Saturday, July 22, 2017

Trademark infringement is one thing.  Could Microsoft act as an agent of US Cyber Command?  Can a corporation successfully battle a state-sponsored hacker group?  I shudder to think of the downside.  ALSO: This process will have to speed up.  These domains were used for at least a year. 
Microsoft Goes After Russian Election Hacker Group Fancy Bear Seizing Control Of 70 Domains
   To make their attacks seem as normal as possible, Fancy Bear uses a control center that heavily utilizes URLs meant to mimic Microsoft's own; eg: "livemicrosoft.net".  Often, control centers will use explicit IPs to avoid issue, but because Fancy Bear decided to infringe on Microsoft's trademarks, it screwed itself over.  Microsoft ordinarily wouldn't have had much control here, but when the domains use its trademarks, that changes everything.
   Ultimately, Microsoft severely disrupted [??? Bob] Fancy Bear's network by ceasing over 70 domains.  Microsoft will now be able to reconfigure these domains to route elsewhere, while at the same time gaining insight into the people or organizations Fancy Bear has been targeting.
Even with its trademarks being infringed upon, Microsoft's journey here has not been easy.  In total, it had to submit 52 subpoenas, 46 informal inquiries abroad, and had to go through the effort of tracking down domain names that are hugely obfuscated through the use of Tor and even Bitcoin.
The best part in all of this is how much it disrupts Fancy Bear's work.  The group will have to work around this severing, which won't happen quickly (or easily).  Microsoft is being proactive, too, seeking approval to seize 9,000 domain names that its algorithms believe Fancy Bear will register next.


For my Computer Security (and many other) students.
From the Federal Trade Commission:
As part of its ongoing efforts to help businesses ensure they are taking reasonable steps to protect and secure consumer data, the Federal Trade Commission is publishing a series of blog posts using hypothetical examples based on lessons from closed investigations, FTC law enforcement actions, and questions from businesses.  These new posts will build on the FTC’s Start with Security guide for businesses.
FTC Acting Chairman Maureen K. Ohlhausen pledged earlier this year to be more transparent about the lessons learned from the FTC’s closed data security investigations and to provide additional information for businesses about practices that contribute to reasonable data security, culminating in this “Stick with Security” Initiative.
In the first blog post published today, the FTC highlights some of the themes that have emerged from an examination of closed FTC data security investigations.  For example, while news reports might call attention to a data breach, they might not focus on the fact that the company that suffered the breach had encrypted the data, which substantially reduces the risk of consumer injury.  Another lesson gleaned is that security researchers’ valuable work can alert us to new vulnerabilities, but sometimes the risk of a vulnerability being exploited to cause consumer injury is more theoretical than likely.  Another key lesson is that in almost every closed case, the entities involved used the same common-sense security fundamentals outlined in the FTC’s Start with Security guide for businesses.
The FTC’s Business Blog will publish an additional post each Friday.
The Federal Trade Commission works to promote competition, and protect and educate consumers.  You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357).  Like the FTC on Facebook(link is external), follow us on Twitter(link is external), read our blogs and subscribe to press releases for the latest FTC news and resources.
PRESS RELEASE REFERENCE:


It’s a grey area and this doesn’t really clear this up, but they do offer some tips.
   if you want to keep their eyes off of your data, it’s a good idea to not have much data on your phone when you travel.  Switching your SIM over to a burner phone is easy, and keeps all of your private information elsewhere.  You can also backup and wipe your phone before you travel.  Fully encrypting your device will make copies less useful, and keeping sensitive documents and photos in the cloud instead of on your device makes them harder to get to.
Again, remember that these actions might raise the suspicions of border agents.  And that could cause you a lot of inconvenience.  That doesn’t mean it isn’t worth doing — just remember that you’re making a trade-off.


If not new law, at least new questions. 
Lawmakers push regulators on how Amazon's Whole Foods deal could affect 'food deserts'
   In a letter spearheaded by Rep. Marcia Fudge (D-Ohio) following her meeting Amazon, the lawmakers said the DOJ and FTC should look at the acquisition “beyond the normal antitrust process that only examines competitive impact.”
Lawmakers said the deals impacts could be far reaching and potentially affect “food deserts” or underserved communities that don’t have access to fresh, affordable groceries.  They want to know if the deal would contribute to this problem
Fudge and the other lawmakers clarified that they’re not opposed to the deal, but that they are concerned with its impacts on African-American communities across the country that are disproportionately affected by food deserts.  
   Many antitrust experts expect the acquisition won't run afoul of antitrust regulators.  Whole Foods and Amazon generally operate in different retail spaces, with Amazon dominating the digital market and Whole Foods serving mainly as a brick-and-mortar, high-end grocer.


Perspective.  How to predict the jobs AI (or other technology) will (and maybe should) replace?
When Jobs Become Commodities
We don’t typically think of the jobs that we perform as commodities.  The Merriam-Webster entry on commodity describes it as “a mass-produced unspecialized product.”  But most of us view our jobs as specialized or somehow differentiated.  We typically believe that we do them differently, and often better, than anyone else with the same job.  In fact, we’d probably argue that no one does exactly the same job we do — that we perform at least a slightly different set of tasks, or perform them in a slightly different way, than any coworker.  
We may well be right about that, but the world of business and management increasingly feels otherwise.  Jobs are increasingly viewed as undifferentiated and interchangeable across humans and machines — the very definition of a commodity.
   A recent Bloomberg Businessweek visual analytic suggests that jobs that disappeared in the first four months of 2017 compared with the same period in 2016 were not lost to automation, but were lost because fewer customers wanted to buy the products and services they produce.  They include jobs in wired telecommunications, department stores, and coal mining.
For many organizations today, the next big driver of job commoditization is automation driven by smart machines.  Simply put, if a job is viewed as a commodity, it won’t be long before it is automated.  My research on automation through artificial intelligence (AI) or cognitive technologies suggests that if a job can be outsourced, many of the tasks typically performed by the jobholder can probably be automated — even by relatively “dumb” technologies like robotic process automation.


I wonder how many of my students (all of whom have smartphones) know this?
   your smartphone probably has an FM radio receiver built right into it.  You just need to activate it, and we’re here to help you do just that.


Tools for my students.
   Reading the news today isn’t as simple as it used to be.  There is an information overload that you need to counter.  Plenty of sites have their own biases that you have to manoeuvre.  And lots of smaller news outlets have the most interesting articles.
So change how you read news: take small bites, track a single subject, or read the most trending articles. These sites and apps will give you an interesting way to consume news.
4. Gong
5. Top.st


For my Software Architecture students. 


I wish Amit posted to his blog more often.
How to Write a Twitter Bot in 5 Minutes
Twitter Bots can do interesting things.  For instance, a grammar bot can monitors tweets containing misspellings and tweet the correct spelling.  You can tweet questions to @DearAssistant and the Twitter bot  responds like Siri.  The @HundredZeros bot tweets links to eBooks that are free on Amazon.  @WhatTheFare will tell you the Uber fare between any two locations.
   Writing a Twitter bot is easy, you do not need any coding skills and you can make one live in under 5 minutes.  While most Twitter bots on the Internet require some understanding in Python, Node.js or Ruby, our bots are hosted on Google servers and require “zero” programming.
Visit digitalinspiration.com/bots to get started.  The Twitter Bots are internally written using Google Scripts.


Things all our students should know?
Survey says Python is tops with developers
Python … is used by nearly 20 percent of respondents, giving it the top spot.  The report echoes Python’s high rankings in language popularity indexes from Tiobe, PyPL, and RedMonk, which all have the language finishing in their recent top five rankings.
   The top 10 ranking tools according to the report were as follows:
  1. Python programming language
  2. The Git software version control system
  3. Microsoft’s Visual Studio IDE
  4. Eclipse IDE
  5. Java programming language
  6. The Notepad++ code editor
  7. Linux
  8. R statistical language.
  9. Docker container system
  10. Microsoft Excel 


Just an observation.  Note how many of these stories are about financial technology start-ups.  That seems to be the new “hot market.” 
These were the 10 biggest European tech stories this week

Friday, July 21, 2017

Vulnerabilities are where you find them.  On the Internet of Things, they don’t have to look like computers.
Selena Larson reports:
Hackers attempted to steal data from a North American casino through a fish tank connected to the internet, according to a report from security firm Darktrace.
Despite extra security precautions set up on the fish tank, hackers still managed to compromise the tank to send data to a device in Finland before the threat was discovered and stopped.
“Someone used the fish tank to get into the network, and once they were in the fish tank, they scanned and found other vulnerabilities and moved laterally to other places in the network,” Justin Feir, director for cyber intelligence and analysis at Darktrace, explained to CNN Tech.
Read more on CNN Tech.


More for my students to read.
Defenders Gaining on Attackers, But Attacks Becoming More Destructive: Cisco
Cisco's just-released Midyear Cybersecurity Report (PDF) draws on the accumulated work of the Cisco Security Research members.  The result shows some improvement in industry's security posture, but warns about the accelerating pace of change and sophistication in the global cyber threat landscape.
Improvements can be demonstrated by the mean 'time to detect.'  When monitoring first began in November 2015, this stood at 39 hours; but it narrowed to about 3.5 hours in the period from November 2016 to May 2017.


“We’re your government.  We’re here to help you!” 
Morgan Chalfant reports:
A breach of a Kansas Department of Commerce system exposed more than 5 million Social Security numbers to hackers, according to a report from a local news outlet.
The Kansas News Service obtained information through a public records request that revealed that roughly 5.5 million Social Security numbers from individuals in 10 states were accessed in the data breach in March.
The data is managed by a division of the department called America’s Job Link Alliance-TS that helps job seekers across 16 states find employment.
Read more on The Hill.


May have some implications, but likely to be offset by the difficulty in proving that any government actions are intended to benefit citizens.
Michael Breslin, Christian Henel, Jon Neiditz, and Gunjan Talati of Kilpatrick Townsend & Stockton LLP write:
The United States District Court for the District of Columbia recently endorsed private citizens bringing data breach claims directly against a government contractor where the contractor failed adequately to safeguard the citizens’ personal information.  In McDowell v. CGI Federal Inc., No. 15-1157, 2017 WL 2392423 (D.D.C. June 1, 2017), the district court ruled a private party can survive a contractor’s motion to dismiss by claiming to be an “intended beneficiary” of terms commonly found in government contracts involving the storage or transmission of sensitive consumer information.  This ruling potentially expands class action liability exposure for government contractors who receive consumers’ personal information during the course of performing government contracts.
Read more on JDSupra.


“Hey!  They’re crooks!  Why should they have any privacy!”  (See the next article)
Adam Klasfeld reports:
With the Supreme Court bracing to decide whether the government needs a warrant to track cellphone location data, a New York federal judge behind one famous case involving mass surveillance answered that question in the negative.
The setback for privacy rights came in the case of Pedro Serrano, a New Yorker charged with hoarding 122 cartridges of ammunition and a bulletproof vest in his apartment in East Harlem.
Read more on Courthouse News.
[From the article:  
“It is almost as if cell phone users must relinquish some privacy interests — at least related to their location — as a prerequisite to using a device so embedded in everyday life,” Pauley wrote in an eight-page ruling.  “But current Fourth Amendment jurisprudence affords no privacy interest in records created by a third party based on information voluntarily provided.”


For all my students.
Paper – ‘I’ve Got Nothing to Hide’ and Other Misunderstandings of Privacy
by on
Solove, Daniel J., ‘I’ve Got Nothing to Hide’ and Other Misunderstandings of Privacy. San Diego Law Review, Vol. 44, p. 745, 2007; GWU Law School Public Law Research Paper No. 289. Available at SSRN: https://ssrn.com/abstract=998565
“In this short essay, written for a symposium in the San Diego Law Review, Professor Daniel Solove examines the nothing to hide argument.  When asked about government surveillance and data mining, many people respond by declaring: “I’ve got nothing to hide.”  According to the nothing to hide argument, there is no threat to privacy unless the government uncovers unlawful activity, in which case a person has no legitimate justification to claim that it remain private.  The nothing to hide argument and its variants are quite prevalent, and thus are worth addressing.  In this essay, Solove critiques the nothing to hide argument and exposes its faulty underpinnings.”


For my students.  This is the world you will have to endure.  In New York (and New Jersey) things frequently “fall off the truck.” 
Comptroller: New York City Schools Are Poor at Tracking Technology
New York City Comptroller Scott Stringer demanded the city school system fix the way its keeps track of its computers, saying Wednesday that auditors inspecting a small sample of buildings couldn’t find nearly 2,000 desktops, laptops and tablets that were supposed to be there.
The comptroller’s charges repeated claims he made against the Department of Education in December 2014.  Both times, the department countered that the audit’s methodology was deeply flawed.


The Founding Fathers were clearly ‘gamers.’ 
Judge Rules Milwaukee Flouted U.S. Constitution in Response to 'Pokemon Go' Craze
Life, liberty and the pursuit of pokemon. Not quite the ideals the United States were founded upon, but close enough.  On Thursday, a Wisconsin federal judge issued a preliminary injunction barring Milwaukee from enforcing an ordinance that was adopted in reaction to 2016's Pokemon Go phenomenon.  The ruling from the court is that the ordinance likely violates the First Amendment.
City officials were aghast at large numbers of individuals playing Pokemon Go who visited parks, littered, trampled grass and flowers, and stayed past park hours.  It cost the city tens of thousands of dollars in additional law enforcement and park maintenance services.  So in January, the Midwestern city decided to require permits for virtual and location-based augmented reality games.  Companies releasing games were told to go through a process that reviews the "appropriateness of the application," submit a "certificate of insurance" in the amount of $1 million of general liability coverage, and potentially pay other fees as well.


We can’t allow that to happen, so I want to create a fund to invest in AI start-ups.  Send me money and I’ll look for worthy investments. 
China announces goal of leadership in artificial intelligence by 2030
China's government has announced a goal of becoming a global leader in artificial intelligence in just over a decade, putting political muscle behind growing investment by Chinese companies in developing self-driving cars and other advances.
Communist leaders see AI as key to making China an "economic power," said a Cabinet statement on Thursday.  It calls for developing skills and research and educational resources to achieve "major breakthroughs" by 2025 and make China a world leader by 2030.


How to sneak spies into proximity to the President. 
During ‘Made in America Week,’ President Trump’s Mar-a-Lago Club applies to hire 70 foreign workers
President Trump's Mar-a-Lago Club in Florida has asked permission to hire 70 foreign workers this fall, attesting — in the middle of the White House's “Made in America Week” — that it cannot find qualified Americans to serve as cooks, waiters and housekeepers.


Impact out of proportion to the actual size of the deal?  Can Amazon enter a market in a small way? 
Amazon's latest assault wipes $12.5 billion off Home Depot, other appliance-seller stocks
   The market cap loss in Home Depot, Lowe's, Whirlpool and Best Buy was about $12.5 billion by the end of the day, after falling to more than $13 billion.  Amazon stock was up slightly, and Sears closed up about 10 percent.


This blogger writes for K-12 teachers.  Many posts (like this one) assume all students have  smartphones.
DIY VR Viewer
Expeditions is the mobile app that allows users to experience virtual reality tours when they place their phones into virtual reality viewers like the Google Cardboard viewers.  If you can't buy VR viewers for your classroom or you just like DIY projects, it is possible to make your own VR viewer with just a few common materials.  YouTube "celebrity" Roman UrsuHack offers the following video that provides an overview of making your own VR viewer.
The template that Roman UrsuHack follows in the video can be found here (link opens a PDF).


Clearly, I have biases.  I read this as, “Twits of Congress…” 
Tweets of Congress: Output from 1000+ accounts for any given day
by on
Data Driven Jounalism – “Tweets of Congress is a project collating the daily Twitter output of both houses of the United States Congress, encompassing the accounts of members, political parties, committees and caucuses (around 1,070 accounts in total).  There are two components to the project: a backend app for data collection and serialization and a frontend Github-hosted site offering JSON datasets for given days.  The App – The backend app, the Congressional Tweet Automator, is a light NodeJS program backed by a Redis data store for tracking tweets and users.  The app uses the Twit and Github modules, respectively, for interfacing with the Twitter and Github APIs.  There are also some utility functions to track time and the like…”

Thursday, July 20, 2017

This is either a very strange hacker or some really poor reporting.  Somehow, much of the detail seems to be missing from this story.  For instance, what was a “Homeland Security Agent” doing here? 
Montco man tells feds he stole $40M in bitcoin
Police on the trail of two missing laptops and a gold necklace followed it to the Montgomery County home of a self-described computer hacker who claims responsibility for what could be one of the largest virtual currency heists of all time, court documents say.
Theodore Price of Hatfield told a local detective and a Homeland Security agent investigating a burglary at the Holland Township, Bucks County, home of his girlfriend’s parents that he wrote software to steal between $40 million and $50 million in the online currency bitcoin, the documents say.
When the officers arrived at his door last week, he told them he had been preparing to flee to London on a chartered jet using a fake passport in the name of “Avengers” movie star Jeremy Renner, a complaint filed in federal court Wednesday says.
   A court document filed last week that charged Price with unauthorized access to a computer to commit a federal crime for personal financial gain listed the value of the stolen bitcoin at between $40 million and $50 million.
Assistant U.S. Attorney Lesley Bonney said the unauthorized access charge has since been withdrawn, but would not say why Price was not charged with the bitcoin theft he admitted to the agent.


Imagine overriding a self-driving car…  This is like that.
Segway miniPRO Flaws Put Riders at Risk of Injury
   IOActive researchers analyzed the miniPRO application and determined that an attacker could have intercepted unencrypted Bluetooth communications between the scooter and the mobile app.
While the app did require a PIN when launched, experts determined that the Bluetooth interface was unprotected at the protocol level, allowing an attacker to access it and remotely conduct various actions.


A warning for my students.
   LeakerLocker … locks your home screen but doesn’t encrypt everything you’ve got on your device.  It’s still ransomware, however, because it warns that it’s gathering your browser data, text messages, call history, location information, emails, social media messages, and photos.  It states that, without paying up, it will leak all this private data to your contacts.


“If it costs money or takes time, we’re against it!”  The DHS report is a “must read” for my Ethical Hacking students.
Telecom Lobbyists Downplayed ‘Theoretical’ Security Flaws in Mobile Data Backbone
   In May, the DHS published an in-depth, 125-page report on government mobile device security, which noted that SS7 "vulnerabilities can be exploited by criminals, terrorists, and nation-state actors/foreign intelligence organizations."  DHS noted that it currently doesn't have the authority to require carriers to perform security audits on their network infrastructure, or the authority to compel mobile carrier network owners to provide information to assess the security of these communication networks.
CTIA took several issues with the report.  In its own white paper responding to the DHS, CTIA told US politicians in May that focusing on some SS7 attacks is "unhelpful," said the report "focuses on perceived shortcomings" in the protocol, and claimed that talking about the issues may help hackers, according to the white paper obtained by Motherboard.  Specifics from the paper were discussed by Motherboard with CTIA officials.  


I’ve been discussing this with my students.  Does your organization know what CPU is in each machine?  Will security suffer if some of your computers can’t be updated? 
Confirmed: Windows 10 will cut off devices with older CPUs
After stories arose of failed attempts to upgrade such hardware to the Creators Update, Microsoft confirmed late Wednesday that any hardware device that falls out of the manufacturer’s support cycle may be ineligible for future Windows 10 updates.
   “Recognizing that a combination of hardware, driver and firmware support is required to have a good Windows 10 experience, we updated our support lifecycle policy to align with the hardware support period for a given device,” Microsoft said in a statement.  “If a hardware partner stops supporting a given device or one of its key components and stops providing driver updates, firmware updates, or fixes, it may mean that device will not be able to properly run a future Windows 10 feature update.”


Perhaps we do have a problem of “reading for comprehension.”  I assume the managers in this company could have read the law, or their lawyers warning about the law?  By the way, that fine is way too small.  Shouldn’t they get hit for at least 10 cents per email?  (£80,000 is $103,757.60 according to Google, which works out to .015 cents per email.) 
Price comparison website Moneysupermarket.com Ltd has been fined £80,000 by the Information Commissioner’s Office (ICO) for sending millions of emails to customers who had made it clear they didn’t want to be contacted in that way.
The company sent 7.1 million emails over 10 days updating customers with its Terms and Conditions. But all the recipients had previously opted out of direct marketing.
Moneysupermarket’s email included a section entitled ‘Preference Centre Update’ which read:
“We hold an e-mail address for you which means we could be sending you personalised news, products and promot¡ons.  You’ve told us in the past you prefer not to receive these.  If you’d like to reconsider, simply click the following link to start receiving our e-mails.”
Asking people to consent to future marketing messages when they have already opted out is against the law.


Legal exceptions to constitutional rights? 
From the ACLU:
Records obtained by the ACLU of Massachusetts reveal extensive, warrantless surveillance of Massachusetts residents’ communications records.  Under a law passed in 2008, prosecutors in Massachusetts may demand IP address logs, subscriber information, banking and credit card records, and call records revealing sensitive details about a person’s life—all without any judicial oversight or external accountability.  The Boston Globe reports:
“It’s a sanctioned fishing expedition tool,” said Kade Crockford, director of the Technology for Liberty Program at the ACLU of Massachusetts.  “It shouldn’t be easy for law enforcement to dig around in our communications records, and find out who we’re talking to, and for how long, and be able to strip us of our anonymity online, simply by signing a piece of paper.” …
Read more on The ACLU.


Would you cut of the President?  Imagine the downside! 
Twitter Crackdown on Abuse Raises Question: Do the Rules Apply to Trump?
Twitter Inc. said it has clamped down on harassment on its service, a campaign that is forcing the company to confront tricky questions about how it applies its standards.


A nightmare: Think of a Big Brother-like world where all devices switch to any appearance of President Trump to ensure that we never miss a second of his brilliance.  (I bet we could sell it to Kim Jung Un.)
Internet Archive Blogs: “Working with Matroid, a California-based start up specializing in identifying people and objects in images and video, the Internet Archive’s TV News Archive today releases Face-O-Matic, an experimental public service that alerts users via a Slack app whenever the faces of President Donald Trump and congressional leaders appear on major TV news cable channels: CNN, Fox News, MSNBC, and the BBC.  The alerts include hyperlinks to the actual TV news footage on the TV News Archive website, where the viewer can see the appearances in context of the entire broadcast, what comes before and what after.  The new public Slack app, which can be installed on any Slack account by the team’s administrator, marks a milestone in our experiments using machine learning to create prototypes of ways to turn our public, free, searchable library of 1.3 million+ TV news broadcasts into data that will be useful for journalists, researchers, and the public in understanding the messages that bombard all of us day-to-day and even minute-to-minute on TV news broadcasts.  This information could provide a way to quantify “face time”–literally–on TV news broadcasts.  Researchers could use it to show how TV material is recycled online and on social media, and how editorial decisions by networks help set the terms of public debate…”


Colorado will give only “data not shielded by law.”
States bristled but at least 30 will give personal voter data to Trump
Despite criticism from most states about the Trump administration’s request for voters’ personal information, half have said they will deliver some or all of that data to the White House election commission.
   According to the Brennan Center for Justice, which has collected public statements from all 50 states, 17 stateshave agreed to provide the commission with data allowable by state law —that includes Florida, North Carolina and Washington.  Another eight states have indicated they would release the information, if certain conditions are met, primarily paying a fee.
Most, if not all, will withhold Social Security numbers.


An interesting article.  How do we keep AI from repeating the flaws of our biased “intelligence?”
Technology Is Biased Too. How Do We Fix It?
Whether it’s done consciously or subconsciously, racial discrimination continues to have a serious, measurable impact on the choices our society makes about criminal justice, law enforcement, hiring and financial lending.  It might be tempting, then, to feel encouraged as more and more companies and government agencies turn to seemingly dispassionate technologies for help with some of these complicated decisions, which are often influenced by bias.  Rather than relying on human judgment alone, organizations are increasingly asking algorithms to weigh in on questions that have profound social ramifications, like whether to recruit someone for a job, give them a loan, identify them as a suspect in a crime, send them to prison or grant them parole.
But an increasing body of research and criticism suggests that algorithms and artificial intelligence aren’t necessarily a panacea for ending prejudice, and they can have disproportionate impacts on groups that are already socially disadvantaged, particularly people of color.  Instead of offering a workaround for human biases, the tools we designed to help us predict the future may be dooming us to repeat the past by replicating and even amplifying societal inequalities that already exist.


We do this to ourselves, and never correct our mistake.
The Myth and the Cost of Drug Expiration Dates
by on
Investigative research and report by PrpPublica and NPR’s Shots Blog: “Hospitals and pharmacies are required to toss expired drugs, no matter how expensive or vital.  Meanwhile the FDA has long known that many remain safe and potent for years longer…  The dates on drug labels are simply the point up to which the Food and Drug Administration and pharmaceutical companies guarantee their effectiveness, typically at two or three years.  But the dates don’t necessarily mean they’re ineffective immediately after they “expire” — just that there’s no incentive for drugmakers to study whether they could still be usable.  ProPublica has been researching why the U.S. health care system is the most expensive in the world.  One answer, broadly, is waste — some of it buried in practices that the medical establishment and the rest of us take for granted.  We’ve documented how hospitals often discard pricey new supplies, how nursing homes trash valuable medications after patients pass away or move out, and how drug companies create expensive combinations of cheap drugs.  Experts estimate such squandering eats up about $765 billion a year — as much as a quarter of all the country’s health care spending…”


Helping students pick a major/specialization?
In the simplest of terms, computer science is the study of information (“data”) and how it can be manipulated (“algorithms”) to solve problems, mostly in theory but also in practice.
Computer science is not the study of computers, nor does it strictly require the use of computers.  Data and algorithms are possible to compute using pen and paper, which makes “computer science” a misnomer.  Computer science is more akin to mathematics, which is why some now prefer to use the term “informatics” instead.
   Here’s a non-exhaustive list of the most common “types” of computer science you may encounter and what each one specializes in.  As you’ll see, computer science is one of the broadest fields today:
  • Artificial Intelligence — The development of machines that can display cognitive functions like thinking, speaking, reasoning, and solving problems. Incorporates other fields, including linguistics, psychology, and neuroscience. Machine learning is a subset that explores the ability of machines to learn, evolve, and recognize patterns in data on their own.
  • Bioinformatics — The use of computer science to measure, analyze, model, and understand the complexities of biology. Involves the large-scale analysis of data, high-performance computations, data simulations, molecular models, and more.
  • Computational Theory — The study of algorithms and mathematical proofs. Not only concerned with the creation of new algorithms or the improvement of existing algorithms, but also the methods and provability of theorems.
  • Computer Graphics — The study of how data can be manipulated and transformed in a way that’s intuitive for humans to view. Includes topics like photorealistic images, dynamic image generation, 3D modeling and animations, and data visualizations.
  • Game Development — The creation of PC, mobile, and web games for entertainment. Game engines are designed differently from business and research applications, and often involve unique algorithms and data structures optimized for real-time interaction.
  • Networking — The study of distributed computer systems and how communications can be improved within and between networks.
  • Robotics — The creation and development of algorithms used by robotic machines. Includes improvements to robotic kinematics, the interface between robots and humans, environmental interactions, robot-to-robot interactions, virtual agents, etc.
  • Security — The development of algorithms, methods, and software to protect computer systems against intruders, malware, and abuse. Includes cloud and network security, PC security, mobile security, email security, anti-virus software, and cryptography (the study of encryption and decryption).


Might become useful.
Apple launches machine learning research site
Apple just launched a blog focused on machine learning research papers and sharing the company’s findings.  The Apple Machine Learning Journal is a bit empty right now as the company only shared one post about turning synthetic images into realistic ones in order to train neural networks.


Helping my students find current articles?
Google’s new Feed will offer content Google thinks you want to see.  This will be based on your interactions with Google, as well as what’s trending in your area and beyond.  While Google will do most of the heavy lifting, you’ll be able to customize your feed by following certain topics after you’ve searched for them.
Google outlines the thinking behind the Feed in a blog post on The Keyword.  The company states that the Feed is designed to make it “easier than ever to discover, explore and stay connected to what matters to you, even when you don’t have a query in mind”.  And that last part of the sentence is key.
   U.S. readers should be able to access the Feed from today (July 19) just by updating the Google app on Android or on iOS.  It will then roll out internationally over the next couple of weeks.


Our bookstore will hate this.
For books that you have no desire to buy and keep forever, these sites can help.  They offer great rental prices and flexible terms, making them ideal for college students on a budget.


Is there a market for free, ad-sponsored apps?  How about birds, flowers, fish, etc.?
Tree Identification Field Guide
by on
Tree Identification Field Guide (this app has a small fee): “Our illustrated, step-by-step process makes it easy to identify a tree simply by the kinds of leaves it produces.  Begin identifying your tree by choosing the appropriate region…”

Wednesday, July 19, 2017

Be sure to read ALL the documentation, especially that bit about default settings. 
Kelly Sheridan reports:
A data leak at Dow Jones & Co. exposed the personal information of millions of customers after a public cloud configuration error.  This marks the fifth major public cloud leak in the past several months after similar incidents affected Verizon, the WWE, US voter records, and Scottrade.
This mistake compromised millions of customers’ names, account information, physical and email addresses, and last four digits of credit card numbers.  It also affected 1.6 million entries in Dow Jones Risk and Compliance, a collection of databases used by financial companies for compliance with anti-money laundering regulations.
Read more on Dark Reading.
[From the article:  
All of this information was left exposed in an Amazon Web Services S3 bucket, which had its permission settings configured to let any AWS Authenticated User download data using the bucket's URL.  Amazon defines "authenticated user" as anyone who has a free AWS account, meaning the data was available to more than one million users.


Kind of generic warning, unless they know something specific they don’t want to reveal. 
UK Spy Agency Warns of State-sponsored Hackers Targeting Critical Infrastructure
The U.K. Government Communications Headquarters (GCHQ), Britain's secret eavesdropping agency, warns that 'a number of [UK] Industrial Control System engineering and services organisations are likely to have been compromised' following the discovery of 'connections from multiple UK IP addresses to infrastructure associated with advanced state-sponsored hostile threat actors.'
The warning comes from a National Cyber Security Centre (NCSC) memo obtained by Motherboard and confirmed by the BBC.  NCSC is part of the UK's primary cyber intelligence agency, GCHQ.
From the little information available, it doesn't appear as if there are any specifically known compromises -- NCSC might simply be working from the statistical probability that if enough phishing attacks are launched, at least some will inevitably succeed. 


I read this as, “We’re gonna do something as soon as we figure out what that might be.”  Looks like they will reiterate basic security guidelines.  Nothing on “Fake News?” 
Former Clinton and Romney campaign chiefs join forces to fight election hacking
   The bipartisan project aims to develop ways to share key threat information with political campaigns and state and local election offices; create “playbooks” for election officials to improve cybersecurity; and forge strategies for the United States to deter adversaries from engaging in hacks and information operations, among other things. 
   “This project will find practical solutions to help both parties and civic institutions that are critical to our elections better secure themselves.”


Attacking more subtly than with nukes. 
AI Could Revolutionize War as Much as Nukes
In 1899, the world’s most powerful nations signed a treaty at The Hague that banned military use of aircraft, fearing the emerging technology’s destructive power.  Five years later the moratorium was allowed to expire, and before long aircraft were helping to enable the slaughter of World War I.  “Some technologies are so powerful as to be irresistible,” says Greg Allen, a fellow at the Center for New American Security, a non-partisan Washington DC think tank.  “Militaries around the world have essentially come to the same conclusion with respect to artificial intelligence.”
Allen is coauthor of a 132-page new report on the effect of artificial intelligence on national security.
   The report also says that the US should soon be able to significantly expand its powers of attack and defense in cyberwar by automating work like probing and targeting enemy networks or crafting fake information.

(Related).  And zombies!  Don’t forget the zombies! 
Top US general warns against rogue killer robots
The second highest-ranking general in the U.S. military on Tuesday warned lawmakers against equipping the military with autonomous weapons systems that humans could lose control of and advocated for keeping the "ethical rules of war" in place.
   "I don't think it's reasonable for us to put robots in charge of whether or not we take a human life," Selva told the committee.
Peters mentioned that the directive expires later this year, and told Selva that America's enemies would not hesitate to employ such technology.


Social Media as a tool…
How Brands Can Engineer Social Media Content
In the world of social media advertising, the biggest win for firms is when consumers are delighted by the content they see, want to engage with it and eventually buy something.  Kartik Hosanagar, Wharton professor of operations, information and decisions, has co-authored research that takes a closer look at brand posts on Facebook to determine the type and mix of content advertisers should aim for to get results.  The paper, “Advertising Content and Consumer Engagement on Social Media: Evidence from Facebook,” which was co-authored with Dokyun Lee of Carnegie Mellon University and Stanford University’s Harikesh Nair, is forthcoming in the journal Management Science.  Hosanagar recently joined Knowledge@Wharton to discuss his findings.


We knew this, right?
Study: 1 in 4 U.S. Jobs At Risk of Offshoring
Researchers at Muncie, Indiana's Ball State University recently published an illuminating – and concerning – dive into expectations for the future health of the U.S. labor market in a paper titled "How Vulnerable Are American Communities to Automation, Trade and Urbanization?"
The answer: Pretty vulnerable.
Drawing on new and existing research focused on job movement and potential displacement in the U.S., the researchers indicated as many as 25 percent of American jobs could be offshored in the years ahead, at risk of replacement by foreign competition.  And half of all low-skill jobs could eventually be automated, potentially displacing millions of U.S. workers.
   Since the recession that ended in 2009, researchers estimate "half the net establishment growth [or business formation] in the United States … occurred in just 0.64 percent of the more than 3,100 U.S. counties."  [Okay, that I didn’t know.  Bob] 


Interesting.  Perhaps we should change our Presentation course?
Does a presentation’s medium affect its message? PowerPoint, Prezi, and oral presentations
by on
“Despite the prevalence of PowerPoint in professional and educational presentations, surprisingly little is known about how effective such presentations are.  All else being equal, are PowerPoint presentations better than purely oral presentations or those that use alternative software tools?  To address this question we recreated a real-world business scenario in which individuals presented to a corporate board.  Participants (playing the role of the presenter) were randomly assigned to create PowerPoint, Prezi, or oral presentations, and then actually delivered the presentation live to other participants (playing the role of corporate executives).  Across two experiments and on a variety of dimensions, participants evaluated PowerPoint presentations comparably to oral presentations, but evaluated Prezi presentations more favorably than both PowerPoint and oral presentations.  There was some evidence that participants who viewed different types of presentations came to different conclusions about the business scenario, but no evidence that they remembered or comprehended the scenario differently.  We conclude that the observed effects of presentation format are not merely the result of novelty, bias, experimenter-, or software-specific characteristics, but instead reveal a communication preference for using the panning-and-zooming animations that characterize Prezi presentations.”