Secure those passwords!

Stories about hacked or stolen password files keep coming. One of the most recent is a breech at IEEE.org – where 100,000 plaintext passwords were stolen a few weeks ago. The IEEE confirmed it a couple of days ago:

IEEE Statement on Security Incident

25 September 2012 — IEEE has become aware of an incident regarding inadvertent access to unencrypted log files containing user IDs and passwords. We have conducted a thorough investigation and the issue has been addressed and resolved. We are in the process of notifying those who may have been affected.

IEEE takes safeguarding the private information of our members and customers very seriously. We regret the occurrence of this incident and any inconvenience it may have caused.

There are two underlying problems. One we can address. One we can’t.

The problem we need to address is that programmers are sloppy. The application calls for having some sort of login with user names and passwords. So what do programmers do? They store the username and passwords as plain text in some sort of lookup table. They store the password lookup table in a volume where it can be accessed over the Internet.

The fixes are simple.

1. No plain-text storage systems – ever! Encrypt. Hash. Rinse. Repeat.

2. Don’t store the lookup table anywhere where it can be accessed remotely.

3. Don’t record passwords in log files.

4. Forget rules 1, 2 and 3. Instead, don’t let your programmers roll their own identity management system. If one needs to be built, make it a separate project and subject it to serious design work, security auditing and penetration testing.

No matter how trivial the “at risk” data, don’t create a lame login system. Ever. If a login/password system is required, take it seriously from a design perspective. It’s an attack surface!

That brings us to the second problem, the one we can’t address. Humans tend to reuse their passwords. They might have the same username and login in every e-commerce site. You’ve cracked one, you’ve cracked them all. And you know, that same login/password might also be their email access code, their remote network admin login/password, and their corporate portal login/password.

If your system uses an email address as the login, perhaps you’ve made life easier for your end users. You’ve also made it much easier for hackers to target your system, and for them to exploit a stolen login/password list from another site. If email hidden; JavaScript is required uses a password of DontGuessMe123 on one site, he’s probably using it on your site too.

Practically speaking, there’s nothing we can do about password reuse. But we can, we must, make sure that our own identity management systems are secure. If the IEEE can fail, we can too.

Z Trek Copyright (c) Alan Zeichick

Reimagining the taxonomy of computing

Interactive whiteboards! Ambient intelligence! A lot can change in 14 years! That’s the conclusion you have to reach after reading the latest iteration of the Computing Classification System, maintained and published by the Association for Computing Machinery.

The ACM’s CCS has defined the computing field since 1964, and was last updated in 1998. This latest update, completed in March 2012 but unveiled this month, can be considered a full list of terms. According to the ACM,

The 2012 ACM Computing Classification System has been developed as a poly-hierarchical ontology that can be utilized in semantic web applications… It relies on a semantic vocabulary as the single source of categories and concepts that reflect the state of the art of the computing discipline and is receptive to structural change as it evolves in the future. 

You can see the entire CCS as a Word document, HTML page or as an XML file.

What’s new in the 2012 classification? Lots, both in terms of organization and in content.

Previously, the CCS was divided into 11 top-level hierarchies: General literature, Hardware, Computer systems organization, Software, Data, Theory of computing, Mathematics of computing, Information systems, Computing methodologies, Computer applications, Computing milieux (my favorite), and Computers and society.

The new 2012 system has 14 top-level hierarchies which better reflect today’s world: General and reference, Hardware, Computer systems organization, Networks, Software and its engineering, Theory of computation, Mathematics of computing, Information systems, Security and privacy, Human-centered computing, Computing methodologies, Applied computing, Social and professional topics, and Proper nouns: People, technologies and companies.

Alas, Computing milieux has been renamed into the clearer, but less romantic, Social and professional topics.

Here’s an entire section that didn’t exist before:

Ubiquitous and mobile computing
.Ubiquitous and mobile computing theory, concepts and paradigms
..Ubiquitous computing
..Mobile computing
..Ambient intelligence
.Ubiquitous and mobile computing systems and tools
.Ubiquitous and mobile devices
..Smartphones
..Interactive whiteboards
..Mobile phones
..Mobile devices
..Portable media players
..Personal digital assistants
..Handheld game consoles
..E-book readers
..Tablet computers
.Ubiquitous and mobile computing design and evaluation methods
.Empirical studies in ubiquitous and mobile computing

Think of the CCS taxonomy as a giant table of contents or index for our industry. When you look through 2012 CCS, you can see just how big computing is – and how fast it is changing.

Z Trek Copyright (c) Alan Zeichick
,

Building and protecting the Sukkat Shalom, the Shelter of Peace – High Holy Days remarks

My 2012/5773 Rosh Hashanah speech at Peninsula Temple Sholom in Burlingame, Calif.

Hashkiveinu Adonai Elokeinu l’shalom, v’ha-amideynu malkeinu l’chayim, ufros aleinu sukkat sh’lomecha

Grant, Eternal One, that we may lie down in peace and rise up again, O God, to life renewed. Spread over us the shelter of your peace

The Hashkiveinu is one of our most beautiful and important prayers, and one of my favorites.

Ufros aleinu sukkat sh’lomecha

Sukkat Sh’lomecha means a shelter of Your peace, in this case, God’s peace. The phrase Sukkat Sholom means roughly the same thing – a shelter of peace.

Throughout the High Holy Days, we will hear from Rabbi Feder and Rabbi Stern about Sukkat Shalom as a new initiative here at Peninsula Temple Sholom.

A shelter of peace doesn’t simply appear out of nowhere. Prayers alone won’t build it. Love alone won’t put food on the table during our Family Dinners. Kindness alone won’t pay the electricity bill.

Someone has to build the Sukkat Shalom. Someone has to guard it. Protect it. Maintain it. Not just someone. It’s not for someone else to build our Shelter. It’s our job. All of us – our clergy, our Temple staff, our lay leaders and you. We must work together to build and protect our Sukkat Shalom.

Who are the people who build the Sukkat Shalom, the people who guard it and guarantee the shelter of peace? Let’s call them the Heroes of PTS.

Heroes are in my thoughts because my son Michael is my biggest hero. You have seen him playing in the Hava Nashira band and serving as an usher during High Holy Days. You know, the tall, skinny red-headed kid on guitar, or working in the parking lot.

He’s not here this year.

Michael is observing Rosh Hashanah at the Marine Corps Recruit Depot in Camp Pendleton. Right now he is nearly half-way through Boot Camp, on his way to a career as a United States Marine. I miss Michael very much. I am wearing Michael’s Tallit these High Holy Days, and that helps us feel his presence.

Ufros aleinu sukkat sh’lomecha

My son is not the only Hero of PTS. Look around you. We are surrounded by heroes, by people who built our shelter of peace and maintain it.

Of course, much of the work is done by our Rabbis and Cantor, to our senior staff and teachers, from the office team to the custodians. They’re getting the bulk of the work done 24×7.

Think about our beloved Rabbi Raiskin of Blessed Memory, who marched in Selma, Alabama, to support human rights. Rabbi Raiskin may not have thought of himself as a hero, but he was one to me, and to everyone whose life he touched.

In our Reform movement, Rabbis and Cantors don’t sit around studying Talmud and debating Hillel vs. Shammai. They work hard. Oy, do they work hard!

Rabbi Dan Feder and Rabbi Rebekah Stern work seven days a week. They prepare classes. They write sermons. They lead services. They visit the sick. They serve on committees. They provide one-on-one counseling. They perform conversions.

Our Rabbis work in the community. They go to Shiva Minyans. They study. They teach. They listen. They learn. Our Rabbis are always available to you. And they do all this while also being good husbands and wives, strong parents to wonderful children.

Only a selfless hero would choose the life of a congregational rabbi. We love and honor them for their hard work, and for their devotion to spreading a Sukkat Shalom over the North Peninsula.

The same is true of the beloved Cantor Barry Reich. His truck is here every day – and so is his spirit. The ruach, the love, that our cantor has for this congregation and our children overflows.

Our newest hero is our brand-new Executive Director, Sandy Silverstein. He hasn’t even been here three months, and what a difference he has made. Sandy, let me once again welcome you and Meryl to our congregation.

I could go on and on about the amazing Allison Steckley, who directs our preschool, and the tireless Eran Vaisben, who has reinvented our religious school. The office staff, the preschool and religious school teachers, custodians and so many more.

But let me talk about you. You are the real heroes. Our founders. Our past presidents. The members of our Board of Trustees, past and present. The committee chairs. The committee members. The Brotherhood men who set up our golf tournaments and fry latkes. The Sholom Women who staff the gift shop every Sunday and fund scholarships. The many volunteers.

Everyone who comes to services, who brings kids to school, who drops off food for the food bank, sustains our shelter of peace.

Ufros aleinu sukkat sh’lomecha

One of the joys of being president of PTS is getting to talk to many of you one-on-one. Doesn’t matter if you’re a founder of PTS or a new member worshipping with us for the first time today, I want to get to know you.

You want to know my two newest heroes? I won’t name names – but you know who you are:

The man whose work schedule changed and give him more free time. His first thought was to volunteer at the Temple. He contacted Brian Hafter, our immediate past president, and Brian brought him to me. This congregant will help launch a new legacy program to endow our Sukkat Shalom for future generations. You’ll learn more about this in the Fall.

Another is a woman whose love for the congregation inspired her to join our Religious School committee. We met for coffee last week. This member is filled with ideas to engage school-age families with our Temple. She has incredible energy and is jumping in with both feet.

If you have ideas or thoughts about our Temple, talk to me or Sandy or the Rabbis. If you want to have coffee or chat on the phone, let’s make it happen. If you want to volunteer to help build and sustain our Sukkat Shalom, thank you, and bless you.

Ufros aleinu sukkat sh’lomecha

We need your support to build, protect and maintain our Shelter of Peace. This Rosh Hashanah, I am asking you to be a PTS hero in four ways.

First: Say Thank You to our clergy, staff, teachers and lay volunteers. Their work is often unnoticed and thankless. A friendly smile, a warm hug or handshake, and a hearty “well done!” will put new spring into their steps.

Second: Be an ambassador for our congregation. Bring your friends to Shabbat services and to our programs. Help us spread the canopy of peace far and wide through our community.

Third: Participate in our new Sukkat Shalom initiatives. Here are just a few that I’ll mention:

We have two Scholar in Residence Weekends scheduled. There’s Rabbi Lawrence Kushner in November. And then Rabbi Eric Weiss and the clergy of the Bay Area Jewish Healing Center in March. Also, three support groups will be held during the year: a bereavement support group, a care givers support workshop, and a mental health support group.

More programs will be announced soon. Please participate in those that fit your interests.

Fourth: Support the Temple with your generosity. All of us support the Temple with dues, but that doesn’t cover all the costs of operating PTS. To bridge the gap, we rely upon our annual High Holy Day Appeal.

We can handle every challenge if we come together as a community, relying on each other, sharing our strengths, resources and blessings. Your generosity allows our Sukkat Shalom to remain strong and vibrant.

Ufros aleinu sukkat sh’lomecha

Spread over us the shelter of your peace

Thank YOU for being a Hero of PTS and for building our Sukkat Shalom, our sacred shelter of Peace. May the New Year be good and sweet to you, your family, and to our entire PTS community. Shana Tova.

Learn how to cope with Big Data

The tangible benefits of Big Data analytics are well known. You can read about them in the IT press – and also in business journals and the daily newspaper. Many books have been published about the “why” of Big Data. Conferences devoted to exploring the trends are happening everywhere.

But what about the “how” of Big Data – how to store, search, share and analyze those gigantic data sets? That’s not what you hear, and it’s hard to learn. That’s why I’m excited to chair the new Big Data TechCon, coming to Boston Apr. 8-10, 2013.

Big Data TechCon isn’t another “why” conference. It’s the HOW-TO conference for Big Data. Practical workshops. Technical classes. Thorough examinations of the real-world choices in storage, processing, analysis and reporting of Big Data information. Strategies for rolling out Big Data projects in your organization.

Come to Big Data TechCon to learn HOW-TO accommodate the terabytes and petabytes of data from your Web logs, social media interactions, scientific research, transactions, sensors and financial records. Learn how to index, search and summarize the Big Data. Learn how to empower employees, inform managers, reach out to customers.

Big Data TechCon is technology-agnostic. The workshops and classes apply to Big Data in your data center or in the cloud, from hosted environments to your own servers. The sessions apply to relational databases, NoSQL databases, unstructured data, flat files and data feeds.

The faculty have real-world experience that you can tap into, whether you use Java, C++, .NET or JavaScript; whether you like MySQL, SQL Server, DB2 or Oracle; whether you love or hate Hadoop; and whether you are looking at dozens of terabytes or hundreds of petabytes.

Learn from the smartest, hardest-working faculty in the Big Data universe in a way you never could by reading a book or watching a webinar. Mingle with fellow attendees. Talk shop during meals and receptions. Be inspired by keynotes, be informed by general sessions, be impressed by the hottest Big Data tools in the Expo Hall. It’s all waiting for you.

The Call for Speakers is open for Big Data TechCon through Sept. 26. Stay tuned to learn more in the weeks ahead.

Z Trek Copyright (c) Alan Zeichick

Software quality assurance by the numbers

What do enterprise software developers think about software quality within their organizations? We asked SD Times subscribers and the results may surprise you.

The research project was conducted in July 2012 by BZ Research (like SD Times, a division of BZ Media). Here’s what we learned:

Does your organization have separate development and test teams?

Some development and test/QA teams are separate, some are integrated 34.6%
All test and development teams are integrated 30.2%
All development teams and test/QA teams are separate 32.7%
Don’t know 2.4%

The net result was the 64.8% of respondents said that some or all of the test and development teams are integrated.

How many testers or test/QA professionals do you have at your company (or the largest company to whom you consult)?

5,000 or more 2.9%
1,000-4,999 3.9%
500-999 2.5%
100-499 5.9%
50-99 7.8%
20-49 11.3%
10-19 9.3%
5-9 15.2%
4 or fewer 41.2%

We found that 34.3% said that they have more than 20 testers or QA professionals at their company.

What background do your test/QA managers and directors typically have?

Both development and test/QA 53.9%
General IT background 38.2%
Test/QA only 23.5%
Development only 21.6%
General management background 21.1%
No particular background – we train them from scratch 14.7%

Who is responsible for internally-developed application performance testing and monitoring in your company? 

Prior to Deployment

Software/Application Developers 60.8%
Software/Application Development Management 52.8%
Testers 50.3%
Testing Management 48.7%
IT top management (development) (VP or above) 36.7%
Systems administrators 24.1%
Networking personnel 21.5%
Line-of-business management 21.1%
IT top management (non-development) (VP or above) 19.6%
Consultants 19.3%
Networking management 18.6%
Service providers 16.1%

After Deployment

Software/Application Development Management 53.8%
Software/Application Developers 47.7%
Systems administrators 45.4%
Testers 41.5%
Testing Management 38.5%
IT top management (development) (VP or above) 34.6%
Networking personnel 31.5%
IT top management (non-development) (VP or above) 30.8%
Line-of-business management 30.8%
Networking management 27.7%
Service providers 23.8%
Consultants 20.8%

Does your company outsource any of its software quality assurance or testing? 

Yes, all of it 4.4%
Yes, some of it 26.6%
No, none of it 65.0%
Don’t know 3.9%

This tabulated as 31.0% outsource some or all software testing.

Is your company developing and testing apps for mobile devices?

No, not developing/testing for mobile application development 42.1%
Yes, mobile software for iPhone/iPad 36.6%
Yes, mobile software for Android devices 33.2%
Yes, mobile software in HTML5 30.2%
Yes, mobile software for Windows Phone 22.8%
Yes, mobile software for Blackberry devices 16.3%
Don’t know 5.4%
Yes, for other devices 3.5%

This tabulated as 57.9% were developing or testing mobile applications.

At what stage is your company, or companies that you consult, using the cloud for software testing?

We are using the cloud for software testing on a routine basis 7.9%
We are experimenting with using the cloud for software testing 17.3%
We are studying the technology but have not started yet 26.7%
No plans to use the cloud for software testing 39.6%
Don’t know 8.4%

What is the state of software security testing at your company?

Software security is checked by the developers 48.0%
Software security is checked by the test/QA team 35.8%
Software security is checked by the IT/networking department 29.9%
Software security testing is done for Web applications 27.9%
Software security is tested by a separate security team 25.5%
Software security testing is done for public-facing applications 24.5%
Software security testing is done for in-house applications 22.1%
We don’t have a specific security testing process 18.6%
Software security is checked by contractors 12.7%
Software security testing is not our responsibility 3.4%

Those are the results. Do they match what you’ve seen at your company or within the industry?

Z Trek Copyright (c) Alan Zeichick
,

A deep breath before the Yamim Noraim, the Days of Awe

This is one of a series of articles I wrote for the monthly Bulletin of Peninsula Temple Sholom in Burlingame, Calif.

Sermons are being written. Tiles are being laid. Tickets are being sorted. White neckties are being cleaned. Shofarot are being polished. Sermons are being rewritten.

Amidst the myriad preparations for the High Holy Days, everyone at Peninsula Temple Sholom pauses now and again to refresh the spirit. After a few moments of calm, the feverish activity begins anew. Rinse and repeat daily through Erev Rosh Hashanah on Sunday, September 16.

You’d never tell by cruising up Sebastian Drive in mid- August (as I write this) that the Temple clergy and staff face the busiest season of the year. Soon, every square foot of our synagogue will be packed with worshippers.

How is PTS preparing for the Days of Awe? Here are some highlights:

  • Rabbi Dan Feder is spending the last few weeks of his Sabbatical focusing on the High Holy Days. In early August, for example, he attended a rabbinic workshop in Asilomar, focusing on spiritual preparation, study of texts, and sermon preparation.
  • Rabbi Rebekah Stern is working with songleader Ira Levin and Rabbi Dan Medwin of Los Angeles to fine-tune a new style of worship, called Visual T’filah, for our High Holy Day Family Services.
  • Sandy Silverstein, our new Executive Director, is deeply involved in the Visual T’filah project as well. He has installed two very large screens and two video projectors in the Chapel to enhance prayer and assist worshipers in finding deeper meaning during Rosh Hashanah and Yom Kippur.

(The Board of Trustees was blown away by an interactive preview and demonstration of Visual T’filah in its July meeting.) u Rabbi Stern is also creating new age-appropriate services for our Tots ‘n’ Torah families as well as experiences for the K-2 children in the Family Services. And, yes, she’s sermon- writing too.

  • Cantor Barry Reich is preparing powerful, sacred music for the High Holy Days — while still leading B’nai Mitzvah training this summer. You will be spiritually moved and inspired by our chazzan (cantor) at this year’s Rosh Hashanah, Kol Nidre, and Yom Kippur services.
  • Gary Fishtrom, chair of our Facilities Committee, is working with Sandy to oversee maintenance and upgrades all over the PTS campus. For instance, the courtyard is being furbished with new tiles to enhance the area’s beauty, improve drainage, and increase safety when the ground is wet.
  • Sandy and Gary have tweaked the Sanctuary sound system to enhance audio quality, and they are investigating the purchase and installation of an assisted listening system to replace our current one.
  • In the office, Georgina Baca, Administrative Assistant, is creating and mailing forms, preparing tickets for family members and guests, preparing the Memorial Book for the Yizkor service, setting up the High Holy Day Appeal envelopes, making signs and usher badges… and lots more besides.
  • Bev Rochelle, Membership Services Coordinator, is coordinating and scheduling the custodial hours for the holidays, making sure the team is fully briefed on all room setup requirements. Bev is also working with Katie Levine, a past board member, to coordinate the High Holy Day reception, and also jumps in wherever needed.

Did you know that PTS members may worship at any Reform Synagogue affiliated with the Union for Reform Judaism or World Union for Progressive Judaism? Annie O’Keeffe, Clergy Executive Assistant, helps our congregants obtain reciprocal tickets if they are traveling during the High Holy Days. Annie also keeps the clergy’s schedules clear of anything beyond b’nai mitzvah lessons and lifecycle issues to help them focus on the High Holy Days.

  • Mariano Sanchez, Head Custodian, promises that the entire facility will be especially clean for the High Holy Days. Our buildings are cleaned on a daily basis — but this is a more thorough, deeper cleaning for this special occasion. The buildings will sparkle! Mariano also makes sure that the appropriate machzoreem (High Holy Day prayer books) are taken out of storage and properly positioned for each service. Mariano also choreographs the room setups, and coordinates with Bev, Sandy and the clergy to make sure that every table, chair and fixture will be in its proper place.
  • Our Youth Director, Yael Zaken, is helping our teen leaders prepare the Teen Service for Rosh Hashanah and Yom Kippur — Beatles style, she says! Yael is also planning the children and family portion of the Selichot program on Saturday, September 8, and is creating some awesome youth activities that connect our PTS kids to the rituals associated with the High Holy Days, such as Tashlich.

By comparison, my job is easy: The white necktie is clean, and my speech is written. Well, almost written. Deep breath. There’s always time for another draft.