The June issue of Inc magazine has a list of Ten Ideas for Launching Your Start-Up Right Now. The top startup ideas that interested me where environmental consultant, exam prep and tutoring, self-storage leasing, translation services, and mobile application design. The green sector is fastest growing area in the home construction and remodeling industry. There are new energy saving appliances, materials, and services and people are starting to invest in the area heavily. Self-storage seems attractive because there is little risk, little effort, and little capital to get started. There are a lot of new innovation in self-storage and moving services, from self packing containers, moving equipment rentals, etc. The mobile application development is on fire, mostly because of the huge success of the Apple iTunes App Store. In less than a year, 1 billion iPhone apps where downloaded through the iTunes App Store. I wouldn’t be surprised is Apple develops a way to push desktop apps through a similar model.
I started reading 101 Smart Questions to Ask on Your Interview, by Ron Fry. The author states that there are basically only five key questions that most hiring managers want you to answer.
- Can you do the job?
- Will you do the job better than other interviewees?
- Will you take the job if it is offered to you?
- Do you think you will fit in the company culture and team dynamics?
- Will you make me look good for hiring you?
You will not be asked these questions in such wording but it will help if you can make the answer to these clear in the mind of the interviewer.
I’ve always have a problem with security questions asked by banks and other financial institutions. For one part, these security questions are not really that secure and are easy to guess and reverse engineer. In 2008, the Republican vice-presidential candidate, Alaska Governor Sarah Palin’s email hacked by guessing the answers of security questions. From a Wired report on the account of the email crack.
The Palin hack didn’t require any real skill. Instead, the hacker simply reset Palin’s password using her birthdate, ZIP code and information about where she met her spouse — the security question on her Yahoo account, which was answered (Wasilla High) by a simple Google search.
Recently, it was reported that President Obama’s Twitter account was hacked by guessing the security question related to password recovery systems. These type of ‘hacks’ require no computer science degree, computer security expertise, or black hat hacking skills. This is the sort of ‘hacking’ that an ex might find themselves doing on your Facebook account. I would not put a lot of blame on curious kids with a lot of time on their hands and an internet connections, I put the blame on enterprise software architects that impose stupid and weak security systems in place.
At first, security questions consisted of naming the town you where born, or the maiden name of your mother. Then the progressed to the name of your third grade teacher, then the last name of your fifth girlfriend, then to the where you where in the 1989 Loma Prieta earthquake, and they have gotten worse since then. Here are some security questions I found myself forced to answer.
- Who was your childhood hero?
- What is the first and last name of your first boyfriend or girlfriend?
- Which phone number do you remember most from your childhood?
- What was your favorite place to visit as a child?
- Who is your favorite actor, musician, or artist?
- What was the last name of your third grade teacher?
The problem now, with the current trend of security questions, is that even I don’t know the answers to them or that their answer might change over time. Trying to answer any of the the above security questions in five years from now and you might sounds like the following… “I liked both Spiderman and Wolverine, but I might have answered Superman. I liked Britney Spears then, but not as much as Miley Cyrus, but wasn’t Lady Futura big then.”
I think that security questions are not secure or practical. They are a annoyance for users and high light security flaws in computer systems.
Here is a list of security questions considered good and notice that they all suffer from the issues outline here, they are either easy to guess or easy to forget.
- What was your childhood nickname?
- In what city did you meet your spouse/significant other?
- What is the name of your favorite childhood friend?
- What street did you live on in third grade?
- What is your oldest sibling’s birthday month and year? (e.g., January 1900)
- What is the middle name of your youngest child?
- What is your oldest sibling’s middle name?
- What school did you attend for sixth grade?
- What was your childhood phone number including area code? (e.g., 000-000-0000)
- What is your oldest cousin’s first and last name?
- What was the name of your first stuffed animal?
- In what city or town did your mother and father meet?
- Where were you when you had your first kiss?
- What is the first name of the boy or girl that you first kissed?
- What was the last name of your third grade teacher?
- In what city does your nearest sibling live?
- What is your youngest brother’s birthday month and year? (e.g., January 1900)
- What is your maternal grandmother’s maiden name?
- In what city or town was your first job?
- What is the name of the place your wedding reception was held?
- What is the name of a college you applied to but didn’t attend?
- Where were you when you first heard about 9/11?
Another trend that I have noticed is that financial institutions and credit companies have a lot of private data on you and other perspective borrowers. So they don’t need to ask you such security questions, they can generate they own and match your answers to the years of paper trail and data fingerprints they have on you. If you call your bank in the near future, don’t be surprised if they ask you who you lose your virginity to.
The home of an elderly couple in Brooklyn, New York was visited by police “50 or so” times over a span of 8 years. If you’ve had the police come for a visit, you would know that they don’t bearing gifts. When the police come a knocking, they might pound your door in with a battering ram and kill you dogs. So you can only imagine what fright the retired couple had to endure. The numerous police visits where traced to a software glitch in a computer system used by the New York Police to track crime complaints and criminal activity. As it is customary for Associated Press reports, there is very little information or follow up on the nature of the software system in question. The exact details behind the computer error were not given, other to say that the error started in 2002 when the police upgrade from a manual process to an automated computer system.
From working with a variety of computer systems, I know how an error like this can potentially have been introduced. Often times, when working on a new software feature, you have test said features but with fake data. A common practice is to simulate a small portion of the computer system with fake data to mock the environment. In the worst situations, actual test data or test conditions are hard coded in the actual application. If fake test data is embedded in a production system, like that used by the New York Police, their might be certain conditions like a certain date or time or report type that will trigger the test data to percolate to the surface.
Along this lines, I have seen certain feature in a computer system not function correctly because it is installed in a Windows Vista as opposed to Windows Vista, or that on leap years it behaves erraticly, or that if you installed it on the D: drive as opposed to the C: drive you won’t be able to save files, etc.
As we wrap database and computer systems around every piece of personal data, from credit report to no fly lists, it is important to design them in such a way to limit the number potential victims of said systems. For example, if you are a victim of identity theft you will have to go to great lengths to clear your name and credit history because of how these systems are replicated and copied and ultimately considered to never be wrong.
- Better, faster, cheaper. Pick any two
- Integrity, validity, security. Pick any two
- Strategy, execution, luck. Pick any two.
- Profits, Passion, Purpose. Pick any two.
- Manual, Error Prone, Time Consuming. Pick none!
Here is a draft post that has been waiting to be published. The October 2009 issue of Smart Money had a short list of top 10 Ways to Make Your Boss Love You. I think these are still applicable now.
- Put in the hours-when it counts.
- Defuse a bad situation
- Be a conduit
- Ask for help
- Connect the boss’s way
- Show initiative
- Be positive
- Make like mini-me
- Get your face time
The infinite monkey theorem states that a monkey hitting keys at random on a typewriter keyboard for an infinite amount of time will almost surely type a given text, such as the complete works of William Shakespeare. My question is, what would get if you have Shakespeare hitting a typewriter keyboard for an infinite amount of time?
The September issue of Forbes has a list of The World’s Most Powerful Women top 100 list. Here are the top 10 women, according to Forbes.
- Angela Merkel
- Sheila Bair
- Indra Nooyi
- Cynthia Carroll
- Ho Ching
- Irene Rosenfeld
- Ellen Kullman
- Angela Braly
- Anne Lauvergeon
- Lynn Elsehans
Tumblr is a one of those micro-blogging social sites, not to unfamiliar to Twitter or the current incarnation of Facebook. What I find unique about Tumblr is the community of artist that gravitate around the site. Here are my top fab five tumblrs for the month of September, 2009!!!
Twitter’s search is pretty much useless for research. Twitter’s search is not search at all, in the Google sense, but instead it is database query with hard coded limits. Unlink Google, which can render a search result page out of hundreds of millions for a given search query in under half a second, Twitter limits the number of pages you can view for a particular search term. Twitter’s search feature allows for 20 tweets per search page, times the 100 page limit, means you can only search for the 2,000 most recent tweets for any particular search criteria. For a trending topic, 2,000 tweets are posted for a topic in under 20 minutes. So you can not use Twitter’s search functionality to find original tweet of a trending topic. Since Twitter’s search is implemented as a database query and not with a rank algorithm, you can’t find the most retweet, or most pertinent, or most linked tweet!