Podcasts about ncsa mosaic

In this episode of ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠BragTalks⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, host Heather VanCura interviews Ed Burns about how to incorporate standards leadership into your technical career journey. Ed shares his experiences and the impact that his participation in standards has had on his career Listen to hear about how he approached getting involved and how he developed his leadership in this area. Season 7 is about sharing the experiences of technical professionals and building on the interviews from the recently published book '⁠⁠⁠Developer Career Masterplan'⁠⁠⁠. This episode is a story that links to Chapter 14 of the book. Biography: Ed Burns is currently Principal Architect on the Java Tooling and Experiences team at Microsoft. In this role, Ed will help make Azure the best place for Enterprise Java. Ed has worked on a wide variety of client and server side web technologies since 1994, including NCSA Mosaic, Netscape 6, Mozilla, the Sun Java Plugin, Jakarta Tomcat and JavaServer Faces, and the Servlet specification. Ed has lead or co-lead the expert groups for Servlet and JavaServer Faces. Ed has published four books with McGraw-Hill: JavaServerFaces: The Complete Reference (2006), Secrets of the Rockstar Programmers: Riding the IT crest (2008) JavaServer Faces 2.0: The Complete Reference (2010) and Hudson Continuous Integration In Practice (2013). To learn more about his books or projects, you can visit his website at .

At Hearts of Oak we recently added our profile and content to Hive, adding to the many social media, video and podcast platforms we already have accounts with because we find more and more people are talking about the decentralised web and Bitcoin as a cryptocurrency, but there are many other uses for the blockchain besides finance. We welcome back Brian of London, who as a computer programmer, has been working on this for quite some time so we had a chat with him to help us newbies understand what its all about! Social Media has many issues and failings including security, privacy, control and censorship, more than ever people want ownership of their data and are starting to push back against being sold for advertising. Is blockchain the way to build social media so that we do not become a commodity for big tech? Hive has been built on the blockchain to address all of these concerns and more. This will be our inaugural interview on our newly formed Hive community ( Hearts of Oak https://hive.blog/trending/hive-178616 ), If you are on the blockchain, come and join us there. Fun Fact: Brian's social media avatar is drawn by the voice at the start and end of our podcasts, Bosch Fawstin! Brian of London completed a PhD in Computational Fluid Dynamics just as the Web was emerging. He was using Veronica, Archie and Gopher just before NCSA Mosaic came along on his JANET connected Silicon Graphics Computer. But then he left academia to do management consulting and eventually moved to Israel to do business. Thankfully he's now back and coding up ways to keep freedom alive. Brian's working on the cutting edge of the new Podcasting 2.0 to make sure this relic of the early web, stays free from capture by the centralising forces of Web 2.0 and their dangerous desire to turn us all into dairy cows. Web 3.0 with direct support of creators by their audiences is his focus now and programmable money is at the heart of that. In his spare time, he assists with a gigantic class action lawsuit in Australia on behalf of the entire crypto industry. Follow and support Brian on Hive https://hive.blog/@brianoflondon To follow Hearts of Oak on the blockchain Social Media - Hive: https://hive.blog/@heartsofoakuk Video - 3speak: https://3speak.tv/user/heartsofoakuk Podcast - Aureal: https://aureal.one/podcast/20876 And join the Hearts of Oak Hive community https://hive.blog/trending/hive-178616 Interview recorded 23.5.22 *Special thanks to Bosch Fawstin for recording our intro/outro on this podcast. Check out his art https://theboschfawstinstore.blogspot.com/ and follow him on GETTR https://gettr.com/user/BoschFawstin To sign up for our weekly email, find our social media, podcasts, video, livestream platforms and more go to https://heartsofoak.org/find-us/ Please like, subscribe and share!

On the occasion of Will's birth we're back for another year in review, this time taking a look at the year he went off to college, 1993 (or at least as much of it as we can fit into one episode). Join us as we gab about everything from NCSA Mosaic and the creation of the World Wide Web at CERN to the founding of Nvidia, the Pentium FDIV bug, the CG-free Jurassic Park that almost was, the inexplicable longevity of the .mp3, and more!Support the Pod! Contribute to the Tech Pod Patreon and get access to our booming Discord, your name in the credits, and other great benefits! You can support the show at: https://patreon.com/techpod

An airhacks.fm conversation with Ed Burns (@edburns) about: expisode with Ed's first computer: "#161 SGI, NCSA Mosaic, Sun, Java, JSF, Java EE, Jakarta EE and Clouds" enabling Jakarta EE servers to run well on Azure, working with IBM and Oracle to support OpenLiberty on Azure and WebLogic on Azure, working with payara cloud, Azure Container Instances the cloud way of "docker run", JBoss EAP on Azure App Service, MicroProfile, Jakarta EE and Java EE application servers on Azure, Lift and Shift with kubernetes and Azure Kubernetes Service, Azure Container Apps - the sweet spot of ACI and ACR, cloud portability with Kubernetes, IaC with ARM Template, WebLogic on Kubernetes was using Bicep, "the complexity tax", Microsoft joins Java Community Process (JCP), Microsoft Build of OpenJDK, Azure Event Bus and Azure Service Bus, "#111 Java / Jakarta Messaging Service (JMS) on ...Microsoft Azure", Payara Cloud on Azure - the serverless server, OpenLiberty on AKS, JBoss EAP on Azure App Service, the Azure Service Connector, Azure Services as a Service -- the anti-corruption layer, Azure ExpressRoute and Azure Virtual Network, Event Driven Architectures and Azure Logic Apps, Ed Burns on twitter: @edburns

An airhacks.fm conversation with Ed Burns (@edburns) about: Ti 99 4a with speech synthesis, Secrets of the Rockstars Programmer book, Apple 2c with word processing and laser mouse, Superman 2, collecting half cents as rounding errors, War Games and Tron, the Logo programming language with a turtle, enjoying playing trumpet, marching band and a binary trumpet, The Nullpointers Band, Fourier Transforms for music quantification at high school, just intonation and the key changes, equal temperement on piano, retuning the keyboard on the fly, applying at Sun Microsystems, Lighthouse Design and Objectivec-C, working at Silicon Graphics and the nice O2 workstation, working on NCSA Mosaic browser at NCSA, learning Pascal and C++ at the university, working on Common Client Interface on Mosaic Browser, inperson conference system, talent vs. grit, grit over talent, floyd marinescu started the theserverside.com, the Spyglas Browser, the SGI Cosmo and VRML, SGI IRIX operating system, commodity vs. boutique fights at SGI, joining Sun's Lighthouse Design group, building a Java-based productivity suite, building a multi-dimensional spreadsheet: quantrix, NextStep Appkits vs. Swing, the AOL Sun-Netscape alliance, OJI - Open Java VM Interface the SPI for Applets, Project Panama - the new JNI, the popularity of Struts was the motivation for JSF, Craig McLanaham and Amy Fowler started to work on JSF, JSF code name was moonwalk, Hans Muller and the Swing Application Framework (JSR-296), the Java Community Process passion, IETF and W3C are like JCP, "Innovation Happens Elsewhere" book, JSF and Spring XML-based dependency injection, ATG dynamo jhtml, JSF 2.0 composite components, JSF was a hot technology with multiple component implementations RichFaces, icefaces, PrettyFaces, Liferay, PrimeFaces and MyFaces, the initial JSF target was page-based corporate apps, the AJAX experience conference and Ben Galbraith, Martin Marinschek from Irian, Josh Juneau and the famous blog post, building a proprietary Java-based docker orchestration framework on top of Apache Mesos at Oracle, Java EE on Azure, riding the crest, Ed's journey from client to server to cloud Ed Burns on twitter: @edburns

PLATO (Programmed Logic for Automatic Teaching Operations) was an educational computer system that began at the University of Illinois Champaign Urbana in 1960 and ran into the 2010s in various flavors.  Wait, that's an oversimplification. PLATO seemed to develop on an island in the corn fields of Champaign Illinois, and sometimes precedes, sometimes symbolizes, and sometimes fast-follows what was happening in computing around the world in those decades. To put this in perspective - PLATO began on ILLIAC in 1960 - a large classic vacuum tube mainframe. Short for the Illinois Automatic Computer, ILLIAC was built in 1952, around 7 years after ENIAC was first put into production. As with many early mainframe projects PLATO 1 began in response to a military need. We were looking for new ways to educate the masses of veterans using the GI Bill. We had to stretch the reach of college campuses beyond their existing infrastructures. Computerized testing started with mechanical computing, got digitized with the introduction of Scantron by IBM in 1935, and a number of researchers were looking to improve the consistency of education and bring in new technology to help with quality teaching at scale. The post-World War II boom did this for industry as well. Problem is, following the launch of Sputnik by the USSR in 1957, many felt the US began lagging behind in education. So grant money to explore solutions flowed and CERL was able to capitalize on grants from the US Army, Navy, and Air Force. By 1959, physicists at Illinois began thinking of using that big ILLIAC machine they had access to. Daniel Alpert recruited Don Bitzer to run a project, after false starts with educators around the campus. Bitzer shipped the first instance of PLATO 1 in 1960. They used a television to show images, stored images in Raytheon tubes, and a make-shift keyboard designed for PLATO so users could provide input in interactive menus and navigate. They experimented with slide projectors when they realized the tubes weren't all that reliable and figured out how to do rudimentary time sharing, expanding to a second concurrent terminal with the release of PLATO II in 1961. Bitzer was a classic Midwestern tinkerer. He solicited help from local clubs, faculty, high school students, and wherever he could cut a corner to build more cool stuff, he was happy to move money and resources to other important parts of the system. This was the age of hackers and they hacked away. He inspired but also allowed people to follow their own passions. Innovation must be decentralized to succeed. They created an organization to support PLATO in 1966 - as part of the Graduate College. CERL stands for the Computer-Based Education Research Laboratory (CERL). Based on early successes, they got more and more funding at CERL. Now that we were beyond a 1:1 ratio of users to computers and officially into Time Sharing - it was time for Plato III. There were a number of enhancements in PLATO III. For starters, the system was moved to a CDC 1604 that CEO of Control Data William Norris donated to the cause - and expanded to allow for 20 terminals. But it was complicated to create new content and the team realized that content would be what drove adoption. This was true with applications during the personal computer revolution and then apps in the era of the App Store as well. One of many lessons learned first on PLATO.  Content was in the form of applications that they referred to as lessons. It was a teaching environment, after all. They emulated the ILLIAC for existing content but needed more. People were compiling applications in a complicated language. Professors had day jobs and needed a simpler way to build content. So Paul Tenczar on the team came up with a language specifically tailored to creating lessons. Similar in some ways to BASIC, it was called TUTOR.  Tenczar released the manual for TUTOR in 1969 and with an easier way of getting content out, there was an explosion in new lessons, and new features and ideas would flourish. We would see simulations, games, and courseware that would lead to a revolution in ideas. In a revolutionary time. The number of hours logged by students and course authors steadily increased. The team became ever more ambitious. And they met that ambition with lots of impressive achievements. Now that they were comfortable with the CDC 1604 they new that the new content needed more firepower. CERL negotiated a contract with Control Data Corporation (CDC) in 1970 to provide equipment and financial support for PLATO. Here they ended up with a CDC Cyber 6400 mainframe, which became the foundation of the next iteration of PLATO, PLATO IV. PLATO IV  was a huge leap forward on many levels. They had TUTOR but with more resources could produce even more interactive content and capabilities. The terminals were expensive and not so scalable. So in preparation for potentially thousands of terminals in PLATO IV they decided to develop their own.  This might seem a bit space age for the early 1970s, but what they developed was a touch flat panel plasma display. It was 512x512 and rendered 60 lines per second at 1260 baud. The plasma had memory in it, which was made possible by the fact that they weren't converting digital signals to analog, as is done on CRTs. Instead, it was a fully digital experience. The flat panel used infrared to see where a user was touching, allowing users some of their first exposure to touch screens. This was a grid of 16 by 16 rather than 512 but that was more than enough to take them over the next decade. The system could render basic bitmaps but some lessons needed more rich, what we might call today, multimedia. The Raytheon tubes used in previous systems proved to be more of a CRT technology but also had plenty of drawbacks. So for newer machines they also included a microfiche machine that produced images onto the back of the screen.  The terminals were a leap forward. There were other programs going on at about the same time during the innovative bursts of PLATO, like the Dartmouth Time Sharing System, or DTSS, project that gave us BASIC instead of TUTOR. Some of these systems also had rudimentary forms of forums, such as EIES and the emerging BBS Usenet culture that began in 1973. But PLATO represented a unique look into the splintered networks of the Time Sharing age. Combined with the innovative lessons and newfound collaborative capabilities the PLATO team was about to bring about something special. Or lots of somethings that culminated in more. One of those was Notes. Talkomatic was created by Doug Brown and David R. Woolley in 1973. Tenczar asked the 17-year old Woolley to write a tool that would allow users to report bugs with the system. There was a notes file that people could just delete. So they added the ability for a user to automatically get tagged in another file when updating and store notes. He expanded it to allow for 63 responses per note and when opened, it showed the most recent notes. People came up with other features and so a menu was driven, providing access to System Announcements, Help Notes, and General Notes.  But the notes were just the start. In 1973, seeing the need for even more ways to communicate with other people using the system, Doug Brown wrote a prototype for Talkomatic. Talkomatic was a chat program that showed when people were typing. Woolley helped Brown and they added channels with up to five people per channel. Others could watch the chat as well. It would be expanded and officially supported as a tool called Term-Talk. That was entered by using the TERM key on a console, which allowed for a conversation between two people. You could TERM, or chat a person, and then they could respond or mark themselves as busy.  Because the people writing this stuff were also the ones supporting users, they added another feature, the ability to monitor another user, or view their screen. And so programmers, or consultants, could respond to help requests and help get even more lessons going. And some at PLATO were using ARPANET, so it was only a matter of time before word of Ray Tomlinson's work on electronic mail leaked over, leading to the 1974 addition of personal notes, a way to send private mail engineered by Kim Mast. As PLATO grew, the amount of content exploded. They added categories to Notes in 1975 which led to Group Notes in 1976, and comments and linked notes and the ability to control access. But one of the most important innovations PLATO will be remembered for is games. Anyone that has played an educational game will note that school lessons and games aren't always all that different. Since Rick Blomme had ported Spacewar! to PLATO in 1969 and added a two-player option, multi-player games had been on the rise. They made leader boards for games like Dogfight so players could get early forms of game rankings. Games like airtight and airace and Galactic Attack would follow those. MUDs were another form of games that came to PLATO. Collosal Cave Adventure had come in 1975 for the PDP, so again these things were happening in a vacuum but where there were influences and where innovations were deterministic and found in isolation is hard to say. But the crawlers exploded on PLATO. We got Moria, Oubliette by Jim Schwaiger, Pedit5, crypt, dungeon, avatar, and drygulch. We saw the rise of intense storytelling, different game mechanics that were mostly inspired by Dungeons and Dragons, As PLATO terminals found their way in high schools and other universities, the amount of games and amount of time spent on those games exploded, with estimates of 20% of time on PLATO being spent playing games.  PLATO IV would grow to support thousands of terminals around the world in the 1970s. It was a utility. Schools (and even some parents) leased lines back to Champagne Urbana and many in computing thought that these timesharing systems would become the basis for a utility model in computing, similar to the cloud model we have today. But we had to go into the era of the microcomputer to boomerang back to timesharing first.  That microcomputer revolution would catch many, who didn't see the correlation between Moore's Law and the growing number of factories and standardization that would lead to microcomputers, off guard. Control Data had bet big on the mainframe market - and PLATO. CDC would sell mainframes to other schools to host their own PLATO instance. This is where it went from a timesharing system to a network of computers that did timesharing. Like a star topology.  Control Data looked to PLATO as one form of what the future of the company would be. Here, he saw this mainframe with thousands of connections as a way to lease time on the computers. CDC took PLATO to market as CDC Plato. Here, schools and companies alike could benefit from distance education. And for awhile it seemed to be working. Financial companies and airlines bought systems and the commercialization was on the rise, with over a hundred PLATO systems in use as we made our way to the middle of the 1980s. Even government agencies like the Depart of Defense used them for training. But this just happened to coincide with the advent of the microcomputer. CDC made their own terminals that were often built with the same components that would be found in microcomputers but failed to capitalize on that market. Corporations didn't embrace the collaboration features and often had these turned off. Social computing would move to bulletin boards And CDC would release versions of PLATO as micro-PLATO for the TRS-80, Texas Instruments TI-99, and even Atari computers. But the bureaucracy at CDC had slowed things down to the point that they couldn't capitalize on the rapidly evolving PC industry. And prices were too high in a time when home computers were just moving from a hobbyist market to the mainstream.  The University of Illinois spun PLATO out into its own organization called University Communications, Inc (or UCI for short) and closed CERL in 1994. That was the same year Marc Andreessen co-founded Mosaic Communications Corporation, makers of Netscape -successor to NCSA Mosaic. Because NCSA, or The National Center for Supercomputing Applications, had also benefited from National Science Foundation grants when it was started in 1982. And all those students who flocked to the University of Illinois because of programs like PLATO had brought with them more expertise. UCI continued PLATO as NovaNet, which was acquired by National Computer Systems and then Pearson corporation, finally getting shut down in 2015 - 55 years after those original days on ILLIAC. It evolved from the vacuum tube-driven mainframe in a research institute with one terminal to two terminals, to a transistorized mainframe with hundreds and then over a thousand terminals connected from research and educational institutions around the world. It represented new ideas in programming and programming languages and inspired generations of innovations.  That aftermath includes: The ideas. PLATO developers met with people from Xerox PARC starting in the 70s and inspired some of the work done at Xerox. Yes, they seemed isolated at times but they were far from it. They also cross-pollinated ideas to Control Data. One way they did this was by trading some commercialization rights for more mainframe hardware.  One of the easiest connections to draw from PLATO to the modern era is how the notes files evolved. Ray Ozzie graduated from Illinois in 1979 and went to work for Data General and then Software Arts, makers of VisiCalc. The corporate world had nothing like the culture that had evolved out of the notes files in PLATO Notes. Today we take collaboration tools for granted but when Ozzie was recruited by Lotus, the makers of 1-2-3, he joined only if they agreed to him funding a project to take that collaborative spirit that still seemed stuck in the splintered PLATO network. The Internet and networked computing in companies was growing, and he knew he could improve on the notes files in a way that companies could take use of it. He started Iris Associates in 1984 and shipped a tool in 1989. That would evolve into what is would be called Lotus Notes when the company was acquired by Lotus in 1994 and then when Lotus was acquired by IBM, would evolve into Domino - surviving to today as HCL Domino. Ozzie would go on to become a CTO and then the Chief Software Architect at Microsoft, helping spearhead the Microsoft Azure project. Collaboration. Those notes files were also some of the earliest newsgroups. But they went further. Talkomatic introduced real time text chats. The very concept of a digital community and its norms and boundaries were being tested and challenges we still face like discrimination even manifesting themselves then. But it was inspiring and between stints at Microsoft, Ray Ozzie founded Talko in 2012 based on what he learned in the 70s, working with Talkomatic. That company was acquired by Microsoft and some of the features ported into Skype.  Another way Microsoft benefited from the work done on PLATO was with Microsoft Flight Simulator. That was originally written by Bruce Artwick after leaving the university based on the flight games he'd played on PLATO.  Mordor: The Depths of Dejenol was cloned from Avatar Silas Warner was connected to PLATO from terminals at the University of Indiana. During and after school, he wrote software for companies but wrote Robot War for PLATO and then co-founded Muse Software where he wrote Escape!, a precursor for lots of other maze runners, and then Castle Wolfenstein. The name would get bought for $5,000 after his company went bankrupt and one of the early block-buster first-person shooters when released as Wolfenstein 3D. Then John Carmack and John Romero created Doom. But Warner would go on to work with some of the best in gaming, including Sid Meier.   Paul Alfille built the game Freecell for PLATO and Control Data released it for all PLATO systems. Jim Horne played it from the PLATO terminals at the University of Alberta and eventually released it for DOS in 1988. Horn went to work for Microsoft who included it in the Microsoft Entertainment Pack, making it one of the most popular software titles played on early versions of Windows. He got 10 shares of Microsoft stock in return and it's still part of Windows 10 using the Microsoft Solitaire Collection.. Robert wood head and Andrew Greenberg got onto PLATO from their terminals at Cornell University where they were able to play games like Oubliette and Emprie. They would write a game called Wizardry that took some of the best that the dungeon crawl multi-players had to offer and bring them into a single player computer then console game. I spent countless hours playing Wizardry on the Nintendo NES and have played many of the spin-offs, which came as late as 2014. Not only did the game inspire generations of developers to write dungeon games, but some of the mechanics inspired features in the Ultima series, Dragon Quest, Might and Magic, The Bard's Tale, Dragon Warrior and countless Manga. Greenberg would go on to help with Q-Bert and other games before going on to work with the IEEE. Woodhead would go on to work on other games like Star Maze. I met Woodhead shortly after he wrote Virex, an early anti-virus program for the Mac that would later become McAfee VirusScan for the Mac. Paul Tenczar was in charge of the software developers for PLATO. After that he founded Computer Teaching Corporation and introduced EnCORE, which was changed to Tencore. They grew to 56 employees by 1990 and ran until 2000. He returned to the University of Illinois to put RFID tags on bees, contributing to computing for nearly 5 decades and counting.  Michael Allen used PLATO at Ohio State University before looking to create a new language. He was hired at CDC where he became a director in charge of Research and Development for education systems There, he developed the ideas for a new computer language authoring system, which became Authorware, one of the most popular authoring packages for the Mac. That would merge with Macro-Mind to become Macromedia, where bits and pieces got put into Dreamweaver and Shockwave as they released those. After Adobe acquired Macromedia, he would write a number of books and create even more e-learning software authoring tools.    So PLATO gave us multi-player games, new programming languages, instant messaging, online and multiple choice testing, collaboration forums, message boards, multiple person chat rooms, early rudimentary remote screen sharing, their own brand of plasma display and all the research behind printing circuits on glass for that, and early research into touch sensitive displays. And as we've shown in just a few of the many people that contributed to computing after, they helped inspire an early generation of programmers and innovators.  If you like this episode I strongly suggest checking out The Friendly Orange Glow from Brian Dear. It's a lovely work with just the right mix of dry history and flourishes of prose. A short history like this can't hold a candle to a detailed anthology like Dear's book.  Another well researched telling of the story can be found in a couple of chapters of A People's History Of Computing In The United States, from Joy Rankin. She does a great job drawing a parallel (and sometimes direct line from) the Dartmouth Time Sharing System and others as early networks. And yes, terminals dialing into a mainframe and using resources over telephone and leased lines was certainly a form of bridging infrastructures and seemed like a network at the time. But no mainframe could have scaled to the ability to become a utility in the sense that all of humanity could access what was hosted on it.  Instead, the ARPANET was put online and growing from 1969 to 1990 and working out the hard scientific and engineering principals behind networking protocols gave us TCP/IP. In her book, Rankin makes great points about the BASIC and TUTOR applications helping shape more of our modern world in how they inspired the future of how we used personal devices once connected to a network. The scientists behind ARPANET, then NSFnet and the Internet, did the work to connect us. You see, those dial-up connections were expensive over long distances. By 1974 there were 47 computers connected to the ARPANET and by 1983 we had TCP/IPv4.And much like Bitzer allowing games, they didn't seem to care too much how people would use the technology but wanted to build the foundation - a playground for whatever people wanted to build on top of it. So the administrative and programming team at CERL deserve a lot of credit. The people who wrote the system, the generations who built features and code only to see it become obsolete came and went - but the compounding impact of their contributions can be felt across the technology landscape today. Some of that is people rediscovering work done at CERL, some is directly inspired, and some has been lost only to probably be rediscovered in the future.  One thing is for certain, their contributions to e-learning are unparalleled with any other system out there. And their technical contributions, both in the form of those patented and those that were either unpatentable or where they didn't think of patenting, are immense.  Bitzer and the first high schoolers and then graduate students across the world helped to shape the digital world we live in today. More from an almost sociological aspect than technical. And the deep thought applied to the system lives on today in so many aspects of our modern world. Sometimes that's a straight line and others it's dotted or curved. Looking around, most universities have licensing offices now, to capitalize on the research done. Check out a university near you and see what they have available for license. You might be surprised. As I'm sure many in Champagne were after all those years. Just because CDC couldn't capitalize on some great research doesn't mean we can't. 

This week is a replay of the show aired originally on 7 Mar 2020 Welcome!   We are going to hit a number of topics today from the world of Technology.  I am quite disappointed with Mozilla, they are letting marketers and politicians define their technology. Listen in to find out why I feel that way. Compliance is an issue for many companies and I have some solutions that will help you and it includes a diet but probably not the kind you are thinking.  Do you ever get nostalgic for "the good old days?" Well, I have something that might help, listen in to find out more. I will tell you happened to one of the Sharks from Shark Tank? How you can prevent it from happening to you and more. For more tech tips, news, and updates visit - CraigPeterson.com --- Related Articles: Getting Your Fix of Nostalgia Don’t Store Data You Don’t Need Cryptocurrencies and Insurance Increases Ransomware Profitability Are you Secure -- Depends on Many Things You Don’t Have Much Time To Stop An Attack Hackers Target Large Databases Anyone Can Be A Victim - Business Email Compromise Does Not Play Favorites  DNS over HTTPS (DoH) is not the Panacea the Marketers Are Leading you to Believe --- Automated Machine Generated Transcript: Hello everybody, Craig Peterson here on WGAN and, of course, online at Craig Peterson, dot com and heard streaming all over the world on your favorite streaming site. I'm so glad to be here today and be able to talk with you a little bit about what are the top news stories this week? How can you keep safe that's kind of one of my themes because I freaked out when my company got attacked some years ago. You know, just a regular business guy trying to run a small business and man did hurt me bad back in the day. I'm just trying to get all of the information I've put together over the years and learn, and I continue to study this stuff and continue to look at what are the best ways to defend ourselves. I try and get all of that and put it together into neat packages for you. One of them, of course, is the radio show. I also get on with Facebook Lives. YouTube lives, and also do various types of pieces of training and tutorials and things out there. Where in fact, for the next course I have coming up, we're going to have implementation calls, where we are talking specifically about what to do when you do it. So you try and implement something, you have some issues. I'm going to get on the phone with you guys. So I think that's going to be great. And then the upcoming class here in a few weeks. And then, of course, the tutorials leading up to that class where I'll take your questions live, sometimes those little tutorial sessions on, you know what it's webinar technology. On these webinars, sometimes we go a couple of hours so I can answer all of your questions. That's what it's about here. All right, because I understand most people, not I know I'm this way too. I get contacted by somebody, and they're trying to sell me something that happened just over the weekend. Last weekend somebody knocked at the door, trying to sell windows, right. I think it was like Renewal by Andersen or something like that. And they were walking around knocking on doors. I see you know, immediately just knee jerk said, No, No thanks, my windows are fine. It got me to thinking about the whole situation in the security realm. Because that's what we do, right? What we've been doing for years decades, sometimes we have the antivirus software, every once in a while when we hear about a real big vulnerability, we go ahead and apply patches. You know, it's been the same old, same old, but we just can't do that anymore. And because really, we see huge, huge problems and businesses going out of business because of them. So that's what this is all about. So if you're a new listener, welcome. If you've been listening to me for a while, of course, Welcome, Welcome to you too. And I want to get this information out. So one of the best ways to make sure you have all of the latest information you need is to go online go to Craig Peterson dot com slash subscribe, and that'll get you on my email list. Then once you're there, you will be able to keep up on up to date on things I do, try and get those out. I have a newsletter that's every Saturday morning. Then when I'm doing training, I'll send something that's a little out of the band if I'm doing a live or various other things. I thought because of the way it works with the emails I send out, if you want to unsubscribe, you will be guaranteed to never hear from me again. Maybe that's a great thing that is right for some people. But for other people, I came to realize that perhaps they didn't care about the training, they just wanted the newsletter, or perhaps they wanted the pieces of training but didn't want any emails. Some wanted on courses but not other courses, etc., etc. So I'm going to try and do something a little bit different right now, and there's a pretty nasty warning as a footnote. If you unsubscribe, I can't send you anything anymore. I won't send you anything even if you want a course, you'll not hear from me again, because you unsubscribed and marked as somebody that doesn't ever want to hear from me again. That's fine. I know we all have our lives, and maybe you think you're safe enough. Perhaps you're going to reach out to me when everything falls apart around you. At which point, I can't respond to you because I will have your email blocked. That is because I don't want to bother you. I want to comply with the can-spam app act. Although, you know, most people don't seem to care about that as well as the GDPR. Also, The New California regulations, the Massachusetts regulations, and new federal regulations that are going into effect. They all place requirements on when and where I'm not supposed to contact you. If you say No. Then No means no, right. I'm going to change things a little bit with these upcoming training and courses that I'm going to be doing. I'm going to make it so you can just unsubscribe from those, so you're not going to lose contact with me. I've had some people complain, and in the end, it becomes a bit of a pain to try and add them back in. We're going to try and make this a little bit easier for you guys, so keep an eye out for that. You already know right based on what I'm saying, as well as what I've done in the past that I won't spam you guys, I don't sell your name to other people your email address. Most of you I know are kind of the older generations, the younger guys they don't care we've already talked about that. They will sell their email address and name for a donut. But us older folk were a little bit more cautious about it. I think that's probably a good thing. We're less likely to get ripped off the senior population in some ways less likely to get ripped off, and other ways more likely get ripped off. It's interesting. Again, we tend to trust phone calls more. You know what I have, frankly, I don't answer my phone anymore. It just goes to voicemail. And I have somebody else look at it because there are so many scams coming in. But we tend to trust the phones more in the generation, you know, the men and women older than me, other baby boomers, they are a little bit more susceptible to those types of scams. So be careful with those types of scams as well just you know, be careful all the way around, frankly. And that brings us to our first story of the day today. And this is something I found that I thought was cool. So I thought I'd share it with you. It's a tech thing. I was just a few weeks ago talking on the radio. One of the radio shows I appear on as a guest. And we were talking about Betamax versus VHS. And I knew I knew that the radio host I was talking to there's no way he just loves tech. There's no way he did not have Betamax. And he did. He had hundreds, apparently of beta tapes in his closet. But this is all about that Era of the 1990s. I'm sure you guys had VCRs right back in the day. And of course, the winner of that war was VHS, and it wasn't because it was better technology, but we're not going to delve into that right now. And those VHS tapes, at this point, about 20,000 of them have been put into an online vault. Now, if you've never used the Wayback Machine, you have to check it out. You can find it online. At archive.org, that's the name of it. It is an Internet Archive, and it shows web pages going way back, you can look at my web page from back in the very, very, very early days of the Internet. When you know, love the not the Internet, but of when the whole web thing came about, which was 9293 is when it started to go. I didn't have a webpage back in 85. When I first registered my domain that's been around for a while. And then, of course, I was using other domains. Before that, I've used my ham radio call sign is my domain. And before that, but the Wayback Machine is this archive, you can browse the history of any major site, many miners sites that are out there. They have used it in court cases. It's used by me, just for kind of memories of things as the way they were. Now you can use it for something brand new. I didn't know that they had, and that is They've got something out there on the Wayback Machine that's called the VHS vault V-H-S just like the VHS tapes that we had or that ken didn't have because he had Betamax. Right now, I'm looking at says there are almost 21,000 results. So they've taken these VHS tapes that were submitted, and they have effectively ripped them. They've turned them into digital video, right. And some of these are just amazing, like a warm-up to Traci Lords. It's an exercise program. Of course, Traci Lords was involved in some adult films back in the day. Man, I love this mystery science theater. 3000 Timothy Leary is a guest on MTV with John Lennon, Les Miserables from 1935, rush to judgment. There are some many cool things The Lion King in full VHS tapes. Now some of this information is probably still copyrighted, but as a general rule, archive.org doesn't get nailed for copyright violations. SpongeBob SquarePants Oh, this is the Fairy Fairy Godmother I think is what this cartoon was called and trying to remember my kids used to like it. Some bootleg tapes, everything, but you can find it online I think you would have a gas looking through these. I want you to go to archive.org as you're listening to the show, or maybe some other time during the week, you're sitting there watching some TV with your smartphone or your computer. Archive.org and look for the VHS vault. The actual URL is archive.org slash details slash VHS vault. You will see all kinds of fun stuff that's in there. They have many different collections You can search this you can go in by year when They did it. They have Flemish dog collection. There's another one. There are collections I've used in some of the training videos I put together. There are collections of old black and white art, and pencil art, and engineering diagrams that are well, well auto copyright and you'll find all that stuff@archive.org Check it out, I think you will have a gas checking it out. If you're like me, it's certainly brought back a lot of memories.  When we get back, we're going to be talking about something that you should be doing, whether you're a home user or business user. You know, the things that we have to be worried about are the things that can be stolen from us, right, in the online world. Okay, this is what we will be talking about. What can be taken from us, but also what can be used to kind of hold our feet to the fire in ransomware. So we're going to talk about how to reduce your risk with Craig Peterson here on WGAN Stick around. We'll be right back. Hey everybody Craig Peterson back here on WGAN online, and of course, at Craig Peterson dot com. Yeah, you know it by now, right? Well, hopefully, you had a chance to look@archive.org, definitely check it out. It's called the Wayback Machine, at least that was its original name. And they may still have that domain, the Wayback machine.com. But now it's known as archive.org. It is a wonderful, wonderful trip down memory lane, at least for me. If, if you are a little bit older, you might remember the Internet back in the days fun looking at some of the original search pages at AltaVista. Man, I miss AltaVista. I used to like to use the Boolean algebra that you could do in AltaVista. By the way, if you are a geek like me when it comes to searching and you want to be able to dig into it. There's a tool I use, and I think that you'd like it also. It's not cheap, that's for sure, but not that expensive either, but it's called DEVONthink, D-E-V-O-N T-H-I-N-K. It allows you to set up searches using all kinds of Boolean constructs, which is very, very, very handy, at least as far as I'm concerned. You can set it up to do automatic search sets every day looking for different things. It's one of the tools I use to find the information that we talk about here on this show because so much of it just isn't generally speaking, available. It certainly isn't spoken about by the mainstream media, right? You know that right. That's why you listen to the show and why you follow me. I am on LinkedIn. I'm on Facebook. I'm on Twitter, YouTube, and my website as well. I appreciate all you guys who do follow and who comment. Now, if you're a business person, this is for you, but there are some things that you can do as an individual as well that are going to make a big difference for yourself and your safety online. Businesses are concerned about the GDPR, which we've talked about on the show before. That's the European privacy regulation. We're also very concerned right now with CCPA. I just had a company that makes optics. I use their optics here in the studio if you have ever seen me on a webinar or one of these videos or pop up training or anything. I'm in the studio, and my cameras here the lenses use the glass made by this company. I had no idea, but they reached out to us due to their operations in California. They have a sales operation there because, again, they're selling their optical glass for use in lenses, and all kinds of other devices. They reached out because they were concerned about what is happening, what could happen with these new California privacy regulations? Is it going to mess up their business? How is it going to mess up their business? How is it going to make things better or worse? I think they had some outstanding questions. So they called us in, and they paid us to do an audit of the systems they have. How are the systems working? What is it that we need to be worried about? You know, it's something that takes a few weeks and a couple of on-site visits in New York? New York State, which by the way, is going to have their own set of privacy regulations that are going to affect them pretty dramatically. But basically, what it came down to was if they were compliant with the European regulations, they were probably most of the way towards the California regulations. So they think that they're compliant. But when we got in and started having to look at it, it turned out No, no, no. They are not anywhere near compliant with either set of regulations. Even though their IT people told them they are because they have full-time programmers who are programming their systems. They thought, Oh, no, no, we're fine. We're fine. No, they weren't. So what do you do if your regular business? Enough moaning and groaning about the optical manufacturer, who has fantastic optics, which is why I use them. Let's talk about you. Let's talk about your business, your small business, your larger business, this is true, you should be paying attention if you are a medium or large business as well. One of the best things you can do, and it is hard to get through to a lot of CEOs and other business owners. But one of the best things you can do to reduce your risks is to reduce the data that you are maintaining. Right? If you want to reduce the chance of getting shot at, don't go out in the streets where they're shooting, right? If you want to reduce the risk of having your data stolen, then don't have the data out there for them to steal. If you don't want to get nailed by one of these new regulations, that says, hey, personally identifiable information has to be maintained in this way and that way. If someone asks you what data do you have on me? Do you realize now you only have one week to respond? You must provide that data to them. If you have any sort of a California Nexus or European Nexus, in other words, doing business in either one of those places. Now, it's down to I think five days it's not a week to respond, saying, Here's all of the data that we have about you. That's what you have to be able to do. We have to be able to do it right now. You also have to be able to tell them, here are all of the people within my organization as well our contractors that saw your data and had access to your data. That is a very, very big deal, frankly. The landscape is constantly changing your obligations for that data, and the data disclosure and the data-keeping keeps getting more strict. What's the right thing for you to do? Ultimately, well, it's to get rid of the damn data, right? It's a very, very solid first step in reducing your risk. Now I'm going to be publishing next week, a little guide that you can use yourself, right, you don't have to have me involved, or anything else is just for you, that you can use to do an inventory of all of the data that you have in your business. What we've done is we've gone through and looked at different parts of the businesses that we've worked with over the years and evaluated the kind of data they often have. You have to do that first, right? You must identify what your risks are. You must determine what data you have. I'll make that available for those people on my email list. It will be part of this ramp-up here, a precursor to the pieces of training that I will be doing. There will be different free pieces of training and tutorials in my ramp-up to my courses. You don't have to be in the course to participate in the free tutorials, okay? You don't have to buy anything from me. It is all free, no hype or anything else. Okay. I'm not trying to hard-sell anybody I want to help you. That is the first step -- doing this inventory the data you have, and it is one of the best things you can do. Put your company on a data diet. Now, you know, last week we had Barry Friedman on the show, talking about a sugar diet. Right. It's a lot like that, and it's getting rid of these addictive pieces of data that we keep on our clients on our prospects, everything else that's out there, right. Let's look at it as a lens. When you're looking at your data when you're doing an inventory of these data assets, ask yourself, do I need this? Will this provide what I need? Think about maybe like a food diet as Barry does with sugar? Do I need sugar? We know is sugar going to provide us the nutrients that we need? The answer to that is no. When it comes to sugar, right. We found that out from Barry last week. But we need to work to minimize sensitive data and ask ourselves, do we need this sensitive data to conduct business right now? And will we need this sensitive data to conduct business in the future? If the answer's no, securely dispose of that data. It is the only way to comply with these regulations that are already in place here in the US and Europe as well. All right, when we get back, we're going to talk about how did we get here? How did we? How did ransomware grow to be a multi-billion dollar industry? What did we do to get here? What should we do to try and get beyond all of this? You're listening to Craig Peterson on WGAN. And of course online at Craig Peterson. dot com, live on youtube, live on Facebook everywhere out there. Stick around. We'll be right back. Hey, welcome back, everybody, Craig Peterson here on WGAN, and of course online at Craig Peterson dot com. In case you missed it. We've been busy today talking about the internet archives VHS vault. Again, that's archive.org. Check it out. It is kind of cool. We just talked about reducing risk using the cheapest mechanism possible. Data minimization will save you money and help you be compliant. Now I'm going to talk about ransomware. We've been warned recently about ransomware's rise. Many people thought it's kind of past. In some ways, it has. 2018 was kind of the banner year for the standard ransomware that out there, but it is back, and it is back with a vengeance. We talked about some of the statistics about a month ago and showed how it had gone up a bit almost doubled just between the third and fourth quarters last year, which is just absolutely dramatic. I had a course before, where we talked a little bit about backups. I've certainly talked about it here on the show before, and how backups help stop ransomware. Let's just spend a couple of minutes on that right now, although it's not 100% accurate anymore. It is essential to do for just a whole plethora of reasons. Backups are kind of the very first stage of what you need. I read an article yesterday from a guy who is in some of the highest circles in the country. He had the phone numbers, the direct cell numbers of presidents and you name it, really just anybody who's anybody was on his phone. It was an Android phone. He had assumed that it was backed up into the cloud or something. His phone broke. He got a new phone and realized at that point that his phone had that never, ever, ever, been backed up. He lost the phone numbers from all of these people. Good luck getting them back, cell phone numbers, other contact information. Think of all the things that are on our phones nowadays. Losing your phone, having a hard disk crash on your laptop, or your desktop computer. Losing those can be devastating, no question about it. If you're a larger business and you think that you're doing backups, double-check them. I'd say three times quarters of the time, and I can't think of an exception to this, your backups will not work correctly for that business. I've never seen a case where all backups are working correctly, ever, ever going into a business. I know you, Craig, you're just crazy. It's silly. You're trying to build a business and scare people. No, I have never walked into a company and found their backups to be working correctly. We see things like, and I don't mean, they're not working in a way that is ideal or optimal for the business. Right? Certainly that on top of it. I mean, they weren't working. We had one company that we went into, and they were dutifully doing backups, and the operations manager had five external hard disks. Every day he brought a hard drive in, he plugged it into the server and took it home at the end of the day. So we had Monday through Friday, hard disks that you brought back home with them. So they were off-site, which is, you know, great idea, by the way. The server itself had a RAID configuration on it and is called a raid five. It had three hard disks so that if a drive failed, they wouldn't lose all of their data. We went in because they wanted to do some upgrades. They hoped to move over to Apple infrastructure, where people could use iPads and iMacs on their desks to have a better working environment for everyone by moving away from windows. By the way, this is an excellent idea. They still had some Windows software that they had to run, so we helped them with that and got that all working running correctly. The backups you know, they were trying to do the right thing. But you know, you know what, there were a couple of problems one, their server had not written to any of those external disks for the last 18 months. They went a year and a half without ever having had a good backup. Think about that. What would happen to that business? What would happen to your company? After 18 months of no good backups and losing all your data? Oh, and their server, an HP server, that cute little HP server had that RAID array, right a raid five where you can lose a disk and not lose data. Well, they had lost a drive. We were estimating based on the logs about a year before. There they were with no backups and no redundancy in their server disks on their server. That's an example right now, and I could go on and on. We had a company division of a Fortune 100 company that had paid for backups, and they had a dedicated data line. We put some next-generation firewalls in place that monitored the data and watched for data exfiltration to make sure that the plans and designs and social security numbers and bank accounts and everything were not being stolen or taken off off-site, right. Guess what we found there? After six weeks of monitoring everything that's been going on because that's the first step right. Let's make sure we understand what the normal operations are. Didn't you tell us that you had an off-site backup of your mini computer going to another backup site? Oh, yeah, yeah, we do. It gets backed up in real-time. We're paying for the backups to go off-site. If something were to happen to our facility here, or to our computer, which is a big server, then they'd take over immediately we'd be off and running during those six weeks that we were in there we hadn't been involved with these operations. Ultimately, we were in there for decades. Guess what we found? Yeah, exactly. None of the backups were occurring. They were paying for all of these things, right? They were paying for them. What we ended up doing is we came in, and we made sure that backups were happening. Unfortunately, they didn't have us do those backups. The company doing it for them was incompetent. And yet they decided to have them continue to do it. It doesn't make sense. We took over the rest of the backups. We had equipment on site, which we do at most of our clients. In case there's a problem, there are failovers that can occur. In this case, we'd have them back online in four hours, a requirement of publicly traded companies and their divisions. Again, they're just not doing anyways. Ramble. Ramble. Wow, we've only got a couple of minutes left here in this segment. When it comes to backups, here's what you have to be careful of, and that is, make sure they are happening. Check the backups. Try and restore from your backups. Now, we're talking about ransomware. It is a seven and a half-billion-dollar industry. They are coming for you, and one of the best things you can do is have a backup. Still, there's another side to ransomware, nowadays, that backup won't help you with, and that is that they have your data, and they hold a ransom saying, if you don't pay us, we're going to release this onto the Internet. Then you're in real trouble. If you have personally identifiable information, or if you have your intellectual property out there, and it gets out to the Internet because you don't pay that ransom, you are in real trouble, plus if they encrypt your data, you'll need that backup.  All right, stick around. We will be right back. And we're going to be talking about our next topic for the day, which is how do you answer a non-technical executive, who asks, how secure are we? Your listening to Craig Peterson on WGAN and online at Craig Peterson dot com. Hey, have you ever been asked that question? Well, we'll tell you about how to answer it, coming right up. Hey, welcome back, everybody, Craig Peterson here on WGAN and online, of course at Craig Peterson dot com. No surprise there. Our next one is an interesting article and poses an interesting question. It is one that I'm sure you ask or have been asked, right? How secure are we? You are the Calvary, is the bottom line. You're the person who your family comes to, or the business owner comes to, the business asks whenever they have a tech question, right? You wouldn't be listening otherwise. It is how you get ahead. It is how you learn. You listen to me and others, read articles. You are the Calvary. How does the Calvary answer that question, when you're asked, How secure are we? You know, there's the obvious answer. Well, you know, we got this, and we got that. We have an Anti-virus, and we have a firewall. Those, frankly, are buzzwords that many of us use just to obfuscate the real answer to that question. I know that many times when we go into a business, and we secure it, we put together a proposal. Most of the time, our recommendations are not accepted. Most of the time, when we go into a business, and we say, here's what you need. Here's what you need to do to stay secure, they say No, thank you, and prefer to run with blinders. Hopefully, they won't stumble in the middle of the night get or tossed by that horse, of just kind of ignoring it, right. Blinders or maybe you might want to call it ostrich-ing and to put their head in the sand or whatever, you want to call it, But most of the time, in reality, the businesses just don't do anything. Sometimes they do, right. That's how I stay in business. I stay in business because of the companies that want to remain secure. I stay in business because of the people that are the Calvary. They're like you who want to buy my courses to understand more to get step by step instructions know, not just the stories behind things, but the strategy in the exact tactics that they have to take. And that's you, I suspect, right? I think you're probably a lot like me in that way. That's how I like to learn, and that's how I teach as well. Well, this article is from our friends over Dark Reading. And the question is, uh, how secure are we? And how should we answer that? There's a great response by Kurtis Minder, the CEO, and Co-Founder of GroupSense. He says it depends. You've got to look at your executive team and qualify their level of understanding. Answering the question with the answer of well, we have antivirus, we have a firewall, and we have mail filters. You know, a lot of people nowadays say, "well, we're in the cloud," and there's nothing to worry about, which we already know, isn't true, right? There's way more to worry about if you're in the cloud than if you have a local server. For those of you who are the kind of computer security people for your organization addressing this requires finding out where they are coming from who they are comparing. For instance, is it to what the Payment Card Industry PCI-DSS says we're supposed to do? Are we supposed to compare ourselves to the HIPAA-HiTech regulations? In other words, we have some medical data, which by the way, every company does, if you have any sort of a Health Insurance Program, right? Are we supposed to compare ourselves to the NIST 171 standard? There's, even more, there is the CMMC. There's, there's a lot of different criteria that are out there. You must understand the HOW before you answer this question. How secure we compared to similar companies in our industry? Or companies that are similar in size to us? No matter how you're going to answer that question, when the boss comes a-knockin or the kids or your wife comes a-knockin saying, How secure are we? No matter who it is you're talking to, I think the one thing you have to make sure of is that they understand that the whole security threat landscape is fluid. It's always changing, and your security programs need to be fluid as well. That's the reason I have consulting clients, right. That's the reason I have a membership program. The people who are the Calvary can follow and understand what it is they need to know. Now I want to hop over to this other guy here. His name is Matt Combs. And he is a global cybersecurity practice leader for an executive recruiter called Russell Reynolds Associates. It is absolutely a phenomenal interview on CIO.com. He's saying many companies were blissfully unaware t, especially those that don't have credit card information. How many times have I said that, right? It takes at least six months for the average company to figure out a breach occurred. Why did Matt say, especially those that don't have credit card information? It's because if they have credit card information, that information is likely to be sold on the open market very quickly. Once sold, the credit card companies are going to notice, right? Many companies have only learned that a breach occurred after the FBI came knocking on the door and told them they had a problem. Look at Home Depot. What happened? The FBI traced the dots. Home Depot, was compromised through their point of sale equipment. Can you believe that? people sitting in the parking lot of Home Depot hacked them? They didn't even know it until the FBI knocked on the door. That's a pretty big deal, on a pretty big company. I think they are the second-largest retailer in the country? When it comes to dollar-to-dollar value? Are you sold? Okay. If you don't have the credit card information, how would you even know that a breach happened? It goes ties back into the fluidity of security. It seems so obvious. Now when you look back at Home Depot and say, What were they thinking? I look at the target the TJX companies, and their hack they had security equipment, and that security equipment was quite good. It was alerting them, "whoa, wait a minute, guys, we've got a breach, okay." Did they take care of it? No, because they didn't know how to read the output, and they didn't have enough people to look at the logs, which is something else we keep telling you all. You have to watch the logs. You have to watch them closely. It's a full-time job. It's a highly skilled job, a highly trained job. It is not cheap, okay. I know a hotel company with 500 hotels in the United States, of course, you can look that up to find out who it is. They have a chief information security officer who is an information security group of one. Think about that 500 hotels, just the business itself, all of the data that they have, the liability that they have, and he doesn't have anyone working for him. Not even a support person. He has to beg, borrow, and steal help from it, and from the CIO, the Chief Information Officer. So when the executive asks you how secure are we, you have to say, Hey, listen, you know we can lock down the doors, we can lock down the windows, but the odds are if someone wants to breach us, they will be able to. However, make sure you are locking down the doors and locking down the windows. You got to close it all up. There was one other thing I think you should do when this non-tech executive asks you about how secure we are. That is, what's your nightmare, Mr. Executive? Which systems? Are you most concerned about being compromised? You should go back to the question I asked a little bit earlier, which is, what data do we have that maybe we shouldn't have? What data do we have that we are most concerned about losing? What are the Family Jewels in our organization? What is the data that if we were to lose it, we'd be in a lot of trouble, either because we could not conduct business anymore, or maybe we would get nailed by the regulators out there? Anyway, a lot of really, really good questions to ask because you're never 100% secure. All it takes is for one employee to click on the wrong link on an email. What I was just talking about will come up a little later on today. I talked about it this week on several radio stations. What happened with Barbara Cochran, an investor from Shark Tank. Stay tuned as we'll talk about it a little bit later on. All it takes and frankly, employee negligence such as accidental loss of data, accidental clicking on things. Employee negligence is still the main cause of data breaches. In a report from ShredIT now, of course, they're in the business of shredding documents of getting rid of these things. Shredding hard disk drives when you take them out of a computer. Remote workers and external vendors are also now a major cause of the increase in data breaches. That's one of the things we're going to be covering here in my course coming up in a couple of weeks, and that is the upstream-downstream risk. And the US military is totally into this now, because they had two or three major breaches last year that came through vendors. So hackers are no match for human error when it comes to sheer numbers. You also have the insider threats of people who are stealing from you. So they can get a better job, take it with them to another job. You have people who are upset with you and are just making an absolute mess of things on the way out the doors. So be very careful about that because it's huge data breaches cost an average of $3.6 million globally average that was in 2017. Some of those prices have gone up. The faster you respond to a breach, the more money that you'll save. They found that if you can respond to a breach within 30 days, on average, you'll save over a million dollars. Think of that. The odds are good that you will get breached. You will save, on average, a million dollars. Yet you're not funding the security people either by going to an external contractor, like me, to take care of it for you. Or you don't provide the resources to the internal people they need to do it. It is a huge, huge job. All right, top of the hour course, on the radio stations, we've got the news, traffic, weather, all that sort of stuff coming up. Then when we get back, we're going to talk about a new metric in security. The next-gen security metrics. Stick around, and you are listening to Craig Peterson on WGAN and online.   Hey everybody, welcome back. Craig Peterson here, on WGAN and, of course, online at Craig Peterson dot com. We have already covered a bunch today. I would refer you over to my website. If you'd like to find out a little bit more, of course, I'm also on the streaming services. You can find it there. We've covered the internet archive. They've got this cool, new VHS vault. We discussed ways to reduce your risk of data loss. It's all about identifying your data. and then minimizing your data, how we enabled ransomware to become a multi-billion dollar industry. And I also gave some good advice on backups and the fact that 100% of the businesses I've ever walked into have had a failed backup strategy and failed in a bunch of different ways. It is big for all of us who are out there who are members of the Calvary, who are trying to help our friends, our family with their computer issues, and the businesses for whom we work. Then we got to how to answer questions that we get that have to do with our level of security? How secure are we? How secure is the business? That's what we have covered so far today. I love our next topic. It's phenomenal. It's from Thread Post.com. But they're talking about different types of security metrics. Now, metrics, of course, our measurements, or the ways we measure things. We always have to measure progress to be able to know have we gotten to where we need to be, right. Progress can be difficult to measure. There are a lot of different types of measurements when it comes to our security. Say for Microsoft Windows, one of the big things is, are you ready every Patch Tuesday. Then a little bit more, as Microsoft sometimes comes with out-of-cycle patches. They got nailed a few years ago, through criticisms about them releasing new patches, like constantly, because they needed to release them. And so instead of fixing their problem, which would be almost impossible to do, and that is rewriting windows and making it much more secure design, they decided they would just go ahead and release patches once a month. And that way, of course, you're not getting them every day. So who's getting noticed that in fact, there are a whole lot of vulnerabilities and Windows. So that was another measurement that we had. Did you get your Patch Tuesday stuff done? That's been around a very long time? Well, we've got a new metric here, and it's called hardening. Now, I don't know about you guys, but my wife thinks that most people don't know what the name hardening is. So I'll explain it a little bit. Hardening is where we close holes in our networks and our Windows computers. That's really what our emphasis is going to be coming up here next week when we start our whole hardening series. By the time you finish this series and the courses, you'll be able to lock down any Windows or Mac computer yourself. You are going to be able to lock down your small business network, and you're going to stop worrying about being the victim of the bad guys. We're also going to train you on how to test everything yourself. That you can make sure that they can't get in, right. If not tested, how will you know it works. It's like I was talking about with backups. How do you know they are working? How do you know it's effective? How effective is it? So we're going to teach all of that, and I think that's just going to be amazing for you guys, man. We're looking to do something you guys are going to love. Hardening in the case of our computers includes our computers, browsers, firewalls, and routers. In other words, there, we're using all of the options, all of the available software to make sure that bad guys are not easily going to get in is our Windows Firewall harden on our computers? Did you even know you had a firewall on a Windows computer? Well, it's almost useless. Because Windows has a firewall, it is turned on by default, but they have all kinds of services turned on and available to be used. All of these things are kind of crazy. When we get down to it, there are things we can do. That's what we're going to be covering starting in about a week with some of these tutorials. And with our great course that we have coming up. Now, let's talk about what's holding us back and what mean time to harden means. We're looking at vulnerabilities, when we're talking about a zero-day-attack, it is one that no one has seen before and where there is not a patch or workaround for it. It's really kind of a nasty thing. When it comes to hardening, you want to make sure that you have as few services as possible on your computer, firewall, and browser. That again makes your attack surface smaller. But when we're talking about those types of zero-day attacks, it typically takes an organization 15 times longer to close a vulnerability than it does for the attackers to weaponize that vulnerability and exploit it. So basically, we're talking about one week for the bad guys to take a vulnerability one of those zero-day things. It takes one week to weaponize it, and it takes us about 102 days to patch it. Let that sink in for just a minute here. Once vulnerabilities get disclosed, It's a time-race here to either secure this hole before the bad guys to exploit it. Now we saw that with the Equifax breach where here's a major, major breach against a major company out there, and only happened because they hadn't applied the patches that they needed to apply. It's just really that simple. Microsoft has a patch let's give an example right now, BlueKeep. BlueKeep is a way to break into Microsoft machines. Microsoft released patches for BlueKeep in the May 2019 Patch Tuesday security fixes. Microsoft released it in May, and as of December 2019, seven months later, there were still over 700,000 machines at risk. Let me see here now May to June July, August, September, October, November, December. That, to me, sounds like seven months. That's huge. Sophos has some security software. In their recent report about WannaCry, which is ransomware. The patch against the exploit WannaCry was using has not been installed on a countless number of machines. Still despite being released more than two years ago. It's crazy, isn't it? Do you guys agree with me? Am I just being kind an alarmist? Now the average time to weaponize this is seven days. Many weaponization comes in less than seven days. Like the infamous ApacheStruts vulnerability. You have effectively 72 hours to harden new systems. Now the numbers are even worse. When we're talking about incident response. There's a new rule out from a company called CrowdStrike. You might have heard of them before, they've been in the news for some political stuff as well. But they are a security company. They do a lot of investigations after the fact and try to figure out what happened and try and clean things up. CrowdStrike has a new rule. It's called the 1-10-60 rule. And it's based on what they call breakout time. So here's what that is. Most nation-state actors, in other words, the more advanced hackers out there, move laterally from an initial attack within two hours on average. In other words, if there is a country that's coming after you say, for instance, China. Most say now it isn't like China is going to go after me. I'm not Military and not a military contractor. China comes after you to steal your intellectual property. Once they have gotten inside of your network, they will move around inside your system. What this means is it gives defenders of a network one minute to detect a breach, 10 minutes to understand what has happened and that it was a breach and one hour to contain that breach from the initial incursion. That is huge. Now, this is part of this meantime to hardening and goal response that we're trying to achieve. If you're a regular business, and it's six months before you even notice that a hack occurred, if you ever even notice, which is par for the course, and one that we see that quite frequently. We will come in and look for signs of hacking. Many times, companies don't want to know. They just want to know if there are any openings that they should be closing right now. Why? If you see a hack occurred, there are specific legal responsibilities that you have. Companies say, Listen, don't tell me, I don't want to know. Without monitoring and watching what our organizations are doing, if we're not at the very least, patching and hardening, we're in real trouble. Now, I know you guys know how to patch it's not that difficult to do. We're not going to spend a lot of time on that in the upcoming tutorials or courses, but we are going to spend a lot of time in the course on Hardening because it is one of your best defenses. It's kind of like having a package on the front porch that was just delivered by Amazon people, right? If there is no package on the porch, the porch pirates are not going to show up and to steal the box. It's the same type of thing here. If you do not have services available on your machines inside your network, there is no way for the bad guys to move laterally. There's no way for them to get in remotely. That is our goal in our hardening courses, how to harden your Windows machine. That's coming up in about a week, week and a half. So make sure you are on my email list. You get all of that free training. You can find out about the courses as well that we are putting together for this. All of that at Craig Peterson dot com slash subscribe. You're listening to me here on WGAN. You can always send questions to me -- me at Craig Peterson dot com. Hey, welcome back, everybody, Craig Peterson online at Craig Peterson dot com and right here on WGAN. I am also putting these up on Facebook and making them available on YouTube. For those that are interested.  I want to talk a little bit right now about Clearview AI. You know, again, I've said so many times that we've got to be careful with our data online. Clearview AI is this company that we talked about a few weeks ago, that has been scraping all of the information it could get online, mainly related to photographs. All of the pictures that you posted on Facebook or that you put up on any photo sharing sites, all of that stuff, Clearview scraped. Now, they have this app that allows you to take a picture, and then it will do facial recognition to find all of the places online that that picture appears. And it has been used by looks like more than 2200 different organizations, many of them police department to track people down. So if you have a picture, even if it's not a great picture, that picture can then be put into the clear view AI app. And it'll show you here you go, here's where we found this guy or gal online. And even if you didn't take the picture, and you are in a photograph, it is going to show up in clear view is going to find it. Now, Clearview AI grabbed all of these photographs online without asking permission of anyone. I don't think they asked your permission, did they? They didn't get my permission. They scraped them from Twitter, who they didn't ask permission. They scraped them from Facebook. They scraped them from all over the internet. They ended up with billions of photographs. They logged it all along with where they found them online. That way, if the police department is looking for this person, they have a photo of them. They can put it into the Clearview AI app and can authenticate where online it was found. And then the police department just goes there and says, Oh, well, that's a Mary Jane's homepage. Here's more about Mary Jane, where she lives and everything else and now off they go to get Mary Jane. Now remember, of course, first off, these things are not 100% accurate. They could be false. There are false positives, although in many cases, they have been very successful at identifying people, and they have helped to solve some crimes, which is I guess a good thing, right. I think that's what you might want to say, okay. In a notification that The Daily Beast reviewed, Clearview AI told them that there had been an intruder that gained unauthorized access to its list of customers, and they got access to many accounts they've set up and the searches they have run. Now, this disclosure also claimed that there was no breach of Clearview AI servers and that there was no compromise of Clearview AI systems or networks. That puzzles me makes me wonder, well, maybe they were using a cloud service, and they had it stored up there, and that's how it got stolen. It's hard to say. Clearview AI went on to say that it patched the unspecified hole that let the intruder in and that whoever was didn't manage to get their hands on their customer's search histories. Now there's a release from a Clearview AI attorney, and his statement said that security is Clearview AI top priority, which is total crap, right? They did everything they could to breach ethics and security of the user agreements from all of these websites from which they scraped our information. Unfortunately, data breaches their attorney says are part of life in the 21st century. Our servers were never accessed. We patched the flaw and continue to work to strengthen our security. All of this is in a report on naked security dot com. Now, this, frankly, is very concerning to me from several different standpoints, right. First of all, Clearview AI had this massive database of facial images that they had sold to hundreds of law enforcement agencies. In many cases, it wasn't like the overall agency. It was just a police officer themself that subscribed. It may be a detective, etc. The New York Times ran a front-page article in January, saying that Clearview AI may end privacy as we know it and man, is that ever true. They have been quietly selling access to these facial images and facial recognition software to over 600 law enforcement agencies. Now with this data breach, it looks like it's more than 2200. Although we have not seen the list posted online yet, we may end up seeing the posted online. It depends on who did this and if it was a nation-state, which is entirely possible. They are trying to find out a little bit more about us or whether it was somebody else.  It reminds me of a lot about the founding of Facebook and why I've been against Facebook over the years, right? Facebook had a very unethical at its start. They stole all the photos of women going to Harvard University and then had people be able to go to their little website and rate the women, right? Rate them? Yeah, on their looks using all stolen photos. That's the allegation behind it all. It certainly seems to be true. Microsoft, that's another reason I just, I don't use the word hate very often believe me, but I do hate Microsoft and the way they started. They unethically sued people and play games with trying to buy them by lying about the rights that they had. Bill Gates outright lying to IBM and others, back in the early days. I have a good friend of mine who says Craig if you didn't have any ethics, you would be one of the wealthiest people in the country. Your ethics kept you from doing them, yet you bent over backward to help people. Companies, like these need to go out of business and need to go out of business fast, it's crazy. We've got the Biometric Information Privacy Act that Clearview AI has violated. ClearView AI has also been told by Twitter, Facebook, Google, and YouTube to stop scraping. Those companies have ordered it to stop that. It is against the policies. The Times noted that there's a strong use case for ClearView AI technology finding the victims of child abuse. News. It makes a lot of sense. One, retired Chief of Police said that running images of 21 victims of the same offender returned nine or 14 miners identifications, the youngest of whom was 13. So where do we draw the law watch line, I should say, what should we be doing here? It goes back to the whole fruit of the poisoned tree principle that exists in the law. That you've seen on TV and in movies many times, any evidence illegally obtained can't be used nor anything that comes of that evidence. It is why some Federal investigators play games with where did you get this evidence? Russia? Did it come from Christopher Steele? Should we have something similar In this case, and I think that we should if they stole information from these companies, which they did. It's, frankly, intellectual property theft at the very least. That means it is of no use in any sort of a police case that started an investigation and any legal matters that follow. That's my opinion. I don't know what yours is. I'd love to hear from you email Me at Craig Peterson dot com. Thank God they were able to find some of these victims of child abuse. But at the same time here, we should have some rights to privacy. It may already be too late. I guess we'll know. Soon enough.  Hey, when we get back, we're going to talk about Barbara Cochran. She's the star of Shark Tank, and she just lost 400 grand in a scam will tell you all about it. You are listening to Craig Peterson and WGAN. And make sure you sign up online at Craig Peterson dot com. Hi, everybody. Yeah, that means we're back. Craig Peterson here on WGAN.  We're going to talk right now about a TV show that I have enjoyed watching over the years. There are a few shows that I watch pretty regularly. Of course, there are some sci-fi shows we won't talk about those right now. But a couple of them are The Profit I enjoy that show. I like the guy who is the main character on that show, and his name is Marcus Lemonis. He owns a considerable interest in Camping World, as well as GoodSam Club, and he invests in small businesses. I disagree with him almost 100% on politics, but he does try and help people out which I think is fantastic and, and he goes into these businesses that are struggling, that are trying to figure out how do we move to the next step or how do we even survive? Then he helps him out, and he frequently invests in them. When he invests, he takes a good chunk, usually enough so that he has a controlling interest in other words 51% sort of a thing. Then he's often running, and he helps build them into real successful companies. Now, I guess it goes back to the question of, would you rather have a small slice of a massive pie as an owner, or would you rather have 100% of a tiny pie, that may end up collapsing in on itself at some point in time. That's kind of the decision these people have to face as they are talking with him and trying to figure it out. So I like that show. He had a good episode, recently that I found very, very fascinating. Check that one out, The Profit. Another one that I've enjoyed over the years is Shark Tank. Now Shark Tank is if you haven't seen it, it is a show, and there are a number of them. It's called Dragon's Den overseas. There's one in the UK. There's a shark tank in Canada, and there's a shark tank in Australia, all called slightly different things. The idea behind Shark Tank is you go in there you make a pitch to these investors, and the investors decide if they're going to throw some money at you. They will make a deal saying okay, I'll give you 20% for 20% of your company, I'll give you this much money, or you know, I'll bring in people to help out, but I want controlling interest or whatever it is. Well, one of the business moguls on there that part of this whole judging team on Shark Tank just last week lost nearly $400,000. It was disclosed that the 400 grande loss came through an email scammer. Now, if she had been listening to this show, she would have known about it. She would have known what's happening. She has enough money that she kind of brushed it off. Oh well, she thinks that she'll never get the money back. And you know what? She's probably right. We've seen that happen many times, even with the FBI getting involved most of the time that money never, ever comes back to you. According to media reports, a scammer who was posing as Barbara Cochran's executive assistant forwarded to her bookkeeper an invoice requesting that payment. I'm looking at the email right now. Barbara released it, which is great as that way people can see what happened. It's an email it's from, Jake somebody. Sent on Friday, February 21, and addressed to Emily carbon copy Michelle. The subject was forward Invoice 873, and it's got the name of a German company. It begins, Hello Emily. Please see the attached invoice below for payment. We are ready to proceed, and we are shipping next week. Please ensure the invoice is paid on time, shipping charges are additional. It appears like a little real invoice. It's got the due date on it, which was due on the 27th, and the amount was $388,700 and 11 cents. And it looks as I said kind of like a standard invoice. Dear customer. Please see the attached invoice. Wire transfers should be directed to FFH concept GMbH address in Berlin, Germany. Bank details include the bank name, the account name, bank address As the IBN number, the swift number, thank you for your business, we appreciate it very much.  The truth was, this email did not originate from Barbara Cochran's executive assistant. Instead, what happened here is that the scammers and created an email address that looked the same as her executive assistant. It had one letter different in it. At first glance, it seems legitimate, yeah, this is from the Executive Assistant. You and I look at 400,000 and say, Whoa, wait a minute now. I don't even have that much. In this case, Barbara Cochran, this was pretty normal for her. There's not only this amount because she is involved in so many real estate deals. That's how she made her money was in real estate. She gets these invoices from these companies all over the world. It did not look that strange. All the bad guys, in this case, had to do was a little bit of research. They found out what the executive assistant's name, they found out what the email address was. The bookkeeper did not spot this little spelling error, if you will, in the email address. When she asked questions about the purpose of the payment, all communication went straight to the scammer's and not to the assistant. What did she do? She hit reply, and the response went straight to the scammers, and the scammers gave him what looked to be or gave her what appeared to be a reasonable answer, right. On Tuesday last week, seemingly satisfied by the answers she'd received by the scammers posing as Barbara Cochran's executive assistant. The bookkeeper transferred almost $400,000 into the bank account contract controlled by the scammers. It was only one the bookkeeper manually CC'd Cochran's assistant directly with confirmation that the invoice had was paid. It became clear what happened. So, again, that tells you don't respond to emails, right? Look it up, use a contact list, use your autocomplete to try and reach out to somebody to verify it. I always go one more step further, and that is to get on the phone and confirm the transaction. Now in speaking to people magazine, Barbara Corcoran again apparently was pretty okay about the theft. She says quote, I lost the 400,000 as a result of a fake email sent to my company. It was an invoice supposedly sent by my assistant to my bookkeeper, approving the payment for real estate renovation. There was no reason to be suspicious. I invest in quite a bit of real estate. I disagree with that there was reason to be suspicious. Anyhow, I was upset at first, but then remember, it's only money good for her. Frankly, she posted on Twitter about it. Lesson learned. Be careful when you wire money. She retweeted something from TMZ about her getting hooked in this scam. I'm glad she has a positive attitude about it. It's very unlikely, as I said earlier, that she'll ever recover a dime from these fraudsters because of the way the money was wired. Ninety seconds later is all it takes for the cash to be gone and out of reach. And they probably went ahead and transferred it from German banks to other banks, and it continues to move the money around. It's kind of like what happened in Eastern Europe and Ukraine, with a billion dollars in aid that we sent that ended up bouncing around between multiple companies in multiple countries to hide whose pocket it ended up. It's just kind of crazy. It can happen to anyone, and it can happen to any of us. Every last one of us, business person or otherwise, needs to be on guard. Don't reply to emails. Always make sure you enter in the email address if it's anything that might be of concern. Remember that banks and other places are unlikely, including the IRS tax time, to be sending you emails about some of this stuff. Just double-check and phone them, look them up online, and phone that number. Ask a question from their help people over on their website.  Well, we've got one last segment here, and we're going to be talking about new security features from Firefox that means insecurity to you. This is Craig Peterson on WGAN, and you know, I like Firefox, right? Hey, welcome back, everybody, Craig Peterson, here on WGAN and online Craig Peterson dot com. Well, that's Peterson with an -On dot com.  Hey, thanks for joining us today we've had a great day, we've talked about where you find a little bit of nostalgia online over at the Internet Archive. We talked about reducing the risk through data minimization. I described how ransomware became a multi-billion dollar industry. We talked about the changes that have recently happened with ransomware that will require you to make a change in what you're doing to stop becoming a victim. Then we got into how should you answer a non-technology related executive who asks you, how secure are we? How do you answer that question to your family as well? Because we are all the Calvary, right? We're the people that our friends, family, our people from church, the business people, they all come to us. So I wanted to make sure we covered that the next generation here of security metrics, how long does it take to harden your systems, and we've got a course coming up on that here in a couple of weeks and a bunch of tutorials to help you out. The company that we talked about clear view AI, very, very bad guys, frankly, very unethical. They just lost their entire database of Facebook buying clients to hackers. And then they brushed it off like it's no big thing. Hey, you know, everybody gets hacked nowadays. Man is talking about a company with no ethics at all. We talked about them, and then, of course, most recently, we just talked about business email compromise. We gave you a specific example here of Barbara Corcoran. She is one of the business moguls over on Shark Tank. How she lost almost $400,000 in a scam, and what you can do to help protect yourself. And we gave away some actual clues here precisely what the bad guys are doing to try and get that information or get us to to to do that, right? What kind of information are they gathering about us? Well, I want to talk about Firefox here for a few minutes, all web browser thing. And this has to do with security. And this is an article over on we live security.com that made me think about what is going on with Firefox and Mozilla. Now, if you've been on any of my training courses, you know, the browser you absolutely should never use ever, ever, ever unless there is a gun to your head, and then it's okay. Is Internet Explorer is just one of the worst browsers ever? You know, it's just terrible. It's right up there with the original browser, the NCSA Mosaic, but at least it was changing the industry. Internet Explorer was just a huge security hole. I mean crazy. The things that allowed programmers to do, and it was such an avenue for hacking. You know that right, don't ever use Microsoft's Internet Explorer.

Welcome!   We are going to hit a number of topics today from the world of Technology.  I am quite disappointed with Mozilla, they are letting marketers and politicians define their technology. Listen in to find out why I feel that way. Compliance is an issue for many companies and I have some solutions that will help you and it includes a diet but probably not the kind you are thinking.  Do you ever get nostalgic for "the good old days?" Well, I have something that might help, listen in to find out more. I will tell you happened to one of the Sharks from Shark Tank? How you can prevent it from happening to you and more. For more tech tips, news, and updates visit - CraigPeterson.com --- Related Articles: Getting Your Fix of Nostalgia Don’t Store Data You Don’t Need Cryptocurrencies and Insurance Increases Ransomware Profitability Are you Secure -- Depends on Many Things You Don’t Have Much Time To Stop An Attack Hackers Target Large Databases Anyone Can Be A Victim - Business Email Compromise Does Not Play Favorites  DNS over HTTPS (DoH) is not the Panacea the Marketers Are Leading you to Believe --- Automated Machine Generated Transcript: Hello everybody, Craig Peterson here on WGAN and, of course, online at Craig Peterson, dot com and heard streaming all over the world on your favorite streaming site. I'm so glad to be here today and be able to talk with you a little bit about what are the top news stories this week? How can you keep safe that's kind of one of my themes because I freaked out when my company got attacked some years ago. You know, just a regular business guy trying to run a small business and man did hurt me bad back in the day. I'm just trying to get all of the information I've put together over the years and learn, and I continue to study this stuff and continue to look at what are the best ways to defend ourselves. I try and get all of that and put it together into neat packages for you. One of them, of course, is the radio show. I also get on with Facebook Lives. YouTube lives, and also do various types of pieces of training and tutorials and things out there. Where in fact, for the next course I have coming up, we're going to have implementation calls, where we are talking specifically about what to do when you do it. So you try and implement something, you have some issues. I'm going to get on the phone with you guys. So I think that's going to be great. And then the upcoming class here in a few weeks. And then, of course, the tutorials leading up to that class where I'll take your questions live, sometimes those little tutorial sessions on, you know what it's webinar technology. On these webinars, sometimes we go a couple of hours so I can answer all of your questions. That's what it's about here. All right, because I understand most people, not I know I'm this way too. I get contacted by somebody, and they're trying to sell me something that happened just over the weekend. Last weekend somebody knocked at the door, trying to sell windows, right. I think it was like Renewal by Andersen or something like that. And they were walking around knocking on doors. I see you know, immediately just knee jerk said, No, No thanks, my windows are fine. It got me to thinking about the whole situation in the security realm. Because that's what we do, right? What we've been doing for years decades, sometimes we have the antivirus software, every once in a while when we hear about a real big vulnerability, we go ahead and apply patches. You know, it's been the same old, same old, but we just can't do that anymore. And because really, we see huge, huge problems and businesses going out of business because of them. So that's what this is all about. So if you're a new listener, welcome. If you've been listening to me for a while, of course, Welcome, Welcome to you too. And I want to get this information out. So one of the best ways to make sure you have all of the latest information you need is to go online go to Craig Peterson dot com slash subscribe, and that'll get you on my email list. Then once you're there, you will be able to keep up on up to date on things I do, try and get those out. I have a newsletter that's every Saturday morning. Then when I'm doing training, I'll send something that's a little out of the band if I'm doing a live or various other things. I thought because of the way it works with the emails I send out, if you want to unsubscribe, you will be guaranteed to never hear from me again. Maybe that's a great thing that is right for some people. But for other people, I came to realize that perhaps they didn't care about the training, they just wanted the newsletter, or perhaps they wanted the pieces of training but didn't want any emails. Some wanted on courses but not other courses, etc., etc. So I'm going to try and do something a little bit different right now, and there's a pretty nasty warning as a footnote. If you unsubscribe, I can't send you anything anymore. I won't send you anything even if you want a course, you'll not hear from me again, because you unsubscribed and marked as somebody that doesn't ever want to hear from me again. That's fine. I know we all have our lives, and maybe you think you're safe enough. Perhaps you're going to reach out to me when everything falls apart around you. At which point, I can't respond to you because I will have your email blocked. That is because I don't want to bother you. I want to comply with the can-spam app act. Although, you know, most people don't seem to care about that as well as the GDPR. Also, The New California regulations, the Massachusetts regulations, and new federal regulations that are going into effect. They all place requirements on when and where I'm not supposed to contact you. If you say No. Then No means no, right. I'm going to change things a little bit with these upcoming training and courses that I'm going to be doing. I'm going to make it so you can just unsubscribe from those, so you're not going to lose contact with me. I've had some people complain, and in the end, it becomes a bit of a pain to try and add them back in. We're going to try and make this a little bit easier for you guys, so keep an eye out for that. You already know right based on what I'm saying, as well as what I've done in the past that I won't spam you guys, I don't sell your name to other people your email address. Most of you I know are kind of the older generations, the younger guys they don't care we've already talked about that. They will sell their email address and name for a donut. But us older folk were a little bit more cautious about it. I think that's probably a good thing. We're less likely to get ripped off the senior population in some ways less likely to get ripped off, and other ways more likely get ripped off. It's interesting. Again, we tend to trust phone calls more. You know what I have, frankly, I don't answer my phone anymore. It just goes to voicemail. And I have somebody else look at it because there are so many scams coming in. But we tend to trust the phones more in the generation, you know, the men and women older than me, other baby boomers, they are a little bit more susceptible to those types of scams. So be careful with those types of scams as well just you know, be careful all the way around, frankly. And that brings us to our first story of the day today. And this is something I found that I thought was cool. So I thought I'd share it with you. It's a tech thing. I was just a few weeks ago talking on the radio. One of the radio shows I appear on as a guest. And we were talking about Betamax versus VHS. And I knew I knew that the radio host I was talking to there's no way he just loves tech. There's no way he did not have Betamax. And he did. He had hundreds, apparently of beta tapes in his closet. But this is all about that Era of the 1990s. I'm sure you guys had VCRs right back in the day. And of course, the winner of that war was VHS, and it wasn't because it was better technology, but we're not going to delve into that right now. And those VHS tapes, at this point, about 20,000 of them have been put into an online vault. Now, if you've never used the Wayback Machine, you have to check it out. You can find it online. At archive.org, that's the name of it. It is an Internet Archive, and it shows web pages going way back, you can look at my web page from back in the very, very, very early days of the Internet. When you know, love the not the Internet, but of when the whole web thing came about, which was 9293 is when it started to go. I didn't have a webpage back in 85. When I first registered my domain that's been around for a while. And then, of course, I was using other domains. Before that, I've used my ham radio call sign is my domain. And before that, but the Wayback Machine is this archive, you can browse the history of any major site, many miners sites that are out there. They have used it in court cases. It's used by me, just for kind of memories of things as the way they were. Now you can use it for something brand new. I didn't know that they had, and that is They've got something out there on the Wayback Machine that's called the VHS vault V-H-S just like the VHS tapes that we had or that ken didn't have because he had Betamax. Right now, I'm looking at says there are almost 21,000 results. So they've taken these VHS tapes that were submitted, and they have effectively ripped them. They've turned them into digital video, right. And some of these are just amazing, like a warm-up to Traci Lords. It's an exercise program. Of course, Traci Lords was involved in some adult films back in the day. Man, I love this mystery science theater. 3000 Timothy Leary is a guest on MTV with John Lennon, Les Miserables from 1935, rush to judgment. There are some many cool things The Lion King in full VHS tapes. Now some of this information is probably still copyrighted, but as a general rule, archive.org doesn't get nailed for copyright violations. SpongeBob SquarePants Oh, this is the Fairy Fairy Godmother I think is what this cartoon was called and trying to remember my kids used to like it. Some bootleg tapes, everything, but you can find it online I think you would have a gas looking through these. I want you to go to archive.org as you're listening to the show, or maybe some other time during the week, you're sitting there watching some TV with your smartphone or your computer. Archive.org and look for the VHS vault. The actual URL is archive.org slash details slash VHS vault. You will see all kinds of fun stuff that's in there. They have many different collections You can search this you can go in by year when They did it. They have Flemish dog collection. There's another one. There are collections I've used in some of the training videos I put together. There are collections of old black and white art, and pencil art, and engineering diagrams that are well, well auto copyright and you'll find all that stuff@archive.org Check it out, I think you will have a gas checking it out. If you're like me, it's certainly brought back a lot of memories.  When we get back, we're going to be talking about something that you should be doing, whether you're a home user or business user. You know, the things that we have to be worried about are the things that can be stolen from us, right, in the online world. Okay, this is what we will be talking about. What can be taken from us, but also what can be used to kind of hold our feet to the fire in ransomware. So we're going to talk about how to reduce your risk with Craig Peterson here on WGAN Stick around. We'll be right back. Hey everybody Craig Peterson back here on WGAN online, and of course, at Craig Peterson dot com. Yeah, you know it by now, right? Well, hopefully, you had a chance to look@archive.org, definitely check it out. It's called the Wayback Machine, at least that was its original name. And they may still have that domain, the Wayback machine.com. But now it's known as archive.org. It is a wonderful, wonderful trip down memory lane, at least for me. If, if you are a little bit older, you might remember the Internet back in the days fun looking at some of the original search pages at AltaVista. Man, I miss AltaVista. I used to like to use the Boolean algebra that you could do in AltaVista. By the way, if you are a geek like me when it comes to searching and you want to be able to dig into it. There's a tool I use, and I think that you'd like it also. It's not cheap, that's for sure, but not that expensive either, but it's called DEVONthink, D-E-V-O-N T-H-I-N-K. It allows you to set up searches using all kinds of Boolean constructs, which is very, very, very handy, at least as far as I'm concerned. You can set it up to do automatic search sets every day looking for different things. It's one of the tools I use to find the information that we talk about here on this show because so much of it just isn't generally speaking, available. It certainly isn't spoken about by the mainstream media, right? You know that right. That's why you listen to the show and why you follow me. I am on LinkedIn. I'm on Facebook. I'm on Twitter, YouTube, and my website as well. I appreciate all you guys who do follow and who comment. Now, if you're a business person, this is for you, but there are some things that you can do as an individual as well that are going to make a big difference for yourself and your safety online. Businesses are concerned about the GDPR, which we've talked about on the show before. That's the European privacy regulation. We're also very concerned right now with CCPA. I just had a company that makes optics. I use their optics here in the studio if you have ever seen me on a webinar or one of these videos or pop up training or anything. I'm in the studio, and my cameras here the lenses use the glass made by this company. I had no idea, but they reached out to us due to their operations in California. They have a sales operation there because, again, they're selling their optical glass for use in lenses, and all kinds of other devices. They reached out because they were concerned about what is happening, what could happen with these new California privacy regulations? Is it going to mess up their business? How is it going to mess up their business? How is it going to make things better or worse? I think they had some outstanding questions. So they called us in, and they paid us to do an audit of the systems they have. How are the systems working? What is it that we need to be worried about? You know, it's something that takes a few weeks and a couple of on-site visits in New York? New York State, which by the way, is going to have their own set of privacy regulations that are going to affect them pretty dramatically. But basically, what it came down to was if they were compliant with the European regulations, they were probably most of the way towards the California regulations. So they think that they're compliant. But when we got in and started having to look at it, it turned out No, no, no. They are not anywhere near compliant with either set of regulations. Even though their IT people told them they are because they have full-time programmers who are programming their systems. They thought, Oh, no, no, we're fine. We're fine. No, they weren't. So what do you do if your regular business? Enough moaning and groaning about the optical manufacturer, who has fantastic optics, which is why I use them. Let's talk about you. Let's talk about your business, your small business, your larger business, this is true, you should be paying attention if you are a medium or large business as well. One of the best things you can do, and it is hard to get through to a lot of CEOs and other business owners. But one of the best things you can do to reduce your risks is to reduce the data that you are maintaining. Right? If you want to reduce the chance of getting shot at, don't go out in the streets where they're shooting, right? If you want to reduce the risk of having your data stolen, then don't have the data out there for them to steal. If you don't want to get nailed by one of these new regulations, that says, hey, personally identifiable information has to be maintained in this way and that way. If someone asks you what data do you have on me? Do you realize now you only have one week to respond? You must provide that data to them. If you have any sort of a California Nexus or European Nexus, in other words, doing business in either one of those places. Now, it's down to I think five days it's not a week to respond, saying, Here's all of the data that we have about you. That's what you have to be able to do. We have to be able to do it right now. You also have to be able to tell them, here are all of the people within my organization as well our contractors that saw your data and had access to your data. That is a very, very big deal, frankly. The landscape is constantly changing your obligations for that data, and the data disclosure and the data-keeping keeps getting more strict. What's the right thing for you to do? Ultimately, well, it's to get rid of the damn data, right? It's a very, very solid first step in reducing your risk. Now I'm going to be publishing next week, a little guide that you can use yourself, right, you don't have to have me involved, or anything else is just for you, that you can use to do an inventory of all of the data that you have in your business. What we've done is we've gone through and looked at different parts of the businesses that we've worked with over the years and evaluated the kind of data they often have. You have to do that first, right? You must identify what your risks are. You must determine what data you have. I'll make that available for those people on my email list. It will be part of this ramp-up here, a precursor to the pieces of training that I will be doing. There will be different free pieces of training and tutorials in my ramp-up to my courses. You don't have to be in the course to participate in the free tutorials, okay? You don't have to buy anything from me. It is all free, no hype or anything else. Okay. I'm not trying to hard-sell anybody I want to help you. That is the first step -- doing this inventory the data you have, and it is one of the best things you can do. Put your company on a data diet. Now, you know, last week we had Barry Friedman on the show, talking about a sugar diet. Right. It's a lot like that, and it's getting rid of these addictive pieces of data that we keep on our clients on our prospects, everything else that's out there, right. Let's look at it as a lens. When you're looking at your data when you're doing an inventory of these data assets, ask yourself, do I need this? Will this provide what I need? Think about maybe like a food diet as Barry does with sugar? Do I need sugar? We know is sugar going to provide us the nutrients that we need? The answer to that is no. When it comes to sugar, right. We found that out from Barry last week. But we need to work to minimize sensitive data and ask ourselves, do we need this sensitive data to conduct business right now? And will we need this sensitive data to conduct business in the future? If the answer's no, securely dispose of that data. It is the only way to comply with these regulations that are already in place here in the US and Europe as well. All right, when we get back, we're going to talk about how did we get here? How did we? How did ransomware grow to be a multi-billion dollar industry? What did we do to get here? What should we do to try and get beyond all of this? You're listening to Craig Peterson on WGAN. And of course online at Craig Peterson. dot com, live on youtube, live on Facebook everywhere out there. Stick around. We'll be right back. Hey, welcome back, everybody, Craig Peterson here on WGAN, and of course online at Craig Peterson dot com. In case you missed it. We've been busy today talking about the internet archives VHS vault. Again, that's archive.org. Check it out. It is kind of cool. We just talked about reducing risk using the cheapest mechanism possible. Data minimization will save you money and help you be compliant. Now I'm going to talk about ransomware. We've been warned recently about ransomware's rise. Many people thought it's kind of past. In some ways, it has. 2018 was kind of the banner year for the standard ransomware that out there, but it is back, and it is back with a vengeance. We talked about some of the statistics about a month ago and showed how it had gone up a bit almost doubled just between the third and fourth quarters last year, which is just absolutely dramatic. I had a course before, where we talked a little bit about backups. I've certainly talked about it here on the show before, and how backups help stop ransomware. Let's just spend a couple of minutes on that right now, although it's not 100% accurate anymore. It is essential to do for just a whole plethora of reasons. Backups are kind of the very first stage of what you need. I read an article yesterday from a guy who is in some of the highest circles in the country. He had the phone numbers, the direct cell numbers of presidents and you name it, really just anybody who's anybody was on his phone. It was an Android phone. He had assumed that it was backed up into the cloud or something. His phone broke. He got a new phone and realized at that point that his phone had that never, ever, ever, been backed up. He lost the phone numbers from all of these people. Good luck getting them back, cell phone numbers, other contact information. Think of all the things that are on our phones nowadays. Losing your phone, having a hard disk crash on your laptop, or your desktop computer. Losing those can be devastating, no question about it. If you're a larger business and you think that you're doing backups, double-check them. I'd say three times quarters of the time, and I can't think of an exception to this, your backups will not work correctly for that business. I've never seen a case where all backups are working correctly, ever, ever going into a business. I know you, Craig, you're just crazy. It's silly. You're trying to build a business and scare people. No, I have never walked into a company and found their backups to be working correctly. We see things like, and I don't mean, they're not working in a way that is ideal or optimal for the business. Right? Certainly that on top of it. I mean, they weren't working. We had one company that we went into, and they were dutifully doing backups, and the operations manager had five external hard disks. Every day he brought a hard drive in, he plugged it into the server and took it home at the end of the day. So we had Monday through Friday, hard disks that you brought back home with them. So they were off-site, which is, you know, great idea, by the way. The server itself had a RAID configuration on it and is called a raid five. It had three hard disks so that if a drive failed, they wouldn't lose all of their data. We went in because they wanted to do some upgrades. They hoped to move over to Apple infrastructure, where people could use iPads and iMacs on their desks to have a better working environment for everyone by moving away from windows. By the way, this is an excellent idea. They still had some Windows software that they had to run, so we helped them with that and got that all working running correctly. The backups you know, they were trying to do the right thing. But you know, you know what, there were a couple of problems one, their server had not written to any of those external disks for the last 18 months. They went a year and a half without ever having had a good backup. Think about that. What would happen to that business? What would happen to your company? After 18 months of no good backups and losing all your data? Oh, and their server, an HP server, that cute little HP server had that RAID array, right a raid five where you can lose a disk and not lose data. Well, they had lost a drive. We were estimating based on the logs about a year before. There they were with no backups and no redundancy in their server disks on their server. That's an example right now, and I could go on and on. We had a company division of a Fortune 100 company that had paid for backups, and they had a dedicated data line. We put some next-generation firewalls in place that monitored the data and watched for data exfiltration to make sure that the plans and designs and social security numbers and bank accounts and everything were not being stolen or taken off off-site, right. Guess what we found there? After six weeks of monitoring everything that's been going on because that's the first step right. Let's make sure we understand what the normal operations are. Didn't you tell us that you had an off-site backup of your mini computer going to another backup site? Oh, yeah, yeah, we do. It gets backed up in real-time. We're paying for the backups to go off-site. If something were to happen to our facility here, or to our computer, which is a big server, then they'd take over immediately we'd be off and running during those six weeks that we were in there we hadn't been involved with these operations. Ultimately, we were in there for decades. Guess what we found? Yeah, exactly. None of the backups were occurring. They were paying for all of these things, right? They were paying for them. What we ended up doing is we came in, and we made sure that backups were happening. Unfortunately, they didn't have us do those backups. The company doing it for them was incompetent. And yet they decided to have them continue to do it. It doesn't make sense. We took over the rest of the backups. We had equipment on site, which we do at most of our clients. In case there's a problem, there are failovers that can occur. In this case, we'd have them back online in four hours, a requirement of publicly traded companies and their divisions. Again, they're just not doing anyways. Ramble. Ramble. Wow, we've only got a couple of minutes left here in this segment. When it comes to backups, here's what you have to be careful of, and that is, make sure they are happening. Check the backups. Try and restore from your backups. Now, we're talking about ransomware. It is a seven and a half-billion-dollar industry. They are coming for you, and one of the best things you can do is have a backup. Still, there's another side to ransomware, nowadays, that backup won't help you with, and that is that they have your data, and they hold a ransom saying, if you don't pay us, we're going to release this onto the Internet. Then you're in real trouble. If you have personally identifiable information, or if you have your intellectual property out there, and it gets out to the Internet because you don't pay that ransom, you are in real trouble, plus if they encrypt your data, you'll need that backup.  All right, stick around. We will be right back. And we're going to be talking about our next topic for the day, which is how do you answer a non-technical executive, who asks, how secure are we? Your listening to Craig Peterson on WGAN and online at Craig Peterson dot com. Hey, have you ever been asked that question? Well, we'll tell you about how to answer it, coming right up. Hey, welcome back, everybody, Craig Peterson here on WGAN and online, of course at Craig Peterson dot com. No surprise there. Our next one is an interesting article and poses an interesting question. It is one that I'm sure you ask or have been asked, right? How secure are we? You are the Calvary, is the bottom line. You're the person who your family comes to, or the business owner comes to, the business asks whenever they have a tech question, right? You wouldn't be listening otherwise. It is how you get ahead. It is how you learn. You listen to me and others, read articles. You are the Calvary. How does the Calvary answer that question, when you're asked, How secure are we? You know, there's the obvious answer. Well, you know, we got this, and we got that. We have an Anti-virus, and we have a firewall. Those, frankly, are buzzwords that many of us use just to obfuscate the real answer to that question. I know that many times when we go into a business, and we secure it, we put together a proposal. Most of the time, our recommendations are not accepted. Most of the time, when we go into a business, and we say, here's what you need. Here's what you need to do to stay secure, they say No, thank you, and prefer to run with blinders. Hopefully, they won't stumble in the middle of the night get or tossed by that horse, of just kind of ignoring it, right. Blinders or maybe you might want to call it ostrich-ing and to put their head in the sand or whatever, you want to call it, But most of the time, in reality, the businesses just don't do anything. Sometimes they do, right. That's how I stay in business. I stay in business because of the companies that want to remain secure. I stay in business because of the people that are the Calvary. They're like you who want to buy my courses to understand more to get step by step instructions know, not just the stories behind things, but the strategy in the exact tactics that they have to take. And that's you, I suspect, right? I think you're probably a lot like me in that way. That's how I like to learn, and that's how I teach as well. Well, this article is from our friends over Dark Reading. And the question is, uh, how secure are we? And how should we answer that? There's a great response by Kurtis Minder, the CEO, and Co-Founder of GroupSense. He says it depends. You've got to look at your executive team and qualify their level of understanding. Answering the question with the answer of well, we have antivirus, we have a firewall, and we have mail filters. You know, a lot of people nowadays say, "well, we're in the cloud," and there's nothing to worry about, which we already know, isn't true, right? There's way more to worry about if you're in the cloud than if you have a local server. For those of you who are the kind of computer security people for your organization addressing this requires finding out where they are coming from who they are comparing. For instance, is it to what the Payment Card Industry PCI-DSS says we're supposed to do? Are we supposed to compare ourselves to the HIPAA-HiTech regulations? In other words, we have some medical data, which by the way, every company does, if you have any sort of a Health Insurance Program, right? Are we supposed to compare ourselves to the NIST 171 standard? There's, even more, there is the CMMC. There's, there's a lot of different criteria that are out there. You must understand the HOW before you answer this question. How secure we compared to similar companies in our industry? Or companies that are similar in size to us? No matter how you're going to answer that question, when the boss comes a-knockin or the kids or your wife comes a-knockin saying, How secure are we? No matter who it is you're talking to, I think the one thing you have to make sure of is that they understand that the whole security threat landscape is fluid. It's always changing, and your security programs need to be fluid as well. That's the reason I have consulting clients, right. That's the reason I have a membership program. The people who are the Calvary can follow and understand what it is they need to know. Now I want to hop over to this other guy here. His name is Matt Combs. And he is a global cybersecurity practice leader for an executive recruiter called Russell Reynolds Associates. It is absolutely a phenomenal interview on CIO.com. He's saying many companies were blissfully unaware t, especially those that don't have credit card information. How many times have I said that, right? It takes at least six months for the average company to figure out a breach occurred. Why did Matt say, especially those that don't have credit card information? It's because if they have credit card information, that information is likely to be sold on the open market very quickly. Once sold, the credit card companies are going to notice, right? Many companies have only learned that a breach occurred after the FBI came knocking on the door and told them they had a problem. Look at Home Depot. What happened? The FBI traced the dots. Home Depot, was compromised through their point of sale equipment. Can you believe that? people sitting in the parking lot of Home Depot hacked them? They didn't even know it until the FBI knocked on the door. That's a pretty big deal, on a pretty big company. I think they are the second-largest retailer in the country? When it comes to dollar-to-dollar value? Are you sold? Okay. If you don't have the credit card information, how would you even know that a breach happened? It goes ties back into the fluidity of security. It seems so obvious. Now when you look back at Home Depot and say, What were they thinking? I look at the target the TJX companies, and their hack they had security equipment, and that security equipment was quite good. It was alerting them, "whoa, wait a minute, guys, we've got a breach, okay." Did they take care of it? No, because they didn't know how to read the output, and they didn't have enough people to look at the logs, which is something else we keep telling you all. You have to watch the logs. You have to watch them closely. It's a full-time job. It's a highly skilled job, a highly trained job. It is not cheap, okay. I know a hotel company with 500 hotels in the United States, of course, you can look that up to find out who it is. They have a chief information security officer who is an information security group of one. Think about that 500 hotels, just the business itself, all of the data that they have, the liability that they have, and he doesn't have anyone working for him. Not even a support person. He has to beg, borrow, and steal help from it, and from the CIO, the Chief Information Officer. So when the executive asks you how secure are we, you have to say, Hey, listen, you know we can lock down the doors, we can lock down the windows, but the odds are if someone wants to breach us, they will be able to. However, make sure you are locking down the doors and locking down the windows. You got to close it all up. There was one other thing I think you should do when this non-tech executive asks you about how secure we are. That is, what's your nightmare, Mr. Executive? Which systems? Are you most concerned about being compromised? You should go back to the question I asked a little bit earlier, which is, what data do we have that maybe we shouldn't have? What data do we have that we are most concerned about losing? What are the Family Jewels in our organization? What is the data that if we were to lose it, we'd be in a lot of trouble, either because we could not conduct business anymore, or maybe we would get nailed by the regulators out there? Anyway, a lot of really, really good questions to ask because you're never 100% secure. All it takes is for one employee to click on the wrong link on an email. What I was just talking about will come up a little later on today. I talked about it this week on several radio stations. What happened with Barbara Cochran, an investor from Shark Tank. Stay tuned as we'll talk about it a little bit later on. All it takes and frankly, employee negligence such as accidental loss of data, accidental clicking on things. Employee negligence is still the main cause of data breaches. In a report from ShredIT now, of course, they're in the business of shredding documents of getting rid of these things. Shredding hard disk drives when you take them out of a computer. Remote workers and external vendors are also now a major cause of the increase in data breaches. That's one of the things we're going to be covering here in my course coming up in a couple of weeks, and that is the upstream-downstream risk. And the US military is totally into this now, because they had two or three major breaches last year that came through vendors. So hackers are no match for human error when it comes to sheer numbers. You also have the insider threats of people who are stealing from you. So they can get a better job, take it with them to another job. You have people who are upset with you and are just making an absolute mess of things on the way out the doors. So be very careful about that because it's huge data breaches cost an average of $3.6 million globally average that was in 2017. Some of those prices have gone up. The faster you respond to a breach, the more money that you'll save. They found that if you can respond to a breach within 30 days, on average, you'll save over a million dollars. Think of that. The odds are good that you will get breached. You will save, on average, a million dollars. Yet you're not funding the security people either by going to an external contractor, like me, to take care of it for you. Or you don't provide the resources to the internal people they need to do it. It is a huge, huge job. All right, top of the hour course, on the radio stations, we've got the news, traffic, weather, all that sort of stuff coming up. Then when we get back, we're going to talk about a new metric in security. The next-gen security metrics. Stick around, and you are listening to Craig Peterson on WGAN and online.   Hey everybody, welcome back. Craig Peterson here, on WGAN and, of course, online at Craig Peterson dot com. We have already covered a bunch today. I would refer you over to my website. If you'd like to find out a little bit more, of course, I'm also on the streaming services. You can find it there. We've covered the internet archive. They've got this cool, new VHS vault. We discussed ways to reduce your risk of data loss. It's all about identifying your data. and then minimizing your data, how we enabled ransomware to become a multi-billion dollar industry. And I also gave some good advice on backups and the fact that 100% of the businesses I've ever walked into have had a failed backup strategy and failed in a bunch of different ways. It is big for all of us who are out there who are members of the Calvary, who are trying to help our friends, our family with their computer issues, and the businesses for whom we work. Then we got to how to answer questions that we get that have to do with our level of security? How secure are we? How secure is the business? That's what we have covered so far today. I love our next topic. It's phenomenal. It's from Thread Post.com. But they're talking about different types of security metrics. Now, metrics, of course, our measurements, or the ways we measure things. We always have to measure progress to be able to know have we gotten to where we need to be, right. Progress can be difficult to measure. There are a lot of different types of measurements when it comes to our security. Say for Microsoft Windows, one of the big things is, are you ready every Patch Tuesday. Then a little bit more, as Microsoft sometimes comes with out-of-cycle patches. They got nailed a few years ago, through criticisms about them releasing new patches, like constantly, because they needed to release them. And so instead of fixing their problem, which would be almost impossible to do, and that is rewriting windows and making it much more secure design, they decided they would just go ahead and release patches once a month. And that way, of course, you're not getting them every day. So who's getting noticed that in fact, there are a whole lot of vulnerabilities and Windows. So that was another measurement that we had. Did you get your Patch Tuesday stuff done? That's been around a very long time? Well, we've got a new metric here, and it's called hardening. Now, I don't know about you guys, but my wife thinks that most people don't know what the name hardening is. So I'll explain it a little bit. Hardening is where we close holes in our networks and our Windows computers. That's really what our emphasis is going to be coming up here next week when we start our whole hardening series. By the time you finish this series and the courses, you'll be able to lock down any Windows or Mac computer yourself. You are going to be able to lock down your small business network, and you're going to stop worrying about being the victim of the bad guys. We're also going to train you on how to test everything yourself. That you can make sure that they can't get in, right. If not tested, how will you know it works. It's like I was talking about with backups. How do you know they are working? How do you know it's effective? How effective is it? So we're going to teach all of that, and I think that's just going to be amazing for you guys, man. We're looking to do something you guys are going to love. Hardening in the case of our computers includes our computers, browsers, firewalls, and routers. In other words, there, we're using all of the options, all of the available software to make sure that bad guys are not easily going to get in is our Windows Firewall harden on our computers? Did you even know you had a firewall on a Windows computer? Well, it's almost useless. Because Windows has a firewall, it is turned on by default, but they have all kinds of services turned on and available to be used. All of these things are kind of crazy. When we get down to it, there are things we can do. That's what we're going to be covering starting in about a week with some of these tutorials. And with our great course that we have coming up. Now, let's talk about what's holding us back and what mean time to harden means. We're looking at vulnerabilities, when we're talking about a zero-day-attack, it is one that no one has seen before and where there is not a patch or workaround for it. It's really kind of a nasty thing. When it comes to hardening, you want to make sure that you have as few services as possible on your computer, firewall, and browser. That again makes your attack surface smaller. But when we're talking about those types of zero-day attacks, it typically takes an organization 15 times longer to close a vulnerability than it does for the attackers to weaponize that vulnerability and exploit it. So basically, we're talking about one week for the bad guys to take a vulnerability one of those zero-day things. It takes one week to weaponize it, and it takes us about 102 days to patch it. Let that sink in for just a minute here. Once vulnerabilities get disclosed, It's a time-race here to either secure this hole before the bad guys to exploit it. Now we saw that with the Equifax breach where here's a major, major breach against a major company out there, and only happened because they hadn't applied the patches that they needed to apply. It's just really that simple. Microsoft has a patch let's give an example right now, BlueKeep. BlueKeep is a way to break into Microsoft machines. Microsoft released patches for BlueKeep in the May 2019 Patch Tuesday security fixes. Microsoft released it in May, and as of December 2019, seven months later, there were still over 700,000 machines at risk. Let me see here now May to June July, August, September, October, November, December. That, to me, sounds like seven months. That's huge. Sophos has some security software. In their recent report about WannaCry, which is ransomware. The patch against the exploit WannaCry was using has not been installed on a countless number of machines. Still despite being released more than two years ago. It's crazy, isn't it? Do you guys agree with me? Am I just being kind an alarmist? Now the average time to weaponize this is seven days. Many weaponization comes in less than seven days. Like the infamous ApacheStruts vulnerability. You have effectively 72 hours to harden new systems. Now the numbers are even worse. When we're talking about incident response. There's a new rule out from a company called CrowdStrike. You might have heard of them before, they've been in the news for some political stuff as well. But they are a security company. They do a lot of investigations after the fact and try to figure out what happened and try and clean things up. CrowdStrike has a new rule. It's called the 1-10-60 rule. And it's based on what they call breakout time. So here's what that is. Most nation-state actors, in other words, the more advanced hackers out there, move laterally from an initial attack within two hours on average. In other words, if there is a country that's coming after you say, for instance, China. Most say now it isn't like China is going to go after me. I'm not Military and not a military contractor. China comes after you to steal your intellectual property. Once they have gotten inside of your network, they will move around inside your system. What this means is it gives defenders of a network one minute to detect a breach, 10 minutes to understand what has happened and that it was a breach and one hour to contain that breach from the initial incursion. That is huge. Now, this is part of this meantime to hardening and goal response that we're trying to achieve. If you're a regular business, and it's six months before you even notice that a hack occurred, if you ever even notice, which is par for the course, and one that we see that quite frequently. We will come in and look for signs of hacking. Many times, companies don't want to know. They just want to know if there are any openings that they should be closing right now. Why? If you see a hack occurred, there are specific legal responsibilities that you have. Companies say, Listen, don't tell me, I don't want to know. Without monitoring and watching what our organizations are doing, if we're not at the very least, patching and hardening, we're in real trouble. Now, I know you guys know how to patch it's not that difficult to do. We're not going to spend a lot of time on that in the upcoming tutorials or courses, but we are going to spend a lot of time in the course on Hardening because it is one of your best defenses. It's kind of like having a package on the front porch that was just delivered by Amazon people, right? If there is no package on the porch, the porch pirates are not going to show up and to steal the box. It's the same type of thing here. If you do not have services available on your machines inside your network, there is no way for the bad guys to move laterally. There's no way for them to get in remotely. That is our goal in our hardening courses, how to harden your Windows machine. That's coming up in about a week, week and a half. So make sure you are on my email list. You get all of that free training. You can find out about the courses as well that we are putting together for this. All of that at Craig Peterson dot com slash subscribe. You're listening to me here on WGAN. You can always send questions to me -- me at Craig Peterson dot com. Hey, welcome back, everybody, Craig Peterson online at Craig Peterson dot com and right here on WGAN. I am also putting these up on Facebook and making them available on YouTube. For those that are interested.  I want to talk a little bit right now about Clearview AI. You know, again, I've said so many times that we've got to be careful with our data online. Clearview AI is this company that we talked about a few weeks ago, that has been scraping all of the information it could get online, mainly related to photographs. All of the pictures that you posted on Facebook or that you put up on any photo sharing sites, all of that stuff, Clearview scraped. Now, they have this app that allows you to take a picture, and then it will do facial recognition to find all of the places online that that picture appears. And it has been used by looks like more than 2200 different organizations, many of them police department to track people down. So if you have a picture, even if it's not a great picture, that picture can then be put into the clear view AI app. And it'll show you here you go, here's where we found this guy or gal online. And even if you didn't take the picture, and you are in a photograph, it is going to show up in clear view is going to find it. Now, Clearview AI grabbed all of these photographs online without asking permission of anyone. I don't think they asked your permission, did they? They didn't get my permission. They scraped them from Twitter, who they didn't ask permission. They scraped them from Facebook. They scraped them from all over the internet. They ended up with billions of photographs. They logged it all along with where they found them online. That way, if the police department is looking for this person, they have a photo of them. They can put it into the Clearview AI app and can authenticate where online it was found. And then the police department just goes there and says, Oh, well, that's a Mary Jane's homepage. Here's more about Mary Jane, where she lives and everything else and now off they go to get Mary Jane. Now remember, of course, first off, these things are not 100% accurate. They could be false. There are false positives, although in many cases, they have been very successful at identifying people, and they have helped to solve some crimes, which is I guess a good thing, right. I think that's what you might want to say, okay. In a notification that The Daily Beast reviewed, Clearview AI told them that there had been an intruder that gained unauthorized access to its list of customers, and they got access to many accounts they've set up and the searches they have run. Now, this disclosure also claimed that there was no breach of Clearview AI servers and that there was no compromise of Clearview AI systems or networks. That puzzles me makes me wonder, well, maybe they were using a cloud service, and they had it stored up there, and that's how it got stolen. It's hard to say. Clearview AI went on to say that it patched the unspecified hole that let the intruder in and that whoever was didn't manage to get their hands on their customer's search histories. Now there's a release from a Clearview AI attorney, and his statement said that security is Clearview AI top priority, which is total crap, right? They did everything they could to breach ethics and security of the user agreements from all of these websites from which they scraped our information. Unfortunately, data breaches their attorney says are part of life in the 21st century. Our servers were never accessed. We patched the flaw and continue to work to strengthen our security. All of this is in a report on naked security dot com. Now, this, frankly, is very concerning to me from several different standpoints, right. First of all, Clearview AI had this massive database of facial images that they had sold to hundreds of law enforcement agencies. In many cases, it wasn't like the overall agency. It was just a police officer themself that subscribed. It may be a detective, etc. The New York Times ran a front-page article in January, saying that Clearview AI may end privacy as we know it and man, is that ever true. They have been quietly selling access to these facial images and facial recognition software to over 600 law enforcement agencies. Now with this data breach, it looks like it's more than 2200. Although we have not seen the list posted online yet, we may end up seeing the posted online. It depends on who did this and if it was a nation-state, which is entirely possible. They are trying to find out a little bit more about us or whether it was somebody else.  It reminds me of a lot about the founding of Facebook and why I've been against Facebook over the years, right? Facebook had a very unethical at its start. They stole all the photos of women going to Harvard University and then had people be able to go to their little website and rate the women, right? Rate them? Yeah, on their looks using all stolen photos. That's the allegation behind it all. It certainly seems to be true. Microsoft, that's another reason I just, I don't use the word hate very often believe me, but I do hate Microsoft and the way they started. They unethically sued people and play games with trying to buy them by lying about the rights that they had. Bill Gates outright lying to IBM and others, back in the early days. I have a good friend of mine who says Craig if you didn't have any ethics, you would be one of the wealthiest people in the country. Your ethics kept you from doing them, yet you bent over backward to help people. Companies, like these need to go out of business and need to go out of business fast, it's crazy. We've got the Biometric Information Privacy Act that Clearview AI has violated. ClearView AI has also been told by Twitter, Facebook, Google, and YouTube to stop scraping. Those companies have ordered it to stop that. It is against the policies. The Times noted that there's a strong use case for ClearView AI technology finding the victims of child abuse. News. It makes a lot of sense. One, retired Chief of Police said that running images of 21 victims of the same offender returned nine or 14 miners identifications, the youngest of whom was 13. So where do we draw the law watch line, I should say, what should we be doing here? It goes back to the whole fruit of the poisoned tree principle that exists in the law. That you've seen on TV and in movies many times, any evidence illegally obtained can't be used nor anything that comes of that evidence. It is why some Federal investigators play games with where did you get this evidence? Russia? Did it come from Christopher Steele? Should we have something similar In this case, and I think that we should if they stole information from these companies, which they did. It's, frankly, intellectual property theft at the very least. That means it is of no use in any sort of a police case that started an investigation and any legal matters that follow. That's my opinion. I don't know what yours is. I'd love to hear from you email Me at Craig Peterson dot com. Thank God they were able to find some of these victims of child abuse. But at the same time here, we should have some rights to privacy. It may already be too late. I guess we'll know. Soon enough.  Hey, when we get back, we're going to talk about Barbara Cochran. She's the star of Shark Tank, and she just lost 400 grand in a scam will tell you all about it. You are listening to Craig Peterson and WGAN. And make sure you sign up online at Craig Peterson dot com. Hi, everybody. Yeah, that means we're back. Craig Peterson here on WGAN.  We're going to talk right now about a TV show that I have enjoyed watching over the years. There are a few shows that I watch pretty regularly. Of course, there are some sci-fi shows we won't talk about those right now. But a couple of them are The Profit I enjoy that show. I like the guy who is the main character on that show, and his name is Marcus Lemonis. He owns a considerable interest in Camping World, as well as GoodSam Club, and he invests in small businesses. I disagree with him almost 100% on politics, but he does try and help people out which I think is fantastic and, and he goes into these businesses that are struggling, that are trying to figure out how do we move to the next step or how do we even survive? Then he helps him out, and he frequently invests in them. When he invests, he takes a good chunk, usually enough so that he has a controlling interest in other words 51% sort of a thing. Then he's often running, and he helps build them into real successful companies. Now, I guess it goes back to the question of, would you rather have a small slice of a massive pie as an owner, or would you rather have 100% of a tiny pie, that may end up collapsing in on itself at some point in time. That's kind of the decision these people have to face as they are talking with him and trying to figure it out. So I like that show. He had a good episode, recently that I found very, very fascinating. Check that one out, The Profit. Another one that I've enjoyed over the years is Shark Tank. Now Shark Tank is if you haven't seen it, it is a show, and there are a number of them. It's called Dragon's Den overseas. There's one in the UK. There's a shark tank in Canada, and there's a shark tank in Australia, all called slightly different things. The idea behind Shark Tank is you go in there you make a pitch to these investors, and the investors decide if they're going to throw some money at you. They will make a deal saying okay, I'll give you 20% for 20% of your company, I'll give you this much money, or you know, I'll bring in people to help out, but I want controlling interest or whatever it is. Well, one of the business moguls on there that part of this whole judging team on Shark Tank just last week lost nearly $400,000. It was disclosed that the 400 grande loss came through an email scammer. Now, if she had been listening to this show, she would have known about it. She would have known what's happening. She has enough money that she kind of brushed it off. Oh well, she thinks that she'll never get the money back. And you know what? She's probably right. We've seen that happen many times, even with the FBI getting involved most of the time that money never, ever comes back to you. According to media reports, a scammer who was posing as Barbara Cochran's executive assistant forwarded to her bookkeeper an invoice requesting that payment. I'm looking at the email right now. Barbara released it, which is great as that way people can see what happened. It's an email it's from, Jake somebody. Sent on Friday, February 21, and addressed to Emily carbon copy Michelle. The subject was forward Invoice 873, and it's got the name of a German company. It begins, Hello Emily. Please see the attached invoice below for payment. We are ready to proceed, and we are shipping next week. Please ensure the invoice is paid on time, shipping charges are additional. It appears like a little real invoice. It's got the due date on it, which was due on the 27th, and the amount was $388,700 and 11 cents. And it looks as I said kind of like a standard invoice. Dear customer. Please see the attached invoice. Wire transfers should be directed to FFH concept GMbH address in Berlin, Germany. Bank details include the bank name, the account name, bank address As the IBN number, the swift number, thank you for your business, we appreciate it very much.  The truth was, this email did not originate from Barbara Cochran's executive assistant. Instead, what happened here is that the scammers and created an email address that looked the same as her executive assistant. It had one letter different in it. At first glance, it seems legitimate, yeah, this is from the Executive Assistant. You and I look at 400,000 and say, Whoa, wait a minute now. I don't even have that much. In this case, Barbara Cochran, this was pretty normal for her. There's not only this amount because she is involved in so many real estate deals. That's how she made her money was in real estate. She gets these invoices from these companies all over the world. It did not look that strange. All the bad guys, in this case, had to do was a little bit of research. They found out what the executive assistant's name, they found out what the email address was. The bookkeeper did not spot this little spelling error, if you will, in the email address. When she asked questions about the purpose of the payment, all communication went straight to the scammer's and not to the assistant. What did she do? She hit reply, and the response went straight to the scammers, and the scammers gave him what looked to be or gave her what appeared to be a reasonable answer, right. On Tuesday last week, seemingly satisfied by the answers she'd received by the scammers posing as Barbara Cochran's executive assistant. The bookkeeper transferred almost $400,000 into the bank account contract controlled by the scammers. It was only one the bookkeeper manually CC'd Cochran's assistant directly with confirmation that the invoice had was paid. It became clear what happened. So, again, that tells you don't respond to emails, right? Look it up, use a contact list, use your autocomplete to try and reach out to somebody to verify it. I always go one more step further, and that is to get on the phone and confirm the transaction. Now in speaking to people magazine, Barbara Corcoran again apparently was pretty okay about the theft. She says quote, I lost the 400,000 as a result of a fake email sent to my company. It was an invoice supposedly sent by my assistant to my bookkeeper, approving the payment for real estate renovation. There was no reason to be suspicious. I invest in quite a bit of real estate. I disagree with that there was reason to be suspicious. Anyhow, I was upset at first, but then remember, it's only money good for her. Frankly, she posted on Twitter about it. Lesson learned. Be careful when you wire money. She retweeted something from TMZ about her getting hooked in this scam. I'm glad she has a positive attitude about it. It's very unlikely, as I said earlier, that she'll ever recover a dime from these fraudsters because of the way the money was wired. Ninety seconds later is all it takes for the cash to be gone and out of reach. And they probably went ahead and transferred it from German banks to other banks, and it continues to move the money around. It's kind of like what happened in Eastern Europe and Ukraine, with a billion dollars in aid that we sent that ended up bouncing around between multiple companies in multiple countries to hide whose pocket it ended up. It's just kind of crazy. It can happen to anyone, and it can happen to any of us. Every last one of us, business person or otherwise, needs to be on guard. Don't reply to emails. Always make sure you enter in the email address if it's anything that might be of concern. Remember that banks and other places are unlikely, including the IRS tax time, to be sending you emails about some of this stuff. Just double-check and phone them, look them up online, and phone that number. Ask a question from their help people over on their website.  Well, we've got one last segment here, and we're going to be talking about new security features from Firefox that means insecurity to you. This is Craig Peterson on WGAN, and you know, I like Firefox, right? Hey, welcome back, everybody, Craig Peterson, here on WGAN and online Craig Peterson dot com. Well, that's Peterson with an -On dot com.  Hey, thanks for joining us today we've had a great day, we've talked about where you find a little bit of nostalgia online over at the Internet Archive. We talked about reducing the risk through data minimization. I described how ransomware became a multi-billion dollar industry. We talked about the changes that have recently happened with ransomware that will require you to make a change in what you're doing to stop becoming a victim. Then we got into how should you answer a non-technology related executive who asks you, how secure are we? How do you answer that question to your family as well? Because we are all the Calvary, right? We're the people that our friends, family, our people from church, the business people, they all come to us. So I wanted to make sure we covered that the next generation here of security metrics, how long does it take to harden your systems, and we've got a course coming up on that here in a couple of weeks and a bunch of tutorials to help you out. The company that we talked about clear view AI, very, very bad guys, frankly, very unethical. They just lost their entire database of Facebook buying clients to hackers. And then they brushed it off like it's no big thing. Hey, you know, everybody gets hacked nowadays. Man is talking about a company with no ethics at all. We talked about them, and then, of course, most recently, we just talked about business email compromise. We gave you a specific example here of Barbara Corcoran. She is one of the business moguls over on Shark Tank. How she lost almost $400,000 in a scam, and what you can do to help protect yourself. And we gave away some actual clues here precisely what the bad guys are doing to try and get that information or get us to to to do that, right? What kind of information are they gathering about us? Well, I want to talk about Firefox here for a few minutes, all web browser thing. And this has to do with security. And this is an article over on we live security.com that made me think about what is going on with Firefox and Mozilla. Now, if you've been on any of my training courses, you know, the browser you absolutely should never use ever, ever, ever unless there is a gun to your head, and then it's okay. Is Internet Explorer is just one of the worst browsers ever? You know, it's just terrible. It's right up there with the original browser, the NCSA Mosaic, but at least it was changing the industry. Internet Explorer was just a huge security hole. I mean crazy. The things that allowed programmers to do, and it was such an avenue for hacking. You know that right, don't ever use Microsoft's Internet Explorer. Then they came out with the Edge browser, and they had problems

An airhacks.fm conversation with Bela Ban belaban.blogspot.com about: C64 wasn't real, Atari was the way to go, Atari ST vs. Amiga wars, Pascal, Modula-2 and Modula 3, Atari had a nice IDE with 1MB RAM, War Games movie, contact list application as "hello, world", fixing Epson printer hexcodes, chess and tennis over programming, learning C was a step down from Modula, system programming and the fascination with immediate feedback, writing CORBA to CMIP bridges in GDMO, C++ templates are an own language, "C++ is crap", Java at the first World Wide Web conference in 1995 in ...Darmstadt, starting with oak, applets and NCSA Mosaic, Netscape server, extracting data from mainsframes with Java over JNI, Cornell University research with Sun's Java 1.0, working with Ken Birman, Robbert van Renesse, Werner Vogels, Ensemble in Ocaml, replacing Ocaml with Java the "Java Groups", Jim Waldo was leading the JINI project, Sun Microsystems and Cornell worked together to make Java Intelligent Network Infrastructure (JINI) reliable using Java Groups, leasing JINI was revolutionary, JINI message was changed several times, there was no elevator pitch for JINI, Sun tried to keep the JINI / Java Groups cooperation secret, A Note on Distributed computing by Jim Waldo, the Eight Fallacies of Distributed Computing, JGroups on Sourceforge in 2000 (and still on available), revival of JGroups at Fujitsus's Network Management System, the Sacha Labourey and Marc Fleury contact, writing JBoss Cache on unpaid vacation in 6 weeks, the Blue and Red Papers from Mark Fleury, the EJB Open Source System, Mark Fleury and paratroopers, JBoss Cache started as tree and became a distributed map, meeting Manik Surtani in a Taxi, JBoss Cache became Infinispan, JGroups is the communication layer of Infinispan, the CP of CAP interests resulted in RAFT, JGroups RAFT is used in production, there are many Paxos implementations Raff is a Paxos simplification, RAFT for kids in JBoss Distributed Singletons, useless but consistent systems, vector clocks is an inconvenient reconciliation system, JGroups is using RocksDB and MapDB, JGroups makes UDP and other protocols like RDMA reliable, JGroups is particularly efficient with many nodes, JGroups and Sun Cluster Lab in Switzerland, running JGroups on 2000+ nodes at Gcloud, Project Loom and Fibers, mini sabaticals for hype chasing, back to easy request response to Project Java's Loom and Fibers, injecting JChannel in Quarkus, JGroups runs on Quarkus in native mode, KISS and JGroups - No Dependencies in JGroups, Bela's blog: belaban.blogspot.com

Welcome to the History of Computing Podcast, where we explore the history of information technology. Because understanding the past prepares us for the innovations of the future! Today we're going to talk about Gopher. Gopher was in some ways a precursor to the world wide web, or more specifically, too http. The University of Minnesota was founded in 1851. It gets cold in Minnesota. Like really cold. And sometimes, it's dangerous to walk around outside. As the University grew, they needed ways to get students between buildings on campus. So they built tunnels. But that's not where the name came from. The name actually comes from a political cartoon. In the cartoon a bunch of not-cool railroad tycoons were pulling a train car to the legislature. The rest of the country just knew it was cold in Minnesota and there must be gophers there. That evolved into the Gopher State moniker, the Gopher mascot of the U and later the Golden Gophers. The Golden Gophers were once a powerhouse in college football. They have won the 8th most National titles of any University in college football, although they haven't nailed one since 1960. Mark McCahill turned 4 years old that year. But by the late 80s he was in his thirties. McCahill had graduated from the U in 1979 with a degree in Chemistry. By then he managed the Microcomputer Center at the University of Minnesota–Twin Cities. The University of Minnesota had been involved with computers for a long time. The Minnesota Education Computing Consortium had made software for schools, like the Oregon Trail. And even before then they'd worked with Honeywell, IBM, and a number of research firms. At this point, the University of Minnesota had been connected to the ARPANET, which was evolving into the Internet, and everyone wanted it to be useful. But it just wasn't yet. TCP/IP maybe wasn't the right way to connect to things. I mean, maybe bitnet was. But by then we knew it was all about TCP/IP. They'd used FTP. And saw a lot of promise in the tidal wave you could just feel coming of this Internet thing. There was just one little problem. A turf war between batch processed mainframes had been raging for a time with the suit and tie crowd thinking that big computers were the only place real science could happen and the personal computer kids thinking that the computer should be democratized and that everyone should have one. So McCahill writes a tool called POPmail to make it easy for people to access this weird thing called email on the Macs that were starting to show up at the University. This led to his involvement writing tools for departments. 1991 rolls around and some of the department heads around the University meet for months to make a list of things they want out of a network of computers around the school. Enter Farhad Anklesaria. He'd been working with those department heads and reduced their demands to something he could actually ship. A server that hosted some files and a client that accessed the files. McCahill added a search option and combined the two. They brought in four other programmers to help finish the coding. They finished the first version in about three weeks. Of those original programmers, Bob Alberti, who'd helped write an early online multiplayer game already, named his Gopher server Indigo after the Indigo Girls. Paul Lindner named one of his Mudhoney. They coded between taking support calls in the computing center. They'd invented bookmarks and hyperlinks which led McCahill to coin the term “surf the internet” Computers at the time didn't come with the software necessary to access the Internet but Apple was kind enough to include a library at the time. People could get on the Internet and pretty quickly find some documents. Modems weren't fast enough to add graphics yet. But, using the Gopher you could search the internet and retrieve information linked from all around the world. Wacky idea, right? The world wanted it. They gave it the name of the school's mascot to keep the department heads happy. It didn't work. It wasn't a centralized service hosted on a mainframe. How dare they. They were told not to work on it any more but kept going anyway. They posted an FTP repository of the software. People downloaded it and even added improvements. And it caught fire underneath the noses of the University. This was one of the first rushes on the Internet. These days you'd probably be labeled a decacorn for the type of viral adoption they got. The White House jumped on the bandwagon. MTV veejay Adam Curry wore a gopher shirt when they announced their Gopher site. There were GopherCons. Al Gore showed up. He wasn't talking about the Internet as though it were a bunch of tubes yet. So then Tim Berners-Lee had put the first website up in 1991, introducing html on Gopher and what we now know as the web was slowly growing. McCahill then worked with Berners-Lee, Marc Andreessen of Netscape, Alan Emtage and former MIT whiz kid, Peter J. Deutsch. Oh and the czar of the Internet Jon Postel. McCahill needed a good way of finding things on his new Internet protocol. So he invented something that we still use considerably: URLs, or Uniform Resource Locators. You know when you type http://www.google.com that's a URL. The http indicates the protocol to use. Every computer has a default handler for those protocols. Everything following the :// is the address on the Internet of the object. Gopher of course was gopher://. FTP was ftp:// and so on. There's of course more to the spec, but that's the first part. Suddenly there were competing standards. And as with many rapid rushes to adopt a technology, Gopher started to fall off and the web started to pick up. Gopher went through the hoops. It went to an IETF RFC in 1993 as RFC 1436, The Internet Gopher Protocol (a distributed document search and retrieval protocol). I first heard of Mark McCahill when I was on staff at the University of Georgia and had to read up on how to implement this weird Gopher thing. I was tasked with deploying Gopher to all of the Macs in our labs. And I was fascinated, as were so many others, with this weird new thing called the Internet. The internet was decentralized. The Internet was anti-authoritarian. The Internet was the Subpop records of the computing world. But bands come and go. And the University of Minnesota wanted to start charging a licensing fee. That started the rapid fall of Gopher and the rise of the html driven web from Berners-Lee. It backfired. People were mad. The team hadn't grown or gotten headcount or funding. The team got defensive publicly and while traffic continued to grow, the traffic on the web grew 300 times faster. The web came with no licensing. Yet. Modems got faster. The web added graphics. In 1995 an accounting disaster came to the U and the team got reassigned to work on building a modern accounting system. At a critical time, they didn't add graphics. They didn't further innovate. The air was taken out of their sales from the licensing drama and the lack of funding. Things were easier back then. You could spin up a server on your computer and other people could communicate with it without fear of your identity being stolen. There was no credit card data on the computer. There was no commerce. But by the time I left the University of Georgia we were removing the gopher apps in favor of NCSA Mosaic and then Netscape. McCahill has since moved on to Duke University. Perhaps his next innovation will be called Document Devil or World Wide Devil. Come to think of it, that might not be the best idea. Wouldn't wanna' upset the Apple Cart. Again. The web as we know it today wasn't just some construct that happened in a vacuum. Gopher was the most popular protocol to come before it but there were certainly others. In those three years, people saw the power of the Internet and wanted to get in on that. They were willing it into existence. Gopher was first but the web built on top of the wave that gopher started. Many browsers still support gopher either directly or using an extension to render documents. But Gopher itself is no longer much of a thing. What we're really getting at is that the web as we know it today was deterministic. Which is to say that it was almost willed into being. It wasn't a random occurrence. The very idea of a decentralized structure that was being willed into existence, by people who wanted to supplement human capacity or by a variety of other motives including “cause it seemed cool at the time, man.” It was almost independent of the action of any specific humans. It was just going to happen, as though free will of any individual actors had been removed from the equation. Bucking authority, like the department heads at the U, hackers from around the world just willed this internet thing into existence. And all these years later, many of us are left in awe at their accomplishments. So thank you to Mark and the team for giving us Gopher, and for the part it played in the rise of the Internet.

Welcome to the History of Computing Podcast, where we explore the history of information technology. Because by understanding the past, we're able to be prepared for the innovations of the future! Today we're going to look at the emergence of the web through the lens of Netscape, the browser that pushed everything forward into the mainstream. The Netscape story starts back at the University of Illinois, Champaign-Urbana where the National Center for Supercomputing Applications (or NCSA) inspired Marc Andreessen and Eric Bina to write Mosaic, which was originally called xmosaic and built for X11 or the X Window System. In 1992 there were only 26 websites in the world. But that was up from the 1 that Internet pioneer Tim Berners-Lee built at info.cern.ch in 1991. The internet had really only been born a few years earlier in 1989. But funded by the Gore Bill, Andreessen and a team of developers released the Alpha version of the NCSA Mosaic browser in 1993 and ported it to Windows, Mac, and of course the Amiga. At this point there were about 130 websites. Version two of Mosaic came later that year and then the National Science Foundation picked up the tab to maintain Mosaic from 94 to 97. James Clark, a co-founder of Silicon Graphics and a legend in Silicon Valley, took notice. He recruited some of the Mosaic team, led by Marc Andreessen, to start Mosaic Communications Corporation, which released Netscape Navigator in 1994, the same year Andreessen graduated from college. By then there were over 2,700 websites, and a lot of other people were taking notice after 2 four digit growth years. Yahoo! and EXCITE were released in 1994 and enjoyed an explosion in popularity, entering a field with 25 million people accessing such a small number of sites. Justin Hall was posting personal stuff on links.net, one of the earliest forms of what we now call blogging. Someone else couldn't help but notice: Bill Gates from Microsoft. He considered cross-platform web pages and the commoditization of the operating system to be a huge problem for his maturing startup called Microsoft, and famously sent The Internet Tidal Wave memo to his direct reports, laying out a vision for how Microsoft would respond to this thread. We got Netscape for free at the University, but I remember when I went to the professional world we had to pay for it. The look and feel of Navigator then can still be seen in modern browsers today. There was an address bar, a customizable home page, a status bar, and you could write little javascripts to do cutesy things like have a message scroll here and there or have blinked things. 1995 also brought us HTML frames, fonts on pages, the ability to change the background color, the ability to embed various forms of media, and image maps. Building sites back then was a breeze. And with an 80% market share for browsers, testing was simple: just open Netscape and view your page! Netscape was a press darling. They had insane fans that loved them. And while they hadn't made money yet, they did something that a lot of companies do now, but few did then: they went IPO early and raked in $600 million in their first day, turning Marc Andreessen the poster child into an overnight sensation. They even started to say that the PC would live on the web - and it would do so using Netscape. Andreessen then committed the cardinal sin that put many in tech out of a job: he went after Microsoft claiming they'd reduce Microsoft to a set of “poorly debugged device drivers.” Microsoft finally responded. They had a meeting with Netscape and offered to acquire the company or they would put them out of business. Netscape lawyered up, claiming Microsoft offered to split the market up where they owned Windows and left the rest to Netscape. Internet Explorer 1 was released by Microsoft in 1995 - a fork of Mosaic which had been indirectly licensed from the code Andreessen had written while still working with the NCSA in college. And so began the “Browser Wars” with Netscape 2 being released and Internet Explorer 2, the same year. 1995 saw the web shoot up to over 23,000 sites. Netscape 2 added Netscape Mail, an email program with about as simple a name as Microsoft Mail, which had been in Windows since 1991. In 1995, Brendan Eich, a developer at Netscape wrote SpiderMonkey, the original JavaScript engine, a language many web apps still use today (just look for the .jsp extension). I was managing labs at the University of Georgia at the time and remember the fast pace that we were upgrading these browsers. NCSA telnet hadn't been updated in years but it had never been as cool as this Netscape thing. Geocities popped up and I can still remember my first time building a website there and accessing incredible amounts of content being built - and maybe even learning a thing or two while dinking around in those neighborhoods. 1995 had been a huge and eventful year, with nearly 45 million people now “on the web.” Amazon, early search engine Altavista, LYCOS, and eBay launching as well. The search engine space sure was heating up… Then came 1996. Things got fun. Point releases of browsers came monthly. New features dropped with each release. Plugins for Internet Explorer leveraged API hooks into the Windows operating system that made pages only work on IE. Those of us working on pages had to update for both, and test for both. By the end of 1996 there were over a quarter million web pages and over 77 million people were using the web. Apple, The New York Times, Dell.com appeared on the web, but 41 percent of people checked AOL regularly and other popular sites would be from ISPs for years to come. Finally, after a lot of talk and a lot of point releases, Netscape 3 was released in 1997. Javascript got a rev, a lot of styling elements some still use today like tables and frames came out and forms could be filled out automatically. There was also a gold version of Netscape 3 that allowed editing pages. But Dreamweaver gave us a nice WYSIWIG to build web pages that was far more feature rich. Netscape got buggier, they bit on more and more thus spreading developers thing. They just couldn't keep up. And Internet Explorer was made free in Windows as of IE 3, and had become equal to Netscape. It had a lot of plugins for Windows that made it work better on that platform, for better or worse. The Browser Wars ended when Netscape decided to open source their code in 1998, creating the Mozilla project by open sourcing the Netscape Browser Suite source code. This led to Waterfox, Pale Moon, SeaMonkey, Ice Weasel, Ice Cat, Wyzo, and of course, Tor Browser, Swiftfox, Swift Weasel, Timberwolf, TenFourFox, Comodo IceDragon, CometBird, Basilisk, Cliqz, AT&T Pogo, IceCat, and Flock. But most importantly, Mozilla released Firefox themselves, which still maintains between 8 and 10 percent marketshare for browser usage according to who you ask. Of course, ultimately everyone lost the browser wars now that Chrome owns a 67% market share! Netscape was sold to AOL in 1999 for $4.2 billion, the first year they dropped out of the website popularity contest called the top 10. At this point, Microsoft controlled the market with an 80% market share. That was the first year Amazon showed up on the top list of websites. The Netscape problems continued. AOL released Netscape 6 in 2000, which was buggy and I remember a concerted effort at the time to start removing Netscape from computers. In 2003, after being acquired by Time Warner, AOL finally killed off Netscape. This was the same year Apple released Safari. They released 7.2 in 2004 after outsourcing some of the development. Netscape 9, a port of Firefox, was released in 2007. The next year Google Chrome was released. Today, Mozilla is a half-billion dollar a year not-for profit. They ship the Firefox browser, the Firefox OS mobile OS, the online file sharing service Firefox Send, the Bugzilla bug tracking tool, the Rust programming language, the Thunderbird email client, and other tools like SpiderMonkey, which is still the javascript engine embedded into Firefox and Thunderbird. If the later stage of Netscape's code in the form of the open source Mozilla projects appeal to you, consider becoming a Mozilla Rep. You can help contribute, promote, document, and build the community with other passionate and knowledgeable humans that are on the forefront of pushing the web into new and beautiful places. For more on that, go to reps.mozilla.org. Andreessen went on to build Opsware with Ben Horowitz (who's not a bad author) and others. He sold the hosting business and in 2005 continued on with Horowitz founded Andreessen Horowitz which were early investors of Facebook, Foursquare, GitHub, Groupon, LinkedIn, Pinterest, Twitter, Jawbone, Zynga, Skype, and many, many others. He didn't win the browser wars, but he has been at the center of helping to shape the Internet as we know it today, and due to the open sourcing of the source code many other browsers popped up. The advent of the cloud has also validated many of his early arguments about the web making computer operating systems more of a commodity. Anyone who's used Office 365 online or Google apps can back that up. Ultimately, the story of Netscape could be looked at as yet another “Bill Gates screwed us” story. But I'm not sure that does it justice. Netscape did as much to shape the Internet in those early days as anything else. Many of those early contributions, like the open nature of the Internet, various languages and techniques, and of course the code in the form of Mozilla, live on today. There were other browsers, and the Internet might have grown to what it is today. But we might not have had as much of the velocity without Andreessen and Netscape and specifically the heated competition that led to so much innovation in such a short period of time - so we certainly owe them our gratitude that we've come as far as we have. And I owe you my gratitude. Thank you so very much for tuning into another episode of the History of Computing Podcast. We're lucky to have you. Have a great day!

DragonflyBSD 5.4 has been released, down the Gopher hole with OpenBSD, OpenBSD in stereo with VFIO, BSD/OS the best candidate for legally tested open source Unix, OpenBGPD adds diversity to the routing server landscape, and more. Headlines DragonflyBSD 5.4 released DragonFly version 5.4 brings a new system compiler in GCC 8, improved NUMA support, a large of number network and virtual machine driver updates, and updates to video support. This release is 64-bit only, as with previous releases. The details of all commits between the 5.2 and 5.4 branches are available in the associated commit messages for 5.4.0rc and 5.4.0. Big-ticket items Much better support for asymmetric NUMA (Non-Uniform Memory Access) configurations. In particular, both the memory subsystem and the scheduler now understand the Threadripper 2990WX’s architecture. The scheduler will prioritize CPU nodes with direct-attached memory and the memory subsystem will normalize memory queues for CPU nodes without direct-attached memory (which improves cache locality on those CPUs). Incremental performance work. DragonFly as a whole is very SMP friendly. The type of performance work we are doing now mostly revolves around improving fairness for shared-vs-exclusive lock clashes, reducing cache ping-ponging due to non-contending SMP locks (i.e. massive use of shared locks on shared resources), and so forth. Major updates to dports brings us to within a week or two of FreeBSD’s ports as of this writing, in particular major updates to chromium, and making the whole mess work with gcc-8. Major rewriting of the tty clist code and the tty locking code, significantly improving concurrency across multiple ttys and ptys. GCC 8 DragonFly now ships with GCC 8.0, and runs as the default compiler. It is also now used for building dports. GCC 4.7.4 and GCC 5.4.1 are still installed. 4.7.4 is our backup compiler, and 5.4.1 is still there to ensure a smooth transition, but should generally not be used. buildworld builds all three by default to ensure maximum compatibility. Many passes through world sources were made to address various warnings and errors the new GCC brought with it. HAMMER2 HAMMER2 is recommended as the default root filesystem in non-clustered mode. Clustered support is not yet available. Increased bulkfree cache to reduce the number of iterations required. Fixed numerous bugs. Improved support on low-memory machines. Significant pre-work on the XOP API to help support future networked operations. Details Checksums MD5 (dfly-x86_64-5.4.0_REL.img) = 7277d7cffc92837c7d1c5dd11a11b98f MD5 (dfly-x86_64-5.4.0_REL.iso) = 6da7abf036fe9267479837b3c3078408 MD5 (dfly-x86_64-5.4.0_REL.img.bz2) = a77a072c864f4b72fd56b4250c983ff1 MD5 (dfly-x86_64-5.4.0_REL.iso.bz2) = 4dbfec6ccfc1d59c5049455db914d499 Downloads Links DragonFly BSD is 64-bit only, as announced during the 3.8 release. USB: dfly-x86_64-5.4.0_REL.img as bzip2 file ISO: dfly-x86_64-5.4.0_REL.iso as bzip2 file Uncompressed ISO: dfly-x86_64-5.4.0_REL.iso (For use with VPS providers as an install image.) Down the Gopher hole with OpenBSD, Gophernicus, and TLS In the early 2000s I thought I had seen the worst of the web - Java applets, Macromedia (>Adobe) Flash, animated GIFs, javascript snow that kept you warm in the winter by burning out your CPU, and so on. For a time we learned from these mistakes, and started putting the burden on the server-side - then with improvements in javascript engines we started abusing it again with JSON/AJAX and it all went down hill from there. Like cloud computing, blockchains, machine learning and a tonne of other a la mode technologies around today - most users and service providers don’t need websites that consume 1GB of memory processing JS and downloading 50MB of compressed data just to read Alice’s one-page travel blog or Bob’s notes on porting NetBSD to his blood-pressure monitor. Before the HTTP web we relied on Prestel/Minitel style systems, BBS systems, and arguably the most accessible of all - Gopher! Gopher was similar to the locally accessed AmigaGuide format, in that it allowed users to search and retrieve documents interactively, with links and cross-references. Its efficiency and distraction-free nature make it attractive to those who are tired of the invasive, clickbait, ad-filled, javascript-laden web2/3.x. But enough complaining and evangelism - here’s how to get your own Gopher Hole! Gophernicus is a modern gopher daemon which aims to be secure (although it still uses inetd -_-); it’s even in OpenBSD ports so at least we can rely on it to be reasonably audited. If you need a starting point with Gopher, SDF-EU’s wiki has a good article here. https://sdfeu.org/w/tutorials:gopher Finally, if you don’t like gopher(1) - there’s always lynx(1) or NCSA Mosaic! https://cryogenix.net/NCSA_Mosaic_OpenBSD.html I’ve added TLS support to Gophernicus so you don’t need to use stunnel anymore. The code is ugly and unpolished though so I wouldn’t recommend for production use. https://github.com/0x16h/gophernicus https://github.com/0x16h/gophernicus/blob/master/INSTALL.openbsd News Roundup OpenBSD in Stereo with Linux VFIO I use a Huawei Matebook X as my primary OpenBSD laptop and one aspect of its hardware support has always been lacking: audio never played out of the right-side speaker. The speaker did actually work, but only in Windows and only after the Realtek Dolby Atmos audio driver from Huawei was installed. Under OpenBSD and Linux, and even Windows with the default Intel sound driver, audio only ever played out of the left speaker. Now, after some extensive reverse engineering and debugging with the help of VFIO on Linux, I finally have audio playing out of both speakers on OpenBSD. VFIO The Linux kernel has functionality called VFIO which enables direct access to a physical device (like a PCI card) from userspace, usually passing it to an emulator like QEMU. To my surprise, these days, it seems to be primarily by gamers who boot Linux, then use QEMU to run a game in Windows and use VFIO to pass the computer’s GPU device through to Windows. By using Linux and VFIO, I was able to boot Windows 10 inside of QEMU and pass my laptop’s PCI audio device through to Windows, allowing the Realtek audio drivers to natively control the audio device. Combined with QEMU’s tracing functionality, I was able to get a log of all PCI I/O between Windows and the PCI audio device. Using VFIO To use VFIO to pass-through a PCI device, it first needs to be stubbed out so the Linux kernel’s default drivers don’t attach to it. GRUB can be configured to instruct the kernel to ignore the PCI audio device (8086:9d71) and explicitly enable the Intel IOMMU driver by adding the following to /etc/default/grub and running update-grub With the audio device stubbed out, a new VFIO device can be created from it Then the VFIO device (00:1f.3) can be passed to QEMU I was using my own build of QEMU for this, due to some custom logging I needed (more on that later), but the default QEMU package should work fine. The events.txt was a file of all VFIO events I wanted logged (which was all of them). Since I was frequently killing QEMU and restarting it, Windows 10 wanted to go through its unexpected shutdown routine each time (and would sometimes just fail to boot again). To avoid this and to get a consistent set of logs each time, I used qemu-img to take a snapshot of a base image first, then boot QEMU with that snapshot. The snapshot just gets thrown away the next time qemu-img is run and Windows always starts from a consistent state. QEMU will now log each VFIO event which gets saved to a debug-output file. With a full log of all PCI I/O activity from Windows, I compared it to the output from OpenBSD and tried to find the magic register writes that enabled the second speaker. After days of combing through the logs and annotating them by looking up hex values in the documentation, diffing runtime register values, and even brute-forcing it by mechanically duplicating all PCI I/O activity in the OpenBSD driver, nothing would activate the right speaker. One strange thing that I noticed was if I booted Windows 10 in QEMU and it activated the speaker, then booted OpenBSD in QEMU without resetting the PCI device’s power in-between (as a normal system reboot would do), both speakers worked in OpenBSD and the configuration that the HDA controller presented was different, even without any changes in OpenBSD. A Primer on Intel HDA Most modern computers with integrated sound chips use an Intel High Definition Audio (HDA) Controller device, with one or more codecs (like the Realtek ALC269) hanging off of it. These codecs do the actual audio processing and communicate with DACs and ADCs to send digital audio to the connected speakers, or read analog audio from a microphone and convert it to a digital input stream. In my Huawei Matebook X, this is done through a Realtek ALC298 codec. On OpenBSD, these HDA controllers are supported by the azalia(4) driver, with all of the per-codec details in the lengthy azalia_codec.c file. This file has grown quite large with lots of codec- and machine-specific quirks to route things properly, toggle various GPIO pins, and unmute speakers that are for some reason muted by default. The azalia driver talks to the HDA controller and sets up various buffers and then walks the list of codecs. Each codec supports a number of widget nodes which can be interconnected in various ways. Some of these nodes can be reconfigured on the fly to do things like turning a microphone port into a headphone port. The newer Huawei Matebook X Pro released a few months ago is also plagued with this speaker problem, although it has four speakers and only two work by default. A fix is being proposed for the Linux kernel which just reconfigures those widget pins in the Intel HDA driver. Unfortunately no pin reconfiguration is enough to fix my Matebook X with its two speakers. While reading more documentation on the HDA, I realized there was a lot more activity going on than I was able to see through the PCI tracing. For speed and efficiency, HDA controllers use a DMA engine to transfer audio streams as well as the commands from the OS driver to the codecs. In the output above, the CORBWP=0; size=256 and RIRBRP=0, size=256 indicate the setup of the CORB (Command Output Ring Buffer) and RIRB (Response Input Ring Buffer) each with 256 entries. The HDA driver allocates a DMA address and then writes it to the two CORBLBASE and CORBUBASE registers, and again for the RIRB. When the driver wants to send a command to a codec, such as CORB_GET_PARAMETER with a parameter of COP_VOLUME_KNOB_CAPABILITIES, it encodes the codec address, the node index, the command verb, and the parameter, and then writes that value to the CORB ring at the address it set up with the controller at initialization time (CORBLBASE/CORBUBASE) plus the offset of the ring index. Once the command is on the ring, it does a PCI write to the CORBWP register, advancing it by one. This lets the controller know a new command is queued, which it then acts on and writes the response value on the RIRB ring at the same position as the command (but at the RIRB’s DMA address). It then generates an interrupt, telling the driver to read the new RIRBWP value and process the new results. Since the actual command contents and responses are handled through DMA writes and reads, these important values weren’t showing up in the VFIO PCI trace output that I had gathered. Time to hack QEMU. Logging DMA Memory Values in QEMU Since DMA activity wouldn’t show up through QEMU’s VFIO tracing and I obviously couldn’t get Windows to dump these values like I could in OpenBSD, I could make QEMU recognize the PCI write to the CORBWP register as an indication that a command has just been written to the CORB ring. My custom hack in QEMU adds some HDA awareness to remember the CORB and RIRB DMA addresses as they get programmed in the controller. Then any time a PCI write to the CORBWP register is done, QEMU fetches the new CORB command from DMA memory, decodes it into the codec address, node address, command, and parameter, and prints it out. When a PCI read of the RIRBWP register is requested, QEMU reads the response and prints the corresponding CORB command that it stored earlier. With this hack in place, I now had a full log of all CORB commands and RIRB responses sent to and read from the codec: An early version of this patch left me stumped for a few days because, even after submitting all of the same CORB commands in OpenBSD, the second speaker still didn’t work. It wasn’t until re-reading the HDA spec that I realized the Windows driver was submitting more than one command at a time, writing multiple CORB entries and writing a CORBWP value that was advanced by two. This required turning my CORB/RIRB reading into a for loop, reading each new command and response between the new CORBWP/RIRBWP value and the one previously seen. Sure enough, the magic commands to enable the second speaker were sent in these periods where it submitted more than one command at a time. Minimizing the Magic The full log of VFIO PCI activity from the Windows driver was over 65,000 lines and contained 3,150 CORB commands, which is a lot to sort through. It took me a couple more days to reduce that down to a small subset that was actually required to activate the second speaker, and that could only be done through trial and error: Boot OpenBSD with the full list of CORB commands in the azalia driver Comment out a group of them Compile kernel and install it, halt the QEMU guest Suspend and wake the laptop, resetting PCI power to the audio device to reset the speaker/Dolby initialization and ensure the previous run isn’t influencing the current test (I’m guessing there is an easier to way to reset PCI power than suspending the laptop, but oh well) Start QEMU, boot OpenBSD with the new kernel Play an MP3 with mpg123 which has alternating left- and right-channel audio and listen for both channels to play This required a dozen or so iterations because sometimes I’d comment out too many commands and the right speaker would stop working. Other times the combination of commands would hang the controller and it wouldn’t process any further commands. At one point the combination of commands actually flipped the channels around so the right channel audio was playing through the left speaker. The Result After about a week of this routine, I ended up with a list of 662 CORB commands that are needed to get the second speaker working. Based on the number of repeated-but-slightly-different values written with the 0x500 and 0x400 commands, I’m guessing this is some kind of training data and that this is doing the full Dolby/Atmos system initialization, not just turning on the second speaker, but I could be completely wrong. In any case, the stereo sound from OpenBSD is wonderful now and I can finally stop downmixing everything to mono to play from the left speaker. In case you ever need to do this, sndiod can be run with -c 0:0 to reduce the channels to one. Due to the massive size of the code needed for this quirk, I’m not sure if I’ll be committing it upstream in OpenBSD or just saving it for my own tree. But at least now the hardware support chart for my Matebook is all yeses for the things I care about. I’ve also updated the Linux bug report that I opened before venturing down this path, hoping one of the maintainers of that HDA code that works at Intel or Realtek knew of a solution I could just port to OpenBSD. I’m curious to see what they’ll do with it. Why BSD/OS is the best candidate for being the only tested legally open UNIX Introduction The UNIX® system is an old operating system, possibly older than many of the readers of this post. However, despite its age, it still has not been open sourced completely. In this post, I will try to detail which parts of which UNIX systems have not yet been open sourced. I will focus on the legal situation in Germany in particular, taking it representative of European law in general – albeit that is a stretch, knowing the diversity of European jurisdictions. Please note that familiarity with basic terms of copyright law is assumed. Ancient UNIX The term “Ancient UNIX” refers to the versions of UNIX up to and including Seventh Edition UNIX (1979) including the 32V port to the VAX. Ancient UNIX was created at Bell Laboratories, a subsidiary of AT&T at the time. It was later transferred of the AT&T UNIX Support Group, then AT&T Information Systems and finally the AT&T subsidiary UNIX System Laboratories, Inc. (USL). The legal situation differs between the United States of America and Germany. In a ruling as part of the UNIX System Laboratories, Inc. v. Berkeley Software Design, Inc. (USL v. BSDi) case, a U.S. court found that USL had no copyright to the Seventh Edition UNIX system and 32V – arguably, by extension, all earlier versions of Ancient UNIX as well – because USL/AT&T had failed to affix copyright notices and could not demonstrate a trade secret. Due to the obsessive tendency of U.S. courts to consider themselves bound to precedents (cf. the infamous Pierson v. Post case), it can be reasonably expected that this ruling would be honored and applied in subsequent cases. Thus under U.S. law, Ancient UNIX can be safely assumed to belong in the public domain. The situation differs in Germany. Unlike the U.S., copyright never needed registration in order to exist. Computer programs are works in the sense of the German 1965 Act on Copyright and Related Rights (Copyright Act, henceforth CopyA) as per CopyA § 2(1) no. 1. Even prior to the amendment of CopyA § 2(1) to include computer programs, computer programs have been recognized as copyrightable works by the German Supreme Court (BGHZ 112, 264 Betriebssystem, no. 19); CopyA § 137d(1) rightly clarifies that. The copyright holder at 1979 would still have been USL via Bell Labs and AT&T. Copyright of computer programs is transferred to the employer upon creation under CopyA § 69(1). Note that this does not affect expiry (Daniel Kaboth/Benjamin Spies, commentary on CopyA §§ 69a‒69g, in: Hartwig Ahlberg/Horst-Peter Götting (eds.), Urheberrecht: UrhG, KUG, VerlG, VGG, Kommentar, 4th ed., C. H. Beck, 2018, no. 16 ad CopyA § 69b; cf. Bundestag-Drucksache [BT-Drs.] 12/4022, p. 10). Expiry occurs 70 years after the death of the (co-)author that died most recently as per CopyA § 65(1) and 64; this has been the case since at least the 1960s, meaning there is no way for copyright to have expired already (old version, as per Bundesgesetzblatt Part I No. 51 of September 16, 1965, pp. 1273‒1294). In Germany, private international law applies the so-called “Territorialitätsprinzip” for intellectual property rights. This means that the effect of an intellectual property right is limited to the territory of a state (Anne Lauber-Rönsberg, KollisionsR, in: Hartwig Ahlberg/Horst-Peter Götting (eds.), ibid., pp. 2241 et seqq., no. 4). Additionally, the “Schutzlandprinzip” applies; this means that protection of intellectual property follows the lex loci protectionis, i.e. the law of the country for which protection is sought (BGH GRUR 2015, 264 HiHotel II, no. 25; BGH GRUR 2003, 328 Sender Felsberg, no. 24), albeit this is criticized in parts of doctrine (Lauber-Rönsberg, ibid., no. 10). The “Schutzlandprinzip” requires that the existence of an intellectual property right be verified as well (BGH ZUM 2016, 522 Wagenfeld-Leuchte II, no. 19). Thus, in Germany, copyright on Ancient UNIX is still alive and well. Who has it, though? A ruling by the U.S. Court of Appeals, Tenth Circuit, in the case of The SCO Group, Inc. v. Novell, Inc. (SCO v. Novell) in the U.S. made clear that Novell owns the rights to System V – thus presumably UNIX System III as well – and Ancient UNIX, though SCO acquired enough rights to develop UnixWare/OpenServer (Ruling 10-4122 [D.C. No. 2:04-CV-00139-TS], pp. 19 et seq.). Novell itself was purchased by the Attachmate Group, which was in turn acquired by the COBOL vendor Micro Focus. Therefore, the rights to SVRX and – outside the U.S. – are with Micro Focus right now. If all you care about is the U.S., you can stop reading about Ancient UNIX here. So how does the Caldera license factor into all of this? For some context, the license was issued January 23, 2002 and covers Ancient UNIX (V1 through V7 including 32V), specifically excluding System III and System V. Caldera, Inc. was founded in 1994. The Santa Cruz Operation, Inc. sold its rights to UNIX to Caldera in 2001, renamed itself to Tarantella Inc. and Caldera renamed itself The SCO Group. Nemo plus iuris ad alium transferre potest quam ipse habet; no one can transfer more rights than he has. The question now becomes whether Caldera had the rights to issue the Caldera license. I’ve noted it above but it needs restating: Foreign decisions are not necessarily accepted in Germany due to the “Territorialitätsprinzip” and “Schutzlandprinzip” – however, I will be citing a U.S. ruling for its assessment of the facts for the sake of simplicity. As per ruling 10-4122, “The district court found the parties intended for SCO to serve as Novell’s agent with respect to the old SVRX licenses and the only portion of the UNIX business transferred outright under the APA [asset purchase agreement] was the ability to exploit and further develop the newer UnixWare system. SCO was able to protect that business because it was able to copyright its own improvements to the system. The only reason to protect the earlier UNIX code would be to protect the existing SVRX licenses, and the court concluded Novell retained ultimate control over that portion of the business under the APA.” The relevant agreements consist of multiple pieces: the base Asset Purchase Agreement “APA” (Part I) the base Asset Purchase Agreement “APA” (Part II) the Operating Agremeent and Amendment 1 to the APA the Amendment 2 to the APA The APA dates September 19, 1995, from before the Caldera license. Caldera cannot possibly have acquired rights that The Santa Cruz Operation, Inc. itself never had. Furthermore, I’ve failed to find any mention of Ancient UNIX; all that is transferred is rights to SVRX. Overall, I believe that the U.S. courts’ assesment of the facts represents the situation accurately. Thus for all intents and purposes, UNIX up to and including System V remained with Novell/Attachmate/Micro Focus. Caldera therefore never had any rights to Ancient UNIX, which means it never had the rights to issue the Caldera license. The Caldera license is null and void – in the U.S. because the copyright has been lost due to formalities, everywhere else because Caldera never had the rights to issue it. The first step to truly freeing UNIX would this be to get Micro Focus to re-issue the Caldera license for Ancient UNIX, ideally it would now also include System III and System V. BSD/OS Another operating system near UNIX is of interest. The USL v. BSDi lawsuit includes two parties: USL, which we have seen above, and Berkeley Software Design, Inc. BSDi sold BSD/386 (later BSD/OS), which was a derivative of 4.4BSD. The software parts of the BSDi company were acquired by Wind River Systems, whereas the hardware parts went to iXsystems. Copyright is not disputed there, though Wind River Systems ceased selling BSD/OS products 15 years ago, in 2003. In addition, Wind River System let their trademark on BSD expire, though this is without consequence for copyright. BSD/OS is notable in the sense that it powered much of early internet infrastructure. Traces of its legacy can still be found on Richard Stevens’ FAQ. To truly make UNIX history free, BSD/OS would arguably also need to see a source code release. BSD/OS at least in its earliest releases under BSDi would ship with source code, though under a non-free license, far from BSD or even GPL licensing. System V The fate of System V as a whole is difficult to determine. Various licenses have been granted to a number of vendors (Dell UNIX comes to mind; HP for HP-UX, IBM for AIX, SGI UNIX, etc.). Sun released OpenSolaris – notoriously, Oracle closed the source to Solaris again after its release –, which is a System V Release 4 descendant. However, this means nothing for the copyright or licensing status of System V itself. Presumably, the rights with System V still remain with Novell (now Micro Focus): SCO managed to sublicense rights to develop and sell UnixWare/OpenServer, themselves System V/III descendants, to unXis, Inc. (now known as Xinuos, Inc.), which implies that Xinuos is not the copyright holder of System V. Obviously, to free UNIX, System V and its entire family of descendants would also need to be open sourced. However, I expect tremendous resistance on part of all the companies mentioned. As noted in the “Ancient UNIX” section, Micro Focus alone would probably be sufficient to release System V, though this would mean nothing for the other commercial System V derivatives. Newer Research UNIX The fate of Bell Labs would be a different one; it would go on to be purchased by Lucent, now part of Nokia. After commercial UNIX got separated out to USL, Research UNIX would continue to exist inside of Bell Labs. Research UNIX V8, V9 and V10 were not quite released by Alcatel-Lucent USA Inc. and Nokia in 2017. However, this is merely a notice that the companies involved will not assert their copyrights only with respect to any non-commercial usage of the code. It is still not possible, over 30 years later, to freely use the V8 code. Conclusion In the U.S., Ancient UNIX is freely available. People located everywhere else, however, are unable to legally obtain UNIX code for any of the systems mentioned above. The exception being BSD/OS, assuming a purchase of a legitimate copy of the source code CD. This is deeply unsatisfying and I implore all involved companies to consider open sourcing (preferably under a BSD-style license) their code older than a decade, if nothing else, then at least for the sake of historical purposes. I would like to encourage everybody reading this to consider reaching out to Micro Focus and Wind River Systems about System V and BSD/OS, respectively. Perhaps the masses can change their minds. A small note about patents: Some technologies used in newer iterations of the UNIX system (in particular the System V derivatives) may be encumbered with software patents. An open source license will not help against patent infringement claims. However, the patents on anything used in the historical operating systems will certainly have expired by now. In addition, European readers can ignore this entirely – software patents just aren’t a thing. OpenBGPD - Adding Diversity to the Route Server Landscape Introduction As of last year, there was effectively only a single solution in the Route Server vendor market: the BIRD Internet routing daemon. NIC.CZ (the organisation developing BIRD) has done fantastic work on maintaining their BGP-4 implementation, however, it’s not healthy to have virtually every Internet Exchange Point (IXP) in the RIPE NCC service region depend on a single open source project. The current situation can be compared to the state of the DNS root nameservers back in 2002 - their dependence on the BIND nameserver daemon and the resulting development of NSD as an alternative by NLnet, in cooperation with the RIPE NCC. OpenBGPD used to be one of the most popular Route Server implementations until the early 2010s. OpenBGPD’s main problem was that its performance couldn’t keep up with the Internet’s growth, so it lost market share. An analysis by Job Snijders suggested that a modernised OpenBGPD distribution would be a most viable option to regain diversity on the Route Server level. Missing features in OpenBGPD The following main missing features were identified in OpenBGPD: Performance In previous versions of OpenBGPD, the filtering performance didn’t allow proper filtering of all EBGP sessions. Current best practice at IXP Route Servers is to carefully evaluate and validate of all routes learned from EBGP peers. The OpenBGPD ruleset required to do correct filtering (in many deployment scenarios) was simply too lengthy - and negatively impacted service performance during configuration reloads. While filtering performance is the biggest bottleneck, general improvements to the Routing Information Base were also made to improve scalability. IXP Route Servers with a few hundred peering sessions are commonplace and adding new sessions shouldn’t impact the Route Servers’ service to other peers. We found that performance was the most pressing issue that needed to be tackled. Lack of RPKI Origin Validation As we’ve seen, Internet operators are moving to adopt RPKI based BGP Origin Validation. While it was theoretically possible to emulate RFC 6811-style Origin Validation in previous versions of OpenBGPD, the required configuration wasn’t optimised for performance and wasn’t user friendly. We believe that BGP Origin Validation should be as easy as possible - this requires BGP-4 vendors to implement native, optimised routines for Origin Validation. Of course, enabling Origin Validation shouldn’t have an impact on performance either when processing BGP updates or when updating the Route Origin Authorisation (ROA) table itself. Portability OpenBGPD is an integral part of OpenBSD, but IXPs may prefer to run their services infrastructure on an operating system of their choice. Making sure that there’s a portable OpenBGPD version which follows the OpenBSD project release cycle will give IXPs this option. Development steps By addressing the issues mentioned above, we could bring back OpenBGPD as a viable Route Server implementation. Since I was one of the core OpenBGPD developers, I was asked if I wanted to pick up this project again. Thanks to the funding from the RIPE NCC Project Fund, this was possible. Starting in June 2018, I worked full time on this important community project. Over the last few months, many of the problems are already addressed and are now part of the OpenBSD 6.4 release. So far, 154 commits were made to OpenBGPD during the 6.4 development cycle - around 8% of all commits ever to OpenBGPD! This shows that due to funding and dedicated resources, a lot of work could be pushed into the latest release of OpenBGPD. OpenBGPD 6.4 The OpenBGPD version, as part of OpenBSD 6.4 release, demonstrates great progress. Even though there have been many changes to the core of OpenBGPD, the released version is as solid and reliable as previous releases and the many bug fixes and improvements make this the best OpenBGPD release so far. The changes in the filter language allow users to write more efficient rulesets while the introduction of RPKI origination validation fixes an important missing feature. For IXPs, OpenBGPD now is an alternative again. There are still open issues, but the gap is closing! Feature highlights The following changes should be highlighted: Introduction of background soft-reconfiguration on config reload. Running the soft-reconfiguration task in the background allows for new updates and withdraws to be processed at the same time. This improves convergence time - one of the key metrics for Route Servers. BGP Origin Validation when a roa-set is configured Every EBGP route announcement is validated against the locally configured VRP table entries. Depending on the validation process’s outcome, the validation state is set to valid, invalid or not found. The filter language has been extended to allow checking for the origin validation state, and thanks to this, it is possible to deny invalid prefixes or regard valid prefixes different to the ones that aren’t found. The roa-set table is read from the configuration file and updated during configuration reloads. On production systems reloading the roa-set and applying it to all prefixes is done in a couple of seconds. Fast prefix-set lookups In OpenBSD 6.3 prefix-sets got introduced in OpenBGPD. A prefix-set combines many prefix lookups into a single filter rule. The original implementation wasn’t optimised but now a fast trie lookup is used. Thanks to this, large IRR DB prefix tables can now be implemented efficiently. Introduction of as-sets Similar to prefix-sets, as-sets help group many AS numbers into a single lookup. Thanks to this, large IRR DB origin AS tables can be implemented efficiently. Introduction of origin-sets Looking at the configurations of Route Servers doing full filtering, it was noticed that a common lookup was binding a prefix to an origin AS - similar to how a roa-set is used for RPKI. These origin-set tables are used to extend the IRR prefix lookup and generated from alternative sources. Improving third party tools Users can only benefit from the changes introduced in OpenBGPD 6.4 when the surrounding 3rd party tools are adjusted accordingly. Two opensource projects such as bgpq3 and arouteserver are frequently used by network operators and IXPs to generate BGP configurations. Thanks to our contributions to those projects, we were able to get them ready for all the new features in OpenBGPD. bgpq3 was extended to create as-set and prefix-set tables based on IRR DB entries. This is replacing the old way of doing the same with a large amount of filter rules. Thanks to the quick response from the bgpq3 maintainer, it was possible to ship OpenBSD 6.4 with a bgpq3 package that includes all the new features. arouteserver was adjusted to implement RPKI roa-set, as-set, prefix-set, and origin-set to generate a much better-performing configurations for the 6.4 version. With the v0.20.0 release of arouteserver, IXPs are able to generate an OpenBGPD configuration which is a ton faster but also implements the new functionalities. Looking at YYCIX (the resident IXP in Calgary, Canada) the ruleset generated by arouteserver was reduced from 370,000 rules to well under 6,000 rules. This resulted in the initial convergence time dropping from over 1 hour to less than 2 minutes, and subsequent configuration reloads are hitless and no longer noticeable. What still needs to be done A sizeable chunk of work still left on the table is the rework of the RIB data structures in OpenBGPD - these haven’t been changed since the initial design of OpenBGPD in 2003. There’s currently ongoing work (in small steps, to avoid jeopardising the stability of OpenBGPD) to modernise these data-structures. The goal is to provide better decoupling of the filter step from storing RIB database changes, to pave the way to multi-threaded operations at a later point. Looking forward Job Snijders oversaw this year’s fundraising and project management, he adds: It’s been incredibly productive to create an environment where a core developer is allowed to work full time on the OpenBGPD code base. However, it’s important to note there still is room for a number of new features to help improve its operational capabilities (such as BMP, RFC 7313, ADD_PATH, etc). It’d be beneficial to the Internet community at large if we can extend Claudio Jeker’s involvement for another year. Open source software doesn’t grow on trees! Strategic investments are the only way to keep OpenBGPD’s roadmap aligned with Internet growth and operator requirements. Beastie Bits DragonFly - git: annotated tag v5.5.0 created Torchlight 2 on NetBSD Older, but still good USENIX Login Article on Capsicum The Super Capsicumizer 9000 Dedicated and Virtual Server PXE provisioning tool Cirrus CI have announced FreeBSD support NetBSD PineBook Gameplay BSDCan 2019 CfP is out Allan’s first ZFS array, Zulu, turned 7 years old on Nov 29th Feedback/Questions Malcom - Installing Drivers in Development Samir - Introduction to ZFS Newnix - Drive Failures Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

Panel Brendan Eich Joe Eames Aaron Frost AJ ONeal Jamison Dance Tim Caswell Charles Max Wood Discussion 01:57 – Brendan Eich Introduction JavaScript [Wiki] Brendan Eich [Wiki] 02:14 – Origin of JavaScript Java Netscape Jim Clark Marc Andreesen NCSA Mosaic NCSA HTTPd Lynx (Web Browser) Lou Montulli Silicon Graphics Kernel Tom Paquin Kipp Hickman MicroUnity Sun Microsystems Andreas Bechtolsheim Bill Joy Sun-1 Scheme Programming Language Structure and Interpretation of Computer Programs – 2nd Edition (MIT Electrical Engineering and Computer Science) by Harold Abelson, Gerald Jay Sussman & Julie Sussman Guy Steele Gerald Sussman SPDY Rob McCool Mike McCool Apache Mocha Peninsula Creamery, Palo Alto, CA Main () and Other Methods (C# vs Java) Static in Java, Static Variables, Static Methods, Static Classes 10:38 – Other Languages for Programmers Visual Basic Chrome Blacklist Firefox 12:38 – Naming JavaScript and Writing VMs Canvas Andrew Myers 16:14 – Envisioning JavaScript’s Platform Web 2.0 AJAX Hidaho Design Opera Mozilla Logo Smalltalk Self HyperTalk Bill Atkinson HyperCard Star Wars Trench Run 2.0 David Ungar Craig Chambers Lars Bak Strongtalk TypeScript HotSpot V8 Dart Jamie Zawinski 24:42 – Working with ECMA Bill Gates Blackbird Spyglass Carl Cargill Jan van den Beld Philips Mike Cowlishaw Borland David M. Gay ECMAScript Lisp Richard Gabriel 31:26 – Naming Mozilla Jamie Zawinski Godzilla 31:57 – Time-Outs 32:53 – Functions Clojure John Rose Oracle Scala Async.io 38:37 – XHR and Microsoft Flash Hadoop Ricardo Jenez Ken Smith Brent Noorda Ray Noorda .NET Shon Katzenberger Anders Hejlsberg NCSA File Formats 45:54 – SpiderMonkey Chris Houck Brendan Eich and Douglas Crockford – TXJS 2010 Douglas Crockford JavaScript: The Good Parts by Douglas Crockford TXJS.com ActionScript Flex Adobe E4X BEA Systems John Schneider Rhino JScript roku Waldemar Horwat Harvard Putnam Math Competition Chris Wilson Silverlight Allen Wirfs-Brock NDC Oslo 2014 JSConf Brendan JSConf Talks 59:58 – JavaScript and Mozilla GIP SSLeay Eric A. Young Tim Hudson Digital Styles Raptor Gecko ICQ and AIM PowerPlant CodeWarrior Camino David Hyatt Lotus Mitch Kapor Ted Leonsis Mitchell Baker David Baren Phoenix Tinderbox Harmony 1:14:37 – Surprises with Evolution of JavaScript Ryan Dahl node.js Haskell Elm Swift Unity Games Angular Ember.js Dojo jQuery react ClojureScript JavaScript Jabber Episode #107: ClojureScript & Om with David Nolen MVC 01:19:43 – Angular’s HTML Customization Sweet.js JavaScript Jabber Episode #039: Sweet.js with Tim Disney TC39 Rick Waldron 01:22:27 – Applications with JavaScript SPA’s Shumway Project IronRuby 01:25:45 – Future of Web and Frameworks LLVM Chris Lattner Blog Epic Games Emscripten Autodesk PortableApps WebGL 01:29:39 – ASM.js Dart.js John McCutchen Monster Madness Anders Hejlsberg, Steve Lucco, Luke Hoban: TypeScript 0.9 – Generics and More (Channel 9, 2013) Legacy 01:32:58 – Brendan’s Future with JavaScript Picks hapi.js (Aaron) JavaScript Disabled: Should I Care? (Aaron) Aaron’s Frontend Masters Course on ES6 (Aaron) Brendan’s “Cool Story Bro” (AJ) [YouTube] Queen – Don't Stop Me Now (AJ) Trending.fm (AJ) WE ARE DOOMED soundtrack EP by Robby Duguay (Jamison) Hohokum Soundtrack (Jamison) Nashville Outlaws: A Tribute to Mötley Crüe (Joe) Audible (Joe) Stripe (Chuck) Guardians of the Galaxy (Brendan)

Panel Brendan Eich Joe Eames Aaron Frost AJ ONeal Jamison Dance Tim Caswell Charles Max Wood Discussion 01:57 – Brendan Eich Introduction JavaScript [Wiki] Brendan Eich [Wiki] 02:14 – Origin of JavaScript Java Netscape Jim Clark Marc Andreesen NCSA Mosaic NCSA HTTPd Lynx (Web Browser) Lou Montulli Silicon Graphics Kernel Tom Paquin Kipp Hickman MicroUnity Sun Microsystems Andreas Bechtolsheim Bill Joy Sun-1 Scheme Programming Language Structure and Interpretation of Computer Programs – 2nd Edition (MIT Electrical Engineering and Computer Science) by Harold Abelson, Gerald Jay Sussman & Julie Sussman Guy Steele Gerald Sussman SPDY Rob McCool Mike McCool Apache Mocha Peninsula Creamery, Palo Alto, CA Main () and Other Methods (C# vs Java) Static in Java, Static Variables, Static Methods, Static Classes 10:38 – Other Languages for Programmers Visual Basic Chrome Blacklist Firefox 12:38 – Naming JavaScript and Writing VMs Canvas Andrew Myers 16:14 – Envisioning JavaScript’s Platform Web 2.0 AJAX Hidaho Design Opera Mozilla Logo Smalltalk Self HyperTalk Bill Atkinson HyperCard Star Wars Trench Run 2.0 David Ungar Craig Chambers Lars Bak Strongtalk TypeScript HotSpot V8 Dart Jamie Zawinski 24:42 – Working with ECMA Bill Gates Blackbird Spyglass Carl Cargill Jan van den Beld Philips Mike Cowlishaw Borland David M. Gay ECMAScript Lisp Richard Gabriel 31:26 – Naming Mozilla Jamie Zawinski Godzilla 31:57 – Time-Outs 32:53 – Functions Clojure John Rose Oracle Scala Async.io 38:37 – XHR and Microsoft Flash Hadoop Ricardo Jenez Ken Smith Brent Noorda Ray Noorda .NET Shon Katzenberger Anders Hejlsberg NCSA File Formats 45:54 – SpiderMonkey Chris Houck Brendan Eich and Douglas Crockford – TXJS 2010 Douglas Crockford JavaScript: The Good Parts by Douglas Crockford TXJS.com ActionScript Flex Adobe E4X BEA Systems John Schneider Rhino JScript roku Waldemar Horwat Harvard Putnam Math Competition Chris Wilson Silverlight Allen Wirfs-Brock NDC Oslo 2014 JSConf Brendan JSConf Talks 59:58 – JavaScript and Mozilla GIP SSLeay Eric A. Young Tim Hudson Digital Styles Raptor Gecko ICQ and AIM PowerPlant CodeWarrior Camino David Hyatt Lotus Mitch Kapor Ted Leonsis Mitchell Baker David Baren Phoenix Tinderbox Harmony 1:14:37 – Surprises with Evolution of JavaScript Ryan Dahl node.js Haskell Elm Swift Unity Games Angular Ember.js Dojo jQuery react ClojureScript JavaScript Jabber Episode #107: ClojureScript & Om with David Nolen MVC 01:19:43 – Angular’s HTML Customization Sweet.js JavaScript Jabber Episode #039: Sweet.js with Tim Disney TC39 Rick Waldron 01:22:27 – Applications with JavaScript SPA’s Shumway Project IronRuby 01:25:45 – Future of Web and Frameworks LLVM Chris Lattner Blog Epic Games Emscripten Autodesk PortableApps WebGL 01:29:39 – ASM.js Dart.js John McCutchen Monster Madness Anders Hejlsberg, Steve Lucco, Luke Hoban: TypeScript 0.9 – Generics and More (Channel 9, 2013) Legacy 01:32:58 – Brendan’s Future with JavaScript Picks hapi.js (Aaron) JavaScript Disabled: Should I Care? (Aaron) Aaron’s Frontend Masters Course on ES6 (Aaron) Brendan’s “Cool Story Bro” (AJ) [YouTube] Queen – Don't Stop Me Now (AJ) Trending.fm (AJ) WE ARE DOOMED soundtrack EP by Robby Duguay (Jamison) Hohokum Soundtrack (Jamison) Nashville Outlaws: A Tribute to Mötley Crüe (Joe) Audible (Joe) Stripe (Chuck) Guardians of the Galaxy (Brendan)

Panel Brendan Eich Joe Eames Aaron Frost AJ ONeal Jamison Dance Tim Caswell Charles Max Wood Discussion 01:57 – Brendan Eich Introduction JavaScript [Wiki] Brendan Eich [Wiki] 02:14 – Origin of JavaScript Java Netscape Jim Clark Marc Andreesen NCSA Mosaic NCSA HTTPd Lynx (Web Browser) Lou Montulli Silicon Graphics Kernel Tom Paquin Kipp Hickman MicroUnity Sun Microsystems Andreas Bechtolsheim Bill Joy Sun-1 Scheme Programming Language Structure and Interpretation of Computer Programs – 2nd Edition (MIT Electrical Engineering and Computer Science) by Harold Abelson, Gerald Jay Sussman & Julie Sussman Guy Steele Gerald Sussman SPDY Rob McCool Mike McCool Apache Mocha Peninsula Creamery, Palo Alto, CA Main () and Other Methods (C# vs Java) Static in Java, Static Variables, Static Methods, Static Classes 10:38 – Other Languages for Programmers Visual Basic Chrome Blacklist Firefox 12:38 – Naming JavaScript and Writing VMs Canvas Andrew Myers 16:14 – Envisioning JavaScript’s Platform Web 2.0 AJAX Hidaho Design Opera Mozilla Logo Smalltalk Self HyperTalk Bill Atkinson HyperCard Star Wars Trench Run 2.0 David Ungar Craig Chambers Lars Bak Strongtalk TypeScript HotSpot V8 Dart Jamie Zawinski 24:42 – Working with ECMA Bill Gates Blackbird Spyglass Carl Cargill Jan van den Beld Philips Mike Cowlishaw Borland David M. Gay ECMAScript Lisp Richard Gabriel 31:26 – Naming Mozilla Jamie Zawinski Godzilla 31:57 – Time-Outs 32:53 – Functions Clojure John Rose Oracle Scala Async.io 38:37 – XHR and Microsoft Flash Hadoop Ricardo Jenez Ken Smith Brent Noorda Ray Noorda .NET Shon Katzenberger Anders Hejlsberg NCSA File Formats 45:54 – SpiderMonkey Chris Houck Brendan Eich and Douglas Crockford – TXJS 2010 Douglas Crockford JavaScript: The Good Parts by Douglas Crockford TXJS.com ActionScript Flex Adobe E4X BEA Systems John Schneider Rhino JScript roku Waldemar Horwat Harvard Putnam Math Competition Chris Wilson Silverlight Allen Wirfs-Brock NDC Oslo 2014 JSConf Brendan JSConf Talks 59:58 – JavaScript and Mozilla GIP SSLeay Eric A. Young Tim Hudson Digital Styles Raptor Gecko ICQ and AIM PowerPlant CodeWarrior Camino David Hyatt Lotus Mitch Kapor Ted Leonsis Mitchell Baker David Baren Phoenix Tinderbox Harmony 1:14:37 – Surprises with Evolution of JavaScript Ryan Dahl node.js Haskell Elm Swift Unity Games Angular Ember.js Dojo jQuery react ClojureScript JavaScript Jabber Episode #107: ClojureScript & Om with David Nolen MVC 01:19:43 – Angular’s HTML Customization Sweet.js JavaScript Jabber Episode #039: Sweet.js with Tim Disney TC39 Rick Waldron 01:22:27 – Applications with JavaScript SPA’s Shumway Project IronRuby 01:25:45 – Future of Web and Frameworks LLVM Chris Lattner Blog Epic Games Emscripten Autodesk PortableApps WebGL 01:29:39 – ASM.js Dart.js John McCutchen Monster Madness Anders Hejlsberg, Steve Lucco, Luke Hoban: TypeScript 0.9 – Generics and More (Channel 9, 2013) Legacy 01:32:58 – Brendan’s Future with JavaScript Picks hapi.js (Aaron) JavaScript Disabled: Should I Care? (Aaron) Aaron’s Frontend Masters Course on ES6 (Aaron) Brendan’s “Cool Story Bro” (AJ) [YouTube] Queen – Don't Stop Me Now (AJ) Trending.fm (AJ) WE ARE DOOMED soundtrack EP by Robby Duguay (Jamison) Hohokum Soundtrack (Jamison) Nashville Outlaws: A Tribute to Mötley Crüe (Joe) Audible (Joe) Stripe (Chuck) Guardians of the Galaxy (Brendan)

Episode 228: ControlTalk NOW — Smart Buildings VideoCast|PodCast for week ending June 19, 2017 was recorded in San Diego, CA, at the RealComm|IBcon 2017 event. Join guest host Marc Petock and three special interviews, muRata’s Tom Takesian, Memoori’s Jim McHale, and Intelligent Buildings’ Rob Murchinson as we discuss some of the most prominent take-aways from the show. Congratulations to Lynxspring’s JENEsys IoT Edge Controller for winning the 2017 RealComm Digie Award BEST TECH INNOVATION INTELLIGENT BUILDINGS. CTN 228 ControlTalk Now Live From IBcon Week Ending June 18, 2017 from Eric Stromquist on Vimeo. RealComm|IBcon Pre-Conference Event Opens with CRE Cybersecurity Forum in San Diego. ControlTrends is joined by Ken Sinclair, owner and editor of AutomatedBuildings.com and Therese Sullivan, editor of BuildingContrext.me, as we review some of the highlights of RealComm|IBcon’s Day 1, starting with the CRE Cybersecurity Forum, which brought the best cybersecurity minds in the business together — to address the most impactful cyber threats, share their wealth of industry experience and knowledge, and help attendees set cybersecurity benchmarks and strategies for their organizations. RealComm|IBcon 2017 General Session Conference Kickoff: Technology – Yesterday, Today and Tomorrow – The Pace Increases! Keynote speaker Larry Smarr gave a humorous and mind-blowing summary of technology’s past, present, and future. Larry is the founding Director of the California Institute for Telecommunications and Information Technology (Calit2), a UC San Diego and UC Irvine Partnership. He began his research career nearly 50 years ago in relativistic astrophysics and in 1985 became the founding director of the National Center for Supercomputing Applications (NCSA) at UIUC, birthplace of NCSA Mosaic which drove the Web. RealComm|IBcon 2017 Sets New Industry Precedents — DAY 3, Smart Buildings Best Practices Showcase, Vendor Show, & Educational Breakouts. Jim Young, Howard Berger, Lisa Woods, and team RealComm continue to set the new and significant standards in the Professional Trade Show, Networking, and Educational environment. It was all there, teed up for your ease of attenance: Cyber – IT and Real Estate Information, Real Estate Investment Management, The Changing Workforce, Innovation Tech Tours, and so much more! Stay tuned for more ControlTrends video coverage of this amazing event. ControlTalk NOW first interview is muRata’s Tom Takesian. Murata is a global leader in the design, manufacture and supply of advanced electronic materials, leading edge electronic components, and multi-functional, high-density modules. Murata innovations can be found in a wide range of applications from mobile phones to home appliances, and automotive applications to energy management systems and healthcare devices. ControlTalk NOW second interview is with Memoori’s Jim McHale, the Managing Director, Owner & Founder. Memoori is a consultancy company based in Stockholm providing independent market research, business intelligence and advice on Smart Building technologies. Memoori presents a brand new report, building on our portfolio of building technology related research. This independent study makes an objective assessment of the Prospects for the Internet of Things market in Smart Buildings from 2016 to 2021. ControlTalk NOW’s third interview is Rob Murchinson of Intelligent Buildings, LLC. Intelligent Buildings, LLC is a Smart Real Estate professional services company. About Intelligent Buildings, LLC: We provide planning and implementation management of next generation strategy for new building projects, existing portfolio optimization and smart community development. Additionally, we consult with future-minded solution providers who seek to be more attuned to owner’s next generation strategy, including product development and go-to market strategy. The post Episode 228: ControlTalk NOW — Smart Buildings VideoCast|PodCast for Week Ending June 19, 2017 appeared first on ControlTrends.

Das Internet eine Textwüste! So war das früher. Doch dann gab es neben Text auch wie eingebettete Grafiken oder interaktive Elemente anzeigen. Und das als Freeware! Autorin: Yvonne Maier

Recorded 5 April 2013. You can download the m4a file. Brent and Michael talk to Nick Bradbury, author of HomeSite, TopStyle, FeedDemon, and Glassboard. This episode is sponsored by Windows Azure Mobile Services. Want to provide syncing and web services for your iOS apps? Check out Mobile Services. Leave the headaches of running a server to Microsoft while you concentrate on writing the parts that make your app awesome. Some things we mention: Nick Bradbury FeedDemon TopStyle HomeSite NewsGator Google Reader Android Sepia Labs TRS-80 Commodore 64 Knoxville, TN NCSA Mosaic Lynx Maelstrom Letterpress Guitar Hero Rock Band iDev 360 Left for Dead Allaire Gnomedex Upstairs, Downstairs Downton Abbey Uptown Downstairs Abbey Part One - Red Nose Day 2011 Uptown Downstairs Abbey Part Two - Red Nose Day 2011 SharePoint Fiddler Google Reader documentation that Nick wrote Nick’s Plan for FeedDemon The Long-Term Failure of Web APIs HockeyApp Google Graveyard Delphi Eclipse Android 4 “Google is getting better at design faster than Apple is getting better at web services.” Game Center Metro/Modern UI Google Maps for iOS Fantastical Glassboard David Kasprzyk (newly-hired iOS developer at NewsGator; Brent’s replacement; the un-Brent-er; cool cat) Queueing Theory Lets Any App Offer A Mailbox-Like Reservation System (Even If It’s Just For Building Buzz) Social Sites To activate the FeedDemon easter egg, type “FeedDemon easter egg” in the address bar.

This keynote will focus on the unique potential offered to web developers - the ability to use the web platform to build compelling applications that reach across different devices, scenarios and environments. In discussing the approaches necessary to deliver great experiences across all these spaces, we will also uncover unique opportunities in a platform that reaches from mobile phones to the biggest display screen in your house. Chris Wilson is a Developer Advocate at Google Inc. He began working on web browsers in 1993 when he co-​​authored the original Windows version of NCSA Mosaic, the first mass-​​market WWW browser. After leaving NCSA in 1994 and spending a year working on the AIRMosaic web browser for SPRY, Inc., he joined Microsoft’s Internet Explorer team as a developer in 1995. Over the course of 15 years, Chris represented Microsoft in many standards working groups, in particular helping develop standards for Cascading Style Sheets, HTML, the Document Object Model and XSL through the W3C working groups. He also developed the first implementation of Cascading Style Sheets in Internet Explorer – the first, in fact, in any mass-​​market web browser. Beginning in 2001, he spent a few years working on the WPF project, but rejoined the IE team in 2004 to lead the IE Platform and Security team, then moved to work on the Javascript engine team in 2009. In 2010, Chris left Microsoft and joined Google’s Developer Relations team, and is currently working on the Google TV project. In his free time, he enjoys photography and hiking with his wife and daughter, and scuba diving in the cool waters of Puget Sound. Occasionally he remembers to share his thoughts on his blog. Follow Chris on Twitter: @cwilso Licensed as Creative Commons Attribution-Share Alike 3.0 (http://creativecommons.org/licenses/by-sa/3.0/).