Ted Bahr & Alan Zeichick

February 23, 2000 — the debut issue of SD Times hit the stands and changed my world. Launched as a printed semi-monthly newspaper in tabloid size, SD Times grew into the world’s leading publication for software development managers.

Ted Bahr and I formed BZ Media in mid-1999. SD Times was the first of our many publications, conferences, and websites, all B2B for the technology industry. Today, SD Times flourishes as part of D2 Emerge, and we couldn’t be more proud to see our beloved SD Times continue to serve this important audience.

Let’s look back. David Rubinstein — who started out as executive editor of SD Times and is now co-owner of D2 Emerge and editor-in-chief of the magazine — put out a great 20th anniversary issue. (The other D is Dave Lyman.)

The special issue includes essays from me (page 18) and from Ted (page 12). Dave wrote a remembrance column (page 46) and art director Mara Leonardi shares some of her favorite SD Times covers and images (page 20).

Click here to read the anniversary issue or download it as a PDF.

Meanwhile, my favorite part of the special 20th anniversary issues are the old photos.

  • There’s one of Ted and Alan, doing our silly “‘I’m the B’ and ‘I’m the Z’” schtick based on Saturday Night Live’s Hans und Franz.
  • There’s one of the crazy launch crew celebrating the release of the first issue.
  • There’s one of BZ Media employees standing in the water for some unknown reason.
  • There’s a lot of alcohol being consumed. That’s what happens when your offices are next to a bar.

I love those people, and miss working with every single one of them. Thank you, Ted, Dave, Dave, Mara, Erzi, Eddie, Viena, Pat, Rebecca, Erin, Katie, Alex, Whitney, Adam, Stacy, Yvonne, Christina, Jon, Paula, David, Craig, Marilyn, Robin, LuAnn, Julie, Charlie, PJ, Lindsey, Agnes, Victoria, Catherine, Sabrina, Kathy, Jennifer, Jeff, Brenner, Doug, Dan, Lisa, Brian, Michele, Polina, Anne, Suzanne, Ryan, Jeanie, Josette, Debbie, Michelle, Nicole, Greg, Usman, Robert, Robbie, and so many others for making SD Times and BZ Media a success. Those were among the best years of my life.

Duncan Wardle

Next time you hear a bad idea in the office, try saying “Yes.” That is, fight that impulse to say, “No, and here’s why your idea isn’t going to work.” That negative response shuts down creativity, says Duncan J. Wardle, former head of innovation and creativity at Disney.

Instead, try replying with a positive “Yes and …?” Ask encouraging follow-up questions—not to point out your colleague’s flawed thinking, but to help create a collaborative environment. Build a process that fosters creativity and imagination, and see where that leads.

More on the power of “Yes and.” Those words “transform the power of your idea into our idea,” Wardle explains. That transformation makes the idea bigger and accelerates its potential opportunities. It encourages collaboration, and from that collaboration, we can create new products, businesses, and processes.

Plus, by saying “Yes and,” we demonstrate to our coworkers that we honestly want to explore new ideas, not shut them down. That’s why he encourages asking questions that turn the discussion into an impromptu brainstorming session. Don’t throw up roadblocks meant to trip up your colleague. Instead, throw out your own ideas too. Be collaborative: “Here’s an idea, let’s see how to make it work.”

This is one of four techniques that Wardle offered to attendees at a packed session at Oracle OpenWorld. Read more in my short article for Forbes, “4 Techniques To Unlock Creativity, Including Saying ‘Yes’.”

Where will you find CARE? Think of trouble spots around the world where there are humanitarian disasters tied to extreme poverty, conflict, hunger, or a lack of basic healthcare or education. CARE is on the ground in these places, addressing survival needs, running clinics, and helping individuals, families, and communities rebuild their lives.

CARE’s scope is truly global. In 2018, the organization reached 56 million needy people through 965 programs in 95 countries, in places such as Mali, Jordan, Bangladesh, Brazil, the Democratic Republic of the Congo, Yemen, India, the Dominican Republic, and Niger.

CARE didn’t start out as a huge global charity, though. Founded in 1945, CARE provided a way for Americans to send lifesaving food and supplies to survivors of World War II — “CARE packages.” Today, it responds to dozens of disasters each year, reaching nearly 12 million people through its emergency programs. The rest of CARE’s work is through longer-term engagements, such as its work in Bihar State, in northern India.

Bihar, with a population of more than 110 million people, is one of India’s poorest states. Bihar has some of the country’s highest rates of infant and maternal mortality as well as childhood malnutrition. Since 2011, CARE has been working with the Bihar state government and other nongovernmental organizations (NGOs) to address those problems and to increase immunization rates for mothers and children.

The results to date have been significant. In Bihar, the percentage of 1-year-olds with completed immunization schedules increased from 12% to 84% between 2005 and 2018; there were nearly 20,000 fewer newborn deaths in 2016 than in 2011; and the maternal mortality rate fell by nearly half, from 312 to 165 maternal deaths per 100,000 live births between 2005 and 2018. How? Some of CARE’s initiatives involved improving healthcare facilities, mentoring nurses, supporting local social workers and midwives, and tracking the care given to weak and low-weight newborns.

Read more in my story for Forbes, “CARE’s Work In Bihar Shows Progress Is Possible Against The Toughest Problems.”

It’s been a tough year, and security is on the mind of everyone in the religious community, including synagogues, churches, and mosques. Here’s a timely story in the Jewish News, a newspaper in the greater Phoenix area: “Security experts prep synagogues for High Holidays.”

In the last 12 months, the American Jewish community has faced rising anti-Semitism and two synagogue shootings — one of which left one person dead and the other 11. 

Now, Jewish communities are looking at security and reevaluating emergency procedures — especially with the High Holidays approaching. 

The story quotes several people, including yours truly:

The vice chair of the Phoenix police department’s Jewish advisory board, Alan Zeichick, has also been working with synagogues to help their security teams better prepare for the upcoming High Holidays. During his visits, he presents a list of ideas to encourage better communication.

“It needs to be very clear to everyone who is doing what in terms of security and to make sure everyone knows what the processes are,” Zeichick said. “One of the things I like to say is, ‘Ninety-nine percent of all the problems is communication. The other one percent is communication, but you don’t realize it.’”

Please read the article – it’s important.

Enterprise.nxt magazine

The editors of Enterprise.nxt wanted to publish one of my photos to illustrate their article, “Geek spotting: 3 ways to recognize a tech geek in the wild.” Yeah, it’s a photo of yours truly driving around in his Mazda Miata alongside a giant Pickett slide rule.

Correction. Actually, it’s my wife’s Miata — a surprise birthday present back in 2006.

While I am very much a geek, it’s ironic that I don’t fit into a lot of geek culture. For example, Judy-Anne Goldman’s article says,

Geeks instinctively know how to recognize other geeks based on shared interests, such as TV shows like “Big Bang Theory,” role-playing games, or Comic Con. But, in the way that old-school nerds could be recognized by their calculators and pocket protectors, today we can categorize geeks in three ways: by what they wear, the first-adopter technology they acquire, and the vintage technology they use until it dies.

Yet I have never watched a full episode of Big Bang Theory, don’t care for role-playing games, and have no interest in attending Comic Con. (I did go to one Star Trek convention in the late 1990s. One was enough.)

Enjoy the article and enjoy my photograph.

I was pleased to contribute to a nice sport-technology story published in Mirage News, “Oracle Applies Cutting-Edge Tech to Enhance Fan Experiences.” My part begins like this:

Racing space-age yachts in San Francisco Bay (or anywhere) presents its own set of technological and athletic hurdles. SailGP catamarans are the fastest boats in the world, capable of reaching speeds of up to 50 knots (or 60 mph on land), said Sir Russell Coutts, CEO of SailGP and five-time Americas Cup Winner.

Hans Henken, flight controller for the USA SailGP Team, described the experience for those who’ve never raced:

“It’s like driving your car down the freeway with the top down in the pouring rain. The exit is coming up fast, you change lanes and find your traction controls are off, you slam on the brakes and the brakes are out. You have to make quick decisions in a lot of spray, and it’s very, very noisy.”

In SailGP races, all of the boats are built to the same specifications, meaning that any edge the crew can get from 1,200 embedded sensors could be the difference between victory and defeat.

Sensor data is sent to the Oracle cloud in 200 msec, less time than the time it takes to blink, said Edwin Upson, Oracle group vice president of Enterprise Cloud Architects. Then it is returned to the crew for analysis in near-real-time.

Mirage News is published in Australia: “As a non-aligned, independent online media platform operating out of Wollongong NSW, Mirage News provides real-time coverage of newsworthy developments firsthand from primary and authoritative sources, with the main focus on media & public releases to deliver the news as it is with no comment or interpretation (This is particularly important in the era of fake news and media manipulation).”

I hope you enjoy the story. I certainly enjoyed hanging out with the SailGP folks.

Can you name that Top 40 pop song in 10 seconds? Sure, that sounds easy. Can you name that pop song—even if it’s played slightly out of tune? Uh oh, that’s a lot harder. However, if you can guess 10 in a row, you might share in a cash prize.

That’s the point of “Out of Tune,” an online music trivia game where players mostly in their teens and 20s compete to win small cash prizes–just enough to make the game more fun. And fun is the point of “Out of Tune,” launched in August by FTW Studios, a startup based in New York. What’s different about “Out of Tune” is that it’s designed for group play in real time. The intent is that players will get together in groups, and play together using their Android or Apple iOS phones.

Unlike in first-person shooter games, or other activities where a game player is interacting with the game’s internal logic, “Out of Tune” emphasizes the human-to-human aspect. Each game is broadcast live from New York — sometimes from FTW Studio’s facilities, sometimes from a live venue. Each game is hosted by a DJ, and is enjoyed through streaming video. “We’re not in the game show business or the music business,” says Avner Ronen, FTW Studio’s founder and CEO. “We’re in the shared experiences business.”

Because of all that human interaction, game players should feel like they’re part of something big, part of a group. “It’s social, says Ronen, noting 70% of its participants today are female. “The audience is younger, and people play with their friends.”

How does the game work? Twice a day, at 8 p.m. and 11 p.m. Eastern time, a DJ launches the game live from New York City. The game consists of 10 pop songs played slightly out of tune—and players, using a mobile app on their phones, have 10 seconds to guess the song. Players who guess all the songs correctly share in that event’s prize money.

Learn more about FTW Studios – and how the software works – in my story in Forbes, “This Online Game Features Out-Of-Tune Pop Songs. The End Game Is About Much More.”

Every new graduate from Central New Mexico Community College leaves school with a beautiful paper diploma covered in fine calligraphy, colorful seals, and official signatures. This summer, every new graduate also left with the same information authenticated and recorded in blockchain.

What’s the point of recording diplomas using blockchain technology? Blockchain creates a list of immutable records—grouped in blocks—that are linked cryptographically to form a tamper-evident chain. Those blocks are replicated on multiple servers across the participating organizations, so if a school went out of business, or somehow lost certain records to disaster or other mayhem, a student’s credentials are still preserved in other organizations’ ledger copies. Anyone authorized to access information on that blockchain (which might include, for example, prospective employers) could verify whether the student’s diploma and its details, such as the year, degree, and honors, match what the student claims.

Today, using blockchain for diplomas or certifications is uncommon. But it’s one of a growing number of blockchain use cases being tested—cases where information needs to be both shared and trusted across many parties, and preserved against loss or tampering.

Academic credentials are important to adults looking for jobs or applying to study for advanced degrees. Those records are also vital for refugees fleeing natural disasters or war-torn countries, such as those leaving Syria. “There are refugees who are medical doctors who can no longer practice medicine because they don’t have those certificates anymore,” says Feng Hou, CIO and chief digital learning officer at Central New Mexico Community College (CNM).

CNM is the largest higher-education institution in the state in terms of undergraduate enrollment, serving more than 23,000 students this fall. Nationally accredited, with eight locations in and around Albuquerque, CNM offers more than 150 associate degrees and certificates, as well as non-credit job training programs.

A benefit of blockchain is that there’s no single point of failure. “Given the decentralized nature of blockchain technology, it will prevent the single point of failure for any identity crisis, such as Syrian refugees, because on blockchain the ID is secure, shareable and verifiable anywhere in the world,” says Hou.

Read more in my story for the Wall Street Journal, “New Mexico College Deploys Blockchain for Digital Diplomas.”

In Australia, at 8 a.m. on ‘Results Day,’ thousands and thousands of South Australian year 12 students receive their ATAR (Australia Tertiary Admissions Rank)—the all-important standardized score used to gain admission to universities across Australia. The frustrating challenge: many are eligible to add as many as nine school and subject-specific bonus points to their ATAR, which can improve their chances of gaining admission to tertiary institutions like the University of Adelaide. To find out about those bonuses, or adjusted ATAR, they must talk to university staff.

Thousands of students. All receiving their ATAR at the same time. All desperate to know about their bonus points. That very moment. They’re all phoning the university wanting a 5- or 10-minute call to answer a few questions and learn about their adjusted score. This past year, 2,100 of those students skipped what in the past could be an hours-long phone queue to talk to university staff. Instead, they used Facebook Messenger to converse with a chatbot, answering questions about their bonus eligibility and learning their adjusted ATAR score–in about three minutes.

“It’s always been really difficult for us to support the adjusted ATAR calls,” says Catherine Cherry, director of prospect management at University of Adelaide. “There are only so many people we can bring in on that busy day, and only so many phone calls that the staff can take at any given time.” Without the chatbot option, even when the prospective student is able to reach university staff, the staff can’t afford to stay on the phone to answer all that student’s questions, which can create a potentially bad first experience with the university. “The staff who are working that day really feel compelled to hurry the student off the phone because we can see the queue of 15, 20 people waiting, and we can see that they’ve been waiting for a long time,” Cherry says.

Enter the chatbot: Three minutes on Facebook Messenger and students had their adjusted ATAR. Read about the technology behind this chatbot application in my story in Forbes, “University of Adelaide Builds A Chatbot To Solve One Very Hard Problem.”

Blockchain and the cloud go together like organic macaroni and cheese. What’s the connection? Choosy shoppers would like to know that their organic food is tracked from farm to shelf, to make sure they’re getting what’s promised on the label. Blockchain provides an immutable ledger perfect for tracking cheese, for example, as it goes from dairy to cheesemaker to distributor to grocer.

Oracle’s new Blockchain Cloud Service provides a platform for each participant in a supply chain to register transactions. Within that blockchain, each participant—and regulators, if appropriate—can review those transactions to ensure that promises are being kept, and that data has not been tampered with. Use cases range from supply chains and financial transactions to data sharing inside a company.

Launched this month, Oracle Blockchain Cloud Service has the features that an enterprise needs to move from experimenting with blockchain to creating production applications. It addresses some of the biggest challenges facing developers and administrators, such as mastering the peer-to-peer protocols used to link blockchain servers, ensuring resiliency and high availability, and ensuring that security is solid. For example, developers previously had to code one-off integrations using complex APIs; Oracle’s Blockchain Cloud Service provides integration accelerators with sample templates and design patterns for many Oracle and third-party applications in the cloud and running on-premises in the data center.

Oracle Blockchain Cloud Service provides the kind of resilience, recoverability, security, and global reach that enterprises require before they’d trust their supply chain and customer experience to blockchain. With blockchain implemented as a managed cloud service, organizations also get a system that’s ready to be integrated with other enterprise applications, and where Oracle handles the back end to ensure availability and security.

Read more about this in my story for Forbes, “Oracle Helps You Put Blockchain Into Real-World Use With New Cloud Service.”

If you saw the 2013 Sandra Bullock-George Clooney science-fiction movie Gravity, then you know about the silent but deadly damage that even a small object can do if it hits something like the Hubble telescope, a satellite, or even the International Space Station as it hurtles through space. If you didn’t see Gravity, a non-spoiler, one-word summary would be “disaster.” Given the thousands of satellites and pieces of man-made debris circling our planet, plus new, emerging threats from potentially hostile satellites, you don’t need to be a rocket scientist to know that it’s important to keep track of what’s around you up there.

It all starts with the basic physics of motion and managing the tens of thousands of data points associated with those objects, says Paul Graziani, CEO and cofounder of Analytical Graphics. The Exton, Pennsylvania-based software company develops four-dimensional software that analyzes and visualizes objects based on their physical location and their time and relative position to each other or to other known locations. AGI has leveraged its software models to build the ComSpOC – its Commercial Space Operations Center. ComSpOC is the first and only commercial Space Situational Awareness center, and since 2014 it has helped space agencies and satellite operators keep track of space objects, including satellites and spacecraft.

ComSpOC uses data from sensors that AGI owns around the globe, plus data from other organizations, to track objects in space. These sensors include optical telescopes, radar systems, and passive rf (radio frequency) sensors. “A telescope gathers reflections of sunlight that come off of objects in space,” Graziani says. “And a radar broadcasts radio signals that reflect off of those objects and then times how long it takes for those signals to get back to the antenna.”

The combination of these measurements helps pinpoint the position of each object. The optical measurements of the telescopes provide directional accuracy, while the time measurements of the radar systems provide the distance of that object from the surface of the Earth. Passive rf sensors, meanwhile, use communications antennas that receive the broadcast information from operational satellites to measure satellite position and velocity.

Read more in my story for Forbes, “How Satellites Avoid Attacks And Space Junk While Circling The Earth.”

Ted Bahr has the coolest art store on Long Island: The Bahr Gallery.

Ted is the “B” of BZ Media – and I’m the “Z.” We’ve worked together, off and on, since the early 1990s, beginning at Miller Freeman in San Francisco. We started BZ Media together in 1999, starting such iconic media properties as SD Times and the SharePoint Technology Conference. I left in 2013, and we’re in the process of winding the company down.

And now Ted (in the blue blazer) has opened the Bahr Gallery in beautiful Oyster Bay – ironically, only a few doors away from BZ Media’s first office space.

We don’t sell posters. We sell Art.

The late 1960’s hosted a unique utopian experiment where love, peace, music, free living and mind expansion opened up whole new worlds, and nowhere was this creative explosion more acute and more wild than in San Francisco.

The psychedelic posters created from 1966-1969 by masters like Wes Wilson, Stanley Mouse, Victor Moscoso, Rick Griffin, and Alton Kelley have become recognized and highly valued for their unique and creative expression of this utopian time in history, before, during and after the Summer of Love.

The Bahr Gallery promotes and sells this Art, placed in historical context, for you to put on your wall and enjoy. All pieces are beautifully hand-framed and matted with enhancement of the artwork in mind and behind the highest quality museum glass.

Certificates of authenticity and official quality grading documentation is included where available.

Virtually all pieces are first editions, printed before the concert occurred. Many are signed by artist and/or performers. Much of this art currently hangs in the Smithsonian, Metropolitan Museum of Art, MOMA, The Louvre, the deYoung and other leading museums and institutions all around the world.

The Bahr Gallery has several rooms featuring more than 60 psychedelic master works on rotation from the Big Five and other artists. Open hours vary with the season but generally we are open on weekends – we are also open by appointment, so please contact us for a private viewing.

Read an interview with Ted in the Long Island Herald, or follow the gallery on Facebook. And now you know where to shop next time you’re in the neighborhood. It’s totally groovy.

The trash truck rumbles down the street, and its cameras pour video into the city’s data lake. An AI-powered application mines that image data looking for graffiti—and advises whether to dispatch a fully equipped paint crew or a squad with just soap and brushes.

Meanwhile, cameras on other city vehicles could feed the same data lake so another application detects piles of trash that should be collected. That information is used by an application to send the right clean-up squad. Citizens, too, can get into the act, by sending cell phone pictures of graffiti or litter to the city for AI-driven processing.

Applications like these provide the vision for the Intelligent Internet of Things Integration Consortium (I3). This is a new initiative launched by the University of Southern California (USC), the City of Los Angeles, and a number of stakeholders including researchers and industry. At USC, I3 is jointly managed by three institutes: Institute for Communication Technology Management (CTM), Center for Cyber-Physical Systems and the Internet of Things (CCI), and Integrated Media Systems Center (IMSC).

“We’re trying to make the I3 Consortium a big tent,” says Jerry Power, assistant professor at the USC Marshall School of Business’s Institute for Communication Technology Management (CTM). Power serves as executive director of the consortium. “Los Angeles is a founding member, but we’re talking to other cities and vendors. We want lots of people to participate in the process, whether a startup or a super-large corporation.”

As of now, there are 24 members of the consortium, including USC’s Viterbi School of Engineering and Marshall School of Business. And companies are contributing resources. Oracle’s Startup for Higher Education program, for example, is providing $75,000 a year in cloud infrastructure services to support the I3 Consortium’s first three years of development work.

The I3 Consortium needs a lot of computing power. The consortium allows the cities to move beyond data silos where information is confined to individual departments, such as transportation and sanitation, to one where data flows among departments, can be more easily managed, and also lets cities use data contributions from residents or even other governmental or commercial data providers. That information is consolidated into a city’s data lake that can be accessed by AI-powered applications across departments.

The I3 Consortium will provide a vehicle to manage the data flow into the data lake. Cyrus Shahabi, a professor at USC’s Viterbi School of Engineering, and director of its Integrated Media Systems Center (IMSC), is using Oracle Cloud credits to create advanced computation applications that apply vast amounts of processing needed to train AI-based, deep learning neural networks and use real-time I3-driven data lakes to recognize issues, such as graffiti or garbage, that drive action.

 

Read more about the I3 Consortium in my story for Forbes, “How AI Could Tackle City Problems Like Graffiti, Trash, And Fires.”

Can you believe that Cantor Barry Reich has been with Peninsula Temple Sholom for 51 years? That’s an incredible tenure. He began at the Burlingame, Calif., synagogue as a liturgical singer who showed up on a motorcycle. He retires — well, becomes Cantor Emeritus – at the end of this month.

Barry and I have done lots of great projects together. Not only that, he oversaw the Bar Mitzvah of my son Michael, who also played in the Cantor’s band. As a recent story in the J Weekly writes,

Reich, 71, has the kind of background most cantors could only dream of. He represents the fifth generation of cantors in his family, raised in L.A.’s old Jewish neighborhood of Boyle Heights. Reich was a yeshiva kid until his father, Israel Reich, switched to the Conservative movement. The family moved around for a few years, and Barry Reich got his cantorial start as a child singing in overflow services at his father’s synagogue in Miami.

But by senior year in high school, the Reiches were in San Francisco, where Israel served as cantor at Congregation Beth Sholom. Barry was still a music student of 17 when he stepped in as a temporary cantor at PTS.

What happens next? Says, the J,

With retirement on the horizon, Reich has a few ideas for how he’ll be spending his time, although he’s keeping his options open. He plans to publish some of the choral music he’s written through the years, which means recording it as well, and he’s toying with the notion of working with Jewish summer camps. And his official title will be cantor emeritus as of July 1. But one thing he won’t be doing in the fall is singing on the bimah. “For the first time in 51 years, I’m going to take the High Holidays off,” he said.

Yasher koach, from strength to strength, dear friend.

It’s so easy to relate to someone’s sorrows by saying, “Oh yes, that happened to me too.” A friend lost a job; well, you lost a job once. A friend lost a pet; well, your Fluffy got cancer and died. And speaking of cancer… or losing a parent or other loved one. It’s happening to your friend now, and you’ve got powerful personal stories to tell that will show your friend that you’ve been there too, and you know what she’s going through.

Don’t. Just don’t go there. You don’t know what she’s going through, and frankly, she doesn’t care about your loss right now.

That’s something I learned during a course in pastoral training: You relate to the person in pain by active listening. Not by telling your own stories. Ask questions: Tell me about your plans to find another job. What was something funny that Fido did? Can you tell me a story about your relationship with your aunt? What worries you most about getting chemo?

Now is not the time to say, “I’ve been there.” The grieving friend doesn’t want to hear about your dead dog. He wants to talk about his dead dog, or at least, sit quietly with you while he mourns. Sure, if he asks, “Have you been there,” say “Yes,” and talk briefly. But this isn’t a conversation. It’s not a give-and-take, where you each share stories. No, you help by listening, not by talking.

I’ve seen this first hand, in time I’ve spent with mourners — where the mourner feels trapped into listening to stories she doesn’t want to hear. This was never as well said as in a recent story, “The Mistake I Made with My Grieving Friend,” by Celeste Headlee:

A good friend of mine lost her dad some years back. I found her sitting alone on a bench outside our workplace, not moving, just staring at the horizon. She was absolutely distraught and I didn’t know what to say to her. It’s so easy to say the wrong thing to someone who is grieving and vulnerable. So, I started talking about how I grew up without a father. I told her that my dad had drowned in a submarine when I was only 9 months old and I’d always mourned his loss, even though I’d never known him. I just wanted her to realize that she wasn’t alone, that I’d been through something similar and could understand how she felt.

But after I related this story, my friend looked at me and snapped, “Okay, Celeste, you win. You never had a dad, and I at least got to spend 30 years with mine. You had it worse. I guess I shouldn’t be so upset that my dad just died.”

Read the story. And next time you’re tempted to share your own stories of loss with someone in pain… don’t.

“What type of dog are you?” “I scored 9 out of 10 on this vocabulary test! Can you beat me? Take the quiz!” “Are you a true New Yorker?”

If you use Facebook (or other social media sites) you undoubtedly see quizzes like this nearly every day. Sometimes the quizzes appear in Facebook advertisements. Sometimes they appear because one of your friends took the quiz, and the quiz appeared as a post by your friend.

Is it safe to take those quizzes? As with many security topics, the answer is a somewhat vague “yes and no.” There are two areas to think about. The first is privacy – are you giving away information that should be kept confidential? The second is, by interacting with the quiz, are you giving permission for future interactions? Let’s talk about both those aspects, and then you can make an informed decision.

Bear in mind, however, that quizzes like this were likely used by Cambridge Analytica to harvest personal details about millions of Facebook users. Those details were allegedly used to email hidden; JavaScript is required.

Personal Dossier

Let’s start with content. When you take a quiz, you may not realize the extent of the personal information you are providing. Does the quiz ask you for your favorite color? For the year you graduated secondary school? For the type of car you drive? All of that information could potentially be aggregated into a profile. That’s especially true if you take multiple quizzes from the same company.

You don’t know, and you can’t realistically learn, if the organization behind the quiz is storing the information — and what it’s doing with it. Certainly, they can tag you as someone who likes quizzes, and show you more of them. However, are they using that information to profile you for their advertisements? Are they depositing cookies or other tracking mechanisms on your computer? Are they selling that information to other organizations?

A quiz about your favorite color is probably benign. A quiz about “What type of dog are you?” might indicate that you are a dog owner. It’s likely that ads for dog food might be in your future!

Be wary of quizzes that ask for any information that might be used for identity theft, like your home town or the year you were born. While you might sometimes post information like that on Facebook, that information may not be readily accessible to third parties, like the company that offers up those fun quizzes. If you provide such info to the quiz company, you are handing it to them on a silver platter.

Consider the “Is My Dog Fat Quiz,” hosted on the site GoToQuiz. It asks for your age range and your gender – which is totally unnecessary for asking about your dog’s weight and dietary habits. (You can see the lack of professionalism with misspellings like, “How much excersize does your dog get?” This quiz isn’t about you or your dog, it’s about gathering information for Internet marketers.

Permission Granted

Second, you’re giving implicit permission for future interactions. Sometimes when you click on a Facebook quiz, you take the quiz right inside Facebook. When you do so, you are interacting with the quiz giver – which means that future posts or quizzes by that quiz giver will show up on your news feed. You may be totally fine with that… it’s not particularly harmful. However, you should be aware that this is the case. (Those posts and quizzes may also show up on your friends’ news feeds as well, spreading the marketer’s reach)

What concerns me more is when clicking the quiz opens up an external website. When you are on an external website, whatever happens is outside of Facebook’s privacy protections and security protocols. You have no idea what the quiz site will do with your information.

Well, now, perhaps you do now.

Has Russia hacked the U.S. energy grid? This could be bigger than Stuxnet, the cyberattack that damaged uranium-enriching centrifuges in Iran back in 2010 – and demonstrated, to the public at least, that cyberattacks could do more than erase hard drives and steal peoples’ banking passwords.

For the first time, the United States has officially accused Russia of breaking into critical infrastructure. That’s not only a shocking admission of vulnerability, but also pointing the finger at a specific country.

While there may be geopolitical reasons for the timing of the accusation, let’s look at what’s going on from the tech perspective. On March 15, the U.S. Computer Emergency Response Team (US-CERT) put out an alert entitled, “Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors.” It’s not blaming hackers, or hackers based in Russia, it’s blaming the Russian government.

The danger couldn’t be clearer. “Since at least March 2016, Russian government cyber actors—hereafter referred to as “threat actors”—targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.”

The Targets: System Controllers

What were the attackers doing? Reconnaissance, looking for information on the critical controller in the energy facilities, also known as SCADA systems. The US-CERT alert explains,

In multiple instances, the threat actors accessed workstations and servers on a corporate network that contained data output from control systems within energy generation facilities. The threat actors accessed files pertaining to ICS or supervisory control and data acquisition (SCADA) systems. Based on DHS analysis of existing compromises, these files were named containing ICS vendor names and ICS reference documents pertaining to the organization (e.g., “SCADA WIRING DIAGRAM.pdf” or “SCADA PANEL LAYOUTS.xlsx”)

The threat actors targeted and copied profile and configuration information for accessing ICS systems on the network. DHS observed the threat actors copying Virtual Network Connection (VNC) profiles that contained configuration information on accessing ICS systems.

The Attack Vendor: User Accounts

How did the attackers manage to get into these energy systems? First, they carefully chose which companies or facilities to target, says US-CERT: “The threat actors appear to have deliberately chosen the organizations they targeted, rather than pursuing them as targets of opportunity.” The attackers then using spear phishing (custom-crafted malicious emails) and watering holes (hacks into trusted websites that employees of those energy sites would visit). For example, says the report,

One of the threat actors’ primary uses for staging targets was to develop watering holes. Threat actors compromised the infrastructure of trusted organizations to reach intended targets. Approximately half of the known watering holes are trade publications and informational websites related to process control, ICS, or critical infrastructure. Although these watering holes may host legitimate content developed by reputable organizations, the threat actors altered websites to contain and reference malicious content.

These hacks into user accounts were delivered via malicious .docx files that energy employees opened – and which captured user credentials. The attackers then used those credentials to get into the energy systems, create new accounts, and begin their work. The US CERT reports that the attackers weren’t able to get into systems that require multi-function authentication, by the way.

A History of Targeting Energy

We don’t know what Russia was doing, or why – assuming that it was Russia, of course. Dustin Volz and Timothy Gardner, writing for Bloomberg, say,

It was not clear what Russia’s motive was. Many cyber security experts and former U.S. officials say such behavior is generally espionage-oriented with the potential, if needed, for sabotage.

Russia has shown a willingness to leverage access into energy networks for damaging effect in the past. Kremlin-linked hackers were widely blamed for two attacks on the Ukrainian energy grid in 2015 and 2016, that caused temporary blackouts for hundreds of thousands of customers and were considered first-of-their-kind assaults.

As political issues escalate between Russia and the West, these types of reports and unanswered questions are indeed troubling.

Go ahead, blame the user. You can’t expect end users to protect their Internet of Things devices from hacks or breaches. They can’t. They won’t. Security must be baked in. Security must be totally automatic. And security shouldn’t allow end users to mess anything up, especially if the device has some sort of Web browser.

Case in point: Medical devices with some sort of network connection, and thus qualify as IoT. In some cases, those connections might be very busy, connecting to a cloud service to report back telemetry and diagnostics, with the ability for a doctor to adjust functionality. In other cases, the connections might be quiet, used only for firmware updates. In either case, though, any connection might lead to a vulnerability.

According to the Annual Threat Report: Connected Medical Devices, from Zingbox, the most common IoT devices are infusion pumps, followed by imaging systems. Despite their #2 status, the study says that those imaging systems have the most security issues:

They account for 51% of all security issues across tens of thousands devices included in this study. Several characteristics of imaging systems attribute to it being the most risky device in an organization’s inventory. Imaging systems are often designed on commercial-off-the-shelf (COTS) OS, they are expected to have long lifespan (15-20 years), very expensive to replace, and often outlive the service agreement from the vendors as well as the COTS provider.

This is not good. For all devices, the study says that, “Most notably, user practice issues make up 41% of all security issues. The user practice issues consist of rogue applications and browser usage including risky internet sites.” In addition, Zingbox says, “Unfortunately, outdated OS/SW (representing 33% of security issues) is the reality of connected medical devices. Legacy OS, obsolete applications, and unpatched firmware makes up one-third of all security issues.”

Need to Restrict IoT Device Access to Websites

Many devices contain embedded web browsers. Not infusion pumps, of course, but other devices, such those imaging sensors. Network access for such devices should be severely restricted – the embedded browser on a medical device shouldn’t be able to access eBay or Amazon or the New York Times – or anything else other than the device’s approved services. As the study explains, “Context-aware policy enforcement should be put in place to restrict download of rogue applications and enable URL access specific to the operation of the device.”

Even if the device operator’s intentions are good, you don’t want the device used to access, say, Gmail. And then get a virus. Remember, many of the larger IoT medical devices run Windows, and may not have up-to-date malware protection. Or any malware protection whatsoever.

When planning out IoT security, the device must be protected from the user, as well as from hackers. “IoT Security: How To Make The World Safe When Everything’s Connected,” published in Forbes, quoted Gerry Kane, Cyber Security Segment Director for Risk Engineering at The Zurich Services Corporation:

Information security must evolve with the times, Kane believes. “It’s not just about data anymore,” he said. “It’s an accumulation of the bad things that could happen when there’s a security breach. And consider the number of threat vectors that are brought into play by the Internet of Things.”

Human error poses another risk. Although these devices are supposed to operate on their own, they still need to receive instructions from people. The wrong commands could result in mistakes.

“Human error is always a big part of security breaches, even if it’s not always done with malicious intent,” Kane said.

Indeed, the IoT world is pretty dangerous… thanks to those darned end users.

We had a good show this morning! Enjoy these photographs, taken with a Canon EOS 1D Mk IV with a 500mm prime lens. The first image was cropped, and the last one had its exposure boosted in post-processing by 4 stops. Otherwise, these are untouched.

From January 1, 2005 through December 27, 2017, the Identity Theft Resource Center (ITRC) reported 8,190 breaches, with 1,057,771,011 records exposed. That’s more than a billion records. Billion with a B. That’s not a problem. That’s an epidemic.

That horrendous number compiles data breaches in the United States confirmed by media sources or government agencies. Breaches may have exposed information that could potentially lead to identity theft, including Social Security numbers, financial account information, medical information, and even email addresses and passwords.

Of course, some people may be included on multiple breaches, and given today’s highly interconnected world, that’s probably very likely. There’s no good way to know how many individuals were affected.

What defines a breach? The organization says,

Security breaches can be broken down into a number of additional sub-categories by what happened and what information (data) was exposed. What they all have in common is they usually contain personal identifying information (PII) in a format easily read by thieves, in other words, not encrypted.

The ITRC tracks seven categories of breaches:

  • Insider Theft
  • Hacking / Computer Intrusion (includes Phishing, Ransomware/Malware and Skimming)
  • Data on the Move
  • Physical Theft
  • Employee Error / Negligence / Improper Disposal / Lost
  • Accidental Web/Internet Exposure
  • Unauthorized Access

As we’ve seen, data loss has occurred when employees store data files on a cloud service without encryption, without passwords, without access controls. It’s like leaving a luxury car unlocked, windows down, keys on the seat: If someone sees this and steals the car, it’s theft – but it was easily preventable theft abetted by negligence.

The rate of breaches is increasing, says the ITRC. The number of U.S. data breach incidents tracked in 2017 hit a record high of 1,579 breaches exposing 178,955,069 records. This is a 44.7% increase over the record high figures reported for 2016, says the ITRC.

It’s mostly but not entirely about hacking. The ITRC says in its “2017 Annual Data Breach Year-End Review,”

Hacking continues to rank highest in the type of attack, at 59.4% of the breaches, an increase of 3.2 percent over 2016 figures: Of the 940 breaches attributed to hacking, 21.4% involved phishing and 12.4% involved ransomware/malware.

In addition,

Nearly 20% of breaches included credit and debit card information, a nearly 6% increase from last year. The actual number of records included in these breaches grew by a dramatic 88% over the figures we reported in 2016. Despite efforts from all stakeholders to lessen the value of compromised credit/debit credentials, this information continues to be attractive and lucrative to thieves and hackers.

Data theft truly is becoming epidemic. And it’s getting worse.

A fascinating website, “How Did Arizona Get its Shape?,” shows that continental expansion in North America led to armed conflicts with Native American groups. Collectively known as the American Indian Wars, the conflicts began in the 1600s, and continued in various forms for the next several centuries. Multiple conflicts occurred during the U.S.-Mexican War, as westward expansion led to draconian policies levied by the United States against Indian nations, forcibly removing them from their homelands to make way for U.S. settlers.

Less than 15 years after the conflict with Mexico, the Civil War broke out between the United States (the Union) and the 11 states that seceded to form the Confederate States of America. Had the Confederacy won the war, Arizona would have been a slave state oriented to the south of New Mexico rather than to the west.

During the Civil War, in 1863, President Abraham Lincoln signed the Arizona Organic Act, which split Arizona and New Mexico into separate territories along the north-to-south border that remains today. The Act also outlawed slavery in Arizona Territory, a critical distinction as the question of whether new states or territories would allow slavery dominated U.S. westward expansion policies.

Check out the website – great maps!!

“Thou shalt not refer winkingly to my taking off my robe after worship as disrobing.” A powerful essay by Pastor Melissa Florer-Bixler, “10 commandments for male clergy,” highlights the challenges that female clergy endure in a patriarchal tradition — and one in which they are still seen as interlopers to church/synagogue power. And in this era of #metoo, it’s still not easy for women in any aspect of leadership, including Jewish leadership.

In my life and volunteer work, I have the honor to work with clergy. Many, but not all, are rabbis and cantors who come from the traditions of Reform Judaism. Quite a few are women. I also work with female Conservative and Reconstructionist rabbis and cantors, as well as female pastors and ministers. And of course, there are lots of male clergy from those traditions as well as the male-only Orthodox Jewish and Roman Catholic domains.

Congregations, schools, seminaries, communities, and non-profits enjoy abundant blessings when employing and engaging with female clergy. However, that doesn’t mean that women clergy are always seen as first-class members of their profession, or that they are treated with the same respect as their male counterparts.

There are too many assumptions, says Pastor Florer-Bixler, who ministers at the Raleigh Mennonite ChurchToo many jokes. Too many subtle sexist put-downs. I’ve heard those myself. To be honest, there are some jokes and patronizing assumptions that I’ve made myself. While always meant kindly, my own words and attitude contributed to the problem. In her essay, Pastor Florer-Bixler writes about mansplaining, stereotypes, and the unspoken notion that religious institutions are essentially masculine:

In her recent lecture-essay “Women in Power: From Medusa to Merkel,” Mary Beard describes the pervasiveness of the cultural stereotype that power — from the halls of ancient Greece to the modern parliament — is masculine.

She cites a January 2017 article in The London Times about women front-runners for the positions of bishop of London, commissioner of the Metropolitan Police and chair of the BBC governing board. The headline read: “Women prepare for a power grab in church, police and BBC.”

Beard points out that “probably thousands upon thousands of readers didn’t bat an eyelid” at the suggestion that those seats of power were the property of men — possessions being “grabbed,” that is, taken away, by women.

Straight-forward sexism

Pastor Florer-Bixler writes about sexism, and I cringe at having seen many of these behaviors, and not speaking out.

Drawing attention to pregnancy, making sexualizing comments about “disrobing,” suggesting that a clergywoman should smile more, describing a female pastor’s voice as “shrill” — all expose the discomfort that men feel about women in “their” profession.

More than just ridiculous humiliations, these stereotypes affect the ministries and careers of women in church leadership. One colleague discovered that a pastor search committee was told that for the salary they were offering, they should expect only women to be willing to serve. The committee was livid — not at the pay gap but at the idea that they would have to consider only women.

We must do better

Pastor Florer-Bixler offers some suggestions for making systemic improvements in how we — male clergy, lay leaders, everyone — should work with female clergy. 

Men have all-male theological traditions and ministerial roles to which they can retreat. Not so female pastors.

If a woman stands up to this patriarchal tradition, she faces the accusation of intolerance. Women should not be expected to “get along” with sexist individuals, theologies, practices and institutions as if this were a price to be paid for church unity.

What is the way forward? For one, men must do better. When male pastors co-opt ideas that have come from female colleagues, they must reassign the insights. When they learn of pay gaps, they must address them.

When female clergy are outtalked or overtalked, male pastors must name the imbalance. They must read the sermons, theology and books of women. And decline to purchase books written by men who exclude women from the pulpit.

Women are addressing this as we always have: through constant negotiation between getting the job done and speaking out against what is intolerable. In the meantime, we create spaces where women can begin to speak the truth of our power to one another. For now, this is what we have.

The way forward will unquestioningly be slow, but we must be part of the solution. Let’s stop minimizing the problem or leaving it for someone else. Making a level playing field is more than men simply agreeing not to assault women, and this is not an issue for female clergy to address. Sexism is everyone’s issue. All of us must own it. And I, speaking as a male lay leader who works with many female clergy, pledge to do better.

On this day before Thanksgiving (a U.S. holiday), let me share the concept of  Shehecheyanu Moments.

The Shehecheyanu is a prayer of thankfulness. Many Jews say the prayer immediately after the first time you do or experience something new and wonderful, or right after you experience it for the first time in a long time.

In my family, we call such occasions Shehecheyanu Moments. In English, the prayer roughly translates to, “Thank you, God, for giving me life, sustaining me, and letting me reach this season.”

Every single day, you do or see something new or new-ish, maybe sacred, maybe part of your daily life.

It might be seeing a new rainbow. It might be welcoming your adult son home after six months away. It might starting a job or landing a client. It might be installing a new battery and having the car start right up. It might be hearing goldfinches sing after a few months’ absence. It might be watching a baby bunny hop across the garden. It might be tasting an interesting wine varietal or flavor of herbal tea. It might be hugging friends this Thanksgiving you haven’t hugged since last Thanksgiving.

Treasure and acknowledge (even if only to yourself) those Shehecheyanu Moments. They truly sustain us, and teach that each and every day, life fills us with joy and blessings.

Happy Thanksgiving!

Let’s talk about hackers, not through the eyes of the tech industry but through the eyes of current and former U.S. law enforcement officials. It’s their job to run those people down and throw them in jail.

The Federal Bureau of Investigation

MK Palmore is an Information Security Risk Management Executive with the FBI’s Cyber Branch in San Francisco. He runs the cyber-security teams assigned to the San Francisco division of the FBI. “My teams here in San Francisco typically play some part in the investigations, where our role is to identify, define attribution, and get those folks into the U.S. Justice system.”

“The FBI is 35,000-plus personnel, U.S.-based, and part of the Federal law enforcement community,” says Palmore. “There are 56 different field offices throughout the United States of America, but we also have an international presence in more than 62 cities throughout the world. A large majority of those cities contain personnel that are assigned there specifically for responsibilities in the cyber-security realm, and often-times are there to establish relationships with our counterparts in those countries, but also to establish relationships with some of the international companies, and folks that are raising their profile as it relates to international cyber-security issues.”

The U.S. Secret Service

It’s not really a secret: In 1865, the Secret Service was created by Congress to primarily suppress counterfeit currency. “Counterfeit currency represented greater than 50% of all the currency in the United States at that time, and that was why the Agency was created,” explained Dr. Ronald Layton, Deputy Assistant Director U.S. Secret Service. “The Secret Service has gone from suppressing counterfeit currency, or economic, or what we used to refer to as paper crimes, to plastic, meaning credit cards. So, we’ve had a progression, from paper, to plastic, to digital crimes, which is where we are today,” he continued.

Protecting Data, Personal and Business

“I found a giant hole in the way that private sector businesses are handling their security,” said Michael Levin. “They forgot one very important thing. They forgot to train their people what to do. I work with organizations to try to educate people — we’re not doing a very good job of protecting ourselves. “

A leading expert in cyber-security, Levin is Former Deputy Director, U.S. Department of Homeland Security’s National Cyber-Security Division. He retired from the government a few years ago, and is now CEO & Founder of the Center for Information Security Awareness.

“When I retired from the government, I discovered something,” he continued. “We’re not protecting our own personal data – so, everybody has a role to play in protecting their personal data, and their family’s data. We’re not protecting our business data. Then, we’re not protecting our country’s data, and there’s nation states, and organized crime groups, and activists, that are coming after us on a daily basis.”

The Modern Hacker: Who They Are, What They Want

There are essentially four groups of cyber-threat activists that we need to be concerned with, explained the FBI’s Palmore. “I break them down as financially-motivated criminal intrusion, threat actors, nation states, hacktivists, and then those security incidents caused by what we call the insider threat. The most prevalent of the four groups, and the most impactful, typically, are those motivated by financial concerns.”

“We’re talking about a global landscape, and the barrier to entry for most financially-motivated cyber-threat actors is extremely low,” Palmore continued. “In terms of looking at who these folks are, and in terms of who’s on the other end of the keyboard, we’re typically talking about mostly male threat actors, sometimes between the ages of, say, 14 and 32 years old. We’ve seen them as young as 14.”

Criminals? Nation states? Hacktivists? Insiders? While that matters to law enforcement, it shouldn’t to individuals and enterprise, said CIFSA’s Levin. “For most people, they don’t care if it’s a nation state. They just want to stop the bleeding. They don’t care if it’s a hacktivist, they just want to get their site back up. They don’t care who it is. They just start trying to fix the problem, because it means their business is being attacked, or they’re having some sort of a failure, or they’re losing data. They’re worried about it. So, from a private sector company’s business, they may not care.”

However, “Law enforcement cares, because they want to try to catch the bad guy. But for the private sector is, the goal is to harden the target,” points out Levin. “Many of these attacks are, you know, no different from a car break-in. A guy breaking into cars is going to try the handle first before he breaks the window, and that’s what we see with a lot of these hackers. Doesn’t matter if they’re nation states, it doesn’t matter if they’re script kiddies. It doesn’t matter to what level of the sophistication. They’re going to look for the open doors first.”

The Secret Service focuses almost exclusively about folks trying to steal money. “Several decades ago, there was a famous United States bank robber named Willie Sutton,” said Layton. “Willie Sutton was asked, why do you rob banks? ‘Because that’s where the money is.’ Those are the people that we deal with.”

Layton explained that the Secret Service has about a 25-year history of investigating electronic crimes. The first electronic crimes taskforce was established in New York City 25 years ago. “What has changed in the last five or 10 years? The groups worked in isolation. What’s different? It’s one thing: They all know each other. They all are collaborative. They all use Russian as a communications modality to talk to one another in an encrypted fashion. That’s what’s different, and that represents a challenge for all of us.”

Work with Law Enforcement

Palmore, Levin, and Layton have excellent, practical advice on how businesses and individuals can protect themselves from cybercrime. They also explain how law enforcement can help. Read more in my article for Upgrade Magazine, “The new hacker — Who are they, what they want, how to defeat them.”

Still no pastrami sandwich. Still no guinea pig. What’s the deal with the cigarette?

I installed iOS 11.1 yesterday, tantalized by Apple’s boasting of tons of new emoji. Confession: Emoji are great fun. Guess what I looked for right after the completed software install?

Many of the 190 new emoji are skin-tone variations on new or existing people or body parts. That’s good: Not everyone is yellow, like the Simpsons. (If you don’t count the different skin-tone versions, there are about 70 new graphics.)

New emoji that I like:

  • Steak. Yum!
  • Shushing finger face. Shhhh!
  • Cute hedgehog. Awww!
  • Scottish flag. Och aye!

What’s still stupidly missing:

  • Pastrami sandwich. Sure, there’s a new sandwich emoji, but it’s not a pastrami sandwich. Boo.
  • There’s a cheeseburger (don’t get me started on the cheese top/bottom debate), but nothing for those who don’t put cheese on their burgers at all. Grrrr.
  • Onion rings. They’ve got fries, but no rings. Waah.
  • Coffee with creamer. I don’t drink my coffee black. Bleh.
  • Guinea pig. That’s our favorite pet, but no cute little caviidae in the emoji. Wheek!

I still don’t like the cigarette emoji, but I guess once they added it in 2015, they couldn’t delete it.

Here is a complete list of all the emoji, according to PopSugar. What else is missing?

Our family’s Halloween tradition: Watch “The Nightmare Before Christmas,” singing along with all the songs. Great songs!

I must make my usual complaints about this Disney movie. The biggest is there’s only one major female character (Sally), who is Jack Skellington’s love interest. Would it have killed Tim Burton to have the Mayor, Doctor Finkelstein, or even Oogie-Boogie be women?

My favorite song from the movie is “Poor Jack.” I tend to sing these two stanzas when something doesn’t go quite right in my personal or professional life:

But I never intended all this madness, never,
And nobody really understood, how could they?
That all I ever wanted was to bring them something great.
Why does nothing ever turn out like it should?

Well, what the heck, I went and did my best.
And, by God, I really tasted something swell, that’s right.
And for a moment, why, I even touched the sky,
And at least I left some stories they can tell, I did

It’s quite cathartic!

For no particular reason, and in alphabetical order, my favorite episodes from the original Star Trek, aka, The Original Series.

Arena

Kirk and the captain of the Gorn ship are told to fight to the death as proxies for a space battle, but neither is happy about it

Balance of Terror

“Run Silent Run Deep” goes into space, with two canny submarine, ahem, starship captains battling the odds.

The Corbomite Maneuver

Appearances aren’t what they seem, and a vicious enemy may only be a lonely alien.

The Devil in the Dark

Not only is there a neat non-humanoid alien, but we get to see Kirk dealing with Federation civilians who aren’t impressed with his authority.

The Doomsday Machine

Captain Ahab takes on the white whale, as we get to see another starship and an argument about rank and Starfleet protocol.

Journey to Babel

We learn about Spock’s family, some of the other important species in the Federation, and what diplomacy is all about.

Let That Be Your Last Battlefield

A parable about race and law-and-order, as black-and-white aliens fight against white-and-black aliens.

Mirror, Mirror

We visit the Mirror Universe for the first time, a place that’s frankly a lot more interesting that the regular universe.

The Trouble with Tribbles

The funniest episode of Classic Trek, which is peculiarly meaningful because writer David Gerrold gave my wife one of the tribbles used on the show.

The Ultimate Computer

Can an AI-based computer operate a self-driving Enterprise? The anti-Elon Musk, Dr. Daystrom (shown), thinks so.

About a decade ago, I purchased a piece of a mainframe on eBay — the name ID bar. Carved from a big block of aluminum, it says “IBM System/370 168,” and it hangs proudly over my desk.

My time on mainframes was exclusively with the IBM System/370 series. With a beautiful IBM 3278 color display terminal on my desk, and, later, a TeleVideo 925 terminal and an acoustic coupler at home, I was happier than anyone had a right to be.

We refreshed our hardware often. The latest variant I worked on was the System/370 4341, introduced in early 1979, which ran faster and cooler than the slower, very costly 3031 mainframes we had before. I just found this on the IBM archives: “The 4341, under a 24-month contract, can be leased for $5,975 a month with two million characters of main memory and for $6,725 a month with four million characters. Monthly rental prices are $7,021 and $7,902; purchase prices are $245,000 and $275,000, respectively.” And we had three, along with tape drives, disk drives (in IBM-speak, DASD, for Direct Access Storage Devices), and high-speed line printers. Not cheap!

Our operating system on those systems was called Virtual Machine, or VM/370. It consisted of two parts, Control Program and Conversational Monitoring System. CP was the timesharing operating system – in modern virtualization terms, the hypervisor running on the bare metal. CMS was the user interface that users logged into, and provide access to not only a text-based command console, but also file storage and a library of tools, such as compilers. (We often referred to the platform as CP/CMS).

Thanks to VM/370, each user believed she had access to a 100% dedicated and isolated System/370 mainframe, with every resource available and virtualized. (I.e., she appeared to have dedicated access to tape drives, but they appeared non-functional if her tape(s) weren’t loaded, or if she didn’t buy access to the drives.)

My story about mainframes isn’t just reminiscing about the time of dinosaurs. When programming those computers, which I did full-time in the late 1970s and early 1980s, I learned a lot of lessons that are very applicable today. Read all about that in my article for HP Enterprise Insights, “4 lessons for modern software developers from 1970s mainframe programming.”