[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

The Office of Personnel Management (OPM) has awarded a $133 million contract to a private firm in an effort to provide credit monitoring services for three years to nearly 22 million people who had their Social Security numbers and other sensitive data stolen by cybercriminals. But perhaps the agency should be offering the option to pay for the cost that victims may incur in “freezing” their credit files, a much more effective way of preventing identity theft.

Not long after news broke that Chinese hackers had stolen SSNs and far more sensitive data on 4.2 million individuals — including background investigations, fingerprint data, addresses, medical and mental-health history, and financial history — OPM announced it had awarded a contract worth more than $20 million to Austin, Texas-based identity protection firm CSID to provide 18 months of protection for those affected.

Soon after the CSID contract was awarded, the OPM acknowledged that the breach actually impacted more than five times as many individuals as originally thought. In response, the OPM has awarded a $133 million contract to Portland, Ore. based ID Experts.

No matter how you slice it, $133 million is a staggering figure for a service that in all likelihood will do little to prevent identity thieves from hijacking the names, good credit and good faith of breach victims. While state-sponsored hackers thought to be responsible for this breach were likely interested in the data for more strategic than financial reasons (recruiting, discovering and/or thwarting spies), the OPM should not force breach victims to pay for true protection.

As I’ve noted in story after story, identity protection services like those offered by CSID, Experian and others do little to block identity theft: The most you can hope for from these services is that they will notify you after crooks have opened a new line of credit in your name. Where these services do excel is in helping with the time-consuming and expensive process of cleaning up your credit report with the major credit reporting agencies.

Many of these third party services also induce people to provide even more information than was leaked in the original breach. For example, CSID offers the ability to “monitor thousands of websites, chat rooms, forums and networks, and alerts you if your personal information is being bought or sold online.” But in order to use this service, users are encouraged to provide bank account and credit card data, passport and medical ID numbers, as well as telephone numbers and driver’s license information.

The only step that will reliably block identity thieves from accessing your credit file — and therefore applying for new loans, credit cards and otherwise ruining your good name — is freezing your credit file with the major credit bureaus. This freeze process — described in detail in the primer, How I Learned to Stop Worrying and Embrace the Security Freeze — can be done online or over the phone. Each bureau will give the consumer a unique personal identification number (PIN) that the consumer will need to provide in the event that he needs to apply for new credit in the future.

But there’s a catch: Depending on which state in which you reside, the freeze can cost $5 to $15 per credit bureau. Also, in some states consumers can be charged a fee to temporarily lift the freeze.

It is true that most states allow consumers who can show they have been or are likely to be a victim of ID theft to obtain the freezes for free, but this generally requires the consumer to file a police report, obtain and mail a copy of that report along with photocopied identity documents, and submit an affidavit swearing that the victim believes his or her statement about identity theft to be true.

Unsurprisingly, many who seek the comprehensive protection offered by a freeze in the wake of a breach are more interested in securing the freeze than they are untangling a huge knot of red tape, and so they pay the freeze fees and get on with their lives.

The OPM’s advisory on this breach includes the same boilerplate advice sent to countless victims in other breaches, including the admonition to monitor’s one’s financial statements carefully, to obtain a free copy of one’s credit report from annualcreditreport.com, and to consider filing a free and/or fraud alert with the three major credit bureaus. Nowhere does the agency mention the availability or merits of establishing a security freeze.

If you were affected by the OPM breach, or if you’re interested in learning more about what you can do to protect your identity, please read this story.

Update, 2:30 p.m. ET: Identity Theft Guard Solutions LLC was the original, founding name of ID Experts, the Portland-based company that won the $133 million contract from the OPM. The story above has been changed to include the new name.

[syndicated profile] epbot_feed

Posted by Jen

If you follow me on Instagram (which I've only started using again the past few weeks) you may have seen some imaginative works-in-progress lately. John and I started this project almost exactly two months ago, and it's been a long road of trying new techniques and tools, but in the end, I really couldn't be happier.

Introducing... Figment:




He is completely handmade from scratch, from the tips of his split tail to his hand-embroidered sweater. I'll be posting a complete build break-down and plenty of process photos next week, so watch for that if you're curious how we did it all.
 

For you non-DizGeeks, here's one of the many vintage reference photos we used of the original Figment:
 
We're scrambling to finish Figment's two tiny wings today, but I wanted to get some decent photos before our daily deluge began. (So. Much. Rain!)

For now, here's his wing-less back view:


That stand John built is a work of genius, and I plan to paint it brass & have red velvet padding on the foot and tail bar. Because, oh yes, Figment WILL be on display in our home after DCon.


Speaking of which, John plans to step out as Dreamfinder with his not-so-little friend here on Saturday at Dragon Con, so watch for him then if you'd like a photo with the two cutest guys at the con. ;)





Don't MAKE Me Count To Threeth

Sep. 2nd, 2015 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

Remember the old saying?

 

"Twice is a coincidence...

 

"Three times is a pattern...

 

"And four times means there's some kind of voodoo curse involved."

 

Jennifer N., Amber D., Tara A., & Brynna R., you guys get the rooster tears, and I'll fetch a bucket of sprinkles. Meet back here at oh threeth hundred.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

And from my other blog, Epbot:


History of the L0pht

Sep. 2nd, 2015 07:04 am
[syndicated profile] bruce_schneier_feed

Posted by schneier

This Washington Post article uses the history of the L0pht to talk about the broader issues of Internet security.

[syndicated profile] female_cs_feed

Posted by Gail Carmichael

This blog post originates from the Heidelberg Laureate Forum Blog. The 3rd Heidelberg Laureate Forum is dedicated to mathematics and computer sciences, and takes place August 23-28, 2015. Abel, Fields, Turing and Nevanlinna Laureates will join the forum and meet 200 selected international young researchers.

As with my interview with John Hopcroft, I was most interested in what Sir Antony Hoare had to say about computer science education. He was, after all, knighted for his work in education in addition to research. I was also particularly fascinated with his effort to tie academia and industry together, for example by setting up an external Masters degree for software engineers.

©HLF/ / C. Flemming­ - All rights reserved 2015

My first question for Sir Hoare was about whether we should be concerned that undergraduate degrees try to address both theory and practice. Most graduates will go on to work in industry, but many academics seem to believe that they are training students primarily for academia. Sir Hoare's belief (and I happen to agree) is that theory is valuable to learn for all students regardless of their future paths. Learning theory helps you better understand what you're doing by noticing analogies to what you've done before, thus increasing your competence. Once you get into the workplace, theory can make your job less boring: it is fun to see real-life examples of the theory you learned in school! It can also help you understand when the code you write is 'good.'

Next, I was curious what Sir Hoare thought of active learning techniques in the classroom. Though he wasn't particularly familiar with recent approaches, he wouldn't say no to the possibility that they can improve learning. As with anything, if it's done well and in moderation, it can be a good thing. Then again, we can also talk about what makes a lecturer effective on their own: a good lecturer, he says, has charisma and motivates students with rhetoric. Further, the lecturer has many existing tools available, such as textbooks, tutorials, exercises, practical projects, and even discussions (sadly, we never had any of these in our undergrad CS classes). I would love to say that I believe all this is enough, but I have seen firsthand that, for far too many students, it isn't. It will be interesting to see what a typical undergraduate lecture hall will look like in a decade or two.

Finally, I told Sir Hoare that I couldn't not ask him a question about quicksort, but that I'd try to put a different spin on it. (This elicited a large smile.) I have used quicksort as a first introduction to recursion for my students in the past, including for my arts and social science students as they learn the basics of computational thinking. I wondered how he felt about its efficacy as a first example. It turns out that not only does he think it's great for teaching recursion, but he even had some fun ideas for how to do it. One is a wonderful video that explains the algorithm via a Hungarian folk dance. I've used the same set of videos in my lectures, and highly recommend them. Another idea is based on the card game Patience (also known as Solitaire).

It's interesting that Sir Hoare began our conversation with an admittance that he hasn't been working on education the last 15 years, so he thought he wouldn't have much to say about it. As you can see, I once again had a wonderful conversation on the topic, and am very glad to have gained some insight into Sir Hoare's thoughts on theory and practice in computer science education.


[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

A recent Reuters story accusing Russian security firm Kaspersky Lab of faking malware to harm rivals prompted denials from the company’s eponymous chief executive — Eugene Kaspersky — who called the story “complete BS” and noted that his firm was a victim of such activity.  But according to interviews with the CEO of Dr.Web — Kaspersky’s main competitor in Russia — both companies experimented with ways to expose antivirus vendors who blindly accepted malware intelligence shared by rival firms.

quarantineThe Reuters piece cited anonymous, former Kaspersky employees who said the company assigned staff to reverse-engineer competitors’ virus detection software to figure out how to fool those products into flagging good files as malicious. Such errors, known in the industry as “false positives,” can be quite costly, disruptive and embarrassing for antivirus vendors and their customers.

Reuters cited an experiment that Kaspersky first publicized in 2010, in which a German computer magazine created ten harmless files and told antivirus scanning service Virustotal.com that Kaspersky detected them as malicious (Virustotal aggregates data on suspicious files and shares them with security companies). The story said the campaign targeted antivirus products sold or given away by AVG, Avast and Microsoft.

“Within a week and a half, all 10 files were declared dangerous by as many as 14 security companies that had blindly followed Kaspersky’s lead, according to a media presentation given by senior Kaspersky analyst Magnus Kalkuhl in Moscow in January 2010,” wrote Reuters’ Joe Menn. “When Kaspersky’s complaints did not lead to significant change, the former employees said, it stepped up the sabotage.”

Eugene Kaspersky posted a lengthy denial of the story on his personal blog, calling the story a “conflation of a number of facts with a generous amount of pure fiction.”  But according to Dr.Web CEO Boris Sharov, Kaspersky was not alone in probing which antivirus firms were merely aping the technology of competitors instead of developing their own.

Dr. Web CEO Boris Sharov.

Dr.Web CEO Boris Sharov.

In an interview with KrebsOnSecurity, Sharov said Dr.Web conducted similar analyses and reached similar conclusions, although he said the company never mislabeled samples submitted to testing labs.

“We did the same kind of thing,” Sharov said. “We went to the [antivirus] testing laboratories and said, ‘We are sending you clean files, but a little bit modified. Could you please check what your system says about that?'”

Sharov said the testing lab came back very quickly with an answer: Seven antivirus products detected the clean files as malicious.

“At this point, we were very confused, because our explanation was very clear: ‘We are sending you clean files. A little bit modified, but clean, harmless files,'” Sharov recalled of an experiment the company said it conducted over three years ago. “We then observed the evolution of these two files, and a week later, half of the antivirus products were flagging them as bad. But we never flagged these ourselves as bad.”

Sharov said the experiments by both Dr.Web and Kaspersky — although conducted differently and independently — were attempts to expose the reality that many antivirus products are simply following the leaders.

“The security industry in that case becomes bullshit, because people believe in those products and use them in their corporate environments without understanding that those products are just following others,” Sharov said. “It’s unacceptable.”

According to Sharov, a good antivirus product actually consists of two products: One that is sold to customers in a box and/or or online, and the second component that customers will never see — the back-end internal infrastructure of people, machines and databases that are constantly scanning incoming suspicious files and testing the overall product for quality assurance. Such systems, he said, include exhaustive “clean file” tests, which scan incoming samples to make sure they are not simply known, good files. Programs that have never been seen before are nearly always given more scrutiny, but they also are a frequent source of false positives.

“We have sometimes false positives because we are unable to gather all the clean files in the world,” Sharov said. “We know that we can get some part of them, but pretty sure we never get 100 percent. Anyway, this second part of the [antivirus product] should be much more powerful, to make sure what you release to public is not harmful or dangerous.”

Sharov said some antivirus firms (he declined to name which) have traditionally not invested in all of this technology and manpower, but have nevertheless gained top market share.

“For me it’s not clear that [Kaspersky Lab] would have deliberately attacked other antivirus firm, because you can’t attack a company in this way if they don’t have the infrastructure behind it,” Sharov said.

“If you carry out your own analysis of each file you will never be fooled like this,” Sharov said of the testing Dr.Web and Kaspersky conducted. “Some products prefer just to look at what others are doing, and they are quite successful in the market, much more successful than we are. We are not mad about it, but when you think how much harm could bring to customers, it’s quite bad really.

Sharov said he questions the timing of the anonymous sources who contributed to the Reuters report, which comes amid increasingly rocky relations between the United States and Russia. Indeed, Reuters reported today the United States is now considering economic sanctions against both Russian and Chinese individuals for cyber attacks against U.S. commercial targets.

Missing from the Reuters piece that started this hubub is the back story to what Dr.Web and Kaspersky both say was the impetus for their experiments: A long-running debate in the antivirus industry over the accuracy, methodology and real-world relevance of staged antivirus comparison tests run by third-party firms like AV-Test.org and Av-Comparatives.org.

Such tests often show many products block 99 percent of all known threats, but critics of this kind of testing say it doesn’t measure real-world attacks, and in any case doesn’t reflect the reality that far too much malware is getting through antivirus defenses these days. For an example of this controversy, check out my piece from 2010, Anti-Virus Is a Poor Substitute for Common Sense.

How does all this affect the end user? My takeaway from that 2010 story hasn’t changed one bit: If you’re depending on an anti-virus product to save you from an ill-advised decision — such as opening an attachment in an e-mail you weren’t expecting, installing random video players from third-party sites, or downloading executable files from peer-to-peer file sharing networks — you’re playing a dangerous game of Russian Roulette with your computer.

Antivirus remains a useful — if somewhat antiquated and ineffective — approach to security.  Security is all about layers, and not depending on any one technology or approach to detect or save you from the latest threats. The most important layer in that security defense? You! Most threats succeed because they take advantage of human weaknesses (laziness, apathy, ignorance, etc.), and less because of their sophistication. So, take a few minutes to browse Krebs’s 3 Rules for Online Safety, and my Tools for a Safer PC primer.

Further reading:

Antivirus is Dead: Long Live Antivirus!

Exclusive: Russia’s Kaspersky Threatened to ‘Rub Out’ Rival, Email Shows

[syndicated profile] cakewrecks_feed

Posted by Jen

It's International Enthusiasm Week, and as always, we can DEPEND on our bakers to provide the most enthusiastic...

 

avid...

 

go-getting...

 

 

passionate...

 

excited...

 

and eager...

 

Uh...

 

Well, if that fails, at least we can depend on them to add exclamation marks.

 

 

Thanks to Jodee R., Jillian L., Janet P., Matt C., Adam S., Anony M., Jessie S., & the thesaurus. Couldn't have done it without you.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

And from my other blog, Epbot:


What Can you Learn from Metadata?

Sep. 1st, 2015 06:36 am
[syndicated profile] bruce_schneier_feed

Posted by schneier

An Australian reporter for the ABC, Will Ockenden published a bunch of his metadata, and asked people to derive various elements of his life. They did pretty well, even though they were amateurs, which should give you some idea what professionals can do.

Panel Discussions and Dissent

Sep. 1st, 2015 03:00 am
[syndicated profile] accidentallyincode_feed

Posted by Cate

two bunnies in cups

Credit: Flickr / Sarah Embaby

Speaker panels can be a bit overwhelming, because there end up being so many people on stage, which makes them a special problem. We did an interesting thing for the speaker panel at 360iDev which I think is worth talking about.

Any question was supposed to be taken by only one panelist, and then there was a separate section of three people (including me!) for strong opinions. One of us was supposed to weigh in after, only if we disagreed.

I thought this was an interesting strategy because it limited the number of people speaking (a problem on larger panels) and also eliminated the dull “I agree and here’s why I agree” answer. I’m not really into arguing for the sake of arguing but it was kinda fun to be expected to disagree!

I’m moderating my first panel soon so I’m thinking about how you make things more engaging and encourage differences of opinion. This wasn’t a perfect solution (pretty sure there isn’t one) but I think there was a lot more dissent than I usually see, and that made it one of the more entertaining panels I’ve been on.

[syndicated profile] epbot_feed

Posted by Jen

For years now I've wanted to design some new Epbot pins, so I'd have something new to offer those of you who already have the original:



I thought it'd be especially fun to have the Epbot wearing different cosplays, and to debut a new design every year at Dragon Con.

WELL, since John's been having so much fun making those Epbot ad banners for CW (have you noticed?), he decided to tackle my pin wish-list. AND IT IS GLORIOUS.




John whipped these up in just two days, and is having so much fun he's designing even more as I type this. We worked together on designs and placement (ie I made him tweak a lot of stuff), but the actual Photoshop work is all John.


My favorite is the Ghostbusters one. (I came up with the green slime!)


It turns out the Star Wars font doesn't look very Star Wars-y without any Ss. (Leia seems a little plain, but keep in mind these are TINY buttons - just 1.25 inches across.)


Believe it or not, the Immortan Joe was our first design, and made us laugh WAY more than it should. It's incredibly creepy, and I don't expect many people will want one, but we got our entertainment value out of it. :D Plus I'd like to have a design for each year's biggest movie franchise, and I think Mad Max qualifies.

I'll be making as many of these as I can for DC, but I only have the material for 60 or so. So, may the best con-goers win - or, you know, find me in the crowd and ask for one.

Which reminds me: DC peeps, we're going to have a little Epbot meetup Thursday afternoon/evening from 4-6pm in the Marriot lobby, underneath the Pulse bar overhang. So if you're arriving early for DC, come say hi! I'll have pins, grins, and hugs for those that want them. (Friend me on the DC app to see my schedule and/or message me!)

For you NON-Dragon Con goers, tell me which pins you like best in the comments, and if there's enough demand, maybe I'll stick 'em on Etsy for a few bucks? Yes?

And if you have more costume suggestions, chime in with those, too! (John's working on a full-body Wonder Woman one now, and it's looking positively epic. After that, I'm making him do an Ariel. Because a seashell bra on a robot = WIN.)

UPDATE: John insisted I add Wonder Woman, so you guys can vote on her, too!

 

*****

Speaking of winners, time for this month's art winners!

The winner of little Chewbacca is: Bunnylaroo
The winner of Monsters University is: LaurenKE
And my wildcard winner is Ronja, who mentioned wanting It's A Star Wars!

Congrats, guys, and please e-mail me your mailing addresses!

[syndicated profile] bruce_schneier_feed

Posted by schneier

This is interesting research::

Whilst the fridge implements SSL, it FAILS to validate SSL certificates, thereby enabling man-in-the-middle attacks against most connections. This includes those made to Google's servers to download Gmail calendar information for the on-screen display.

So, MITM the victim's fridge from next door, or on the road outside and you can potentially steal their Google credentials.

The notable exception to the rule above is when the terminal connects to the update server -- we were able to isolate the URL https://www.samsungotn.net which is the same used by TVs, etc. We generated a set of certificates with the exact same contents as those on the real website (fake server cert + fake CA signing cert) in the hope that the validation was weak but it failed.

The terminal must have a copy of the CA and is making sure that the server's cert is signed against that one. We can't hack this without access to the file system where we could replace the CA it is validating against. Long story short we couldn't intercept communications between the fridge terminal and the update server.

When I think about the security implications of the Internet of things, this is one of my primary worries. As we connect things to each other, vulnerabilities on one of them affect the security of another. And because so many of the things we connect to the Internet will be poorly designed, and low cost, there will be lots of vulnerabilities in them. Expect a lot more of this kind of thing as we move forward.

Lord Of The Facepalms

Aug. 31st, 2015 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by john (the hubby of Jen)

Brandon wanted a Bunko-themed cake with three dice on it.

 

Danielle asked for "Linda" in white icing.

 

Francie ordered a 50th birthday cake for a friend, noting that she wanted to pick it up "today."

 

Kristin's friend ordered a cake that was supposed to read "Happy Mother's Day/Birthday" or "Happy Birthday/Mother's Day" - whichever the baker thought sounded best.

 

And finally, there were three choices of decorations on the order form: balloons, roses, or mums. Dee chose mums.

 

Thanks to Brandon M., Danielle J., Francie R., Kristin D., & D.R. for proving one does not simply order from a wreckery.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

And from my other blog, Epbot:


This Week

Aug. 31st, 2015 02:00 am
[syndicated profile] accidentallyincode_feed

Posted by Cate

redpanda

Life

Last days in Denver, making the most of the yoga pass! Managed to do a little touristing, get a hair cut (and color!) and hang out with people, which was cool. Then on to NYC where it’s been really cool to catch up with people, been hanging out with awesome technical women (10 in total) all weekend.

My new Kindle broke on a plane which was very distressing. This has always been my fear about having a Kindle. Luckily I still had my old one in my carry on. Now to try and reset it, or return it (argh).

Met the 7th man in tech I don’t hate, so I’m getting close to 10! And also a dating coach, which was eye-opening. We went through some exercises and yeah… I’m curious to see where this goes.

Work

Not as productive as I feel I need to be! Some coding and organisational stuff on the dev project, sent out a new build of Show and Hide on iOS and made a bit more progress. Also got dependency injection going throughout the Android app, which unlocks a bunch of improvements).

Media

Still reading The Elements of User Onboarding, read The Sun in Her Eyes, reading Thirteen Weddings.

Product links Amazon.

Published

A new edition of Technically Speaking is out.

On the Internet

[syndicated profile] cakewrecks_feed

Posted by Jen

Our phones have come a long way, my friends.

Almost as far as today's cake art!

(By Zoe Clark Cakes)

Who wants a slice of rotary-dial deliciousness?

 

Of course, these days our phones look more like this:

(By Celebrate With Cake)

We've also passed the point of using our phones for actual phone calls, and I for one couldn't be happier. After all, what higher calling [snerk] could there be for a phone than super-addictive PHONE GAMES?

 

Give a yell if you see your favorite! (I won't hear you, but it should liven up the experience on your end.)

(By Viorica's Cakes)

Ahh, Candy Crush, you sweet, soul-sucking time waster. How I love thee. But I think I may love this cake even more. The little candies! The swirly lollipops!

 

Oooh, or there's this one:

(By Leesin & Ween of Sugar)

That peppermint swirl trim is killing me with cute.

 

Here's another angle:

More swirly goodness - and teensy bunting! Ah!

 

Now for a game as frustrating as Candy Crush is colorful:

(By Small Town Girl Bakery)

FLAPPY BIRD.

Love how the background and cake board really make the whole design. Such a great way to add more "oomph!"

Also, would you believe John is actually really good at this game? I think he does it just to annoy me; I've never gotten past the second pipe. >.<

 

An oldie but a cutie:

(By Irina Kondratyuk)

Where's My Water!

Those rubber duckies are the stuff that squees are made of.

 

And another cutie-pie puzzle game:

(By Rosebud Cakes)

Who remembers Cut The Rope?

 

And one more, because I never knew a sugar box cutter could be this delightful:

(By Le Leccornie di Danita)

 

Here's another personal favorite:

(By Bohemia Cakes)

Plants vs Zombies! This cake is a perfect recreation of the game board, too. Why, I can almost hear the zombies' heads popping off. (Which is surprisingly adorable, btw.)

 

PvZ cakes have some of the best figure sculpting around. I want all of these:

(By Eunice Cake Designs)

Especially the Pea Shooters and grumpy Squash!

 

It turns out there's a Disney Tsum Tsum ios game, too, which is awesome, because now I can post this!

(By Guilt Desserts)

Dibs on the Donald!

(For you non-DizGeeks; Tsum Tsums are little plush dolls that look just like that.)

(And if you're a Donald lover, too, then check out my friend Darla's Donald cupcakes. Sooooo cuuuuute.)

 

Not technically a cake, but check out this incredible arrangement of oh-so-perfect Tsum Tsum macarons!

(By Le Sucre Du Patisserie)

I know we're always saying how we could never slice into the cakes on Sweets, but seriously. I could never eat these. I think I'd just coat them in epoxy and use them for decorations. Especially Tigger and Piglet.

 

And finally, the phone game to rule them all:

(By Jane Zubova, who has more geektastic gems featured here)

Angry Birds!

There are hundreds of gorgeous Angry Birds cakes out there, but this one wins the brass ring for sheer scale and creativity. Those pig carts on the back wall are blowing my mind! And look at all the tiny cakes and treats on the castle walls! Ah! SO GOOD.

 

Happy Sunday, everyone!

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

And from my other blog, Epbot:


Being Productive Offline

Aug. 29th, 2015 02:00 am
[syndicated profile] accidentallyincode_feed

Posted by Cate

shows a productivity of 89%

Rescue Time score from my flight

Normally I embrace flights as a chance to generally disconnect (who else is unenthused about in-flight wifi? Holla!). I read, sometimes I write, but I’m not too concerned about “achieving things”. Sometimes I try to find something to work on offline, typically at the last minute in the lounge and it’s not been very successful.

This last trip though… with so much going on and an 11 hour flight in business class (my travel agent got me a deal – yay!) I saw it as a chance to do some Real Work whilst disconnected. 

One thing I think we lose by living “in the cloud” is that our computers have become portals to other people’s data centres and without internet much of what we do day to day doesn’t work. So it’s important to be organised.

I finally figured out how to be effective offline.

  • In the week or so leading up to it, I started tagging things in my trello board with a label to mean that this could be done offline.
  • I organised my Google Drive, made sure things were shared with the right account (offline multi-account support is lacking) and sync’d the folders that I needed to my computer.
  • I don’t entirely trust Google Drive to work offline so I also downloaded reference things as a pdf as a backup (turns out: good decision).
  • The day before I went through my “offline” tagged things and moved them to a plain text document (Trello offline support is sketchy).
  • I collected things I needed (e.g. blog posts I’d written that I was building a talk from) with the list or in another plain text document.
  • I made sure my GitHub repos were sync’d to my laptop.

When I got on the plane I was good to go! Key things that made a difference:

  • I had a choice of things to do. Because I’d been organised I had around 5 significant projects to work on. I got through two. Turns out I was in the mood for refactoring, so I got through a bunch of coding tasks on Show and Hide, and then refreshed the slide deck for our workshop.
  • I’d identified a bunch of coding stuff that was really straight forward where I wouldn’t need to look things up.
  • I’m not usually a fan of “work on what I feel like” but having not had a huge amount of sleep, it was nice to take on a task that didn’t require me to be creative.
  • Noise cancelling headphones. I love these Bose ones (Amazon), but they are pricy.
  • Not gonna lie, being in business class. I had a little nap, and some delicious food, then feeling refreshed, I got to work.

Afterwards:

  • The slide deck I put in the Google Drive folder, the next time I connected it sync’d to the cloud and Chiu-Ki could see it. No need to remember anything!
  • Code was a little tricker. I’d done a significant refactoring and branches had built on each other. I kept a list of what order they were in, and then spent around an hour creating and reviewing my own pull requests early the next morning (yay early morning jet lag productivity).
  • I caught up Trello on what I’d got done.
  • Because I had prepped more stuff than I had got through I am covered for a bunch more time offline! A lot of it falls under important but not urgent and it’s nice to have time to focus there. My next long-ish flight, I picked up where I left off and made some more progress.
[syndicated profile] bruce_schneier_feed

Posted by schneier

Beautiful diorama.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Mickens on Security

Aug. 28th, 2015 03:58 pm
[syndicated profile] bruce_schneier_feed

Posted by schneier

James Mickens, for your amusement. A somewhat random sample:

My point is that security people need to get their priorities straight. The "threat model" section of a security paper resembles the script for a telenovela that was written by a paranoid schizophrenic: there are elaborate narratives and grand conspiracy theories, and there are heroes and villains with fantastic (yet oddly constrained) powers that necessitate a grinding battle of emotional and technical attrition. In the real world, threat models are much simpler (see Figure 1). Basically, you're either dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then you'll probably be fine if you pick a good password and don't respond to emails from ChEaPestPAiNPi11s@virus-basket.biz.ru. If your adversary is the Mossad, YOU'RE GONNA DIE AND THERE'S NOTHING THAT YOU CAN DO ABOUT IT. The Mossad is not intimidated by the fact that you employ https://. If the Mossad wants your data, they're going to use a drone to replace your cellphone with a piece of uranium that's shaped like a cellphone, and when you die of tumors filled with tumors, they're going to hold a press conference and say "It wasn't us" as they wear t-shirts that say "IT WAS DEFINITELY US," and then they're going to buy all of your stuff at your estate sale so that they can directly look at the photos of your vacation instead of reading your insipid emails about them. In summary, https:// and two dollars will get you a bus ticket to nowhere. Also, SANTA CLAUS ISN'T REAL. When it rains, it pours.

German BfV - NSA Cooperation

Aug. 28th, 2015 09:23 am
[syndicated profile] bruce_schneier_feed

Posted by schneier

The German newspaper Zeit is reporting the BfV, Germany's national intelligence agency, (probably) illegally traded data about Germans to the NSA in exchange for access to XKeyscore. From Ars Technica:

Unlike Germany's foreign intelligence service, the Bundesnachrichtendienst (BND), the domestic-oriented BfV does not employ bulk surveillance of the kind also deployed on a vast scale by the NSA and GCHQ. Instead, it is only allowed to monitor individual suspects in Germany and, even to do that, must obtain the approval of a special parliamentary commission. Because of this targeted approach, BfV surveillance is mainly intended to gather the content of specific conversations, whether in the form of e-mails, telephone exchanges, or even faxes, if anyone still uses them. Inevitably, though, metadata is also gathered, but as Die Zeit explains, "whether the collection of this [meta]data is consistent with the restrictions outlined in Germany's surveillance laws is a question that divides legal experts."

The BfV had no problems convincing itself that it was consistent with Germany's laws to collect metadata, but rarely bothered since­ -- remarkably­ -- all analysis was done by hand before 2013, even though metadata by its very nature lends itself to large-scale automated processing. This explains the eagerness of the BfV to obtain the NSA's XKeyscore software after German agents had seen its powerful metadata analysis capabilities in demonstrations.

It may also explain the massive expansion of the BfV that the leaked document published by Netzpolitik had revealed earlier this year. As Die Zeit notes, the classified budget plans "included the information that the BfV intended to create 75 new positions for the 'mass data analysis of Internet content.' Seventy-five new positions is a significant amount for any government agency."

Note that the documents this story is based on seem to have not been provided by Snowden.

[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

Authorities in the United Kingdom this week arrested a half-dozen young males accused of using the Lizard Squad’s Lizard Stresser tool, an online service that allowed paying customers to launch attacks capable of taking Web sites offline for up to eight hours at a time.

The Lizard Stresser came to prominence not long after Christmas Day 2014, when a group of young n’er-do-wells calling itself the Lizard Squad used the tool to knock offline the Sony Playstation and Microsoft Xbox gaming networks. As first reported by KrebsOnSecurity on Jan. 9, the Lizard Stresser drew on Internet bandwidth from hacked home Internet routers around the globe that are protected by little more than factory-default usernames and passwords. The LizardStresser service was hacked just days after that Jan. 9 story, and disappeared shortly after that.

The Lizard Stresser's add-on plans. In case it wasn't clear, this service is *not* sponsored by Brian Krebs.

The Lizard Stresser’s add-on plans. In case it wasn’t clear, this service was *not* sponsored by Brian Krebs as suggested in the screenshot.

“Those arrested are suspected of maliciously deploying Lizard Stresser, having bought the tool using alternative payment services such as Bitcoin in a bid to remain anonymous,” reads a statement from the U.K.’s National Crime Agency (NCA). “Organisations believed to have been targeted by the suspects include a leading national newspaper, a school, gaming companies and a number of online retailers.”

The NCA says investigators also in the process of visiting 50 addresses linked to individuals registered on the Lizard Stresser Website but who haven’t yet carried out any apparent attacks. The agency notes that one-third of those individuals are below the age of 20, and that its knock-and-talk efforts are part of its wider work to address younger people at risk of entering into serious forms of cybercrime.

According to research published this month, the Lizard Stresser had more than 176 paying subscribers who launched more than 15,000 attacks against 3,907 targets in the two months the service was in operation.

For more information about how to beef up the security your Internet router, check out the “Harden Your Hardware” subsection in the post Tools for a Safer PC.

Further reading:

Stress-Testing the Booter Services, Financially

Story Category: DDoS-for-Hire

Finnish Decision is Win for Internet Trolls

Who’s In the Lizard Squad?

Crooks Use Hacked Routers to Aid Cyberheists

Spam Uses Default Passwords to Hack Routers

Friday Favs 8/28/15

Aug. 28th, 2015 01:01 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

Heather asked her bakery if they could add a unicorn to her cookie cake.

They said - and this is a direct quote - "Yes."

"YES."

So just so we're clear: the professional baking people said yes, they could add a unicorn to Heather's cookie cake.

NOOOOOOOOO

 

"Little did the princesses know that directly above their heads..."

"... lurked the tragically misunderstood tentacle volcano optometrist.

 

I hear it ain't easy.

 

"Hey Sal, this drunk melting blue cat just isn't weird enough, you know? Anything else we can add?"

AHA! Pirate chest hat!
PERFECT.

 

Occasions That Call For Sh*t Balloons:

- Your First Hemorrhoid
- Anniversary of Your First Hemorrhoid
- Someone Else Asked About Your Hemorrhoid
- The Hemorrhoid Cream Worked!
- Your Boss's Birthday

 

Thanks to Heather C., Marie S., Chris H., Joy J., & Michele A. for the crappy occasions.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

And from my other blog, Epbot:


[syndicated profile] epbot_feed

Posted by Jen

Time for another month's best art finds! I spotted almost all of these during Tampa Bay Comic-Con.



"San"

 "Spider-Gwen"

 "Mononoke Hime Inspired Deer God"

Absolutely gorgeous. Prints come in a huge variety of sizes & materials, and start at just $10 in Biggers Etsy shop.


I'm a big fan of papercutting, so John and I spent a while ogling The Paper Pony's booth:


These are made by a husband-and-wife team, and we ended up chatting with the hubs, Brian, quite a while. Super sweet guy. Their pieces start at $35 for the individually framed ponies up there, and go up to $100 for this insanely intricate Wind Waker design:


As their name suggests they make LOTS of different MLP art, but there are plenty of other fandoms, too, from Mario to Buffy to Totoro. Go see their Etsy shop for the rest!


"Inked Belle" by Joel Santana

LOVE her tattoos. And check out little Chip!

Joel does sell prints, but it looks like his online shop is down for maintenance right now. Maybe watch his Facebook page for updates?

Oh, and I talked John into buying that print at Tampa Comic-Con, but he was so embarrassed - and still is - that I don't think he'll ever hang it up. So you guys MAY be getting a new prize option on the give-away board later. ;)


Fantastic colors from Luis Santiago, aka Pertheseus:

 

You can see all of his work on DeviantArt, and he sells some prints here on Redbubble. (You can also follow him on Facebook!)


Iron Giant by Kalli LeFav:

I bought a small version for the board, but you can buy larger sizes here, starting at $15.

I couldn't find the other two prints I got from Kalli on any of her various sites, which is frustrating. (I find most artists have an average of 4-6 different websites/social media accounts, each with a different assortment of art. It... gets really confusing. :/)

Anyhoo, here's a low quality scan of my favorite of hers:

 Isn't it gorgeous? You can follow Kalli on Facebook, and see more of her prints in this online store.


New droid print from my friend Christie Cox:

This and her other prints are just $5! Here's her Etsy shop for the rest.


Will Pigg also has some STUNNING paper art, including these intricate hand-cut silhouettes:
 
He frames them between two pieces of glass, so the white sections are actually clear. 

 They have an elegant, almost art nouveau feel. Love.

Check out all the tiny details in this Princess Bride one:

The papercuttings are $45 at Will's Etsy shop - or more, if you want them framed.

Oh! And Will also paints! John fell for this sad, crooked little TARDIS, and had to buy a print:

Small prints start at just $10. Go see the rest!


Erich Schoenholtz is a new artist with some fun, retro-styled comic posters:




Really punchy in person, especially in large sizes. Erich doesn't sell online yet, so I bought the Cap one for the give-away board. Give Erich a follow on Facebook, and while you're at it, tell him to open an online shop!


Some pretty watercolors by Jessica Thomas:


These prints start at just $3! 

Her ACEOs are also quite drool-worthy:
 
So... tempted....

Lots more goodies - from bookmarks to stickers to pins - in Jessica's Etsy shop.


I had to buy these 2 poster prints from James Mascia:


See why? :)

Lots more in his DeviantArt Gallery, but sadly James doesn't sell his art online. Those two are going on the give-away board, though, so at least you can win them here!


For you parents, here's something fun from the Epbot P.O. Box: David Zobel sent me his new "Monsterbet" book:



Really delightful stuff, and there are a few bonus coloring pages at the end of the book.
Then David sweetened the surprise by including this:
AWW YEAAAAH, monstrous EPBOT! Woot woot!

You can buy prints of David's monsters, plus his book, PLUS custom name plates like mine, here at his website.


I've featured Katrina of Kicking Cones before, but she's come out with some fabulous new (to me) pieces. In fact, John and I kept coming back to buy more of her stuff! John got this for his man cave:
And I got this one:
I don't usually go for words on art, but this one socked me right in the gut. Love it.

Katrina likes to combine two of my favorite things: cuteness, and PUNS:

Where my math nerds at?

 We got this one on a coffee mug for a friend:
 And this happens to be the only print in Katrina's Etsy shop for some reason. Uh... Katrina? MOAR PLS.


And finally, an original marker sketch we picked up from Kit Steele:

This was just an ink sketch at first, and Kit actually never intended for him to look like Figment. Isn't he the spitting image, though? So we asked her to add some Figmenty colors. :)

Kit doesn't sell online, but she goes to LOTS of conventions. Give her a follow on Facebook to keep up.


Phew, lotta art this month! Hope you guys enjoyed. Now, as always, comment below for a chance to win your choice of art from my Pinterest Art Give-Away Board!

In addition to my one wildcard winner, I'll ALSO be choosing 2 winners for these original pieces of art:


So if you like either (or both!) of these, let me know in your comment so I can enter you in the extra drawings.

Winners will be randomly selected in a few days, and internationals are always welcome. Happy commenting! 

****


UPDATE: The giveaway has ended!

The winner of little Chewbacca is: Bunnylaroo
The winner of Monsters University is: LaurenKE
And my wildcard winner is Ronja, who mentioned wanting It's A Star Wars!

Congrats, guys, and please e-mail me your mailing addresses!
 
[syndicated profile] female_cs_feed

Posted by Gail Carmichael

This blog post originates from the Heidelberg Laureate Forum Blog. The 3rd Heidelberg Laureate Forum is dedicated to mathematics and computer sciences, and takes place August 23-28, 2015. Abel, Fields, Turing and Nevanlinna Laureates will join the forum and meet 200 selected international young researchers.

I've long had a special interest in computer science education. I recently worked as a full time lecturer for two years, and I have been designing and delivering outreach initiatives for more than seven. So when it came time to request interviews with this year's HLF Laureates, John Hopcroft, who created one of the world's first computer science courses, caught my attention.

I began our conversation by introducing my interests in education, and right away Hopcroft pointed out that there is so much talent distributed around the world, but that educational opportunities are not so widely available. This has been in the case in China, for example, where Hopcroft has been working; he says their educational system needs help, and they know it. Of course, improving education everywhere is important. Hopcroft points out that as we move more and more into an intellectual economy, we need to better prepare our workforce.

John Hopcroft during his lecture at #hlf13 ©HLFF // C.Flemming - All rights reserved 2013

For me, this means ensuring that we educate everyone with at least the basics of computing. Right now, the field of computer science is not very diverse. For example, in the United States, according to the National Centre for Women & Information Technology, only 18% of computer and information science bachelor degrees went to women in 2013, and women made up only 26% of the computing workforce. Hopcroft suggests that one factor in a rather complicated issue is that women seem to want to help people, while men are satisfied by learning more abstract things. This idea validates my own theory that many men are often happy to primarily learn about the tools of computing (code, hardware, etc) for the sake of it, while women tend to want to know what you can do with these tools.

So what was the diversity like in Hopcroft's very first computer science class? Understandably, he wasn't really aware of diversity at the time. After all, there was enough to worry about, like figuring out how to teach one of the world's first courses on computer science despite having a background in electrical engineering. Ed McCluskey asked Hopcroft to teach the course, and in doing so, Hopcroft found himself becoming one of the world's first computer scientists. This lead him to be at the top of the list whenever anyone needed a computer scientist for, say, an important committee, thus giving him opportunities that for most disciplines wouldn't be possible until close to retirement. Hopcroft admitted he feels lucky for the way things worked out, and credits Ed for making it possible.

After learning that Hopcroft's first courses covered automata theory, I wanted to know what he thought the best computer science teachers do more generally. He told me he went into teaching because of the impact his many world-class teachers had on him at every stage of his education – he wanted to do the same. To be a great educator, he told me, it is not about the content, which anyone can specify. The single most important thing is to make sure your students know you care.

I was curious what Hopcroft thought of recently proposed active learning techniques like peer instruction and flipped classrooms. He said he didn't have any experience with them, so couldn't really comment. However, he did reveal that he still uses the blackboard during lectures – that way, he can change his lecture on the fly according to student needs. I pointed out that this could be considered a form of active learning, as there would be a feedback loop in the classroom. He did point out that techniques like the flipped classroom have some hidden concerns. For example, one must consider the credit hours a course is worth. If you are shifting what was done during lecture into videos or reading ahead of time, are you adding more pressure to the students' time?

I quite enjoyed my conversation with Hopcroft, and will leave you with some advice that he gives his students. Don't focus on what your advisors have done in their careers; their work was done in an era where the focus was on making computer systems useful. Look instead to the future, when we will be focussing on doing useful things with computers.


[syndicated profile] krebsonsecurity_feed

Posted by BrianKrebs

The FBI today warned about a significant spike in victims and dollar losses stemming from an increasingly common scam in which crooks spoof communications from executives at the victim firm in a bid to initiate unauthorized international wire transfers. According to the FBI, thieves stole nearly $750 million in such scams from more than 7,000 victim companies in the U.S. between October 2013 and August 2015.

athook

In January 2015, the FBI released stats showing that between Oct. 1, 2013 and Dec. 1, 2014, some 1,198 companies lost a total of $179 million in so-called business e-mail compromise (BEC) scams, also known as “CEO fraud.” The latest figures show a marked 270 percent increase in identified victims and exposed losses. Taking into account international victims, the losses from BEC scams total more than $1.2 billion, the FBI said.

“The scam has been reported in all 50 states and in 79 countries,” the FBI’s alert notes. “Fraudulent transfers have been reported going to 72 countries; however, the majority of the transfers are going to Asian banks located within China and Hong Kong.”

CEO fraud usually begins with the thieves either phishing an executive and gaining access to that individual’s inbox, or emailing employees from a look-alike domain name that is one or two letters off from the target company’s true domain name. For example, if the target company’s domain was “example.com” the thieves might register “examp1e.com” (substituting the letter “L” for the numeral 1) or “example.co,” and send messages from that domain.

Unlike traditional phishing scams, spoofed emails used in CEO fraud schemes are unlikely to set off spam traps, because these are targeted phishing scams that are not mass e-mailed. Also, the crooks behind them take the time to understand the target organization’s relationships, activities, interests and travel and/or purchasing plans.

They do this by scraping employee email addresses and other information from the target’s Web site to help make the missives more convincing. In the case where executives or employees have their inboxes compromised by the thieves, the crooks will scour the victim’s email correspondence for certain words that might reveal whether the company routinely deals with wire transfers — searching for messages with key words like “invoice,” “deposit” and “president.”

On the surface, business email compromise scams may seem unsophisticated relative to moneymaking schemes that involve complex malicious software, such as Dyre and ZeuS. But in many ways, the BEC attack is more versatile and adept at sidestepping basic security strategies used by banks and their customers to minimize risks associated with account takeovers. In traditional phishing scams, the attackers interact with the victim’s bank directly, but in the BEC scam the crooks trick the victim into doing that for them.

Business Email Compromise (BEC) scams are more versatile and adaptive than more traditional malware-based scams.

Business Email Compromise (BEC) scams are more versatile and adaptive than more traditional malware-based scams.

In these cases, the fraudsters will forge the sender’s email address displayed to the recipient, so that the email appears to be coming from example.com. In all cases, however, the “reply-to” address is the spoofed domain (e.g. examp1e.com), ensuring that any replies are sent to the fraudster.

The FBI’s numbers would seem to indicate that the average loss per victim is around $100,000. That may be so, but some of the BEC swindles I’ve written about thus far have involved much higher amounts. Earlier this month, tech firm Ubiquiti Networks disclosed in a quarterly financial report that it suffered a whopping $46.7 million hit because of a BEC scam.

In February, con artists made off with $17.2 million from one of Omaha, Nebraska’s oldest companies — The Scoular Co., an employee-owned commodities trader. According to Omaha.com, an executive with the 800-employee company wired the money in installments last summer to a bank in China after receiving emails ordering him to do so.

In March 2015, I posted the story Spoofing the Boss Turns Thieves a Tidy Profit, which recounted the nightmarish experience of an Ohio manufacturing firm that came within a whisker of losing $315,000 after an employee received an email she thought was from her boss asking her to wire the money to China to pay for some raw materials.

The FBI urges businesses to adopt two-step or two-factor authentication for email, where available, and/or to establish other communication channels — such as telephone calls — to verify significant transactions. Businesses are also advised to exercise restraint when publishing information about employee activities on their Web sites or through social media, as attackers perpetrating these schemes often will try to discover information about when executives at the targeted organization will be traveling or otherwise out of the office.

Consumers are not immune from these types of scams. According to a related advisory posted the FBI today, in the three months between April 1, 2015 and June 30, 2015, the agency received 21 complaints from consumers who suffered losses of nearly $700,000 after having their inboxes hijacked or spoofed by thieves. The FBI said it identified approximately $14 million in attempted losses associated with open FBI investigations into such crimes against consumers.

[syndicated profile] adulting_feed

There is nothing worse than being lost in a kitchen. Also, this way you can be like, “Yeah, help yourself to anything, feel free to cook!”

This is also useful if your significant other doesn’t approve/refuses to learn your unorthodox yet totally valid kitchen organizational plan (ahem, David.)

image

Iranian Phishing

Aug. 27th, 2015 12:36 pm
[syndicated profile] bruce_schneier_feed

Posted by schneier

CitizenLab is reporting on Iranian hacking attempts against activists, which include a real-time man-in-the-middle attack against Google's two-factor authentication.

This report describes an elaborate phishing campaign against targets in Iran's diaspora, and at least one Western activist. The ongoing attacks attempt to circumvent the extra protections conferred by two-factor authentication in Gmail, and rely heavily on phone-call based phishing and "real time" login attempts by the attackers. Most of the attacks begin with a phone call from a UK phone number, with attackers speaking in either English or Farsi.

The attacks point to extensive knowledge of the targets' activities, and share infrastructure and tactics with campaigns previously linked to Iranian threat actors. We have documented a growing number of these attacks, and have received reports that we cannot confirm of targets and victims of highly similar attacks, including in Iran. The report includes extra detail to help potential targets recognize similar attacks. The report closes with some security suggestions, highlighting the importance of two-factor authentication.

The report quotes my previous writing on the vulnerabilities of two-factor authentication:

As researchers have observed for at least a decade, a range of attacks are available against 2FA. Bruce Schneier anticipated in 2005, for example, that attackers would develop real time attacks using both man-in-the-middle attacks, and attacks against devices. The"real time" phishing against 2FA that Schneier anticipated were reported at least 9 years ago.

Today, researchers regularly point out the rise of "real-time" 2FA phishing, much of it in the context of online fraud. A 2013 academic article provides a systematic overview of several of these vectors. These attacks can take the form of theft of 2FA credentials from devices (e.g. "Man in the Browser" attacks), or by using 2FA login pages. Some of the malware-based campaigns that target 2FA have been tracked for several years, are highly involved, and involve convincing targets to install separate Android apps to capture one-time passwords. Another category of these attacks works by exploiting phone number changes, SIM card registrations, and badly protected voicemail

Boing Boing article. Hacker News thread.

Open Belly, Insert Foot

Aug. 27th, 2015 01:00 pm
[syndicated profile] cakewrecks_feed

Posted by Jen

Friends, countrypersons, CCC-makers (ptooie!):

I've tried to be reasonable.

I've tried to show you the appetite-killing effects of edible mommy bodies:

I've tried to show you the cannibalistic undertones, the disturbing ramifications, and the flat-out creepiness of neck stumps and booby slices.

I've even shared with you the horror stories of raspberry fillings, plastic baked-in babies, and mock C-sections!

All to no avail.

And now - NOW - bakers are adding an homage to the scariest scene in Ghostbusters. Because that scene with the demon dogs pressing their faces through the door? [sing-song] A-DOR-ABLE!

Quick! GET OUT OF THE ARMCHAIR, DANA!!

 

Sure, they might have started out small...

"Aw, lookit da cutesy-wootsy lil' foot sticking out! Haha! So sweet!"

 

...but it wasn't long before bakers were pushing the boundaries of what anyone could stomach.

Literally.

(Also, ow.)

 

And because more is ALWAYS better...

"Leeeet ussss ooooouuuut!!"

 

...it wasn't long before the laws of physics went completely out the window:

Sweet mercy, woman, TELL ME you're getting an epidural.

 

So I ask you, fellow citizens, are we to stand for this? Or will we put our foot down, stop toeing the line, and kick belly cakes to the curb once and for all?!

Hey, wait a second. You just saved these photos to your "inspiration" folder, didn't you, bakers? YOU'RE NOT EVEN LISTENING TO ME, are you??

Oh, fine. Just send me photos when you're done, and we'll call it even.

 

Thanks to Amy U., Elizabeth M., Alanna E., Amanda R., Mary V., & Holly T. for today's belly laughs.

*****

Thank you for using our Amazon links to shop! USA, UK, Canada.

And from my other blog, Epbot:


[syndicated profile] female_cs_feed

Posted by Gail Carmichael

This blog post originates from the Heidelberg Laureate Forum Blog. The 3rd Heidelberg Laureate Forum is dedicated to mathematics and computer sciences, and takes place August 23-28, 2015. Abel, Fields, Turing and Nevanlinna Laureates will join the forum and meet 200 selected international young researchers.

The Anita Borg Institute is a non-profit organization "on a quest to accelerate the pace of global innovation by working to ensure that the creators of technology mirror the people and societies who use it." For many years, ABI has supported women in technology through programs like the Grace Hopper Celebration of Women in Computing and through research.

One of ABI's initiatives is called Systers, originally a mailing list for women in systems computing and now a community for all women in technology. Today, Systers donate money to help supportPass-It-On Awards, "intended as means for women established in technological fields to support women seeking their place in the fields of technology." Each award winner has a moral obligation to somehow pass the benefits of the award on, broadening the its impact.

One of this year's Pass-It-On winners is Foghor Tanshi, a Nigerian researcher currently teaching at the Federal University of Petroleum Resources. Tanshi received financial support for travel to this year's Heidelberg Laureate Forum, where she hopes to launch her research career.

I asked Tanshi a few questions about her involvement with computer science, and would like to share some of her answers here.

Image courtesy of Foghor Tanshi

Gail Carmichael: Why did you get interested in computer science?

Foghor Tanshi: Because it is a field that easily finds application in a variety of other fields of endeavour. This particularly appeals to me because I enjoy applying my knowledge to new challenges.

GC: What is your research area? What made you interested in it?

FT: I have broad interests in machine learning applications in natural language processing and robotic motion and vision. This was inspired by the most basic need for machines – they make work easier. I am therefore interested in these interconnected research areas because they enable the development of collaborative and assistive technologies for humanity, e.g language-based teaching aids, human-robots collaborative manufacturing systems, etc.

GC: You also have an interest in computer science education. Can you tell me more about that?

FT: I am presently a computer science educator and plan to continue for most of my life because I am interested in inspiring – by any available means – more students (especially female Nigerian students) to use its techniques to solve problems. This is because of the fact that computer science tends to play an important role in the achievement of flexible solutions.

GC: What made you want to come to HLF?

FT: As one pursuing a career in research, it promises an opportunity to network and acquire vital information from Laureates in computer science and mathematics that would launch the next stage of my career. It would also provide an opportunity to share my research and meet potential collaborators, partners, mentors and friends.

GC: What was the role of the Systers Pass-It-On award in your ability to attend HLF?

FT: The Systers PIO enabled me make pre-travel and travel arrangements towards attending the forum.

GC: What are you most looking forward to at HLF?

FT: To re-live several years of knowledge and experience through the laureates. This would mean learning as much as possible within a short period of time; wisdom (for navigating a research career) that they acquired in a lifetime.



Profile

terriko: (Default)
terriko

August 2015

S M T W T F S
      1
2345678
91011121314 15
161718 19202122
23242526272829
3031     

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Sep. 2nd, 2015 11:44 pm
Powered by Dreamwidth Studios