Gordon And Mike's ICT Podcast

The National Center for Optics and Photonics Education, OP-TEC, is a consortium of two-year colleges, high schools, universities, national laboratories, industry partners, and professional societies funded by the National Science Foundation’s Advanced Technological Education (ATE) program. The participating entities of OP-TEC have joined forces to create secondary-to-postsecondary as well as returning adult “pipelines” of highly qualified and strongly motivated students and to empower two-year colleges to prepare technicians in optics and photonics.

Hacking Car Anti-collision Systems, August 28, 2016 A group of researchers presenting at this month’s Def Con hacker conference showed how they were able to trick Tesla's sophisticated anti-collision sensors to make a car hit an object it would normally detect in its path. Before we start on the cars – you went to Def Con this year Mike – how was it? So let’s get to the cars now – who did this research? The group consisted of Chen Yan, a PhD student at Zhejiang University, Jianhao Liu, a senior security consultant at Qihoo 360, and Wenyuan Xu, a professor at Zhejiang University and The University of South Carolina. So can you give a quicker overview of what they did? They discovered methods for "quieting" sensors to diminish or hide obstacles in a car's path, "spoofing" them to make an object appear farther or closer than it actually is, and jamming, which, Yan said, renders the sensor useless as it's "overwhelmed by noise." Could this be done now? I mean, if someone is driving a Tesla or any other car with this kind of sensor technology, should they be concerned? It's important to note that the demonstration was a proof-of-concept that did not mimic real-world conditions today. Researchers were working on cars that were usually stationary with what was sometimes very expensive equipment. They noted that the "sky wasn't falling." But the experiment suggests that theoretically, a few years from now, somebody could make a device that could jam certain sensors in a nearby car. Can you talk about these sensors a little more? There are a number of sensors on a Tesla Model S that are used for a variety of functions. It has radar to detect objects in front of it, GPS for location tracking, and cameras to detect speed limit signs and lane markings, for example. As the talk showed, many of these things can be tricked by a determined attacker. Is it just Tesla people need to be concerned about? Much of their presentation focused on the Tesla Model S, but they also successfully jammed sensors on cars from Audi, Volkswagen, and Ford. So what kinds of systems were they jamming? Cars with ultrasonic sensors Cars with parking assistance The Tesla Model S with self-parking and summon Let’s talk a little more about what they were able to demonstrate. In a video demonstrating an attack, the researchers jammed sensors in the rear of the Model S, so the car did not know it was about to hit a person standing behind it. In another, they "spoofed" its Autopilot to trick it into thinking it would drive into something that was not actually there. You mentioned they talked about using lasers – can you give any details? They also used off-the-shelf lasers to defeat the onboard cameras, and, in one of the most low-tech demonstrations, they wrapped objects up in cheap black foam that rendered them invisible to the car's sensors. What kind of feedback did they get from the manufacturers? Yan said after the talk that Tesla reacted positively when they disclosed their research, and it was researching ways to mitigate these types of attacks. "They appreciated our work and are looking into this issue," he said. So, in summary what are the auto makers concerned about after this presentation? Realistic issues of automotive sensor security Big threat to autonomous vehicles (present and future) Attacks on ultrasonic sensors Attacks on Millimeter Wave (MMW) Radars Attacks on cameras Attacks on self-driving cars Where can people get the full Deaf Con presentation? It's available at Def Con’s website https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/DEFCON-24-Liu-Yan-Xu-Can-You-Trust-Autonomous-Vehicles.pdf Reference: http://www.businessinsider.com/defcon-tesla-jamming-spoofing-autopilot-2016-8            

Q: Could you tell us a little about how this research began? A: Actually in 2013 Flavio Garcia, a computer scientist at University of Birmingham, and a team of researchers were about to reveal a vulnerability in the ignition of Volkswagen cars that allowed them to start the car and drive off without a key. This vulnerability was present in millions of VWs. Q: You say “about to reveal”? A: Yes, they were sued, which delayed the publication of the work for 2 years. They used that time to continue their research into vulnerabilities with VW cars. Q: So did they find anything new? A: They sure did. The paper they just published identifies flaws not only with the ignition system, but also with the keyless entry system. Q: How many cars are we talking about? A: The researchers claim that every Volkswagen sold since 1995 is affected. The estimate is nearly 100 million cars! Q: Which cars are affected? A: There are two distinct attacks – one impacts Audi and Škoda cars; the other Alfa Romeo, Citroen, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot. Q: Do they provide any details of the attack? A: They use radio hardware to intercept signals from the victim’s key fob, using the intercepted signals to clone the key. They started with software defined radio connected to a laptop, but have moved to a small $40 setup that includes an Arduino board with an attached radio receiver. Q: How concerned should we be? A: Of the two attacks, the one targeting Volkswagen cars is most concerning because (1) there is no indication to the drivers that they’ve been compromised, (2) one a single button press needs to be intercepted. Q: Why is the security weak? A: It turns out that millions of Volkswagen vehicles share a single cryptographic key. Using the hardware we described earlier, researchers capture another key unique to the target vehicle that is transmitted every time the button on the key fob is pressed. By combining these two key, the researchers can clone the key fob. A single interception and the car is “owned”. Q: So it’s that easy? A: Not quite that easy. A few caveats. The attacker has to be within 300 feet of the car. The shared key is not quite universal. The shared key may change based on the model of the car and the year. Also, the internal components where the shared is extracted from may be different. Q: So the key’s not universal. That’s good, right? A: Yes, except that the 4 most common keys are used in nearly all the 100 million Volkswagen’s sold in the past 20 years. Q: So should listeners sell their Volkswagens? A: No, not yet. The researchers have not revealed where the shared key is stored, but a determined hacker could reverse engineer the keys and publish or sell them. And a newer locking system, used in the VW Golf 7 and other models, uses unique - not shared - keys and it his immune to these attacks. Q: You mentioned that there are two attacks. What’s the second? A: The second technique exploits flaws in a common cryptographic scheme called HiTag2 that is used in millions of vehicles. Q: How does this attack work? A: The hardware setup is similar to the previous attack. One big difference is that you don’t need to extract any internal keys from the car. You do have to intercept more codes from the target key fob - eight codes specifically. These codes include a rolling code number that changes with every button press. Q: Sounds a lot like cracking a WEP key on a wireless network. A: It is. In fact, the researchers suggest jamming the key fob so that the driver has to repeatedly press the button. Essentially generating more traffic to capture. Similar to a so-called replay attack used to help speed up the cracking of WEP keys. Q: Why not just updated the encryption scheme? A: It turns out the HiTag2 crypto system is hard coded into chips made by semiconductor company NXP. According to NXP HiTag2 is a legacy security algorithm - 18 years old. Since 2009, they have introduced new, more advanced algorithms, but car makers have been slow to transition to these new chips. Q: So attackers can unlock the car. Can they steal the car? A: While these attacks focus on the key fob and unlocking the car. Other research - even these researchers previous work - focuses on exploiting vulnerabilities in the ignition system and bypassing so-called immobilizer systems that are intended to prevent the car being driven without the key fob present. Combining these attackers, it would be possible to steal the car. In fact, there is already evidence of sophisticated digitally-enable car thieves using mysterious “black box” devices to steal cars. Q: So what should car owners do? A: Car owners can’t fix the vulnerabilities, so there’s little they can do to avoid these sort of attacks. If you’re concerned about someone cloning your key fob (1) don’t leave valuables in the car, (2) avoid using the key fob at all.

References: http://www.usatoday.com/story/tech/gaming/2016/07/15/beginners-guide-pokmon-go/87133450/ http://www.theregister.co.uk/2016/07/19/hacker_46_months_db_breach/  

Title: 4K Ultra High Definition Television  Introduction High definition has meant 1080p (1,920 by 1,080) resolution for years now, and it's ready for an upgrade. That's where 4K, also called ultra high-definition, or UHD, television comes in. 4K is finally a mature, accessible technology. In this podcast we take a close look at UHD 4K technology referencing a PC Magazine post.   Updates  First some continued bad news on the security front … Businesses pay $100,000 to DDoS extortionists who never DDoS anyone – Dan Goodin http://arstechnica.com/security/2016/04/businesses-pay-100000-to-ddos-extortionists-who-never-ddos-anyone/ Out-of-date apps put 3 million servers at risk of crypto ransomware infections – Dan Goodin http://arstechnica.com/security/2016/04/3-million-servers-are-sitting-ducks-for-crypto-ransomware-infection/ Now for a little good news … Petya Ransomware's Encryption Defeated and Password Generator Released – Lawrence Abrams http://www.bleepingcomputer.com/news/security/petya-ransomwares-encryption-defeated-and-password-generator-released/ http://arstechnica.com/security/2016/04/experts-crack-nasty-ransomware-that-took-crypto-extortion-to-new-heights/ NSA Launces 2016 GenCyber Camps https://www.gen-cyber.com Questions: What Is 4K? How Is 4K Different Than 1080p?  What if you have a 4K TV but not any 4K content? What About HDR? What 4K TVs Are Out There Now? Is There Even Any 4K Content You Can Watch? Do You Need 4K?  Reference: http://www.pcmag.com/article2/0,2817,2412174,00.asp

Questions we try to answer in the podcast: 1. What is the difference between an Engineering Technology degree and a Bachelor of Science in Engineering? 2. Can you also get an AS or AAS degree in Engineering Technology at a Community College? 3. What is the career path for an Engineering Technology degree holder versus a Bachelor of Science in Engineering? 4. What should you be doing in high school if you are interested in an Engineering Technology or Bachelor of Science in Engineering degree? 5. What courses will you likely take in college if you pursue an Engineering Technology degree? 6. What courses will you likely take in college if you pursue a Bachelor of Science in Engineering degree? 7. What interests are common to engineering technology degree and engineering bachelor of science degree pursuers? Reference: https://floridapolytechnic.org/engineering-technology-degree/

Intro On Wednesday, March 30, 2016 the Federal Communications Commission (FCC) started a three-year process of making our mobile internet even faster and better. The government is buying underused TV airwaves and selling it to mobile carriers for billions of dollars. These radio waves—also known as spectrum—will shape mobile US connectivity as streaming video continues to swallow up bandwidth across the country and as we inch closer to 5G internet speeds. In this podcast, we discuss the auction process. Updates Ransomware Evolution is Really Bad News ­ - Angela Alcorn Recently, 10 hospitals in Maryland operated without access to their central network because their domain servers were locked by a ransomware known as Samsam http://www.makeuseof.com/tag/ransomware-evolution-is-really-bad-news-microsoft-edge-will-intelligently-pause-flash-tech-news-digest/ Victims paid more than $24 million to ransomware criminals in 2015 — and that's just the beginning – Dan Turkel The DOJ revealed that the Internet Crime Complaint Center (IC3) had received nearly 7,700 public complaints regarding ransomware since 2005, totaling $57.6 million in damages. Those damages include ransoms paid — generally $200 to $10,000, according to the FBI — as well as costs incurred in dealing with the attack and estimated value of data lost. In 2015 alone, victims paid over $24 million across nearly 2,500 cases reported to the IC3. http://www.businessinsider.com/doj-and-dhs-ransomware-attacks-government-2016-4  Adobe issues emergency update to Flash after ransomware attacks – Jim Finkle Adobe Systems Inc (ADBE.O) issued an emergency update on Thursday to its widely used Flash software for Internet browsers after researchers discovered a security flaw that was being exploited to deliver ransomware to Windows PCs. The software maker urged the more than 1 billion users of Flash on Windows, Mac, Chrome and Linux computers to update the product as quickly as possible after security researchers said the bug was being exploited in "drive-by" attacks that infect computers with ransomware when tainted websites are visited. http://www.reuters.com/article/us-adobe-systems-cyber-ransomware-idUSKCN0X502K Spectrum How about the auction, What’s spectrum? The way it is being used here, by the FCC - Spectrum is really just a fancy term for radio waves, a specific portion of the electromagnetic spectrum. What’s going on with T-Mobile? T-Mobile wants to stop that from happening, saying AT&T and Verizon already control three-fourths of low-band frequencies. Who else is interested in spectrum? Comcast, Charter, and Dish Network, Google (?) How is this auction being setup? TV broadcasters by Tuesday April 5 must have made official their intentions to accept the FCC's opening price for the rights to the spectrum they currently use for digital TV broadcasts.  Who is bidding and how much money are we talking about? AT&T, Verizon, T-Mobile, Comcast, Dish Network, etc Can you describe the spectrum being auctioned and what will be done with it? The FCC expects that bidders will provide new wireless services using that spectrum, which is in the 600 MHz band and currently used for UHF TV channels. The characteristics of UHF that make it good for TV also work well for wireless communications and data delivery -- the waves can travel great distances and pass through buildings. So what happens if a TV station sells its spectrum? TV broadcasters have the choice of moving to a lower-frequency spot on the spectrum, sharing signals with a neighboring station or giving up broadcasting altogether. Does the FCC know which stations are going to sell? While some stations have made their intentions to participate in the reverse auction public, the FCC is not able to announce what percent of the 1,800 eligible TV stations are involved, because of confidentiality protections within the 2012 Congressional action that led to the auction. What if a station sells? Are they out of business? As the FCC reorganizes spectrum allocations after the auction, some TV channels may need to be reassigned during the 39-month transition period. Any reassignment requires that the FCC preserve stations' current audience and geographical reach. For more information about the incentive auction, visit the FCC web site http://www.fcc.gov/ You mentioned some big provider names – can you give more details? Currently, the top four nationwide providers - Verizon, AT&T, Sprint and T-Mobile - combined hold more than 80% of available wireless spectrum. AT&T is expected to spend at least $10 billion on the auction, with Verizon to spend from $8 billion to $10 billion, and T-Mobile between $6 billion and $10 billion. Zino did not estimate Comcast or Dish's spending. Why do we need more spectrum? Video takes up 50 percent of all US mobile data and will likely grow to 70 percent in 2021, which is when this rearranged spectrum will go into use. Because video requires more over-the-air bandwidth than other types of data, these bigger lanes will open up the possibility for applications we haven’t even thought of yet. These lower-frequency bands will play a role in 5G. In much the same way that 700 MHz paved the way for America’s world-leading deployment of 4G, so could 600 MHz accelerate U.S. deployment of 5G.” How fast will 5G go? 5G standards have yet to be defined. In October 2014, Samsung Electronics set the first record by achieving a wireless speed of 7.5Gbps in tests at its DMC R&D Centre at Samsung Electronics in Suwon, South Korea. But in November 2014, the record was beaten by the University of Surrey's 5G Innovation Centre (5GIC), which was founded by a host of telecoms industry partners, including Fujitsu, Aircom, BT, Samsung, Telefonica, Vodafone, Aeroflex and Rohde & Schwarz, as well as the BBC. 5GIC achieved a speed of 0.8 terabits (800Gbps) in its tests. Then on 25 February 2015, it beat its own record by hitting 1Tbps, which is currently the world record. How about 5G distance? So far, the most impressive test has been that of Huawei and NTT DoComo, who achieved mobile internet speeds of 3.6Gbps outdoors across the city of Chengdu in Sichuan Province, China in October 2015. Will there be enough participation? Good question, there's some concern that not enough stations planned to participate in this latest auction. Only one in ten broadcasters expressed an interest in selling its spectrum in discussions in advance of the auction, according to tech consulting firm the Envisioneering Group. Time will tell. Bits and Bytes Why The FBI Director Puts Tape Over His Webcam  – Andy Greenberg FBI Director James Comey gave a speech this week about encryption and privacy, repeating his argument that "absolute privacy" hampers law enforcement. But it was an offhand remark during the Q&A session at Kenyon College that caught the attention of privacy activists: "I saw something in the news, so I copied it. I put a piece of tape — I have obviously a laptop, personal laptop — I put a piece of tape over the camera. Because I saw somebody smarter than I am had a piece of tape over their camera." http://www.npr.org/sections/thetwo-way/2016/04/08/473548674/why-the-fbi-director-puts-tape-over-his-webcam The Senate’s Draft Encryption Bill Is ‘Ludicrous, Dangerous, Technically Illiterate’ – Martin Kaste On Thursday evening, the draft text of a bill called the “Compliance with Court Orders Act of 2016,” authored by offices of Senators Diane Feinstein and Richard Burr,  was published online by the Hill.1 It’s a nine-page piece of legislation that would require people to comply with any authorized court order for data—and if that data is “unintelligible,” the legislation would demand that it be rendered “intelligible.” In other words, the bill would make illegal the sort of user-controlled encryption that’s in every modern iPhone, in all billion devices that run Whatsapp’s messaging service, and in dozens of other tech products. http://www.wired.com/2016/04/senates-draft-encryption-bill-privacy-nightmare/ SpaceX Landing https://www.youtube.com/watch?v=lEr9cPpuAx8

On March 31st, 2016 the US Computer Emergency Readiness Team or US-CERT released alert TA 16-091A titled “Ransomware and Recent Variants”. Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it. Already in 2016, destructive ransomware variants such as Locky and Samas were observed infecting the computers of individuals and businesses – even hospitals and healthcare facilities. The purpose of this Alert is to provide further information on ransomware, its main characteristics, its prevalence, variants that may be proliferating, and how users can prevent and mitigate against ransomware. References: https://en.wikipedia.org/wiki/Ransomware_(malware) https://www.us-cert.gov/ncas/alerts/TA16-091A 

We’ve hear the term “big data” used a lot lately. The term itself makes us thing about lots and lots of information. Sure there’s lots of information but what most important to an organization is what is done with the data. In this podcast we take an introductory look at what big data is, discuss how it is being used, and refer to an excellent document at SAS.com

As part of a National Science Foundation grant received by the Educational Development Corporation in Massachusetts, Mike and I have been involved with a group of small business social media experts from around the country defining a step-by-step social media process for Social Technology Enabled Professionals. These small business people build, maintain, manage and leverages online social networks to engage with customers, business partners, employees and key influencers with the goal of building organizational success.  In this podcast, we cover part one of the first duty and discuss some of the tasks involved. 

All businesses and organizations desire greater engagement with their audiences. However, many are not leveraging the social media platforms that allow for the best opportunities for engagement. From static postal flyers, electronic newsletters to a lack of regular communication, engagement becomes difficult. Social media platforms call for regular, sustained communications and conversations between the businesses/organizations and their audiences. Blogs allow for that engagement by allowing readers to comment on postings, share links and/or rate postings. Some blogs allow for other interaction functionality like including a poll in a posting. On Facebook and Twitter engagement, in the form of “like,” comment, and re-tweet, is much more the norm than perhaps on blogs. This podcast will briefly introduce the listener to a three tiered social media strategy approach: .    1)  Primary (Blog or similarly organized content on an organizational website) .    2)  Secondary (Platforms such as YouTube, Instagram, Pinterest, etc that can deliver supportive content 
to the primary platform via hyperlink) .    3)  Broadcast (Platforms such as LinkedIn, Facebook, Twitter which can aggregate audiences 
and are engagement friendly) Social media platforms call for regular, sustained communications and conversations between the businesses/organizations and their audiences. Given the explosion of new media platforms and social media networks during the past few years, there is significant justification for all businesses and organizations to adopt strategies to leverage these platforms more effectively.    

Mike and Gordon discuss current topics.  Referenced Links: Seinfeld clip http://www.youtube.com/watch?v=Ia02fGpUQfU Online Classes See Cheating Go High-Tech http://chronicle.com/article/Online-Courses-Can-Offer-Easy/132093/ Facebook Will Disappear by 2020, Says Analyst http://mashable.com/2012/06/04/analyst-facebook-disappear/ Museum of Endangered Sounds http://savethesounds.info/ The Mechanics and Meaning of That Ol' Dial-Up Modem Sound http://www.theatlantic.com/technology/archive/2012/05/the-mechanics-and-meaning-of-that-ol-dial-up-modem-sound/257816/#.T8kgIfaSL7k.twitter An Honest Review of the Samsung Galaxy Nexus http://www.amazon.com/review/R3FWF2X2CYKJ1/ See You Later WiMAX http://www.gordostuff.com/2012/06/see-you-later-wimax.html

Mike and Gordon discuss current topics.  Referenced Links: http://www.gottabemobile.com/2012/05/10/verizon-homefusion-uses-4g-lte-to-complete-last-mile-nationwide/ http://www.cariloha.com/eSource/Cariloha/ecom/eSource/default/default.aspx http://www.ted.com/talks/marcin_jakubowski.html http://translate.google.com/translate?hl=en&sl=fr&tl=en&u=http%3A%2F%2Fchameaudacier.free.fr%2Fmoto2.html

Rumors are that Apple is planning on incorporating support for the new faster 802.11ac Wi-Fi specification into products this year. In this podcast we discuss the 802.11ac and other wireless specs. We discuss the following questions: - So, what’s the deal with this 802.11ac? - These 802 dot whatever standards - where do they come from? - So this 802.11ac is considered non-finalized. what does that mean? - I seem to get interference from things like wireless home phones. I know spectrum is involved. - So if I set my access point to run at 5GHz, will all my devices work? What do i need to understand to make it work? - What about range? You mentioned range limitations at 5 GHz. - Are there any ways to extend the range? I’ve heard about something called MIMO. - You mentioned 802.11a which is pretty old. Is the use of 5 GHz new? - When will we see 802.11ac products on the market? - What kinds of products from Apple? What are people saying? - What do you mean when you say potentially for the mobile devices? Along with the Superbowl!

This is Gordon's December 2, 2011 presentation for a series of mobile boot camps being run by  The Commonwealth Alliance for Information Technology Education (CAITE); and the Boston-Area Advanced Technological Education Connections (BATEC) at the University of Massachusetts. High school students take a day at locations across Massachusetts, working with faculty and business/industry people to learn how to program, design, and market mobile apps using mobile programming platforms. Students will also have an opportunity to enter an app programming contest to be sponsored by BATEC in the spring.

Back in September I had the chance to interview Troy Swanson, an Associate Professor / Teaching and Learning Librarian at Moraine Valley Community College in Palos Hills, IL. In the interview we discussed a paper he published with Public Service Librarian Jeremy Green, also at Moraine Valley Community College. Here's the abstract from that paper published at ScienceDirect. In the Fall of 2009, the Moraine Valley Community College Library, using guidelines developed by Jakob Nielsen, conducted a usability study to determine how students were using the library Web site and to inform the redesign of the Web site. The authors found that Moraine Valley's current gateway design was a more effective access point to library resources than a mock-up site which incorporated a central-search box on the site homepage. This finding stands in contrast to the observed trends of library Web site design that emphasizes a “Googlized” search. Troy's findings are very interesting, especially if you are managing/mdifying an existing site or are considering creating one. Here's the links Troy refers to in the podcast. The Next Level (Blockbuster article)by James Surowiecki http://www.newyorker.com/talk/financial/2010/10/18/101018ta_talk_surowiecki useit.com: Jakob Nielsen's Website http://www.useit.com/ The Googlization of Everything (book review) http://www.googlizationofeverything.com/   Why We Are Not Google: Lessons from a Library Web site Usability Study http://www.sciencedirect.com/science/article/pii/S0099133311000280 (link to Elsevier's Science Direct)

In this episode, we discuss a wide range of topics, including:  - The Jesters denial of service attack on the Westboro Baptist Church website. - How one might prevent such attacks - The seizure of domain names by the Department of Homeland Security - The treatment of Bradley Manning - Google and bugs in Flash - A 16-year old girl that may have hacked HBGary  - Skype and encryption data leaks and, finally - How the events in Japan may effect iPad2 availability. Layer 7 Denial of Service attacks: th3j35t3r's assault on Westboro Baptist Church Website Continues https://www.infosecisland.com/blogview/12400-Assault-on-Westboro-Baptist-Church-Website-Continues.html Live Performance Report for Westboro Church Website: four sites held down 24 days from a single 3G cellphone:  http://uptime.netcraft.com/perf/graph?site=www.godhatesfags.com Defense techniques: Protecting a Web server with a Load-Balancer  http://samsclass.info/124/proj11/proj15-haproxy.html Protecting a Web server with mod_security (a Web Application Firewall) http://samsclass.info/124/proj11/p16-mod-security.html Protecting a Web server with iptables (a firewall) http://samsclass.info/124/proj11/p5x-iptables-layer7.html Westboro Spoof for a Good Purpose http://www.godhatesjapan.com/ -------------------------------------------------------------------------------- DHS siezure of domain names: Web seizures trample due process  http://arstechnica.com/tech-policy/news/2011/03/ars-interviews-rep-zoe-lofgren.ars -------------------------------------------------------------------------------- Bradey Manning's Continuing Abuse in Captivity Ellsberg on Obama’s View that Manning’s Treatment is “Appropriate” http://www.ellsberg.net/archive/ellsberg-obama-manning WH forces P.J. Crowley to resign for condemning abuse of Manning http://www.salon.com/news/opinion/glenn_greenwald/2011/03/13/crowley -------------------------------------------------------------------------------- Google and Flash Bugs Google first to patch Flash bug with Chrome update http://www.computerworld.com/s/article/9214689/Google_first_to_patch_Flash_bug_with_Chrome_update -------------------------------------------------------------------------------- "Anonymous" Hacker Speaks Is This The Girl That Hacked HBGary?  16 years old, and in hiding for a felony http://blogs.forbes.com/parmyolson/2011/03/16/is-this-the-girl-that-hacked-hbgary/ -------------------------------------------------------------------------------- Skype Encryption Leaks Data Uncovering spoken phrases in encrypted VoIP conversations http://www.cs.unc.edu/~fabian/papers/oakland08.pdf -------------------------------------------------------------------------------- Shortages of Apple's iPad and iPhone to bleed into June quarter -- caused by Japan's disasters http://www.hackinthebox.org/modules.php?op=modload&name=News&file=article&sid=40531&mode=thread&order=0&thold=0

In December at the Convergence Technology Center's Winter Retreat at Collin College in Frisco Texas, John had the chance to shoot an IPv6 (Internet Protocol version 6) workshop given by Sam Bowne, from City College of San Francisco. Here's the 35 minute and 47 second Part 1 of the 4 part series.  

In this podcast, Mike Qaissaunee, Sam Bowne and Gordon Snyder discuss recent HB Gary and Aaron Barr news, Verizon Wireless Voice over LTE, along with a recent WiFi Breakthrough. Here's some of the questions we discuss and answer in the podcast: Gordon: Sam any new news on the HBGary/Anonymous situation? Mike: Sam, I see Anonymous has released decompiled Stuxnet code - what does that mean? What's the difference between soucre and a decompiled binary? Sam: Gordon, you wrote something about Verizon and Voice over LTE - could you tell us about that? Mike: Sam, one of my former students got a letter from his ISP after download a movie from a torrent site. #1 What do you have to say about the legal and ethical issues of what he's doing? and #2 How could he better anonymize his connection? Gordon: Mike - you've been writing about Qwiki.com and Khan Academy this past week. Your thoughts? Gordon: Mike, you had a student point me too some interesting WiFi research being done at Stanford University. Can you describe?                                        

Gordon talks with Dr Troy Swanson, an Associate Professor / Teaching and Learning Librarian at Moraine Valley Community College in Palos Hills, IL. In December Troy completed his PhD in Community College Leadership at Old Dominion University. His dissertation was titled The Administration of Community College Blogs: Considering Control and Adaptability in Loosely Coupled Systems. In the podcast, Troy discusses some of his findings.Here’s some dissertation background from Troy:Web 2.0 technologies present an unlimited potential for outreach to the public by college employees. This presents a conundrum for community college administrators that David Weinberger calls "the conundrum of control." This conundrum is that organizations need to find a way to organize people around technology to ensure that it is used to further the organization’s mission. Yet, in terms of 2.0 technologies, the more controls that are put in place, the less useful the tools become.  There is also a second conundrum around technology that challenges mangers. This is that the more controls that are in place around a technology, the easier it is to communicate and transfer that technology across the organization. But, the more difficult it is for organization members to adapt the technology to meet new needs. As one of oldest form of 2.0 technology, the management of blogs presents lessons that we can use for other, newer, 2.0 technologies. I interviewed administrators and blog authors at community colleges across the US to see how colleges were managing their blogs. The focus was on administrative blogs as opposed to course-related or faculty blogs that discussed their research.  The larger purpose of the study was to see how easily the technology could adapt to new needs and whether campuses were restricting the use of blogs. What kinds of guidance were campus leaders giving to bloggers who were representing the college? The study’s findings offer a peak into how the administrative structures of community colleges impact technology and Web 2.0. Links:Troy’s Email: swanson@morainevalley.edu Troy on Twitter: http://twitter.com/t_swanson Moraine Valley Library Link (includes blogs, podcasts, Facebook, etc): http://www.morainevalley.edu/library/                        

We talk with Sam Bowne from City College of San Francisco about how a man tracked down Anonymous and paid a heavy price, Stuxnet, The Jester and how U.S. Chamber lobbyists solicited and used hackers.  Links: How one man tracked down Anonymous—and paid a heavy price http://goo.gl/5Gkyy  US Chamber’s Lobbyists Solicited Hackers To Sabotage Unions, Smear Chamber’s Political Opponents  http://goo.gl/zI9gp  US Chamber’s Lobbyists Solicited Firm To Investigate Opponents’ Families, Children http://goo.gl/uyWB8        

Last week at the Convergence Technology Center's Winter Retreat at Collin College in Frisco, Texas Sam Bowne from City College of San Francisco gave a brief description and update on the Wikileaks "situation" thus far. Here's Sam's excellent 16 minute and 51 second presentation.  

Tim Frick at Mightybytes recently talked with Inc. Magazine journalist Minda Zetlin about how people are using Twitter. Zetlin had recently featured Frick in an article titled Secrets of Highly Effective Twitter Users. After that conversation, Frick wrote his own piece titled 10 Tips For Maximizing Your Twitter Account In this podcast, we review and comment on Frick’s ten tips. Before we discuss these tips, we also discuss some recent events in technology including:The FCC and net neutralityThe iPad and Macbook Air The Rockmelt Browser that integrates social media into your browser.Tim Wu's book The Master Switch: The Rise and Fall of Information EmpiresThe London School of Business and Finance Global M.B.A. - they are offering an MBA through a Facebook applicationHere’s the 10 Twitter tips we discuss: Tip 1. 125 or less. Don’t max out characters. Tip 2: Make the most of search functions. Tip 3: Follow the right people Tip 4: Trends and hashtags Tip 5: Content strategy Tip 6: Use URL shorteners Tip 7: Don't stop at text Tip 8: #NewTwitter Tip: Got TubeMogul Tip 9: Find old Tweets. Tip 10: Alert Yourself Be sure to check out Frick’s excellent book Return on Engagement: Content, Strategy, and Design Techniques for Digital Marketing.

In this podcast we discuss Erik Eckel's 10 Best IT Certifications for 2010 post along with Mike's recent blog posts on IT certifications.            

This is our third network security podcast with Sam Bowne, Professor of Computer Networking and Information Technology from City College of San Francisco.  We continue our discussion with Sam sharing his thoughts on security and providing us with a snapshot of some of the latest and greatest developments in the field of network security. In the Podcast we discuss - among other things: A living bot army control center. IE and Firefox: http://krebsonsecurity.com/2010/05/revisiting-the-eleonore-exploit-kit/  The recent Google I/O conference which Sam attended. At the conference Sam got a couple of phones one of which (a Droid)he is awarding as a prize in an IPv6 contest:  http://samsclass.info/ipv6/droid-contest.html  The Hurricane Electric IPv6 Certification program:  http://bit.ly/d4cRAK Sam also discussed and provided a few more IPv6 related links: IPv6 Panel: http://tinyurl.com/2746v7f   IPv6 Summit in Denver: http://tinyurl.com/23mu7u2   IPv6 Certification: http://ipv6.he.net/certification/   IPv6 Tunnels: http://www.tunnelbroker.net/   Excellent slides explaining IPv6 for beginners: http://www.openwall.com/presentations/IPv6/ Sam's IPv6-only Web page here: http://samsclass6.info -- you won't see it with plain old IPv4 at all.An excellent discussion with Sam!  

Joomla! is a popular open source content management system (CMS), that enables you to build Web sites and powerful online applications. Last week I had the chance to discuss Joomla! with Natasha Goncharova and Tamar Schanfeld from TNR Global.

On Monday (5/2/10) Mike Q and I recorded a podcast titled Cloud Computing Technologies. The podcast references a couple of Infoworld.com documents that I think you will find interesting: A short white paper written by Eric Knorr and Galen Gruman titled What does Cloud Computing Really Mean A 21-page document titled Cloud Computing Deep Dive Report This Deep Dive report breaks down cloud computing into 11 categories and goes into more detail than the shorter white paper. What's really interesting is the categories are different in each document. You can see where the confusion lies when it comes to defining what cloud computing is. Here's the 11 cloud technologies we discuss: Storage-as-a -service Database-as-a-service Information-as-a-service Process-as-a-service Application-as-a-service (a .k .a . software-as-a-service) Platform-as-a-service Integration-as-a-service Security-as-a-service Management-/governance-as-a-service Testing-as-a-service Infrastructure-as-a-service We also discuss the CloudCamp event (great places to get info and meet people involved in cloud technologies) we hosted at Springfield Technical Community College last month and how you can get information on CloudCamps in your area.

On Sunday (4/25/10) Mike Q shared his initial impressions after some hands-on time with an iPad. Mike does a great job describing the device along with some of his favorite applications for the device. Here’s some of the questions he answers: So Mike you broke down and got an iPad - which one did you get? Why only 16 gig? So how long have you had it? So give us some of your impressions. How is the battery life? What about the screen? What about the keyboard? How much is the case? Did you get any other peripherals? Can you connect it to a projector for presentations? Have you been to the app store? What are some of your favorites so far? What do iPhone apps look like on the iPad? OK, how about some apps? Let's start with the iWork suite. So what's your assessment of these apps? What about Keynote? Have you moved your Kindle content over? And, speaking of the Kindle – I know you have a first generation one – how do they compare as a reader? What about some quick hits on some apps that you've found interesting ?  Does it have a GPS radio? Have you tried out any of the location based applications? What about some quick hits on some apps that you've found interesting ? What’s up with Israel banning iPads? Mike also provided a few screen shots from the device: Here's a screen shot of a dictionary lookup created on the iPad. Here's an OmniGraffle example created on the iPad.   Here's a Penultimate example created by Mike on the iPad.   Note: After we recorded the podcast, the Israeli Government lifted the ban on the WiFi iPad.

On Tuesday, we did our second network security podcast with Sam Bowne, Professor of Computer Networking and Information Technology from City College of San Francisco. We had a nice discussion with Sam sharing his thoughts on security and providing us with a snapshot of some of the latest and greatest developments in the field of network security. Here’s some of the questions we asked Sam: In our last conversation you mentioned that you got a BS and PhD without ever graduating high school. A number of listeners were amazed that you were able to do this and wanted more details – for example did you get a GED? Did you take the SATs? Mike sent over an article on password cracking – did you see anything interesting in that article? It’s been over a month since we last spoke. You had mentioned the PWN 2 OWN contest and were also planning to attend some training. Could you tell us the outcome of the contest and anything interesting you learned in your training? Any interesting news in network security exploits or defenses in the last month? Sam discusses a number of things in the podcast including: Lifehacker password-guessing Web of Trust Firefox (and Chrome)Extension NoScript Firefox Extension IPv4 Address Exhaustion Wikileaks Sam's class content, email and lots of other great stuff can be found at http://samsclass.info/ Check him out - one of the best!      

Femtocells are just starting to be deployed in a broad range of applications with major network operators announcing rollouts in the USA, Europe and Asia.  They are basically small cellular base stations that people can put in their homes or businesses. They connect using a broadband connection (DSL, Cable, Fiber, etc) in the home or business. ABI Research forecasts that the total femtocell market in 2010 will reach 2.3 million units, and will exceed 45 million within five years. In this podcast we take a look at this emerging communications technology.Here's some of the questions we discuss and answer: What are femtocells? How many phones can they support? Are products currently available? Let’s pick one and dig a little deeper on the device features. How about AT&T since it is the newest offering. So, you need to have a broadband connection on the site in place? Why is there a GPS radio in a Femtocell device? What about Femtocell Quality of Service or QoS? Are the Sprint and Verizon products 3G like AT&T’s? What about pricing? Is there a monthly fee? So, we had talked about the problem Mark was having with lack of cellular signal in his home and office. Would one of these in his home and another in his business solve his problem?  

In this podcast, we’d like to introduce Dr Sam Bowne – Professor of Computer Networking and Information Technology from City College of San Francisco. Gordon and I have known or known of Sam since 2004. Sam is a tremendous classroom instructor bringing his extensive expertise in and passion for networking and network security to his students and his colleagues. Sam is also generous with his knowledge, making his lectures and classroom materials available to anyone who wants to learn. In what we hope will be a recurring role, Sam joins us today to share his thoughts on security and provide us with a snapshot of the latest and greatest developments in the field of network security. Here's some of the questions Sam answers: 1. Sam you have a BS and a PhD in Physics – how did you end up in networking and security? 2. You’ve been at CCSF since 2000 – what classes do you teach? 3. Ethical hacking? Sounds like an oxymoron – what do you mean by ethical hacking? 4. I know you’ve taken some of your students to DEFCON in Las Vegas. This conference of hackers is probably unlike anything our listeners have ever attended. Could you tell us a little about it? 5. Are most of the attendees self-taught or do they attend formal classes? 6. In terms of recent developments (threats, security solutions, and research), what’s been on your radar screen lately? 7. Sam how do you keep up with all of this information? 8. What about your own skills and knowledge? How do you keep these up-to-date? 9. If a student is interested in learning more about networking – in particular securing a network, how would you advise them to get started? What sort of characteristics – in a student – would make them a good candidate for this type of work? 10. Now for something from a chat session with a student: my twitter account was hacked :( -- maybe i should hop on that security course just for some personal safety do you, yourself actually keep different passwords for everything? i'm freaked out and want to differentiate all my passwords but, that's crazy! What advice can you give my studemt? Sam's class content, email and lots of other info can be found at http://samsclass.info/ Check him out!!  

In our last podcast we discussed the past 20 years and how things have changed when it comes to broadband and cellular wireless service. In this podcast we provide an update on 4G services including LTE and WiMax. I know we’re seeing Voice over IP services in our homes over wired connections. How about the wireless industry? LTE is considered a fourth generation wireless technology - correct? What's the history with LTE? How did it get started? How about some LTE performance details? Besides just bandwidth (whish is nothing to ignore), what would you consider to be the big difference between LTE and earlier technologies? So, LTE is faster and in a way similar. Could you summarize some of the major features? Now, WiMAX is a little different than LTE but still considered 4G. Can you explain? Wasn't WiMAX originally proposed as a stationary technology? But now WiMAX supports mobility? How would you describe WiMAX architecture? So, how would you compare WiMAX, LTE and 3G? So, we talked about Mark's dilemma in the podcast before this. Do you think 4G will help him?

In this podcast we take a look at the emergence of broadband and wireless technologies over the past 20 years. Mike: What lead to this podcast? Gordon: It was an email from a colleague of ours - Mark at the MATEC NSF center. Here’s what he said: I  was reading this PC Magazine article on why Apple stayed with AT&T (not happy about that since AT&T really stinks in Phoenix on coverage – if I remember correctly, one of the worst coverages and signals here.  In fact, Sprint is really the only company that works well by the mountains (where I live and work).  But the article stated: CDMA, the way Verizon and Sprint are doing it, is a dead end. Apple hates dead-end technologies. They look forward, not back. Remember how they got rid of floppy disks earlier than any other PC manufacturer? The current CDMA technology that Sprint and Verizon use still has some years of life left on it, but it's not where wireless is heading. Ok, so CDMA is dead.  But what is 4G?  And is all 4G using GSM?  Sprint is starting to advertise here of their 4G network.  I know 4G is faster.  But where is wireless going?  Is Sprint’s 4G the same as all the other’s 4G.   Ok, so hopefully this is a blog topic for you, but if not, I think you for the time on your answers.  Oh yeah, any idea when AT&T would go to 4G? Have a great day,              Mark from Arizona Before we tried to answer Mark's questions we thought it would be a good idea to take a look first at where we’ve been over the past 20 years or so with a follow-up podcast on 4G technologies.    

We had the honor of having Dr Karl Kapp keynote the second day of the Winter 2010 ICT Educator Conference held the first week of January in San Francisco. Karl is a professor of Instructional Technology, author, speaker and expert on the convergence of learning, technology and business.  His background teaching e-learning classes, knowledge of adult learning theory and experience training CEOs and front line staff provides him with a unique perspective on organizational learning. Karl teaches graduate-level courses on topics of virtual learning worlds, e-learning applications and the business of e-learning at Bloomsburg University and consults with Fortune 500 organizations on implementing virtual learning worlds and learning technologies. He is author of four books including, Gadgets, Games and Gizmos for Learning and Learning in 3D: Adding a New Dimension to Enterprise Learning and Collaboration, co-authored with Tony O'Driscoll.  Karl's keynote was delivered at the beautiful San Francisco Microsoft facility (Thanks Microsoft!) and titled Leveraging Virtual Worlds, Web 2.0 and Smart Phones for Educational Excellence. Here's a description of the presentation: Are your classroom interactions designed to teach the new breed of learner - a learner raised on a steady diet of video games, electronic gadgets, and the Smartphones? Wondering how to integrate new technologies into your classroom? Can't imagine why anyone would want video games and Twitter in the classroom? Learn how the consumer-based gadgets, games and web widgets are changing community college education forever. The influence of games, virtual worlds and Web 2.0 on learning preferences, expectations and collaboration is just now becoming visible and is profoundly impacting community colleges. Learn how to leverage this technology for educational excellence. See examples of virtual worlds teaching science, iPods teaching basic chemistry, simulations teaching aircraft testing, and gadgets increasing student interactions in the classroom. Want to see more of Karl - check out his blog at www.karlkapp.blogspot.com    

In this podcast we discuss the emerging threat of steganography in voice over IP. This is really interesting - is it something that is already happening? Currently, this seems to be confined to research labs. The primary reference for this podcast is an IEEE Spectrum article by three professors - Józef Lubacz, Wojciech Mazurczyk & Krzysztof Szczypiorsk - at Warsaw University of Technology. This is part of their ongoing research, as part of the Network Security Group, to identify emerging threats and develop countermeasures. Before we delve into this new topic, lets provide the audience with a little background. First what is steganography - sounds like a dinosaur? Yeah - the Stegosaurus. I'm not sure how or if the two are related; we'll leave that one for the Paleontologists in the audience.  Steganography is something that has been around a long time - some say as far back as 440 BC. While encryption takes our message and scrambles it, so that an unintended recipient cannot read it, steganography attempts to hide or obscure that a message even exists. The researchers refer to steganography as "meta-encryption." Another useful analogy they use is to refer to the secret message and the carrier within which it is hidden. Can you give us some examples? If we start in ancient times, we can point to examples of shaving a messengers head, tattooing a message on their head, letting the hair grow back and sending them off. Other examples include using invisible ink or even writing on boiled eggs with an ink that penetrates the shell and can be read by peeling the egg. Simon Singh's "The Code Book" is a great read that details the history of encrypting and obscuring information.  What about some more modern examples? When we refer to modern steganography we are usually referring to digital steganography. Digital steganography takes advantage of digital data by (for example) hiding a message within  images, audio, or video files. In this case the image, audio or video file is the carrier. The larger the file (image, audio or video) the larger message it can carry. The researchers contend that a single 6-minute mp3 audio file, say roughly 30 megabytes in size, could be used to conceal every play written by Shakespeare.    So how does this work? Say you and I wanted to communicate using steganography. We would each download one of the hundreds of freely available stego apps. You would take a fairly innocuous image file, use the software to embed a message into that file, and send me the altered file. To anyone else, this would just look like a photo you're sharing with a friend, but because I know there's a hidden message, I open with the same stego app and read the hidden message. You could also add a password to further protect the message. So how do we stop this? This is a specialized field called "steganalysis." The simplest way to detect a hidden message is to compare the carrier file - our innocuous image - to the original. A file that is larger than the original is a red flag. This of course presupposes that you have access to the original file. In most cases, this will not be the case, so instead, we look for anomalies. Is the audio file significantly larger than a 3-minute audio file should be? We can also use spectrum analysis or look for inconsistencies in the way the data has been compressed.  How would spectrum analysis help? Some steganography techniques try to take our digital data and modify the least-siginificant bit. In our digital data the LSB often just shows up as noise and doesn't effect the image, audio, or video quality. A spectrum analyzer would help us to compare the "noise" in an unaltered sample and to try and identify anomalies.   Wow - that's scary stuff. What about Voice over IP[is this part OK]? Voice over IP or ("voype") is a transmission technology that enables us to deliver voice communications over IP networks such as the Internet. This is an alternative to using the traditional PSTN or public switched telephone network for voice communications. In VoIP, we take our analog voice signal convert it to a digital signal and "chop" it up into smaller pieces called IP packets. These packets are sent over our data network and reassembled at the destination.  To understand packet-switched networks, consider the US Postal system – our packets are analogous to postal letters or parcels, numbered, sent across a network and re-assembled at the receiving end. Packets do not follow the same path from source to destination and may even arrive out of sequence. In VoIP, it's more important that we transmit our data quickly, so we forego the numbering or sequencing.   So what about this new class of steganography? One of the disadvantages of existing techniques is the size limitation of the carriers. If someone tries to put to large a message into an audio file, it becomes easier to detect. With VoIP, our message is hidden among the packets - even bits - of voice data being transmitted. In a sense, older technologies used a digital file as the carrier, while these new, emerging techniques use the communication protocol itself as the carrier. The size of the hidden message is only limited by the length of the call. While detecting a hidden message in a physical file is not trivial, the difficulty of finding a hidden message increases an order of magnitude when there is no physical file to examine. The researchers are calling this new class of steganography - "network steganography." So how does network steganography work? The researchers have developed three methods that all manipulate the IP or Internet Protocol and take advantage of the fact that this is a connectionless and unreliable protocol. Network steganography exploits errors (data corruption and lost packets) that are inherent in the Internet Protocol. What are the three methods? The three methods or flavors of network steganography that the researchers have developed are: LACK or Lost Audio Packet Steganography HICCUPS or Hidden Communication System for Corrupted Networks, and Protocol Steganography for VoIP Briefly, LACK hides a message in packet delays, HICCUPS disguises a message as noise, and Protocol Steganography uses unused fields in the IP protocol to hide information. So let's talk a little bit more about each - first LACK. VoIP traffic is very time sensitive - if a voice packet (about 20 milliseconds of conversation) is delayed, we can continue our conversation without significantly effecting the call quality. Once the delayed packet does arrive at the receiver, it's already too late; the packet is useless and is either dropped or discarded. That's the way VoIP is designed to work. LACK intentionally delays some packets and adds the "steganograms" in these intentionally delayed packets. To an unintended recipient, these packets appear to be late and are discard, but to the party you're communicating with they are retained and decoded to extract a hidden message. LACK is a simple technique that is hard to detect. What about HICCUPS? HICCUPS works on wireless local area networks and takes advantage of corrupted packets. Normally, in a wireless network, we check for corrupted data by examining the checksum of a received packet. If the checksum doesn't match what we expect, we discard the packet. HICCUPS hides our message - the steganograms - in these seemingly "corrupted" packets. Unintended recipients will discard these packets, but our cohort knows to look for these "corrupted" packets and to retain and examine them. This method is difficult to use, because it requires a NIC card that can generate incorrect checksums. It is also difficult to detect. Okay what about Protocol Steganography? Here, we're hiding our message in the actual header fields of the IP packet. In particular, we're hiding information in unused, optional or even partial fields. To make it even harder to detect, we could use fields that frequently change. So, should we be worried? I don't think so. The majority of the steganography applications seem to be focused on altering images, which appears to be the easiest form of steganography. While the techniques these researchers have developed are technically feasible, I'm not sure that they're easily implemented. There has been lots of speculation regarding terrorist organizations using steganography to communicate however, no one has been able to document that this has actually happened. That said, I have no doubt that these groups are exploring ways to mask their communications and that the NSA has developed and uses a wide arrays of tools and countermeasures for steganography.

On January 14, 2010 we hosted Online Impact 2010 in the Springfield Technical Community College (STCC) Technology Park. This was the second business and industry Online Impact event held at STCC - we had the first one in June 2009. Both events focused on the use of social media sites like Twitter, LinkedIn and Facebook to reach out to customers and prospects. We had an excellent half-day of panels and workshop sessions that focused on social media tips and tactics. This podcast is a recording of the first panel, moderated by Dave Sweeney from viz-bang.com. I won’t introduce the panelists – Dave does it as part of the podcast. We’re already planning the next Online Impact event – watch our website at ictcenter.org for details.

In this podcast, Setta McCabe from WTCC 90.7 FM and Gordon talk about social media on her weekly radio program. During the show they discussed blogging, Twitter, Facebook, LinkedIn and other social media applications. This is a recording of the interview. We’ve left Setta’s intro and exit pieces but have removed the public service announcements. Setta is great - and the interview was a lot of fun. We hope you enjoy listening.                      

Maybe "decibel" is not part of your normal vocabulary but it is a term we all occasionally read or hear used. Typically it has to do with noise levels - we use decibels to describe loud or soft sounds. US government research even suggests a safe exposure sound limit of 85 decibels for eight hours a day. We frequently hear the term but - have you ever wondered what a "decibel" really is? We take a look in this podcast.

Mike and Gordon discuss the Barnes and Noble Nook and compare it to the Amazon Kindle.

Intro: Twitter has become a household word for many of us - just like Google , YouTube , MySpace and Facebook (among others) have in the past. Chris Brogan (in this video) even calls Twitter his "central nervous system". We first podcast on Twitter almost two years ago. In this podcast we take an updated look at Twitter. Two years is a long time ago it seems. Probably one of the biggest things in my arsenal is my iPhone today. Two years ago the iPhone did not exist. What's changed in two years with Twitter? What are some of your favorite apps? What's up with all this Twitter following - how should we be handling?I've been hearing the term "jump the shark" recently when some discuss Twitter. What does that mean? I notice a lot of business people using Twitter, maybe it has jumped the shark. What are they doing? How are business people using it? So, lots of people seem to be giving Twitter a try but how do we know who has actually drank the kool-aid and has become a daily Twitter user? Before we talk about numbers, The Influential Marketing Blog has put together something called the 5 stages of Twitter Acceptance. We talk a lot about impact when it comes to grants - can you explain what that means?So, what's the interest in things like Twitter?What are some Twitter measurement tools? We've come across a couple of tools that attempt to measureTwitter - a web-based application called Twitter Grader and another called Twinfluence . Twitter Grader is interesting but there is not a lot of detail. Can you discuss Twinfluence? Didn't Twinfluence at one time try to measure efficiency? So, Twinfluence attempts to measure more things. How does it compare to Twitter Grader? What about spam?So, what did this guy do? How do metrics applications handle these spammers? What can be done to prevent Twitter manipulation? Are there any other Twitter based applications we should be looking at? We should see applications like these improve? So, has Twitter jumped the shark yet?

At the National Science Foundation sponsored Information and Communications Technologies (ICT) combined (The Mid Pacific Center for ICT and The National Center for ICT ) winter conference last month held at the City College of San Francisco, I had the opportunity to interview three key members of the Cisco Systems Packet Tracer Team - Dennis Frezzo, Isaac Majerowicz and Mark Chen. Packet Tracer is a network simulator used by hundreds of thousands of Cisco Networking Academy students around the world. Recently, Packet Tracer version 5.1 was released - here's so info from an FAQ on the product found on the Packet Tracer website:Packet Tracer (PT) 5.1 is a comprehensive, networking technology teaching and learning  program that offers a unique combination of realistic simulation and visualization experiences, assessment and activity authoring capabilities, and opportunities for multiuser collaboration  and competition. Innovative features of the PT 5.1 software will help students and teachers  collaborate, solve problems, and learn concepts in an engaging and dynamic social environment. Some of the benefits of Packet Tracer 5.1 are as follows: Provides a realistic simulation and visualization learning environment that supplements classroom equipment Enables multiuser, real-time collaboration and competition for dynamic learning  Enables authoring and localization of structured learning activities such as labs,  demonstrations, quizzes, exams, and games Empowers students to explore concepts, conduct experiments, and test their understanding Allows students and teachers to design, build, configure, and troubleshoot networks using  virtual equipment  Supports a variety of teaching and learning tasks such as lectures, group and individual  labs, homework, and competitions  Supports integration with external applications through an API to enhance the functionality  of Packet Tracer in areas such as curriculum and assessment delivery, games, accessibility,  and interfacing with real equipment.  In the interview, the team describes the Packet Tracer product. Part 1 and part 2 of the interview are shown below: I'm really excited about version 5.1 - especially when you consider the user base. The ability to integrate Packet Tracer 5.1 with external applications will provide some innovative academic and training solutions. You can find out more about the Cisco Network Academy and Packet Tracer here.

The Mid-Pacific Information and Communications Technologies (MPICT) Center is a recently funded National Science Foundation (NSF) – Advanced Technological Education (ATE) Regional Center hosted by City College of San Francisco (CCSF). MPICT's mission is to coordinate, promote and improve the quality and availability of ICT education in a region consisting of Northern California, Northern Nevada, Southern Oregon, Hawaii and the Pacific Territories. Current Regional Partners include: Ohlone College , Santa Rosa Junior College , Cabrillo College and Foothill College. We've had a great relationship with Pierre, James and CCSF and were fortunate to get them on camera to talk about MPICT at the 2008 SAME-TEC Conference. MPICT is off to a great start under the leadership and direction of Pierre and James. Contact them for more information at www.mpict.org

German graduate students Erik Tews and Martin Beck have discovered an exploitable hole in WPA, a popular wireless encryption protocol. This week, Tews will present a paper on the topic at the PacSec conference in Tokyo. In this podcast Mike Qaissaunee and I discuss wireless network security and this newly discovered WPA hole. Here's a list of questions asked during the podcast: Where is the information for this podcast coming from? Why is this important? So, we've now got a security issue with WPA encryption! Before we get to WPA - can you give us a little background on wireless encryption? So, the first attempt was WEP. Most devices still support it - why should we not use it? So, that's not good. What did the IEEE do? What else did the 802.11i group do - what was the second solution? So, let me make sure I understand. Older wireless devices can be updated to support WPA which includes TKIP. Now, I've heard of WPA2 - what is that? So, the new products support both but old products only support WPA. I think I've got it! What did Tews and Beck actually crack? So the problem is with old devices that only support WPA and TKIP and not WPA and AES? What is the problem with TKIP? Now, didn't WEP use checksums this way? The ars technica piece mentioned short packets are ideal - especially ARP broadcasts. Why? Let me see if I understand, an attacker sniffs a packet, makes minor modifications to affect the checksum, and checks the results by sending the packet back to the access point. So it is not something we should be worried about? What can we do to protect our networks? Can you describe rekeying? Now, I've heard of this - you need to be careful. You don't want to enable rapid rekeying unless ALL of your clients support IEEE 802.1x and an authentication method (e.g. EAP-TLS) that supports key distribution. So, let's get to the point here - WPA really is not broken? Listen to get the answers!

On Oct 1, 2008 Nart Villeneuve and the Information Warfare Monitor released an interesting joint report titled BREACHING TRUST: An analysis of surveillance and security practices on China’s TOM-Skype platform. Villeneuve is CTO of psiphon inc and the psiphon research fellow at the Citizen Lab, Munk Centre for International Studies, University of Toronto. In this podcast we discuss the report, confidentiality and security issues with TOM-Skype, the Chinese version of SkypeMike: Gordon, Can you tell us a little more about this report?The Citizen Lab is an interdisciplinary laboratory based at the Munk Centre for International Studies at the University of Toronto, Canada focusing on advanced research and development at the intersection of digital media and world civic politics. The author, Nart Villeneuve's research focuses on International Internet censorship and the evasion tactics used to bypass Internet filtering systems. Other Questions: How about some background on Skype in China? How about some details from the report? You said these are publically accessible servers - can others besides the Chinese access these servers? Can you review the major findings from the report? What kinds of questions has the report raised?How does the report say the sensorship actually works?How about some detail on those servers?The report claims it may be possbile to map users social networks using the logged information. Can you explain? How has Skype responded?

Bio-Link is an Advanced Technological Education (ATE) Center for Biotechnology that originated in late 1998 with a grant from the National Science Foundation. The Center is located on the campus of City College of San Francisco with office space at the University of California, San Francisco. Regional Bio-Link Centers across the country are located in Seattle, WA; San Diego, CA; San Francisco, CA; Austin, TX; Madison, WI; Graham, NC; and Portsmouth, NH. At the SAME-TEC conference this past July, I had the opportunity to interview Bio-Link Director Dr Elaine Johnson. In the interview Elaine discusses the work the Bio-Link Center and Regional Centers are doing to bring students the knowledge and skills essential to the field as well as the ability to continue with more advanced education in math, science and engineering. My undergraduate background is in Microbiology so I've always had an interest in biotechnology and related fields. If you are faculty and considering starting a biotechnology program or maybe a student thinking about a biotechnology career, you will find her interview very interesting. Elaine and her Center's work are outstanding! You can get more information on Elaine and Bio-Link here.

Earlier this month I wrote about how the National Center for Telecommunications Technologies(NCTT, focusing on information and communications technologies) collaborated with sister NSF Advanced Technology Education Centers of Excellence Maricopa Advanced Technology Education Center (MATEC, focusing on semi-conductor, automated manufacturing and electronics) and OP-TEC (focusing on optics and photonics) to sponsor the SAME-TEC 2008 Conference in Austin, Texas. SAME-TEC has a long history, starting in 1994 with the vision of David Hata at Portland Community College and continuing to grow and evolve under the leadership and direction of Mike Lesiecki and his team at MATEC. This year the conference had over 350 attendees.At the conference we did a number of video interviews and John Reynolds, our multimedia specialist, has been hard at work editing them. We've now got another one posted - an interview with David Hata - the Godfather of SAME-TEC. David discusses the original grant he wrote to the National Science Foundation to launch SAME-TEC and the evolution of the conference.

The OP-TEC Advanced Technological Education Center was launched in August 2006 with funding from the National Science Foundation. Under the direction of Dan Hull, the Center engages a consortium of two-year colleges, high schools, universities, national laboratories, industry partners, and professional societies. The participating entities have committed to join forces in creating a secondary-to-postsecondary “pipeline” of highly qualified and strongly motivated students and empowering community colleges to meet the urgent need for technicians in optics and photonics.OP-TEC serves two types of one- and two-year postsecondary programs: Those devoted to lasers, optics, and photonics technology; andThose devoted to technologies that are enabled by optics and photonics. OP-TEC is building support through curriculum, instructional materials, assessment, faculty development, recruiting, and support for institutional reform. OP-TEC will serve as a national clearinghouse for teaching materials; encourage more schools and colleges to offer programs, courses, and career information; and help high school teachers and community and technical college faculty members develop programs and labs to teach technical content.The project has four goals:Serve as a national resource center for optics and photonics education and training.Create, assemble, align, and distribute coordinated curriculum materials designed to support optics, laser, and photonics education in high schools, two-year colleges, and retraining of adult workers.Support established and new photonics education programs in high schools, community and technical colleges, universities, and professional societies.Provide education and training for administrators, counselors, high school teachers, and community college faculty members to prepare them to: design new photonics technology programs that meet their local needs;infuse photonics into programs in photonics-enabled technologies; andteach optics, photonics, and lasers using curriculum materials distributed by OP-TEC. OP-TEC is establishing a national infrastructure for developing and supporting widely disseminated educational programs in cutting-edge, high-demand technologies that require photonics. That infrastructure encompasses both the secondary and postsecondary levels and will involve collaboration between educators and industry personnel.Dan and his team are doing excellent work. In July I had the chance to interview him (on his birthday!) at the SAME-TEC 2008 Conference in Austin, TX.You can get more information on the OP-TEC National Center located in Waco, TX here.

This is a series of  interviews Dan Greenwood, Brookdale Community College's Instructional Designer, recorded with Mike.  This is part of Dan's Project Emit (Engaging Methods in Teaching) podcast.  You can find Dan's podcast at http://www.brookdalecc.edu/pages/613.asp Here are descriptions for the interviews, which we've combined as one podcast.  Associate Professor Michael Qaissaunee of the Engineering and Technology Department shares some of his innovative ideas on using video in courses. In Part 1 of this interview topic, Mike explains how both students and faculty can become involved in creating videos to improve learning.In the second part of our Video conversation, Mike shares some excellent examples of using video. We also discuss the use of video hosting services and Mike provides some ideas on how you can get started creating your own video content.Our conversation continues with Professor Qaissaunee explaining what viral videos are and the concept of viral PowerPoints and how they can be used with online course materials.Links mentioned in the podcast:http://www.slideshare.net

Bunker Hill Community College Professor Paula Velluto has received National Science Foundation funding to create a model computer forensics program. The project is a regional collaboration of Middlesex Community College, Bristol Community College, Bunker Hill Community College, Northern Essex Community College and the University of Massachusetts Boston to meet the regional need of law enforcement for trained computer forensics (CF) technicians. The programs uniquely combine the disciplines of Information Technology and Criminal Justice and are tailored to the needs of each institution. The CFATE NSF project focuses on achieving three goals:To create computer forensics programs that align with law enforcement, public safety, private industry and homeland security needs to ensure consistent, current and flexible training. CFATE works with local/regional law enforcement agencies and industries to determine the needed skill set. Faculty workshops are being conducted to facilitate integration of CJ and IT into courses and expedite curriculum development on a consortium wide basis. CF experts work with the colleges to ensure that materials are rich in real world content. UMass Boston is developing baccalaureate programs that accept community college graduates and provide them with career pathways. In addition, CFATE is developing stand-alone courses and programs for IT professionals and CJ practitioners.To offer regional professional development opportunities for educators to develop expertise needed for teaching these programs. In addition to workshops on CJ and IT integration, extensive workshops on CF and the use of state-of-the-art software are being offered. Curriculum development workshops emphasize learner-centered pedagogy that give students needed skills. CF experts work individually with faculty and mentor them as they deliver CF courses.To expand the capacity in the region to attract students from diverse backgrounds to CF programs at each institution and support them in gaining employment in related positions. CFATE is creating recruitment materials such as CDs, brochures, and interactive websites to reach local schools and local and regional community organizations. This is combined with targeted personal outreach to schools and organizations. I've know Paula for many years and have always been so impressed with her technical knowledge, experience, vision and (especially) the way she works with her students. Paula is one of the best and last month I had the opportunity to interview her at the SAME-TEC 2008 Conference in Austin, TX.You can get more information on the CFATE rogram at Bunker Hill Community College here. The project website at CFATE.ORG will also be up shortly.

In this Video Podcast. MATEC Executive Director Michael Lesiecki discusses the past, current and future of the SAME-TEC Conference in Austin, Texas. You can get more information on SAME-TEC and MATEC at www.same-tec.orgMore Info on SAME-TECSAME-TEC is a unique event that provides national networking and collaboration between education and industry partners, to promote the viability of our high tech industries, through the development of a highly skilled and knowledgeable workforce. Conference participants are given an up-close look at the ever-advancing tools, training demands, and recent developments in emerging and converging technology fields.With this year's conference theme, we call attention to how different technologies are seamlessly converging into new all-encompassing technologies. High tech gadgets such as the Apple iPhone force us to fine-tune our focus as we endeavor to bring new technologies to our students and future employees. At SAME-TEC, faculty connect with each other to share practices, knowledge, and new approaches to help students succeed. Industry members connect with educators to ultimately help ensure students emerge into the workforce with the knowledge and skills desired by themselves and employers. Exhibitors will connect with existing and potential clients to help determine current and future needs. SAME-TEC provides the venue for learning about seamless technologies and the forum for creating seamless connections.Who Attends SAME-TEC?Faculty in technology programs who want to learn about new technologies and how to expand their existing programs College representatives, program development specialists, and counselors who are interested in creating more robust technology education programs and strategies for recruiting students K-12 teachers who want to learn how to integrate advanced technology concepts into their existing science and math curriculum Industry trainers and learning managers who want to gain insight into future training needs Industry personnel investing in workforce education and training Workforce development personnel from government, labor, business, and education who are involved in shaping workforce development programs Individuals concerned with issues related to skill standards and employability

Intro: The Moving Picture Experts Group or MPEG, is a working group of ISO/IEC charged with the development of video and audio encoding standards. In this podcast we look at the MPEG standards and video delivery systems. Mike: Gordon, what sources are we referring to here?Wikipedia and white paper from the MPEG Industry Forum at www.m4if.org/public/documents/vault/m4-out-20027.pdf. we've also got a couple of diagrams from the Verizon website. Mike: What's the history of MPEG? Mike: Are these open standards? Mike: What's the history? Can you tell us about MPEG-1? Mike: How about MPEG-2? Mike: We don't hear much about MPEG-3 - what's up with that? Mike: Let's talk about MPEG-4 now. Mike: What are some of the advantages of MPEG-4? Mike: Let's switch gears and talk about carried video delivery systems - specifically the telcos and cable companies. How is this technology used?It's different for broadcast and video on demand (VOD) content. Let's discuss broadcast systems and look at how Verizon (as an example) is setup. Two National Super Head Ends (SHE) - one in Tampa and the other in Bloomington, IL: - Diversely located - Satellites collect video feeds - Video is converted to digital MPEG-2 and packaged in a 10-GigE payload -  SHE servers “pitch” data to the Video Hub Office (VHO) - Three OC-192 SONET (long haul) rings that drop and continue GigE to VHOs Mike: What is OC-192? Mike: OK, these video hub offices are distributed over Verizon's footprint - what happens when they get the video? Video Hub Office (VHO) ex. Burlington MA Combines: - National Channels - VOD Servers “catch” data from the SHE servers - Off-Air, program guide, public, education, and government (PEG) channels, and local ads are injected - Encrypts all content - Content sent over several 1-GigE links to local Video Serving Offices (VSO, ex. CO) over SONET (medium haul) - VSO then sends it to the OLT and then to the  PON network for delivery to customer. Mike: Broadcast is still done using traditional RF modulation methods - correct? Yes - that will change - rumor has it Verizon will be trialing IP Broadcasting this summer in Pennsylvania - just a rumor! Mike: Now - Video on Demand (VOD) does things a little differently - correct? Yes - VOD delivers IP content to the customer - it is not in RF format: - Content is requested by user via the IP network (private subnet) - Content is then streamed from the video pumps to the Video Distribution Routers (VDR) in the VHO (ex. Burlington) - VDR then sends 10-GigE links to a Video Aggregation Router (VAR) - The Video Aggregation Router (VAR) then sends it to the Gateway Router (GWR) in the VSO (ex. CO) - GWR then sends it to the OLT and then to the  PON network Mike: So - Verizon is combining Voice, Video and Data services on the same fiber? Yes - Here's another nice diagram from the Verizon website: