This is what Daffy Duck would describe as “dethpicable.” Absolutely deplorable.

We can now read emails exchanged last year between Don Trump Jr. (the president’s son) and Rob Goldstein, an intermediary with Russia. According to Mr. Trump, who released the emails today, the point of the discussion was the Magnitsky Act, which related to sanctions placed on Russian officials by the U.S. Congress in 2012.

Repealing the act and lifting its sanctions is widely known to be a high priority for the Russian government. The only plausible reason why Russian agents would want to discuss the Magnitsky Act with the Trump campaign, during the election, would be to lobby for repeating the act.

You can read and download the whole email exchange here (released by Mr. Trump). The very earliest messages in the thread had Mr. Goldstein saying, quite explicitly, that the meeting’s purpose was to reveal allegedly incriminating information about Hillary Clinton, for the purposes for helping Donald Trump’s campaign. And, “This is obviously very high level and sensitive information but is part of Russia and its government’s support for Mr. Trump.”

Don Trump Jr. did not push back on or question Mr. Goldstein’s assertion that the Russian government was actively seeking to help his father. In fact, he said, “… if it’s what you say I love it.”

Meanwhile, President Donald Trump continues to insist that any connection between his campaign and the Russian government is “fake news.” Despicable.

General Erich Ludendorff, one of the top German generals during World War I, was a prominent character in the recent “Wonder Woman” movie. In the movie, General Ludendorff was killed by Diana Prince. In reality, the general survived the war, helped Adolf Hitler with his “Beer Hall Putsch,” ran for president of Germany in 1925, fell out of favor, and died in 1937.

I have a “2 degrees of separation” link to the general. My father-in-law, Joe, served in the Royal Navy during World War II. Quoting from Joe’s memoir, he wrote about early 1945:

… I joined a sloop HMS “Alacrity” at Dumbarton, where she was built at Denny’s yard. A Sloop was a small anti-submarine convoy escort vessel. We did our running-in trials in the Scottish Western Isles. At Mull, there were about 6 or 7 ships and we had an intership walking race, 10 miles, from Tobermory to Salen. I came in second, wearing out a pair of boots in the process. We were taken back to Tobermory in the yacht “Philante”, which had once belonged to a German general (von Ludendorff, I think). In the Atlantic we made contact with a U-Boat (U 764) and depth-charged it until it came to the surface. With our guns trained on it, we escorted it up to Loch Eriboll in the North of Scotland.

There’s my two degrees: Alan -> Joe -> Ludendorff’s yacht -> Ludendorff.

About that unterseeboot

According to the Wikipedia,

U-764 surrendered on 14 May 1945 at Loch Eriboll, Scotland. She was sunk as a target in position 56°06′N 09°00′W as part of Operation Deadlight on 2 February 1946.

Here’s my father-in-law’s picture of U-764:

 

It’s almost painful to see an issue of SD Times without my name printed in the masthead. From Editor-in-Chief to Editorial Director to Founding Editor to… nothing. However, it’s all good!

My company, BZ Media, is selling our flagship print publication, SD Times, to a startup, D2 Emerge LLC. The deal shall formally close in a few weeks. If you’ve been following SD Times, you’ll recognize the two principals of the startup, David Lyman and David Rubinstein. (Thus, the “D2” part of the name.)

BZ Media co-founder Ted Bahr and I wish David, and David, and SD Times, and its staff, readers, and advertisers, nothing but success. (I retired from BZ Media mid-2013, becoming a silent partner with no involvement in day-to-day operations.)

D2 Emerge is ready to roll. Here’s what David Rubinstein wrote in the July 2017 issue (download it here):

The Times, it is a-changin’

There’s a saying that goes ‘when one chapter closes, another one begins.’

This issue of SD Times marks the close of the BZ Media chapter of this publication’s history and opens the chapter on D2 Emerge LLC, a new-age publishing and marketing company founded by two long-time members of the SD Times team: the publisher, David Lyman, and the editor-in-chief … me!

We will work hard to maintain the quality of SD Times and build on the solid foundation that has been built over the past 17 years. Wherever we go, we hear from readers who tell us they look forward to each issue, and they say they’re learning about things they didn’t know they needed to know. And we’re proud of that.

The accolades are certainly nice — and always welcome. Yet, there is nothing more important to us than the stories we tell. Whether putting a spotlight on new trends in the industry and analyzing what they mean, profiling the amazing, brilliant people behind the innovation in our industry, or helping software providers tell their unique stories to the industry, our mission is to inform, enlighten and even entertain.

But, as much as things will stay the same, there will be some changes. We will look to introduce you to different voices and perspectives from the industry, inviting subject matter experts to share their knowledge and vision of changes in our industry. The exchange of ideas and free flow of information are the bedrock of our publishing philosophy.

We will somewhat broaden the scope of our coverage to include topics that might once have been thought of as ancillary to software development but are now important areas for you to follow as silos explode and walls come tumbling down in IT shops around the world.

We will work to improve our already excellent digital offerings by bettering the user experience and the way in which we deliver content to you. So, whether you’re reading SD Times on a desktop at work, or on a tablet at a coffee shop, or even on your cellphone at the beach, we want you have the same wonderful experience.

For our advertisers, we will help guide you toward the best way to reach our readers, whether through white papers, webinars, or strategic ad placement across our platforms. And, we will look

to add to an already robust list of services we can provide to help you tailor your messages in a way that best suits our readers.

BZ Media was a traditional publishing company, with a print-first attitude (only because there weren’t any viable digital platforms back in 2000). D2 Emerge offers an opportunity to strike the right balance between a digital-first posture and all that is good about print publishing.

I would be remiss if I didn’t acknowledge BZ Media founders Ted Bahr and Alan Zeichick, who took a cynical, grizzled daily newspaperman and turned him into a cynical, grizzled technology editor. But as I often say, covering this space is never dull. Years ago, I covered sports for a few newspapers, and after a while, I saw that I had basically seen every outcome there was: A walk-off home run, a last-second touchdown, a five-goal hockey game. The only thing that seemed to change were the players. Sure, once in a while a once-in-a-lifetime player comes along, and we all enjoy his feats. But mostly sports do not change.

Technology, on the other hand, changes at breakneck speed. As we worked to acquire SD Times, I had a chance to look back at the first issues we published, and realized just how far we’ve come. Who could have known in 2000, when we were writing about messaging middleware and Enterprise JavaBeans that one day we’d be writing about microservices architectures and augmented reality?

Back then, we covered companies such as Sun Microsystems, Metrowerks, IONA, Rational Software, BEA Systems, Allaire Corp, Bluestone Software and many more that were either acquired or couldn’t keep up with changes in the industry.

The big news at the JavaOne conference in 2000 was extreme clustering of multiple JVMs on a single server, while elsewhere, the creation of an XML Signature specification looked to unify authentication, and Corel Corp. was looking for cash to stay alive after a proposed merger with Borland Corp. (then Inprise) fell apart.

So now, we’re excited to begin the next chapter in the storied (pardon the pun) history of SD Times, and we’re glad you’re coming along with us as OUR story unfolds.

Here are a few excerpts from one of the most important articles on leadership ever published.Management Time: Who’s Got the Monkey?,” from Harvard Business Review in 1974, equally applies to the business and non-profit worlds.

The premise of the article, by William Oncken Jr. and Donald L. Wass, is that leaders too often take over responsibility for tasks that should be owned by their employees or volunteers. The authors refer to this as “subordinate-imposed time.” This not only harms the organization, but overloads the leaders. The manager’s objective should be to guide, to mentor, to advise, to set objectives, to define success, to help secure resources – but not take on the work!

What’s essential to remember is that the task — the monkey — can only be on one person’s back at a time. Should it be on yours? (Or as I put it when doing management training, should the ball be in your court, or in someone else’s court?)

Excerpt 1: A common scenario

Let us imagine that a manager is walking down the hall and that he notices one of his subordinates, Jones, coming his way. When the two meet, Jones greets the manager with, “Good morning. By the way, we’ve got a problem. You see….” As Jones continues, the manager recognizes in this problem the two characteristics common to all the problems his subordinates gratuitously bring to his attention. Namely, the manager knows (a) enough to get involved, but (b) not enough to make the on-the-spot decision expected of him. Eventually, the manager says, “So glad you brought this up. I’m in a rush right now. Meanwhile, let me think about it, and I’ll let you know.” Then he and Jones part company.

Let us analyze what just happened. Before the two of them met, on whose back was the “monkey”? The subordinate’s. After they parted, on whose back was it? The manager’s. Subordinate-imposed time begins the moment a monkey successfully leaps from the back of a subordinate to the back of his or her superior and does not end until the monkey is returned to its proper owner for care and feeding. In accepting the monkey, the manager has voluntarily assumed a position subordinate to his subordinate. That is, he has allowed Jones to make him her subordinate by doing two things a subordinate is generally expected to do for a boss—the manager has accepted a responsibility from his subordinate, and the manager has promised her a progress report.

The subordinate, to make sure the manager does not miss this point, will later stick her head in the manager’s office and cheerily query, “How’s it coming?” (This is called supervision.)

Excerpt 2: Who owns the initiative?

What we have been driving at in this monkey-on-the-back analogy is that managers can transfer initiative back to their subordinates and keep it there. We have tried to highlight a truism as obvious as it is subtle: namely, before developing initiative in subordinates, the manager must see to it that they have the initiative. Once the manager takes it back, he will no longer have it and he can kiss his discretionary time good-bye. It will all revert to subordinate-imposed time.

It’s not a long article. Read it!

“The wheels on the Prius go flop flop flop….”

Sunday’s travels in our trusty 2005 Toyota Prius were marred only by a flat tire. I wish to share two hard-earned bits of wisdom with other Prius owners, and potentially with owners of other front-wheel drive vehicles.

1. Don’t trust the included tire-changing jack.

The crappy screw jack included with the Prius is useless. Literally. With the car on level ground, and with the parking brake set, the jack quickly tilted — and the car fell off the jack. Yes, the jack was set at the correct life point. On a second attempt, the car would have fallen again if we didn’t let it down quickly. In any case, the jack was extremely difficult to turn.

Fortunately, someone gave us a ride to an auto-parts store, where we purchased an inexpensive hydraulic floor jack. That made quick work of the task, and the new jack will live in back of the car from now on. If you have a flimsy screw jack with your car, you may wish to upgrade to something more solid.

2. Don’t put compact spares onto the front.

The flat was the front driver corner. Once the car was jacked up, it only took a few minutes to mount the compact donut spare. However, the car simply wouldn’t drive properly — the vehicle not only pulled to the left, but there were error lights flashing on the screen. Even with the pedal to the metal, the vehicle wouldn’t go over 30 mph, slowing to 15 mph going uphill. Uh oh!

Thinking the problem through, we realized that the donut was throwing off the traction control system (which can’t be switched off with that model year). So we pulled over, swapped the donut to the rear, and put the rear’s full-size wheel/tire on front. (Thank you, hydraulic jack!) The car immediately drove correctly, plenty of pep, no pulling, and no error lights. The lesson: On front-wheel drive cars, always put the donut on the rear, even if that makes the wheel-changing process a bit more complicated.

Note: There is nothing written about optimal placement of the compact spare in the car’s owners manual. So consider yourself advised on both fronts.

The good news is that we made it home just fine. The bad news is the tire has a cracked sidewall. Time to go tire shopping!

Everyone loves bugs — at least, everyone loves beautiful bugs. Right? Here are a few photographed in Phoenix over the past couple of days. The desert here is full of life, from insects to birds to reptiles to plants.

Sure, the temperatures may be hot. The forecast is for 117° F next week (47° C) but never forget, it’s a dry heat. I’d rather be in Phoenix at 117° than, say, Houston or Miami at 95°.

Twenty years ago, my friend Philippe Kahn introduced the first camera-phone. You may know Philippe as the founder of Borland, and as an entrepreneur who has started many companies, and who has accomplished many things. He’s also a sailor, jazz musician, and, well, a fun guy to hang out with.

About camera phones: At first, I was a skeptic. Twenty years ago I was still shooting film, and then made the transition to digital SLR platforms. Today, I shoot with big Canon DSLRs for birding and general stuff, Leica digital rangefinders when want to be artistic, and with pocket-sized digital cameras when I travel. Yet most of my pictures, especially those posted to social media, come from the built-in camera in my smartphone.

Philippe has blogged about this special anniversary – which also marks the birth of his daughter Sophie. To excerpt from his post, The Creation of the Camera-Phone and Instant-Picture-Mail:

Twenty years ago on June 11th 1997, I shared instantly the first camera-phone photo of the birth of my daughter Sophie. Today she is a university student and over 2 trillion photos will be instantly shared this year alone. Every smartphone is a camera-phone. Here is how it all happened in 1997, when the web was only 4 years old and cellular phones were analog with ultra limited wireless bandwidth.

First step 1996/1997: Building the server service infrastructure: For a whole year before June 1997 I had been working on a web/notification system that was capable of uploading a picture and text annotations securely and reliably and sending link-backs through email notifications to a stored list on a server and allowing list members to comment.

Remember it was 1996/97, the web was very young and nothing like this existed. The server architecture that I had designed and deployed is in general the blueprint for all social media today: Store once, broadcast notifications and let people link back on demand and comment. That’s how Instagram, Twitter, Facebook, LinkedIn and many others are function. In 1997 this architecture was key to scalability because bandwidth was limited and it was prohibitive, for example, to send the same picture to 500 friends. Today the same architecture is essential because while there is bandwidth, we are working with millions of views and potential viral phenomena. Therefore the same smart “frugal architecture” makes sense. I called this “Instant-Picture-Mail” at the time.

He adds:

What about other claims of inventions: Many companies put photo-sensors in phones or wireless modules in cameras, including Kodak, Polaroid, Motorola. None of them understood that the success of the camera-phone is all about instantly sharing pictures with the cloud-based Instant-Picture-Mail software/server/service-infrastructure. In fact, it’s even amusing to think that none of these projects was interesting enough that anyone has kept shared pictures. You’d think that if you’d created something new and exciting like the camera-phone you’d share a picture or two or at least keep some!

Read more about the fascinating story here — he goes into a lot of technical detail. Thank you, Philippe, for your amazing invention!

Hacking can kill. To take the most obvious example, take ransomware. One might argue that hackers demanding about US$300 (£230) to unlock some files is simply petty crime – unless those files were crucial to hospitals. If doctors can’t access medical files because of the WannaCry ransomware, or must postpone surgery, people can die.

It gets worse: Two Indian Air Force pilots are dead, possibly because of a cyberattack on their Sukhoi 30 fighter jet. According to the Economic Times of India,

Squadron leader D Pankaj and Flight Lieutenant S Achudev, the pilots of the Su-30 aircraft, had sustained fatal injuries when the aircraft crashed approximately 60 km from Tezpur Airbase on May 23. A court of Inquiry has already been ordered to investigate the cause of the accident.

According to defence spokesperson S Ghosh, analysis of the Flight Data Recorder of the aircraft and certain other articles recovered from the crash site revealed that the pilots could not initiate ejection before crash. The wreckage of the aircraft was located on May 26.

What does that have to do with hackers? Well, the aircraft was flying close to India’s border with China, and according to reports, the Sukhoi’s two pilots were possibly victims of cyberwarfare. Says the Indian Defense News,

Analysts based in the vicinity of New York and St Petersburg warn that the loss, days ago, of an advanced and mechanically certified as safe, Sukhoi 30 fighter aircraft, close to the border with China may be the result of “cyber-interference with the onboard computers” in the cockpit. This may explain why even the pilots may have found it difficult to activate safety ejection mechanisms, once it became obvious that the aircraft was in serious trouble, as such mechanisms too could have been crippled by computer malfunctions induced from an outside source.

Trouble in the Middle East

The political situation going on this week in Qatar might lead to a shooting war. In mid-May, stories were published on the Qatar News Agency that outraged its Arab neighbors. According to CNN,

The Qatari government has said a May 23 news report on its Qatar News Agency attributed false remarks to the nation’s ruler that appeared friendly to Iran and Israel and questioned whether President Donald Trump would last in office.

Soon thereafter, three Arab countries cut off ties and boycotted the country, which borders Saudi Arabia on the Persian Gulf. It’s now believed that those stories were “fake news” planted by hackers. Were they state-sponsored agents? It’s too soon to tell. However, given how quickly Bahrain, Saudi Arabia, and the United Arab Emirates reacted — and given how hard Saudi Arabia is fighting in Yemen — this is troubling. Could keystrokes from hackers lead to the drumbeat of war?

As a possibly related follow-up, Qatar-based Al-Jazeera reported on June 8 it was under cyberattack:

The websites and digital platforms of Al Jazeera Media Network are undergoing systematic and continual hacking attempts.

These attempts are gaining intensity and taking various forms. However, the platforms have not been compromised.

In the First World War, the feared new weapon was the unstoppable main battle tank. In the Second World War, it was the powerful aircraft carrier. During the Cold War, we worried about ICBMs raining destruction from the skies. Today… it’s cyberwarfare that keeps us awake at night. Sadly, we can’t hide under our desks in the event of a malware attack.

March 2003: The U.S. International Trade Commission released a 32-page paper called, “Protecting U.S. Intellectual Property Rights and the Challenge of Digital Piracy.” The authors, Christopher Johnson and Daniel J. Walworth, cited an article I wrote for the Red Herring in 1999.

Here’s the abstract of the ITC’s paper:

ABSTRACT: According to U.S. industry and government officials, intellectual property rights (IPR) infringement has reached critical levels in the United States as well as abroad. The speed and ease with which the duplication of products protected by IPR can occur has created an urgent need for industries and governments alike to address the protection of IPR in order to keep markets open to trade in the affected goods. Copyrighted products such as software, movies, music and video recordings, and other media products have been particularly affected by inadequate IPR protection. New tools, such as writable compact discs (CDs) and, of course, the Internet have made duplication not only effortless and low-cost, but anonymous as well. This paper discusses the merits of IPR protection and its importance to the U.S. economy. It then provides background on various technical, legal, and trade policy methods that have been employed to control the infringement of IPR domestically and internationally. This is followed by an analysis of current and future challenges facing U.S. industry with regard to IPR protection, particularly the challenges presented by the Internet and digital piracy.

Here’s where they cited yours truly:

To improve upon the basic encryption strategy, several methods have evolved that fall under the classification of “watermarks” and “digital fingerprints” (also known as steganography). Watermarks have been considered extensively by record labels in order to protect their content.44 However, some argue that “watermarking” is better suited to tracking content than it is to protecting against reproduction. This technology is based on a set of rules embedded in the content itself that define the conditions under which one can legally access the data. For example, a digital music file can be manipulated to have a secret pattern of noise, undetectable to the ear, but recorded such that different versions of the file distributed along different channels can be uniquely identified.45 Unlike encryption, which scrambles a file unless someone has a ‘key’ to unlock the process, watermarking does not intrinsically prevent use of a file. Instead it requires a player–a DVD machine or MP3 player, for example–to have instructions built in that can read watermarks and accept only correctly marked files.”46

Reference 45 goes to

Alan Zeichick, “Digital Watermarks Explained,” Red Herring, Dec. 1999

Another paper that referenced that Red Herring article is “Information Technology and the Increasing Efficacy of Non-Legal Sanctions in Financing Transactions.” It was written by Ronald J. Mann of the the University of Michigan Law School.

Sadly, my digital watermarks article is no longer available online.

According to a depressing story in Harvard Business Review, venture capitalists consider female entrepreneurs to be quite different than males. The perceived difference is not good. According to the May 17, 2017, story, “We Recorded VCs’ Conversations and Analyzed How Differently They Talk About Female Entrepreneurs”:

Aside from a few exceptions, the financiers rhetorically produce stereotypical images of women as having qualities opposite to those considered important to being an entrepreneur, with VCs questioning their credibility, trustworthiness, experience, and knowledge.

This research was done in Sweden in 2009-2010, and used transcribed discussions by a diverse panel of VCs considering 125 venture applications. The story continues,

Men were characterized as having entrepreneurial potential, while the entrepreneurial potential for women was diminished. Many of the young men and women were described as being young, though youth for men was viewed as promising, while young women were considered inexperienced. Men were praised for being viewed as aggressive or arrogant, while women’s experience and excitement were tempered by discussions of their emotional shortcomings. Similarly, cautiousness was viewed very differently depending on the gender of the entrepreneur.

The results were what you would expect:

Women entrepreneurs were only awarded, on average, 25% of the applied-for amount, whereas men received, on average, 52% of what they asked for. Women were also denied financing to a greater extent than men, with close to 53% of women having their applications dismissed, compared with 38% of men.

Read the HBR paper, you’ll be unhappy with what you see. Credit for the research goes to Malin Malmstrom, professor of Entrepreneurship and Innovation at Luleå University of Technology; Jeaneth Johansson, professor of Accounting and Control at Halmstad University and Luleå University of Technology; and Joakim Wincent, professor of Entrepreneurship and Innovation at Luleå University of Technology and Hanken School of Economics.

From eWeek’s story, “Proposed Laptop Travel Ban Would Wreak Havoc on Business Travelers,” by Wayne Rash:

A current proposal from the Department of Homeland Security to mandate that large electronic devices be relegated to checked luggage is facing stiff resistance from airlines and business travelers.

Under the proposal, travelers with electronic devices larger than a cell phone would be required to carry them as checked luggage. Depending on the airline, those devices may either be placed in each passenger’s luggage, or the airline may offer secure containers at the gate.

While the proposed ban is still in the proposal stage, it could go into effect at any time. U.S. officials have begun meeting with European Union representatives in Brussels on May 17, and will continue their meetings in Washington the following week.

The proposed ban is similar to one that began in March that prohibited laptops and other large electronics from passenger cabins between certain airports in the Middle East and North Africa.

That ban has resulted in a significant reduction in travel between those countries and the U.S., according to a report by Emirates Airlines. That airline has already cut back on its flights to the U.S. because of the laptop ban.

The new laptop ban would work like the current one from the Middle East, except that it would affect all flights from Europe to the U.S.

The ban raises a series of concerns that so far have not been addressed by the Department of Homeland Security, most notably large lithium-ion batteries that are currently not allowed in cargo holds by many airlines because of their propensity to catch fire.

The story continues going into detail about the pros and cons – and includes some thoughtful analysis by yours truly.

Our beautiful little echinopsis has a second flower. Here you can see it opening wide over a 22-hour period. Sad to think that it’s nearly finished. Thursday or Friday the closed-up blossom will drop off the cactus.

Tuesday, 5:20pm

Tuesday, 6:37pm

Wednesday, 7:10pm

Wednesday, noon.

Wednesday, 3:10pm

In the United States, Sunday, May 14, is Mother’s Day. (Mothering Sunday was March 27 this year in the United Kingdom.) This is a good time to reflect on the status of women of all marital status and family situations in information technology. The results continue to disappoint.

According to the Unites States Department of Labor, 57.2% of all women participate in the labor force in the United States. 46.9% of the people employed in all occupations are women. So far, so good. Yet when it comes to information technology, women lag far, far behind. Based on 2014 stats:

  • Web developers – 35.2% women
  • Computer systems analysts – 34.2% women
  • Database administrators – 28.0%
  • Computer and information systems managers – 26.7%
  • Computer support specialists – 26.6%
  • Computer programmers – 21.4%
  • Software developers, applications and systems software – 19.8%
  • Network and computer systems administrators – 19.1%
  • Information security analysts – 18.1%
  • Computer network architects – 12.4%

The job area with the highest projected growth rate over the next few years will be information security analysts, says Labor. A question is, will women continue to be underrepresented in this high-paying, fast-growing field? Or will the demand for analysts provide new opportunities for women to enter into the security profession? Impossible to say, really.

The U.S. Equal Employment Opportunity Commission (EEOC) shows that the biggest high tech companies lag behind in diversity. That’s something that anyone working in Silicon Valley can sense intuitively, in large part due to the bro culture (and brogrammer culture) there. Says the EEOC’s extensive report, “Diversity in High Tech,”

Modern manufacturing requires a computer literate worker capable of dealing with highly specialized machines and tools that require advanced skills (STEM Education Coalition).

However, other sources note that stereotyping and bias, often implicit and unconscious, has led to underutilization of the available workforce. The result is an overwhelming dominance of white men and scant participation of African Americans and other racial minorities, Hispanics, and women in STEM and high tech related occupations. The Athena Factor: Reversing the Brain Drain in Science, Engineering, and Technology, published data in 2008 showing that while the female talent pipeline in STEM was surprisingly robust, women were dropping out of the field large numbers. Other accounts emphasize the importance of stereotypes and implicit bias in limiting the perceived labor pool (see discussion below).

Moughari et al., 2012 noted that men comprise at least 70 percent of graduates in engineering, mathematics, and computer science, while women dominate in the lower paying fields. Others point out that in this is not uniformly the case in all science and math occupations and that, while underrepresented among those educated for the industry, women and minorities are more underrepresented among those actually employed in the industry. It has been shown, for example, that men are twice as likely as women to be hired for a job in mathematics when the only difference between candidates is gender.

and

Women account for relatively small percentages of degree recipients in certain STEM fields: only 18.5 percent of bachelor’s degrees in engineering went to women in 2008.

Women Heading for the Exit

The EEOC report is very discouraging in its section on Existing Tech & Related Fields:

Over time, over half of highly qualified women working in science, engineering and technology companies quit their jobs. In 2013, just 26 percent of computing jobs in the U.S. were held by women, down from 35 percent in 1990, according to a study by the American Association of University Women. Although 80 percent of U.S. women working in STEM fields say they love their work, 32 percent also say they feel stalled and are likely to quit within a year. Research by The Center for Work-Life Policy shows that 41 percent of qualified scientists, engineers and technologists are women at the lower rungs of corporate ladders but more than half quit their jobs.

This loss appears attributable to the following: 1) inhospitable work cultures; 2) isolation; 3) conflict between women’s preferred work rhythms and the “firefighting” work style generally rewarded; 4) long hours and travel schedules conflict with women’s heavy household management workload; and 5) women’s lack of advancement in the professions and corporate ladders. If corporate initiatives to stem the brain drain reduced attrition by just 25 percent, there would be 220,000 additional highly qualified female STEM workers.

Based on a survey and in-depth interviews of female scientists, the report observes:

  • Two-thirds of women report having to prove themselves over and over; their success discounted and their expertise questioned.
  • Three-fourths of Black women reported this phenomenon.
  • Thirty-four percent reported pressure to play a traditionally feminine role, including 41 percent of Asian women.
  • Fifty-three percent reported backlash from speaking their minds directly or being outspoken or decisive.
  • Women, particularly Black and Latina women, are seen as angry when they fail to conform to female stereotypes
  • Almost two thirds of women with children say their commitment and competence were questioned and opportunities decreased after having children.

The EEOC report adds that in tech, only 20.44% of executives, senior officials and managers are women – compared to 28.81% in all private industries in the U.S. Women certainly are succeeding in tech, and there are some high-profile women executives in the field —think Meg Whitman at HP, Marissa Mayer at Yahoo (now heading for the exit herself with a huge payout), Sheryl Sandberg at Facebook, Susan Wojcicki at YouTube, Virginia Rometty at IBM, Safra Catz at Oracle, and Ursula Burns at Xerox. That’s still a very short list. The opportunities for and presence of women in tech remain sadly underwhelming.

To those who run or serve on corporate, local government or non-profit boards:

Your board members are at risk, and this places your organizations at risk. Your board members could be targeted by spearphishing (that is, directed personalized attacks) or other hacking because

  • They are often not technologically sophisticated
  • They have access to valuable information
  • If they are breached, you may not know
  • Their email accounts and devices are not locked down using the enterprise-grade cybersecurity technology used to protect employees

In other words, they have a lot of the same information and access as executive employees, but don’t share in their protections. Even if you give them a corporate email address, their laptops, desktops, phone, and tablets are not covered by your IT cybersecurity systems.

Here’s an overview article I read today. It’s a bit vague but it does raise the alarm (and prompted this post). For the sake of the organization, it might be worth spending some small time at a board meeting on this topic, to raise the issue. But that’s not enough.

What can you do, beyond raising the issue?

  • Provide offline resources and training to board members about how to protect themselves from spearphishing
  • Teach them to use unique strong passwords on all their devices
  • Encourage them to use anti-malware solutions on their devices
  • Provide resources for them to call if they suspect they’ve been hacked

Perhaps your IT provider can prepare a presentation, and make themselves available to assist. Consider this issue in the same light as board liability insurance: Protecting your board members is the good for the organization.

In 2016, Carnival Cruises was alleged to have laid off its entire 200-person IT department – and forced its workers to train foreign replacements. The same year, about 80 IT workers at the University of California San Francisco were laid off, and forced to trained replacements, lower-paid tech workers from an Indian outsourcing firm. And according to the Daily Mail:

Walt Disney Parks and Resorts is being sued by 30 former IT staff from its Florida offices who claim they were unfairly replaced by foreign workers— but only after being forced to train them up.

The suit, filed Monday in an Orlando court, alleges that Disney laid off 250 of its US IT staff because it wanted to replace them with staff from India, who were hired in on H-1B foreign employee visas.

On one hand, these organizations were presumably quite successful with hiring American tech workers… but such workers are expensive. Thanks to a type of U.S. visa, called the H-1B, outsource contractors can bring in foreign workers, place them with those same corporations, and pay them a lot less than American workers. The U.S. organization, like Carnival Cruises, saves money. The outsource contractor, which might be a high-profile organization like the Indian firm Infosys, makes money. The low-cost offshore talent gets decent jobs and a chance to live in the U.S. Everyone wins, right? Except the laid-off American tech workers.

This type of bargain outsourcing is not what the H-1B was designed for. It wasn’t for laying off expensive U.S. workers and hiring or contracting with lower-paid foreign workers. It was intended to help companies bring in overseas experts when they can’t fill the job with qualified local applicants. Clearly that’s not what’s happening here.

It’s Not Supposed to Be About Cheap Labor

Also, the goal was definitely not to let companies reduce their payroll costs. To quote from the U.S. Citizenship & Immigration Services website about H-1B requirements:

Requirement 4— You must be paid at least the actual or prevailing wage for your occupation, whichever is higher.

The prevailing wage is determined based on the position in which you will be employed and the geographic location where you will be working (among other factors).

The challenge is the way that H-1B visas are allocated – which is in a lottery system, based on the number of applications. There’s a cap of only 65,000 visas each year. Outsourcing companies flood the system with hundreds of thousands of applications, whereas the companies that truly need a few specialized tech experts ask for a relative handful. (There are separate rules for educational institutions, like universities, and for those hiring workers with advanced post-graduate degrees.)

H-1B visas have been in the news for decades, as tech companies lobby to increase the quota. Everyone, remember, likes the H-1B visa, except for American tech workers whose jobs are displaced.

Most recently, the U.S. government has warned about a crackdown on H-1B abuses. According to CNN,

While H-1B visas are used to fill the U.S. skills gap, the Trump administration has voiced concerns about abuse of the program. In some cases, outsourcing firms flood the system with applicants, obtaining visas for foreign workers and then contracting them out to tech companies. American jobs are sometimes replaced in the process, critics say.

In response, Infosys, the Indian outsourcing giant, has revealed plans to hire U.S. workers. Says Computerworld,

IT offshore outsourcing giant Infosys — a firm in the Trump administration’s H-1B reform bulls eye — said Tuesday it plans to hire 10,000 “American workers” over the next two years.

The India-based Infosys will hire those employees in four separate locations in the U.S., first in Indiana, which offered the company more than $30 million in tax credits. The other locations weren’t announced.

Look for the H-1B visa issue to remain in the U.S. news spotlight all year during the battle over immigration, employment, and the power of Silicon Valley.

It has been proven, beyond any doubt whatsoever, that flame decals add 20-25 whp (wheel horsepower) to your vehicle, and of course even more bhp (brake horsepower). I know it’s proven because I read it on the Internet, and everything we read on the Internet is true, not #fakenews. Where did I read it? This incredibly informative blog entry here.

Not sure about the acronyms?

  • whp is wheel horsepower, measured at (duh!) the wheels. It takes into account power lost in the drive train, including the transmission and differential, as well as the alternator, air conditioning compressor, wheel mass, etc. It is measured by spinning the wheels on a dynamometer (dyno). In other words, whp is what matters.
  • bhp is brake horsepower, measured at the engine crankshaft (not at the brakes). The “brake” part of the term refers to the Prony brake, an early device used to measure power output. The bhp value is always higher than the whp value, because it is only measures gross engine output. These days, the bhp value is usually quoted as SAE net horsepower. Knowing bhp allows you to evaluate engines and engine modifications — not whole-vehicle upgrades like performance clutches, underdrive pulleys, light-weight wheels, huge spoilers, and of course, flame decals.

Get yourself some flame decals and feel the burn!

IANAL — I am not an attorney. I’ve never studied law, or even been inside a law school. I have a cousin who is an attorney, and quite a few close friends. But IANAL.

So why am I on the American Bar Association’s email list? I am not a member of the ABA. Why are they sending me a credit-card offer? It boggles the mind. One would assume that the ABA is not so desperate for funds that it would have to rent mailing lists to spam with credit-card offers.

And it’s not like I could sue them, right? Sigh.

Every company should have formal processes for implementing cybersecurity. That includes evaluating systems, describing activities, testing those policies, and authorizing action. After all, in this area, businesses can’t afford to wing it, thinking, “if something happens, we’ll figure out what to do.” In many cases, without the proper technology, a breach may not be discovered for months or years – or ever. At least not until the lawsuits begin.

Indeed, running without cybersecurity accreditations is like riding a bicycle in a rainstorm. Without a helmet. In heavy traffic. At night. A disaster is bound to happen sooner or later: That’s especially true when businesses are facing off against professional hackers. And when they are stumbled across as juicy victims by script-kiddies who can launch a thousand variations of Ransomware-as-a-Service with a single keystroke.

Yet, according to the British Chambers of Commerce (BCC), small and very small businesses are extremely deficient in terms of having cybersecurity plans. According to the BCC, in the U.K. only 10% of one-person businesses and 15% of those with 1-4 employees have any formal cybersecurity accreditations. Contrast that with businesses with more than 100 employees: 47% with more than 100 employees) have formal plans.

The BCC surveyed 1,285 business people in the U.K. in January 2017. Of the businesses surveyed, 96% were small or mid-sized businesses. About 22% operate in the manufacturing sector, and 78% operate in the services sector.

And all are woefully unprepared to defend themselves against direct target attacks – and against those which are totally generic. It’s like a car thief walking through a parking lot looking to see which vehicles are unlocked: There’s nothing personal, but if your door is open, your car belongs to the crook. Similarly, if some small business’s employees are click on a phishing email and end up victims of ransomware, well, their Bitcoins are as good as gold.

What can be done? Training, of course, to help ensure that employees (including executives) don’t welcome cybercriminals in by responding to phishing emails, malicious website ads, and social-media scams. Technology, which could be products like anti-malware software installed on endpoints, as well as services offered by internet service providers and security specialty firms. Indeed, the BCC survey indicated that 63% of businesses are reliant on IT providers to resolve issues after an attack,

Needed: A formal process for cybersecurity

Every company should have formal processes for implementing cybersecurity, including evaluating systems, describing activities, testing those policies, and authorizing action. After all, in this area, businesses can’t afford to wing it, thinking, “if something happens, we’ll figure out what to do.” In many cases, without the proper technology, a breach may not be discovered for months or years – or ever. At least not until the lawsuits begin.

As one would expect, small and very small businesses are extremely deficient in terms of having cybersecurity plans. According to the BCC, in the U.K. only 10% of one-person businesses and 15% of those with 1-4 employees have any formal cybersecurity accreditations. Contrast that with businesses with more than 100 employees: 47% with more than 100 employees) have formal plans.

While a CEO may want to focus on his/her primary business, in reality, it’s irresponsible to neglect cybersecurity planning. Indeed, it’s also not good for long-term business success. According to the BCC study, 21% of businesses believe the threat of cyber-crime is preventing their company from growing. And of the businesses that do have cybersecurity accreditations, half (49%) believe it gives their business a competitive advantage over rival companies, and a third (33%) consider it important in creating a more secure environment when trading with other businesses.

Again, one in five businesses in the United Kingdom have fallen victim to cyber-attacks in the past year. That number is probably comparable around the world. There are leading-edge service providers and software companies ready to help reduce that terrible statistic. With more and more hackers, including state-sponsored agents, becoming involved, the stakes are high. Fortunately, the tech industry is up to the challenge.

We have two Red Yucca plants in our garden. Both are magnificent: The leaves, with curlicue strings, are about two feet high. The flower stalks are about five feet high. Currently, each plant has only a single flower stalk; we expect them to have more shortly. We’ve seen these plants with dozens of stalks. The flowers are about 3/4 inch long.

The Red Yucca, or Hesperaloe parviflora, is not a yucca, though it looks like one. As the Texas Native Plants Database says,

Red yucca (which is not a yucca) is a stalwart in the landscapes of Texas and the southwest. Its dark green rosette of long, thin leaves rising fountain-like from the base provides an unusual sculptural accent, its long spikes of pink to red to coral bell-shaped flowers last from May through October, and it is exceedingly tough, tolerating extreme heat and cold and needing no attention or supplemental irrigation once established, although many people remove the dried flower stalks in the fall. Unlike yucca, the leaves are not spine-tipped, and have fibrous threads along the edges. Red yucca is native to Central and Western Texas. A yellow-flowered form has recently become available in nurseries, and a larger, white-flowered species native to Mexico, giant hesperaloe (H. funifera), which has only been found in one location in the Trans-Pecos, is also available. Hummingbirds are attracted to the flowers.

Our Red Yucca trumpet flowers definitely attract hummingbirds, as well as a wealth of insects. The plants are excellent for desert landscaping, since they don’t need to be watered. In fact, we planted the first one three years ago in an area of our garden that was completely barren, and now it fills that space perfectly.

It’s a bad idea to intentionally weaken the security that protects hardware, software, and data. Why? Many reasons, including the basic right (in many societies) of individuals to engage in legal activities anonymously. An additional reason: Because knowledge about weakened encryption, back doors and secret keys could be leaked or stolen, leading to unintended consequences and breaches by bad actors.

Sir Tim Berners-Lee, the inventor of the World Wide Web, is worried. Some officials in the United States and the United Kingdom want to force technology companies to weaken encryption and/or provide back doors to government investigators.

In comments to the BBC, Sir Tim said that there could be serious consequences to giving keys to unlock coded messages and forcing carriers to help with espionage. The BBC story said:

“Now I know that if you’re trying to catch terrorists it’s really tempting to demand to be able to break all that encryption but if you break that encryption then guess what – so could other people and guess what – they may end up getting better at it than you are,” he said.

Sir Tim also criticized moves by legislators on both sides of the Atlantic, which he sees as an assault on the privacy of web users. He attacked the UK’s recent Investigatory Powers Act, which he had criticised when it went through Parliament: “The idea that all ISPs should be required to spy on citizens and hold the data for six months is appalling.”

The Investigatory Powers Act 2016, which became U.K. law last November, gives broad powers to the government to intercept communications. It requires telecommunications providers to cooperate with government requests for assistance with such interception.

Started with Government

Sir Tim’s comments appear to be motivated by his government’s comments. U.K. Home Secretary Amber Rudd said it is “unacceptable” that terrorists were using apps like WhatsApp to conceal their communications, and that there “should be no place for terrorists to hide.

In the United States, there have been many calls for U.S. officials to own back doors into secure hardware, software or data repositories. One that received widespread attention was in 2016, when the FBI tried to compel Apple to unlock the San Bernardino attack’s iPhone. Apple refused, and this sparked a widespread public debate about the powers of the government to go after terrorists or suspected criminals – and whether companies need to break into their own products, or create intentional weaknesses in encryption.

Ultimately, of course, the FBI received their data through the use of third-party tools to break into the iPhone. That didn’t end the question, and indeed, the debate continues to rage. So why not provide a back door? Why not use crippled encryption algorithms that can be easily broken by those who know the flaw? Why not give law-enforcement officials a “master key” to encryption algorithms?

Aside from legal and moral issues, weakening encryption puts everyone at risk. Someone like Edward Snowden, or a spy, might steal information about the weakness, and offer it to criminals, a state-sponsored organization, or the dark web. And now, everyone – not just the FBI, not only MI5 – can break into systems, potentially without even leaving a fingerprint or a log entry.

Stolen Keys

Consider the widely distributed Content Scramble System used to secure commercial movies on DVD discs. In theory, the DVDs were encoded so that they could only be used on authorized devices (like DVD players) that had paid to license the code. The 40-bit code, introduced around 1996, was compromised in 1999. It’s essentially worthless.

Or consider the “TSA-approved” luggage locks, where the locks were nominally secured by a key or combination. However, there are master keys that allowed airport security staff to open the baggage without cutting off the lock. There were seven master keys, which can open any “TSA-approved” lock – and all seven have been compromised. One famous breach of that system: The Washington Post published a photograph of all the master keys, and based on that photo, hackers could easily reproduce the keys. Whoops!

Speaking of WhatsApp, the software had a flaw in its end-to-end encryption. as was revealed this January. The flaw could let others listen in. The story was first revealed by the Guardian, which wrote

WhatsApp’s end-to-end encryption relies on the generation of unique security keys, using the acclaimed Signal protocol, developed by Open Whisper Systems, that are traded and verified between users to guarantee communications are secure and cannot be intercepted by a middleman.

However, WhatsApp has the ability to force the generation of new encryption keys for offline users, unbeknown to the sender and recipient of the messages, and to make the sender re-encrypt messages with new keys and send them again for any messages that have not been marked as delivered.

The recipient is not made aware of this change in encryption, while the sender is only notified if they have opted-in to encryption warnings in settings, and only after the messages have been re-sent. This re-encryption and rebroadcasting of previously undelivered messages effectively allows WhatsApp to intercept and read some users’ messages.

Just Say No

Most (or all) secure systems have their flaws. Yes, they can be broken, but the goal is that if a defect or vulnerability is found, the system will be patched and upgraded. In other words, we expect those secure systems to be indeed secure. Therefore, let’s say “no” to intentional loopholes, back doors, master keys and encryption compromises. We’ve all seen that government secrets don’t stay secret — and even if we believe that government spy agencies should have the right to unlock devices or decrypt communications, none of us want those abilities to fall into the wrong hands.

When we moved to Arizona, we were surprised and delighted to see funny little parrots flying around our garden. Turns out that the rosy-faced lovebirds (which used to be called peach-faced lovebirds, but we can’t get used to the new name) are now resident in greater Phoenix.

These delightful birds are natives of Africa but were released into the Arizona desert either intentionally or accidentally. In any case, they are thriving. Says the Wikipedia,

It inhabits dry, open country in southwest Africa. Its range extends from southwest Angola across most of Namibia to the lower Orange River valley in northwest South Africa. It lives up to 1,600 metres above sea-level in broad-leaved woodland, semi-desert, and mountainous areas. It is dependent on the presence of water sources and gathers around pools to drink.

Escapes from captivity are frequent in many parts of the world and feral birds dwell in metropolitan PhoenixArizona, where they live in a variety of habitats, both urban and rural. Some dwell in cacti and others have been known to frequent feeders in decent sized flocks.

A 2013 story in the Arizona Republic goes farther about the Agapornis roseicollis:

Troy Corman of the Arizona Field Ornithologists, an organization of birders and professionals dedicated to public knowledge of the state’s avian inhabitants, was unsurprised by my fascination.

“These spunky and noisy, bright-green birds seem to attract a lot of attention,” he said.

Their unpredictable visits to city parks and backyard bird baths are said to be huge hits with residents, but the birds are not common sights. Most people I’ve spoken to immediately knew the birds I was talking about but had seen them just once or twice.

Corman co-wrote his organization’s status report on the lovebirds of Phoenix, explaining that they’ve been on the loose as feral flocks since at least the mid-1980s. Their breeding success here — and only here, among places the birds may have escaped within the United States — apparently owes to the comfortably dry and warm climate, ready availability of water and good supply of foods from native and exotic plants, including palm fruit, cactus fruit, apples and various seed pods, including the paloverde’s.

We had lovebirds in our garden in 2014 and 2015, but didn’t see any last year. However, now we are hosting them again on our feeders. This morning, we had six of those beautiful birds. Yay!

Judaism is a communal religion. We celebrate together, we mourn together, we worship together, we learn together, and we play together. The sages taught, for example, that you can’t study Torah on your own. We need 10 Jewish adults, a minyan, in order to have a full prayer service. Likewise, while we may observe Shabbat, Hanukkah, and Passover at home, it’s a lot more fulfilling to come together on Friday nights at the sanctuary, at the annual latke fry, or at the community seder.

When we love something, we want to share it. So why not be inspired to bring our Jewish friends into the kehilla kedosha (holy community), embracing them within a wonderful, sacred congregation? You’re not pushing membership on them, but rather inviting them into a loving community where they will be welcomed. Likewise, if they already are affiliated with a synagogue, that’s fine, too. This isn’t a zero-sum game; it’s an opportunity to build connections between and among communities. Our doors are wide enough for everyone who wishes to enter.

In my latest post on the Reform Judaism blog, I suggest five specific ways you can include your friends – from work, your yoga class, the dog park, or wherever you meet them – in synagogue activities.

It’s official: Internet service providers in the United States can continue to sell information about their customers’ Internet usage to marketers — and to anyone else who wants to use it. In 2016, during the Obama administration, the Federal Communications Commission (FCC) tried to require ISPs to get customer permission before using or sharing information about their web browsing. According to the FCC, the rule change, entitled, “Protecting the Privacy of Customers of Broadband and Other Telecommunications Services,” meant:

The rules implement the privacy requirements of Section 222 of the Communications Act for broadband ISPs, giving broadband customers the tools they need to make informed decisions about how their information is used and shared by their ISPs. To provide consumers more control over the use of their personal information, the rules establish a framework of customer consent required for ISPs to use and share their customers’ personal information that is calibrated to the sensitivity of the information. This approach is consistent with other privacy frameworks, including the Federal Trade Commission’s and the Administration’s Consumer Privacy Bill of Rights.

More specifically, the rules required that customers had to positively agree to have their information used in that fashion. Previously, customers had to opt-out. Again, according to the FCC,

Opt-in: ISPs are required to obtain affirmative “opt-in” consent from consumers to use and share sensitive information. The rules specify categories of information that are considered sensitive, which include precise geo-location, financial information, health information, children’s information, social security numbers, web browsing history, app usage history and the content of communications.

Opt-out: ISPs would be allowed to use and share non-sensitive information unless a customer “opts-out.” All other individually identifiable customer information – for example, email address or service tier information – would be considered non-sensitive and the use and sharing of that information would be subject to opt-out consent, consistent with consumer expectations.

Consumer Privacy Never Happened

That rule change, however, ended up being stuck with legal challenges and never took effect. In March 2017, both chambers of Congress voted to reverse that change. The resolution, passed by both the House and Senate, was simple:

Resolved by the Senate and House of Representatives of the United States of America in Congress assembled, That Congress disapproves the rule submitted by the Federal Communications Commission relating to “Protecting the Privacy of Customers of Broadband and Other Telecommunications Services,” and such rule shall have no force or effect.

What’s the net effect? In some ways, not much, despite all the hyperbole. The rule only applied to broadband providers. It didn’t apply to others who could tell what consumers were doing on the Internet, such as social media (think Facebook) or search engines (think Google) or e-commerce (think Amazon) or streaming media (think Netflix). Those other organizations could use or market their knowledge about consumers, bound only by the terms of their own privacy policy. Similarly, advertising networks and others who tracked browser activity via cookies could also use the information however they wanted.

What’s different about the FCC rule on broadband carriers, however, is that ISPs can see just about everything that a customer does. Every website visited, every DNS address lookup, and every Internet query sent via other applications like email or messaging apps. Even if that traffic is end-to-end encrypted, the broadband carrier knows where the traffic is going or coming from – because, after all, it is delivering the packets. That makes the carriers’ metadata information about customer traffic unique, and invaluable, to marketers, government agencies, and to others who might wish to leverage it.

Customers Can Shield — To Some Extent

Customers can attempt to shield their privacy. For example, many use end-to-end VPN services to route their Internet traffic to a single relay point, and then use that relay to anonymously surf the web. However, a privacy VPN is technically difficult for many consumers to set up. Plus, the service costs money. Also, for true privacy fanatics, that VPN service could also be a source of danger, since it could be compromised by an intelligence agency, or used for a man-in-the-middle attack.

So in the United States, the demise of the FCC ruling is bad news. Customers’ Internet usage data — including websites visited, phrases searched for, products purchased and movies watched — remains available for marketers and others who use to study it and exploit it. However, in reality, such was always the case.

To our delight this morning, our new Blue Passion vines had their first flowers. Passiflora caerulea is an amazing plant. It grows these colorful and complex flowers, which only last about one day, but there’s a long array of buds in various stages of development, so we’ll have blooms nearly every day for months.

The Gulf Fritillary butterfly common here in Phoenix (Agraulis vanillae) lays its egg on the passion vine. The colorful caterpillars munch on the leaves, and build their chrysalis there, becoming a new butterfly. The lifecycle continues.

We purchased two Blue Passion vines a few years ago. We totally enjoyed their gorgeous flowers, and hundreds of caterpillars and butterflies that created a beautiful ecosystem — every morning we’d go outside and check for new flowers and new caterpillars. Unfortunately both vines died last winter. In early March we purchased three replacements, and the first flowers opened today. The Gulf Fritillary caterpillars (which we nicknamed Fruities) are flitting around it, so I expect we’ll have eggs, and caterpillars, very soon.

Isn’t nature grand?