Steven D. Brewer's blog

Recently, I was invited to co-present on security. We each brainstormed up a list of what we thought were the biggest online threats today and some practical steps people can take to protect themselves. Here is the list I created:

Brewer's top five threats

1. Dangerous scripts (flash, javascript, others) in browser
2. Insecure/questionable links (in email, in social media, etc)
3. Insecure attachments
4. Insecure plugins, extensions, apps, etc
5. Social Engineering

Brewer's recommendations

These are intended to be some basic steps anyone can take to improve their security, although they are not necessarily convenient.

Use Firefox with both no-script and flashblock enabled.

Only do banking, human-resources stuff, etc with fresh web-browser session:

• Use a different browser only for that purpose
• Start up browser, do session, quit browser
• Do the same for insecure/questionable links.

View (and send) email as plain text only

• Look at links carefully
• Don't leak information via images and web-bugs

Look at full headers of questionable email

• Only trust headers written by known hosts.
• Learn to recognize suspicious hostnames.

Don't just click on links!

• know the structure of links:

scheme://[user:password@]hostname:port/path?query_string#fragment_id

• Navigate there directly
• Critically evaluate links
• Look at hostnames & paths
• Avoid apps that obfuscate links
• Use copy & paste
• Use "whois" for questionable hostnames
• Remove parts of path that might have tracking information

Don't be a monoculture -- don't just use the most widespread software:

• Open Microsoft documents with Libre Office.
• Don't use Acrobat: Use Preview (or something else).

Only use software that has a strong, open community

Periodically review addons/extensions/apps for browser, phone, social-media apps

Question/verify the provenance of people & information

• Confirm human references "out of band"
• online resources — even DNS — can be spoofed
• fake hostnames can look like real ones

Jen mia propono kiun oni neis por IKU-prelego ĉe la Universala Kongreso.

La Mondo Ne Estas Kiel Ĝi Ŝajnas: Historio kaj estonteco de mondaj altern-/pliigit-realaj interretaj ludoj

RESUMO

La Interreto dum la pasintaj 20-jaroj ebligas novan artan/kulturan produktaĵon: la amase retan ludon. Tiaj ĉi ludoj, iam la fako nur de fanatikuloj, nun estas grandskala, tutmonda, kultura fenomeno. La plej gravaj ludoj postulas la saman kapitalon de granda Holivuda filmo. En tiaj ludoj, homoj tutmonde povas partopreni kaj interagi por konkursi, kunlabori, kaj amuziĝi. Multaj el ĉi tiuj ludoj okazas nur en komputila universo sed iom post iom ekaperas ekzempleroj en kiu oni ne nur ludas en komputilo sed ankaŭ en alterna aŭ pliigita realo kiu kunekzistas kun la vera mondo. En tiu ĉi proponita IKU prelego, mi skizos la historion de altern-/pliigit-realaj interetaj ludoj; pli detale montros du ludojn; priskribos la rilaton inter lingvo, arto, kaj kulturo de ĉi tiuj ludoj; priparolos kiel ĉi tiaj ludoj jam ekinfluas la ceteran kulturon (ekz la "ludigado" de klerigado kaj merkatiko); kaj proponos, finfine, ke oni konsideru Esperanton kiel sukcesan mondan altern-/pliigit-realan ludon.

ENKONDUKO

La Interreto dum la pasintaj 20-jaroj ebligas novan artan/kulturan produktaĵon: la amase retan ludon. Tiaj ĉi ludoj, iam la fako nur de fanatikuloj, nun estas grandskala, tutmonda, kultura fenomeno. La plej gravaj ludoj postulas la saman kapitalon de granda Holivuda filmo. En tiaj ludoj, homoj tutmonde povas partopreni kaj interagi por konkursi, kunlabori, kaj amuziĝi. Multaj el ĉi tiuj ludoj okazas nur en komputila universo sed iom post iom ekaperas ekzempleroj en kiu oni ne nur ludas en komputilo sed ankaŭ en alterna aŭ pliigita realo kiu kunekzistas kun la vera mondo.

Ekde la plej fruaj tagoj de la interreto, oni multe uzas ludojn por esplori la kapablojn kaj nuancojn de reta interago. Eble la plej frua altern-reala reta ludo estis LambdaMOO (CURTIS, 1990) kiu similis al pli fruaj tekstaj aventuraj ludoj, ekz Colossal Cave Adventure (CROWTHER, 1976; CROWTHER & WOODS, 1977) kaj la sekvaj Mult-Uzantaj Galerioj (TRUBSHAW, 1978; BARTLE & TRUBSHAW, 1980), sed malsamis en tiu ke la ludistoj povis ne nur esplori, sed ankaŭ kunkrei la medion kaj interparoli (tajpe) kun homoj en la samaj "lokoj" en la ludo. LambdaMOO estis virtuala versio de la domo de la kreinto. La komunumo bonvenigis samsekamajn kaj transgenrajn homojn (oni taŭge komenciĝas en la ludo/mondo en ŝranko) kaj donis al ili sekuran lokon por provi aliajn modojn de esprimo pri identeco kaj genro.

Sekvaj ludoj enkondukis la ideon ke per la reto multege da homoj povus samtempe partopreni: Masive Multiludantaj Rete Rolludoj (t.e. Massive Multiplayer Online Role-playing Games (MMPORG)) kiel Ultima Online, Everquest, kaj la plej konata World of Warcraft. Pro la eblo atingis grandegan partoprenaron, ludoj transiris el la fako de nur retaj teĥnikuloj kaj fariĝis varo de grandaj firmaoj. Nun, StarCraft 2 kaj Dota 2, estas mondskale konataj ludoj kiuj allogas grandan intereson. Firmaoj elspezos dekojn da milionoj da dolaroj por produkti unu novan ludon kaj konkurencoj fariĝas internaciaj spektakloj. La internacia Dota 2 konkurenco en 2014, “The International”, oftertis ĝis $10,9 milionan da prezoj kaj oni montris la ludojn per internacia televida reto ESPN kun samtempa komentado.

En 2008, Jane MCGONIGAL organizis mondan altern-realan ludon Lost Ring (La Perdita Ringo) kiu ricevis subvencion de mondaj firmaoj kaj organizaĵoj, precipe McDonalds kaj la Monda Olimpika Komitato. En la ludo, aktoroj ŝajnigis esti atletoj kiuj troviĝis, sed ajnaj memoroj kaj kun tatuoj kiuj diris “Trovu la ringon perditan” (en Esperanto!) Tiu ĉi ludo fariĝis speciale interesa por samideanoj ĉar oni uzis Esperanton kiel enigmon en la ludo. Mi mallonge resumos la ludon en la prelego kaj montros ĝiajn ecojn.

En 2012, la firmao Google starigis la ludon Ingress, pliigit-reala ludo kiun oni faras per poŝtelefono. Ĝi bone montras la ecojn de aktuala pliigit-reala ludo. En la ludo, ekzistas portaloj per kiu eniras la mondon “ekzotika materio”. Por ludi, oni devas viziti en la vera mondo la lokojn kie situas tiuj portaloj, ofte ĉe publikaj konstruaĵoj kaj artaĵoj. Praktike, oni tiel devas multe promeni de loko al loko por partopreni kaj unu el la kromceloj de la ludo estas plibonigi la san-staton de la partoprenantoj. En la prelego, mi priskribos kaj montros la ludon.

En la lasta sciencfikcia literaturo, verkistoj ekimagas kiel ĉi tiaj ludoj fariĝos parto de la ĉiutaga kulturo. En la fruaj 2000-aj jaroj, verkistoj komencis priskribi kiel tiaj ludoj povas transiri inter la alterna, luda realo kaj la vera realo. En la libroj Pattern Recognition (GIBSON, 2003), Halting State (STROSS, 2007), Little Brother (DOCTOROW, 2008), kaj This Is Not A Game (WILLIAMS, 2009) aŭtoroj priskribis kaj ellaboris la ideon ke tiaj ludoj ebligos la interrilaton kaj kunlaboron de homoj ĉirkaŭ la mondo. Mi resumos la ecojn kiujn oni priskribis kaj montros kiel la estonta mondo kiun oni priskribis jam multflanke efektiviĝas.

Ludoj ekhavas kreskantan influon sur la cetera kulturo kaj bonan kaj malbonan. La komputilo fariĝas pli ol nur “ilo” sed vera parto de la korpo kaj cerbo kaj menso (TURKLE, 1984; TURKLE, 2011). Lastatempe, oni multe priparolas kiel “ludigi” diversajn ecojn de la ĉiutaga vivo, precipe instruadon kaj merkatikon. Ofte la planoj kaj proponoj montras danĝeran nescion pri la lecionoj kiujn oni lernis pri kondutismo antaŭ jardekoj. Ankaŭ estas danĝero pri la datenoj kiujn oni devas dividi per ajna Interreta agado, sed precipe per poŝtelefonoj. Ludojn kiel Ingress postulas ke vi dividu kun Google kaj la poŝtelefon-firmaoj (kaj registaroj) kie vi estas kaj kien vi iras.

Esperanton mem oni povas pripensi kiel altern-/pliigit-realan ludon. Malmultaj homoj partoprenas Esperanton kiel parton de la profesia vivo, sed samtempe dediĉas multe da tempo al ĝi: por lerni, instrui, organizi, renkontiĝi, diskuti, kaj konstrui literaturon en kaj pri mondo kiu similas, sed ne tute kongruas, kun la ĉiutaga mondo. Mi esploros kiel per lenso de altern-/pliigit-realaj ludoj ni povas kompreni kaj eble plibonigi Esperantujon.

CITAĴOJ

BARTLE, R. & TRUBSHAW, R. 1980. MUD3: Multi-User Dungeon. BCPL softvaro por PDP-10.

CROWTHER, W. 1976. Colossal Cave Adventure. FORTRAN softvaro por PDP-10.

CROWTHER, W. & WOODS, D. 1977. Colossal Cave Adventure. FORTRAN softvaro PDP-10.

CURTIS, P. 1990. LambdaMoo. Komunum-fonta softvara projekto. Available at: http://sourceforge.net/projects/lambdamoo/

DOCTOROW, C. 2008. Little Brother. Tor Teen. 387pp.

GIBSON, W. 2003. Pattern Recognition. Penguin Group. 384pp.

MCGONIGAL, J. 2008. The Lost Ring. Altern-reala ludo.

STROSS, C. 2007. Halting State. Ace. 380pp.

TRUBSHAW, R. 1978. MUD1: Multi-User Dungeon. Macro-10 softvaro por PDP-10.

TURKLE, S. 1984. The Second Self: Computers and the Human Spirit. MIT Press. 372pp.

TURKLE, S. 2011. Alone Together: Why We Expect More from Technology and Less from Each Other. MIT Press. 360pp.

WILLIAMS, W.J. 2009. This Is Not A Game. Orbit. 384pp.

The College of Natural Science is conducting a survey of the faculty. It was somewhat interesting to look at the questions and to gauge my own reactions to them. The survey focused primarily on the relationships between the faculty member and the department -- and the college. And then dealt with effort spent on research, teaching, and service.

Beyond answering the questions, I pointed out the two things that I've been raising with the University for the past 10 years. First, that the survey itself demonstrated the ambivalent relationship the University has with non-tenure-system faculty: the list of faculty ranks did not even include my rank "Senior Lecturer II" (among the 10 or 15 that were there) -- I just had to pick "full-time lecturer". Many faculty would argue that becoming a lecturer is having failed -- and this attitude pervades a whole range of micro-aggressions that the administration practices upon non-tenure-system faculty. The most important of these is the lack of support for on-going professional development. While tenure-system faculty get a sabbatical every seven years, non-tenure-system get a sabbatical, well, never. And the institutional support for non-tenure-system faculty to attend conferences or training is practically non-existent. This perhaps made sense when non-tenure-system faculty were purely short-term appointments, but when they work for 15 or 20 years in the same position, it would benefit the institution to make a strong commitment to helping these faculty stay current and retrain.

I pointed out one other thing too. The survey discussed the relationship with the department and college (and, to a lesser extent, the University as a whole), but it did not mention the faculty union as a source of community. The union has been really important to me in terms of getting to know colleagues from across the institution and thinking about scholarship from a broader perspective. And for making really tremendous gains over 10 years to improve the circumstances for non-tenure-system faculty. Go UMassMSP!

I've always taken lots of pictures in St. Croix. Pictures don't lie, but they don't tell the whole truth either. You can see the flower, but can't smell it -- nor hear the bees buzzing. You can't feel their rubbery goodness. You can't see how they wave in the breeze — nor hear the ocean waves on the beach below. You can't see how they seem to change color when a cloud passes over the sun. You can't see how the flowers appear like magic overnight, but have already fallen off by midafternoon. You can't see how some flowers are only here for a short season, while others bloom year round. The pictures offer a truth, but they're not the truth.

Today is my last full day on island. The time has passed quickly. We've been busy launching the trapping program (getting traps out of storage, getting access to the refuge, putting the traps into service, etc). We also had to move to a different cottage, which was surprisingly disruptive: afterwards you can't find anything.

I don't usually plan to come down for such a short stay, but this was a special occasion. And today we celebrate that occasion: Buzz's 60th birthday. Buzz is expecting around 20 people. The plans are all laid: we've arranged for the food from Rose's and will pick up the drink this afternoon. We couldn't get beer from the Fort Christian Brewpub -- they didn't have any IPA ready. But we can get some Island Hoppin' IPA in the bottle, which is pretty good. And maybe a bottle or two of rum as well.

We've had good success in the field. We've had nearly 50% trap success: a mix of recaptures and new animals. We had one rather harrowing experience with an Africanized bee colony in a tree hollow that became disturbed and wouldn't let us get to one trap site. So, after the colony calmed down, we moved that trap to a different site. Buzz only got one sting, but it's amazing how terrifying it is to have bees swarming around you, buzzing, and bumping into your head.

Yesterday we visited Christiansted to visit the boutiques and watch the crab races. I mostly walked around and played Ingress. We took three hermit crabs and entered them, but didn't have any win. But it was fun. The view from the boardwalk is amazing.

With Venus to guide us, we walked back to the car in the lot with the Baobab tree and drove back to Cottages.

Buzz, Jonathan and I arrived "on island" yesterday afternoon. We made a quick stop at the store to get a few supplies (beer and breakfast, mostly) before checking in at Cottages. Then we had dinner at Lost Dog -- our usual first stop when we get here.

Today, Buzz had ambitious plans. He wanted to put some data loggers into the salt pond. We borrowed a kayak and, after getting stuck once, he headed off across the salt pond.

It turns out the pond is only about two feet deep. He gets to slog back tomorrow to collect his data loggers.

We met a new friend at the refuge who helped us collect our traps and other stuff and get a key to the gate so we could set some traps. We put out 15 traps and should have some animals to work with tomorrow.

One new toy is a thermal camera. I saw one at Home Depot and sent a picture to Buzz who ordered one instantly to be delivered directly here: It arrived today and we've been playing with it since. The last time I had checked, thermal cameras still cost in the $1000s. But they're down to ~$250 now.

Steve Brewer hard at work pic.twitter.com/DI2uuQRAOV

— Buzz Hoagland (@BuzzHoagland) March 5, 2015

Buzz has more friends arriving tonight in advance of his birthday party on Tuesday. Everyone who's anyone will be there. With catering by Rose's Dream Cuisine and beer by the Fort Christian Brewpub it will be a night to remember.

Once upon a time, I was nearly laughed out of the room for suggesting that, someday in the distant future, everyone would have their own computer. Now, of course, you probably have several computers. But you actually have a lot more computers than you think.

Some of your computers are in obvious places, like your laptop or cell phone or game system. But others are invisible to you: In your car. (Your car probably has multiple computers in it already!) In your microwave. In your television.In your refrigerator. In your thermostat. Did you know there is probably a tiny computer inside your microSD card? (It's a modified ARM processor that maps out bad memory location and remaps the file-system so the FLASH memory gets exercised evenly).

Soon, there will be computers inside everything. Imagine your disposable soda cup at the restaurant with a video advertisement playing on the cup! Or food packaging that turns black (or green or yellow) when it's expired. But the next really big step will be that these computers won't just be standalone computers: they'll be networked and able to talk to one another. Welcome to the Internet of Things.

We're offering a class about Maker Technologies and the Internet of Things because, although the future is not quite here yet, you can already start exploring this new world. And begin developing the basic skills that will allow you to start using these technologies immediately.

Some of the skills are basic: Navigating the Linux operating system using the bash shell and a text editor; Applying fundamentals of computer communication and Internet Protocol networking; Programming with Python. Others are more specialized: Collecting and transforming data from sensors using a GPIO; Controlling electronic devices; Building and using client-server applications.

Finally, there's a dark underside to being surrounded by all of these computers: Who really controls them? Are they collecting data about you? Who can see that data? It's imperative to think through the security implications of these systems to prevent intrusions and mitigate their effects when compromised.

The course is being offered by Steven D. Brewer, Director of the Biology Computer Resource Center, and Christine Olson, a doctoral student in the Department of Communication at UMass. They are co-founders of Makers at Amherst Media, a local group focused on building community and making technology accessible to the public.

Former UMass student and entrepreneur Wayne Chang, talking about technology startups recently, identified the Internet of Things as the "next big thing". We agree — and hope you'll join us this summer for Maker Technologies and the Internet of Things July 12 through 25.

On Tuesday, Feb 24, I visited the UMass Center at Springfield and was given a tour by William Dávila, the Director of Operations. We discussed the needs of Hack for Western Mass and walked through the facility looking at relevant spaces. The space is modern with reconfigurable furniture. It appears to me that the facility offers a good match for our needs.

Here is the detail from a map (click to open the full version in a separate tab) that shows the relevant section of the facility. (Most of what is clipped off is the part of the facility dedicated to the Nursing program which has specialized facilities not really relevant to our purposes. Really cool to visit, tho!)

There is a large Learning Commons/UMCS-Lounge area that would work well for a Friday Night reception, as a common area to put snacks and food, and for people to congregate informally during the day.

There is a large plenary space (rm 14) that, with tables removed and additional chairs, can seat up to 170. Note that all of the rooms have cameras and videoconferencing equipment, so we could have overflow into other rooms if we needed more space.

There is a hallway of classrooms (rooms 2, 3, 4, and 5) that each would work well for 1, 2, or even 3 groups to work in (excepting possible room 2, which is a bit smaller). By staying in this hallway, we could keep all of the groups together and adjacent.

There are a number of additional rooms that could be available for other purposes. There is a computer lab (room 1) that could possibly be used for the Kids Hackathon. There are two fancy conference rooms and a number of smaller breakout rooms, but they're mostly not ideal for our purposes. If we need a place to store materials in advance of, or during the Hackathon, a breakout room or rooms could be made available.

It sounds as though we may have the facility largely to ourselves although we should try to make the arrangements promptly to ensure we lock in the date. There will need to be a commitment to pay for staffing for hours when the facility would not normally be open, which includes both Friday evening (ie, after 5pm) and Sunday. These costs would be simple cost-recovery for a single person to open the facility. For the Friday evening ice-breaker, another possibility might be to use the Federal Building at 1550 Main (see below) which has a large lobby that could be used for a reception and is just across the street. But the Lounge seems preferable to me, so people can see the space where we'll be working.

There is wifi provided by Eduroam and they have a guest account provisioned which can be used by anyone who doesn't already have Eduroam credentials. There is an attached parking garage for Tower Square and we can get parking permits that reduce the daily charge to $5. (We might consider whether we can find a way to sponsor parking so participants don't have to pay).

One piece of good news: We are not required to use a particular catering service, although Hot Table (just below) and Nadim's (down the street) are convenient and have been helpful.

The staff were eager to have us bring the Hackathon to Springfield and were excited about the possibility of helping to cross-brand and publicize the event.

In 2013, I wrote about building digital signage with Raspberry Pis. We're still at it. Several months ago, I pointed out one of our displays to our CIO and mentioned that there didn't seem to be any forum to sharing information about solutions on campus. She mentioned she was aware of 12 independent efforts on campus trying to buy, build, or implement digital signage, none of which are aware of the others. She's taken the issue seriously and is moving the campus toward building user communities around important topics. Toward that end, they've scheduled an event for Thursday at 1pm.

The current model that the campus has fostered, are "Tech Talks". But they are organized around a few-to-many model. I think user communities need to be less structured. Our UMass Drupal Users Group could serve as a good model. The qualities that have made the group so successful include: a dedicated core group of users that draws from both on and off campus, an online forum to post announcements and schedule events, simple threaded discussion, and regular meetings with both structured and unstructured events.

The biggest challenge to making user communities successful is getting administrators at the University to value the time commitment necessary on the part of faculty, staff, and students to participate and make them work. It takes time to build relationships and the social capital necessary for trust and engagement. But over time, I think it could transform how the campus operates.

Je la 19a de julio, 2003, mi registris la domajn-nomon amherstesperanto.org. Mi starigis retpaĝaron por anonci lokan Esperanto-grupon kaj komencis kunveni ĉiusemajne en loka restoracio: la glacikremejo Bart's.

Kiam mi estis doktora studento en Kalamazuo, nelonge post mi esperantiĝis, mi partoprenis lokan grupon tie kiun organizis Ĝan Starling. Tiu grupo multe influis mian pensadon pri Esperanto kaj la komunumo kiun ĝi povas flegi. Mi renkontis multajn samideanojn tiel kaj havis multajn interesajn konversaciojn. Kaj, kompreneble, multe plibonigis mian regon de la lingvo. La grupo estis ankaŭ la kerno de diversaj aliaj agadoj: vojaĝoj al aliaj kongresoj kaj la organizado de lokaj kongresoj.

Post kiam mi doktoriĝis, mi translokiĝis al Masaĉuseco, kaj tuj serĉis tian lokan grupon, sed ne trovis. Mi kontaktis la lokajn s-anojn kiujn mi trovis en la membraro de E-USA kaj aranĝis kunsidon por diskuti. Sed ili malmulte interesiĝis pri semajnaj kunvenoj. Mi estis tro okupita pri mia nova posteno por organizi ion tuj, sed atendis.

Post kelkaj jaroj, mi havis iom pli da tempo kaj starigis retpaĝon por reklami la grupon. Fakte, en tiu momento, tute ne ekzistis "grupo" -- mi simple anoncis ke "la grupo" kunvenos semajne. Kaj ekde tiu momento, mi iris al tiu loko semajne por "kunveni". Dum kelkaj semajnoj, neniu venis. Sed, iutage, ulo alvenis mian tablon kaj alparolis min Esperante! Li estis universitata studento kiu eklernis Esperanton antaŭ kelkaj monatoj kaj volis babili. Iom post iom li diplomiĝis kaj translokiĝis alstaten. Sed alvenis aliaj kaj la grupo ankoraŭ ekzistas.

Lastatempe, mi ne plu havas tempon por multe organizi, sed ni daŭre kunvenas -- ne ĉiusemajne, bedaŭrinde. Sed ĉisemajne, alvenis nova komencanto kiu jam sufiĉe bone parolas! Li ne multe parolas, sed li ŝajne komprenas sufiĉe.

La grupo havas siajn montetojn kaj valojn: foje oni aktivas kaj kunvenas kaj diskutas ofte. Foje, ĉiuj estas tro okupitaj kaj la grupo dormetas. Sed ĝi daŭriĝas kaj valorigas la laboron.

La loka grupo por mi estas la plej grava kialo mi daŭre interesiĝas pri Esperanto. Mi tre ŝatas la sperton paroli en alia lingvo: la menso streĉiĝas kaj oni sentas sin parto de speciala socio. Kaj la Esperantistoj estas plej ofte tiel interesaj homoj. Kia rara plezuro!