[syndicated profile] epbot_feed

Posted by Jen

Oh yes, there's still more.


Let's start off with this epic group of elves from Lord of the Rings:


Just after I took this some little kids jumped in dressed as Bilbo and Gollum, and the reactions were priceless:


Kid Gollum was really into character, and so incredibly creepy that he totally stole the show:

See what I mean??

Here's just the kids later on:


Remember how I said Gollum was really into character? 

It's amazing I ever caught them both standing still!


K, moving on, here's a gender-swapped Jareth from Labyrinth:


And a group of Disney princesses:

Nice to see both Kida and Giselle in there - you don't see them much!

Pretty sure these are both from Mass Effect:


This group, too:



This Sailor Moon Cinderella was actually playing a video game strapped to someone's back (because Dragon Con!), and gave me some fabulously cheesy poses with the controller:


Another great mashup: Halo Kitty. (Get it??)

Check out the light-up whiskers!

Now how about a kitty Ghostbuster?

And can we all stop for a moment to appreciate that Caution sign on his waist? Ha!


Here's another group I took too many pictures of - this time from John's favorite game, Skyrim:


The two on either side are Draugr, undead warriors, which look like this in-game:

 
 Those glowing eyes are fantastic - and see all the arrows sticking out of him?

The woman in the middle is wearing Nightingale Armor, which looks like this:


Here's a better group shot, this time with an armored knight:

Btw, the two Draugrs are husband and wife, and you can see some amaaazing build photos over on his site, Punished Props.

You see a lot of TARDIS dresses, but this couple went all out and had the guy dress as one, too!

Love her white hair and his hat.

How many cons have both Mary Poppins AND Mrs. Banks out together?


And you see Barf from Space Balls in his regular jumpsuit pretty often, but almost never in the guard uniform from the prison break:

Remember this scene? Ha! Great prop choice. 

A cutie patootie Pinkie Pie:

And you've gotta love vacationing Joker smirking in the background.

Super dark photo, but here's a group of Princess Jedis:


And a fantastic armored Wonder Woman with a Dragon Priest from Skyrim:

I tried to find a Priest pic from the game to show you guys, but there are TONS of different versions, and I couldn't find this one.  >.<

Mad Moxxi and Tiny Tina from Borderlands:


Here's what those two look like in-game:


Not a great photo of the costumes, but I thought this shot was really fun:

The camera flashes across from me ended up looking like the Storm Troopers blaster fire! :D


Ronin and Gamora from Guardians of the Galaxy:


An unmasked clockwork robot from Doctor Who:


And a screenshot from that episode:

Because venetian masks weren't freaky enough, right?


Since I'm guessing most of you haven't watched Soul Eater (though you should!), this is Lord Death from the show:

He talks with a ridiculously high voice, likes to high-five people, and is generally hilarious.

And now. in real life!


And since every DC cosplay post needs a moment of what-the-actual-heck:

Those aren't condoms, they're baby bottle nipples. And he also had a long glowing tail, which is giving off that purple light. 0.o

And finally, let's end with some My Little Mandalorians:

YES.

(Mandalorians are the mercenary/bounty hunters of the Star Wars universe, like Boba Fett.)

So Fluttershy is holding a tiny bunny, Pinkie has her confetti cannon (complete with color-changing lights!), and Rainbow Dash is sporting a hank of hair ala Boba Fett... in rainbow. So good.

Ok, guys, we're nearly there! So in next week's final (yes, finally) DC roundup, I'll have pics from the Potter-themed Yule Ball, plus some jaw-dropping cosplay from Book of Life, Once Upon A Time, and lots more. Stay tuned.

Discorderly Conduct

Feb. 26th, 2015 08:33 pm
ponyville_trot: Six cartoon ponies in a huddle (Default)
[personal profile] frith posting in [community profile] ponyville_trot
Discorderly_conduct_tumblr

This comic by Kristy Sunshine and Captain of the Good Ship PenQuinn on Tumblr is _very_ slick and funny. The plot is Discord has brought Queen Chrysalis to Ponyville for re-education, or at least for counseling. Find it here: http://discorderlyconduct.tumblr.com/tagged/chronological/chrono

It's meme time again!

Feb. 26th, 2015 05:47 pm
beable: (a cunningly devious plan)
[personal profile] beable
[livejournal.com profile] rottenfruit gave me the letter "E" and it's been so long since I've meme that it seemed time. So today I present you on my thoughts on E:

Something I hate: Eye doctor appointments. And eye drops. (Yes, this is also why
I'm not a contacts wearer).

Something I like: Exit, pursued by a bear.
Er, I don't really want you to leave, don't worry! Also, I'd rather send beagles and schnauzers to chase after you than bears. But the above is such a wonderful stage direction, and I love it.

Somewhere I've been:Europe. Ok, that's a cheat (I've only been to a very small percentage of Europe).

How about .. Etobicoke! I first visited Etobicoke in 1984 for the Ontario bicentennial when they made this big production of getting kids from all over the province together for this hoopla weekend. I was part of the group representing Nepean, back when Nepean was still a city. I suppose Etobicoke isn't a city anymore either though.

Somewhere I'd like to go: Estonia. When I was in Europe in 2003, I went to Scandinavia and also spent a day in Helsinki. I would have liked to have gone to Tallinn, Estonia as well, but at the time Canadians required advance visas and my trip was too last minute to get one.

Someone I know: [livejournal.com profile] rottenfruit! Or if an answer in the form of a blog name should reflect the blogger name starting with an E, then [livejournal.com profile] elaine_alina. Elaine is one of my medieval dance friends in Michigan.

A film I like: Enigma. It plays liberties with historical accuracy, but it was an enjoyable movie, and I generally like Tom Stoppard's writing.

A book I like: Ender's Game would have been high on this list once upon a time, but admittedly I have avoided re-reading it in recent years in case the suck fairy has been at it.

Comment if you want a letter.

Ig ird, or, little Julia

Feb. 27th, 2015 08:33 am
[personal profile] puzzlement posting in [community profile] incrementum
Originally posted to incrementum.puzzling.org. Comment there unless you have a Dreamwidth login.

There have been a few attachment objects in V’s life. There was the fortnight or so as a baby when he wanted to go to sleep holding a large squishy purple bouncy ball (large as in larger than his head at the time). When he was eight months old, we moved my grandmother into a nursing home, and several soft toys she had on her couch came home with him, including a big pink bunny. Just before he turned 3, Julia gave him a stuffed tiger for Christmas; he memorably turned the tiger around to face himself and made it wave while saying reverently “look, he’s waving!” Bunny and Tiger were both then his sleep companions for a year or so, and every so often he still will sleep with them. He also identified with them: after his third birthday, Bunny and Tiger (who he tells me are twins) had a birthday every day for about a month. But they didn’t follow him around everywhere or console him when he was sad or lonely.

So we had no real expectation that A would be any different. This last Christmas, just before she turned 1, Julia gave her her own stuffed toy, a large Sesame Street Big Bird.

Big Bird has a history in our family: an older Big Bird (Biggie) was once upon a time Julia’s attachment toy, and she lost it when she was a toddler. I gave her a new one when she was a teenager and it was still a big moment. So A having a Big Bird in turn was a big deal. I thought it was especially sweet since A is, like Julia, a second child. We decided that Big Bird could sleep with her. She started responding to Big Bird really well right away: within a few days, when Big Bird was in a sleep place with her, she would just fall over sideways snuggling Big Bird and sucking her thumb and start going to sleep.

For quite a while, Big Bird was purely a sleep toy, but a couple of weeks ago I got called into her daycare for what turned out to be a very serious meeting: they told me she was inconsolably sad all the time there. She was still eating and sleeping because those are her things, but otherwise, nope. It was really puzzling, because at home we’d noticed maybe slight fussiness increasing, but not non-stop sadness. They even asked me had I ever seen her pull up to stand, or walk along objects? Yes, of course, I said, she’s been doing that for perhaps three months at this point. Well, they never had. She barely crawled. They were still hefting her around like a six month old. They kept trying to delicately ask me if there were any “problems” in our home.

It was obviously a big worry, and among the many things we talked about was sending in Big Bird to be with her. It didn’t get off to a promising start: the first day we were there, they’d managed to lose Big Bird in the bigger toddler room. But soon it seemed to make a huge difference, and now she’s happy to be left there and they report she is happy there again. And when we leave she clutches Big Bird tight.

We did what sneaky parents do and promptly had two more Big Birds shipped to us. Just in the nick of time, as original Big Bird really needed a bath; last night was the first secret Big Bird switch.

Meanwhile, over the last couple of days, A has started saying things that sound an awful lot like “Iggy” and “Ig ird”…

Lexi and Ig Ird

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

In case you needed yet another reason to change the default username and password on your wired or wireless Internet router: Phishers are sending out links that, when clicked, quietly alter the settings on vulnerable routers to harvest online banking credentials and other sensitive data from victims.

tp-link WDR4300Sunnyvale, Calif. based security firm Proofpoint said it recently detected a four-week spam campaign sent to a small number of organizations and targeting primarily Brazilian Internet users. The emails were made to look like they were sent by Brazil’s largest Internet service provider, alerting recipients about an unpaid bill. In reality, the missives contained a link designed to hack that same ISP’s router equipment.

According to Proofpoint, the link in the spam campaign led to a page that mimicked the telecom provider. The landing page included code that silently attempted to execute what’s known as a cross-site request forgery attack on known vulnerabilities in two types of routers, UT Starcom and TP-Link. The malicious page would then invoke hidden inline frames (also known as “iframes”) that try to log in to the administration page of the victim’s router using a list of known default credentials built into these devices.

If successful, the attacker’s script would modify the domain name system (DNS) settings on the victim’s router, adding the attacker’s own DNS server as the primary server while assigning the secondary DNS server to Google’s public DNS (8.8.8.8). Such a change would allow the attackers to hijack the victim’s traffic to any Web site, redirecting them away from the legitimate site to a look-alike page designed to siphon the victim’s credentials. In the event that the attacker’s DNS server was unresponsive for any reason, the victim’s router would still function normally.

The malicious script used by the spammers in this campaign tries multiple default multiple default credentials in a bid to hijack routers with factory-default settings. Image: Proofpoint.

The malicious script used by the spammers in this campaign tries multiple default credentials in a bid to hijack routers with factory-default settings. Image: Proofpoint.

The real danger of attacks like these is that they bypass antivirus and other security tools, and they are likely to go undetected by the victim for long periods of time.

“There is virtually no trace of this thing except for an email,” said Kevin Epstein, vice president of advanced security and governance at Proofpoint. “And even if your average user knows to look at his router’s DNS settings, he’s unlikely to notice anything wrong or even know what his normal DNS settings should be.”

Many modern routers have built-in defenses against such attacks (including countermeasures known as CSRF tokens), but new vulnerabilities in existing routers — even recent model routers — are constantly being uncovered. I asked Proofpoint whether such protections — or security improvements built into most modern browsers — would have stopped this attack. Their experts seemed to think not.

“The routers being attacked in our example were not so diligent and so were vulnerable to this attack,” Proofpoint’s lead analyst wrote in an email response to my question. “What you’re likely thinking of is the cross-origin policy, which is designed to prevent attacks similar (but not identical) to this one (it mostly focuses on javascript). In this case, iframes are permitted by default, so modern browsers (by design) will happily participate in the attack we documented.”

In any case, I hope it’s clear by now that leaving the default credentials in place on your router is merely inviting trouble. Last month, I wrote about how the botnet used to take down Sony and Microsoft‘s online gaming networks was built on the backs of hacked home routers that were all running factory-default administrative credentials.

If you haven’t changed the default credentials on your router, it’s time to do that. If you don’t know whether you’ve changed the default administrative credentials for your wired or wireless router, you probably haven’t. Pop on over to routerpasswords.com and look up the make and model of your router.

To see whether your credentials are the default, you’ll need to open up a browser and enter the numeric address of your router’s administration page. For most routers, this will be 192.168.1.1 or 192.168.0.1 (on Apple routers, it’s more likely to be 10.0.1.1). This page lists the default internal address for most routers. If you have no luck, there, here’s a decent tutorial that should help most users find this address. And check out my Tools for a Safer PC primer for more tips on how to beef up the security of your router and your Web browser.

Read more about this attack at Proofpoint’s blog post.

[syndicated profile] geekfeminism_feed

Posted by terriko

An internationally known community manager, speaker and author, Leslie Hawthorn has spent the past decade creating, cultivating and enabling open source communities. She created the world’s first initiative to involve pre-university students in open source software development, launched Google’s #2 Developer Blog, received an O’Reilly Open Source Award in 2010 and gave a few great talks on many things open source. In August 2013, she joined Elasticsearch as Director of Developer Relations, where she leads community relations efforts.

I’ve known Leslie for years now, and she is forever inspiring me with her ability not only to find visionary ways to improve the world, but also to follow-through with the rabble-rousing, cat herding, paperwork, and everything else that’s needed to take ideas from “wouldn’t it be nice if?” to “this is how we’re going to do it.”  I really enjoyed her recent blog post, A Place to Hang Your Hat, and asked Leslie if she had a bit of time for an interview to tell Geek Feminism blog readers a bit more about the idea.

For people who haven’t read your blog post yet, can you give us the point of “let’s all build a hat rack” in a few sentences?

In open source software projects – and life in general – there are any number of contributions that are underappreciated or go unacknowledged. I’m very aware of how often that underappreciation or lack of acknowledgement is due to socialization around what labor is considered valuable vs. what is largely invisible – we are taught to value and celebrate the accomplishments of white men and minimize the impact of the labor of women, people of color, transpeople, differently abled people, etc.

The let’s all build a hat rack project is a call to acknowledge all the diverse contributors and contributions in our work lives and volunteer projects, with a special emphasis on acknowledging folks who are not like you first. You can do this easily by writing them a recommendation on LinkedIn – which they can decide to approve for inclusion on their profile – or just sending them a thank you note they can use later. Bonus points for sharing your appreciation on social media using hashtag #LABHR.

Recommendation on LinkedIn: Holly Ross is, quite simply, amazing. She has completely transformed the Drupal Association into a well-run organization that is able to respond proactively, rather than reactively, to fast-paced changes in the larger Drupal ecosystem. She deeply understands the importance of communicating “early and often,” and has brought an enormous amount of transparency to our organization. She’s also extremely savvy about the unique challenges in an enormous, globally diverse, and largely unpaid community of contributors, and conscientious about how to balance that with the needs of our staff and our sponsors. I’ve never seen her back down from a challenge, and every time I have the pleasure of working with her, we always get tons of stuff done, and have tons of fun in the process.

Today, in the further adventures of #LABHR, a LinkedIn recommendation for the indefatigable @drupalhross! pic.twitter.com/b2ynru6uAa

— webchick (@webchick) February 18, 2015

What inspired the project?

It came about for a few reasons, but first and foremost I want to acknowledge Deb Nicholson for inspiring the phrase “let’s all build a hat rack.” There’s more about Deb’s contributions to my thinking and the open source community in the post, so please check it out.

Beyond that, the project came about largely due to the intersection of two frustrations: the lack of understanding people have for everything I – and friends like Deb – have accomplished, and the seemingly unending cycle of horrible news in the tech industry. While it’s important to have a clear and candid dialog about sexism, racism, ableism, transphobia and other issues impacting the diversity of the technical community, that seems to be all I am reading lately. The news is usually sensationalistic and often depressing.

I wanted to give myself and everyone I know something uplifting and useful to read, to encourage all of us to show gratitude and appreciation, and to make that show of gratitude a useful way for contributors who are usually not acknowledged to get the credit they deserve. Not just because they deserve it, but because that public acknowledgement of their work helps with acquiring jobs, landing their next big project and feeling good about continued contributions.

What tips do you have for people struggling to find someone to recommend?

You know, I figured this project would be really easy until I started writing up recommendations. To my earlier point about being socialized to see some labor as invisible or less valuable, I had no trouble thinking up white dudes who had done things I appreciate. I had to push myself harder to think about the women in my life who have made significant contributions, even though they are numerous. I can imagine that some humans, specifically male humans, are having the same issues.

So, to get started, think about things /actions / projects that have meant a great deal to you. Was there a conference you attended where you had an “ah ha” moment? Were you able to solve a problem thanks to great support on a project’s web forum or in their IRC channel? Did you read a blog post that was filled with brilliance and inspired you to be better at your craft? Cool. Were there people involved who were not like you? Great! Not sure exactly what they did? I’d call that an excellent opportunity to find out more about their involvement, thank them for educating you and their contribution, and then use that information to write a recommendation.

I’m not going to lie to anyone – you’re may have to think hard about this at first and it will be uncomfortable. You have to internalize the fact that you’ve been taught to see some very amazing work as non-existent or, at best, mere window dressing. That’s OK, too. The first step toward progress is thinking through that discomfort, then finding the humans to thank at the end of it.

If you’re still having trouble thinking of someone, that’s OK. Talk to your friends or fellow project members for suggestions. Tell them you’re thinking about participating in the #LABHR project, but need help getting started. Friends can help you think of people you’ve missed celebrating, and they may also want to join the experiment and recommend people, too!

I’ve always been impressed with your gracious ways of thanking and recommending people, so I feel like you must have some insight into writing good recommendations. Are there any suggestions you have for people who want to write a great ones?

Keep it short and simple. One of the things that makes writing recommendations hard is that we’re trying to encapsulate so many good qualities into a few short sentences. You don’t have to write down everything wonderful about the person you’re recommending, just the 3-5 ways they’ve been most impactful in your project / company / life. In a pinch, concentrate on things employers want to hear about, as that will make your recommendation most useful.

What impact do you hope to have on people’s lives with LABHR?

I’d like this experiment to give the technical community a reason to express more gratitude for all contributions. I especially want to give white male allies a clear, actionable path to improving things for underrepresented groups. Writing a recommendation will take you about 15 minutes, but it can have immeasurable impact on someone’s future career prospects.

I’m really excited to say that I’ve seen 15 permanent recommendations go by and a whole lot of shout-outs under the #LABHR hashtag so far. I hope many more recommendations will come.

Want to see more inspirational LABHR entries? Check out the #LABHR hashtag on twitter and then write your own!

Texas Cowboy Poetry Goes Horse

Feb. 26th, 2015 02:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

Every year I try to channel my inner cowboy and write a little poetry. So sit back, relax, and try not to picture me in a Three Amigos costume*.

[*You're already doing it, aren't you? I knew it.]

 

Jed was a cowboy who wanted to sing
'Bout huntin' an' fishin' an' bein' right-wing.
As a matter of course
He camo'd his horse
But now he can't find the dang thing

("Shhhhh.")

*****

 

Is that an ear, dear?
Who knows, nose?
But that's an eye, aye?

Nice roses.

*****

 

As I ponder the existential stylings of my empty holster and overflowing chaps
BANG BANG
Finger guns!
And in the corner,
she smirks.
Stop that

*****

 

silent bug-eyed stare
why are you making that face
I hope that's a tail

*****

 

[strumming guitar]

Poop in the mane
Poop in the maaane!
It don't matter one whit
Where your horse takes a... hit
So long as there's no poop
...
in the mane.

 

Thanks to my amigos Emily F., Sandy L., Katie T., Carrie B., & Whitney K., who would definitely say that I have a plethora of poetry-penning talent. (Right? ;))

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

Two days ago, attackers allegedly associated with the fame-seeking group Lizard Squad briefly hijacked Google’s Vietnam domain (google.com.vn). On Wednesday, Lenovo.com was similarly attacked. Sources now tell KrebsOnSecurity that both hijacks were possible because the attackers seized control over Webnic.cc, the Malaysian registrar that serves both domains and 600,000 others.

On Feb. 23, google.com.vn briefly redirected visitors to a page that read, “Hacked by Lizard Squad, greetz from antichrist, Brian Krebs, sp3c, Komodo, ryan, HTP & Rory Andrew Godfrey (holding it down in Texas).” The message also included a link to the group’s Twitter page and its Lizard Stresser online attacks-for-hire service.

Today, the group took credit for hacking Lenovo.com, possibly because it was recently revealed that the computer maker was shipping the invasive Superfish adware with all some new Lenovo notebook PCs (the company has since said Superfish is now disabled on all Lenovo products and that it will no longer pre-load the software).

According to a report in TheVerge.com, the HTML source code for Lenovo.com was changed to read, “the new and improved rebranded Lenovo website featuring Ryan King and Rory Andrew Godfrey.”

The Verge story notes that both men have been identified as members of the Lizard Squad; to my knowledge this has never been true. In fact, both used to be part of a black hat and now-defunct hacker collective known as Hack The Planet (HTP) along with one of the main current LizardSquad members — Julius “Zeekill” Kivimaki (for more on Julius, see these stories). However, both King (a.k.a “Starfall”) and Godfrey (“KMS”) have been quite publicly working to undermine and expose the group for months.

Reached via instant message, both King and Godfrey said the Lizard Squad used a command injection vulnerability in Webnic.cc to upload a rootkit — a set of hacking tools that hide the intruder’s presence on a compromised system and give the attacker persistent access to that system.

Webnic.cc is currently inaccessible. A woman who answered the phone at the company’s technical operations center in Kuala Lumpur acknowledged the outage but said Webnic doesn’t have any additional information to share at this time. “We’re still in the investigation stage,” said Eevon Soh, a Webnic customer support technician.

webnic-down

It appears the intruders were able to leverage their access at Webnic.cc to alter the domain name system (DNS) records for the Google and Lenovo domains, effectively giving them the ability to redirect the legitimate traffic away from the domains to other servers — including those under the attackers’ control.

King and Godfrey said the Lizard Squad also gained access to Webnic’s store of “auth codes” (also known as “transfer secrets” or “EPP” codes), unique and closely-guarded codes that can be used to transfer any domain to another registrar. As if to prove this level of access, the Lizard Squad tweeted what they claim is one of the codes.

Starfall and KMS say the rootkit has been removed from Webnic’s servers, meaning the Lizard Squad should no longer be able to hijack Webnic domains with the same method they used to redirect Lenovo.com or Google Vietnam.

This is not the first time these actors have messed with Webnic.cc. Web Commerce Communications Ltd. (Webnic) is a popular registrar among hacker forums and underground stores that traffic in stolen credit cards and identity information, and a great number of those sites are registered through Webnic. It was hardly a coincidence that many of these criminal storefronts which have been hacked over the past couple of years — including rescator[dot]so, and ssndob — were registered at Webnic: All of the same players involved this week’s drama were involved in those hacks as well.

Deleted Scenes

Feb. 26th, 2015 02:25 am
[syndicated profile] sumana_feed
A few deleted sentences from a piece I'm drafting:

One way to understand suspense is that it's the state of having multiple conflicting valid causal models, or not having enough information to even form a single satisfying prediction.

Each protagonist gets impressive moments of awesome competence and agency. But, like levelling up in a game, it's still constrained by the sandbox (which is of course more realistic than the Matrix solution).

The big science fictional twist is that you are far less significant than you had imagined.

But they require less genre expertise than, say, "Four Kinds of Cargo" or the trope review at the start of Anathem.

Honey, I Left the Tech Industry

Feb. 25th, 2015 09:00 pm
[syndicated profile] accidentallyincode_feed

Posted by Cate

Checkmate

Credit: DeviantArt / KineticEcho

Nearly a year ago I wrote The Day I Leave The Tech Industry. That’s not when I published it… I sat on it for months. I worried that I was revealing too much of myself, that I would put it out there and… crickets. That I would feel even more alone that I already did.

That’s not what happened. It still gets traffic but worse (or better? I don’t know) it comes up in conversation. A friend talks about her next career decision, says “I keep thinking about your post”. It gets referenced when someone leaves. Turns out, I captured something that many of us felt. What an amazing thing, as a writer. What a horrifying thing, as an industry.

I think I wrote it on this miserable day, one where I didn’t sleep, got to my desk incredibly early. No-one else was there yet, so when I started to cry no-one saw me. I IM’d with a friend, who convinced me I should just go home.

Some guy was being a jerk. In fact the interesting part of that story is that my manager at the time noticed, and did something about it, and a few days later I actually felt optimistic in a way that I had not considered possible. Of course, there is a vast gap between a colleague who actually respects you and one who is problematic enough that anything actually happens to them. I’ve written about the patterns, about the “nice” undermining, some of which I’ve experienced, others only witnessed.

The thing is, when you have reached that point where you want to leave, it never goes away completely. It’s always there, and you come back to it on days where you don’t see any reason to stay.

I know this because I had first reached that point at least 6 months earlier. I had decided it was time to leave and I had made a plan. I checked off the practical things on that list – I relocated so that I was no longer on a work permit, I took care to get a short lease on my apartment, I consolidated bank accounts from countries I had lived in, I filed my tax returns. I responded to recruiters, trying to get a sense of what was out there, and I worked at building up my profile externally.

Finally, six months ago, I asked myself what I was waiting for? Why was I waiting out my job like it was a prison sentence? Because this had been The Plan I had made a year earlier? I had already given up my apartment, decided what I was going to work on… my fear was no longer what if I left but what if I stayed? What if I got just comfortable enough, but never actually happy?

I printed out my resignation letter. I didn’t bother with headed notepaper. I had a 1:1 scheduled with my manager. Before it, there was a meeting with a recruiter I hadn’t managed to evade, trying to get me to reconsider doing Corporate Feminism (something I had quit around the time that I decided to…quit). She asked me, “if there any way to change your mind?”. I thought about the piece of paper in my pocket, and said “no.”

My manager was nice, he had always been nice. His manager was also nice. I was amazed how well I had concealed my plan to leave. They were generous with my exit contract and by the end of that week… I was gone.

Since then I have been travelling (often to speak), and writing, and working on Show and Hide. I have not found the words to write long-form about the why or the how. I have made short quips about how “I only get mansplained to on twitter now”, or commented on no longer having to answer to a white dude. But short quips cannot capture the complexity of what it has meant to walk away.

The biggest freedom has been the liberation from the cognitive dissonance from a world that told me I had Made It as an engineer when I felt so unhappy. From the cognitive dissonance of an organisation that seemed to believe the problem was entirely a problem of graduation rates whilst I and my friends experienced otherwise. I do not recall when I last cried. I no longer worry that I am going mad.

But, this is what I expected. The unexpected has been vastly more interesting and encouraging.

I am more confident as a developer. I actually feel more capable.

I have rediscovered a joy of programming and engineering and testing and creating that I had forgotten.

I get to embrace the breadth of my interests, Show and Hide combines my love of photography with my obsession with mobile.

It feels like most of what I learned in the last 2 years I learned in the last 6 months.

I feel like what I do know is more appreciated, as I get to share more of what I’m doing technically.

I learned how to have opinions again. I did not realise I had stopped bothering, I guess there was always some dude telling me what I should think, mostly on topics that did not matter enough to fight about. This was weird, and hard, but gradually… liberating.

Of course it is not all joy. Some days the amount of bitterness I feel makes me sad. The vindication of finding other women with similar stories. The jealousy of those who thrived in a good environment. The inadequacy when something causes me to ask myself “should I just be more resilient”?

Of course the fact that I didn’t need to be more resilient is a huge measure of financial privilege. And I still, rationally, believe that we shouldn’t have to be that resilient. Or brave. As my friend Julie observed, “It’s nice that you think they’re all brave, but they shouldn’t have to be. They’re not going to the frontlines of a war zone. They’re going to write code.”

What does it mean to say I’ve left? Because after all, I still write code. I still speak at tech conferences. In some way I seem to others more in tech, because I am more visible in tech. Now that I no-longer work at a somewhat insular place, fear a PR nightmare around something I said, I can be.

Perhaps the meaning lies in the boundary it creates for me. The way it allows me to emotionally disconnect from things that would otherwise be more upsetting. I don’t have to care, I left. Of course it’s bad, that’s why I left.

And yet I still comment on the tech industry. I was re-reading something that I wrote about calling “male allies” out and empathy and it occurred to me that perhaps the point I wanted to make was that pointing this stuff out is in fact a compliment – it’s taking the time to show someone that you believe that they can do better.

That I still comment on the tech industry is that kind of compliment. I believe you can do better. Some days I even think we will.

Never Buy Custom Mats Again!

Feb. 25th, 2015 01:52 pm
[syndicated profile] epbot_feed

Posted by Jen

Sometimes even John and I forget how much cheaper and easier it can be to just make stuff yourself.

Case in point: we went to a local craft shop to get two custom mats for some art for the steampunk room. Since we wanted an antique look, we picked fabric-covered mats, which we were told would take over a week to make, and cost over $60.

Now, $30 each may not sound TOO bad... but that's more than we spent on the art being framed! And all for a one-inch decorative border? NUH-UH.

So we canceled the order and headed to the fabric section.

We bought about half a yard of two fabrics that almost exactly matched the original mats we wanted: a faux red velvet and a faux leather. Total cost? Around $8.
 
New art on the wall.

Here's the thing: fabric-covered mats - which both look and ARE the most expensive - are actually the easiest to make yourself, since you don't need a mat cutter or special tools. All you need are fabric, mat board (available in huge sheets for less than $10 at any craft shop), a craft blade, and spray adhesive.

I'm sure I've shown this kind of thing before, but here, look how easy:

 Cut your mat to size using a plain craft blade - no bevel needed.


Spray the mat with spray adhesive and lay your fabric on top. Smooth out any wrinkles.


Trim the edges with scissors.

Flip the mat over and cut a big X in the fabric, making sure the cuts reach all the way to the inside corners.

Fold back each flap, trim the excess, and glue or tape in place.


Done!


Caveat: none of this is acid-free, so I wouldn't recommend it for expensive or irreplaceable pieces. Everything else, though? GO NUTS.

And here's a tip for saving crap-tons of money on custom-sized frames: just buy a pre-made frame that's too big, and cut it to size yourself. We found this gorgeous frame for only $13 on a clearance rack over a year ago:



John cut it down to size ["You'll never amount to anything! Your mother was a sod pallet!"] with his miter saw, then re-assembled using a nifty framing strap which you can just see in the top right corner here:


The ratcheting strap holds all four corners at perfect 90 degree angles while the glue dries. (For larger frames make sure you also use pin nails to hold everything in place.) Cool, right? And not so hard? You should totally try this.


Next John painted the frame bright gold and aged it with a little black, so now it looks like this:


AW YEAH.



And if you want to fool everyone into thinking your art is an original and NOT a print, here's another ridiculously easy trick: just leave out the glass. Glass screams "I'm a print!" even when it's not, and the reflection gets in the way anyway.



See? No glare!


That said, since my Elizabeth poster was severely damaged by a hungry cat (grrr), we had to spring for some non-glare glass on her to help hide all the creases and dings. Worked pretty well, too!


This is another frame John cut down and re-sized, since the print is a funky size. We left the finish as-is, though, since it went perfectly with Songbird's head.

 

It amused me to line up the glare so Songbird's eye is glowing. :)


If you do need to buy glass, don't worry; the plain stuff is ridiculously cheap. You can even buy it at the hardware store, where they'll cut it for you!


Since we already had spare mat board and used frames we already had, our only costs were the $8 fabric and about $15 for the custom non-glare glass. (Yay coupons!) Plus we had it all done in about a day - no waiting on custom orders!

Hope this helps inspire my fellow art-lovers out there to start making and modifying your own mats and frames! It's always galled me that the framing process is so flippin' expensive that most folks end up just tacking their pretties to the wall. Well, no more! Frame up those pretties, my friends! Frame 'em!
[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

The FBI this week announced it is offering a USD $3 million bounty for information leading to the arrest and/or conviction of one Evgeniy Mikhailovich Bogachev, a Russian man the government believes is responsible for building and distributing the ZeuS banking Trojan.

Bogachev is thought to be a core architect of ZeuS, a malware strain that has been used to steal hundreds of millions of dollars from bank accounts — mainly from small- to mid-sized businesses based in the United States and Europe. Bogachev also is accused of being part of a crime gang that infected tens of millions of computers, harvested huge volumes of sensitive financial data, and rented the compromised systems to other hackers, spammers and online extortionists.

So much of the intelligence gathered about Bogachev and his alleged accomplices has been scattered across various court documents and published reports over the years, but probably just as much on this criminal mastermind and his associates has never seen the light of day. What follows is a compendium of knowledge — a bit of a dossier, if you will — on Bogachev and his trusted associates.

I first became aware of Bogachev by his nickname at the time –“Slavik” — in June 2009, after writing about a $415,000 cyberheist against Bullitt County, Kentucky. I was still working for The Washington Post then, but that story would open the door to sources who were tracking the activities of an organized cybercrime gang that spanned from Ukraine and Russia to the United Kingdom.

Yevgeniy Bogachev, Evgeniy Mikhaylovich Bogachev, a.k.a. "lucky12345", "slavik", "Pollingsoon". Source: FBI.gov "most wanted, cyber.

Yevgeniy Bogachev, Evgeniy Mikhaylovich Bogachev, a.k.a. “lucky12345″, “slavik”, “Pollingsoon”. Source: FBI.gov “most wanted, cyber.

Not long after that Bullitt County cyberheist story ran, I heard from a source who’d hacked the Jabber instant message server that these crooks were using to plan and coordinate their cyberheists. The members of this crew quickly became regular readers of my Security Fix blog at The Post after seeing their exploits detailed on the blog.

bullittcar-thumb-250x110They also acknowledged in their chats that they’d been in direct contact with the Zeus author himself — and that the gang had hired the malware author to code a custom version of the Trojan that would latter become known as “Jabberzeus.” The “jabber” part of the name is a reference to a key feature of the malware that would send an Jabber instant message to members of the gang anytime a new victim logged into a bank account that had a high balance.

Here’s a snippet from that chat, translated from Russian. “Aqua” was responsible for recruiting and managing a network of “money mules” to help cash out the payroll accounts that these crooks were hijacking with the help of their custom Jabberzeus malware. “Dimka” is Aqua’s friend, and Aqua explains to him that they hired the ZeuS author to create the custom malware and help them troubleshoot it. But Aqua is unhappy because the ZeuS author declined to help them keep it undetectable by commercial antivirus tools.

dimka: I read about the king of seas, was that your handiwork?

aqua: what are you talking about?

dimka: zeus

aqua: yes, we are using it right now. its developer sits with us on the system

dimka: it seems to be very popular right now

aqua: but that fucker annoyed the hell out of everyone. he refuses to write bypass of [anti-malware] scans, and trojan penetration is only 35-40%. we need better

aqua: http://voices.washingtonpost.com/securityfix read this. here you find almost everything about us

aqua: we’re using this [custom] system. we are the Big Dog. the rest using Zeus are doing piddly crap.

Days later, other members of the Jabberzeus crew  were all jabbering about the Bullitt County cyberheist story. The individual who uses the nickname “tank” in the conversation below managed money mules for the gang and helped coordinate the exchange of stolen banking credentials. Tank begins the conversation by pasting a link to my Washington Post story about the Bullitt County hack.

tank@incomeet.com: That is about us. Only the figures are fairytales. 

haymixer@jabber.ru/dimarikk: This was from your botnet account. Apparently, this is why our hosters in service rejected the old ones. They caused a damn commotion.

tank@incomeet.com: I have already become paranoid over this. Such bullshit as this in the Washington Post.

haymixer@jabber.ru/dimarikk: I almost dreamed of this bullshit at night. He writes about everything that I touch in any manner…Klik Partners, ESTHost, MCCOLO…

tank@incomeet.com: Now you are not alone.  Just 2 weeks before this I contacted him as an expert to find out anything new. It turns out that he wrote this within 3 days. Now we also will dream about him.

In a separate conversation between Tank and the Zeus author (using the nickname “lucky12345″ here), the two complain about news coverage of Zeus:

tank: Are you there?

tank: This is what they damn wrote about me.

tank: [pasting a link to the Washington Post story]

tank: I’ll take a quick look at history

tank: Originator: BULLITT COUNTY FISCAL Company: Bullitt County Fiscal Court

tank: Well, you got it from that cash-in.

lucky12345: From 200k?

tank: Well, they are not the right amounts and the cash out from that account was shitty.

tank: Levak was written there.

tank: Because now the entire USA knows about Zeus.

tank: :(

lucky12345: It’s fucked.

After the Bullitt County story, my source and I tracked this gang as they hit one small business after another. In the ensuing six months before my departure from The Post, I wrote about this gang’s attacks against more than a dozen companies in the United States.

By this time, Slavik was openly selling the barebones ZeuS Trojan code that Jabberzeus was built on to anyone who could pay several thousand dollars for the crimeware kit. There is evidence he also was using his own botnet kit or at least taking a fee to set up instances of it on behalf of buyers. In late 2009, security researchers had tracked dozens of Zeus control servers that phoned home to domains which bore his nickname, such as slaviki-res1.com, slavik1[dot]com, slavik2[dot]com, slavik3[dot]com, and so on.

On Dec. 13, 2009, one of the Jabberzeus gang’s money mule recruiters –a crook who used the pseudonym “Jim Rogers” — somehow intercepted news I hadn’t shared beyond a few trusted friends at that point: That the Post had eliminated my job in the process of merging the newspaper’s Web site with the dead tree edition. The following is an exchange between Jim Rogers and the above-quoted “tank”.

jim_rogers@jabber.org: There is a rumor that our favorite (Brian) didn’t get his contract extension at Washington Post. We are giddily awaiting confirmation :) Good news expected exactly by the New Year! Besides us no one reads his column :)

tank@incomeet.com: Mr. Fucking Brian Fucking Kerbs!

I continued to write about new victims of this gang even as I was launching this blog, and in the first year I profiled dozens more companies that were robbed of millions. I only featured victims that had agreed to let me tell their stories. For every story I wrote, there were probably 10-20 victim organizations I spoke with that did not wish to be named.

By January 2010, Slavik was selling access to tens of thousands of hacked PCs to spammers, as well as large email lists from computer systems plundered by his malware. As I wrote in the story, Zeus Trojan Author Ran With Spam Kingpins, Slavik was active on multiple crime forums, not only finding new clients and buyers for his malware, but for the goods harvested by his own botnets powered by ZeuS.

jabberzeuscrewEight months later, authorities in the United Kingdom arrested 20 individuals connected to the Jabberzeus crime ring, and charged 11 of them with money laundering and conspiracy to defraud, including Yevhen “Jonni” Kulibaba, the ringleader of the gang, and Yuri “JTK” Konovalenko.

In conjunction with that action, five of the gang’s members in Ukraine also were detained, but very soon after released, including the aforementioned Vyacheslav “Tank” Penchukov and a very clever programmer named Ivan “petr0vich” Klepikov.  More details about these two and others connected with the Jabberzeus crew is available from this unsealed 2012 complaint (PDF) from the U.S. Justice Department.

Unsurprisingly, not long after the global law enforcement crackdown, Slavik would announce he was bowing out of the business, handing over the source code for Zeus to a hacker named “”Harderman” (a.k.a. “Gribodemon”), the author of a competing crimeware kit called SpyEye (25-year-old Russian man Alexsander Panin pleaded guilty last year to authoring SpyEye).

Near as I can tell, Slavik didn’t quit developing Zeus after the code merger with SpyEye, he just stopped selling it publicly. Rather, it appears he began developing a more robust and private version of Zeus.

Ivan "petr0vich" Klepikov, in an undated photo from his LiveJournal blog.

Ivan “petr0vich” Klepikov, in an undated photo from his LiveJournal blog.

By late 2011, businesses in the United States and Europe were being hit with a new variant of Zeus called “Gameover” Zeus, which used the collective, global power of the PCs infected with Gameover Zeus to launch crippling distributed denial-of-service (DDoS) attacks against victims and their banks shortly after they were robbed.

In late March 2012, Microsoft announced it had orchestrated a carefully planned takedown of dozens of botnets powered by ZeuS and SpyEye. In so doing, the company incurred the wrath of many security researchers when it published in court documents the nicknames, email addresses and other identifying information on the Jabberzeus gang and the Zeus author.

A few months later, the Justice Department officially charged nine men in the Jabberzeus conspiracy, including most of the above named actors and two others — a money mover named Alexey Dmitrievich Bron (a.k.a.”TheHead”) and Alexey “Kusanagi” Tikonov, a programmer from Tomsk, Russia. Chat records intercepted from the incomeet.com server that this crew used for its Jabber instant message communications strongly suggest that Bron and Penchukov (“Tank”) were co-workers in Donetsk, Ukraine, possibly even in the same building.

In June 2014, the U.S. Justice Department joined authorities in many other countries and a large number of security firms in taking down the Gameover ZeuS botnet, which at the time was estimated to have infected more than a million PCs.

It’s nice that the Justice Department has put up such a large bounty for a man responsible for so much financial ruin and cybercrime. Kulibaba (“Jonni”) and his buddy Konovalenko (“Jtk0″) were extradited to the United States. Unfortunately, the rest of the Jabberzeus crew will likely remain free as long as they stick within the borders of Ukraine and/or Russia.

jabberzeuscrew-a

Cakes Only A Mother Could Love

Feb. 25th, 2015 02:00 pm
[syndicated profile] cakewrecks_feed

Posted by number1

I think the following cakes are really special. Like seeing a beautiful newborn for the first time, these baby shower cakes leave me… well, speechless.

What a coincidence! E.T. was on my TV today, too!

Ethan... phone home...

(and tell your parents Jersey Shore called. They want their tan back.)

 

"Hi, bakery? I have a baby shower coming up. Do you make cupcakes?"

"Baby shower CUP cakes? Yeah. We can 'handle' that."

If you squint your eyes, it’s actually not a baby at all, but a bronzed, muscular man in a tank top popping out of the cup. See it? See it? Let’s call him Joe. He must be posing for his mug-shot. Just look at those eyes! He really knows how to espresso himself, doesn't he?

 

Thanks to Dawn M. for finding these little bundles of joy. It's been a latte fun!

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

Music - Best of April 2014

Feb. 24th, 2015 09:05 pm
ponyville_trot: Six cartoon ponies in a huddle (Default)
[personal profile] frith posting in [community profile] ponyville_trot
Following the trend in making everything a little bit more complicated and restrictive with every passing moment, YouTube has added two more annoyances. One is the "autoplay" feature that selects a new video and starts playing that as soon as whatever you are watching is finished, and the other is the "your browser is no longer supported" message that pops up when I attempt to edit the URL to its simplest form. What's next, region locking? Oh, right.

VocalScorePony -- She's A Vampire. Music theatre, vocal and guitar.


Source: https://www.youtube.com/watch?v=aK_d9BoE7K8

No download link.

Here's the original by PsychGoth which is quite awesome: https://www.youtube.com/watch?v=SkfGyPr3tOA

Download PsychGoth's track: http://www.mediafire.com/download/8gdj9v74cxrgl78/She%27s+a+Vampire+%28P-Type%29.mp3

Seven more tracks, the best of hundreds, under the cut. )

Adventures with A

Feb. 25th, 2015 09:25 am
[personal profile] puzzlement posting in [community profile] incrementum
Originally posted to incrementum.puzzling.org. Comment there unless you have a Dreamwidth login.

She still crawls, which is fortunate in a way because I’d hate to have missed capturing it. She doesn’t even yet stand without holding onto things but given that I found her standing on tiptoes to get to something she wanted the other day, she can’t have long to go in the crawling and holding on space.

This is very representative, including how she is reluctant to put her knees down on rough surfaces:


Video: she crawls

Here she is standing up and messing with the clothes horse, which Andrew would have stopped rather than filmed. It might seem boring BUT watch for her smiling at you at the end!


Video: she smiles!

What do you expect? (a poll)

Feb. 24th, 2015 01:36 pm
brainwane: My smiling face, in front of a wall and a brown poster. (Default)
[personal profile] brainwane
A few bits of thought passed across my mind recently, about legacy and friendship and the law, and I found myself curious about whether I'm quite different from my friends in my assumptions about the way my life will go. So: a three-question poll.

Poll #16481 What do you expect?
This poll is anonymous.
Open to: Registered Users, detailed results viewable to: Just the Poll Creator, participants: 31

Do you expect that someone will, in the future, systematically research your life, e.g., by reading all of your public blog posts and interviewing your friends and family?

Definitely
2 (6.5%)

Probably
9 (29.0%)

Probably not
11 (35.5%)

No
9 (29.0%)

Not applicable; I know that this has already happened
0 (0.0%)

If you have never been sued before, do you expect that someone will someday sue you?

Definitely
0 (0.0%)

Probably
5 (16.1%)

Probably not
21 (67.7%)

No
5 (16.1%)

Not applicable; I have been sued before
0 (0.0%)

Do you expect that you have already met everyone who's going to be very important in your life?

Definitely
0 (0.0%)

Probably
5 (16.1%)

Probably not
10 (32.3%)

No
16 (51.6%)



The poll is anonymous. Please feel free to elaborate on your answers in the comments! EDITED TO ADD: And comments are screened by default and I'm going to leave them screened unless you say it's ok to unscreen.
[syndicated profile] sumana_feed
I have been rereading Dave Barry's Dave Barry In Cyberspace (published in 1996), which has held up about as well as Neal Stephenson's In The Beginning Was The Command Line (1999).

On the software you'll need for your personal computer:

First off, you need an operating system, which is the "Godfather" program that operates behind the scenes, telling all the other programs what to do, making sure they cooperate, and if necessary leaving the heads of horses in their beds. The most popular operating system in world history as of 10:30 A.M. today is Windows 95, but there are many other options, including Windows 3.1, Windows 3.11, Windows 3.111, Windows for Workgroups, Windows for Groups That Mainly Just Screw Around, Windows for Repeat Offenders, Lo-Fat Windows, and The Artist Formerly Known as Windows. There is also the old "MS-DOS" operating system, which is actually written on parchment and is rarely used on computers manufactured after the French and Indian War. And there is "OS/2," which was developed at enormous expense by IBM and marketed as a Windows alternative, and which has won a loyal following of thousands of people, an estimated three of whom do not work for IBM. And of course there is the Apple operating system, or "Apple operating system," for your hippie beatnik weirdo loner narcotics-ingesting communistic types of Apple-owning individuals who are frankly too wussy to handle the challenge of hand-to-hand combat with computer systems specifically designed to thwart them.

On the internet:

... I had managed to send this hideously embarrassing message to everybody in the world except the person who was supposed to read it.

Yes, thanks to the awesome communications capabilities of the Internet, I was able to make an intergalactic fool of myself, and there's no reason why you can't do the same.

Prefiguring Clay Shirky's cognitive surplus arguments:

So go ahead! Get on the Web! In my opinion, it's WAY more fun than television, and what harm can it do?

OK, it can kill brain cells by the billions. But you don't need brain cells. You have a computer.

The origin of Bill Gates's wealth: "versions."

How much should your new computer cost? "About $350 less than you will actually pay."

Also, I am gonna avoid G7e rage and not quote the entire section, but check out the Comdex chapter for Barry's thoughts on the limited range of stories and game mechanics available in games written by and for men in 1996, and his speculation on what more diversity would look like.

The fiction short story that appears in two parts at the end of the book causes disproportionate feels in me, because it's about falling in love with a stranger via America OnLine chat, and I read it around the same time I fell in love with a guy I met on Usenet, via a Dave Barry fan group. Oh dear I just looked him up and he has a freaking beard. I don't know why that detail gets to me, but I was not prepared for that. At this moment I am under a blanket on my couch in New York City with midmorning light bouncing off brick and fire escapes outside, but I am also in hand-me-down tee shirt and shorts in front of a 486, easily remembering how to turn the audible modem volume all the way down so Mom and Dad don't hear me dialing in, the mousepad the only clear area on my dad's desk that's cluttered with printouts and Post-Its and boxes of 5-and-a-quarter floppies, navigating to HoTMaiL, California night outside the blinds. And now I'm remembering all those other local maxima and minima of my teenage life, and how intense things felt. He sent me a photo and I printed it out in black and white and took it into my AP US History test. That printout is probably still in a box somewhere. He dumped me, and we never met, and I wonder whether either of us still has a copy of that email.

And now the only Dave Barry book I own is Dave Barry in Cyberspace. It's still funny and it still has a barb in it. I am genuinely curious whether people ten years younger than me would enjoy it, since clearly part of what I'm getting out of it is nostalgia. And now I'm thinking about setting a reminder to myself to read current tech humor by Rose Ames and James Mickens in 2035.

The War on Baby Showers

Feb. 24th, 2015 02:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

With all the scary C-section and jelly-soaked vagina cakes out there, I think we've lost track of what a baby shower cake SHOULD be.

No, this isn't it.

 

C'mon, guys, what's wrong with a sweet, heartfelt sentiment?

 

 

Or a cutesy character?

 

(On the plus side, it's nice seeing chocolate curls used for something other than "down there hair." [shudder])

 

Ok, how about some baby accessories? You know, bottles and bows, pacifiers and... uh...

...pee sticks.

Of course pee sticks.

 

Guess that beats putting the real thing on there, though - which, oh yes, people keep doing:

Thanks for not jamming the business end into the icing, I guess.

::sigh::

 

Ok, fine. Go back to your belly and butt and vajayjay cakes, people. BUT KNOW THIS: someday you, too, could be told, "There's cake in the break room!" like poor Lynds here, only to find that THIS is what someone actually brought in to work:

Clean up on aisle 3. Bring lots of brain bleach.

 

Thanks to Amanda S., Anony S., Rebekah D., Colleen F., Beka K., Corey, Nellie C., & Lynds for ensuring I will never eat a chocolate-sprinkled raspberry donut ever again.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

A Stroll Through the Woods

Feb. 23rd, 2015 08:14 pm
ponyville_trot: Six cartoon ponies in a huddle (Default)
[personal profile] frith posting in [community profile] ponyville_trot
a_stroll_through_the_woods_by_nein_skill
Source: http://nein-skill.deviantart.com/art/A-Stroll-through-the-Woods-448509282

A good job matching the Source Film Maker puppet to the background. The soft focus helps. The hooves on the left limbs are not flat to the ground and seem to be floating.

The piratical fireman

Feb. 24th, 2015 09:11 am
[personal profile] puzzlement posting in [community profile] incrementum
Originally posted to incrementum.puzzling.org. Comment there unless you have a Dreamwidth login.

Before V started school, my mother asked if he was wearing his uniform non-stop. I said he had wanted to initially, but that was before he got a fireman costume for his birthday:

Fireman costume

But don’t worry, even that can be improved on, as he determined the following day when he went to the other party (of pass-the-parcel fame) and added an eyepatch to the ensemble:

Pirate fireman

[syndicated profile] female_cs_feed

Posted by Gail Carmichael

Earlier this month, our Education Development Centre hosted a teaching round table on the flipped classroom.  At the session, engineering instructor Shermeen Nizami shared her philosophy for flipping her own fourth year undergraduate class.

Nizami began by sharing Rogers' diffusion of innovation theory.  She found this after her first flipped course was over, but felt it correlated well with that happened in class.  As shown in the below diagram, there are innovators, early adopters, the early majority, the late majority, and the laggards.  The distribution of these groups is shown in blue, while market share of an innovation is shown in yellow.  A question Nizami asked herself was who is in the chasm? Why do some students feel like the flipped classroom teacher is not doing her job? ("I want you to lecture to me!") For any classroom innovation to be successful, we need buy-in from students.


Why flip in the first place? In any given class, 30% of learners are apparently blocked; they can't be reached.  60% might be described as passive learners, and only 10% as active learners.  Could flipping help bring more students into the active segment? Is it worth it? It is if you believe that more students fail a lecture-based class than an active class, and that the rates of retention claimed in the learning pyramid are even close to accurate.

How do you flip? Nizimi says teachers need to look through the eyes of a student, and help students see themselves as their own teachers.  The mindset of both the student and the teacher need to be flipped. The teacher needs to be careful to keep students at the points of maximal learning: at the edge of their comfort zone, but not quite into the panic zone.

Design thinking gave Nizimi an useful model with which to approach her classroom:
  • Empathize: validate the level of difficulty students face in class
  • Define: gain students' confidence that you are on their side and not trying to trick them
  • Ideate: involve students and come up with creative solutions
  • Prototype: create opportunities for students to try out the proposed solutions
  • Test: solicit student feedback; be brave
The round table ended before we got a chance to get into the meat of what Nizimi's students were actually asked to do before and during class, but I did appreciate the constant reminder that we should involve students in the learning process as much as possible.  Whether I get the opportunity to formally flip or not, I hope to keep that thought in mind in all my teaching practice.

Leave Blank Space, Baby

Feb. 23rd, 2015 02:00 pm
[syndicated profile] cakewrecks_feed

Posted by Sharyn

I figure the only way I'm going to get rid of this earworm is by giving it to you guys. So...

Hit it!

 

So, it's gonna be forever

 

Or it's gonna go down in flames.

 

You can tell me when it's over,

 

If the high was worth the pain.

 

Got a long list of ex-lovers!

 

They'll tell you...

I'm insaaaane.

 

But I got a blank space, baby...

 

And I'll write your name!

 

Toe-tapping thanks to Lindsay W., Meredith G., Daisy S., Telitha G., Sheri T., Geneva W., Christine S., and Elisabeth T. You know I'll love you guys forever, don't you?

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

Meta: This Week

Feb. 23rd, 2015 01:00 pm
[syndicated profile] accidentallyincode_feed

Posted by Cate

Screen Shot 2015-02-22 at 8.36.00 pm

My latest this week post is numbered #64. Which is a long time to have kept that up; I did not think I would be so successful at it. I especially did not think that I would see other people using this format to reflect on their life!

What I love about it:

  • It’s a commitment to 30-60 minutes every weekend to think about what the previous week has been like. This helps me think about what I have achieved and what was great about it.
  • It helps me collect my pictures (I take a lot of pictures, I tweet most of them, but this feels more permanent).
  • I share a lot of content on Twitter and this is also a place to capture things that I found interesting.
  • It reminds me to update more static pages, like my speaking or elsewhere pages.
  • I do it purely for me and expected people to skip over it, but periodically someone tells me they appreciated some aspect about it.

My process:

  • Start a post with the same headings as usual, from memory.
  • Fill in “published”.
  • Take a first pass at “work” and “life”.
  • Re-read last week’s post and reflect on what has happened since.
  • Fill in things I realise as a result.
  • Scroll back through Twitter to where the links from last week end off.
  • Manually cut and paste tweets over. I could automate this, but I value seeing what I thought was important, and often tweets without links capture things that I add to the longer form sections.
  • Fill in any “achievements” like things published not on my blog, or conference announcements, as I find them.
  • Add media (if I’ve been reading a lot I have to look this up on my Kindle).
  • Fill in places I went with the help of my Foursquare history.

The Weekly Writing Update

Feb. 23rd, 2015 12:30 pm
[syndicated profile] hawthornlandings_feed

Posted by Leslie Hawthorn

A bit late, but better late than never.

I didn’t get any writing done for this blog last week, but I did complete an interview for the Geek Feminism Blog on the #LABHR experiment and on Getting Started in Open Source for the Anita Borg Institute. Both posts are forthcoming, and I believe the Getting Started post will run on the Systers blog.

If anyone has suggestions for topics I ought to address, I’d be grateful. Leave a note in the comments section or ping me on Twitter.

In other news, I’ve been really excited about how many expressions of appreciation and gratitude I’ve seen go by on Twitter under the LABHR hashtag. I’ve also counted 15+ “permanent recommendations,” meaning posts on LinkedIn or individual’s blogs. The Twitter shout outs are absolutely amazing, but its my firm hope that we’ll all produce referenceable posts of appreciation that can help folks in their careers in addition to brightening their day.

Here’s a few of my favorite #LABHR recommendations so far:

Many thanks to everyone who has participated in the #LABHR experiment to date. Please keep those recommendations and expressions of gratitude coming!


[syndicated profile] geekfeminism_feed

Posted by spam-spam

  • DiversityMediocrityIllusion | Martin Fowler (January 13): “A common argument against pushing for greater diversity is that it will lower standards, raising the spectre of a diverse but mediocre group.” Martin Fowler explains why that’s nonsense.
  • On the Wadhwa Within, and Leaving | Medium (February): “That’s why I’m wary of the villainization of Vivek Wadhwa. For all that he is cartoonishly bad, going after him full force has the effect of drawing a bright line between Good People who see and crow over the error of Wadhwa’s ways and Bad People like Vivek. “
  • Q&A: Gillian Jacobs On Directing Her First Film And The Myth Of The Male Computer Geek | FiveThirtyEight (January 30): “This week, FiveThirtyEight launched its documentary film about Grace Hopper, a rear admiral in the U.S. Navy and the driving force behind the first compiled programming language.”
  • Video Games’ Blackness Problem | Evan Narcisse on Kotaku (February 19): “I decided to email with several prominent black critics and game developers to start a conversation. What is the source of video gaming’s blackness problem? What is to be done? I enlisted games researcher and critic Austin Walker, Treachery in Beatdown City developer Shawn Alexander Allen, Joylancer developer TJ Thomas and SoulForm developer and Brooklyn Gamery co-founder Catt Small to talk about what we all thought.”
  • I Pretended to Be a Male Gamer to Avoid Harassment | Daily Life (December 11): “Things went along smoothly until I started playing at the top level of WoW (World of Warcraft). To participate, you have to join a ‘guild’ — a large group of people who can commit to playing for long sessions. Being allowed into a guild is like a job interview, and as part of that process (like proving I had access to voice chat) I had to reveal that I was a girl.”
  • “Lean the f*** away from me”: Jessica Williams, “impostor syndrome” and the many ways we serially doubt women | Salon.com (February 18): “After a week of intense speculation about who would be taking over “The Daily Show,” Jessica Williams addressed the rumors that she was (or at least should be) the heir apparent for host. In a series of tweets, Williams thanked people for the support, but said she wouldn’t be sitting behind the anchor desk any time soon. (…) A little while later, a writer for the Billfold responded to Williams’ announcement with a piece that claimed she was a “victim” of impostor syndrome, and that she needed to “lean in.” “
  • Feminist writers are so besieged by online abuse that some have begun to retire | The Washington Post (February 20): “Jessica Valenti is one of the most successful and visible feminists of her generation. As a columnist for the Guardian, her face regularly appears on the site’s front page. She has written five books, one of which was adapted into a documentary, since founding the blog Feministing.com. She gives speeches all over the country. And she tells me that, because of the nonstop harassment that feminist writers face online, if she could start over, she might prefer to be completely anonymous.”
  • Research suggests that the pipeline of science talent may leak for men and women at the same rate | Inside Higher Ed (February 18): “For years, experts on the academic and scientific workforce have talked about a “leaky pipeline” in which women with talent in science and technology fields are less likely than men to pursue doctorates and potentially become faculty members. A study published Tuesday in the journal Frontiers in Psychology says that the pipeline may no longer be leaking more women than men.”
  • Life Hacks for the Marginalized | Medium (February 16): “Being human is hard! It’s even harder when your humanity is brought into question on a daily basis. But don’t let that get you down! So you’re not white/straight/male/abled/cisgendered/thin/rich — that doesn’t mean your life is over! It just means it’s much, much, much, much, much, much harder.
    Luckily, we have some time-saving tips that can help! By “help,” we mean “mildly mitigate your problems.” To solve them completely, try building a time machine and either engineering a whole new history that gives your people more power, or fast-forwarding to a post-patriarchy utopia.”
  • Like it or not, Supanova, popular culture is political | The Drum (Australian Broadcasting Corporation) (February 18): “Online protesters have urged Supanova to reconsider Baldwin’s attendance given the inflammatory and offensive comments he regularly makes on social media, particularly about women, transgender people and gay people. But when the expo released a statement saying it would be proceeding as planned, it showed it didn’t care about creating a safe and inclusive environment for attendees.”
  • The War for the Soul of Geek Culture | moviepilot.com (February 16): “The irony is that while externally, geeks are being accepted as a whole, internally, the story is much different. There’s an ugly core of nastiness coming from a very vocal minority, and as geek culture continues to expand, they only grow louder. And while the nastier moments of that ugly minority are starting to be recognized and picked up by mainstream media, it’s still largely our problem. Simply put, there is a war being waged right now for the soul of geek culture. And it’s a hell of a lot uglier than you realize.”
  • Binary Coeds | BackStory with the American History Guys (February 6): “The idea [of] the male programmer may be a stereotype, but having a male-heavy workforce is a real issue for the industry. Companies see a big gender disparity when they look at their technical workforce, and many are asking themselves how to get more women into computer science. But when you look at the history of computer programming, the question actually looks a little different. It’s less about how to get women into computer science than about how to get women back into computing.”
  • How To Talk To Girls On Twitter Without Coming Off Like A Creepy Rando | Adequate Man (February 17): “So, here you are, my friend, following a lot of brilliant women on Twitter (I hope). It’s so fun, and the best part of Twitter is connecting with people, so you want to reply to some of her great tweets with your own great opinions and jokes! Cool, cool, but here are some things to keep in mind.”
  • Art+Feminism Is Hosting Its Second Ever Wikipedia Edit-a-thon To Promote Gender Equality | The Mary Sue (February 18): ” In 2011, a survey conducted by the Wikimedia Foundation found that less than 10% of Wikipedia editors identified as female, to say nothing of recent clashes between editors in the Gamergate article that resulted in several women being banned from writing about gender at all. But just talking about the problem isn’t going to create more female editors—training women who are interested will.”
  • #ScienceWoman Special Project | Amy Poehler’s Smart Girls (February 16): “Amy Poehler’s Smart Girls is teaming up with the hit PBS Digital Studios science YouTube show It’s Okay To Be Smart to celebrate amazing women in science. We’ve got a special project planned for the beginning of March, but we can’t do it without YOU!”

We link to a variety of sources, some of which are personal blogs.  If you visit other sites linked herein, we ask that you respect the commenting policy and individual culture of those sites.

You can suggest links for future linkspams in comments here, or by using the “geekfeminism” tag on Pinboard, Delicious or Diigo; or the “#geekfeminism” tag on Twitter. Please note that we tend to stick to publishing recent links (from the last month or so).

Thanks to everyone who suggested links.

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

Two former security employees at Intuit — the makers of the popular tax preparation software and service TurboTax – allege that the company has made millions of dollars knowingly processing state and federal tax refunds filed by cybercriminals. Intuit says it leads the industry in voluntarily reporting suspicious returns, and that ultimately it is up to the Internal Revenue Service to develop industry-wide requirements for tax preparation firms to follow in their fight against the multi-billion dollar problem of tax refund fraud.

Last week, KrebsOnSecurity published an exclusive interview with Indu Kodukula, Intuit’s chief information security officer. Kodukula explained that customer password re-use was a major cause of a spike this tax season in fraudulent state tax refund requests. The increase in phony state refund requests prompted several state revenue departments to complain to their state attorneys general. In response, TurboTax temporarily halted all state filings while it investigated claims of a possible breach. The company resumed state filing shortly after that pause, saying it could find no evidence that customers’ TurboTax credentials had been stolen from its network.

Kodukula noted that although the incidence of hijacked, existing TurboTax accounts was rapidly growing, the majority of refund scams the company has to deal with stem from “stolen identity refund fraud” or SIRF. In SIRF, the thieves gather pieces of data about taxpayers from outside means — through phishing attacks or identity theft services in the underground, for example — then create accounts at TurboTax in the victims’ names and file fraudulent tax refund claims with the IRS.

Kodukula cast Intuit as an industry leader in helping the IRS identify and ultimately deny suspicious tax returns. But that portrayal only tells part of the story, according to two former Intuit employees who until recently each held crucial security positions helping the company identify and fight tax fraud. Both individuals described a company that has intentionally dialed back efforts to crack down on SIRF so as not to lose market share when fraudsters began shifting their business to Intuit’s competitors.

Robert Lee, a security business partner at Intuit’s consumer tax group until his departure from the company in July 2014, said he and his team at Intuit developed sophisticated fraud models to help Intuit quickly identify and close accounts that were being used by crooks to commit massive amounts of SIRF fraud.

But Lee said he was mystified when Intuit repeatedly refused to adopt some basic policies that would make it more costly and complicated for fraudsters to abuse the company’s service for tax refund fraud, such as blocking the re-use of the same Social Security number across a certain number of TurboTax accounts, or preventing the same account from filing more than a small number of tax returns.

“If I sign up for an account and file tax refund requests on 100 people who are not me, it’s obviously fraud,” Lee said in an interview with KrebsOnSecurity. “We found literally millions of accounts that were 100 percent used only for fraud. But management explicitly forbade us from either flagging the accounts as fraudulent, or turning off those accounts.

The allegations surface just days after Senate Finance Committee Chairman Orrin Hatch (R., Utah) said his panel will be holding hearings on reports about a spike in fraudulent filings through TurboTax and elsewhere. The House Ways and Means Committee is reportedly looking into the matter and has held bipartisan staff-level discussions with the IRS and Intuit.

The Federal Trade Commission (FTC) said it received 332,646 identity theft complaints in the calendar year 2014, and that almost one-third of them — the largest portion — were tax-related identity theft complaints. Tax identity theft has been the largest ID theft category for the last five years.

According to a recent report (PDF) from the U.S. Government Accountability Office (GAO), the IRS estimated it prevented $24.2 billion in fraudulent identity theft refunds in 2013.  Unfortunately, the IRS also paid $5.8 billion that year for refund requests later determined to be fraud. The GAO noted that because of the difficulties in knowing the amount of undetected fraud, the actual amount could far exceed those estimates.

SQUEEZING THE BALLOON

Lee said the scammers who hijack existing TurboTax accounts most often will use stolen credit cards to pay the $25-$50 TurboTax fee for processing and sending the refund request to the IRS.

But he said the crooks perpetrating SIRF typically force the IRS — and, by extension, U.S. taxpayers — to cover the fee for their bogus filings. That’s because most SIRF filings take advantage of what’s known in the online tax preparation business as a ‘refund transfer’, which deducts TurboTax’s filing fee from the total amount of the fraudulent refund request. If the IRS then approves the fraudulent return, TurboTax gets paid.

“The reason fraudsters love this system is because they don’t even have to use stolen credit cards to do it,” Lee said. “What’s really going on here is that the fraud business is actually profitable for Intuit.”

Lee confirmed Kodukula’s narrative that Intuit is an industry leader in sending the IRS regular reports about tax returns that appear suspicious. But he said the company eventually scaled back those reports after noticing that the overall fraud the IRS was reporting wasn’t decreasing as a result of Intuit’s reporting: Fraudsters were simply taking their business to Intuit’s competitors.

“We noticed the IRS started taking action, and because of this, we started to see not only our fraud numbers but also our revenue go down before the peak of tax season a couple of years ago,” Lee recalled. “When we stopped or delayed sending those fraud numbers, we saw the fraud and our revenue go back up.

Lee said that early on, the reports on returns that Intuit’s fraud teams flagged as bogus were sent immediately to the IRS.

“Then, there was a time period where we didn’t deliver that information at all,” he said. “And then at one point there was a two-week delay added between the time the information was ready and the time it was submitted to the IRS. There was no technical reason for that delay, but I can only speculate what the real justification for that was.”

KrebsOnSecurity obtained a copy of a recording made of an internal Intuit conference call on Oct. 14, 2014, in which Michael Lyons, TurboTax’s deputy general counsel, describes the risks of the company being overly aggressive — relative to its competitors — in flagging suspicious tax returns for the IRS.

“As you can imagine, the bad guys being smart and savvy, they saw this and noticed it, they just went somewhere else,” Lyons said in the recording. “The amount of fraudulent activity didn’t change. The landscape didn’t change. It was like squeezing a balloon. They recognized that TurboTax returns were getting stopped at the door. So they said, ‘We’ll just go over to H&R Block, to TaxSlayer or TaxAct, or whatever.’ And all of a sudden we saw what we call ‘multi-filer activity’ had completely dropped off a cliff but the amount that the IRS reported coming through digital channels and through their self reported fraud network was not changing at all. The bad guys had just gone from us to others.”

That recording was shared by Shane MacDougall, formerly a principal security engineer at Intuit. MacDougall resigned from the company last week and filed an official whistleblower complaint with the U.S. Securities and Exchange Commission, alleging that the company routinely placed profits ahead of ethics. MacDougall submitted the recording in his filing with the SEC.

“Complainant repeatedly raised issues with managers, directors, and even [a senior vice president] of the company to try to rectify ongoing fraud, but was repeatedly rebuffed and told Intuit couldn’t do anything that would ‘hurt the numbers’,” MacDougall wrote in his SEC filing. “Complainant repeatedly offered solutions to help stop the fraud, but was ignored.”

NO RULES OF THE ROAD

For its part, Intuit maintains that it is well out in front of its competitors in voluntarily reporting to the IRS refund requests that the company has flagged as suspicious. The company also stresses that it has done so even though the IRS still has not promulgated rules that require TurboTax and its competitors to report suspicious returns  — or even how to report such activity. Intuit executives say they went to the IRS three years ago to request specific authority to share that information. The IRS did not respond to requests for comment.

Intuit officials declined to address Lyons’ recorded comments specifically, although they did confirm that a company attorney led an employee WebEx meeting on the date the recording was made. But David Williams, Intuit’s chief tax officer, said what’s missing from the recorded conversation excerpted above is that Intuit has been at the forefront of asking the IRS to propose industry standards that every industry player can follow — requests that have so far gone unheeded.

“We have led the industry in making suspicious activity reports, and I’d venture to say that virtually all of the returns that Mr. Lee is quoted as referring to appear in our suspicious activity reports and are stopped by the IRS,” Williams said. “Whatever else Mr. Lee may have seen, I’m not buying the premise that somehow there was a profit motive in it for us.”

Robert Lanesey, Inuit’s chief communications officer, said Intuit doesn’t make a penny on tax filings that are ultimately rejected by the IRS.

“Revenue that comes from reports included in our suspicious activity reports to the IRS has dropped precipitously as we have changed and improved our reporting mechanisms,” Lanesey said. “When it comes to market share, it doesn’t count toward our market share unless it’s a successful return. We’ve gotten better and we’ve gotten more accurate, but it’s not about money.”

Williams added that it is not up to Intuit to block returns from being filed, and that it is the IRS’s sole determination whether to process a given refund request.

“We will flag them as suspicious, but we do not get to determine if a return is fraud,” Williams said. “It’s the IRS’s responsibility and ultimately they make that decision. What I will tell you is that of the ones we report as suspicious, the IRS rejects a very high percentage, somewhere in the 80-90 percent range.”

Earlier this month, Intuit CEO Brad Smith sent a letter to the commissioner of the IRS,  noting that while Intuit sends reports to the IRS when it sees patterns of suspicious behavior, the government has been limited in the types of information it can share with parties, including tax-preparation firms.

“The IRS could be the convener to bring the States together to help drive common standards adoption,” Smith wrote, offering the assistance of Intuit staff members “to work directly with the IRS and the States in whatever ways may be of assistance…as the fight against fraud goes forward.”

ZERO FALSE POSITIVES

Lee and MacDougall both said Intuit’s official approach to fighting fraud is guided by a policy of zero tolerance for so-called “false positives” — the problem of incorrectly flagging a legitimate customer refund request as suspicious, and possibly incurring the double whammy of a delay in the customer’s refund and an inquiry by the IRS. This is supported by audio recordings of conference calls between Intuit’s senior executives that were shared with KrebsOnSecurity.

“We protect the sanctity of the customer experience and hold it as inviolate,” Intuit’s General
Counsel Michael Lyons can be heard saying on a recorded October 2014 internal conference call. “We do everything we can to organize the best screening program we can, but we avoid false positives at all costs. Because getting a legitimate taxpayer ensnared in the ‘you’re a bad guy’ area with the IRS is hell. Once your return gets flagged as suspicious, rejected and the IRS starts investigating, you’re not in a good place. More than 50 percent of people out there are living paycheck to paycheck, and when this is the biggest paycheck of the year for them, they can’t afford to get erroneously flagged as fraud and have to prove to the IRS who they are so that they can get that legitimate refund that they were expecting months ago.”

On the same conference call, MacDougall can be heard asking Lyons why the company wouldn’t want to use security as a way to set the company apart from its competitors in the online tax preparation industry.

“We don’t use security as a marketing tactic for Intuit,” Lyons explained. “We declared that this was one of our principles. It is always possible for Intuit to build a better mousetrap. But because it doesn’t solve the systemic problem of bad guys doing this, all it really does is shoot us in the foot and make it slightly easier for IRS to continue to kick the can down the road. What it does do is artificially harm our numbers and artificially inflate the competitive numbers associated with digital tax returns.”

Intuit’s Lanesey confirmed Lee’s claim that Intuit adds a delay — it is currently three weeks — from the time a customer files a refund claim and the time it transmits “scoring” data to the IRS intended to communicate which returns the company believes are suspicious. Lanesey said the delay was added specifically to avoid false positives.

“The reason we did that was that when we started this reporting, we weren’t accurate, and were ensnaring legitimate taxpayers in that process,” Lanesey said. “We slowed down and spent more time to review to make sure we could get more accurate and we have in fact done exactly that. The match rates between what the IRS rejects and what we send are now measurably higher today with the new reporting than they were then.”

Unfortunately, three weeks is about how long the IRS takes to decide whether to reject or approve tax refund requests. In an August 2014 report to Congress on the tax refund fraud epidemic, the GAO said that for 2014, the IRS informed taxpayers that it would generally issue refunds in less than 21 days after receiving a tax return — primarily because the IRS is required by law to pay interest if it takes longer than 45 days after the due date of the return to issue a refund.

Williams said Intuit is open to shortening its reporting delay.

“As we’ve gotten better at this and the IRS has gotten better at this, we can certainly look at shortening the timeframes,” he said. “Given the fact that over the past few years we’ve improved our speed, processes and techniques for reporting accurately, we can certainly explore whether they are able to take the data we give them and we are able to provide it to them in a way that is more useful.”

BUILDING A BETTER MOUSETRAP

The scourge of tax fraud is hardly a problem confined to TurboTax, but with nearly 29 million customers last year TurboTax is by far the biggest player in the market. In contrast, H&R Block and TaxAct each handled seven million prepared returns last year, according to figures collected by The Wall Street Journal.

Both Lee and MacDougall said they wanted to go public with their concerns because TurboTax and the rest of the industry  have for so long put off implementing stronger account security measures. MacDougall said he filed the whistleblower complaint with the SEC because he witnessed a pattern of activity within Intuit’s management that suggested the firm was not interested in stopping fraud if it meant throttling profits when none of its competitors were doing the same.

MacDougall said that about a year ago he had a meeting with the head of Intuit’s security division wherein security team members were asked to pitch their projects for the year. MacDougall said he thought his idea was certain to generate an enthusiastic response from higher-ups at the company: Build a fraud ‘honeypot.’

In information security terminology, a honeypot is a virtual holding area to which known or suspected fraudsters are redirected, so that their actions and activities can be monitored and mined for patterns that potentially aid in better identifying fraudulent activity. Honeypots also serve a more cathartic — albeit potentially just as useful — purpose: They tie up the time and attention of the fraudsters and cause them to waste tons of resources on fruitless activity.

“My project was going to be a fraud honeypot,” MacDougall recalled. “My pitch was that we would create a honeypot in TurboTax so that every time a fraudster came in and we figured it out, we’d switch them over to the honeypot version of the site so that we could waste their time, exhaust their resources, and at the end of the day they wouldn’t know they’d been scammed for several weeks, when they finally realized that none of their fraudulent returns had even been filed.”

But MacDougall said he was stunned when his boss emphatically rejected his idea for use on TurboTax accounts. Instead, she brought up the fraud-as-a-balloon analogy, MacDougall said.

“She said ‘You can use this on any other product except TurboTax’,” MacDougall said. “I asked why we wouldn’t want to use this on our flagship product, and her answer was that this was an industry problem and not just a TurboTax problem.”

whattodo copyOnly after Intuit was forced to temporarily suspend state filings earlier this month did the company’s chief executive announce plans to beef up the security of customer accounts. Intuit now says it plans to start requiring customers to validate their accounts, either via email, text message or by answering questions about their financial history relayed through the service by big-three credit bureau Experian.

Lee says those requirements are long overdue, but that they don’t go nearly far enough considering how much sensitive information Intuit holds about tens of millions of taxpayers.

“Tax preparers ought to apply similar ‘know your customer’ practices that we see in the financial markets,” he said. “When you give your most sensitive data and that of your family’s to a company, that company should offer you more security than you can get at Facebook or World of Warcraft,” Lee said, referring to two popular online businesses that have long offered the type of multi-factor authentication that Intuit just announced this month.

At a minimum, Lee said, tax preparation companies should require users to prove they have access to the phone number and email address that they assign to their account, and should bar multiple accounts from using the same phone number or email address. TurboTax and others also should allow only one account per Social Security number, he said.

“The point here is not to shame Intuit, but to educate the American public about what’s going on,” Lee said. “The industry as a whole, not just Intuit, needs to grow up and tackle this fraud problem seriously.”

Intuit’s David Williams said the company is focused on remedying some of the account issues raised by Lee and others.

“To be fair, our recent experience with the states has been a wake-up call that we are going to be more aggressive than anybody going forward, even if we were just acting consistently [with the rest of the industry] in the past,” he said. “That’s why we always talk about our anti-fraud efforts as evolving. We don’t have every great idea in the world, but we’re always looking at improving.”

FOSSC Oman 2015

Feb. 22nd, 2015 06:15 pm
pleia2: (Default)
[personal profile] pleia2

This past week I had the honor of speaking at FOSSC Oman 2015 in Muscat, following an invitation last fall from Professor Hadj Bourdoucen and the organizing team. Prior to my trip I was able to meet up with 2013 speaker Cat Allman who gave me invaluable tips about visiting the country, but above all made me really excited to visit the middle east for the first time and meet the extraordinary people putting on the conference.


Some of the speakers and organizers meet on Tuesday, from left: Wolfgang F. Finke, Matthias Stürmer, Khalil Al Maawali, me and Hadj Bourdoucen

My first observation was that the conference staff really went out of their way to be welcoming to all the speakers, welcoming us at the hotel the day before the conference, making sure all our needs were met. My second was that the conference was that it was really well planned and funded. They did a wonderful job finding a diverse speaker list (both topic and gender-wise) from around the world. I was really happy to learn that the conference was also quite open and free to attend, so there were participants from other nearby companies, universities and colleges. I’ll also note that there were more women at this conference than I’ve ever seen at an open source conference, at least half the audience, perhaps slightly more.

The conference itself began on Wednesday morning with several introductions and welcome speeches from officials of Sultan Qaboos University (SQU), the Information Technology Authority (ITA) and Professor Hadj Bourdoucen who gave the opening FOSSC 2015 speech. These introductions were all in Arabic and we were all given headsets for live translations into English.

The first formal talk of the conference was Patrick Sinz on “FOSS as a motor for entrepreneurship and job creation.” In this talk he really spoke to the heart of why the trend has been leaning toward open source, with companies tired of being beholden to vendors for features, being surprised by changes in contracts, and the general freedom of not needing “permission” to alter the software that’s running your business, or your country. After a break, his talk was followed by one by Jan Wildeboer titled “Open is default.” He covered a lot in his talk, first talking about how 80% of most software stacks can easily be shared between companies without harming any competitive advantage, since everyone needs all the basics of hardware interaction, basic user interaction and more, thus making use of open source for this 80% an obvious choice. He also talked about open standards and how important it is to innovation that they exist. While on the topic of innovation he noted that instead of trying to make copies of proprietary offerings, open source is now leading innovation in many areas of technology, and has been for the past 5 years.

My talk came up right after Jan’s, and with a topic of “Building a Career in FOSS” it nicely worked into things that Patrick and Jan had just said before me. In this world of companies who need developers for features and where they’re paying good money for deployment of open source, there are a lot of jobs cropping up in the open source space. My talk gave a tour of some of the types of reasons one may contribute (aside from money, there’s passion for openness, recognition, and opportunity to work with contributors from around the world), types of ways to get involved (aside from programming, people are paid for deployments, documentation, support and more) and companies to aim for when looking to find a job working on open source (fully open source, open source core, open source division of a larger company). Slides from my talk are available here (pdf).

Directly following my talk, I participated in a panel with Patrick, Jan and Matthias (who I’d met the previous day) where we talked about some more general issues in the open source career space, including how language barriers can impact contributions, how the high profile open source security issues of 2014 have impacted the industry and some of the biggest mistakes developers make regarding software licenses.

The afternoon began with a talk by Hassan Al-Lawati on the “FOSS Initiative in Oman, Facts and Challenges” where he outlined the work they’ve been doing in their multi-year plan to promote the use and adoption of FOSS inside of Oman. Initiatives began with awareness campaigns to familiarize people with the idea of open source software, development of training material and programs, in addition to existing certificate programs in the industry, and the deployment of Open Source Labs where classes on and development of open source can be promoted. He talked about some of the further future plans including more advanced training. He wrapped up his talk by discussing some of the challenges, including continued fears about open source by established technologists and IT managers working with proprietary software and in general less historical demand for using open source solutions. Flavia Marzano spoke next on “The role and opportunities of FOSS in Public Administrations” where she drew upon her 15 years of experience working in the public sector in Italy to promote open source solutions. Her core points centered around the importance of the releasing of data by governments in open formats and the value of laws that make government organizations consider FOSS solutions, if not compel them. She also stressed that business leaders need to understand the value of using open source software, even if they themselves aren’t the ones who will get the read the source code, it’s important that someone in your organization can. Afternoon sessions wrapped up with a panel on open source in government, which talked about how cost is often not a motivator and that much of the work with governments is not a technical issue, but a political one.


FOSS in Government panel: David Hurley, Hassan Al-Lawati, Ali Al Shidhani and Flavia Marzano

The conference wrapped up with lunch around 2:30PM and then we all headed back to our hotels before an evening out, which I’ll talk more about in an upcoming post about my tourist fun in Muscat.

Thursday began a bit earlier than Wednesday, with the bus picking us up at the hotel at 7:45AM and first talks beginning at 8:30AM.

Matthias Stürmer kicked off the day with a talk on “Digital sustainability of open source communities” where he outlined characteristics of healthy open source communities. He first talked about the characteristics that defined digital sustainability, including transparency and lack of legal or policy restrictions. The characteristics of healthy open source communities included:

  • Good governance
  • Heterogeneous community (various motivations, organizations involved)
  • Nonprofit foundation (doing marketing)
  • Ecosystem of commercial service providers
  • Opportunity for users to get things done

It was a really valuable presentation, and his observations were similar to mine when it comes to healthy communities, particularly as they grow. His slides are pretty thorough with main points clearly defined and are up on slideshare here.

After his presentation, several of us speakers were whisked off to have a meeting with the Vice-chancellor of SQU to talk about some of the work that’s been done locally to promote open source education, adoption and training. Can’t say I was particularly useful at this session, lacking experience with formal public sector migration plans, but it was certainly interesting for me to participate in.

I then met up with Khalil for another adventure, over to Middle East College to give a short open source presentation to students in an introductory Linux class. The class met in one of the beautiful Open Source Labs that Hassan had mentioned in his talk, it was a real delight to go to one. It was also fascinating to see that the vast majority of the class was made up of women, with only a handful of men – quite the opposite from what I’m used to! My presentation quickly covered the basics of open source, the work I’ve done both as a paid and volunteer contributor, examples of some types of open source projects (different size, structure and volunteer to paid ratios) and common motivations for companies and individuals to get involved. The session concluded with a great Q&A session, followed by a bunch of pictures and chats with students. Slides from my talk are here (pdf).


Khalil and me at the OSL at MEC

My day wound down back at SQU by attending the paper sessions that concluded the conference and then lunch with my fellow speakers.

Now for some goodies!

There is a YouTube video of each day up, so you can skim through it along with the schedule to find specific talks:

There was also press at the conference, so you can see one release published on Zawya: FOSSC-Oman Kicks Off; Forum Focuses on FOSS Opportunities and Communities and an article by the Oman Tribune: Conference on open source software begins at SQU.

And more of my photos from the conference are here: https://www.flickr.com/photos/pleia2/sets/72157650553205488/

Originally published at pleia2's blog. You can comment here or there.

Profile

terriko: (Default)
terriko

February 2015

S M T W T F S
1 234567
8 91011121314
15 161718192021
22 232425262728

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Feb. 27th, 2015 01:04 pm
Powered by Dreamwidth Studios