Discover how mastering email communication can boost business efficiency, avoid common pitfalls, and ensure secure, respectful online interactions.
Turkey Revenge
The turkeys are pissed this Thanksgiving they are seeking revenge.
Germs Infest 60% of Americas Phones
60% of Americans sleep with their phones, harboring germs. Cleaning regularly with UV sanitizer or alcohol wipes can help keep your phone and bed germ-free.
Smartphone Sanitizing: A Practical Guide
Securely erase personal data from your old smartphone before recycling. Protect your identity from hackers—easy steps to follow.
Why Soft Skills Matter in Today’s Job Market
Boost your career with essential soft skills like communication, teamwork, and emotional intelligence. Learn why they’re crucial for workplace success.
What is Bitcoin?
Bitcoin is the name of probably the best-
known cryptocurrency or digital currency or digital gold or virtual money. A cryptocurrency is a medium of exchange, such as the US dollar, but is digital and uses encryption techniques to control the creation of monetary units and to verify the transfer of funds. Blockchain is the technology that enables the existence of cryptocurrency.
The cryptocurrency has populist roots. It made its debut in relative obscurity at the start of 2009, when the great recession financial crisis was still raging. A person or group of people known as Satoshi Nakamoto purportedly created the bitcoin protocol and reference software. The populist ideology behind Bitcoin is to take power out of the hands of the central bankers and governments who usually control the flow of currency.
Bitcoin is both a digital currency and a payment system. The basic idea behind Bitcoin is that you can use it to pay for things without a third-party broker, like a bank or government. The value of a bitcoin depends on the bitcoin market at the time. One bitcoin = 100,000,000 Satoshi like 1 dollar = 100 cents. There are no transaction fees and no need to give your real name. Merchants have to pay transaction fees on each credit card sale of 2.5% to 3.5% to the likes of Visa, MasterCard, or Discover.
Think of Bitcoin like one big ledger shared by all the users: When you pay for something with bitcoin or get paid, then your transaction is recorded on the ledger to ensure there is no double spending of the currency.
Members of the network collectively contribute processing power from their computers to maintain Bitcoin’s integrity. And every time a transaction is made, a record of it is sent out to be recorded in a public ledger where the transactions are effectively set in stone. Anyone can download and install the Bitcoin software for free so these records are distributed permanently across the entire network. This publicly distributed ledger is called the blockchain.
In order to get more Bitcoins, computers running bitcoin software compete to confirm the transaction by solving a complex cryptographic equation, and the winner is rewarded with more bitcoins. Currently, a winner is rewarded with 25 bitcoins roughly every 10 minutes. The process is known as “mining”. Don’t get too wrapped up in Bitcoin mining because only the computer powerhouses get their bitcoins this way.
The Consumerist explains that Bitcoin mining math is complicated and hard to forge, so the blockchain stays accurate. Because anyone can download and install the Bitcoin software for free, the payment processing and record-keeping for Bitcoin is done in a widely distributed way, and not on one particular server.
When blockchains are created, so are new bitcoins — but there’s a hard limit to how many will ever exist. The system was designed to create more bitcoins at first, then to dwindle exponentially over time. The first set of blockchains each created 50 bitcoins. The next set each created 25 bitcoins, and so on. New blockchains are created roughly every 10 minutes no matter what; when more computers are actively mining, the program they’re running gets harder (and therefore slower) to compensate. The Bitcoin FAQ estimates that the last bitcoin will be mined in the year 2140, bringing the permanent circulation to just under 21 million. (Currently, there are roughly 15.8 million bitcoins in the world.)
In order to use Bitcoin, you’ll have to install a “bitcoin wallet” app on your phone or computer, and then buy them from a bitcoin exchange. A bitcoin digital wallet is a kind of virtual bank account that allows users to send or receive bitcoins, pay for goods or save their money via an exchange of public and private security keys. Bitcoin wallets can exist either in the cloud or on a user’s computer. The wallets have all the risks of any other app on your device or in the cloud. Unlike bank accounts, the FDIC does not insure bitcoin wallets. CNN Money points out some of the risks in using bitcoin.
In order to buy bitcoins, you have to use a marketplace called “bitcoin exchanges” which allow people to buy or sell bitcoins using different currencies. These exchanges have a dubious history.
Bitcoin exchanges are vulnerable to hacking, collapse or a ”run on the bank.” A run on a bank occurs where customers are scared and demand to withdraw their deposits so fast that the bank makes payments and shutdowns. If something like that happens, good luck getting your money back: This isn’t like an FDIC-insured bank account.
Bitcoin can be used in a few places; Marketwatch says there doesn’t seem to be much rhyme or reason to where you can use Bitcoin:
- Watch the Sacramento Kings
- Get a date on OkCupid.
- Buy stuff on Overstock.com
- Buy games from “Farmville” creator Zynga
- Buys a Tesla Model S from a car dealer in California
- Buy digital content for Microsoft (MSFT) Xbox.
rb-
The use of bitcoins in Michigan has not really taken off. Last summer, according to the FreeP, there were only a handful of businesses in metro Detroit that took bitcoin included:
- Athenian Coney Island – Novi
- Bronx Deli – Farmington Hills
- Chickpea in the D – Detroit
- Donald Katz Law – Birmingham
- Gracie’s Pastaria – Inkster
- Papa Romano’s Pizza – Troy
- Saturn Printing – Livonia
- Toys from my Attic – Royal Oak
- Urban Bean Coffee – Detroit
Related articles
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized |
Tags: 2016, Bitcoin, Blockchain, Business, cryptocurrency, Detroit, FDIC, Michigan, Microsoft, MSFT, Mt.Gox, Occupy Wall Street, Tesla Model S
Chatbot Risks
Chatbots are the latest rage on social media. As Time explained, they have been around since the 1960s. That’s when MIT professor Joseph Weizenbaum created a chatbot called ELIZA. Chatbots found a home on desktop messaging clients like AOL Instant Messenger. Chatbots went dormant as messaging transitioned away from desktops and onto mobile devices.
But they’re poised for a resurgence in 2016. There are two reasons for this. First, artificial intelligence and cloud computing has gotten better thanks to improvements in machine learning. Second, bots could be big money.
Tech titans have chatbots on social media
All the tech titans have released social bots on the web; Apple’s (AAPL) Siri, Facebook’s (FB) “bots on Messenger“, Google’s (GOOG) Allo, and Microsoft’s (MSFT) ill-fated Tay. They believe there’s a buck to be made here, and they’re scrambling to make sure they don’t get left out.
The July issue of the Communications of the ACM included an article, “The Rise of Social Bots,” which lays out social bots’ impact on online communities and society at large. The authors define a social bot as a computer algorithm that automatically produces content and interacts with humans on social media, trying to emulate and possibly alter their behavior.
The Business Insider published this infographic about the social bot ecosystem.
Chatbots can be deceptive
The ACM article argues that social bots populate techno-social systems; they are often benign, or even useful, but some are created to harm by tampering with, manipulating, and deceiving social media users. The article offers several examples of how social bots can be a hindrance. The first example involves the Twitter (TWTR) posts around the Boston Marathon bombing. The researcher’s analysis found that social bots were automatically retweeting false accusations and rumors. The researchers argue that forwarding false claims without verifying the false tweets granted the false information more influence.
The ACM article also discusses how social bots can artificially inflate political candidates. During the 2010 mid-term elections some politicians used social bots to inject thousands of false tweets to smear their opponents. This type of activity puts the integrity of the democratic process at risk. These types of attackers are also called astroturfing, or twitter-bombs.
Anti-vaxxer chatbots
The article offers another example of the use of social bots to influence an election in California. During the recent debate in California about a law on vaccination requirements there appears to be widespread use of social bots by opponents to vaccinations. This social bot interference puts an unknown number of people at risk of death or disease.
Greed is the most likely use of social bots. One example from the article is the April 2013 hack of the Twitter account of the Associated Press. In this case, the Syrian Electronic Army used the hacked account to posted a false statement about a terror attack on the White House which injured President Obama. This false story provoked an immediate $136 Billion stock market crash as an unwarranted result of the widespread use of social bots to amplify false rumors.
Chatbots manipulate social media reality
Research has shown that human emotions are contagious on social media. This means that social bots can be used to artificially manipulate social media users’ perception of reality without being aware they are being manipulated. The article says the latest generation of Twitter social bots has many “human-like” online behaviors that make it difficult to separate bots from humans. According to the authors, social bots can:
- Search the web to fill in their profiles,
- Post pre-collected content at a defined time
- Engage in conversations with people,
- Infiltrate discussions and add topically correct information.
Some bots work to gain greater status by searching out and following popular or influential users or taking other steps to garner attention. Other bots are identity thieves, adopting slight variants of user names to steal personal information, picture, and links.
Strategies to thwart bad chatbots
The authors review several attempts to thwart these growing sophisticated bots.
1. Innocent-by-association – This theory measured the number of legitimate links vs. the number of social bots (Sybil) links a user has. This method was proven to be flawed. Researchers found that Facebook users are pretty indiscriminate when adding users. The article says that 20% of legitimate Facebook users accept any friend request and 60% accept friend requests with only one contact in common.
2. Crowdsourcing – Another approach to stop social bots is crowdsourcing. The crowdsourcing approach would rely on users and experts reviewing an account. The reviewers would have to reach a majority decision that the account in question was a bot or legit. The authors pointed out some issues with crowdsourcing.
- It will not scale to large existing social networks like Facebook or Twitter.
- “Experts” need to be paid to check accounts.
- It exposes user’s personal information related to the account to unknown users and “experts.”
3. Feature-based detection is the third method the researchers noted by the authors. Feature-based bot detection uses behavior-based analysis with machine learning to separate human-like behavior from bot-like behavior. Some of the behaviors that these types of applications include:
- The number of retweets.
- Age of account.
- Username length.
4. Sybil until proven otherwise – The Chinese social network RenRen uses the fourth method noted by the author. This network uses a “Sybil until proven otherwise” approach. According to the article, this approach is better at detecting unknown attacks, like embedding text in graphics.
rb-
While people’s ability to critically assimilate information, is beyond technology, the authors call for new ways to detect social bot-generated spam vs. real political discourse.
The researchers speculate there will not be a solution to the social bot problem. The more likely outcome is a bot arms race, like what we are seeing in the war on SPAM and other malware.
Related articles
- Man vs. Machine: What do Chatbots Mean for Social Media? (blogs.adobe.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized |
Tags: 2016, AAPL, AOL, Apple, Artificial intelligence, Associated Press, Bot, Chat, Chatbot, Cloud computing, Eliza, Facebook, FB, GOOG, Google, Machine learning, Microsoft, MSFT, Politics, Security, Sybil, Twitter, TWTR, White House
Slam the Door on Hackers
Last year two white-hat hackers Charlie Miller and Chris Valasek, remotely compromised a Jeep Cherokee. The cybersecurity researchers used existing functionality in the car to take control. They were able to disable the car’s transmission and brakes, while the vehicle was in reverse, and take over the steering wheel.
The Verge reports the researchers are back and have compromised their Jeep Cherokee, fooling the car into doing dangerous things. Things like turning the steering wheel or activating the parking brake at highway speeds. This year’s attack requires physical access to the car.
Hackers use the diagnostic port
The team used a laptop connected to the OBD II engine diagnostic port to control even more vehicle systems. The Verge says the researchers were able to update the electronic control unit. This allowed them to take control of the steering at any time. They could turn the steering wheel at any speed, activate the parking brake, or adjust the cruise control settings.
Electronic control unit
Most operations in a car have their own designated electronic control unit (ECU) controller. Some ECU’s manage things like a car’s navigation and entertainment systems. Others manage more critical systems like braking and fuel injection.
A connected car’s ECUs all operate on one network, self-contained within the vehicle. Tel Aviv start-up Karamba co-founder David Barzilai, warns. “If hackers gain access to just one of these controllers, they can get to all of them.”
Harden ECU
The Israeli company hopes to sell Carwall Detroit automakers. Carwall is a tool that installs anti-hacking technology into chip-bearing auto parts before they hit the assembly line. Rgis could prevent hackers from crashing your new connected car. Mr. Barzilai told TechCrunch the startup’s technology can head off hackers at the pass. Carwall “hardens” the controllers, or small computers, within a vehicle that are externally connected.
Karamba’s Carwall is installed on the controllers, either as a retrofit or before the controllers are built into new cars. The software locks in the factory settings, and prevents any foreign code or banned behaviors from running on them. This essentially blocks a hackers ability to reach into a car’s CAN Bus, and mess with the car’s critical functions.
“If indeed we are successful – if all hacks are blocked – then [you] don’t have to worry,” said Karamba’s Barzilai. “A hack that crashes your software is bad enough. A hack that crashes your car takes it to a whole new level.”
Karamba’s technology is designed to monitor every bit of code that tries to run on the ECUs and to make sure it comes from legitimate sources. “We are the gatekeepers,” Mr. Barzilai told MiTechNews.
Out of stealth mode
TechCrunch says Karamba has not yet scored a contract with top automotive suppliers that make ECU’s. They are targeting firms like Continental, Robert Bosch, Delphi Automotive, or Panasonic. But it has only just emerged from stealth and begun to shop its security software around.
YL Ventures has invested $2.5 million to fund Karamba’s growth, MiTechNews reported. Compared with the funding that some Silicon Valley security companies pick up, that’s not a huge amount. But it’s enough to move CEO Ami Dotan to Ann Arbor, where he’ll start making sales calls.
Karamba isn’t alone in attacking car security. Symantec (SYMC), the old school antivirus firm is working on auto security within its “internet of things” unit. Symantec recently released a white paper “Building Comprehensive Security into Cars,” (PDF) detailing the many electronics and sensors that have to be protected.
rb-
Chrysler is doing a small part to reduce connected car hacking. They recently launched a bug bounty program with Bugcrowd that will pay out as much as $1,500 per bug found. On the other hand, Apple is offering a bug bounty of up to $200,000 for bugs that won’t kill you.
Related articles
- Latest Jeep hack reminds us why we should keep our cars’ software updated (digitaltrends.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
More IRS Tech Troubles
The U.S. gooberment agency in charge of extorting collecting taxes from citizens, but not businesses, has more IT troubles. In the past, the IRS has had problems with hackers attacking its online systems which exposed more than 720,000 taxpayer accounts. It has had data breaches that released 101,000 taxpayer SSNs, Its internal processes are so weak that the IRS could not find 1,300 PC’s to complete the upgrade from Windows XP.
The latest report says that the IRS off-boarding processes are so porous that former employees have “unauthorized entry.” Former employees have access to workplaces, IRS computers, taxpayer information, and could allow them to misrepresent themselves to taxpayers, according to an article at Nextgov.
The article cites a new watchdog report. In the report, there was a random sampling in 2014 that said the IRS couldn’t verify it had recovered all security items from more than 66 percent of roughly 4,100 “separated” employees. The employees had left due to retirement, resignation, death, etc.
If the IRS had just checked with me, this would not have been a surprise. In 2014 wrote about this issue. Lieberman Software released the results of a survey of IT security professionals. 13% of IT Pros at the RSA Conference 2014 admitted to being able to access previous employers’ systems using their old credentials. Perhaps even more alarming is that of those able to access previous employers’ systems nearly 23% can get into their previous two employers’ systems using old credentials.
rb-
This is just another example of why passwords suck. If the tax collectors used a two-factor authentication (2FA) process, chances are must greater that ex-employees would not be able to access taxpayer’s records. Two-factor authentication is a security process where the user provides two means of identification from separate categories of credentials.
An authentication factor is an independent category of credentials used for identity verification. The three most common categories are often described as something you know (the knowledge factor), something you have (the possession factor), and something you are (the inheritance factor). For systems with more demanding requirements for security, location and time are sometimes added as fourth and fifth factors.
One rising authentication measure is biometrics. Biometrics is the measurement and statistical analysis of people’s physical and behavioral characteristics. The technology is mainly used for identification and access control. The basic premise of biometric authentication is that everyone is unique and an individual can be identified by his or her intrinsic physical or behavioral traits. An individual’s biometric uniqueness can fulfill the inheritance factor of identify verification (“something you are”). Using biometrics in its various forms (I have written about different forms of biometrics on the Bach Seat; voice, brain waves, retina scan, behavioral biometrics, etc.) when combined with a strong password can form a 2FA.
There are drawbacks to using biometrics for authentication too.
Related articles
- Global Two-factor Biometrics Industry to Grow at a CAGR of 22.87% to 2020 (newsmaker.com.au)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized |
Tags: 2016, 2FA, Biometrics, Hack, IRS, Passwords, Security, Two-factor authentication, US Government
Ethernet Marches On
It has been a while since we talked about networking on the Bach Seat. So it is time to get back to my roots. Ethernet continues to dominate the world. The Institute of Electrical and Electronics Engineers (IEEE) 802.3 Ethernet Working Group, the group responsible for the Ethernet standard, recently ratified 4 new Ethernet-related standards. The committee approved IEEE 802.3bp, IEEE 802.3bq, IEEE 802.3br, and IEEE 802.3by.
IEEE 802.3br has implications for IoT and connected cars. This new standard addresses the needs of industrial control system manufacturers and the automotive market by specifying a pre-emption methodology for time-sensitive traffic. IEEE 802.3bp addresses how Ethernet operates in harsh environments found in automotive and industrial applications.
The 2 more interesting new standards to networkers are IEEE 802.3bq and IEEE 802.3by. These standards help define how 25 GB and 40 GB Ethernet will work and more importantly how products from multiple vendors should interoperate in the data center. For a summary of the rationale for the new standard here is the IEEE presentation (PDF).
IEEE 802.3bq, “Standard for Ethernet Amendment: Physical Layer and Management Parameters for 25 Gb/s and 40 Gb/s Operation, Types 25GBASE-T and 40GBASE-T“, opens the door to higher-speed 25 Gb/s and 40 Gb/s twisted pair solutions with auto-negotiation capabilities and Energy Efficient Ethernet (EEE) support for data center applications.
IEEE 802.3by, “Standard for Ethernet Amendment: Media Access Control Parameters, Physical Layers, and Management Parameters for 25 Gb/s Operation”, introduces cost-optimized 25 Gb/s PHY specifications for single-lane server and switch interconnects for data centers.
Siemon’s Standards Informant explains that 25GBASE-T will be backward-compatible with existing BASE T technology and both 25GBASE-T and 40GBASE-T are planned for operation over TIA category 8 cabling. The deployment opportunity for 25GBASE-T is aligned with 40GBASE-T and defined as the same 2-connector, 30-meter reach topology supporting data center edge connections (i.e., switch to server connections in row-based structured cabling or top of rack configurations).
The standard’s ratification comes shortly after the Telecommunications Industry Association (TIA) approved its standard specifications for Category 8 cabling, the twisted-pair type designed to support 25GBase-T and 40GBase-T.
Though 25 Gigabit Ethernet is only now becoming an official standard, Enterprise Networking Planet reports that multiple vendors already have technologies in the market. Among the early adopter of 25 GbE is Broadcom (AVGO) which announced back in 2014 that its StrataXGS Tomahawk silicon would support 25 GbE. In 2015, Arista (ANET) announced its lineup of 25 GbE switches. Cisco (CSCO) is also embedding 25 GbE support in some of its switches including the Nexus 9516 switch.
That is where 25-Gb/s Ethernet comes in. It uses the same LC fiber cables and the SFP28 transceiver modules are compatible with standard SFP+ modules. This means that data-center operators can upgrade from 10 GbE to 25 GbE using the existing installed optical cabling and get a 2.5X increase in performance.
The IEEE 25GbE standard seems to have come out of nowhere, (especially considering the L O N G D R A W N O U T 8 0 2 . 1 1 n process but the technology actually came into being as the natural single-lane version of the IEEE 802.3ba 100-Gb/s Ethernet standard. The 100-Gb/s Ethernet standard uses four separate 25-Gb/s lanes running in parallel, so defining a single lane makes it a straightforward and natural subset of the 100-Gb/s standard.
rb-
I
EEE P802.3by and P802.3bq were initially targeted for server connections in mega data centers like Amazon, Facebook, and Google. In the next 5 years, 25G will be the next mainstream server upgrade from 10G, even for smaller data centers. SMB data centers will be facing a connectivity crisis in the future as the pace of virtualization increases.
According to IDC, the typical virtualized server supported about 10 virtual machines (VMs) in 2014 and will support in excess of 12 VMs by 2017. In many organizations, the majority of production workloads are already virtualized and almost all new workloads are deployed on virtualized infrastructure, placing inexorable stress on server connectivity.
In order to accommodate this growth Twinax copper and short-reach MMF are included in the “by” standard, while 25GBASE-T (twisted pair) was added to the existing 40GBASE-T “bq” project making 25G possible in smaller data centers without having to re-wire the data center.
Related articles
- 5 Methods For Improving Data Center Efficiency (electronicdesign.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized |
Tags: 2016, 802.3, 802.3az, 802.3bp, 802.3bq, 802.3br, 802.3by, Arista Networks, BRCM, Broadcom, Cisco, Connected cars, CSCO, Data center, Fiber optic cable, IEEE, IOT, Networking, SFP, Standards, Twisted pair cable