A new word

Aug. 30th, 2016 11:47 pm
thnidu: road sign: diamond-shaped black on yellow. Animated silhouette of user banging head on keyboard over & over (headbang)
[personal profile] thnidu posting in [community profile] bitesizedcleaning
(Copied from my own page.) Procrastinundation: The condition or feeling of having all the things you've been putting off for who-knows-how-long pile up on you and all need to be taken care of at the same time.
[syndicated profile] aerogram_feed

Posted by Pavani Yalamanchili

via GIPHY

On Sunday night, TV mini-series Night Of ended its run, during which it drew an audience of seven million viewers weekly across all platforms. The critically acclaimed crime drama showcased a gripping performance by actor and rapper Riz Ahmed as Nasir Khan, the Queens, NY, college student charged with the murder of a young woman he met while driving his dad’s taxi without permission.

The night after the finale aired, on The Late Show, Ahmed chatted with host Stephen Colbert. They didn’t dissect the finale episode given Colbert’s fear of spoilers (he’s a fan who hadn’t seen it yet). But they did chat about Ahmed’s experiences filming Rogue One: A Star Wars Story (sans toilet breaks!), and also tapped into a powerful if brief discussion of identity.    

Watch the video of Ahmed’s Late Show appearance below:

Here’s what Ahmed had to say around four minutes into the video clip:

“When I was growing up, I felt like I had to qualify and say I’m British-Pakistani. But I feel in this day and age, this is what British looks like. It looks like me, like Idris Elba. And hopefully through Nasir Khan, people will see that’s what American can look like as well.”

As an actor who is also a rapper, Ahmed has also explored via mixtape what it means to be English today and themes of identity and empire, in Englistan

***

Pavani Yalamanchili is an editor at The Aerogram. Find her on Twitter at @_pavani, and follow The Aerogram at @theaerogram and on Facebook.

The post This Is What British (And American) Looks Like: Riz Ahmed On The Late Show appeared first on The Aerogram.

(no subject)

Aug. 30th, 2016 08:16 pm
cofax7: Smash Williams smiling (FNL - Smash Glee)
[personal profile] cofax7
Some nights you just really have to make macaroni and cheese from scratch. NOM. (At least I cut the recipe in half, and I added sauteed onions in vermouth.)

*

Sonofabitch, I'm going to miss this President.

Nice essay here on Why English is so weird.

The NY Times on climbing monster Alex Honnold. At one level, free-soloing can be seen as the most extreme expression of the same progression: One generation aid-climbs a route, the next climbs it in record time, the next free-climbs it, then it's time for someone to climb it without ropes. But free-soloing is so much more dangerous and frightening, even to highly experienced climbers, that a vast majority want no part of it. [This article appears to have been posted before Dean Potter's death in Yosemite.]

Noted for later:

Biographical essay on Dorothy Sayers.

The Atlantic has an appreciation of Mary Bennett.

I'm impressed by the VeteransforKaepernick hashtag on Twitter. Good stuff.

*

Since I won't remember, I'll do my reading Wednesday now.

Just Finished: The Untold Tale by J. M. Frey. Billed as a meta-portal fantasy. What it was was a bog-standard portal fantasy adventure with a seriously dubious romance (dubious in the sense of dub-con) and a ton of awkward social-justice language, built around multiple two-dimensional characters. I could see a concept worth exploring there, but the execution was poor and I cannot recommend it.

Currently reading: I Capture the Castle because I'm in that kind of mood.

Next up: Probably An American Childhood.

I'm cranky the library has not yet come through with either the new Jemisin or the new Elliott. WTH, library! Gimme!

*

I'm most of the way through the first season of Wynonna Earp. Cannot say it's awesome: it has not caught me the way the first season of SPN did. But one thing I can say for it is that it has multiple female characters with different personalities, who all have their own roles to play in the plot. The Earp sisters are the most important characters in the show. But I could do without the tired love triangle/competition over Wynonna, and I don't find any of the male characters appealing in the least. They're all assholes, even when they're supposed to be the good guys.

Unless the last few episodes really turn the corner, I won't be watching the next season.

OTOH, Steven Universe is making me so happy.

I may give Stranger Things a try, although really I need to watch the 2nd season of Jane the Virgin.

And courtesy of the "beebs" extension on Chrome, I can watch GBBO as it airs! Plus The Chronicles of Nadiya, which I cannot recommend highly enough. Nadiya goes to Bangladesh to visit her family and cook, and it's pretty awesome.

(no subject)

Aug. 30th, 2016 06:25 pm
skygiants: the main cast of Capital Scandal smiling in a black-and-white photo (children of the revolution)
[personal profile] skygiants
A couple weeks ago [personal profile] innerbrat and I finished watching through Hong Gil Dong, frequently sold as 'Korean Robin Hood.'

Hong Gil Dong is one of those kdramas that kicks off at 100% candy-colored slapstick and ends -- fair warning -- at about 100% tragedy, with several unexpected zooms up and down along the scale in the middle.

Hong Gil Dong is the illegitimate son of a nobleman and a slave, who bops around being an asshole to everyone until he a.) gets mixed up in a conspiracy and thus b.) in trying to clear his name accidentally becomes a folk hero and prince of thieves and as a result c.) decides his only choice is to revolutionize the world.

cut for images )

My biggest problem with the show is probably its pacing. The primary narrative arc -- after the first few episodes of 'How Hong Gil Dong Accidentally Becomes A Hero!' -- involves the slow build of Hong Gil Dong's partnership with the prince for the purpose of installing a less oppressive regime, followed by the very heavily foreshadowed and VERY RAPID dissolution of that partnership due to fundamentally incompatible goals and worldviews.

I actually really appreciate how the show sets up the incompatible goals and worldviews, and how it complicates the mythic narrative of the 'rightful' prince, and the fact that it does deal with the political aftermath of dynastic struggle and revolution, instead of ending when the crown goes on the correct head, but I wish it did it ... better ... or, you know, with ten episodes devoted to it rather than two.

...my other biggest problem with the show's pacing is that Hong Gil Dong has FOUR Most Important Merry Men and only TWO of them get backstory episodes, which is a.) offensive to my sense of narrative symmetry and b.) offensive to me personally because neither of those two is Mal Nyeo the Obvious Lesbian.

But that said, we enjoyed this weird and wild ride, and now that I have made this entry I can go read the English translation of the 19th-century Korean novel that the show is based on, which I am very excited to do! Both because it looks cool in its own right and because I'm SO CURIOUS about which choices in the show came out of the book, and which were invented by the creators; there's a fair bit of metanarrative in the show about the legend of Hong Gil Dong and who's telling it and how people react to it, which obviously I was into, because I am me.
[syndicated profile] lecta_feed

Posted by Mary

I’m in the process of wrapping up a long period of working remotely at least part-time from home, beginning in 2006 when I enrolled in a PhD program and continuing through my time at the Ada Initiative and at Stripe to this year.

My take on working remotely in future is really “it depends on the details” (and likely different details for different organizations). To that end, I contributed some suggested questions you could ask to Hypothesis’s Working remotely guide, which they’ve incorporated in a slightly edited form. Here’s my original questions; I’ve also added a few more at my end after some feedback from Andrew (himself a veteran of around seven years of remote work).

Introduction

Before you start working remotely at a new organization, you should explore how they structure remote working and if there are any expectations mismatches between you and the organization. A particular remote job may or may not be a match for a particular remote worker.

Important: I don’t think there is any one right answer to any of these questions. It’s a question of fit between your working style, the position itself, and the relationship of the position to the rest of the organization. But the answers are worth knowing so that you can evaluate your fit and make plans for effective remote working.

Sources of information

This entry has a lot of questions, too many for a “do you have any questions?” section of an interview. But you can use other sources of information to get most answers, especially about organization-wide questions:

  • the job description, and descriptions of similar roles
  • the organization’s website, particularly the About and Careers pages
  • the section of the employee handbook dealing with remote work
  • the LinkedIn pages or websites of your future manager and colleagues
  • longer, separate, conversations with your recruiter or hiring manager
  • your offer conversation or letter, or your contract

Some questions you also may only need to ask if you hear of concrete plans to make a change to the organization (eg, you learn that a new office is about to open near you).

Questions

How are you remote and who are you remote from? This post is using ‘remote’ to mean something like “most days, you are not in face to face contact with any colleagues.” But you should be aware of the details: will you be working without in person contact with teammates or with the wider organization almost all of the time? Do you have any colleagues in your team or your wider organization in your city or region, or who regularly visit? Will you work on any joint projects with them? Will you be able or be expected to sometimes work with them in person even if there’s not a permanent office space?

Separately, is in-person contact with vendors or customers part of the job?

Is your immediate team remote? Is your manager remote? Being a remote member of a team that is all working remotely from each other is different from a team which is mostly located in an office with each other. Likewise, being managed by someone who is in an office has some potential advantages (for example, access to information circulating through verbal grapevines, being able to access answers from colleagues for you quickly), as does being managed by someone who is themselves remote (a direct appreciation for experiences specific to remote workers, a personal interest in advocating for them).

How many remote workers are there at the rest of the organization? What percentage of teams you will work closely with are working remotely, and what percentage of employees overall are working remotely? Working as one of very few remote workers for an organization where most employees are in an office together is different from a mostly or entirely remote-working organization.

What’s the future of remote work at the organization? If the organization is mostly or entirely remote, are there any plans to change that? If the organization is mostly office-based, are there any plans to change that? If an office is likely to be founded in your city or region soon, will you be able or be expected to work from it?

You may be considering a job on the understanding that the remote work will be of very short duration (eg, an office is opening in your city in two months time). Is there any chance the time will be longer, and are you OK with that?

What is your manager’s approach to remote workers? How frequently will they speak with you and through what media? Will they expect you to travel to them? Will they sometimes travel to you? Have they managed remote workers before?

How long have there been remote workers for? Is the organization new to having remote workers or has it had remote workers for a long time and bedded down a remote working style?

What is the remote working culture like? Is most collaboration over email, text chat, phone, video conf, or some other means? Are there watercooler-equivalents like social IRC channels or video chats? How active are they? Are remote workers mainly working from home or from co-working spaces? Are there occasional team gatherings for remote workers to meet colleagues in person and are they optional or compulsory?

How flexible are the hours? Not all remote work has flexible hours; you may have mandated work hours, or core hours, or shifts, as in any other role.

Are the remote workers spread across multiple timezones? If so, are your team and closest collagues in your timezone or another one? Are you expected to adapt your working hours to overlap better with your colleagues? How are meetings and other commitments scheduled across timezones? Do they rotate through timezones or are they always held in a certain timezone? Are you ever expected to attend meetings well outside your working hours, and if so, how often is this expected and do your colleagues in other timezones face the same expectations?

What are the benefits for remote workers? Will the organization reimburse any of your remote working expenses, such as membership of a co-working space, home office furniture, or your home Internet connection costs? If you’re working in a different country from most of your colleagues, will you get equivalent benefits to your colleagues (eg, health insurance coverage)?

What are the travel expectations for remote workers? Are you expected to travel to headquarters or other offices or customers, and if so, how often and for how long? What are the travel policies and allowances for remote workers? How do these travel expectations compare to those of non-remote colleagues?

Sometimes you will be remote from an organization with an office or even headquarters in the same city as you. Will you be able or expected to visit the office? How often? Will there be resources for you (eg, hot desks, meal provisioning)?

What are the career progression possibilities for remote workers? As a remote worker in a partly non-remote organization, could you move into more senior positions over time, such as team leader, middle manager, or executive? Could you move into other teams in the organization, and if so, which ones? Are there some roles that are closed to remote workers? Match these answers to your own career goals.

What’s the training process like? Must you or can you spend a period of time in an office or visiting a colleague for training? Must you or can you do your training remotely using documentation, videos and similar? Will a trainer or colleague have some time assigned to remotely train you?

Is there support for first-time remote workers? If you haven’t worked remotely before, will the organization support you in learning how to work remotely, and if so, how?

See also

A very partial list of resources, focussing on individual remote workers and their experiences and strategies:

Creative Commons License
Learning more about a remote working position by Mary Gardiner is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

culture "monday"

Aug. 30th, 2016 05:32 pm
wohali: portrait of Joan (Default)
[personal profile] wohali
Fell asleep last night before posting this...so here we go!

Books
Finished the rest of Le Guin's YA trilogy (Powers). I definitely didn't enjoy the third book as much as the first two, but it makes a suitable end to the series, I guess. Frustrating that the "payoff" is in the last 10 pages or so, the rest wanders so much. I do wish it dealt a bit better with the PTSD angle of things, too, but at least it acknowledges that such things do exist.

That puts Dozois' 10th back on the top of the pile. Not sure why getting back into the short stories is intimidating me so much, but it is.

Games
I put No Man's Sky aside for now. I'm hoping the game gets some added depth with various patches over the coming months, so am willing to wait until then to pick it back up again. There was some PlanetSide 2 and Guild Wars 2 with my gaming clans, and some Lego Movie The Game with my partner for late night drunk fun. Games were less a part of this past week for me than usual.

Video: Comedy/Drama
More Lexx struggling this week. Gads, I keep wanting to just give up on this show...but I will struggle through somehow.

Watched the Outside Lands: Dr. Teeth and the Electric Mayhem Muppet concert video and was thrilled beyond belief. It brought tears to my eyes, even! Caught up with a couple more episodes of Check It Out With Dr. Steve Brule too, good cringe humour.

Watched the latest Mr. Robot, Killjoys and Steven Universe. It was really nice to have an Elliott-free Mr. Robot episode, the other characters are very interesting to me and I liked seeing them get more developed. Killjoys remains stupid summer fun. SU deserves its own blogpost that I'll probably never get to, so I'll just echo my friends' comments and say that I wish this episode had been something I could have seen when I was just a kid. It might have helped me get through some bad times more easily.

Also watched some old Tonight Show episodes with Johnny Carson. I miss him a lot; that was some quality television. Adding to late-nite fun I also have put on a few Kids In The Hall episodes to keep my spirits up. They helped.

Video: Documentary
Watched Toto and his Sisters, a fly-on-the-wall documentary about a Roma ("gypsy") family in Romania. Life is tough for them and my empathy sensors were nearly on overload from it. Also watched a NatGeo special about Australia that was peaceful and relaxing.

Audio
Have caught up with Within the Wires, a podcast from the Welcome to Nightvale people. I had been hoping based on ep1 that it'd be even more subtle than it turned out to be, but I'm still happy with the direction and writing. I also got turned on to Welcome to Nightvale and listened to the first 6 or so episodes of that. Finally, caught up with the latest 3 episodes of This American Life, which included the 2 about refugee camps in Greece and the Summer Lives one in which Ira reveals he did a terrible magic trick for an 8-year old Michael Jackson.

Finally I finished The Light of September (or what's been released so far anyway) and really enjoyed what I've heard to date. I won't spoil it but if you can handle 10-minute long bizarro sci fi with some great voice actors, you'll love it.


State of r/Astoria

Aug. 30th, 2016 09:08 pm
[syndicated profile] astoriareddit_feed

Posted by /u/healthstudent

This subreddit has gone to shit recently. It looks like the work of one or two people under dozens of accounts.

Mods, I'm in total favor of full-thread deletes and aggressive bans to get this nonsense under control. I also propose adding more than just "Apartment-related content will be removed." Anything remotely trolling or dickish should be removed without comment. Let these idiots find another home if they are that desperate for attention.

submitted by /u/healthstudent
[link] [comments]

Jerry Michalski, Founder of REX

Aug. 30th, 2016 08:25 pm
[syndicated profile] cooltools_feed

Posted by Claudia Lamar

Our guest this week is Jerry Michalski, who spent a dozen years as a tech-industry analyst during the dot-com era, then founded a think tank called REX in 2010 after figuring out that consumer capitalism is giving way to something more trustworthy and connected. Something he calls the “Relationship Economy.”

Subscribe to the Cool Tools Show on iTunes | RSS | Transcript | Download MP3 | See all the Cool Tools Show posts on a single page


Show notes:

thebrain
TheBrain, mind-mapping tool
“You can add things to your Brain by dragging and dropping from your browser. … One of the things that distinguishes it from all the other mind mapping, memory mapping, concept mapping, visual, sort of search tools, is that you can only connect things through these 3 little circles on every node, and every node is called a, “Thought,” and the circles are called, “Gates.” They go up, down and left, which means when you add something, you have to decide “Is this a parent, a child or some kind of either a sibling or an opposite of the current thought I’m connecting it to.” That little exercise turns out to be a phenomenal organizing feature of this tool that nobody else has done because all the other tools either put things in a big circle around whatever you’re looking at or they have this rubber band effect, or kind of a hyperlink effect where you’re scrolling through a giant ball of twine, none of which, to my mind are easy for the human eye and brain to peruse and make sense of, and yet in TheBrain that seems to give it enough structure that I have no trouble, even when the screen is really, really full.”


Screen Shot 2016-08-30 at 12.45.20 PM
Jerry’s Brain
“The file we’ll talk about a bit today, is the file that I started 18 years and 6 months ago. I’ve been filling one mind map for that long. … For anybody who’s gone to jerrysbrain.com and is looking around … [the] map of the tech industry seems like the most natural place to start because when this company came by me, I was a tech industry analyst, and the thing I needed to do was track all these startups, and who had funded whom, and what, and where.”


Screen Shot 2016-08-30 at 12.45.50 PM
Belief Snapshot
“I wish everybody published some version of their beliefs. I call it a ‘Belief snapshot.’ This happens to be my version of a belief snapshot, because I happen to use TheBrain, and I don’t think everybody on earth should be using TheBrain, but I wish people expressed why they think what they think … I think people are born good, and we underestimate that. I connect that to all sorts of other things, and there’s dozens of things under my beliefs …. if we all did that … we could then sit down and have a reasonable conversation about any topic you want, and we could trace it back to some of our beliefs, and argue about them as good civilized humans, and I might shift my beliefs.”


Screen Shot 2016-08-30 at 12.46.26 PM
Lessons from My Brain
“I’ve learned that we’re an amnesiac civilization. I’ve learned that because we don’t have tools like this that help us create shared meaning, shared context, we’re really easy to manipulate and spin. We don’t have a shared memory that the closest thing we have to it is Wikipedia. There aren’t that many people contributing to Wikipedia. It’s clearly a crowd sourced phenomenon, and I love it, and I use it 10 times, 20 times a day, but it’s not a distributed, shared memory, and nor is my Brain, obviously, because it’s missing the collaborative aspect to it, but our civilization is worse off, because we can’t do what I’ve had the pleasure and luck of doing for 18 years, we can’t do that together, as a society.”


[syndicated profile] simplysecure_feed

Most people who spend time online have a general idea of what "phishing" is, but it can be hard for folks outside of the security community to pin down an exact definition. Understanding the threat that phishing attacks pose can help designers and other UX experts become effective advocates for experiences that protect users. In this post, we will explore the basics of how phishing attacks work, and in a follow-up post, we will examine some of the mechanisms that protect users against them.

Phishing is social engineering

As of this writing, Wikipedia defines phishing as "the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication."

Image defining phishing as an attempt to obtain sensitive information such as usernames, passwords, or credit card details by masquerading as a trustworthy entity in an electronic communication.
A definition of the term "phishing", adapted from Wikipedia.

What does this really mean? Implicit in this definition is the idea that phishing attacks target people; they are an example of what security experts call a social engineering attack. This is in contrast to many of the other digital threats we hear about, such as exploits that take advantage of flaws in particular software programs (e.g.: buffer overflows, SQL injection points, or cross-site scripting opportunities) or assaults that take aim at the limitations of a computer system (e.g.: denial-of-service attacks).

Social engineering attacks are just a modern take on the classic confidence trick, which derives its name from the attacker's methodology of building false confidence – or trust – with the target before attempting to defraud them.

Image with text defining the term confidence trick as an attempt to defraud a person or group after first gaining their confidence.
A definition of the term "confidence trick", adapted from Wikipedia.

Other examples of social-engineering attacks include advance-fee scams (beware of people claiming to be Nigerian royalty!) and the elaborate scheme that Mary McDonnell's character uses to steal a key card, thus allowing Robert Redford's character to access a locked building in the movie Sneakers.

A sample attack

Again, the aim of a phishing attack is to harvest confidential information from users. Let's walk through through a hypothetical example to see what this looks like in practice.

  1. Juanita gets an email that looks like it's from Bank of America, saying her password needs to be reset, and it offers a link that allows her to take this action
  2. Juanita clicks on the link and sees a webpage that looks similar to the one she is used to using
  3. She enters in her username and her password
  4. The page returns an error, saying that the password she entered is incorrect. Like many people, Juanita has a small number of passwords that she reuses across many sites. She tries a few different passwords, trying to find one that works
  5. Juanita eventually gives up, clicks the "Forgot Passcode" link, and sees that the site returns an error message asking her to sign in again later

At this point, the attackers have probably gotten:

  • Juanita's bank username
  • Juanita's bank password
  • The passwords of several other services Juanita uses, potentially including the one she uses on her email account

They accomplished this because:

  • They sent a message pretending to be from Bank of America to an actual Bank of America customer
  • They spoofed the "from" address in the email, so it looked like it was really coming from Juanita's bank
  • They created an email that looked and felt similar to the emails Juanita regularly gets from her bank
  • They created a webpage that looked and felt similar to the one she's accustomed to
  • They took advantage of Juanita's uncomfortable relationship with passwords; she wasn't sure that she was typing the right one, so inadvertently shared several others as well

Image of a mocked-up phishing email and sign-in page.
A mocked-up phishing email and sign-in page.

The practical threats of phishing

For their attacks to be successful, phishers must create an environment where people feel comfortable sharing confidential details. Attackers harvesting credit card numbers might create a fake version of a popular online retailer or a government website to collect social security numbers.

Email credentials – the username and password you enter when you sign in to your email account – are a particularly juicy target because most sites use email as a password-reset mechanism (for example, when you click the "Forgot your password?" link on Amazon.com's sign-in page, they send a code to your email account as the first step in resetting your password). Thus, attacks against your email account are about more than getting access to your email messages; they're about using your email account as a jumping-off point to get access to the rest of your digital life, too. There are also other ways in which a phishing attack may be just the first of a multi-step attack; if you reuse passwords, one successful phish can end up compromising many accounts.

Similarly, if you reuse passwords from one account to another, a successful phishing attack against one account can easily end up escalating into something more serious. Where possible, try to use unique passwords for your high-value accounts and consider using a reputable password manager that isn't based in the cloud, like 1Password (stay tuned for my next post on phishing, where I will explore this and other defensive mechanisms in more detail).

Advanced attacks

Early phishers focused on compromising a large number of random accounts, but their attacks quickly evolved to become more targeted. Rather than send emails to a million hotmail.com accounts, attackers will sometimes do meticulous research and craft a message specifically designed to appeal to the staff of a particular organization. This message might be designed to look like the sign-in page for the organization's internal web portal or for its health insurance provider. If the attacker is an employee or knows someone who works at the organization, they may reference information that only insiders would know.

For example, imagine that Hamidou works for Collective Insurance of Brooklyn, a large company that conducts much of its business online. He recently started working there and is still learning how to navigate the company's employee benefits website, which he thinks looks very outdated. This benefits site is managed by a firm called BenefitsDigital, which specializes in benefits management but hasn't updated the styling on their site for a long time. While accessing it during new-employee orientation, Hamidou noticed that it has a strange URL like https://collectiveinsurancebrooklyn.benefitsdigital.com, but his HR representative explained that this is to be expected because the site is hosted by the benefits administration company.

An attacker saw Collective Insurance of Brooklyn listed on BenefitsDigital's "Our Clients" page, and used a LinkedIn search to discover that Hamidou and a few other people started working there recently. Further sleuthing revealed that most employees at the company have email addresses of the form firstname.lastname@. From there, it was easy for the attackers to send this small group of employees a customized message that looked like it came from BenefitsDigital. The message tells them that they need to sign in to the website and perform their quarterly benefits review to prevent a discontinuation of their 401(k) matching, and helpfully reminds them that they are eligible for a $200/month commuting reimbursement.

Hamidou clicks on the link in the email, which brings him to https://collectiveinsurancebrooklyn.ebenefitsdigital.com. His eyes skim over the long URL and he doesn't notice that the site is hosted at ebenefitsdigital.com (a site the attackers set up to mimic the legitimate benefits administrator), not benefitsdigital.com. The website is just as weirdly outdated and buggy as ever, so nothing seems out of place to Hamidou. When he tries to sign in, he gets an error message that the site is down for maintenance. He decides he will try again a few days later.

Image defining spear phishing as a personalized phishing attack against a high-value target, either an individual or an organization.
A definition of the term "spear phishing."

Attacks similar to this example is not just believable, but becoming increasingly common. As you might imagine, a customized message that references an organization's cultural touchstones is less likely to set off alarm bells for its victims and has a higher probability of success. If the phisher's goal is to gain access to the organization's internal systems, a customized attack can can be successful if just a single employee bites.

Even more sophisticated attacks combine inside knowledge with a sense of social pressure by making the emails personalized to individual targets, and making it seem like the message is coming from a senior member of the organization, such as its CEO (apparently, this kind of attack is now called "whaling"). If you're a lowly payroll processor and you get an urgent email from someone six levels above you in the corporate hierarchy – on the day where the rest of the department is at a retreat! – it can be hard to keep your cool and tune in to the possibility that the inquiry may not be legitimate. And, even if you do get a sense that the request may not be legitimate, how do you verify your hunch without simultaneously insulting a bigwig and torpedoing your career?

Phishing is about confidence

As I remarked before, phishing is just one modern take on the idea of a confidence game. A successful attack depends on the user developing confidence that the request for their information is legitimate. Social pressures, such as in the whaling example, can make it hard for users to see an attack for what it is. So can general discomfort with computers or a lack of experience dealing with sensitive information.

Still image from the movie Catch Me If You Can, picturing Leonardo DiCaprio dressed as an airline pilot surrounded by eight young women dressed as stewardesses.
The 2002 movie Catch Me If You Can publicized Frank Abegnale Jr.'s adventures as a young confidence trickster. Frank (played by Leonardo DiCaprio) is the epitome of the term "confidence man," or "con man" for short.

It's important to note that falling for a phishing attack does not indicate any kind of failing in a person's intelligence. The skills we've evolved over millennia for developing trust in other human beings – evaluating appearance, behavior, and pattern-matching – do not serve us well in a digital context. The channels we have for receiving trust information from computers, such as the visual design of a website or the "from" header of an email, are simply too easily spoofed. When push comes to shove, if you create a website that is a faithful replica of bankofamerica.com, you will find people who will trust it based on its visual design alone.

In a future post, I will review some of the mechanisms that exist to help users and organizations protect against phishing attacks and explore ways that designers can contribute safeguards through their products. In the meantime, do you have a favorite story about phishing or other forms of social engineering? Connect with us on Twitter and tell us all about it!

jesse_the_k: Text reads: "I'm great in bed ... I can sleep for days" (sleep for days)
[personal profile] jesse_the_k
I was diagnosed with Chronic Fatigue Syndrome in 1991. Early on, I set aside any hope of useful medical treatment: at that point the issue was whether the syndrome was "real" or simply whiny women. I have a glimmer of hope that this research may finally answer that question. (Hoping especially for my UK friends, who have been cruelly treated by their government researchers.)

Full pre-pub paper here http://www.pnas.org/content/early/2016/08/24/1607571113

Press release from University of California - San Diego. (2016, August 29). Characteristic chemical signature for chronic fatigue syndrome identified: Discovery, along with revealed underlying biology, could lead to faster, more accurate diagnoses and more effective, personalized therapies. ScienceDaily. Retrieved August 30, 2016 from www.sciencedaily.com/releases/2016/08/160829163253.htm

begin quote
Chronic fatigue syndrome (CFS) is a mysterious and maddening condition, with no cure or known cause. But researchers, using a variety of techniques to identify and assess targeted metabolites in blood plasma, have identified a characteristic chemical signature for the debilitating ailment and an unexpected underlying biology: It is similar to the state of dauer, and other hypometabolic syndromes like caloric restriction, diapause and hibernation.
end quote

Yay for taxpayer-supported science.

The Beny Hands Free Level

Aug. 30th, 2016 06:50 pm
[syndicated profile] cooltools_feed

Posted by mark

I have used The Beny for well over a year. The Beny’s ability to attach to several different building materials and give me a level and plumb reading while keeping my hands free has been invaluable. Over last year I have personally used this newly invented tool to rebuild the deck on our home, the stairs to that deck, and the rebuilding of our three season room. The Beny was used on the stringers of the stairs, clapping on and allowing me to adjust and fasten the stringer with both hands free from holding a level. In addition, while building our three season room, The Beny was extremely helpful while replacing the corner posts and reframing the 3 of the 4 walls.

-- Mark Ruggiero

The Beny Hands Free Level ($40)

International Amazon link

Available from Amazon

Letters From Balipara

Aug. 30th, 2016 06:29 pm
[syndicated profile] aerogram_feed

Posted by Prarthana Banikya

letters.b

The room opened up from the mouth of a dark corridor and light streamed in through frail white curtains. Reaching out to the roof stood makeshift shelves lined with books. Against one of the walls, a rectangular wooden table was buried under stacks of dusty diaries, glue sticks and stamp pads. It was in this room, my grandfather’s study, that I first discovered the love of letter writing.

The room was the only space in the entire house where I could do something without being interrupted. Others had people dawdling in during any time of the day. The door had a makeshift latch which needed to be pulled laboriously to fit into a hook. But even when you latched it, it would leave a wide gap. On occasions when my little cousins were in a particularly intrusive mood, they’d push against the door until the gap widened and the middle of their faces jutted out like a bunny rabbit jumps out of a magician’s black hat.

I remember it was a winter morning when I wrote my first letter.

I remember it was a winter morning when I wrote my first letter. Sitting on a large wooden chair with a netted back, I wondered for the longest time what I should write about. The letter was supposed to be for my cousin who lived faraway in a school tucked away in the hills. I’d promised I’d write to him the very day he left home. It was already ten days since.

With legs dangling in mid-air, I tore out a sheet of paper from one of the writing pads lying on the table and gave in to the flow of blue ink. I wrote about how grandmother prepared his favorite meal and how we all missed him. How Bo, our dog’s new pastime was to scare the milkman each morning. I wrote about school, art lessons and how we could take a trip down to grandfather’s farm across the Brahmaputra when he came home for winter holidays.

That morning, it took me over an hour to write that letter, but as I was sealing the envelope and pasting the stamp with sticky fingers, I knew one thing. I didn’t want it to be the last time I was writing a letter.

During the spring of 1995, I moved to a boarding school in a sleepy town in Assam called Balipara. Life in a boarding school can be much like living in a world where the sun never sets. During the time, mobile phones did not exist. Landlines did, but phone calls were reserved for emergencies. The only way to communicate with your families and friends from out of school were through handwritten letters.

I knew one thing. I didn’t want it to be the last time I was writing a letter.

The school was amidst Balipara’s lush tea gardens. The corridor had tangelo-colored benches on which we could sit astride such that one foot touched the warm grass and the other, the cold marble floors of the corridor. After lunch breaks, the girls would sit here and unwind before wretched classes began. Some would listen to the Walkman, some would play five stones and others prattle blithely.

During weekends, the same corridor would become a quiet space where we wrote letters back home. Hunched over writing pads, some would scrawl while others poetized with ink pens in hand. Many girls used humor in their letters and others reported the day-to-day activities in a factual manner. More pages would turn out when something eventful had happened like a new student or gap teacher had joined school, a gymnasium had been built or fervent inter-hostel competitions were running.

We wrote about lunches at the hostel, sports and most importantly, grades that semester. My parents were never too concerned about grades. They just needed to know that I was well-fed and happy. So my letters mostly circled humorous incidents at school, extracurricular activities, art classes and cultural evenings every Sunday. My mother kept some of my letters in old trinket boxes and during my trip back home last winter, I found one that dated back to the year 1996.

August 12, 1996

“Dear Mama,

Last week, as a part of our community service work, we were taken to a school in a village not far from our campus. We met a bunch of five year olds and taught them the alphabet. You should have seen how gleeful they were throughout the class! We also helped them draw pictures of their favourite things and most of them drew a brightly coloured sun shining down on green hills much like those that we see from our classroom windows. We had such a wonderful time that we didn’t feel like coming away even though it was getting dark and we were soon to return to school.”

Writing a letter was, well, one part of it. But the best part of it was when you’d receive one back from whomever you’d written. For us hostelers, this meant that the matron would walk into the hostel corridor with a bundle of brown colored envelopes and call out names one at a time to whomever the letters were addressed. Some of us would try to droop over the bundle and get a glimpse of the handwriting to see if we’d received one for ourselves.

The best part of it was when you’d receive one back from whomever you’d written.

Many girls not able to contain their excitement, would stretch out their hands and turn over some of the envelopes on top of the bundle so they could get a peek at the ones below them. This would result in the matron slapping the hand in question and mutter in admonishment, “Wait your turn, will you? No patience, this young generation has!” Those who’d receive a letter, would shriek in a state of frenzy.

Often, after receiving a letter, I would hold on to it until dinner time, dying to open it and at the same time, not wanting to get it over with. The anticipation of reading a letter sometimes can be similar to a child waiting to open the grandest present from a box of other little ones.

As I moved out of boarding school, some of the people I grew up with became a hazy memory that breezed in each time I opened my tattered slam book or listened to music from the 1990s. And similarly, with time, letter writing became a lost art.

Recently, as I was going through my shoe box of mementos, cards, old notes, song dedication books and cassettes, I came across a letter from a boy named A. At the very end of the letter was written, “On our very first date! Here’s to a lifetime more of dates to come. Yours forever and always, A.” I went to the next room and said to my husband of five years, “Do you remember this letter?” He smiled wistfully and then A and I crouched side by side on our russet couch to read the two-paged letter from the summer of 2003.

* * *

Prarthana Banikya is an academic author based in Bangalore. A graduate in sociology from Miranda House, she spent her formative years in northeastern India, from where she draws inspiration for most of her writing. Her work has been featured in several anthologies and journals including Asia Writes, Danse Macabre, Poetry Super Highway, Namnai, Pratilipi and Songbook Circa. She blogs at prarthanabanikya.blogspot.com.

The post Letters From Balipara appeared first on The Aerogram.

Feminists in Astoria

Aug. 30th, 2016 05:44 pm
[syndicated profile] astoriareddit_feed

Posted by /u/Howard_T_Sabrent

Has anyone encountered any problems with feminist groups hell bent on domination of men rather than equality? I had an unfortunate run in with a bunch over on broadway a few nights ago that mercilessly mocked me for being a "CIS WHITE MAN." Since when is being prejudiced toward one race the achieving your Social Justice? I mean come on Astoria.

submitted by /u/Howard_T_Sabrent
[link] [comments]

Nirvana on the cusp

Aug. 30th, 2016 05:02 pm
[syndicated profile] kottke_org_feed

Posted by Jason Kottke

This is a video of Nirvana playing Smells Like Teen Spirit in a small club just two days after Nevermind came out in 1991. There's a freight train bearing down on those boys and they don't even know it. (via digg)

See also The Notorious B.I.G. freestyling on a Brooklyn corner at 17 and LL Cool J plays to a mostly empty gymnasium in Maine...he was also just 17.

Update: And here's 40+ minutes from the same show at which they played Drain You, Polly, and Breed. (via @fimoculous)

Tags: music   Nirvana   video

Anyone Have Parking Tips?

Aug. 30th, 2016 04:35 pm
[syndicated profile] astoriareddit_feed

Posted by /u/dolver

I just moved to the neighborhood (so far, Astoria is far more exciting the the UWS, where I came from). I'm on 35th St, near 30th Ave.

Now that I am not in Manhattan, my parents are actually considering visiting me, but as non-New Yorkers, they are extremely worried about finding parking.

I understand the alternate side parking rules, etc, but wondered if you all had tips for people who are short-term parkers, including:

  • Best times during weekdays to find a spot
  • Good places to look for street parking (my parents are happy to walk a decent ways, but are less excited about spending 15 minutes trying to find a spot - so if they could immediately go to an area where parking is more likely, that would be good).
  • Any other thoughts/tips

Thanks!

submitted by /u/dolver
[link] [comments]

Profile

brainwane: My smiling face in front of a brick wall, May 2015. (Default)
brainwane

Style Credit

August 2016

S M T W T F S
 123456
78910 111213
14 15 1617181920
2122 2324252627
28293031   

Most Popular Tags

Expand Cut Tags

No cut tags
Page generated Aug. 31st, 2016 05:57 am
Powered by Dreamwidth Studios