Thursday, August 30, 2012

Motivational Moment



If life hands you a lemon, don’t complain, but instead make lemonade to sell to those who are thirsty from complaining.

Wally Amos, the man whom many consider to be the father of the gourmet cookie industry, has turned lemons into lemonade so often in his life that in his official portrait he holds a pitcher in one hand and a glass of lemonade in the other. A perennial optimist, Amos refuses to acknowledge that obstacles are anything other than stepping-stones to success. In a career that has spanned several decades, he has made it to the pinnacle of success several times, only to lose everything and be forced to start over. But he’s never lost faith. “You have to have the trust and faith to let go and not agonize,” he says. “Don’t waste your time worrying. Worry is not preparation. Analyze the situation and focus on solutions. There is always an answer

Tuesday, August 28, 2012

2012 Salary and Skills report


Monday, August 27, 2012

60-minute security makeover: Prevent your own 'epic hack'


Got an hour? Here are some ways to better secure your digital life.

By Sharon Machlis

How's this for a digital nightmare? Your Twitter account hijacked; racist and homophobic tweets posted in your name. Your Apple account breached; data wiped from your iPhone, iPad and Mac laptop. Your Gmail password reset by hackers and your Google account deleted.
That's what happened to Wired journalist Mat Honan recently. And while news coverage of his "epic hack" may be easing, you can bet there's an army of would-be imitators who, as you read this, are trying to duplicate that attack.

Honan was somewhat careless (especially having no backups of his wiped data) but also very unlucky. However, now that word of the attack has been widely publicized, it would be wise to try to protect yourself from these now well-known vulnerabilities.
The good news? It won't take long. And while you can't expect to create an impenetrable defense in an hour, you can implement some strategies to harden your own accounts.

Issue: Using public email addresses for account access, password recovery
Threat: It's hard to believe that attackers only needed Honan's email address to kick off the process of hijacking his Twitter and Apple accounts. But the attackers did indeed start with only Honan's Gmail address and billing address (available in many public records) to leverage lax security policies at Amazon and Apple and access his accounts.
Defense: Don't use a publicly known email address for your account login and password-reset contact info. Instead, use one or more separate addresses that you reserve only for this use and not for any other type of communication. This makes it harder for someone who knows your personal or business email address to use that information to gain access to other accounts.
Your ISP likely allows you to add additional email accounts. Alternatively, you can use an email service you trust to create a new account, or you can register your own domain and add a hard-to-guess email address (which you should not use as the contact address for that domain).
Really security conscious? Set up multiple email addresses so you've got different ones per account, or have multiple addresses that forward to one private box. This way, even if one account is breached, it won't help anyone gain access to another by knowing the email address you use there.
Bonus: People trolling for information about you will have less success overall.
Time: Setting up a new address at your ISP or domain: 3-5 minutes. Setting up multiple forwarders to that address: another 3-5 minutes. Changing login/contact/password reset email address: 1-2 minutes per account. Suggestion: It will probably feel less onerous if you change contact addresses the next time you log into each of your accounts, instead of sitting down to do them all at once.

How the "epic hack" went down
1. The attackers followed a link on Mat Honan's Twitter account to his personal website, which listed his Gmail address (mhonan@gmail.com).
2. Entering his Gmail address on Google's password recovery page allowed them to see his alternate email address, partially obscured. They guessed that m****n@me.com stood for mhonan@me.com. Since Me.com is an Apple service (now called iCloud), they knew Honan had an Apple ID.
3. The attackers found Honan's billing address via a whois search on his website's domain name. (That information is also available in many public records.) Using this and his email address for verification with Amazon.com, they social engineered their way into seeing the last four digits of the credit card he had on file.
4. Those four digits were the ticket into Honan's Apple ID account, giving the attackers enough information to convince an AppleCare phone support rep to issue a temporary password to them for the account. They then reset Honan's Apple ID/iCloud password, locking him out.
5. The attackers used the Me.com address they now controlled to change Honan's Google account password, and they used access to his Gmail to change his Twitter password -- after which they deleted his Google account. Meanwhile, they used iCloud's remote wipe service to completely erase Honan's iPhone, iPad and MacBook.
Issue: Having multiple email addresses with same user name
Threat: Using the same prefix -- mhonan@gmail.com and mhonan@me.com -- was one factor that led to hackers knowing Honan's Apple ID user name. (Me.com is an Apple service.) Because they knew his Gmail address, they were able to see a partially blacked-out me.com address on the Google password reset page and guessed the rest.
Defense: It's easy enough to vary your email user names across domains going forward; this makes it less likely that someone can social engineer a password reset for your account. It may be tough to change your email user name on addresses you already use, however.
Time: 5-10 minutes to change an existing address that you're not using much, but significantly more if you have to notify (and perhaps remind) people who know the old address. Best to keep this rule in mind for the private address you're setting up in the step above.

Issue: Using lax Google authentication
Threat: Hackers saw the partial information for Honan's me.com address when entering his Gmail address into Google's password reset page because he hadn't turned on two-step verification. They were also able to reset his Google password after hacking into his Apple account because access to his me.com address was the sole thing anyone needed to change his Google password.
Defense: Turn on Google's two-step verification, which requires entering an additional code sent to your mobile phone before an account password can be changed -- or even for logging in from a new device or browser. Plus, anyone trolling for information won't be able to see even part of your recovery email address. In addition, hacking into your alternate email address wouldn't be enough to change your Google password and seize control of your account. This type of two-factor authentication makes your account safer from other types of hacks as well, such as a compromised password.
While having to enter an additional code sent to your mobile phone may sound onerous, it's a lot less of a hassle than being hacked.
To enable two-step verification, go to the drop-down menu at top right under your email address to get to Account settings, then select Security from the left navigation and click the Edit button next to "2-step verification." Google provides more information on two-step verification here.
Google's two-step verification requires you to enter a special code sent to your mobile phone before you can log into your account from a new device or change your account password.
Time: Enabling two-factor authentication from your browser: 2-3 minutes. Signing in using new authentication with other browsers, devices and mobile apps: 1-2 minutes each. You'll need to do this once every 30 days on each desktop/laptop browser you use with your Google account.

Issue: Storing credit cards at online retailers
Threat: It seems harmless enough to store your credit cards on a site where even if someone breaks into your account, only the last four numbers are visible. But it turned out that the last four digits of the credit card stored in Honan's Amazon account was the last piece of ID hackers needed to breach his Apple account. While it appears that Apple has since suspended this policy and Amazon has changed its credit-card security policies as well, the last four digits of a credit card on file is probably a key piece of identification at other online destinations.
Defense: Don't store credit cards anywhere you don't have to, even if it takes some time to type in the number for each purchase.
Time: Deleting already-stored cards: 2-3 minutes per account.

Issue: Linking your online accounts
Threat: Whenever you've got accounts that are tied together, a breach in one puts others at risk. For example, if you use Facebook, Twitter or your Gmail address to log into other places, a hacker who gets into one account may be able to use it to get into others.
Defense: Be wary about what Honan called "daisy chaining" your accounts -- setting them up so that having access to one gives access to others. And if you are using one account to access others, make sure that account has its own email address and a secure password. This isn't complete protection, just as locking your car doesn't necessarily prevent things inside from being stolen; but it may send lesser-skilled or impatient thieves elsewhere.
Time: Varied: 2-3 minutes to change logins and passwords per account, but it could take more time to update additional apps that depend on such logins.

Issue: Using weak passwords -- or reusing them across accounts
Threat: While this wasn't an issue in Honan's hack, it remains a significant problem as passwords continue to be leaked -- such as the publication of 450,000 Yahoo passwords that were stored in plain text -- or guessed. Once email/password combos are leaked, it's likely that malicious hackers will try them elsewhere.
Defense: We've heard it before, but, like eating our five servings of vegetables daily, many of us still don't follow best practices when creating our passwords. Why? It's just too tough to remember multiple strong passwords, and also annoying to have to type them in -- especially on mobile devices with small on-screen keyboards.
There are various strategies for creating tough passwords -- ones that you can remember but that aren't easily guessed by a human (which means you don't want to use easily learned data about yourself, or "password123") or by a computer in a brute-force attack (words in the dictionary). For example, one approach is to use the initial letters of a long sentence with numbers and punctuation tossed in, such as IwtgttGCfm4b, which one might remember from "I want to go to the Grand Canyon for my 40th birthday."
However, unless you've also got a system for tying a specific sequence to a certain site, this will likely get unwieldy for more than a few passwords.
For lots of sites, it may be helpful to use a multi-platform password manager that can generate, remember and fill in your complex passwords. Just be sure you create an extremely secure master password for that, and never write it down or store it unencrypted.
Time: Downloading, installing and setting up a password manager: 15-20 minutes. Updating existing passwords: 1-2 minutes per site -- something else you may want to do as you naturally visit each site where you have an account, rather than all at once.

Issue: Storing sensitive data on your mobile device
Threat: Hackers can't count on being around if your phone falls out of your pocket, but your mobile device may be even more valuable than your wallet to a thief, and more vulnerable to loss. Imagine what a malicious hacker could do with access to all of your apps and email accounts.
Defense: If your mobile device leaves your home and can access your email, social media, shopping and especially financial accounts, it needs to be PIN- or password-protected. While you may not want to have to type in the complex string of digits, uppercase letters, lowercase letters and punctuation marks you use for financial accounts, you do want more security than a simple screen slide if someone else finds your device.
To set up a lock-screen passcode in iOS, go to Settings --> General --> Passcode Lock. You can find screen-locking options in Android under the Security options in Settings.
Depending on your mobile OS and management software, you might also be able to have data encrypted. In iOS, some data is encrypted once a passcode is enacted; Android 4.0 will add an encryption password if you enable it. Alternately, you can set your device to automatically wipe its data after a maximum number of failed entry attempts.
Time: Setting up a password or PIN on your device: 2-3 minutes. Inputting your password when you want to use your device: less than a minute.

Conclusion
Is it possible to make your email, social media and other online accounts 100% hack-proof? Probably not. But if you've got an hour to invest, you can shore up your defenses so at least you're a tougher target
.

Thursday, August 23, 2012

Home Wi-Fi routers could operate as emergency network, say scientists


Researchers propose disaster 'emergency mode'

By John E Dunn

German researchers have proposed using home Wi-Fi routers as a backup mesh network in the event that cell and phone systems in cities and towns are overwhelmed during emergencies.
In a recently-published paper PDF, Kamill Panitzek and colleagues at the Technical University in Darmstadt in Germany describe how home routers could be linked to one another to form a huge informal backbone for use by fire, police and ambulance services.

Panitzek and his team tested the concept in the centre of Darmstadt by surveying the number, signal strength and location of routers using a sophisticated version of wardriving that was able to fix their coordinates with a high enough degree of accuracy to construct a hypothetical mesh.
The team found 1,971 routers, 212 of which had no encryption applied, and a further that used the obsolete WEP standard.
On the basis of the pattern of routers found, the team calculated that a resilient and sufficiently dense mesh network would be possible if a distance of around 30 metres between nodes was assumed.
One problem was that there were not enough open (i.e unsecured) routers which would require citizens to create an "emergency switch" mode to allow access to the number of nodes needed to create a viable mesh.
Most recent home routers can support such a system without modification as long as they allow for the creation of an open 'guest' network running in parallel to the user's secured Wi-Fi access, that is firewalled from it.
"We found that with a communication range of 30 metres a mesh network could be easily constructed in urban areas like our hometown. The resulting networks showed to be resilient to node failures," Panitzek said in the analysis.
The team accepts that there are some barriers to the idea beyond the mere density of routers available in a particular locality. Would users agree to have an open channel enabled on their routers?
A better idea might be for router makers to introduce an emergency mode into their products that users would know was fully secure, but the prospects of that look remote for now without legislation.
Mesh networks have been a buzz technology for some years and have found commercial applications. Arbua Networks launched a small meshing system for its own access points in 2011. Although a powerful idea, the technology remains on the fringes of development.

Wednesday, August 22, 2012

Motivational Moment



If you have more enemies than friends, the odds are a thousand to one you have earned them.


Abraham Lincoln once observed, “You may fool all the people some of the time; you can even fool some of the people all the time; but you can’t fool all of the people all the time.” Regardless of how cleverly you package yourself, others will eventually see through your masquerade and recognize you for what you really are. As a general rule, people will accept you for what you say you are until you prove yourself to be otherwise. Don’t take advantage of the goodwill of others. Make friends, not enemies.

Tuesday, August 21, 2012

Khan Academy Launches The Future of Computer Science Education


GREGORY FERENSTEIN

salman-khan
As educators struggle to motivate more students to take up technology-related majors, breakout online education startup, Khan Academy, has a novel approach.  ”Computer Science is an intensely creative field,” says Shantanu Sinha, President of Khan Academy, which gave TechCrunch an exclusive look at their brand new education portal that teaches Computer Science fundamentals through interactive drawing. “We really wanted to focus on creating something that could inspire young children, and get them excited and motivated to explore CS further.” The portal’s interactive design is a major evolutionary step for a website that has since been almost entirely based on YouTube lectures (with over 178 million views). I rarely get excited about online education, which often just recycles our antiquated education system into a digital format, but the new Khan Academy Computer Science project is beyond impressive.
The Scope
The new Computer Science site focuses on the critical early adolescent years, where children broaden (or narrow) their interests and identity before high school. The lessons don’t get much more complicated than basic algebra, and how these intuitive mathematical concepts can create powerful artistic, video game, and website experiences. “We wanted to create something that could get anyone with minimal knowledge of Computer Science really excited by the field–no matter what their age or situation,” says Sinha. One of the most advanced lessons, for instance, is a replication of Pac-Man (i.e. a circle eating other smaller circles) and stops short of a university-level Computer Science course.
Design and Pedagogy
The heart of the design places a simplified, interactive text editor that sits adjacent to the code’s drawing output, which updates in real time as students explore how different variables and numbers change the size, shapes, and colors of their new creation. An optional video guides students through the lesson, step-by-step, and, most importantly, can be paused at any point so that they can tinker with the drawing as curiosity and confusion arise during the process.
This part is key: learning is contextual and idiosyncratic; students better absorb new material if they can learn at their own pace and see the result of different options in realtime.
The pedagogy fits squarely into what educators called “scaffolded problem-based learning” [PDF]; students solve real-life problems and are encouraged to explore, but are guided by a teacher along the way, who can point out novel ways of accomplishing the task. Scaffolded learning acknowledges that real-life problems always have more than one path to a solution, that students learn best by doing, and that curiosity should drive exploration. This last point is perhaps the most important, since one of the primary barriers to boosting science-related college majors is a lack of interest.
Combined with their new textbook-replacing iPad app and their ongoing experiments in schools, this new Computer Science platform gives Sal Khan one very realistic step forward towards his vision of creating an interactive, personalized education system.
We encourage our readers to come see Khan speak at our annual conference, Disrupt SF, September 10-12.

Wednesday, August 15, 2012

Monday, August 06, 2012

NASA's '7 minutes of terror' results in success


NASA's latest Mars mission ended in triumph early Monday Michigan time, as the Mars Science Laboratory executed its complex flight control software for a successful touchdown on the Red Planet. The car-sized, one-ton rover combined a heat shield, a huge parachute, and touchdown rockets worthy of 1950s sci-fi to land without a hitch. "We are wheels down on Mars," came the word from the California Institute of Technology'sJet Propulsion Laboratory as engineers saw the first grainy image beamed directly back from the rover -- showing one of its wheels on the Martian surface. More. (And speaking of Mars, India is planning a satellite mission there.)

Giant robots and open source


Gibbs wants a giant Japanese robot for Christmas and finds a great FOSS repository.

By Mark Gibbs
I know why you're excited this week ... you've seen the "Kuratas", a 13 foot tall, 9,900-pound robot you can ride in at speeds of up to 6 miles per hour and which is equipped with a water bottle cannon and Gatling guns that can fire 6,000 BBs per minute (the operator can fire the armaments just by smiling ... no, really, watch the video).
13 foot tall Kuratas robot from Suidobashi Heavy IndustryThe Kuratas robot, built by Japanese artist Kogoro Kurata and marketed by Suidobashi Heavy Industry, can be controlled by the onboard operator, a remote control device, or a smartphone and runs V-Sido, a "next generation robot OS".
A Kuratas complete with custom paint job can be yours (according to Gizmag) for only $1,523,500. Order early for your next trade show to avoid disappointment. (Kuratas, of course, gets a Gearhead rating of 5 out of 5. How could I not rate it like that when I want to find one under my Christmas tree ... of course, that's going to be a Christmas tree of epic proportions.)
So, on to more prosaic topics ...
Do you use Open Source Software (OSS)? If you do you are probably aware of the various types of OSS licenses and terms in those licenses that your organization needs to be able to square away with organizational policies and industry regulations.
But which OSS packages do you use?
That's actually not a simple question because many commercial software products use OSS in subsystems you may not be aware of. So, to ensure your organization is in compliance with legal requirements you first need to know which OSS packages you are really using and that is not an easy thing to do
I should say that wasn't an easy thing to do because OpenLogic, a company that provides open source support, scanning, provisioning and governance solutions for enterprises, provides a free, open source tool called OSS Discovery Audit Edition you can use to scan for embedded open source software packages.
OSS Discovery Audit Edition can recognize over 330,000 open source packages and is available for Linux, Solaris, Windows, OS X and FreeBSD.
And in case you're not completely up to date on issues of using OSS and/or distributing software that uses OSS, OpenLogic has a useful e-book to help you understand the issues: "Guide to Adopting and Distributing Open Source Software".
OpenLogic' OSS Discovery Audit Edition gets a Gearhead rating of 5 out of 5.
If you're researching open source software another useful resource is ohloh, "a free, public directory of Free and Open Source Software and the contributors who create and maintain it" run by Black Duck Software.
The Ohloh index "is editable by everyone, like a wiki" but it is "not a forge — it does not host projects and code. Ohloh is a directory, a community, and analytics and search services. By connecting to project source code repositories, analyzing both the code's history and ongoing updates, and attributing those updates to specific contributors, Ohloh can provide reports about the composition and activity of project code bases, and aggregate this data to track the changing demographics of the FOSS world."
Ohloh also offers Ohloh Code, a free, publicly available code search services that indexes "most of the projects in Ohloh." This service allows you to search for any text within files and file names or for strings specifically included in classes, functions, interfaces, methods, structures, or files.
Ohloh recently announced that the data derived from its huge code repository (FOSS project activity metrics) is now licensed under the Creative Commons Attribution 3.0 Unported License and is accessible via an API.
Ohloh and Ohloh Code get a Gearhead rating of 5 out of 5.

Wednesday, August 01, 2012

Motivational Moment



Your mental attitude determines what sort of friends you attract.



If you want to be a positive, successful person, be sure you choose your friends carefully. Positive friends and role models will have a positive effect upon you, while negative friends will soon kill your initiative. Do not allow yourself to be lulled into complacency by the masses who believe mediocrity is an acceptable alternative. Focus on the possibilities for success, not the potential for failure. When you doubt yourself, talk the situation over with a positive, supportive friend. Everyone needs a boost now and again; make sure your friends are positive, success-oriented people who always build you up, not negative thinkers who always seem to find a way to tear you down.