It has been proven, beyond any doubt whatsoever, that flame decals add 20-25 whp (wheel horsepower) to your vehicle, and of course even more bhp (brake horsepower). I know it’s proven because I read it on the Internet, and everything we read on the Internet is true, not #fakenews. Where did I read it? This incredibly informative blog entry here.

Not sure about the acronyms?

  • whp is wheel horsepower, measured at (duh!) the wheels. It takes into account power lost in the drive train, including the transmission and differential, as well as the alternator, air conditioning compressor, wheel mass, etc. It is measured by spinning the wheels on a dynamometer (dyno). In other words, whp is what matters.
  • bhp is brake horsepower, measured at the engine crankshaft (not at the brakes). The “brake” part of the term refers to the Prony brake, an early device used to measure power output. The bhp value is always higher than the whp value, because it is only measures gross engine output. These days, the bhp value is usually quoted as SAE net horsepower. Knowing bhp allows you to evaluate engines and engine modifications — not whole-vehicle upgrades like performance clutches, underdrive pulleys, light-weight wheels, huge spoilers, and of course, flame decals.

Get yourself some flame decals and feel the burn!

IANAL — I am not an attorney. I’ve never studied law, or even been inside a law school. I have a cousin who is an attorney, and quite a few close friends. But IANAL.

So why am I on the American Bar Association’s email list? I am not a member of the ABA. Why are they sending me a credit-card offer? It boggles the mind. One would assume that the ABA is not so desperate for funds that it would have to rent mailing lists to spam with credit-card offers.

And it’s not like I could sue them, right? Sigh.

Every company should have formal processes for implementing cybersecurity. That includes evaluating systems, describing activities, testing those policies, and authorizing action. After all, in this area, businesses can’t afford to wing it, thinking, “if something happens, we’ll figure out what to do.” In many cases, without the proper technology, a breach may not be discovered for months or years – or ever. At least not until the lawsuits begin.

Indeed, running without cybersecurity accreditations is like riding a bicycle in a rainstorm. Without a helmet. In heavy traffic. At night. A disaster is bound to happen sooner or later: That’s especially true when businesses are facing off against professional hackers. And when they are stumbled across as juicy victims by script-kiddies who can launch a thousand variations of Ransomware-as-a-Service with a single keystroke.

Yet, according to the British Chambers of Commerce (BCC), small and very small businesses are extremely deficient in terms of having cybersecurity plans. According to the BCC, in the U.K. only 10% of one-person businesses and 15% of those with 1-4 employees have any formal cybersecurity accreditations. Contrast that with businesses with more than 100 employees: 47% with more than 100 employees) have formal plans.

The BCC surveyed 1,285 business people in the U.K. in January 2017. Of the businesses surveyed, 96% were small or mid-sized businesses. About 22% operate in the manufacturing sector, and 78% operate in the services sector.

And all are woefully unprepared to defend themselves against direct target attacks – and against those which are totally generic. It’s like a car thief walking through a parking lot looking to see which vehicles are unlocked: There’s nothing personal, but if your door is open, your car belongs to the crook. Similarly, if some small business’s employees are click on a phishing email and end up victims of ransomware, well, their Bitcoins are as good as gold.

What can be done? Training, of course, to help ensure that employees (including executives) don’t welcome cybercriminals in by responding to phishing emails, malicious website ads, and social-media scams. Technology, which could be products like anti-malware software installed on endpoints, as well as services offered by internet service providers and security specialty firms. Indeed, the BCC survey indicated that 63% of businesses are reliant on IT providers to resolve issues after an attack,

Needed: A formal process for cybersecurity

Every company should have formal processes for implementing cybersecurity, including evaluating systems, describing activities, testing those policies, and authorizing action. After all, in this area, businesses can’t afford to wing it, thinking, “if something happens, we’ll figure out what to do.” In many cases, without the proper technology, a breach may not be discovered for months or years – or ever. At least not until the lawsuits begin.

As one would expect, small and very small businesses are extremely deficient in terms of having cybersecurity plans. According to the BCC, in the U.K. only 10% of one-person businesses and 15% of those with 1-4 employees have any formal cybersecurity accreditations. Contrast that with businesses with more than 100 employees: 47% with more than 100 employees) have formal plans.

While a CEO may want to focus on his/her primary business, in reality, it’s irresponsible to neglect cybersecurity planning. Indeed, it’s also not good for long-term business success. According to the BCC study, 21% of businesses believe the threat of cyber-crime is preventing their company from growing. And of the businesses that do have cybersecurity accreditations, half (49%) believe it gives their business a competitive advantage over rival companies, and a third (33%) consider it important in creating a more secure environment when trading with other businesses.

Again, one in five businesses in the United Kingdom have fallen victim to cyber-attacks in the past year. That number is probably comparable around the world. There are leading-edge service providers and software companies ready to help reduce that terrible statistic. With more and more hackers, including state-sponsored agents, becoming involved, the stakes are high. Fortunately, the tech industry is up to the challenge.

We have two Red Yucca plants in our garden. Both are magnificent: The leaves, with curlicue strings, are about two feet high. The flower stalks are about five feet high. Currently, each plant has only a single flower stalk; we expect them to have more shortly. We’ve seen these plants with dozens of stalks. The flowers are about 3/4 inch long.

The Red Yucca, or Hesperaloe parviflora, is not a yucca, though it looks like one. As the Texas Native Plants Database says,

Red yucca (which is not a yucca) is a stalwart in the landscapes of Texas and the southwest. Its dark green rosette of long, thin leaves rising fountain-like from the base provides an unusual sculptural accent, its long spikes of pink to red to coral bell-shaped flowers last from May through October, and it is exceedingly tough, tolerating extreme heat and cold and needing no attention or supplemental irrigation once established, although many people remove the dried flower stalks in the fall. Unlike yucca, the leaves are not spine-tipped, and have fibrous threads along the edges. Red yucca is native to Central and Western Texas. A yellow-flowered form has recently become available in nurseries, and a larger, white-flowered species native to Mexico, giant hesperaloe (H. funifera), which has only been found in one location in the Trans-Pecos, is also available. Hummingbirds are attracted to the flowers.

Our Red Yucca trumpet flowers definitely attract hummingbirds, as well as a wealth of insects. The plants are excellent for desert landscaping, since they don’t need to be watered. In fact, we planted the first one three years ago in an area of our garden that was completely barren, and now it fills that space perfectly.

It’s a bad idea to intentionally weaken the security that protects hardware, software, and data. Why? Many reasons, including the basic right (in many societies) of individuals to engage in legal activities anonymously. An additional reason: Because knowledge about weakened encryption, back doors and secret keys could be leaked or stolen, leading to unintended consequences and breaches by bad actors.

Sir Tim Berners-Lee, the inventor of the World Wide Web, is worried. Some officials in the United States and the United Kingdom want to force technology companies to weaken encryption and/or provide back doors to government investigators.

In comments to the BBC, Sir Tim said that there could be serious consequences to giving keys to unlock coded messages and forcing carriers to help with espionage. The BBC story said:

“Now I know that if you’re trying to catch terrorists it’s really tempting to demand to be able to break all that encryption but if you break that encryption then guess what – so could other people and guess what – they may end up getting better at it than you are,” he said.

Sir Tim also criticized moves by legislators on both sides of the Atlantic, which he sees as an assault on the privacy of web users. He attacked the UK’s recent Investigatory Powers Act, which he had criticised when it went through Parliament: “The idea that all ISPs should be required to spy on citizens and hold the data for six months is appalling.”

The Investigatory Powers Act 2016, which became U.K. law last November, gives broad powers to the government to intercept communications. It requires telecommunications providers to cooperate with government requests for assistance with such interception.

Started with Government

Sir Tim’s comments appear to be motivated by his government’s comments. U.K. Home Secretary Amber Rudd said it is “unacceptable” that terrorists were using apps like WhatsApp to conceal their communications, and that there “should be no place for terrorists to hide.

In the United States, there have been many calls for U.S. officials to own back doors into secure hardware, software or data repositories. One that received widespread attention was in 2016, when the FBI tried to compel Apple to unlock the San Bernardino attack’s iPhone. Apple refused, and this sparked a widespread public debate about the powers of the government to go after terrorists or suspected criminals – and whether companies need to break into their own products, or create intentional weaknesses in encryption.

Ultimately, of course, the FBI received their data through the use of third-party tools to break into the iPhone. That didn’t end the question, and indeed, the debate continues to rage. So why not provide a back door? Why not use crippled encryption algorithms that can be easily broken by those who know the flaw? Why not give law-enforcement officials a “master key” to encryption algorithms?

Aside from legal and moral issues, weakening encryption puts everyone at risk. Someone like Edward Snowden, or a spy, might steal information about the weakness, and offer it to criminals, a state-sponsored organization, or the dark web. And now, everyone – not just the FBI, not only MI5 – can break into systems, potentially without even leaving a fingerprint or a log entry.

Stolen Keys

Consider the widely distributed Content Scramble System used to secure commercial movies on DVD discs. In theory, the DVDs were encoded so that they could only be used on authorized devices (like DVD players) that had paid to license the code. The 40-bit code, introduced around 1996, was compromised in 1999. It’s essentially worthless.

Or consider the “TSA-approved” luggage locks, where the locks were nominally secured by a key or combination. However, there are master keys that allowed airport security staff to open the baggage without cutting off the lock. There were seven master keys, which can open any “TSA-approved” lock – and all seven have been compromised. One famous breach of that system: The Washington Post published a photograph of all the master keys, and based on that photo, hackers could easily reproduce the keys. Whoops!

Speaking of WhatsApp, the software had a flaw in its end-to-end encryption. as was revealed this January. The flaw could let others listen in. The story was first revealed by the Guardian, which wrote

WhatsApp’s end-to-end encryption relies on the generation of unique security keys, using the acclaimed Signal protocol, developed by Open Whisper Systems, that are traded and verified between users to guarantee communications are secure and cannot be intercepted by a middleman.

However, WhatsApp has the ability to force the generation of new encryption keys for offline users, unbeknown to the sender and recipient of the messages, and to make the sender re-encrypt messages with new keys and send them again for any messages that have not been marked as delivered.

The recipient is not made aware of this change in encryption, while the sender is only notified if they have opted-in to encryption warnings in settings, and only after the messages have been re-sent. This re-encryption and rebroadcasting of previously undelivered messages effectively allows WhatsApp to intercept and read some users’ messages.

Just Say No

Most (or all) secure systems have their flaws. Yes, they can be broken, but the goal is that if a defect or vulnerability is found, the system will be patched and upgraded. In other words, we expect those secure systems to be indeed secure. Therefore, let’s say “no” to intentional loopholes, back doors, master keys and encryption compromises. We’ve all seen that government secrets don’t stay secret — and even if we believe that government spy agencies should have the right to unlock devices or decrypt communications, none of us want those abilities to fall into the wrong hands.

… we found her.

 

When we moved to Arizona, we were surprised and delighted to see funny little parrots flying around our garden. Turns out that the rosy-faced lovebirds (which used to be called peach-faced lovebirds, but we can’t get used to the new name) are now resident in greater Phoenix.

These delightful birds are natives of Africa but were released into the Arizona desert either intentionally or accidentally. In any case, they are thriving. Says the Wikipedia,

It inhabits dry, open country in southwest Africa. Its range extends from southwest Angola across most of Namibia to the lower Orange River valley in northwest South Africa. It lives up to 1,600 metres above sea-level in broad-leaved woodland, semi-desert, and mountainous areas. It is dependent on the presence of water sources and gathers around pools to drink.

Escapes from captivity are frequent in many parts of the world and feral birds dwell in metropolitan PhoenixArizona, where they live in a variety of habitats, both urban and rural. Some dwell in cacti and others have been known to frequent feeders in decent sized flocks.

A 2013 story in the Arizona Republic goes farther about the Agapornis roseicollis:

Troy Corman of the Arizona Field Ornithologists, an organization of birders and professionals dedicated to public knowledge of the state’s avian inhabitants, was unsurprised by my fascination.

“These spunky and noisy, bright-green birds seem to attract a lot of attention,” he said.

Their unpredictable visits to city parks and backyard bird baths are said to be huge hits with residents, but the birds are not common sights. Most people I’ve spoken to immediately knew the birds I was talking about but had seen them just once or twice.

Corman co-wrote his organization’s status report on the lovebirds of Phoenix, explaining that they’ve been on the loose as feral flocks since at least the mid-1980s. Their breeding success here — and only here, among places the birds may have escaped within the United States — apparently owes to the comfortably dry and warm climate, ready availability of water and good supply of foods from native and exotic plants, including palm fruit, cactus fruit, apples and various seed pods, including the paloverde’s.

We had lovebirds in our garden in 2014 and 2015, but didn’t see any last year. However, now we are hosting them again on our feeders. This morning, we had six of those beautiful birds. Yay!

Judaism is a communal religion. We celebrate together, we mourn together, we worship together, we learn together, and we play together. The sages taught, for example, that you can’t study Torah on your own. We need 10 Jewish adults, a minyan, in order to have a full prayer service. Likewise, while we may observe Shabbat, Hanukkah, and Passover at home, it’s a lot more fulfilling to come together on Friday nights at the sanctuary, at the annual latke fry, or at the community seder.

When we love something, we want to share it. So why not be inspired to bring our Jewish friends into the kehilla kedosha (holy community), embracing them within a wonderful, sacred congregation? You’re not pushing membership on them, but rather inviting them into a loving community where they will be welcomed. Likewise, if they already are affiliated with a synagogue, that’s fine, too. This isn’t a zero-sum game; it’s an opportunity to build connections between and among communities. Our doors are wide enough for everyone who wishes to enter.

In my latest post on the Reform Judaism blog, I suggest five specific ways you can include your friends – from work, your yoga class, the dog park, or wherever you meet them – in synagogue activities.

It’s official: Internet service providers in the United States can continue to sell information about their customers’ Internet usage to marketers — and to anyone else who wants to use it. In 2016, during the Obama administration, the Federal Communications Commission (FCC) tried to require ISPs to get customer permission before using or sharing information about their web browsing. According to the FCC, the rule change, entitled, “Protecting the Privacy of Customers of Broadband and Other Telecommunications Services,” meant:

The rules implement the privacy requirements of Section 222 of the Communications Act for broadband ISPs, giving broadband customers the tools they need to make informed decisions about how their information is used and shared by their ISPs. To provide consumers more control over the use of their personal information, the rules establish a framework of customer consent required for ISPs to use and share their customers’ personal information that is calibrated to the sensitivity of the information. This approach is consistent with other privacy frameworks, including the Federal Trade Commission’s and the Administration’s Consumer Privacy Bill of Rights.

More specifically, the rules required that customers had to positively agree to have their information used in that fashion. Previously, customers had to opt-out. Again, according to the FCC,

Opt-in: ISPs are required to obtain affirmative “opt-in” consent from consumers to use and share sensitive information. The rules specify categories of information that are considered sensitive, which include precise geo-location, financial information, health information, children’s information, social security numbers, web browsing history, app usage history and the content of communications.

Opt-out: ISPs would be allowed to use and share non-sensitive information unless a customer “opts-out.” All other individually identifiable customer information – for example, email address or service tier information – would be considered non-sensitive and the use and sharing of that information would be subject to opt-out consent, consistent with consumer expectations.

Consumer Privacy Never Happened

That rule change, however, ended up being stuck with legal challenges and never took effect. In March 2017, both chambers of Congress voted to reverse that change. The resolution, passed by both the House and Senate, was simple:

Resolved by the Senate and House of Representatives of the United States of America in Congress assembled, That Congress disapproves the rule submitted by the Federal Communications Commission relating to “Protecting the Privacy of Customers of Broadband and Other Telecommunications Services,” and such rule shall have no force or effect.

What’s the net effect? In some ways, not much, despite all the hyperbole. The rule only applied to broadband providers. It didn’t apply to others who could tell what consumers were doing on the Internet, such as social media (think Facebook) or search engines (think Google) or e-commerce (think Amazon) or streaming media (think Netflix). Those other organizations could use or market their knowledge about consumers, bound only by the terms of their own privacy policy. Similarly, advertising networks and others who tracked browser activity via cookies could also use the information however they wanted.

What’s different about the FCC rule on broadband carriers, however, is that ISPs can see just about everything that a customer does. Every website visited, every DNS address lookup, and every Internet query sent via other applications like email or messaging apps. Even if that traffic is end-to-end encrypted, the broadband carrier knows where the traffic is going or coming from – because, after all, it is delivering the packets. That makes the carriers’ metadata information about customer traffic unique, and invaluable, to marketers, government agencies, and to others who might wish to leverage it.

Customers Can Shield — To Some Extent

Customers can attempt to shield their privacy. For example, many use end-to-end VPN services to route their Internet traffic to a single relay point, and then use that relay to anonymously surf the web. However, a privacy VPN is technically difficult for many consumers to set up. Plus, the service costs money. Also, for true privacy fanatics, that VPN service could also be a source of danger, since it could be compromised by an intelligence agency, or used for a man-in-the-middle attack.

So in the United States, the demise of the FCC ruling is bad news. Customers’ Internet usage data — including websites visited, phrases searched for, products purchased and movies watched — remains available for marketers and others who use to study it and exploit it. However, in reality, such was always the case.

To our delight this morning, our new Blue Passion vines had their first flowers. Passiflora caerulea is an amazing plant. It grows these colorful and complex flowers, which only last about one day, but there’s a long array of buds in various stages of development, so we’ll have blooms nearly every day for months.

The Gulf Fritillary butterfly common here in Phoenix (Agraulis vanillae) lays its egg on the passion vine. The colorful caterpillars munch on the leaves, and build their chrysalis there, becoming a new butterfly. The lifecycle continues.

We purchased two Blue Passion vines a few years ago. We totally enjoyed their gorgeous flowers, and hundreds of caterpillars and butterflies that created a beautiful ecosystem — every morning we’d go outside and check for new flowers and new caterpillars. Unfortunately both vines died last winter. In early March we purchased three replacements, and the first flowers opened today. The Gulf Fritillary caterpillars (which we nicknamed Fruities) are flitting around it, so I expect we’ll have eggs, and caterpillars, very soon.

Isn’t nature grand?

“Call with Alan.” That’s what the calendar event says, with a bridge line as the meeting location. That’s it. For the individual who sent me that invitation, that’s a meaningful description, I guess. For me… worthless! This meeting was apparently sent out (and I agreed to attend) at least three weeks ago. I have no recollection about what this meeting is about. Well, it’ll be an adventure! (Also: If I had to cancel or reschedule, I wouldn’t even know who to contact.)

When I send out calendar invites, I try hard to make the event name descriptive to everyone, not just me. Like “ClientCorp and Camden call re keynote topics” or “Suzie Q and Alan Z — XYZ donations.” Something! Give a hint, at least! After all, people who receive invitations can’t edit the names to make them more meaningful.

And then there’s time-zone ambiguity. Some calendar programs (like Google Calendar) do a good job of tracking the event’s time zone, and mapping it to mine. Others, and I’m thinking of Outlook 365, do a terrible job there, and make it difficult to specify the event in a different time zone.

For example, I’m in Phoenix, and often set up calls with clients on the East Coast or in the U.K. As a courtesy, I like to set up meetings using the client’s time zone. Easy when I use Google Calendar to set up the event. Not easy in Outlook 365, which I must use for some projects.

Similarly, some calendar programs do a good job mapping the event to each recipient’s time zone. Others don’t. The standards are crappy, and the implementations of the standards are worse.)

There’s more than the bad time-zone mappings. Each Web-based, mobile, and desktop calendar app, even those that claim to conform to standards, has its own quirks, proprietary features, and incompatibilities. For example, repeating events aren’t handled consistently from calendar program to calendar program. It’s a real mess.

Here are a few simple do’s and don’ts for event creators. Or rather, don’ts and do’s.

  • DON’T just put the name of the person you are meeting with in the event name.
  • DO put your name and organization too, and include your contact information (phone, email, whatever) in the calendar invite itself. Having just a conference bridge or location of the coffee shop won’t do someone any good if they need to reach you before the meeting.
  • DON’T assume that everyone will remember what the meeting is about.
  • DO put the purpose of the meeting into the event title.
  • DON’T think that everyone’s calendar software works like yours or has the same features, vis-à-vis time zones, attachments, comments, and so-on.
  • DO consider putting the meeting time and time zone into the event name. It’s something I don’t do, but I have friends who do, like “ClientCorp and Camden call re keynote topics — 3pm Pacific.” Hmm, maybe I should do that?
  • DON’T expect that if you change the event time on your end, that change will percolate to all recipients. Again, this can be software-specific.
  • DO cancel the event if it’s necessary to reschedule, and set up a new one. Also send an email to all participants explaining what happened. I dislike getting calendar emails saying the meeting date/time has been changed — with no explanation.
  • DON’T assume that people will be able to process your software’s calendar invitations. Different calendar program don’t play well with each other.
  • DO send a separate email with all the details, including the event name, start time, time zone, and list of participants, in addition to the calendar invite. Include the meeting location, or conference-call dial-in codes, in that email.
  • DON’T trust that everyone will use the “accept” button to indicate that they are attending. Most will not.
  • DO follow up with people who don’t “accept” to ask if they are coming.
  • DON’T assume that just because it’s on their calendar, people will remember to show up. I had one guy miss an early-morning call he “accepted” because it was early and he hadn’t checked his calendar yet. D’oh!
  • DO send a meeting confirmation email, one day before, if the event was scheduled more than a week in advance.

Have more do’s and don’ts? Please add them using the comments.

We received this realistic-looking email today claiming to be from a payment company called FrontStream. If you click the links, it tries to get you to active an account and provide bank details. However… We never requested an account from this company. Therefore, we label it phishing — and an attempt to defraud.

If you receive a message like this, delete it. Don’t click any of the links, and don’t reply to it either. You’ve been warned.

From: billing [email address at frontstream.com]
Sent: Wed, Mar 22, 2017 10:34 am
Subject: New Account Ready for Activation

Dear [redacted],

Your account is now available at our FrontStream Invoicing Website for you to view your existing outstanding invoices and make payment. You can directly activate your account here:

[link redacted]

Or you can go to the FrontStream Invoicing website [link redacted], select ‘REGISTER’ option and go through the activation process. Below is your detailed account information from our record. They’re required in order to complete your account activation.

Customer Number: [redacted]

Phone Number: [redacted]

Activation Code: [redacted]

Sincerely,

Accounts Receivable

UPDATE MARCH 22

I tweeted about this blog post, and @FrontStream replied:

@zeichick Sorry for the confusion! The email was sent in error from our customer invoicing system. We’ll be following up with more details.

Given that we aren’t a FrontStream customer, this is peculiar. Will update again if there are more details.

UPDATE MARCH 27

Nothing more from FrontStream.

The U.S. and U.K. are banning larger electronic items, like tablets, notebooks and DLSRs, from being carried onboard flights from a small number of countries. If that ban spreads to include more international or even domestic flights, this will result in several nasty consequences:

1. Business travelers may be unable to bring computers on trips at all. Some airlines ban checking luggage with lithium ion batteries into the cargo hold. Nearly all of these devices use LIB. If you can’t carry them onboard, and you can’t check them, they must stay home, or be overnighted to the destination. Shipping those devices may work for some people, but it’s a sucky solution.

2. Even if you can check them, there may be a surge of thefts of these costly electronic goodies from checked baggage. I always carry my expensive pro-grade DSLR and lenses onboard, and never check them. Why? I’m worried about theft and about breakage — that stuff is fragile. If I had to check my camera gear, they’d stay home. Same with my notebook and tablets. There is too much opportunity for stuff to disappear, especially when anyone can easily obtain a universal key for those silly TSA locks. Yes, a family member lost a DSLR from checked luggage.

3. This messes up the plans of airlines who are moving to a BYOD-centric entertainment model. Forget the drop-down TV screens playing one movie. Forget the individual seat-back TV screens offering a choice of movies, TV shows and video games. Airlines are saving money, saving weight, and making customers happy by ditching the electronics and using onboard WiFi to stream entertainment to the passengers’ phone, tablet or laptop. (And they get to charge for air-to-ground WiFi.) According to the Economist, 90% of passengers bring a suitable device. Everyone wins, unless devices are banned. No tablets? No laptops? No onboard entertainment.

The answer to terrorist threats isn’t security theater. Address the risks in an intelligent way, yes. Institute stupid rules that affect all travelers, no. One guy tries to light his shoe on fire, and now you have to take off your shoes to go through airport screening. And now there’s a “threat” and so here’s a new limitation on people making international flights.

That’s how the terrorists win and win and win.

Today’s calculation device is this lovely vintage HP-28S “advanced scientific” calculator from the late 1980s.

As a working calculator, it’s not my favorite. HP gets points for creativity, but the clamshell design makes for an awkward user experience. I’m finding it frustrating to use because each line on the display is hard to read, there are too many keys, and the visual cues are subtle. It is also hard to pry the clamshell open.

The keys do have a nice clickiness to them. If you are doing basic math, you can fold the alphanumeric left part of the clamshell behind the right part.

Functionally, the HP-28 series is also innovative, as it’s where HP first exposed RPL to the user. RPL is Reverse Polish Lisp, a next-generation RPN, or Reverse Polish Notation, designed to handle complex algebraic expressions.

Were I doing that sort of equation-solving or scientific work this afternoon, the HP-28S would be ideal. Today’s project, though, is simple arithmetic related to tracking video editing timings. (Last time I did this, I used an HP-32S II, which has a simpler interface and much larger numbers on the one-line display.)

While I don’t use it often, the HP-28S is a prized member of my extensive collection of vintage calculators. My goal is to keep using all the devices (well, at least, the ones that still function) because it’s more fun than simply looking at them.

Was the Russian government behind the 2004 theft of data on about 500 million Yahoo subscribers? The U.S. Justice Department thinks so: It accused two Russian intelligence officers of directing the hacking efforts, and also named two hackers as being part of the conspiracy to steal the data.

According to Mary B. McCord, Acting Assistant Attorney General,

The defendants include two officers of the Russian Federal Security Service (FSB), an intelligence and law enforcement agency of the Russian Federation and two criminal hackers with whom they conspired to accomplish these intrusions. Dmitry Dokuchaev and Igor Sushchin, both FSB officers, protected, directed, facilitated and paid criminal hackers to collect information through computer intrusions in the United States and elsewhere.

Ms. McCord added that scheme targeted Yahoo accounts of Russian and U.S. government officials, including security staff, diplomats and military personnel. “They also targeted Russian journalists; numerous employees of other providers whose networks the conspirators sought to exploit; and employees of financial services and other commercial entities,” she said.

From a technological perspective, the hackers first broke into computers of American companies providing email and internet-related services. From there, they harvested information, including information about individual users and the private contents of their accounts. The hackers, explained Ms. McCord, were hired to gather information for the FSB officers — classic espionage. However, they quietly went farther to steal financial information, such as gift card and credit card numbers, from users’ email accounts — and also use millions of stolen Yahoo accounts to set up an email spam scheme.

Was this state-sponsored cybertheft? Probably, but it’s not certain. What we have are serious allegations, but we don’t know if the FSB agents were working on orders from the Kremlin, or if they were running their own operation for their own private benefit. It’s simply too soon to tell.

The Turkish/Dutch Hacking Connection

Similarly, it’s too soon to know who is behind this week’s use of hijacked Twitter accounts to fling some nasty rhetoric against the Netherlands. This comes on the heels of the Dutch government’s efforts to block Turkish government ministers from traveling to the Netherlands to encourage Turkish ex-pats to vote in a Turkish referendum. At the same time, the Netherlands themselves were having an important election, with one of the leading candidates offering an isolationist, anti-Muslim platform. According to Reuters,

A diplomatic spat between Turkey, the Netherlands and Germany spread online on Wednesday when a large number of Twitter accounts were hijacked and replaced with anti-Nazi messages in Turkish.

The attacks, using the hashtags #Nazialmanya (NaziGermany) or #Nazihollanda (NaziHolland), took over accounts of high-profile CEOs, publishers, government agencies, politicians and also some ordinary Twitter users.

The account hijackings took place as the Dutch began voting on Wednesday in a parliamentary election that is seen as a test of anti-establishment and anti-immigrant sentiment.

The hackers did a good job getting access to Twitter accounts. Reuters continued,

The hacked accounts featured tweets with Nazi symbols, a variety of hashtags and the phrase “See you on April 16”, the date of a planned referendum in Turkey on extending Erdogan’s presidential powers.

Among them were the accounts of the European Parliament and the personal profile of French conservative politician Alain Juppe.

They also included the UK Department of Health and BBC North America, along with the profile of Marcelo Claure, the chief executive of U.S. telecoms operator Sprint Corp.

Other accounts included publishing sites for Die Welt, Forbes and Reuters Japan and several non-profit agencies including Amnesty International and UNICEF USA, as well as Duke University in the United States.

How did the hackers get access to Twitter? In part by breaking into a Dutch audience analytics company, which would have had access to some or all of those accounts. As Reuters reported,

At least some of the hijacked tweets appear to have been delivered via Twitter Counter, a Netherlands-based Twitter audience analytics company. Twitter Counter Chief Executive Omer Ginor acknowledged via email that the service had been hacked.

Meanwhile in a separate action, Reuters said,

Last Saturday, denial of service attacks staged by a Turkish hacking group hit the websites of Rotterdam airport and anti-Islam firebrand Geert Wilders, whose Freedom Party is vying to form to form the biggest party in the Dutch parliament.

So – as with the Yahoo hack in 2014 – are these the work of state-sponsored hackers? Or of hackers who believe in a cause, and who are working on their own to support that cause? It’s too soon to tell, and in this case, we may never know; it’s unclear if any organizations as powerful as the U.S. Justice Department and FBI are investigating. What we do know, though, is that nearly everything is vulnerable. A reputable analytics service can be hacked in order to provide a backdoor means to take over Twitter accounts. Internet access companies can be subverted and used for espionage or for staging man-in-the-middle attacks.

How many more of these attacks will be unveiled in the weeks, months and years ahead? One safe prediction: There will be many more attacks — whether state sponsors are behind them or not.

As many of you know, I am co-founder and part owner of BZ Media LLC. Yes, I’m the “Z” of BZ Media. Here is exciting news released today about one of our flagship events, InterDrone.

MELVILLE, N.Y., March 13, 2017 BZ Media LLC announced today that InterDrone™ The International Drone Conference & Exposition has been acquired by Emerald Expositions LLC, the largest producer of trade shows in North America. InterDrone 2016 drew 3,518 attendees from 54 different countries on 6 continents and the event featured 155 exhibitors and sponsors. The 2017 event will be managed and produced by BZ Media on behalf of Emerald.

Emerald Expositions is the largest operator of business-to-business trade shows in the United States, with their oldest trade shows dating back over 110 years. They currently operate more than 50 trade shows, including 31 of the top 250 trade shows in the country as ranked by TSNN, as well as numerous other events. Emerald events connect over 500,000 global attendees and exhibitors and occupy over 6.7 million NSF of exhibition space.

“We are very proud of InterDrone and how it has emerged so quickly to be the industry leading event for commercial UAV applications in North America,” said Ted Bahr, President of BZ Media. “We decided that to take the event to the next level required a company of scale and expertise like Emerald Expositions. We look forward to supporting Emerald through the 2017 and 2018 shows and working together to accelerate the show’s growth under their ownership over the coming years.”

InterDrone was just named to the Trade Show Executive magazine list of fastest growing shows in 2016 and was one of only 14 shows in the country that was named in each of the three categories; fastest growth in exhibit space, growth in number of exhibitors and in attendance. InterDrone was the only drone show named to the list.

InterDrone 2017 will take place September 6–8, 2017, at the Rio Hotel & Casino in Las Vegas, NV, and, in addition to a large exhibition floor, features three subconferences for attendees, making InterDrone the go-to destination for UAV educational content in North America. More than 120 classes, panels and keynotes are presented under Drone TechCon (for drone builders, engineers, OEMs and developers), Drone Enterprise (for enterprise UAV pilots, operators and drone service businesses) and Drone Cinema (for pilots engaged in aerial photography and videography).

“Congratulations to Ted Bahr and his team at BZ Media for successfully identifying this market opportunity and building a strong event that provides a platform for commercial interaction and education to this burgeoning industry”, said David Loechner, President and CEO of Emerald Expositions. “We have seen first-hand the emerging interest in drones in our two professional photography shows, and we are excited at the prospect of leveraging our scale, experience and expertise in trade shows and conferences to deliver even greater benefits to attendees, sponsors, exhibitors at InterDrone and to the entire UAV industry.”

“You walked 713 steps today. Good news is the sky’s the limit!”

Thank you, Pebble, for that encouragement yesterday.

The problem with fitness apps in smartwatches is that you have to wear the watch for them to work. When I am at home, I never wear a watch. Since I work from home, that means that I usually don’t have a watch on my wrist. And when I go out, sometimes I wear the Pebble, sometimes something else. For a recent three-day weekend trip away with my wife, for example, I carried the pocket watch she bought me for our 15th anniversary. So, it’s hard for the Pebble app to get an accurate read on my activity.

Yesterday, I only wore this watch for a brief period of time. The day before, not at all. That’s why Pebble thought that 713 steps was a great accomplishment.

(Too bad Pebble is out of business. I like this watch.)

If Amazon can deliver packages by drone, then fast-food restaurants like Chick-Fil-A can air-lift chicken sandwiches via hot-air balloon. Right? At least, that’s the best explanation for this sighting in my Phoenix neighborhood.

Of course, what I really want is a Dunkin’ Donuts food truck going up my street. Like the old-fashioned ice cream vans. Though drones would be okay too. I’m not picky.

Nothing you share on the Internet is guaranteed to be private to you and your intended recipient(s). Not on Twitter, not on Facebook, not on Google+, not using Slack or HipChat or WhatsApp, not in closed social-media groups, not via password-protected blogs, not via text message, not via email.

Yes, there are “privacy settings” on FB and other social media tools, but those are imperfect at best. You should not trust Facebook to keep your secrets.

If you put posts or photos onto the Internet, they are not yours to control any more. Accept they can appropriated and redistributed by others. How? Many ways, including:

  • Your emails and texts can be forwarded
  • Your Facebook and Twitter posts and direct-messages can be screen-captured
  • Your photos can be downloaded and then uploaded by someone else

Once the genie is out of the bottle, it’s gone forever. Poof! So if there’s something you definitely don’t want to become public, don’t put it on the Internet.

(I wrote this after seeing a dear friend angered that photos of her little children, which she shared with her friends on Facebook, had been re-posted by a troll.)

It was our first-ever perp walk! My wife and I were on the way home from a quick grocery errand, and we were witnesses to and first responders to a nasty car crash. A car ran a red light and hit a turning vehicle head-on.

As we pulled over to see if there were injuries, the young driver and passenger in the red-light runner got out of their vehicle… grabbed their backpacks… and ran. I got out our car and shouted at the kids to come back, and also managed to snap some quick cell-phone pictures.

We stayed behind at the accident scene to check out the victim (a nice but shaken woman). We also waited with her until the fire and then police arrived.

Other witnesses followed the perps, who ran into a supermarket and hid in the bathroom, and they called 9-1-1 about it. A few minutes later we learned “They got them!” — and the police officer at the accident scene asked us to drive to the supermarket parking lot and see if we could identify the runners.

So: I sat in the back of a car, and my wife hid behind a tree. The perps were taken one-at-a-time out of a patrol car to see if we could recognize them. The police were very careful to make sure the kids didn’t see us. They were indeed the runners — we could easily confirm that, and they clearly matched the photos on my phone.

After the ID, the police sent us home, with thanks. We’d like to commend Phoenix police and fire for their professionalism.

What a day, and what an adventure. While we hope that the kids had insurance (the woman’s car was totaled), we are especially grateful that nobody was injured, and that justice will be done.

And, I guess, once a first responder, always a first responder.

This plant in our garden keeps blooming and blooming. What’s funny is that sometimes the flowers are yellow, and sometimes they are orange, like this one.

5d3_1277I was dismayed this morning to find an email from Pebble — the smart watch folks — essentially announcing their demise. The company is no longer a viable concern, says the message, and the assets of the company are being sold to Fitbit. Some of Pebble’s staff will go to Fitbit as well.

This is a real loss. The Pebble is an excellent watch. I purchased the original monochrome-screen model by signing onto their Kickstarter campaign, back in April 2012, for an investment of $125.

The Kickstarter watch’s screen became a little flakey after a few years. I purchased the Pebble Time – a much-improved color version – in May 2016, for the odd price of $121.94 through Amazon. You can see the original Pebble, with a dead battery, on the left, and the Pebble Time on the right. The watchface I’ve chosen isn’t colorful, so you can’t see that attribute.

I truly adore the Pebble Time. Why?

  • The battery life is a full week; I don’t travel with a charging cable unless it’s a long trip.
  • The watch does everything I want: The watch face I’ve chosen can be read quickly, and is always on.
  • The watch lets me know about incoming text messages. I can answer phone call in the car (using speakerphone) by pressing a button on the watch.
  • Also in the car I can control my phone’s music playback from the watch.
  • It was inexpensive enough that if it gets lost, damaged or stolen, no big deal.

While I love the concept of the Apple Watch, it’s too complicated. The battery life is far too short. And I don’t need the extra functions. The Pebble Time is (or rather was) far less expensive.

Fortunately, my Pebble Time should keep running for a long, long time. Don’t know what will replace it, when the time comes. Hopefully something with at least a week of battery life.

Here’s the statement from Pebble:

Pebble is joining Fitbit

Fitbit has agreed to acquire key Pebble assets. Due to various factors, Pebble can no longer operate as an independent entity, and we have made the tough decision to shut down the company. The deal finalized today preserves as much of Pebble as possible.

Pebble is ceasing all hardware operations. We are no longer manufacturing, promoting, or selling any new products. Active Pebble models in the wild will continue to work.

Making Awesome Happen will live on at Fitbit. Much of our team and resources will join Fitbit to deliver new “moments of awesome” in future Fitbit products, developer tools, and experiences. As our transition progresses, we’ll have exciting new stories to tell and milestones to celebrate.

It’s no doubt a bittersweet time. We’ll miss what we’re leaving behind, but are excited for what the future holds. It will be important for Pebblers to extend a warm welcome to Fitbit—as fans and customers—sharing what they love about Pebble and what they’d like to see next.

What an amazing sight! We visited Canyon Lake, Arizona — a short drive from our home in Phoenix — and were rewarded with a close-up of this bald eagle. The bird seems to have caught prey; we believe it was a smaller bird, since we could see feathers flying.

These were shot using a Canon EOS 5D Mark III, with a Canon 70-200mm f/2.8 IS lens. This made me wish I’d brought the big Sigma 150-600mm to get more pixels on the bird. Next time!!


 

 

 

1d4_7849Today’s beautiful cactus flowers will be gone tomorrow.

So much of our world’s wonders are ephemeral. Blink and you’ll miss the rainbow. A hug lasts mere seconds. A smile is fleeting. Shapes in the clouds constantly change.

Take a moment to enjoy life. Stop and smell the roses, watch the butterflies dance, take delight in the people around you, the shadows on the wall, the waves in the ocean. These precious moments, these everyday miracles, shall never come again.

G’mar chatima tova. May you be blessed with health, peace, joy, love, and delight.

bmw-530iMrs. Rachael Adams is back, and still wants to give me a fine Bavarian automobile. But is it a 7-series or a 5-series? Is it a 2015 or 2016 model? Doesn’t matter – it’s a scam. Just like the one a few weeks ago, also from Mrs. Adams, but at least that one was clearer about the vehicle. Hey, it’s the same reg code pin as last time, too. See “A free BMW 7-Series car – and a check for $1.5 million!

All these “you are a winner” lottery emails are scams. Don’t reply to them, simply delete them.

From: Mrs. Rachael Adams

Subject: BMW LOTTERY PROMOTIONS.

BMW LOTTERY DEPARTMENT
5070 WILSHIRE BLVD
LOS ANGELES. CA 90036
UNITED STATES OF AMERICA.

NOTE: If you received this message in your SPAM/BULK folder, that is because of the restrictions implemented by your Internet Service Provider, we (BMW) urge you to treat it genuinely.

Dear Winner,

This is to inform you that you have been selected for a prize of a brand new 2015/2016 Model BMW 7 Series Car and a Check of $1,500,000.00 USD from the international balloting programs held on the 2nd section in the UNITED STATE OF AMERICA.

Description of prize vehicle;

Model: 530iA Color (exterior): Metallic Silver Mileage: 5 Transmission: Automatic 6 Speed

Options: Cold weather package, premium package, fold down rear seats w/ski bag, am fm stereo with single in dash compact disc player.

The selection process was carried out through random selection in our computerized email selection system (ESS) from a database of over 250,000 email addresses drawn from all the continents of the world which you were selected.

The BMW Lottery is approved by the British Gaming Board and also Licensed by the International Association of Gaming Regulators (IAGR). To begin the processing of your prize you are to contact our fiduciary claims department for more information as regards procedures to the claim of your prize.

Name: Mr. David Mark
Email: [redacted]
Direct 24hours Security Line: [redacted] (Text Message Only)

Contact him by providing him with your Reg. pin code Number

255125HGDY03/23.

You are also advised to provide him with the under listed information as soon as possible:

  1. Name In Full :
  2. Residential Address :
  3. Nationality :
  4. Age :
  5. Sex
  6. Occupation :
  7. Direct Phone :
  8. Present Country :
  9. Email address :
  10. Reg pin code Number: 255125HGDY03/23

Please you are to provide him with the above listed details as soon as possible so he can begin with the processing of your prize winnings.

Congratulations from all our staffs and thank you for being part of our promotional program.

Mrs. Rachael Adams.

FROM THE DESK OF RACHAEL ADAMS,
THE DIRECTOR PROMOTIONS
BMW LOTTERY DEPARTMENT
UNITED STATES OF AMERICA

ghanaSpam scam: Who needs stand-up comedians when laughs appears in my inbox each and every day? This is one of the most amusing in a while, mainly because I can’t parse most of it.

Don’t reply to messages like this. Delete them right away.

From: Mr. Henry Addo

Subject: I NEED YOUR URGENT RESPONSE

My Good Friend,

Mr. name is My Henry Addo, the AM I ares ares Newly Promoted Branch Manager of Bank here in Ghana, West Africa, not quite I and Feel Safe discussing this with you through this Internet Business method, why is The Very Important Important Because this Transaction and the Business Must Confidential treated be. Though this Medium: using of Internet has been greatly Abused, I Still the Choose to you through the REACH IT Because IT Still Remains The Fastest Medium of Communication, during the Information I obtained the Your My search through The Internet.

May the Interest to you that I Hear IT the AM ares man of PEACE and do not Want the Problems, I Hope we only Each Call Assist for the CAN OTHER. The If you do not Want this Offer Kindly forget the Business IT, the AS the Contact you I will not again.

I have packaged a financial transaction that will benefit both of us, as the Branch Manager of the Bank, it is my duty to send in a Financial Report to my head office in the capital city Accra at the end of each year.

In the course of the last year 2015 end of the year report, I discovered that my branch in which I am the Manager made excess profit of Seven Million five Hundred Thousand Dollars [US $ 7,500,000.00] which my head office are not aware of and will be aware of Never Registered. I have Placed Since this Fund in ares SUNDRY ACCOUNT.

As an officer of the bank I can not be directly linked to this money, so this informed my contacting you for us to work together so that you can assist me and receive this fund into your bank account in your country for us to SHARE.

I am offering you 40% of the total fund, while you keep 60% for me in your bank account till I join you in your country for the sharing / investment of my own share of the funds or better still we can go into a joint partnership venture, I will appreciate it very much.

The Request for Your Honesty and Optimum immensely I Cooperation and Let Me Know Your Mind on this, the AS and the Please do treat this the Information Top Secret the AS the CAN I not afford to My Ñlose the Job with The Bank. We Shall Go over a once The details I The Receive your urgent response.

Thanks for your understanding, i will be waiting for your response

Sincerely,

Mr. Henry Addo.

liberalAs Aesop wrote in his short fable, “The Donkey and His Purchaser,” you can quite accurately judge people by the company they keep.

I am “very liberal,” believes Facebook. If you know me, you are probably not surprised by that. However, I was: I usually think of myself as a small-l libertarian who caucuses with the Democrats on social issues. But Facebook, by looking at what I write, who I follow, and which pages I like, probably has a more accurate assessment.

The spark for this particular revelation is “Liberal, Moderate or Conservative? See How Facebook Labels You.” The article, by Jeremy Merrill, in today’s New York Times, explains how to see how Facebook categorizes you (presumably this is most appropriate for U.S. residents):

Try this (it works best on your desktop computer):

Go to facebook.com/ads/preferences on your browser. (You may have to log in to Facebook first.)

That will bring you to a page featuring your ad preferences. Under the “Interests” header, click the “Lifestyle and Culture” tab.

Then look for a box titled “US Politics.” In parentheses, it will describe how Facebook has categorized you, such as liberal, moderate or conservative.

(If the “US Politics” box does not show up, click the “See more” button under the grid of boxes.)

Part of the power of Big Data is that it can draw correlations based on vague inferences. So, yes, if you like Donald Trump’s page, but don’t like Hillary Clinton’s, you are probably conservative. What if you don’t follow either candidate? Jeremy writes,

Even if you do not like any candidates’ pages, if most of the people who like the same pages that you do — such as Ben and Jerry’s ice cream — identify as liberal, then Facebook might classify you as one, too.

This is about more than Facebook or political preferences. It’s how Big Data works in lots of instances where there is not only information about a particular person’s preference and actions, but a web of connections to other people and their preferences and actions. It’s certainly true about any social network where it’s easy to determine who you follow, and who follows you.

If most of your friends are Jewish, or Atheist, or Catholic, or Hindu, perhaps you are too, or have interests similar to theirs. If most of your friends are African-American or Italian-American, or simply Italian, perhaps you are too, or have interests similar to theirs. If many of your friends are seriously into car racing, book clubs, gardening, Game of Thrones, cruise ship vacations, or Elvis Presley, perhaps you are too.

Here is that Aesop fable, by the way:

The Donkey and his Purchaser

A man who wanted to buy a donkey went to market, and, coming across a likely-looking beast, arranged with the owner that he should be allowed to take him home on trial to see what he was like.

When he reached home, he put him into his stable along with the other donkeys. The newcomer took a look round, and immediately went and chose a place next to the laziest and greediest beast in the stable. When the master saw this he put a halter on him at once, and led him off and handed him over to his owner again.

The latter was a good deal surprised to seem him back so soon, and said, “Why, do you mean to say you have tested him already?”

“I don’t want to put him through any more tests,” replied the other. “I could see what sort of beast he is from the companion he chose for himself.”

Moral: “A man is known by the company he keeps.”

muggingNothing is scarier than getting together with a buyer (or a seller) to exchange dollars for a product advertised on Craig’s List, eBay or another online service… and then be mugged or robbed. There are certainly plenty of news stories on this subject, but the danger continues. Here are some recent reports:

Don’t be a victim! The Phoenix Police Department has released an advisory. It’s good advice. Follow it.

Phoenix Police Media Advisory:

Internet Exchange Related Crimes

The Phoenix Police Department has recently experienced reported crimes specific to the usage of internet exchange sites that allow sellers to advertise items for sale and then interact with buyers. Subsequent to the online interaction, the two parties usually meet and exchange money for goods in a private party transaction at an agreed-upon location. However, due to circumstances surrounding the nature of these interactions, many criminals are using them for their own purposes

 Specifically, the Phoenix Police Department has seen an increase in robberies of one of the involved parties by the other party during these exchanges. However, crimes as serious as homicide and kidnapping have been linked to these transactions. Although no strategy is 100% effective when trying to be safe, there are a number of steps one can take to ensure the transaction is done under the safest possible circumstances. The department is urging those involved in these private, internet-based sales transactions to consider the following while finalizing the deal and making safety their primary consideration:

  • If the deal seems too good to be true, it probably is.
  • The location of the exchange should be somewhere in public that has many people around like a mall, a well-traveled parking lot, or a public area. Do not agree to meet at someone’s house, a secluded place, a vacant house, or the like.
  • Try to schedule the transaction while it is still daylight, or at least in a place that is very well lit.
  • Ask why the person is selling the item and what type of payment they will accept. Be wary of agreeing to a cash payment and then travelling to the deal with a large sum of cash.
  • Bring a friend with you to the meet and let someone who isn’t going with you know where you are going and when you can be expected back.
  • Know the fair market value of the item you are purchasing.
  •  Trust your instinct! If something seems suspicious, or you get a bad feeling, pass on the deal!

Other good advice that I’ve seen:

  • Never agree to meet in a second place, when you show up at the agreed-upon place and receive a text message redirecting you somewhere else.
  • Never give the other party your home address. If you must do so (because they are picking up a large item from your house), bring the item outside; don’t let them into your house. Inform your neighbors what’s going on.
  • Call your local police department and ask if they can recommend an Internet Purchase Exchange Location, also known as a Safe Exchange Zone.

Be careful out there, my friends.

big-shredderCan someone steal the data off your old computer? The short answer is yes. A determined criminal can grab the bits, including documents, images, spreadsheets, and even passwords.

If you donate, sell or recycle a computer, whoever gets hold of it can recover the information in its hard drive or solid-state storage (SSD). The platform doesn’t matter: Whether its Windows or Linux or Mac OS, you can’t 100% eliminate sensitive data by, say, eliminating user accounts or erasing files!

You can make the job harder by using the computer’s disk utilities to format the hard drive. Be aware, however, that formatting will thwart a casual thief, but not a determined hacker.

The only truly safe way to destroy the data is to physically destroy the storage media. For years, businesses have physically removed and destroyed the hard drives in desktops, servers and laptops. It used to be easy to remove the hard drive: take out a couple of screws, pop open a cover, unplug a cable, and lift the drive right out.

Once the hard drive is identified and removed, you can smash it with a hammer, drill holes in it, even take it apart (which is fun, albeit time-consuming). Some businesses will put the hard drive into an industrial shredder, which is a scaled-up version of an office paper shredder. Some also use magnetism to attempt to destroy the data. Not sure how effective that is, however, and magnets won’t work at all on SSDs.

It’s much harder to remove the storage from today’s ultra-thin, tightly sealed notebooks, such as a Microsoft Surface or Apple MacBook Air, or even from tablets. What if you want to destroy the storage in order to prevent hackers from gaining access? It’s a real challenge.

If you have access to an industrial shredder, an option is to shred the entire computer. It seems wasteful, and I can imagine that it’s not good to shred lithium-ion batteries – many of which are not easily removable, again, as in the Microsoft Surface or Apple MacBook Air. You don’t want those chemicals lying around. Still, that works, and works well.

Note that an industrial shredder is kinda big and expensive – you can see some from SSL World. However, if you live in any sort of medium-sized or larger urban area, you can probably find a shredding service that will destroy the computer right in front of you. I’ve found one such service here in Phoenix, Assured Document Destruction Inc., that claims to be compliant with industry regulations for privacy, such as HIPAA and Sarbanes-Oxley.

Don’t want to shred the whole computer? Let’s say the computer uses a standard hard drive, usually in a 3.5-inch form factor (desktops and servers) or 2.5-inch form factor (notebooks). If you have a set of small screwdrivers, you should be able to dismantle the computer, remove the storage device, and kill it – such as by smashing it with a maul, drilling holes in it, or taking it completely apart. Note that driving over it in your car, while satisfying, may not cause significant damage.

What about solid state storage? The same actually applies with SSDs, but it’s a bit trickier. Sometimes the drive still looks like a standard 2.5-inch hard drive. But sometimes the “solid state drive” is merely a few exposed chips on the motherboard or a smaller circuit board. You’ve got to smash that sucker. Remove it from the computer. Hulk Smash! Break up the circuit board, pulverize the chips. Only then will it be dead dead dead. (Though one could argue that government agencies like the NSA could still put Humpty Dumpty back together again.)

In short: Even if the computer itself seems totally worthless, its storage can be removed, connected to a working computer, and accessed by a skilled techie. If you want to ensure that your data remains private, you must destroy it.