, ,

Spammers really want to give me a BMW, but aren’t sure of the year or model

bmw-530iMrs. Rachael Adams is back, and still wants to give me a fine Bavarian automobile. But is it a 7-series or a 5-series? Is it a 2015 or 2016 model? Doesn’t matter – it’s a scam. Just like the one a few weeks ago, also from Mrs. Adams, but at least that one was clearer about the vehicle. Hey, it’s the same reg code pin as last time, too. See “A free BMW 7-Series car – and a check for $1.5 million!

All these “you are a winner” lottery emails are scams. Don’t reply to them, simply delete them.

From: Mrs. Rachael Adams

Subject: BMW LOTTERY PROMOTIONS.

BMW LOTTERY DEPARTMENT
5070 WILSHIRE BLVD
LOS ANGELES. CA 90036
UNITED STATES OF AMERICA.

NOTE: If you received this message in your SPAM/BULK folder, that is because of the restrictions implemented by your Internet Service Provider, we (BMW) urge you to treat it genuinely.

Dear Winner,

This is to inform you that you have been selected for a prize of a brand new 2015/2016 Model BMW 7 Series Car and a Check of $1,500,000.00 USD from the international balloting programs held on the 2nd section in the UNITED STATE OF AMERICA.

Description of prize vehicle;

Model: 530iA Color (exterior): Metallic Silver Mileage: 5 Transmission: Automatic 6 Speed

Options: Cold weather package, premium package, fold down rear seats w/ski bag, am fm stereo with single in dash compact disc player.

The selection process was carried out through random selection in our computerized email selection system (ESS) from a database of over 250,000 email addresses drawn from all the continents of the world which you were selected.

The BMW Lottery is approved by the British Gaming Board and also Licensed by the International Association of Gaming Regulators (IAGR). To begin the processing of your prize you are to contact our fiduciary claims department for more information as regards procedures to the claim of your prize.

Name: Mr. David Mark
Email: [redacted]
Direct 24hours Security Line: [redacted] (Text Message Only)

Contact him by providing him with your Reg. pin code Number

255125HGDY03/23.

You are also advised to provide him with the under listed information as soon as possible:

  1. Name In Full :
  2. Residential Address :
  3. Nationality :
  4. Age :
  5. Sex
  6. Occupation :
  7. Direct Phone :
  8. Present Country :
  9. Email address :
  10. Reg pin code Number: 255125HGDY03/23

Please you are to provide him with the above listed details as soon as possible so he can begin with the processing of your prize winnings.

Congratulations from all our staffs and thank you for being part of our promotional program.

Mrs. Rachael Adams.

FROM THE DESK OF RACHAEL ADAMS,
THE DIRECTOR PROMOTIONS
BMW LOTTERY DEPARTMENT
UNITED STATES OF AMERICA

,

Though this Medium: using of Internet has been greatly Abused, says scammer

ghanaSpam scam: Who needs stand-up comedians when laughs appears in my inbox each and every day? This is one of the most amusing in a while, mainly because I can’t parse most of it.

Don’t reply to messages like this. Delete them right away.

From: Mr. Henry Addo

Subject: I NEED YOUR URGENT RESPONSE

My Good Friend,

Mr. name is My Henry Addo, the AM I ares ares Newly Promoted Branch Manager of Bank here in Ghana, West Africa, not quite I and Feel Safe discussing this with you through this Internet Business method, why is The Very Important Important Because this Transaction and the Business Must Confidential treated be. Though this Medium: using of Internet has been greatly Abused, I Still the Choose to you through the REACH IT Because IT Still Remains The Fastest Medium of Communication, during the Information I obtained the Your My search through The Internet.

May the Interest to you that I Hear IT the AM ares man of PEACE and do not Want the Problems, I Hope we only Each Call Assist for the CAN OTHER. The If you do not Want this Offer Kindly forget the Business IT, the AS the Contact you I will not again.

I have packaged a financial transaction that will benefit both of us, as the Branch Manager of the Bank, it is my duty to send in a Financial Report to my head office in the capital city Accra at the end of each year.

In the course of the last year 2015 end of the year report, I discovered that my branch in which I am the Manager made excess profit of Seven Million five Hundred Thousand Dollars [US $ 7,500,000.00] which my head office are not aware of and will be aware of Never Registered. I have Placed Since this Fund in ares SUNDRY ACCOUNT.

As an officer of the bank I can not be directly linked to this money, so this informed my contacting you for us to work together so that you can assist me and receive this fund into your bank account in your country for us to SHARE.

I am offering you 40% of the total fund, while you keep 60% for me in your bank account till I join you in your country for the sharing / investment of my own share of the funds or better still we can go into a joint partnership venture, I will appreciate it very much.

The Request for Your Honesty and Optimum immensely I Cooperation and Let Me Know Your Mind on this, the AS and the Please do treat this the Information Top Secret the AS the CAN I not afford to My Ñlose the Job with The Bank. We Shall Go over a once The details I The Receive your urgent response.

Thanks for your understanding, i will be waiting for your response

Sincerely,

Mr. Henry Addo.

, , ,

With Big Data, Facebook knows you by the company you keep

liberalAs Aesop wrote in his short fable, “The Donkey and His Purchaser,” you can quite accurately judge people by the company they keep.

I am “very liberal,” believes Facebook. If you know me, you are probably not surprised by that. However, I was: I usually think of myself as a small-l libertarian who caucuses with the Democrats on social issues. But Facebook, by looking at what I write, who I follow, and which pages I like, probably has a more accurate assessment.

The spark for this particular revelation is “Liberal, Moderate or Conservative? See How Facebook Labels You.” The article, by Jeremy Merrill, in today’s New York Times, explains how to see how Facebook categorizes you (presumably this is most appropriate for U.S. residents):

Try this (it works best on your desktop computer):

Go to facebook.com/ads/preferences on your browser. (You may have to log in to Facebook first.)

That will bring you to a page featuring your ad preferences. Under the “Interests” header, click the “Lifestyle and Culture” tab.

Then look for a box titled “US Politics.” In parentheses, it will describe how Facebook has categorized you, such as liberal, moderate or conservative.

(If the “US Politics” box does not show up, click the “See more” button under the grid of boxes.)

Part of the power of Big Data is that it can draw correlations based on vague inferences. So, yes, if you like Donald Trump’s page, but don’t like Hillary Clinton’s, you are probably conservative. What if you don’t follow either candidate? Jeremy writes,

Even if you do not like any candidates’ pages, if most of the people who like the same pages that you do — such as Ben and Jerry’s ice cream — identify as liberal, then Facebook might classify you as one, too.

This is about more than Facebook or political preferences. It’s how Big Data works in lots of instances where there is not only information about a particular person’s preference and actions, but a web of connections to other people and their preferences and actions. It’s certainly true about any social network where it’s easy to determine who you follow, and who follows you.

If most of your friends are Jewish, or Atheist, or Catholic, or Hindu, perhaps you are too, or have interests similar to theirs. If most of your friends are African-American or Italian-American, or simply Italian, perhaps you are too, or have interests similar to theirs. If many of your friends are seriously into car racing, book clubs, gardening, Game of Thrones, cruise ship vacations, or Elvis Presley, perhaps you are too.

Here is that Aesop fable, by the way:

The Donkey and his Purchaser

A man who wanted to buy a donkey went to market, and, coming across a likely-looking beast, arranged with the owner that he should be allowed to take him home on trial to see what he was like.

When he reached home, he put him into his stable along with the other donkeys. The newcomer took a look round, and immediately went and chose a place next to the laziest and greediest beast in the stable. When the master saw this he put a halter on him at once, and led him off and handed him over to his owner again.

The latter was a good deal surprised to seem him back so soon, and said, “Why, do you mean to say you have tested him already?”

“I don’t want to put him through any more tests,” replied the other. “I could see what sort of beast he is from the companion he chose for himself.”

Moral: “A man is known by the company he keeps.”

,

When meeting to exchange goods bought online, be safe and careful

muggingNothing is scarier than getting together with a buyer (or a seller) to exchange dollars for a product advertised on Craig’s List, eBay or another online service… and then be mugged or robbed. There are certainly plenty of news stories on this subject, but the danger continues. Here are some recent reports:

Don’t be a victim! The Phoenix Police Department has released an advisory. It’s good advice. Follow it.

Phoenix Police Media Advisory:

Internet Exchange Related Crimes

The Phoenix Police Department has recently experienced reported crimes specific to the usage of internet exchange sites that allow sellers to advertise items for sale and then interact with buyers. Subsequent to the online interaction, the two parties usually meet and exchange money for goods in a private party transaction at an agreed-upon location. However, due to circumstances surrounding the nature of these interactions, many criminals are using them for their own purposes

 Specifically, the Phoenix Police Department has seen an increase in robberies of one of the involved parties by the other party during these exchanges. However, crimes as serious as homicide and kidnapping have been linked to these transactions. Although no strategy is 100% effective when trying to be safe, there are a number of steps one can take to ensure the transaction is done under the safest possible circumstances. The department is urging those involved in these private, internet-based sales transactions to consider the following while finalizing the deal and making safety their primary consideration:

  • If the deal seems too good to be true, it probably is.
  • The location of the exchange should be somewhere in public that has many people around like a mall, a well-traveled parking lot, or a public area. Do not agree to meet at someone’s house, a secluded place, a vacant house, or the like.
  • Try to schedule the transaction while it is still daylight, or at least in a place that is very well lit.
  • Ask why the person is selling the item and what type of payment they will accept. Be wary of agreeing to a cash payment and then travelling to the deal with a large sum of cash.
  • Bring a friend with you to the meet and let someone who isn’t going with you know where you are going and when you can be expected back.
  • Know the fair market value of the item you are purchasing.
  •  Trust your instinct! If something seems suspicious, or you get a bad feeling, pass on the deal!

Other good advice that I’ve seen:

  • Never agree to meet in a second place, when you show up at the agreed-upon place and receive a text message redirecting you somewhere else.
  • Never give the other party your home address. If you must do so (because they are picking up a large item from your house), bring the item outside; don’t let them into your house. Inform your neighbors what’s going on.
  • Call your local police department and ask if they can recommend an Internet Purchase Exchange Location, also known as a Safe Exchange Zone.

Be careful out there, my friends.

, , ,

Securely disposing of computers with spinning or solid state drives

big-shredderCan someone steal the data off your old computer? The short answer is yes. A determined criminal can grab the bits, including documents, images, spreadsheets, and even passwords.

If you donate, sell or recycle a computer, whoever gets hold of it can recover the information in its hard drive or solid-state storage (SSD). The platform doesn’t matter: Whether its Windows or Linux or Mac OS, you can’t 100% eliminate sensitive data by, say, eliminating user accounts or erasing files!

You can make the job harder by using the computer’s disk utilities to format the hard drive. Be aware, however, that formatting will thwart a casual thief, but not a determined hacker.

The only truly safe way to destroy the data is to physically destroy the storage media. For years, businesses have physically removed and destroyed the hard drives in desktops, servers and laptops. It used to be easy to remove the hard drive: take out a couple of screws, pop open a cover, unplug a cable, and lift the drive right out.

Once the hard drive is identified and removed, you can smash it with a hammer, drill holes in it, even take it apart (which is fun, albeit time-consuming). Some businesses will put the hard drive into an industrial shredder, which is a scaled-up version of an office paper shredder. Some also use magnetism to attempt to destroy the data. Not sure how effective that is, however, and magnets won’t work at all on SSDs.

It’s much harder to remove the storage from today’s ultra-thin, tightly sealed notebooks, such as a Microsoft Surface or Apple MacBook Air, or even from tablets. What if you want to destroy the storage in order to prevent hackers from gaining access? It’s a real challenge.

If you have access to an industrial shredder, an option is to shred the entire computer. It seems wasteful, and I can imagine that it’s not good to shred lithium-ion batteries – many of which are not easily removable, again, as in the Microsoft Surface or Apple MacBook Air. You don’t want those chemicals lying around. Still, that works, and works well.

Note that an industrial shredder is kinda big and expensive – you can see some from SSL World. However, if you live in any sort of medium-sized or larger urban area, you can probably find a shredding service that will destroy the computer right in front of you. I’ve found one such service here in Phoenix, Assured Document Destruction Inc., that claims to be compliant with industry regulations for privacy, such as HIPAA and Sarbanes-Oxley.

Don’t want to shred the whole computer? Let’s say the computer uses a standard hard drive, usually in a 3.5-inch form factor (desktops and servers) or 2.5-inch form factor (notebooks). If you have a set of small screwdrivers, you should be able to dismantle the computer, remove the storage device, and kill it – such as by smashing it with a maul, drilling holes in it, or taking it completely apart. Note that driving over it in your car, while satisfying, may not cause significant damage.

What about solid state storage? The same actually applies with SSDs, but it’s a bit trickier. Sometimes the drive still looks like a standard 2.5-inch hard drive. But sometimes the “solid state drive” is merely a few exposed chips on the motherboard or a smaller circuit board. You’ve got to smash that sucker. Remove it from the computer. Hulk Smash! Break up the circuit board, pulverize the chips. Only then will it be dead dead dead. (Though one could argue that government agencies like the NSA could still put Humpty Dumpty back together again.)

In short: Even if the computer itself seems totally worthless, its storage can be removed, connected to a working computer, and accessed by a skilled techie. If you want to ensure that your data remains private, you must destroy it.

, ,

Keep your business secrets safe with web filtering

Web filtering. The phrase connotes keeping employees from spending too much time monitoring Beanie Baby auctions on eBay, and stopping school children from encountering (accidentally or deliberately) naughty images on the internet. Were it that simple — but nowadays, web filtering goes far beyond monitoring staff productivity and maintaining the innocence of childhood. For nearly every organization today, web filtering should be considered an absolute necessity. Small business, K-12 school district, Fortune 500, non-profit or government… it doesn’t matter. The unfiltered internet is not your friend, and legally, it’s a liability; a lawsuit waiting to happen.

Web filtering means blocking internet applications – including browsers – from contacting or retrieving content from websites that violate an Acceptable Use Policy (AUP). The policy might set rules blocking some specific websites (like a competitor’s website). It might block some types of content (like pornography), or detected malware, or even access to external email systems via browser or dedicated clients. In some cases, the AUP might include what we might call government-mandated restrictions (like certain websites in hostile countries, or specific news sources).

Unacceptable use in the AUP

The specifics of the AUP might be up to the organization to define entirely on its own; that would be the case for a small business, perhaps. Government organizations, such as schools or military contractors, might have specific AUP requirements placed on them by funders or government regulators, thereby becoming a compliance/governance issue as well. And of course, legal counsel should be sought when creating policies that balance an employee’s ability to access content of his/her choice, against the company’s obligations to protect the employee (or the company) from unwanted content.

It sounds easy – the organization sets an AUP, consulting legal, IT and the executive suite. The IT department implements the AUP through web filtering, perhaps with software installed and configured on devices; perhaps through firewall settings at the network level; and perhaps through filters managed by the internet service provider. It’s not simple, however. The internet is constantly changing, employees are adept at finding ways around web filters; and besides, it’s tricky to translate policies written in English (as in the legal policy document) into technological actions. We’ll get into that a bit more shortly. First, let’s look more closely at why organizations need those Acceptable Use Policies, and what should be in them.

  • Improving employee productivity. This is the low-hanging fruit. You may not want employees spending too much time on Facebook on their company computers. (Of course, if they are permitted to bring mobile devices into the office, they can still access social media via cellular). That’s a policy consideration, though the jury is out if a blank blockage is the best way to improve productivity.
  • Preserving bandwidth. For technical reasons, you may not want employees streaming Netflix movies or Hulu-hosted classic TV shows across the business network. Seinfeld is fun, but not on company bandwidth. As with social media, this is truly up to the organization to decide.
  • Blocking email access. Many organizations do not want their employees accessing external email services from the business computers. That’s not only for productivity purposes, but also makes it difficult to engage in unapproved communications – such as emailing confidential documents to yourself. Merely configuring your corporate email server to block the exfiltration of intellectual property is not enough if users can access personal gmail.com or hushmail.com accounts. Blocking external email requires filtering multiple protocols as well as specific email hosts, and may be required to protect not only your IP, but also customers’ data, in addition to complying with regulations from organizations like the U.S. Securities and Exchange Commission.
  • Blocking access to pornography and NSFW content. It’s not that you are being a stick-in-the-mud prude, or protecting children. The initial NSFW (not safe for work) are often said as a joke, but in reality, some content can be construed as contributing to an hostile work environment. Just like the need to maintain a physically safe work environment – no blocked fire exits, for example – so too must you maintain a safe internet environment. If users can be unwillingly subjected to offensive content by other employees, there may be significant legal, financial and even public-relations consequences if it’s seen as harassment.
  • Blocking access to malware. A senior manager receives a spear-phishing email that looks legit. He clicks the link and, wham; ransomware is on his computer. Or spyware, like a keylogger. Or perhaps a back-door that allows other access by hackers. You can train employees over and over, and they will still click on unsafe email links or on web pages. Anti-malware software on the computer can help, but web filtering is part of a layered approach to anti-malware protection. This applies to trackers as well: As part of the AUP, the web filters may be configured to block ad networks, behavior trackers and other web services that attempt to glean information about your company and its workers.
  • Blocking access to specific internet applications. Whether you consider it Shadow IT or simply an individual’s personal preference, it’s up to an AUP to decide which online services should be accessible; either through an installed application or via a web interface. Think about online storage repositories such as Microsoft OneDrive, Google Drive, Dropbox or Box: Personal accounts can be high-bandwidth conduits for exfiltration of vast quantities of valuable IP. Web filtering can help manage the situation.
  • Compliance with government regulations. Whether it’s a military base commander making a ruling, or a government restricting access to news sites out-of-favor with the current regime; those are rules that often must be followed without question. It’s not my purpose here to discuss whether this is “censorship,” though in some cases it certainly is. However, the laws of the United States do not apply outside the United States, and blocking some internet sites or types of web content may be part of the requirements for doing business in some countries or with some governments. What’s important here is to ensure that you have effective controls and technology in place to implement the AUP – but don’t go broadly beyond it.
  • Compliance with industry requirements. Let’s use the example of the requirements that schools or public libraries must protect students (and the general public) from content deemed to be unacceptable in that environment. After all, just because a patron is an adult doesn’t mean he/she is allowed to watch pornography on one of the library’s publicly accessible computers, or even on his/her computer on the library’s Wi-Fi network.

What about children?

A key ingredient in creating an AUP for schools and libraries in the United States is the Children’s Internet Protection Act (CIPA). In order to receive government subsidies or discounts, schools and libraries must comply with these regulations. (Other countries may have an equivalent to these policies.)

Learn more about how the CIPA should drive the AUP for any organization where minors can be found, and how best to implement an AUP for secure protection. That’s all covered in my article for Upgrade Magazine, “Web filtering for business: Keep your secrets safe, and keep your employees happy.”

Beetle Bars and Cricket Cookies: The Global Market for Edible Insects

edible-insects-marketAs a technology analyst, I read a lot of market reports. Most are not as crunchy (and unpalatable) as  the Global Market Study on Edible Insects, by Persistence Market Research.

Some takeaways from the report’s summary:

In terms of value, the global edible insects market is anticipated to expand at a CAGR of 6.1% during the forecast period and is expected to account for US$ 722.9 million by 2024 end. Orthoptera (cricket, grasshopper, and locusts) segment is projected to register a CAGR of 8.1% over the forecast period, driven by rising demand for cricket granola bars, cricket crackers, cricket cookies, and cricket chocolates. Of the various edible insect type products, the beetle’s segment is estimated to account for approximately 30.8% share of the global market share in 2016, and caterpillars segment is estimated to account for 17.9% share.

Also:

Demand for edible insects in countries in Europe is on the rise, primarily owing to factors such as low risk of disease – as transmission of zoonotic diseases (diseases transmitted from animals to humans) such as H1N1 (bird flu) and BSE (mad cow disease) is low with regard to insects – and higher protein and nutrients and micronutrients such as copper, iron, magnesium, manganese, phosphorus, selenium and zinc, and fatty acids in comparison to meat and fish products. Insects are particularly important as a food supplement for undernourished children owing to easier digestibility.

Yeah, I guess it makes sense…. but still. More info:

On the basis of insect type, the global edible insect market is segmented into beetles, caterpillars, hymenoptera (wasps, bees, and ants), orthoptera (cricket, grasshopper, and locusts), true bugs, and others (termites, dragonflies, flies, and etc.) segments.

The most commonly and commercially consumed product type of edible insect is as a whole. The as a whole segment accounted for 65.3% share of the global market in 2015. Insects are majorly consumed as a whole, which is usually raw. As an ingredient, edible insects are consumed majorly as snacks and baked products. A major trend in the global edible insects market is increasing applications of edible insects in protein bars and shakes, increasing the availability of flavored food products using edible insect proteins, availability of mixed insect pack and usage as a coloring agent in food products.

Why insects?

Insect rearing involves low capital investment as compared to that needed for another conventional livestock rearing such as cattle, swine, and chicken. Substantial increase in global population and decreasing resources are other factors expected to drive demand for alternative food sources. According to United Nations, global population in 2050 is expected to reach 9 billion, significantly outgrowing existing food resources. Insects contain high protein and amino acids and can be a sustainable food source in future.

The report costs $4,900. Zesty!

,

People or programs: What’s the best for your synagogue?

This essay was originally published on the Reform Judaism blog on July 27, 2016.

What is the most important part of your house of worship? Is it the spiritual well-being of the community or good attendance at adult classes and innovative programming events?

That question is at the core – at the essence – of every progressive synagogue (and every church, mosque, and other house of faith). It’s not reflected in congregations’ mission statements, value statements, or statements of purpose, and frankly, I doubt that many synagogue leaders know the answer as it applies to their own institutions. And, among those who think they do, at least half of them get it wrong.

After many years as a consultant in the synagogue world, I’ve come to believe that most clergy, as well as professional and lay leaders are incredibly visionary, amazingly hard-working, and shockingly myopic. They believe their congregation is warm and welcoming, even as many newcomers and longtime congregants are frozen out of the “important” cliques. Leaders are convinced that worship services are innovative and uplifting, while the Jews in the pews murmur that services are old and tired. And, although leaders may believe that the biggest reason members leave congregations is because of an outdated dues model, in reality it’s because in their rush to implement innovative programs, clergy have forgotten to minister to their flock.

Let’s look at two examples.

  1. One mid-sized synagogue I consult with is fixated on programs. Programs for teens! Programs for seniors! Lots of classes! Experiential Shabbat! Social justice programs! Scholars-in-residence! Multi-faith initiatives! Everything from yoga to drumming to Mussar. Seemingly every temple communication aims to drive sign-ups for “fun-filled” programs for all ages and every interest.

    The staff and clergy in this community are eternally focused on finding out about new programs, and then bringing them to the synagogue. As a result, they’re involved in lots of conversations in The Tent, discussions at the Scheidt Seminar, and workshops at Biennial. What’s missing, though, is introspection – a look at what works and what doesn’t, including an examination of which members are engaged, and which aren’t, and whether the focus should be on programs at all, instead of on congregants.

    In fact, neither the clergy nor the caring community members are focused on outreach to congregants. Rather, the implicit focus is on the synagogue. Of course, if members are in crisis and call the temple or request pastoral care, they receive sincere love and lots of attention. However, beyond an inner circle of regular participants, the clergy and leaders don’t know most members of the congregation, and making the first move is up to congregants.

  1. Another mid-sized congregation in a different part of the country also hosts programs – classes, scholar-in-residence events, a well-attended summer camp – and experiments with different worship models. Most inspiring, however, is its leaders’ intensive focus on frequent and direct engagement with each and every congregant, which means regular phone calls, invitations for coffee or meals, and deep conversations whenever a lifecycle event occurs. This congregation focuses on individual congregants and wants to be an integral part of their lives. As a result, every congregant has opportunities to spend quality time with the clergy each year, either one-on-one or in small group settings.

    One reason such engagement is possible is because the clergy and staff are active on social media and it’s part of the synagogue’s culture for clergy to reach out immediately to congregants who are in distress or celebrating a simcha (joyous occasion). Making these connections is powerful, as I learned from a long-retired rabbi, who told me that one of the most important and enjoyable parts of his job was calling every congregant on his or her birthday.

In a choice between people and programs, I’ll always vote for people. Of course, it’s important that a synagogue be a beit midrash (house of study), a beit t’filah (house of worship) and a beit k’neset (house of assembly). However, its responsibility as a beit g’milut chasadim (house of loving kindness) should be first and foremost, and the true Torah of our Reform congregations.

Indeed, nothing is more central to the cause of Judaism than synagogues that look beyond programs and consider as their core mission the need to engage and take care of every congregant – in good times, bad times, and every time in-between.

IOC Approves Amateur Radio for Tokyo 2020 Olympic Games

tokyo_2020_olympics_logo_detailCQ CQ CQ de IOC: The Organising Committee for the Tokyo 2020 Games have approved new competitions to celebrate Amateur Radio.

Tokyo 2020 President Yoshiro Mori said, “The inclusion of Amateur Radio will afford athletes the chance of a lifetime to realise their dreams of competing in the Olympic Games – the world’s greatest sporting stage – and inspire them to achieve their best, both in sport and in life.”

Throughout the history of amateur radio, amateur radio enthusiasts have made significant contributions to science, engineering, industry, and social services. Research by amateur radio operators has founded new industries, built economies, empowered nations, and saved lives in times of emergency.

Amateur radio is a hobby and, by law, completely non-commercial. Individual amateur “ham” radio operators pursue the avocation for personal pleasure through building their own radio stations and communicating with their fellows globally, and for self-improvement via study and practice of electronics, computers, and radio and TV wave behaviour.

Radio amateurs are, thus, “amateurs” in the true sense of the word: pursuit of an activity only for the love of it. Radio amateurs can not broadcast or transmit music and other general public entertainment programming. The amateur radio use of the air waves is for personal satisfaction and for forwarding the “state of the art” of electronics and communication techniques. Amateur radio operations can be detected in designated bands throughout the radio spectrum, using a variety of modulation methods including Morse code, voice and digital modes, and image modes such as television and facsimile.

The Amateur Radio competitions were inspired by the World Radiosport Team Championships (WRTC). WRTC2014, in Massachusetts, U.S.A., included 59 competing teams from 38 countries.

Described as the “ultimate International Field Day” by radio enthusiasts, new for the Tokyo 2020 Games are the following competitions within the Amateur Radio category in response to the new flexibility provided by Olympic Agenda 2020:

  • Men’s 20-, 40-, 80-and 160-Meter Antenna Tuning
  • Women’s 40-, 80-and 160-Meter Antenna Tuning
  • Men’s Synchronized 10-Meter Tower Dive
  • Men’s Freestyle Speed Keying
  • Women’s Freestyle Speed Keying
  • Women’s Uneven (Upper and Lower Sideband) Bars
  • Women’s 10-Meter Dash-and-Dot
  • Men’s 15-Meter Greco-Roman CW Sprint
  • Men’s Synchronized PSK31 (Phase Shift Keying, 31 Baud)
  • Women’s 15-Meter SSTV (Slow Scan Television)
  • Mixed Doubles Earth-Moon-Earth (Moon Bounce)
  • 10GHz-and-Up Team Dressage
  • Men’s 6-Meter J-Pole Vault
  • Women’s All-Around RTTY Roundup
  • Women’s UHF/VHF/HF Triathlon
  • Men’s UHF/VHF/HF Triathlon

IOC spokesman Sam Morse said, “The sky is the limit when it comes to Amateur Radio at the Olympic. Actually, with the Moon Bounce competition, even the heavens no longer hold our talented amateurs back. Tokyo 2020’s balanced proposal fulfils all of the goals of the Olympic Agenda 2020 recommendation that allowed it. These new competitions will add to the legacy of the Tokyo Games.”

Morse continued, “The inclusion of the package of new sports will afford young athletes the chance of a lifetime to realise their dreams of competing in the Olympic Games – the world’s greatest sporting stage – and inspire them to achieve their best, both in sport and in life. We thank the amateurs who shall soon begin qualifying for the Tokyo games by wishing them the IOC’s ’73.’ ”

###

The International Olympic Committee is a not-for-profit independent international organisation made up of volunteers, which is committed to building a better world through sport. It redistributes more than 90 per cent of its income to the wider sporting movement, which means that every day the equivalent of USD 3.25 million goes to help athletes and sports organisations at all levels around the world.

, ,

Oracle’s reputation as community steward of Java EE is mixed

gaurdian_duke-1What’s it going to mean for Java? When Oracle purchased Sun Microsystems that was one of the biggest questions on the minds of many software developers, and indeed, the entire industry. In an April 2009 blog post, “Oracle, Sun, Winners, Losers,” written when the deal was announced (it closed in January 2010), I predicted,

Winner: Java. Java is very important to Sun. Expect a lot of investment — in the areas that are important to Oracle.

Loser: The Java Community Process. Oracle is not known for openness. Oracle is not known for embracing competitors, or for collaborating with them to create markets. Instead, Oracle is known to play hardball to dominate its markets.

Looks like I called that one correctly. While Oracle continues to invest in Java, it’s not big on true engagement with the community (aka, the Java Community Process). In a story in SD Times, “Java EE awaits its future,” published July 20, 2016, Alex Handy writes about what to expect at the forthcoming JavaOne conference, including about Java EE:

When Oracle purchased Sun Microsystems in 2010, the immediate worry in the marketplace was that the company would become a bad actor around Java. Six years later, it would seem that these fears have come true—at least in part. The biggest new platform for Java, Android, remains embroiled in ugly litigation between Google and Oracle.

Despite outward appearances of a danger for mainstream Java, however, it’s undeniable that the OpenJDK has continued along apace, almost at the same rate of change IT experienced at Sun. When Sun open-sourced the OpenJDK under the GPL before it was acquired by Oracle, it was, in a sense, ensuring that no single entity could control Java entirely, as with Linux.

Java EE, however, has lagged behind in its attention from Oracle. Java EE 7 arrived two years ago, and it’s already out of step with the new APIs introduced in OpenJDK 8. The executive committee at the Java Community Process is ready to move the enterprise platform along its road map. Yet something has stopped Java EE dead in its tracks at Oracle. JSR 366 laid out the foundations for this next revision of the platform in the fall of 2015. One would never know that, however, by looking at the Expert Committee mailing lists at the JCP: Those have been completely silent since 2014.

Alex continues,

One person who’s worried that JavaOne won’t reveal any amazing new developments in Java EE is Reza Rahman. He’s a former Java EE evangelist at Oracle, and is now one of the founders of the Java EE Guardians, a group dedicated to goading Oracle into action, or going around them entirely.

“Our principal goal is to move Java EE forward using community involvement. Our biggest concern now is if Oracle is even committed to delivering Java EE. There are various ways of solving it, but the best is for Oracle to commit to and deliver Java EE 8,” said Rahman.

His concerns come from the fact that the Java EE 8 specification has been, essentially, stalled by lack of action on Oracle’s part. The specification leads for the project are stuck in a sort of limbo, with their last chunk of work completed in December, followed by no indication of movement inside Oracle.

Alex quotes an executive at Red Hat, Craig Muzilla, who seems justifiably pessimistic:

The only thing standing in the way of evolving Java EE right now, said Muzilla, is Oracle. “Basically, what Oracle does is they hold the keys to the [Test Compatibility Kit] for certifying in EE, but in terms of creating other ways of using Java, other runtime environments, they don’t have anything other than their name on the language,” he said.

Java is still going strong. Oracle’s commitment to the community and the process – not so much. This is one “told you so” that I’m not proud of, not one bit.

, ,

Pick up… or click on… the latest issue of Java Magazine

javamagThe newest issue of the second-best software development publication is out – and it’s a doozy. You’ll definitely want to read the July/August 2016 issue of Java Magazine.

(The #1 publication in this space is my own Software Development Times. Yeah, SD Times rules.)

Here is how Andrew Binstock, editor-in-chief of Java Magazine, describes the latest issue:

…in which we look at enterprise Java – not so much at Java EE as a platform, but at individual services that can be useful as part of a larger solution, For example, we examine JSON-P, the two core Java libraries for parsing JSON data; JavaMail, the standalone library for sending and receiving email messages; and JASPIC , which is a custom way to handle security, often used with containers. For Java EE fans, one of the leaders of the JSF team discusses in considerable detail the changes being delivered in the upcoming JSF 2.3 release.

We also show off JShell from Java 9, which is an interactive shell (or REPL) useful for testing Java code snippets. It will surely become one of the most used features of the new language release, especially for testing code interactively without having to set up and run an entire project.

And we continue our series on JVM languages with JRuby, the JVM implementation of the Ruby scripting language. The article’s author, Charlie Nutter, who implemented most of the language, discusses not only the benefits of JRuby but how it became one of the fastest implementations of Ruby.

For new to intermediate programmers, we deliver more of our in-depth tutorials. Michael Kölling concludes his two-part series on generics by explaining the use of and logic behind wildcards in generics. And a book excerpt on NIO.2 illustrates advanced uses of files, paths, and directories, including an example that demonstrates how to monitor a directory for changes to its files.

In addition, we have our usual code quiz with its customary detailed solutions, a book review of a new text on writing maintainable code, an editorial about some of the challenges of writing code using only small classes, and the overview of a Java Enhancement Proposal (JEP) for Java linker. A linker in Java? Have a look.

The story I particularly recommend is “Using the Java APIs for JSON processing.” David Delabasseé covers the Java API for JavaScript Object Notation Processing (JSR-353) and its two parts, one of which is high-level object modal API, and the other a lower-level streaming API.

It’s a solid issue. Read it – and subscribe, it’s free!

, ,

5 things you should know about email unsubscribe links

sophos-naked-securityHere’s a popular article that I wrote on email security for Sophos’ “Naked Security” blog.

5 things you should know about email unsubscribe links before you click” starts with:

We all get emails we don’t want, and cleaning them up can be as easy as clicking ‘unsubscribe’ at the bottom of the email. However, some of those handy little links can cause more trouble than they solve. You may end up giving the sender a lot of information about you, or even an opportunity to infect you with malware.

Read the whole article here.

, , , ,

Driving risks out of embedded automotive software

can-busWhen it comes to cars, safety means more than strong brakes, good tires, a safety cage, and lots of airbags. It also means software that won’t betray you; software that doesn’t pose a risk to life and property; software that’s working for you, not for a hacker.

Please join me for this upcoming webinar, where I am presenting along with Arthur Hicken, the Code Curmudgeon and technology evangelist for Parasoft. It’s on Thursday, August 18. Arthur and I have been plotting and scheming, and there will be some excellent information presented. Don’t miss it! Click here to register.

Driving Risks out of Embedded Automotive Software

Automobiles are becoming the ultimate mobile computer. Popular models have as many as 100 Electronic Control Units (ECUs), while high-end models push 200 ECUs. Those processors run hundreds of millions of lines of code written by the OEMs’ teams and external contractors—often for black-box assemblies. Modern cars also have increasingly sophisticated high-bandwidth internal networks and unprecedented external connectivity. Considering that no code is 100% error-free, these factors point to an unprecedented need to manage the risks of failure—including protecting life and property, avoiding costly recalls, and reducing the risk of ruinous lawsuits.

This one-hour practical webinar will review the business risks of defective embedded software in today’s connected cars. Led by Arthur Hicken, Parasoft’s automotive technology expert and evangelist, and Alan Zeichick, an independent technology analyst and founding editor of Software Development Times, the webinar will also cover five practical techniques for driving the risks out of embedded automotive software, including:

• Policy enforcement
• Reducing defects during coding
• Effective techniques for acceptance testing
• Using metrics analytics to measure risk
• Converting SDLC analytics into specific tasks to focus on the riskiest software

You can apply the proven techniques you’ll learn to code written and tested by your teams, as well as code supplied by your vendors and contractors.

, , ,

Popular news websites can be malware delivery systems

jason-steerNews websites are an irresistible target for hackers because they are so popular. Why? because they are trusted brands, and because — by their very nature — they contain many external links and use lots of outside content providers and analytics/tracking services. It doesn’t take much to corrupt one of those websites, or one of the myriad partners sites they rely upon, like ad networks, content feeds or behavioral trackers.

Potentially, malware injected on any well-trafficked news website, could infect tremendous numbers of people with ransomware, keyloggers, zombie code, or worse. Alarmist? Perhaps, but with good reason. News websites, which can include both traditional media (like the Chicago Tribune and the BBC), or new-media platforms (such as BuzzFeed or Business Insider) attract a tremendous number of visitors, especially when there is a breaking news story of tremendous interest, like a natural disaster, political event or celebrity shenanigans.

Publishing companies are not technology companies. They are content providers who do their honest best to offer a secure experience, but can’t be responsible for external links. In fact, many say so right in their terms of use statements or privacy policies. What they can be responsible for are the third-party networks that provide content or services to their platforms, but in reality, the search for profits and/or a competitive advantage outweighs any other considerations. And of course, their platforms can be hacked as well.

According to a story in the BBC, news sites in Russia, including the Moscow Echo Radio Station, opposition newspaper New Times, and the Kommersant business newspaper were hacked back in March 2012. In November 2014, the Syrian Electronic Army claimed to have hacked news sites, including the Canada’s CBC News.

Also in November 2014, one of the U.K’s most popular sites, The Telegraph, tweeted, “A part of our website run by a third-party was compromised earlier today. We’ve removed the component. No Telegraph user data was affected.”

A year earlier, in January 2013, the New York Times self-reported, “Hackers in China Attacked The Times for Last 4 Months.” The story said that, “The attackers first installed malware — malicious software — that enabled them to gain entry to any computer on The Times’s network. The malware was identified by computer security experts as a specific strain associated with computer attacks originating in China.”

Regional news outlets can also be targets. On September 18, 2015, reported CBS Local in San Francisco, “Hackers took control of the five news websites of Palo Alto-based Embarcadero Media Group on Thursday night, according to the CBS. The websites of Palo Alto Weekly, The Almanac, Mountain View Voice and Pleasanton Weekly were all reportedly attacked at about 10:30 p.m. Thursday.

I talked recently with Jason Steer of Menlo Security, a security company based in Menlo Park, Calif. He put it very clearly:

You are taking active code from a source you didn’t request, and you are running it inside your PC and your network, without any inspection whatsoever. Because of the high volumes of users, it only takes a small number of successes to make the hacking worthwhile. Antivirus can’t really help here, either consumer or enterprise. Antivirus may not detect ransomware being installed from a site you visit, or malicious activity from a bad advertisement or bad JavaScript.

Jason pointed me to his blog post from November 12, 2015, “Top 50 UK Website Security Report.” His post says, in part,

Across the top 50 sites, a number of important findings were made:

• On average, when visiting a top 50 U.K. website, your browser will execute 19 scripts

• The top UK website executed 125 unique scripts when requested

His blog continued with a particularly scary observation:

15 of the top 50 sites (i.e. 30 percent) were running vulnerable versions of web-server code at time of testing. Microsoft IIS version 7.5 was the most prominent vulnerable version reported with known software vulnerabilities going back more than five years.

How many scripts are running on your browser from how many external servers? According to Jason’s research, if you visit the BBC website, your browser might be running 92 scripts pushed to it from 11 different servers. The Daily Mail? 127 scripts from 35 servers. The Financial Times? 199 scripts from 31 servers. The New Yorker? 113 scripts from 33 sites. The Economist? 185 scripts from 46 sites. The New York Times? 76 scripts from 29 servers. And Forbes, 100 scripts from 49 servers.

Most of those servers and scripts are benign. But if they’re not, they’re not. The headline on Ars Technica on March 15, 2016, says it all: “Big-name sites hit by rash of malicious ads spreading crypto ransomware.” The story begins,

Mainstream websites, including those published by The New York Times, the BBC, MSN, and AOL, are falling victim to a new rash of malicious ads that attempt to surreptitiously install crypto ransomware and other malware on the computers of unsuspecting visitors, security firms warned.

The tainted ads may have exposed tens of thousands of people over the past 24 hours alone, according to a blog post published Monday by Trend Micro. The new campaign started last week when “Angler,” a toolkit that sells exploits for Adobe Flash, Microsoft Silverlight, and other widely used Internet software, started pushing laced banner ads through a compromised ad network.

 According to a separate blog post from Trustwave’s SpiderLabs group, one JSON-based file being served in the ads has more than 12,000 lines of heavily obfuscated code. When researchers deciphered the code, they discovered it enumerated a long list of security products and tools it avoided in an attempt to remain undetected.

Let me share my favorite news website hack story, because of its sheer audacity. According to Jason’s blog, ad delivery systems can be turned into malware delivery systems, and nobody might every know:

If we take one such example in March 2016, one attacker waited patiently for the domain ‘brentsmedia[.]com’ to expire, registered in Utah, USA , a known ad network content provider. The domain in question had expired ownership for 66 days, was then taken over by an attacker in Russia (Pavel G Astahov) and 1 day later was serving up malicious ads to visitors of sites including the BBC, AOL & New York Times. No-one told any of these popular websites until the malicious ads had already appeared.

Jason recently published an article on this subject in SC Magazine, “Brexit leads to pageviews — pageviews lead to malware.” Check it out. And be aware that when you visit a trusted news website, you have no idea what code is being executed on your computer, what that code does, and who wrote that code.