Saturday, September 27, 2014

“Yes, we're vulnerable. No, we don't know how to fix it yet.”
Oracle Shellshocked by Bash bug – but Exalogic folk will have to wait
Oracle has confirmed that at least 32 of its products are affected by the vuln recently discovered in the Bash command-line interpreter – aka the "Shellshock" bug – including some of the company's pricey integrated hardware systems.
The database giant issued a security alert regarding the issue on Friday, warning that many Oracle customers will have to wait awhile longer to receive patches.
"Oracle is still investigating this issue and will provide fixes for affected products as soon as they have been fully tested and determined to provide effective mitigation against the vulnerability," the company said.


Like many (most?) security breaches, initial estimates significantly understate the scope of the problem. It's not just Jimmy John's! So, who is at fault?
Signature Systems Breach Expands
… In a statement issued in the last 24 hours, Signature Systems released more information about the break-in, as well as a list of nearly 100 other stores — mostly small mom-and-pop eateries and pizza shops — that were compromised in the same attack.
“We have determined that an unauthorized person gained access to a user name and password that Signature Systems used to remotely access POS systems,” the company wrote. “The unauthorized person used that access to install malware designed to capture payment card data from cards that were swiped through terminals in certain restaurants. The malware was capable of capturing the cardholder’s name, card number, expiration date, and verification code from the magnetic stripe of the card.”
Meanwhile, there are questions about whether Signature’s core product — PDQ POS — met even the most basic security requirements set forth by the PCI Security Standards Council for point-of-sale payment systems. According to the council’s records, PDQ POS was not approved for new installations after Oct. 28, 2013. As a result, any Jimmy John’s stores and other affected restaurants that installed PDQ’s product after the Oct. 28, 2013 sunset date could be facing fines and other penalties.
[Local victim: Garlicknot - Littleton, CO


Does this mean that electrical records can not be used to justify a search warrant? Perhaps they can't be used as evidence in any form? (Because it tells us nothing about individuals?)
As reported by John Wesley Hall of FourthAmendment.com:
A smart electric meter that transmits information about electric usage every 15 minutes is not a search and seizure. Naperville Smart Meter Awareness v. City of Naperville, 2014 U.S. Dist. LEXIS 134861 (N.D. Ill. September 25, 2014)*
Read an excerpt from the opinion on FourthAmendment.com.


Maybe you should only use that “Fit” App if you are already fit? This article states a hypothetical, but in the future if you don't share this information you could be placed in the “doesn't care about his health” category.
How iPhone apps could impact your insurance
As part of Apple's new mobile operating system, developers can build apps that measure things like heart rate, sleep, weight and blood pressure. If users choose to do so, they can then send that information to doctors for medical advice.
Health insurers, which are barred by Obamacare from denying coverage based on pre-existing conditions, can't base their decisions on this kind of information. But the situation is different for life insurers, who use medical records to make decisions about the relative risks of prospective customers.


Something for my Data Analytics students to try their hand at?
Karen Gullo reports:
Data from two hard drives locked up in the San Francisco federal courthouse may make or break an effort to hold Google Inc. (GOOG) to account for what privacy advocates call an unprecedented corporate wiretapping case.
If 22 people who sued the company can pinpoint their personal data in a massive cache of communications that Google’s Street View cars captured from private Wi-Fi networks, their lawyers may be able to seek billions of dollars of damages from the the world’s largest search engine owner.
If they come up empty-handed, an outcome the company that pioneered search optimization is betting on, the case will join a stack of failed privacy lawsuits accusing Google, Apple Inc. (AAPL), Facebook Inc. (FB) and other technology companies of tracking, capturing or sharing personal information.
Read more on Bloomberg News.
[From the article:
“You have to show that you were the victim,” said Susan Freiwald, a law professor at University of San Francisco School of Law. “If they don’t, then why should they get money?”
The battle for damages against Google gets simpler if the plaintiffs find their communications on the drives, she said. Victims of wiretapping don’t have to show they suffered any harm or that the perpetrator profited from the data collection, said Freiwald, who isn’t involved in the case.
… Google fought unsuccessfully all the way to the U.S. Supreme Court to block the lawsuit, arguing that the federal Wiretap Act barring unauthorized interception of electronic communications didn’t apply to its Street View data gathering.
Last week, a federal judge ruled that the Mountain View, California-based company has to work with opposing lawyers to determine what’s on the hard drives.


A coming kerfuffle? If these allegations are true, the banks already own the press too and we'll hear very little of this until they are cleared of all charges.
Here's A Quick Guide To The Startling New Scandal Involving Goldman And The New York Fed
ProPublica and This American Life published a massive report alleging severe conflicts of interest between the New York Federal Reserve and Goldman Sachs.
"The Ray Rice video for the financial sector has arrived," Michael Lewis said.


This actually matters. Is there anyone to ready to succeed? (Or it maybe it's just gout.)
North Korean TV acknowledges leader Kim Jong Un's health problems
Kim, 31, who is frequently the centrepiece of the isolated country's propaganda, has not been photographed by state media since appearing at a concert alongside his wife on Sept. 3, fuelling speculation he is suffering from bad health.
He had been seen walking with a limp since an event with key officials in July and in a pre-recorded documentary broadcast by state media on Thursday appeared to have difficulty walking.


How to know more about congress than your congressman.
Congress.gov: Removing the Beta Label and New Enhancements
by Sabrina I. Pacifici on Sep 26, 2014
Via Emily Carr - Andrew Weber‘s news: The Library of Congress launched Congress.gov in beta two years ago. Today, I’m happy to announce we officially removed the beta label. That’s roughly three years quicker than Gmail took to remove its beta label, but we won’t give you the option of putting it back on Congress.gov. URLs that include beta.Congress.gov will be redirected to Congress.gov. There are a range of new enhancements in this release. One of the exciting additions is a new Resources section. This section provides an A-to-Z list of hundreds of links related to Congress. If you are not sure where something is located, try looking through this list. I quickly jump through the list using Ctrl+F and searching. You can find the new Resources page in the navigation on the top right or in the footer on every page. Check it out and leave a comment below…” To read more of Andrew’s blog highlighting enhancements, with handy screen shots, visit http://blogs.loc.gov/law/2014/09/congress-gov-removing-the-beta-label-and-new-enhancements/.


Free (and cheap?) stuff for my i-students.
Cheap Music Apps, Warhammer Quest & 2K DRIVE Free [iOS Sales]


For the children of my students. (because I can't figure it out.)
Kids Can Play the Roles of NASA Engineers on the NASA HIAD Game
HIAD is the name for NASA's Hypersonic Inflatable Aerodynamic Decelerator technology. In the NASA HIAD game (available online and as mobile apps) students learn to control HIADs to land them safely back on Earth. In the game students have to navigate the HIAD while accounting for velocity of the HIAD, wind speeds, timing of inflation, and shape of the HIAD. Make a mistake and the HIAD could burn up on re-entry or crash when it misses the landing zone. The game has four progressively more difficult levels. The first level teaches students the basics concepts and skills needed to complete the game.


I must ensure that my students know not to do this!
Pirate Bay Goes To College: Free Textbook Torrent Downloads Soar Amid Rising Costs
American college students struggling to afford textbooks are sharing copies of their books illegally on TextbookNova, the Pirate Bay and some of the same torrent sites that crippled the music industry. Many of the most popular books are available for free, with a correlation between the number of downloaders and the price of the book.
The College Board estimated in January that the average student spends $1,200 annually on textbooks. The price of books skyrocketed by 82 percent in the years between 2002 and 2013, a number high enough to convince 65 percent of students to decide against buying a book, according to a Government Accountability Office survey. Ninety-four percent of the GAO respondents who didn’t buy a book out of financial concerns admitted they did so even with the expectation that it would hurt them academically.


A MOOC by any other name...
The White House Promotes Open Education
The United States is committed to open education and will:
Launch an online skills academy. The Department of Labor (DOL), with cooperation from the Department of Education, will award $25 million through competitive grants to launch an online skills academy in 2015 that will offer open online courses of study, using technology to create high-quality, free, or low-cost pathways to degrees, certificates, and other employer-recognized credentials. This academy will help students prepare for in-demand careers. Courses will be free for all to access on an open learning platform, although limited costs may be incurred for students seeking college credit that can be counted toward a degree. Leveraging emerging public and private models, the investments will help students earn credentials online through participating accredited institutions, and expand the open access to curriculum designed to speed the time to credit and completion. The online skills academy will also leverage the burgeoning marketplace of free and open-licensed learning resources, including content developed through DOL’s community college grant program, to ensure that workers can get the education and training they need to advance their careers, particularly in key areas of the economy.


Weekly giggles...
… “The U.S. Education Department has opened an investigation into charges that the Recovery School District’s policy of closing and chartering New Orleans public schools violated the civil rights of African-American students.” More via The Times-Picayune.
… Not to be left out of the news cycle: “Why Free Online Classes Are Still the Future of Education,” featuring edX’s Anant Agarwal.
Clemson University has suspended its mandatory online course that required students fill out a detailed set of questions about their sex lives.
… A $15 million XPRIZE for Global Learning to build software so that children can teach themselves basic literacy and numeracy. NPR’s Anya Kamenetz has the most thoughtful reporting in a sea of what was otherwise uncritical churnalism about the project. For $10,000 you can support the effort via the initiative’s IndieGogo campaign and “sponsor a village” to help with testing. Or for $10,000 you can support the effort and get access to some Tony Robbins life-coaching thing.
Edcast has raised $6 million in funding from SoftBank, Mitch Kapor, Menlo Ventures, Novel TMT Ventures, Cervin Ventures, Aarin Capital, NewSchools Venture Fund/ CoLab, and the Stanford StartX Fund to “build knowledge clouds.” [Lot's of money being tossed at cloudy ideas Bob]
Tiggly has raised $4 million in Series A funding. The startup, which has raised $5 million total, makes wooden block iPad apps for toddlers. (Seriously: who would give their kid an app instead of wooden blocks?!)

Friday, September 26, 2014

Always worthwhile.
The Privacy Foundation at the University of Denver Sturm College of Law presents:
PRIVACY: The Internet of Things (IoT)
FRIDAY, October 10, 2014, 10:00 am — 1:00 PM Followed by lunch
Ricketson Law Building, Room 290 2255 E Evans Avenue Denver, Colorado 80208


For my Ethical Hackers.
Kevin Mitnick Launches Brokerage Service for Zero-Day Exploits
According to Mitnick Security, Absolute Zero-Day Exploit Exchange is an exclusive brokerage service through which top-paying government and corporate buyers can connect with security researchers and exploit developers. The service was silently launched six months ago, but the company only started publicly advertising it recently.
Selling exploits to government agencies is a highly controversial matter. Companies like Vupen and Exodus Intelligence have often been in the spotlight over their practices. It's interesting that Mitnick would take on this role considering his history with the US government and the fact that he plans on launching a book that teaches people how to stay "invisible" in this age of Big Brother and big data.
However, Mitnick told Wired in an interview that he would never consider selling exploits to governments like the one in Syria or a criminal organization. [That's “where the money is” Kevin. Bob]


For my Computer Security students.
Shellshock’ Bug Spells Trouble for Web Security
As if consumers weren’t already suffering from breach fatigue: Experts warn that attackers are exploiting a critical, newly-disclosed security vulnerability present in countless networks and Web sites that rely on Unix and Linux operating systems. Experts say the flaw, dubbed “Shellshock,” is so intertwined with the modern Internet that it could prove challenging to fix, and in the short run is likely to put millions of networks and countless consumer records at risk of compromise.
The bug is being compared to the recent Heartbleed vulnerability because of its ubiquity and sheer potential for causing havoc on Internet-connected systems — particularly Web sites. Worse yet, experts say the official patch for the security hole is incomplete and could still let attackers seize control over vulnerable systems.
The problem resides with a weakness in the GNU Bourne Again Shell (Bash), the text-based, command-line utility on multiple Linux and Unix operating systems.


Should we be “Concerned” that the FBI is “Concerned?”
FBI Director ‘Concerned’ About New Smartphone Encryption
FBI Director James Comey on Thursday said he’s bothered by moves by Apple Inc. and Google Inc. to market privacy innovations on smartphones that put some data out of the reach of police, saying agency officials have been in touch with both companies.
“What concerns me about this is companies marketing something expressly to allow people to place themselves beyond the law,” Mr. Comey said in a briefing with reporters, reports WSJ’s Brent Kendall.
Mr. Comey said he still wants to get a better handle on the implications of the technology, saying FBI officials have engaged in discussions with the companies “to understand what they’re thinking and why they think it makes sense.” [Because of comments like this? Bob]
As WSJ earlier reported, officials in Washington have been expecting a confrontation with Silicon Valley in the wake of Apple’s announcement that its new operating system for phones would prevent law enforcement from retrieving data stored on a locked phone, such as photos, videos and contacts.


Even Facebook thinks it's wrong.
John Ribeiro reports:
Facebook’s appeal against the collection by law enforcement in New York of bulk user data under a gag order has been accepted.
The appellate division, first department of the New York State Supreme Court ruled Thursday against a government move to dismiss the appeal as well as accepted briefs in support of Facebook filed by some civil rights organizations and tech companies, including Google and Microsoft.
Read more on ITWorld.

(Related) New to me. (I haven't been invited) Simple Business Plan: Learn what irritates users and build a system that doesn't do that.
Will anti-Facebook Ello draw big fan base for its anti-ad nature or its big privacy promise?
The more they learn about Facebook, the more some people are turned off by the social networking site and its practices. But Ello shuns a good deal of what turns users against Facebook, promising no ads and hefty privacy compared to Mark Zuckerberg's site.
Paul Budnitz created and designed Ello, a social networking site that uses an invite-only strategy, at least for right now. Ello's exclusivity is likely the big factor driving some of the site's rising demand, but its privacy approach -- the social network vows it will never sell user data to anyone and it seeks to operate without shoving sponsored ads in front of its users' eyeballs -- is what may make users big fans in the long run.
… "When a network is run for advertisers, the advertiser is really the customer," Mr. Budnitz said. "That really goes against what a social network is. When you're putting up artwork, or something you wrote or created, and there's an add for underwear, it conflicts in a violating way."

(On the other hand) Some free isn't?
Ello Says You're Not a Product, But You Are


It all started with troops of the King of America – and even they got it wrong.
If you slept through your history classes in school, and now wish you had paid more attention to the Bill of Rights, Mike Maharrey provides a nice recap of the historical context for the Fourth Amendment.
And then he goes on to point out how our government violates it every damned day.
Read more on Tenth Amendment Center.


Another issue we can debate endlessly.
An Information Theory of Copyright Law
Fromer, Jeanne C., An Information Theory of Copyright Law (September 23, 2014). Emory Law Journal, Vol. 64, p. 71, 2014. Available for download at SSRN: http://ssrn.com/abstract=2500614
The dominant American theory of copyright law is utilitarian, in offering the incentive of limited copyright protection to creators to generate material that is valuable to society. Less settled is the question of the sorts of works that copyright law seeks to encourage: Ever more copyrightable creations? Only some that are artistically worthy? What makes a work valuable to society? This Article seeks to answer important aspects of these questions by examining them through the lens of information theory, a branch of applied mathematics that quantifies information and suggests optimal ways to transmit it. Using these concepts, this Article proposes that what makes expressive works valuable to society is that they make a contribution in at least one of two principal ways: by using that expression to communicate knowledge — be it systematic, factual, or cultural — and by conveying expression that is enjoyable in and of itself. Information theory sheds light on how copyright law can spur these valuable works. In undertaking this analysis, this Article explores the implications for the central doctrines of copyright law, including copyrightability, the idea-expression distinction, infringement, and fair use. In this context, this Article also considers whether we want distinct creators communicating these valuable types of information or whether it is optimal to unify particular communications of information in a single creator.”


This could save the postal service. If it works, can we sell it to Amazon?
Postal Service Seeks to Extend Grocery Deliveries
The U.S. Postal Service wants to deliver more groceries for Amazon.com Inc., and potentially for other retailers.
… In a filing Tuesday with the Postal Regulatory Commission, the Postal Service said the expanded test could bring in revenue of more than $10 million a year for the cash-strapped agency. It said it is hoping to develop "a long-term, scalable solution to enable expansion of customized delivery to additional major metropolitan markets across the nation."


My Excel students are in for a surprise this Quarter.
Data Visualization: Old Practice, New Value
Data visualization is not new.
During a recent International Institute for Analytics (IIA) webinar, Bill Franks, chief analytics officer for Teradata and author of several books including Taming the Big Data Tidal Wave and the forthcoming The Analytics Revolution, shared a visualization created in 1869 to illustrate Napolean's troop losses during his invasion of Russia in 1812. Those early visualizations required lots of manual labor to collect and then illustrate the data, chores performed by a data specialist.
Despite advancements through the years, visualization remained largely the purview of data specialists until visualization capabilities were added to desktop tools such as Microsoft Excel. Yet even using those tools, creating visualizations was a labor intensive process that involved lots of cutting, pasting and manual entry of data.
Today, however, modern tools make it easy to create robust data visualizations, Franks said, and to combine text with visuals so analytics can "tell a story."
On the "outer edge" of data visualization, some companies are beginning to leverage technologies used for video gaming and other immersive experiences to produce compelling visualizations, he said, noting that Facebook purchased virtual reality headset maker Oculus in March.
… Tools from such companies as SAS, Tableau, Tibco Spotfire, QlikView and MicroStrategy facilitate this kind of exploration, which can result in discovering trends and patterns that were difficult to identify before, Franks said.

(Related)
The 36 best tools for data visualization
… Not a web designer or developer? You may prefer Free tools for creating infographics.

(Related) ...and because these are amusing.
22 maps and charts that will surprise you


Really interesting, but really new. If you see an image on your screen, you can search for that image.
Google Search by Image” From Your Screenshots With This Extension
... “Screenshot Search” lets you take a screenshot and upload that to Google Search By Image, instantly and do a search.


For my i- students. Type without typing? How Zen. Consider Privacy!
Type Superfast With Real Time Voice Dictation in iOS 8
Relatively little has been said about the new real-time dictation function in iOS, and in previous versions it may not have been worthy of the highlight. But with the recent iOS 8 update, Apple has restored bragging rights when it comes voice dictation and mobile devices.
Past iOS dictation implementation wouldn’t show the text you dictated until you tapped the Done button, which meant activating the feature several times for long form dictation. Well, not anymore. For me, the new voice-to-text feature works more efficiently than Dragon Dictate on the Mac
The dictation feature is ready to use when you install iOS 8. You don’t need to add a new keyboard, and it works in any iOS application. However, you can only activate voice dictation using the default Apple iOS keyboard – it doesn’t show up in third-party keyboards.
The feature also requires an Internet connection to work. What you dictate is recorded and sent to Apple’s server, and in turn it converts what you say into text on your device. The feature will also access the names and nicknames in your device’s address book for more accurate spelling of names.


Dilbert illustrates exactly how I help my students!

Thursday, September 25, 2014

The university has used Jimmy John's to feed us at faculty meetings. I wonder if someone used their personal credit card? I'll ask my Computer Security students to figure out who is liable.
Restaurant chain Jimmy John’s reports data breach at 216 stores
Sandwich restaurant chain Jimmy John’s said there was a potential security breach involving customers' credit and debit card data at 216 of its stores and franchised locations on July 30.
An intruder stole log-in credentials from the company's vendor and used the credentials to remotely access the point-of-sale systems at some corporate and franchised locations between June 16 and Sept. 5, the company said.

(Related)
DATA SECURITY INCIDENT
… he locations and dates of exposure for each affected Jimmy John’s location are listed on AFFECTED STORES & DATES.
Longmont , CO 210 Ken Pratt Blvd. Suite 200 --- 6/16/2014 - 7/25/2014
Denver , CO 622 16th St. --- 6/27/2014 - 8/1/2014
Golden , CO 1299 Washington Ave. --- 6/27/2014 - 8/1/2014
Broomfield , CO 625 Flatiron Marketplace Dr. --- 7/1/2014 - 8/1/2014
Denver , CO 2325 East Colfax Ave. --- 7/1/2014 - 8/1/2014
Colorado Springs , CO 5885 Stetson Hills Blvd. --- 7/1/2014 - 8/2/2014
Lone Tree , CO 9234 Park Meadows Dr. Suite 500 --- 7/1/2014 - 8/3/2014
Greeley , CO 2644 11th Ave. Suite B --- 7/7/2014 - 8/1/2014


An attack on us geeks?
jQuery Confirms Website Hacked Again


Someone has to secure those self-driving, auto-updating cars.
GM Appoints Chief Product Cybersecurity Officer
The fact that GM has appointed a cybersecurity leader is not surprising considering that security researchers and even lawmakers have been putting pressure on car makers to ensure that the software systems installed on vehicles can't be hacked.
In June, Target Corp. announced that it had hired away GM's CISO and information technology risk officer Brad Maiorino who took the role as senior vice president and chief information security officer at Target.
Last year at the Def Con security conference, researchers Charlie Miller and Chris Valasek demonstrated that they could hack modern cars and manipulate steering, acceleration, safety sensors and other components.
In August, a group of security researchers launched an initiative called "I am the Cavalry" in an effort to convince automakers to implement security programs aimed at making cars more resilient to cyberattacks.


Update.
Criminals Using Data Stolen in Home Depot Breach to Drain Accounts
The Home Depot data breach – which compromised some 56 million credit and debit card accounts – is to blame for a recent outbreak of fraudulent bank transactions, according to a report from the Wall Street Journal.
Sources familiar with the incident tell the Journal that criminals are using data stolen in the hack attack to buy prepaid cards, electronics, and groceries, with numerous cases popping up across the U.S. According to the report, some of the illegal transactions have been traced back to batches of cardholder accounts tied to specific zip codes.


A start on a “Best Practices” guide? (Because you know this is coming.)
Collect Your Employees’ Data Without Invading Their Privacy
Research shows that businesses using data-driven decision-making, predictive analytics, and big data are more competitive and have higher returns than businesses that don’t. Because of this, the most ambitious companies are engaged in an arms race of sorts to obtain more data, from both customers and their own employees. But gathering information from the latter group in particular can be tricky. So how should companies collect valuable data about time use, activities, and relationships at work, while also respecting their employees’ boundaries and personal information?
… Have a hypothesis. Before you start collecting data, decide why it’s needed in the first place. For one, legal departments can’t often approve a project without an objective. But in addition, the team proposing the project needs to be clear and transparent about what they’re trying to accomplish. This includes having a tangible plan for what data is being sought, what changes will be made based on the findings, how the results of these changes will be measured, and the return on investment that justifies the time and energy put into the project.
… Default to anonymity and aggregation.
… If you can’t let employees be anonymous, let them choose how you use their data.

(Related) This is a tool for self-surveillance. No need to search yourself, this site will help you reenforce whatever bias tilts your world view. (No Democrat will ever need to see anything positive about Republicans!)
– the Internet is a big place, and it can often be difficult to find the content that most appeals to you. StumbleUpon started the trend of finding personalized content, and Fligoo is a similar concept. Sign in with your Facebook account and it uses your social media to figure out what you want to see.


“We can, therefore we must!” Consider this the start of a “Worst Practices” guide?
Ali Winston of the Center for Investigative Reporting reports:
Without notice to the public, Los Angeles County law enforcement officials are preparing to widen what personal information they collect from people they encounter in the field and in jail – by building a massive database of iris scans, fingerprints, mug shots, palm prints and, potentially, voice recordings.
The new database of personal information – dubbed a multimodal biometric identification system – would augment the county’s existing database of fingerprint records and create the largest law enforcement repository outside of the FBI of so-called next-generation biometric identification, according to county sheriff’s department documents.
Read more on SCPR.org


Perhaps a “high school social engineer” pretending to be the NSA?
Challen Stephens reports:
A secret program to monitor students’ online activities began quietly in Huntsville schools, following a phone call from the NSA, school officials say.
Huntsville schools Superintendent Casey Wardynski says the system began monitoring social media sites 18 months ago, after the National Security Agency tipped the school district to a student making violent threats on Facebook.
The NSA, a U.S. agency responsible for foreign intelligence, this week said it has no record of a call to Huntsville and does not make calls to school systems.
Read more on AL.com


Universities want to retain students. Knowing what makes students successful and indications that they need help, are part of the Big Data picture.
Pointer:
The New York Times‘ Room for Debate focuses on big data in education. You can access the debaters’ opinions here.


Always an interesting topic.
Drone Wars: How UAV Tech Is Transforming the Future of War


Will these highly trained inspectors base their 10% estimate on weight or volume? Will the evidence be available if anyone wants to challenge the massive fine?
Throwing too much food away is about to be against the law in Seattle
Making public inspectors out of garbage men, the Seattle City Council has approved a new trash ordinance that authorizes sanitation workers to peruse residents’ waste bins for signs that people are throwing too much food away.
Go over the limit – ten percent of all your trash – and you could face a whopping $1 fine for each occurrence. The ordinance allows trash collectors to document the offenses as they’re out running their daily routes, according to The Seattle Times:
Under the new rules, collectors can take a cursory look each time they dump trash into a garbage truck.
If they see compostable items make up 10 percent or more of the trash, they’ll enter the violation into a computer system their trucks already carry, and will leave a ticket on the garbage bin that says to expect a $1 fine on the next garbage bill.
[From the article:
Under current Seattle Public Utilities (SPU) rules, people living in single-family homes are encouraged but not required to dispose of food waste and compostable paper products in compost bins.
Apartment buildings must have compost bins available, but residents of apartment buildings aren’t required to use them.
And businesses aren’t subject to any composting requirements.


For my Disaster Recovery students.
Kansas Zombie Preparedness Month is more than just a tourist attention grabber
Kansas City skyline with Union StationThe State of Kansas will use Zombies to capture the attention of the public about disaster preparedness. Kansas Governor Sam Brownback will sign a law this week proclaiming the month of October as Kansas Zombie Preparedness Month.
… In fairness to Kansas, at least they’re creative. Source: Kansas Division of Emergency.


Another reason for my students to use our 3D printers!
Combine your iPhone or tablet with 3D-printed clip and glass sphere to create microscope
by Sabrina I. Pacifici on Sep 24, 2014
Mark Rockwell – FCW: “A national research laboratory has combined the capabilities of a 3-D printer, mobile phones and simple glass beads to produce an inexpensive handheld microscope that can be used in a wide range of research and practical applications. Developers of the technology at the Department of Energy’s Pacific Northwest National Laboratory (PNNL) have made the 3-D printing specifications for producing the devices available to the public for free. The lab initially developed the microscope using internal discretionary funds aimed at enhancing its core scientific and technical capabilities.”


My Intro to Computer Security students will need tools like these every week!
Frequently Overlooked Google Search Tools and Strategies


Tools for my i-students. (I highlight a few)
Back To School? iOS Tips & Apps To Ease You Into Student Life
Loud Alarm (Free, in-app purchases)
Naturally, there are plenty more alarm clocks available, including ones to stimulate your mind as you wake – but if you’re a deep sleeper, Loud Alarm is specifically designed for you.
Doc Scan HD (Free; Pro: $3.99)
Doc Scan HD accesses your camera and takes a photo of any document. You can then crop, tamper with lighting and contrast then email it as either a .jpeg image or PDF (and can now collaborate with Dropbox). [My Math students take pictures of the whiteboard. Bob]
… You can utilise all sorts of services for educational purpose, including note-takers like INKredible and the ubiquitous note taking app Evernote. There are further apps for your iPad that will help you when citing sources, taking dictation or wondering how to spell onomatopoeia.

(Related) So my Android students don't feel slighted.
Android
Must-have Android apps for your mobile phone and tablet that will help you be more efficient and improve productivity.


Congratulations India! No doubt congress will want to outsource all space exploration to India, since we see no value in it.
India's $74 million Mars mission cost less than 'Gravity' movie
When the Mangalyaan spacecraft slipped into orbit around Mars on Wednesday after a 10-month voyage, India became the first country to successfully reach the Red Planet on its first attempt.
But the mission's shoestring budget was perhaps its most notable distinction: At a cost of just $74 million, India's space agency put the satellite into orbit for a fraction of what other nations have spent.
The U.S. Maven satellite, for example, arrived in orbit on Sunday in a mission that cost taxpayers $671 million. The European Space Agency's 2003 mission to Mars had an initial budget of nearly $200 million.
Prime Minister Narendra Modi has noted that even the Hollywood thriller "Gravity" had a larger budget at $100 million.

Wednesday, September 24, 2014

How could it be otherwise?
Daniel Mayer writes:
A class action was recently allowed to proceed in Ontario against a major bank after one of its employees admitted to accessing and disclosing to third parties confidential information of the bank’s customers. While this case is not a final decision as to whether the bank was actually liable for its employee’s breaches of privacy, it serves as a reminder for employers that the law regarding breach of privacy is evolving quickly and employer policies, practices and safeguards must keep pace with it.
Facts
Mr Wilson was a mortgage administration officer for the bank. In this role he had access to highly confidential customer information. Over the course of almost one year, Wilson accessed the files of 643 customers. More than 100 of them subsequently informed the bank that they had been the victims of identity theft or fraud. Wilson admitted that he had accessed and disclosed customers’ information to a third party. The bank compensated the customers for the resulting financial losses and offered each of them a complimentary subscription to a credit monitoring and identify-theft protection service.
Despite the bank’s efforts, two customers started a class action against it.
Read more on International Law Office.


Drone and “smart bomb” targeting systems would like to know which floor you are on.
How the new iPhones could help scientists predict the weather
The new iPhones have an added capability that's of particular interest to scientists: A barometer.
The barometer capability wasn't added to help scientists, though. It sounds strange but a barometer can help improve GPS results to better pinpoint a user's location. Android has supported barometric readers for a while, but not all Android phone makers have opted to include barometers in their phones.
Improved location readings are useful in new kinds of apps that Apple wants to support, particularly around health trackers.
But there's another reason that the barometers are interesting. It's because scientists hope to use them to crowdsource data so that they can do a better job at predicting the weather.


Perhaps not the best contract language... Would blocking access to my medical records when I show up in the Emergency Ward be against the law anywhere?
Christopher Rowland reports that Full Circle Health Care in Maine found itself locked out of its own patients’ records after a fee dispute with CompuGroup, a German corporation with U.S. headquarters in Boston.
Read about this situation on Boston Globe, and then take another look at your vendor/business associate contracts. Could this happen to you?
Not asked (or maybe asked and not reported) in Rowland’s coverage is the question of whether Full Circle had backups of their databases, and if not, why not.


Cable is doomed?
5 Packages That Will Replace Pay TV as We Know It
If you need proof that cable providers are feeling the heat from cord cutters, look no further than AT&T’s new U-Verse package. Marketed as an online exclusive, the plan includes broadband, a small lineup of channels, HBO (including HBO GO), and a full subscription to Amazon Prime (with both streaming video and free shipping included)—all for $39 a month. The message is clear: “Keep paying for TV, and we’ll throw in some of the web services you were thinking of leaving us for.”
… Re/Code’s Peter Kafka succinctly summarizes the logic behind AT&T’s newest product, writing that cable providers “[would] rather have subscribers paying a small fee than none at all, but they’re also telling themselves that those subscribers will ‘trade up’ ” to a more expensive plan.
… Having hundreds of channels sounds nice, but which channels does the average watcher actually need? The networks? Local sports? Maybe HBO? If that’s your answer, a growing number of cable companies are offering packages that offer exactly that, and nothing more, at a discount price. Comcast is selling internet, local channels, and HBO for $49.99 a month. (Comcast might be feeling ambivalent about this plan, since, as Re/Code notes, the company apparently stopped promoting it, but interested parties can still find the deal here.)

(Related)
Microsoft unveils $60 TV streaming device for Windows 8 and Android
Microsoft today opened pre-orders for a $59.95 wireless display adapter that connects any Miracast-enabled device with at least Windows 8.1 or Android 4.2.1 to a HDTV, monitor, or projector.
The device connects to the HDMI and USB ports on a TV — those without a USB port can use a USB power brick — and lets users mirror what’s on their smartphone, tablet, or laptop within a 23-foot range. Internet access is not required.


Why Data Analysis is becoming “the next big thing!”
Kenneth Cukier: Big data is better data

Tuesday, September 23, 2014

Isn't theft of an access device (passwords) the jurisdiction of the Secret Service? Is the FBI really investigating or are they just going for the headlines, again. (… and why do all the headlines sound like straight lines?)
FBI Widens Probe of Naked Celebrity Photos
The FBI vowed Monday to widen a probe into the massive hacking of naked celebrity photos if necessary, after new reported leaks including nude shots of Kim Kardashian.
The Federal Bureau of Investigation (FBI) launched an investigation earlier this month after a first batch of pictures, including of "Hunger Games" megastar Jennifer Lawrence, was published.
On Saturday US media reported that more nude celebrity photos, including reality star Kardashian and actress Vanessa Hudgens, had been circulating on social media.
Hackers first released a trove of nude starlets' photos on September 1, after snatching them from Apple's iCloud in what the tech giant has called a "targeted attack."
The company has denied its cloud storage system was breached, suggesting that the celebrities had their accounts hacked by using easy-to-guess passwords, or by giving up their personal data to cyber criminals posing as Apple, a technique known as "phishing."


It's for the victims customers! And for my statistics students. Watch the video.
I'm a neurotic. IBM told me so.
… Michelle Zhou greeted me with that handy personality breakdown when we met at IBM Research's Almaden lab in San Jose, California; she'd taken the liberty of finding out my Twitter handle beforehand and compiling the results. Zhou's the lead researcher for a platform called System U that analyzes the big data generated from an individual's socially networked life -- be that Facebook, Twitter, emails or even chats -- to determine their values, beliefs and personality traits. If you're not a fan of labels, then you won't like Zhou's work; after all, it did expose me for the impulsive, OCD ice queen that I am. But then again, it's not Zhou that's placing you into neatly labeled boxes; it's your own words that are responsible.
System U is based off of the study of psycholinguistics, a branch of cognitive science that examines how we acquire, use and effectively interpret language. With this as a foundation, Zhou's platform focuses on defining individuals according to three main areas of psychological profiling: the Big Five personality traits (i.e., openness, conscientiousness, extraversion, agreeableness and neuroticism); basic human needs; and values. It even deconstructs our online social habits, hence the revelation that I tweet heavily during lunch on hump day. It's not unlike the internal testing major social networks do with their own masses of user data, except IBM's platform aims to mine all of that data to build a cohesive psychological profile.


For my Computer Security students. How do you know what is happening in your environment? Should you employ a Security manager who can't figure it out?
IT Pros Underestimate Number of Cloud Apps in Their Environments: CSA
A new survey from the Cloud Security Alliance (CSA) shows that many IT and security pros underestimate the number of cloud-based applications that are running in their environments.
The survey, which features responses from 165 IT and security professionals from around the world, found that 54 percent of respondents said they have 10 or fewer cloud-based applications running in their organization, with 87 percent indicating that they had 50 or fewer applications running in the cloud.
On average, that came to 23 apps per organization. But those estimates are far lower than commonly reported by vendors and research reports, which count more than 500 cloud apps present.
Cara Beston, PricewaterhouseCoopers' cloud assurance leader and a partner in its risk assurance practice, noted that automated software tools allow enterprises to identify existing and new cloud services that are communicating through the enterprise's network.


For my I-Students. Others may follow.
Say hello to Talko: Ray Ozzie’s startup wants to reinvent the phone call, starting with an iPhone app
… A new app and online service called Talko, from a company co-founded by the Lotus Notes creator and collaboration software pioneer, is aiming to bring the phone call into the modern era of cloud computing and connected devices.
Talko, available initially for iPhone, lets users conduct and record conversations — with a focus on making voice calls and messages more accessible, interactive and collaborative.
… Users can also take and share photos with each other using the app during a call, and send text messages through the app.
Talko can be used for one-on-one interactive conversations, but it’s particularly useful for group calls, such as team meetings.


Seems targeted at the K-12 world, but still interesting.
Microsoft Makes it Easy for Students, Teachers to Get Office
Microsoft is making it easier for students to get Office for free, and extending the benefit to teachers as well.
… To find out if you're eligible for the service, head over to Microsoft's website and enter a valid school-provided email address. You must be at least 13 years old and attend a school that has purchased Office for all faculty and staff.
Qualified students will receive the latest versions of Microsoft Word, Excel, PowerPoint, OneNote, Outlook, Access, and Publisher, plus 1TB of OneDrive cloud storage, and access to Office Online. You can install the software on up to five PCs or Macs, and Office apps on other mobile devices like Windows tablets or the iPad.


Interesting idea.
Write Emails in HTML and Send them through GMail
… The HTML Mail app sends emails using your own Gmail account but unlike the previous versions, it does not require full access to your Google Account. It only needs permission to compose and send messages on your behalf and would not be able to read anything else in your mailbox. The app is open-source but you can always revoke access from your Google Accounts page.