’s plays? Kipling's poems?
The Complete Works of Chopin, for Everybody, for Free
Frédéric Chopin passed away more than 160 years ago -- sufficiently long ago that today all of his compositions belong to the public domain.
Yet, despite this, if you wanted to make a movie with Chopin's Nocturne in C-Sharp minor playing in the background, chances are you'd have to pay royalties to do so. Why is that?
The reason points to a little wrinkle in the public domain, one that commonly plagues classical works: While the music is technically in the public domain (and you are free to play it, perform it, record it however you like), recordings of these public-domain works tend to be copyrighted.
A Kickstarter project, "Set Chopin Free," aims to do exactly what its name suggests: Release Chopin recordings from their copyright cell.
Here's how it works: If the project successfully meets its fundraising goal ($75,000 by Sunday, October 20), it will hire musicians (some of the best Chopin pianists in the world) to record and release to the public under a CC0 license the entirety of Chopin's life's work, some 245 pieces.


For my bargain hunting students.
Become A Boss On Craigslist With These Apps And Services
Don’t just browse Craigstlist from time to time – be notified every time something you want to buy is listed.
Sellers on Craigslist usually want to sell as quickly as possible, meaning if you find an item before anyone else you’re more likely to actually get it. Job searches, similarly, offer an advantage to the quick
Get Notifications Anywhere With IFTTT
Get Email Notifications With NotiCraig
Other Craigslist Search Engines

(Related) Speaking of IFTTT
5 Unusual IFTTT Recipes You May Not Have Thought Of
Get an SMS Alert on Craigslist Search Results


An Infographic that shows you how to create an Infographic.
How To Make An Infographic Using Piktochart