Saturday, July 02, 2016

For my Ethical Hacking students.  (and the FBI)  Again, I suggest writing your own encryption software, there are many examples and tutorials. 
Android’s full-disk encryption just got much weaker—here’s why
   A blog post published Thursday revealed that in stark contrast to the iPhone's iOS, Qualcomm-powered Android devices store the disk encryption keys in software.  That leaves the keys vulnerable to a variety of attacks that can pull a key off a device.  From there, the key can be loaded onto a server cluster, field-programmable gate array, or supercomputer that has been optimized for super-fast password cracking.
The independent researcher that published the post included exploit code that extracts the disk encryption keys by exploiting two vulnerabilities in TrustZone.  TrustZone is a collection of security features within the ARM processors Qualcomm sells to handset manufacturers.


For my Computer Security students.
Kaspersky: Ransomware that encrypts is booming
Over the past year the number of machines hit by ransomware that encrypts all or part of the hard drive is five-and-a-half times what it was the year before, according to Kaspersky Lab.
The number in 2014-2015 was 131,111 compared to 718,536 in 2015-2016, according to the company’s report Ransomware in 2014-2016.
   “Mobile ransomware merged as a follow-up to PC ransomware and it is likely that it will be followed-up with malware targeting devices that are very different to a PC or a smartphone,” the report says.  These include smart watches and smart TVs, and entertainment systems in homes and cars.  “There are a few proof-of concepts for some of these devices, and the appearance of actual malware targeting smart devices is only a question of time.”

(Related)
With some advanced preparation, you can survive a ransomware attack
   There are ways to protect your systems to prevent becoming the next victim, or at least to mitigate the effects of the attack, but you need to act before an attack strikes.  Researchers say it can take less than 5 minutes from the time the malware gets on a system to the time when primary files are encrypted, backup files are deleted, and the demand for ransom is presented.
That said, here are some steps for surviving a ransomware attack:


I’ve followed this report for years.
2015 Wiretap Report: Intercept Orders Rise 17 Percent
by Sabrina I. Pacifici on Jul 1, 2016
United States Courts, June 30, 2016: “The number of federal and state wiretaps terminated in 2015 increased nearly 17 percent over 2014, according to an annual report submitted to Congress by the Administrative Office of the U.S. Courts.  As in previous years, drug investigations and telephone wiretaps accounted for the large majority of cases.  The 2015 Wiretap Report covers intercepts—of wire, oral or electronic communications—that  were concluded between January 1, 2015, and December 31, 2015.  The report does not include data on interceptions regulated by the Foreign Intelligence Surveillance Act of 1978.  A total of 4,148 wiretaps were reported in 2015, compared with 3,554 the previous year.  Of those, 1,403 were authorized by federal judges, 10 percent more than in 2014, and 2,745 were authorized by state judges, an increase of 21 percent.  No wiretap applications were reported as denied in 2015.”
[The encryption section: 
The number of state wiretaps in which encryption was encountered decreased from 22 in 2014 to 7 in 2015.  In all of these wiretaps, officials were unable to decipher the plain text of the messages.  Six federal wiretaps were reported as being encrypted in 2015, of which four could not be decrypted.  Encryption was also reported for one federal wiretap that was conducted during a previous year, but reported to the AO for the first time in 2015.  Officials were not able to decipher the plain text of the communications in that intercept.


What could possibly go wrong?  (What’s next?)
Mark Walker, Patrick Anderson and John Hult report:
Police in South Dakota are collecting urine samples from uncooperative suspects through the use of force and catheters, a procedure the state’s top prosecutor says is legal but is criticized by others as unnecessarily invasive and a potential constitutional violation.
The practice isn’t new, according to attorneys, but it’s been brought to light in a recent case in Pierre.
Read more on Argus Leader.


Because you can never introduce your children to surveillance too soon? 
Alphabet’s Nest Patents Smart Surveillance Crib For The Ultimate Helicopter Parent
   Nest (now part of Alphabet since its acquisition by Google), the company best known for its smart thermostats, applied to patent a smart crib or toddler bed that would monitor infants and displays soothing images and sounds. [Big Brother loves you.  We have always been at war with Eastasia.  Bob] 

(Related)  Dilbert predicts the future?


Perspective.  Over, but not really over. 
In Senate, Blackberry Era Officially Over
   The reign of the Blackberry lasted a good decade or more in Congress, early on due to the advanced nature of the devices and obsession with email checking.  Even when the iPhone and Androids came about, the Blackberry still kept the throne for awhile because typing on those tiny little keys was faster, a mastered skill with which the iPhone could not compete.  (This being government, they were slow to adopt other devices and Bring Your Own Device policies.)
[From the notice:
BlackBerry device support will continue for the foreseeable future.  BlackBerry is committed to maintaining their support of our devices to include uninterrupted warranty and technical support.
Once we have exhausted our current in-house stock, new device procurements will be limited, while supplies last, to warranty exchanges only.


Perspective.  “We’re # 16!  We’re # 16!”  Not very catchy, is it? 
Superfast internet? South Korea wins, U.S. lags far behind
Internet speeds are getting faster worldwide — including the U.S. But speeds here are far worse than many other countries, particularly on mobile.
Akamai, an internet platform used by websites to ensure high speeds and high quality streaming, aggregates data from the up to 200 trillion content requests it receives each quarter.
Global average connection speed rose 12% in the first quarter of 2016 from the fourth quarter of 2015, to 6.3 Mbps, according to Akamai's latest "State of the Internet" report.  Year over year, global internet speeds shot up 23%, said the content delivery network.
South Korea led the way with the highest average connection speed at 29.0 Mbps, an 8.6% increase from last quarter.  Norway (21.3 Mbps) and Sweden (20.6 Mbps) followed to make up the top three.
The United States didn't make the top 10, ranking No. 16 with average connection speed of 15.3 Mbps, a 7.7% rise from the prior quarter.
   In mobile, you're best off in the United Kingdom.  The country by far had the highest average mobile speed with 27.9 Mbps. Belgium, in contrast, had only 70% of the U.K.'s average speed with 19.4 Mbps.  Algeria had the lowest average connection speed with 2.2 Mbps. Speeds in Iran, the country that had the slowest average speed in the fourth quarter with 1.8 Mbps, improved to 4.7 Mbps this quarter.
The U.S. had an average mobile speed of 5.1, on par with Thailand.


This is more for my Excel class than PowerPoint users.
Improve Your PowerPoint Presentation with Excel Data Visualizations


For my IT Architecture students.
WhatsApp Grew to One Billion Users by Focusing on Product, Not Technology
   when Mubarik Imam, head of growth and partnerships for WhatsApp, told the company’s extraordinary story to a group of high-level executives and technology experts at a conference in Palo Alto last year, the narrative was conspicuously free of digital breakthroughs or “aha!” moments.  For those who hoped to hear the secret of how digital wizardry turned two disgruntled Yahoo veterans into overnight billionaires, the real story was an eye-opener.  Transforming a relatively simple idea into a $19 billion windfall, it turns out, was more about solving problems with the tools at hand than inventing new solutions from scratch.


If it’s Saturday, Education foibles…
Hack Education Weekly News
   The US Department of Education released its “#GoOpenDistrict Launch Packet,” encouraging schools to use OER.  As Stephen Downes comments, “I find it interesting that they refer throughout to ‘openly licensed educational materials’ rather than ‘open educational resources’ – I wonder what the reasoning was behind that.”  Rebrand.  Realign.  Rewrite history.  The usual, I’d wager.
   Hillary Clinton unveiled her tech platform this week.  Excuse me.  Her “innovation agenda.”  She promises that every kid will learn to code (of course) by having the private sector train CS teachers.  She wants federal financial aid for coding bootcamps and nanodegrees.  Her plan also involved a talking point about diversifying the tech workforce, but then she went ahead and announced this doozy: a student loan deferment program for startup founders.  Alexander Holt offers a pretty good argument as to why this is a “giveaway to Silicon Valley.”  (The whole platform sounds like that, to be honest.)  “Is Student-Loan Debt Really Holding Would-Be Entrepreneurs Back?” asks The Chronicle of Higher Education.  More on Clinton’s plans via Edweek’s Market Brief, Inside Higher Ed, and The New York Times.
   Via The Chronicle of Higher Education: “As Big Data Comes to College, Officials Wrestle to Set New Ethical Norms.”

Friday, July 01, 2016

Local
9News reports:
A cyber incident is affecting compute systems in Larimer County.
The county’s computer systems have had limited function since the incident on Wednesday.
County officials say they’re working with security providers to find the cause and get the restores services.  County data is secure and protected.  The duration of this event is unknown.
Read more on 9News.
[From the article:
For a detailed list of impacts to individual departments and offices, visit: http://www.larimer.org/service-impact.cfm.  Larimer County will also provide service impacts via its social network sites on Facebook and Twitter.


For my Computer Security students.
They're Just Like Us: Oculus CEO Hacked Thanks to Terrible Password
   The person behind the attack claimed that he or she found one of Iribe's old passwords listed within the big dump of MySpace user name and password combinations that hit last month.  The attacker also claimed that he or she could have accessed Iribe's email account had he not protected that with two-factor authentication—though it's unclear whether the attacker meant Iribe's personal account or his Oculus account, one scenario likely a lot more catastrophic than the other.


My Computer Security students just got a lot more valuable. 
A pen test a day keeps hackers away
Besides the fact that there is no other way to really test your network, The PCI Security Standards Council finally released version 3. 2 and it now states, “To ensure resilience, service providers are now required to perform penetration testing on segmentation controls at least every six months," according to a new sub-requirement 11.3.4.1.  The PCI SSC also added a testing procedure 11.3.4 to ensure that penetration testing is performed by a qualified internal or external third party.
So the once a year PEN test is gone and rightly so, some PEN testers like ShoreBreak Security offer continuous PEN testing.  Shore Break CEO Mark Wolfgang says "PEN testing once a year is like mowing your lawn once a year, it does not keep up with reality."


What Privacy?
Joe Cadillic has two new blog posts that you will want to check out.
The Indianapolis Metropolitan Police Department (IMPD) is using a ‘Social Disorder Index’ (SDI) to determine the level of social disorder a location presents to its surrounding community.  SDI can map areas as small as 250 feet by 250 feet.
[…]
According to the IndyStar, police used SDI to target areas and arrest people with a propensity for violence.
and:
Police are secretly using PBS television stations to spy on Americans
DHS is using Public Broadcasting Service (PBS) television stations to send videos and messages to law enforcement across the country.
“Once the hardware [IP encapsulator] is set up at the television station to enable this capability, data recipients will need a datacast receiver connected to their computer in order to receive the information being broadcast from the PBS station.   Datacasting’s software allows the owners of the video and other data to target individual users or groups of receivers to receive the video, files and notifications being transmitted.”


I can sell your PII because I said I would.  Does the buyer have to have the same Privacy Policy?
Alex Schiffer reports:
When Sports Authority Inc. said “everything must go,” it meant everything – including its customers’ personal information.
The Colorado sporting goods retailer, which filed for Chapter 11 bankruptcy protection in March, auctioned this week its intellectual property, including the Sports Authority name, its e-commerce site and about 114 million customers’ files and 25 million email addresses.  Dick’s Sporting Goods won with a $15-million bid.
Read more on Los Angeles Times.
Why were they allowed to auction off consumers’ information, you wonder, remembering what happened with RadioShack?  There’s an answer. Schiffer explains:
Businesses have the legal right to sell consumer information as long as their privacy policies make it clear that data can be transferred or sold if the company is acquired or goes under.


This could be a really bad idea.  Think terrorist incident…
Apple patents technology to block your phone camera
   The technology could stop people from making illegal recordings at concert venues, in cinemas or theaters.
The patent described how an infrared signal could be fired in places where video recording is prohibited.  The phone would detect the signal and either alter what's shown on the screen or shut down its video features completely.


For my Data Management students.  
Brazil Judge Freezes Facebook Funds in Cocaine Smuggling Case
A court in Brazil on Thursday blocked 19.5 million reais ($6.07 million) in Facebook funds after the U.S-based social networking company’s WhatsApp messaging service failed to turn over messages sought in a drugs case, the G1 news service said.
Brazil’s federal police said WhatsApp has defied repeated orders to turn over messages sent and received by suspected members of an international cocaine smuggling ring that has been under investigation since January.
   At the time of that blockage, Facebook said WhatsApp does not store client messages and could not read them if they did because they are encrypted.


Caesar’s wife and Hillary’s husband? 
Bill Clinton & Loretta Lynch meeting: 'Incredibly bad judgment'
   Both should have instantly realized that their private meeting might create public suspicion that something improper must have occurred. After all Donald Trump has been tossing corruption accusations at Hillary Clinton with the frequency of firings on "The Apprentice."


Not being able to see white could make it hard to sell Teslas in snowy Colorado.
Tesla's Autonomous Driving Fatal Accident Needs To Be Kept In Context
   The company posted on its website on Thursday that the NHTSA (National Highway Transportation Safety Administration) decided to open a preliminary investigation and Tesla provided background information on what occurred.
From the post it appears that the accident was a combination of unfortunate circumstances and timing.  “The vehicle was on a divided highway with Autopilot engaged when a tractor trailer drove across the highway perpendicular to the Model S.  Neither Autopilot nor the driver noticed the white side of the tractor trailer against a brightly lit sky, so the brake was not applied.  The high ride height of the trailer combined with its positioning across the road and the extremely rare circumstances of the impact caused the Model S to pass under the trailer, with the bottom of the trailer impacting the windshield of the Model S.”

Thursday, June 30, 2016

When they started using Periscope, I had hopes they might be tech savvy.  Now?  Not so much. 
19 House Democrat Websites Have Been Down For Days, Hacked Following Sit-In
Hackers took over 19 official government websites for Congressman since last Thursday after a major hacking incident compromised the network.
The affected representatives contract their website management with the company DCS Services who works exclusively with House Democrats.  People who visit the official sites of the nineteen affected legislators see a “site under maintenance” message.
   Ferson said that at this point, they have no evidence or specific reasons to believe that the hack was directly related to the day-long protest over gun control, but Gordon Stanton, director of congressional services at DCS, said that “we do not believe it is a coincidence that this happened just as the Democrats started officially wrapping up their sit-in on efforts to prevent gun violence.”
   Politico reported that DCS builds its websites using Joomla, a content management system that has a history of significant security flaws and that, “anger at DCS is so widespread that some aides [from affected offices] asked colleagues on an internal email list for suggestions of other vendors.”
   This latest hack follows a string of security breaches for Democratic Party officials, including a hack of the Democratic National Committee.  


An ethical question for my students to ponder.
Terror-suspect database used by banks, governments, has been leaked
A database described by some as a "terrorism blacklist" has fallen into the hands of a white-hat hacker who may decide to make it accessible to the public online.

The database, called World-Check, belongs to Thomson Reuters and is used by banks, governments and intelligence agencies to screen people for criminal ties and links to terrorism.
Security researcher Chris Vickery claims to have obtained a 2014 copy of the database.  He announced the details on Tuesday in a post on Reddit.
"No hacking was involved in my acquisition of this data," he wrote.  "I would call it more of a leak than anything, although not directly from Thomson Reuters."
   His copy of the World-Check database contains the names of over 2.2 million people and organizations declared "heightened risks."  Only a small part of the data features a terrorism category.  Additional categories include individuals with ties to money laundering, organized crime, corruption and others.
He is asking Reddit users whether he should leak the database to the public.  His concern is that innocent people with no criminal ties may have been placed on the list.
The information isn't really secret either.  Users can buy access to the database from Thomson Reuters.
Leaking the database, however, could create risks and tip off "actual bad guys" that they’ve been placed on the list, Vickery said.


For my Computer Security students.
How To Protect Yourself From These 8 Social Engineering Attacks


For all my students!
New Google tool tracks user behavior across applications
by Sabrina I. Pacifici on Jun 29, 2016
The Guardian: “Google has rolled out new tools to let users see what its ad-tracking service has learned about them, and to let users opt in or out of a new personalised ads service.  The addition to Google’s account settings, called My Activity, allows users to review everything that Google has tracked about their behaviour – across search, YouTube, Chrome, Android and everything else – and edit or delete it at each step.  If you use Google for everything you do, you might be surprised by just how much it catalogues about your comings and goings on the internet…”


Japan has always feared foreigners.  I see the US becoming more like them.
Totally forgetting or ignoring the lessons of what happened to Japanese-Americans in the U.S. during World War II, it seems:
Japan’s Supreme Court has approved the government’s blanket surveillance of Muslims in the country.
The country’s top court struck down a second appeal by Japanese Muslim plaintiffs against what they perceive an unconstitutional invasion of their privacy and freedom of religion.  Mohamed Fujita, whose name has been changed to protect his identity is one of the 17 plaintiffs in a lawsuit that challenged extensive monitoring of Japan’s Muslims, Al Jazeera reported.
Fujita and the other plaintiffs sued the government following the leak in 2010 of 114 police files, which revealed religious profiling of Muslims across Japan.
Read more on Pakistan Today.


Isn’t Microsoft making the same argument because the FBI keeps issuing requests for data on their Irish servers?  Will US courts agree with the Appeals Court? 
Facebook wins appeal on Belgian tracking
Originally, the regulator won its case and ordered the social network to stop tracking non-members when they visited publicly available Facebook pages.
The Brussels Appeals Court overturned that, saying the regulator had no jurisdiction over Facebook, which has its European headquarters in Ireland.
   Willem Debeuckelaere, president of the Belgium privacy commission said: "Today's decision means simply that the Belgian citizen cannot obtain privacy protection when it concerns foreign players.  The citizen is thus exposed to massive violations of privacy."
   Initially the court found in favour of the Belgian data authority.  It said that collecting the data on the web-surfing behaviour of millions of people who were not members of the social network was a "manifest" violation of Belgian data protection law, irrespective of what purposes Facebook used the data for.
   The ruling though was ultimately about who has authority over the social network.
"Belgian courts don't have international jurisdiction over Facebook Ireland, where the data concerning Europe is processed," the court said.


What assumptions are behind this?  US students can’t learn STEM?  All foreign students want jobs in the US?  Voters might like it?
Clinton wants to ‘staple’ green cards on STEM grads' diplomas
As president, Hillary Clinton would support the automatic granting of green cards, or permanent residency, to foreign students who earn advanced STEM degrees in the U.S.

(Related)  Another indication of the Democrat platform? 
Warren targets Amazon, Apple, Google in anti-monopoly speech


Modern IT Architecture.
5 steps to turning your company into a platform
We can all see the future around us. Uber, Airbnb and Alibaba have all seemed to come out of nowhere to take commanding positions in their respective sectors of local transportation, hospitality and retail.  Together, they and other companies that are basically network orchestrators with a digital platform are leading a revolution in business model design.
You, as an IT leader in a traditional sector of the economy, might wonder what this revolution has to do with you and your company.  Everything.  The benefits of this new model are so compelling, and the underlying premise is so basic, that it will inevitably take root in virtually every sector.  And as an IT leader, it is your responsibility to help your company adapt as soon as possible.

(Related) A brick and mortar business turning into and online marketplace.  Amazon is building distribution centers; Walmart already has them. 
Wal-Mart Expands Free Two-Day Shipping
   On Wednesday the retailer said it would open its free two-day shipping program to any U.S. customer, an expansion of the $49 per-year service designed to grab shoppers from Amazon’s popular $99 a year Prime program.  Until now Wal-Mart allowed only a limited and undisclosed number of shoppers to sign up.
   The move shows Wal-Mart believes the steps it has taken to improve its fulfillment capabilities have prepared it to compete head on with Amazon Prime for the growing slice of retail sales that take place online.  Wal-Mart, which has been struggling with sluggish U.S. sales growth, has made bolstering its e-commerce operation a priority and is investing $2 billion to that business.

(Related)  A whole new dimension to architect.
Companies Are Turning Drones into a Competitive Advantage
Armed with an array of sensors, commercial drones are about to become a new source for digital information.  We expect the drone market to surge to nearly $7 billion by 2020 globally, driven by regulatory clarification, continuously decreasing component costs, and – most important– ongoing innovation that connects drone capabilities to big-data analytics.
   For many companies, drones are quickly becoming another component that must be considered in developing digitalization strategies.  Backed by cloud services and big-data techniques, the unprecedented data gathering capabilities of drones have the potential to radically alter the competitive dynamics of the information landscape.


For my Enterprise Data Management students.
Report: Security teams plagued by poorly managed identity data
Security teams handling Identity and access management (IAM) are hampered by dirty data and need management help from a chief data officer, according to a new report by TechVision Research.
IAM is typically defined as a “security discipline that enables the right individuals to access the right resources at the right times for the right reasons.”  But identity data is riddled with errors, which ultimately raise security and privacy risks, the report says.
The problems include multiple versions of employee names and titles in various systems — and even “ghost” employees.  “We find a plethora of identity data challenges, including multiple authoritative sources of data, inconsistent data, redundant data, old data and misclassification of data,” the report says.


Well, I find it interesting.
How to Write a History of Writing Software
It’s hard to believe, but one of the most important changes in the way people write in the last 50 years has been largely overlooked by historians of literature.  The word processor—that is, any computer software or hardware used for writing, a nearly ubiquitous technology adopted by poets, novelists, graduate students, foreign correspondents, and CEOs—has never gotten its own literary history.
Perhaps it was just too much under our noses—or, I suppose, in front of them.
Now it finally has one.  Five years ago, Matthew Kirschenbaum, an English professor at the University of Maryland, realized that no one seemed to know who wrote the first novel with the help of a word processor.  He’s just published the fruit of his efforts: Track Changes, the first book-length story of word processing.


I’d ask my students how I was doing, but they might tell me. 
6 Speaking Tips That Will Make People Want to Listen to You
Have you run into situations where you’re talking but nobody seems to care?  Over time, maybe you’ve even noticed that people just don’t like listening to you for some reason.
This 10-minute talk by Julian Treasure explains why that might be the case and what you can do to make yourself more pleasant to the ears of others:  https://www.youtube.com/watch?v=eIho2S0ZahI


It’s not looking good for The Donald. 
Who will win the presidency?
We'll be updating our forecasts every time new data is available, every day through Nov. 8.

Wednesday, June 29, 2016

For my Computer Security students.  When the process is well understood and simple to execute, the failure is due to poor management.
It’s been what – at least a decade? – since we started seeing reports of personal and corporate information left on drives that were being resold on eBay?  And yet even now, 2/3 of drives contain personal or corporate data, according to a new study.


Local
Brian Krebs first broke the story in May that casual food chain Noodles and Company had likely had a payment card breach. Now the company has confirmed it:
Press Release
Noodles & Company Provides Notice of Data Security Incident
Broomfield, Colorado, June 28, 2016 – Noodles & Company (NASDAQ: NDLS) today announced that a recent data security incident may have compromised the security of payment information of some guests who used debit or credit cards at certain Noodles & Company locations between January 31, 2016 and June 2, 2016.  Credit and debit cards used at the affected locations are no longer at risk from the malware involved in this incident.
What Happened? On May 17, 2016, Noodles & Company began investigating unusual activity its credit card processor reported to the Company.  Noodles & Company immediately began working with third-party forensic experts to investigate these reports and to identify any signs of compromise on its computer systems.  On June 2, 2016, Noodles & Company discovered suspicious activity on its computer systems that indicated a potential compromise of guests’ debit and credit card data for some debit and credit cards used at certain Noodles & Company locations.
   The information at risk as a result of this event includes the cardholder’s name, card number, expiration date, and CVV.  A list of impacted Noodles & Company locations is available at www.noodles.com/security.  This incident did not involve online debit or credit card transactions at www.noodles.com.  
For More Information. Noodles & Company has established a dedicated assistance line for individuals seeking additional information regarding this incident.  Guests can call 888-849-1067, 9 a.m. to 9 p.m. EDT, Monday through Friday (excluding U.S. holidays).  Guests can also find information on this incident and what they can do to better protect against fraud and identity theft at www.noodles.com/security.
For more information and a list of affected locations, see their FAQ on the incident.


Oh goodie.  Now I can check to see if anyone has noticed that I’m an idiot.
Jason C. Gavejian writes:
Beginning January 1, 2017, employees in Colorado will now have a right to inspect and copy their personnel files.  Prior to this law, Colorado had no law granting private-sector employees access to their personnel records.
Under the new law, upon a current employee’s request, an employer must allow that employee to inspect and obtain a copy of any part of the employee’s personnel file at least once annually.


From where do such ideas arise?  Simple expansion of the bureaucracy?  Sinister ulterior motives? 
Shane Vander Hart reports:
The National Assessment Governing Board (NAGB) that governs the National Assessment of Educational Progress (NAEP) has announced it will expand beyond assessing students’ academic content knowledge to also include subjective, non-cognitive, socioemotional parameters.  Such factors will include “grit,” “desire for learning,” and “school climate.”  Assessing “mindsets” of students potentially will allow the government to determine and possibly reshape children’s moral and religious beliefs about controversial social issues.
American Principles Project, Eagle Forum and Education Liberty Watch along with five additional national organizations, as well as, 69 state organizations in 29 states have joined Liberty Counsel to object what they see as illegal changes to the NAEP.  (Disclosure: This author is among those who have joined Liberty Counsel.)
Read more on Caffeinated Thoughts.   (And could I NOT love a blog with that name!)
[From the article:
As Liberty Counsel demonstrates in its letter to three congressional committees, if these factors are assessed as part of the NAEP test itself, their inclusion violates federal law prohibiting assessment of “personal or family beliefs and attitudes” via 20 USC section 9622.  If they are instead part of the background survey given to students, their inclusion violates the Protection of Pupil Rights Amendment, 20 USC section 1232(h), which requires that such material be made available for parental inspection before administration.


The future of lawyering?  I have some students who are learning to write Apps, I wonder where I could find lawyers who know of other simple legal applications?
This Teen's Lawyer-Bot Is Busting Thousands Of Parking Tickets
   Browder’s web-based bot DoNotPay has appealed 250,000 parking tickets in London since last September, and in New York since March 2016.  It has successfully overturned 160,000 of them.
“When I got to the legal driving age of 18 I got a lot of parking tickets,” he admitted in a phone interview.  “I started appealing them.  Then I started helping my friends.”
Browder thought it would fun to build an automated bot — essentially software that understands human language well enough to hold a basic conversation — that could talk his friends and family through the process of appealing a ticket.

(Related)  Or lawyers could build their own.
MIT App Inventor


Perspective.
Leaked Lyft numbers show it had a record May, but growth could be 'flat' after that
Lyft had a record May, completing 12.7 million rides in the month, according to a leaked investor update viewed by Business Insider.
   At that pace, the ride-hailing company said the net value of its rides — that's the ride value minus tips and tolls — is on track for a nearly $1.9 billion run rate, or a total net value of its rides over 12 months.
·  Loss: Lyft remains on track to not lose more than $600 million per year
·  Monthly ride volume: Rides increased by nearly 1.3 million month-over-month to 12.7 million, a new record for the company. At that pace, Lyft predicts its will complete around 152 million rides this year


For those days when I don’t feel like lecturing.
10+ Alternatives to TED Talks You May Not Have Seen Yet
   TED Talks aren’t the only way to get you closer to big ideas.  The alternatives to TED Talks enable you expand your world view in little ways too.  Some of the links below will take you to events that are much easier on the pocket (without watering down the knowledge), and some are free.  Of course, you can catch them all for free on the web.

Tuesday, June 28, 2016

A small breach that moves well beyond a “prank.”
BBC reports:
The personal details of 112,000 French police officers have been uploaded to Google Drive in a security breach just a fortnight after two officers were murdered at their home by a jihadist.
A mutual organisation which provides extra health and other insurance benefits for police says the details were uploaded by a disgruntled worker.
It has said the files are protected by a password and there is no reason to believe details have been accessed.
Read more on BBC.


Is Big Data always better data?
Google gives 700 trillion-pixels makeover to Maps and Earth apps
Finding Google Maps, Google Earth apps prettier? Yes, the search giant Google has been working on it and has rolled out sharper and more seamless imagery to the tools.
The update includes photos from Landsat 8
   Google claims that it is mining data from nearly a petabyte of Landsat imagery.  To put that in perspective, 700 trillion pixels is 7,000 times more pixels than the estimated number of stars in the Milky Way Galaxy, or 70 times more pixels than the estimated number of galaxies in the Universe.


Another highly biased look at the Megaupload saga.  Is our Justice Department really that disorganized? 
From file-sharing to prison: A Megaupload programmer tells his story


Perhaps we could take the resulting program and translate it into other languages?
Google Thinks the Future of Code is Toy Blocks
   as programming becomes an increasingly important part of the modern world—this is the new construction—educators and researchers are trying to make it more fun and approachable, particularly for young kids with little patience for frustration and abstraction.  In recent years, they’ve tried everything from kids books to games like Minecraft.  Now, with a new initiative called Project Bloks, a team of Google researchers is trying to make coding a hands-on experience—literally.


Useful for all my students?  Share what you have learned?  I’d rather have one that lets me grab their screen rather than have them push a screen to me. 
Google is making its educational tools more powerful
   Today, Google is announcing new tools and expanded capabilities of its existing tools for educators that stand to make its position in the classroom even stronger.
The first new tool is Cast for Education, which lets students and teachers share their screens from anywhere in the classroom to the computer that’s plugged into the projector.  Teachers turn their main computer into a Cast destination and then can approve Cast requests from students on a case by case basis.  Google says the idea behind this feature is to expand the use of the projector - one of the most widely used devices in the classroom - to people other than the teacher and to foster improved interaction with students.  Cast for Education is designed to work with the complex wireless networks that are often found in schools and allows both video and audio sharing.  It is available in beta as a Chrome app that works in Chrome OS, Mac, and Windows for free starting today.


Great, if I gave quizzes.
Google Forms Can Now Automatically Grade Quizzes Without an Add-on
For a long time Flubaroo has been one of my go-to recommendations for easy scoring of quizzes created in Google Forms.  Today, Google made it easier than ever to have quizzes scored for you and to show students their scores.  Now when you create a Google Form you can go into the Form settings and choose the quiz option.  Within the quiz option you can choose to have your questions scored as students answer them.  You can also choose to show students their scores as well as correct answers.  See my screenshot below to learn where you can find the new quiz scoring options.
The new automatic quiz scoring feature will make it easier to quickly deliver feedback to your students when they take multiple choice or true/false quizzes.
The automatic quiz scoring feature only supports multiple choice and true/false questions at this time.  If you want to have short answer or fill-in-the-blank questions scored for you, you will need to use Flubaroo in Google Sheets.

Monday, June 27, 2016

Regardless of their motive, I can use breaches like this to show my Computer Security students that no one is invulnerable. 
Google CEO's Quora account briefly hijacked by Mark Zuckerberg hackers
Google CEO Sundar Pichai had his Quora account hacked last night, becoming the latest in a list of major tech figures to have their social media presences hijacked by a group calling itself "OurMine."  The breach comes less than a month after both Mark Zuckerberg and Spotify boss Daniel Ek suffered a similar fate.
   Speaking to Mic, OurMine claimed to be a three-person team.  Some experts suggest the group is breaching big-name accounts using older databases of passwords available to nefarious actors: a method may explain why it was Pichai's Quora account hijacked in this case, rather than far more frequently trafficked networks like Twitter or Facebook.  Earlier this month, Mark Zuckerberg's Pinterest account was hacked alongside his Twitter account, with OurMine clearly stating that it had gained access using the password "dadada," revealed as part of the 2012 LinkedIn hack.
   It's not clear whether Pichai paid to regain access to his Quora account, but both the comments and the auto-tweets were deleted a few hours after they were posted.


Another IRS security failure.  Perhaps they should hire someone who knows how to do it?  (If the IRS could deny attackers as easily as it denies deductions, they would be security gods!) 
IRS Shuts Down e-File PIN Tool After More Attacks
   The e-File PIN tool on IRS.gov allowed taxpayers to generate PINs that they could use to file tax returns online.  The agency reported in February that identity thieves had obtained more than 100,000 PINs by launching an automated bot attack against the tool.
Fraudsters had used names, addresses, dates of birth, filing statuses and social security numbers obtained from other sources to abuse the e-File PIN tool.  The IRS kept the application online – at the time it had been used by most commercial tax software products – but implemented additional security features.
The agency recently detected another round of automated attacks at an increasing frequency and despite only a small number of PINs being affected, it has decided to shut down the program as a safety measure.  The IRS believes only a small segment of taxpayers are affected because most users don’t actually need the PIN to electronically file tax returns.


You can never underestimate stupid.
This is one of those stories that may be best read if you’ve had a bit of caffeine first.  Otherwise, you may just wind up shaking your head for quite a while.
Andrea McCarren reports that a DC man who was supposed to be monitored by a GPS tracking device while confined to his home escaped surveillance by…. wait for it… simply taking off the prosthetic limb it had been attached to and using his spare prosthetic limb.
Why a contractor’s employee attached a GPS device to a prosthetic limb and not a real one is one of those questions where you’re likely to get a “Human Error” catch-all explanation.
The story might be a bit of a chuckler were it not for the fact that the 34-year-old suspect, Quincy Green, allegedly gunned down a man while he was supposedly at home being monitored.
McCarren explains:
After a gun possession charge in April, Dana Hamilton’s alleged killer was confined to his home while awaiting trial.  He was equipped with a GPS tracking device.  But somehow, the technician from Sentinel, the California-based government contractor, placed it on Green’s prosthetic leg.
“Here you have a company [Sentinel] that comes along and working with DC government, doesn’t even follow their own protocols,” said Russ Mullins, an Executive Shop Steward at the Fraternal Order of Police.
Read more on WUSA.


Will this upset their partners? 
Finally, the rumor we’ve been waiting for: Google is working on its own line of smartphones that could be available by the end of the year.
Google’s Android operating system already runs on several phones, and it’s partnered with companies like Huawei to license the Nexus phone. But sources tell The Telegraph that the company wants to release its own handset and venture further into hardware. This would allow it to control everything about Android, just like a certain other company controls everything about the iPhone.

(Related)  Is this what is driving the Google entry into smartphones?
This $4 smartphone finally has a ship date after sparking investigations
Chances are, if something sounds too good to be true, it probably is.
That seemed to be the case for the Freedom 251, the world's cheapest smartphone, announced in February.  Ringing Bells, the Indian company behind the phone, sparked controversy when it claimed the smartphone would sell for just $4. 
   The ICA also accused Ringing Bells of potentially fraudulent claims saying even the cheapest build-of-materials would cost about $40 for a phone with barebone specs such as Android 5.1, a 4-inch screen, 1.3GHz quad-core processor, 1GB of RAM, 8GB of internal storage, 1,450 mAh battery, and a 3.2-megapixel back and 0.3-megapixel front camera.
Furthermore, there was no clear wireless carrier backing the $4 phone and providing subsidies on it to offer savings to customers.
Just when things couldn't get any worse, it was discovered that the Freedom 251 was actually an illegally rebadged version of China's Adcom Ikon 4, which sells for about $54.  Oh, and the app icons were basically ripped right off iOS.
   Fast forward a couple of months and 70 million registrations for the device later and Ringing Bells is finally gearing up to ship the first $4 Freedom 251 phones to customers on June 30, according to IANS.
   The company plans to fulfill 2.5 million orders by the end of the month and ship 200,000 units per month afterwards.


Will other industries be as resistant to change? 
New on LLRX – Bots, Big Data, Blockchain, and AI – Disruption or Incremental Change?
by Sabrina I. Pacifici on Jun 26, 2016
Via LLRX.comBots, Big Data, Blockchain, and AI – Disruption or Incremental Change?Ron Friedmann discusses the potential, likely and unlikely impact of high profile disruptive technologies on Big Law – including Bid Data. blockchain, AI and bots.


Something for my Architecture students.
IoT and Implications for Organizational Structure
In the classic structure, a business is divided into functional units, such as R&D, manufacturing, logistics, sales, marketing, after-sale service, finance, and IT.  These functional units enjoy substantial autonomy.  Though integration across them is essential, much of it tends to be relatively episodic and tactical.
With the emergence of smart, connected products, however, this classic model breaks down.  On June 9, 2016 James Heppelmann, president and CEO of PTC and co-author of the Harvard Business Review article “How Smart, Connected Products Are Transforming Companies,” discussed the new need for companies to coordinate across product design, cloud operation, service improvement, and customer engagement.


An Amazon win or a consumer befuddlement?  (Or both)
Amazon to Add Dozens of Brands to Dash Buttons, but Do Shoppers Want Them?
Amazon.com Inc. is doubling down on its Dash push-button ordering devices, getting consumer-products makers to invest in the gadgets even amid evidence that consumers are cool to them.
   Mistaken by some as an April Fool’s joke when Amazon rolled them out in the spring of 2015, the thumb-drive-sized devices enable shoppers to order things like Tide detergent and Cottonelle toilet paper simply by pressing a button.  Customers are encouraged to put the wireless devices by their refrigerators and washing machines for quick reordering.
But fewer than half of people who bought a Dash button since March 2015 have used it to place an actual order, estimates Slice Intelligence, which conducts market research based on emailed consumer receipts.  Those consumers who do order make a purchase roughly once every two months, Slice found.
   Companies pay Amazon $15 for each button sold and 15% of each Dash product sale, atop the normal commission, which typically ranges from 8% to 15%, the people familiar with the matter said.
For their part, consumers pay $5 per button, though Amazon sweetens the deal by offering a $5 rebate for every button.  The rebate is good toward the first purchase using that button.  Only members of Amazon’s $99-per-year Prime membership are eligible to use the Dash buttons.


Can police demand a breathalyzer test of anyone at any time, driving or not? 
Supreme Court Verdict: Refusing Breathalyzer Is A Crime
Justice Samuel Alito delivered the 5-to-3 decision in Thursday's case, saying that breath tests do not implicate "significant" concerns in privacy.


The race for bragging rights?
U.S. To Field 200 Petaflop ‘Summit’ Supercomputer In 2018 Doubling Performance Of Chinese Rivals
There is one constant in the world of supercomputers: no one is going to be 'fastest' for long.  In fact, some supercomputers can seem downright slow after only a couple of years, as hardware continues to become faster and more dense.
Take for example Oak Ridge's TITAN supercomputer.  Launched in 2013, this supercomputer managed to push about 20 petaFLOPs of throughput (17.59 pFLOPs LINPACK; 27 pFLOPs theoretical).  At the time, that was downright mind-blowing. But consider TaihuLight, China's latest supercomputer, coming in at 93 petaFLOPs.  For those who don't want to grab a calculator or exercise simple math, that means that in a mere three years, China managed to push out a supercomputer 5x faster than ORNL's TITAN.
   ORNL's next supercomputer is going to be called Summit, and it's expected that it will launch with 200 petaFLOPs capabilities.  For a system that's set to launch in early 2018, a literal doubling of China's new TaihuLight is downright mind-boggling.