The day with the least sunshine, the winter solstice is here. Thursday, December 21, will be the shortest day of 2017 for anyone living north of the equator. Brian Resnick and Brad Plumer at Vox point out that if pagan rituals are your thing, this is probably a big moment for you.
If you are not a druid, the official first day of winter is notable for other reasons. The authors explain that the winter solstice occurs when the sun is directly over the Tropic of Capricorn or 23.5° south latitude. This will occur at exactly 11:28 am Eastern time on December 21, 2017.
Most people know why we have a winter solstice, but for the flat-worlders – the Earth orbits around the sun on a tilted axis (likely because our planet collided with some other massive object billions of years ago, back when it was still being formed).
So between September and March, Earth’s Northern Hemisphere gets less exposure to direct sunlight over the course of a day. The rest of the year, the north gets more direct sunlight and the Southern Hemisphere gets less. It’s the reason for the seasons.
How much sunlight you get on the winter solstice, depends on where you live. The farther north from the equator you are, the less sunlight you’ll get during the solstice — and the longer the night will be. Alaska climatologist Brian Brettschneider created this terrific guide for the United States.
If you live near the Arctic Circle, like my friend Mari, you’ll barely get any daylight during the solstice. Fairbanks, Alaska, for instance, will get three hours and 41 minutes. (If you live north of the circle, you’ll get none at all.)
For me, the reason the winter solstice is most notable, it marks the official first day of winter and the arrival of the coldest days of the year — usually in January or February, depending on where you live.
There’s a delay between when there’s the least sun and when the air temperatures are actually coldest. A big reason for this “seasonal lag” is that the Earth’s massive oceans absorb much of the sun’s energy and release it slowly, over time. The same thing happens in summer — there’s a delay between when solar insolation is at its most (the summer solstice in June) and when the hottest months are (usually July or August).
Today the solstices largely pass without much hoopla. But 5,000 years ago it meant a great deal to the druid and pagan inhabitants of the British Isles. The early Brits built Stonehenge which experts say marked ancient solstices and equinoxes. That’s because the structure is directly aligned toward the sunset during the winter solstice. (The sun also rises directly over the Heel Stone during the summer solstice.)
Teresa Wilson of the American Astronomical Society told the authors:
While the summer solstice draws a larger crowd, the winter solstice may have been more important to the ancient builders. At this time, cattle were slaughtered so the animals did not need to be fed through the winter, and wine and beer made previously had finally fermented.
Even today, humans still gather to pay homage to the winter solstice at Stonehenge.
rb-
At least the winter solstice at Stonehenge looks like a pretty good party. If you like sleeping in, it can arguably be one of the most exciting days of the winter. No annoying sun bothering you in the morning.
Related article
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
It’s almost a new year. Is your New Years’ resolution to get your Project Management Institute (PMI) mandated professional development units (PDU’s) for the year completed? Well, it should be… Here is a list of PM training resources to help you earn those PMI PDU’s. I hope you find these resources helpful!
Most of these fall under the PMI Self-Study (PDU Category C) requirements. If you take part in any of these activities and it was relevant to project management, had a specified purpose, and used knowledgeable resources then you can claim 1 PDU for each hour spent on this as “self-study”. There are a maximum of 30 PDU’s for this and any other Category C activities per recertification period (3 years).
You can earn up to 30 PMI (Category C) PDU’s by reading books. Some of the recommended include:
Results Without Authority: Controlling a Project When the Team Doesn’t Report to You by Tom Kendrick – It’s hard enough to lead a project when you’re the boss. Leading a project team that doesn’t report to you is a whole new challenge in itself. Mr. Kendrick walks through how to motivate a team to contribute to a project’s success.
Alpha Project Managers: What the Top 2% Know That Everyone Else Does Not by Andy Crowe – Using data from a survey of more than 800 project managers from around the world, Mr. Crowe looks at what traits and practices make the top 2% of PM’s rise above the rest. Readers will walk away with actionable steps they can take to rise to the top.
Delivering Bad News in Good Ways: Turn Difficult Conversations into Purposeful Dialogue, Positive Outcomes, & Focused Results in 3 Easy Steps by Alison Sigmon – While there are a lot of books out there about the proper ways to deliver bad news, this one is directed at PMs. Ms. Sigmon gives project managers a defined process to not only break the bad news but also improve communication over the long term.
Making Things Happen: Mastering Project Management by Scott Berkun – Drawing from his years leading technology projects at Microsoft (MSFT), Mr. Berkun offers readers field-tested philosophies and strategies for defining, leading, and managing projects. If you’re leading technology projects, this is a must-read.
Adaptive Project Management: Leading Complex and Uncertain Projects by Andy Silber – Mr. Silber presents a new methodology, Adaptive Project Management, in this book. He explains how to succeed or fail fast for projects that are too uncertain to use waterfall project management and too complex to succeed with agile project management.
The Effective Executive: The Definitive Guide to Getting the Right Things Done by Peter F. Drucker – An oldie but a goodie. Don’t let the title dissuade you from reading. Mr. Drucker’s lessons about time management, prioritization, and effective decision-making can be applied to any knowledge worker.
Getting Things Done: The Art of Stress-Free Productivity by David Allen – The book that started it all; this is the definitive guide to GTD. In the age of multitasking and information overload, Getting Things Done is the book we need to find focus.
Getting Things Done. In this podcast enhancement to the book. Mr. Allen talks with people who are in different stages of their GTD journey and offers practical tips for building your own GTD systems.
The Checklist Manifesto: How to Get Things Right by Atul Gawande – Mr. Gawande, a renowned surgeon, and New Yorker writer, is a proponent of the simple checklist. At first glance, the subject sounds like it could be just another dry how-to book, but his anecdotes and writing skills take this one to another level. He expertly blends storytelling, science, and productivity.
The Productivity Project: Accomplishing More by Managing Your Time, Attention, and Energy by Chris Bailey – After college, Mr. Bailey turned down two lucrative job offers and instead funneled his energy into chronicling productivity experiments on his blog. This book has the results of these experiments, plus interviews with leading productivity experts and 25 takeaway lessons that the reader can apply to everyday life.
The Power of Habit by Charles Duhigg – Mr. Duhigg explains the science of how habits work — and how we can change them. About 40% of the actions we do in a day are habits — so we’re on autopilot for almost half our life. Identifying what triggers your habits is key.
You can earn up to 30 PMI (Category C) PDU’s by listening to podcasts. Some good ones are:
The Project Management Podcast. Hosted by Cornelius Fitcher, the PM Podcast has more than 300 free and paid podcasts. He brings in PM experts to talk about a variety of topics, everything from how to become a PM to managing unknown risks.
The People and Projects Podcast. Andy Kaufman interviews experts on PM, productivity, and management on his People and Projects Podcast. He releases a new podcast every three to four weeks.
The Lazy Project Manager. Hosted by Peter Taylor, this podcast began in 2013 after he published his best-selling book by the same name. Mr. Taylor is described as “one of the most entertaining and inspirational speakers in project management today.” Topics and themes really run the gamut on this podcast, with new podcasts being released at least once a month.
PM for the Masses. Cesar Abeid brings a lot of guests to his popular podcast. Topics cover everything from public speaking to methodology to careers.
The Tim Ferriss Show. Hosted by Tim Ferriss, author of The 4-Hour Work Week, this podcast was the first business/interview podcast to pass 100,000,000 downloads. He brings on well-known personalities to dissect what tools, techniques, and tactics they used to get where they are.
Back to Work. In this award-winning podcast, Merlin Mann and Dan Benjamin discuss productivity, constraints, tools, and communication. Mann and Benjamin offer a nice balance of clever banter and teaching in every one-hour episode.
MOOCs can get online the opportunity to take a class from institutions around the world.
edX – Was founded in 2012 and is governed by more than 90 global partners. EdX is the only leading MOOC provider that is both nonprofit and open source.
Project Risk Assessment – University of Michigan – In this course, you will learn how to conduct risk analysis of different projects using both conceptual and practical developments in modern finance. – Self Paced – Verified Certificate $99.00
Strategic Applications of IT Project & Program Management – University of Washington – This course focuses on learning project management methodologies in the IT field, and why they are effective. This course introduces you to project management standards and frameworks that increase efficiency and deliver tangible business benefits to IT projects. – Self Paced – Verified Certificate $79.00
International Project Management – Rochester Institute of Technology – This course addresses the knowledge, skills, and behaviors required to successfully manage projects that span organizations, national boundaries, and cultural differences. – Starts on May 17, 2018 – Verified Certificate $150.00
Coursera – Agile Development Specialization – This course provides a beginner overview of the Agile methodology, specifically within software projects. You’ll learn to coördinate all aspects of the agile development process, including running design sprints, managing teams, and fostering a culture of experimentation. – Cost: $49 monthly Coursera subscription
Lynda.com – The online learning platform Lynda.com offers more than 90 courses related to project management. Many of these courses qualify for PDU’s through PMI. – Cost: Free for the first 30 days, then $19.99 per month – Start date: On-Demand
Project Management Institute (PMI) – Everyone’s go-to project management resource is PMI. Their website is chock full of helpful information, including articles, white papers, online courses, and webinars
Microsoft Project Users group – MPUG is recognized as the official Industry Association for Microsoft® Project. MPUG delivers PMI PDU eligible online training, deep-dive certificate series sessions, hundreds of on-demand training videos helpful articles and resources, as well as a community forum for all your Microsoft Project Questions. $99.00 annual membership
A Girl’s Guide to Project Management – PM expert Elizabeth Harrin, writes about a variety of project management topics. Her strength is writing about careers, leadership, and teams within the PM space. She also provides free templates and toolkits to help PMs excel at their jobs.
Project Times – A well-curated site of helpful articles, webinars, white papers, and case studies about project management. Project Times isn’t afraid to post the offbeat (i.e., “Why Project Managers Shouldn’t Wear Man Buns”), which makes for a fun read.
Harvard Business Review – While HBR isn’t solely focused on PM, its focus on management, leadership, and careers is beneficial and applicable to any office dweller. They hide their content behind a paywall.
Herding Cats – Glen Alleman writes about a variety of topics related to Agile methodology and project management.
CIO – The project management section of the CIO website has some great content within the context of IT and tech PM. Articles cover everything from implementing an ERP system to managing project budgets.
What is your favorite source for PDU’s Let me know and I will add it to the list in the comments.
Related article
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
This week marks the 25th birthday of text messages. Texting is more properly known as SMS. On Dec. 3, 1992, 22-year-old Sema Group software architect Neil Papworth typed the first SMS (Short Message Service) message, “Merry Christmas” on a computer and sent it over a GSM network in the UK, to an Orbitel 901 handset owned by then-Vodafone director Richard Jarvis.
In 1993, a year after the first text message was sent, Nokia (NOK) set up the first commercial SMS service in Finland. Nokia was the first handset manufacturer whose total GSM phone line supported users sending SMS text messages. In 1997, Nokia became the first manufacturer to produce a mobile phone with a full keyboard: the Nokia 9000i Communicator.
SMS adoption was slow at first, with only 0.4 text messages sent per month in 1995. The fact that UK users could only send SMS messages to those on the same network was a big problem until the restriction was lifted in 1999. However, as smartphone technology developed and text messages became easier to use, SMS popularity ballooned. As mobile phones became more popular, texting skyrocketed. By 2007, the Brits were sending 66 billion SMS messages a year and in 2012, they sent 151 billion texts.
In the U.S. SMS was slower to catch on, mainly because mobile operators charged more for texts and less for voice calls, and because of the popularity and availability of PC-to-PC instant messaging or IM. However, in the United States, 45 billion text messages were sent per month in 2007, a figure that became 167 billion per month in 2011. In June 2017, 781 billion text messages were being sent in the United States per month according to the experts.
| Month | Number of Text Messages Sent Each Month | Increased Number of Text Messages Sent YoY | % Increased Number of Text Messages Sent YoY |
|---|---|---|---|
| June 2017 | 781.000,000,000 | 147,000,000,000 | 431.3% |
| June 2016 | 634,000,000,000 | 73,000,000,000 | 768.5% |
| June 2014 | 561,000,000,000 | 63,000,000,000 | 790.5% |
| June 2013 | 498,000,000,000 | 75,000,000,000 | 564.0% |
| June 2012 | 423,000,000,000 | 56,000,000,000 | 655.4% |
| June 2011 | 367,000,000,000 | 126,000,000,000 | 205.8% |
| June 2010 | 247,000,000,000 | 86,000,000,000 | 187.2% |
| June 2009 | 161,000,000,000 | 86,000,000,000 | 87.2% |
| June 2008 | 78,000,000,000 | 30,000,000,000 | 150.0% |
| June 2007 | 45,000,000,000 | 32,500,000,000 | 38.5% |
| June 2006 | 12,500,000,000 | 5,250,000,000 | 138.1% |
| June 2005 | 7,250,000,000 | 4,390,000,000 | 65.1% |
| June 2004 | 2,860,000,000 | 1,660,000,000 | 72.3% |
| June 2003 | 1,200,000,0002 | 270,000,000 | 344.4% |
| June 2001 | 33,000,000 | 21,000,000 | 57.1% |
| June 2000 | 12,000,000 |
These new chat applications also marked a more fundamental shift away from an open standard that anyone could use (even if your operator charged you) to closed messaging systems controlled by technology giants. Text messages, however, might not be going away soon. SMS is a very practical and easy-to-use communication method, especially for areas and countries that do not have reliable internet connections.
Related article
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Sophos has recently uncovered a new trend of cyber DIY’ers who are breaking into computers one at a time and manually running ransomware on them. Apparently, these purveyors of bespoke malware are tired of the mass distribution channels employed by WannaCry and NotPetya.
Why bother using stolen NSA exploits or sending millions of booby-trapped email attachments when you can do it yourself. For whatever reason, some cyber-criminals have decided that if you want something doing properly, you have to do it yourself.
The Naked Security blog points out that many companies, notably small businesses, outsource their IT to, or pay for lots of help from, outside contractors. These contractors might live in another part of town, or elsewhere in the country, or even on the other side of the world. To let remote sysadmins look after your Windows networks, the most widely used tool is Microsoft‘s (MSFT) own Remote Desktop Protocol or RDP for short.
For those who haven’t used it, the author describes RDP as a tool that allows remote use even of fully graphical applications that can’t be scripted or operated via a command prompt. They can work like being right on-site. That means that the RDP password you’ve chosen for your remote sysadmin (or that you’ve let them choose for themselves) is essentially the key to your office – a weak password is like a server room door that’s propped open, inviting any passing snooper to take a look inside.
So, if the crooks using a network search engine such as Shodan, notice that you’ve got RDP open to the internet, they’ll take a poke around. Sophos security experts who’ve investigated a number of recent RDP attacks have often found evidence that a tool called NLBrute was used to try a whole range of RDP passwords – a so-called brute force attack – in the hope of sneaking in.
Once they’ve got your RDP password – whether they use NLBrute, or simply look you up on Facebook to find your birthday and your pet’s name – they’ll log on and immediately create various brand new administrative accounts. That way, even if you get rid of the crooks and change your own admin password, they’ve already got backup accounts they can use to sneak back in later.
Here’s what you can expect to happen next, based on what Sophos has seen in the attacks they have investigated:
Step 1: The crooks download and install low-level system tweaking software, such as the popular Process Hacker tool. Tools of this sort are regularly used by legitimate sysadmins for troubleshooting and emergency recovery. The bad guys can also use it for no good. They can modify the operating system, kill off processes, delete files, and change configuration settings that are usually locked down.
Step 2: The cybercriminals turn off or reconfigure anti-malware software, using the newly installed tweaking tools.
Step 3: The bad guys go after the passwords of administrator accounts. If they can’t get an admin password, they may try logging in as a regular user and running hacking tools that try to exploit unpatched vulnerabilities to get what’s called EoP, or elevation of privilege.
EoP means that already logged-on users can sneakily promote themselves to more powerful accounts to boost their powers. Sophos has seen EoP tools left on attacked systems that tried to abuse vulnerabilities dubbed CVE-2017-0213 patched by Microsoft in May 2017 and CVE-2016-0099, patched by Microsoft back in March 2016.
Step 4: The crooks turn off database services (e.g. SQL) so that vital database files can be attacked by malware. Files such as SQL databases are usually locked while the database server software is active, as a precaution against corruption that could be caused by concurrent access by another program. The side-effect of this is that malware can’t get direct access to database files either, and therefore can’t scramble them to hold them to ransom.
Step 5: The crooks turn off Volume Shadow Copy (the Windows live backup service) and delete any existing backup files. Shadow copies act as real-time, online backups that can make recovery from ransomware a quick and easy process. That’s why crooks often go looking for shadow copies first to remove them.
Step 6: The crooks upload and run ransomware of their choice. Because these DIY criminals have used their illegitimate sysadmin powers to rig the system to be as insecure as they can, they can often use older versions of ransomware, perhaps even variants that other crooks have given up on and that are now floating around the internet “for free”.
These bespoke hacks mean the crooks don’t have to worry about using the latest and greatest malware, or setting up a command-and-control server, or running a hit-and-hope spam campaign.
In one attack, Sophos saw a folder on the desktop containing four different types of ransomware. The crooks ran each in turn until one of them worked.
Many ransomware attacks are distributed indiscriminately, and therefore rely on a “pay page” – a Dark Web server set up specially to tell victims how much to pay, and how to pay it.
But the author notes these RDP crooks are already personally involved to the extent of logging into your network themselves, so there’s often what you might call a “personal touch”.
Rather than automatically squeezing you via a website, the blog says you’ll probably see a pop-up telling you to make contact via email to “negotiate” the release of your data. At the time of writing the Bitcoin address used by that attacker contained BTC 9.62, with 1 bitcoin valued at $11,388.33 (11-28-2017) currently worth almost $110,000.
The Sophos investigators found that the victims of this kind of attack are almost always small-to-medium companies: the largest business in our investigation had 120 staff, but most had 30 or fewer. With small-scale comes a dependence on external IT suppliers or “jack-of-all-trades” IT generalists trying to manage cybersecurity along with many other responsibilities.
In one case a victim was attacked repeatedly, because of a weak password used by a third-party application that demanded 24-hour administrator access for its support staff.
Sophos recommends these steps to cut your risk of becoming a victim of DIY Ransomware:
Related article
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
