[2017] Emergency Preparedness

I am a big fan of planning for “the Big Dark”, where the power is out for more than 3 days. Analog systems, like printed and hand-written records, will be more useful. 

Remember: Emergency preparedness isn’t only for you. it is also so others can contact you when something bad happens to them.

There are drawbacks, mostly around family dynamics this article assumes are moot when emergencies happen.

Note: These are my recommendations. Your mileage may vary. I look forward to constructive input on how best to prepare in the digital age.

Keep an off-line list of emergency info & numbers with you

There was a time where people either knew important numbers and information or carried a address book – a printed out, dead tree address book – and a much of change to use a pay phone (remember those?) to call people. We need to embrace at least a subset of that.

Your health insurance information should be in here. Insurance providers, policy information, doctors information, and maybe prescriptions information should be included.

In certain countries you may need your ID number as well (though US residents should NOT carry their Social Security card or number).

How about this: keep the numbers of your family and close friends in case your phone dies. I could not call anyone except my children if my phone failed, and they don’t often answer their phones – especially from an unknown caller.

As I’m living in a foreign country I carry a card or two that I can use to get me home. In case you’re traveling, disoriented, or inebriated having a card or two to help you get home can be a life saver.

Carry a bit of cash with you, too, in your wallet.

Keep an off-line list of emergency info & numbers at home

This should be a superset of what you carry with you. Your actual cards and birth certificates and stuff (if they are not in a safe deposit box already) should be in a ready-to-carry locked fireproof box in case of emergency. Bank account information, other financial records, and whatever else needed to rebuild after a disaster should be in here.

Throw some currency in the box, too. While it is in there it isn’t working for you, gaining interest or buying food. But if the power goes out no credit or debit card will help. Having cash will help.

[iOS] Enable Emergency Bypass in iOS 10:

I’ve used the Do Not Disturb feature in iOS since it was introduced. This feature allows you to set “quiet times” when your device won’t alert you with notifications, including phone calls and text messages. It can be activated manually or set to activate at recurring times. I have my set to activate from 10:00 p.m. – 6:00 a.m. each day, mainly to avoid “wrong number” calls at all hours of the night.

You have always been able to set a specific group of people you want to exclude from the Do Not Disturb settings. This can be a group you designate in your Contacts or your iPhone’s Favorites list. For years I’ve created a contacts group called “VIP” that I had excluded from Do Not Disturb that included family and a few close friends and other important numbers. While this is handy, it may not cover everyone you want to be able to reach you in the event of an urgent matter. With iOS 10, you have more granular control and can now set contacts on an individual basis to bypass the Do Not Disturb Settings.

To activate the feature select the contact card you want to exclude, edit the contact and select ringtone. At the top of the ringtone menu you’ll now see a toggle for “Emergency Bypass”.

… This is a segment of an article that first appeared in the November Issue of ScreencastsOnline Monthly Magazine. ScreenCastsOnline monthly magazine is packed with hints, tips, articles and links to streamable versions of ScreenCastsOnline tutorials and delivered monthly on the iPad. You can find out more at https://www.screencastsonline.com/membership_benefits/

(Via KatieFloyd.me)

I am not sure if Android offers a similar feature.

[Android] Use Google’s Trusted Contacts App

Trusted Contacts runs on top of a pretty simple concept, with the tap of a button an approved list of people can request your location from wherever they may be. Users will need to manually approve who can request their location, and once a request is sent, the user will have 5 minutes to approve or decline the request before the app automatically approves and sends it.

This app takes things up a notch as well by adding offline support, in a sense. If a user heads outside of active cell service and internet access, the app will report the last known location for that user 5 minutes after a request is sent. Contacts can also “walk each other home,” virtually. This essentially enables one user to keep track of another user’s location as a live feed.

… Before you can share your location, though, you first have to go through the process of adding contacts to the application…

How to add contacts:

  1. Open the Trusted Contacts application
  2. If this is the first time setting up the application, Trusted Contacts will walk you through adding contacts
  3. To set up new contacts, either tap on the Add contacts button found at the bottom of the home screen or open the menu by selecting the Menu button in the upper left-hand side of the screen and tap on the Add contacts option
  4. Here you can search through the contacts on your device and select Add next to the individual to send them an invitation to be a trusted contact

(Via 9to5google.com)

i am not sure if iOS offers a similar feature.

Set up lock screen emergency information

This is a old tip but still useful.

Basically take a picture of contact information and make it your device’s lock screen. Tailor the content to provide what is needed without going overboard. Imagine you are passed out on the sidewalk and the only thing people can get to is your phone’s lock screen. What is the critical information you can provide on there that doesn’t open you up to identity theft?

I find this more useful than the login banner message most devices support. One doesn’t have to wait for the message to scroll, where almost all users put the contact email or phone number.

What else?

What other things, simple and inexpensive and effective, that folks should do?

Journalism & Ethics

Note: This is a total knee jerk reaction to the tweets & post from The Verge that Chris Ziegler was simultaneously a new Apple employee and an existing The Verge editor covering Apple.

Working for two employers at once isn’t new. It happens all the time.

But you can’t report about company B for company A while also an employee for company B. It’s Journalism 101, a class I took. I know famous corporate blogs and sites occasionally like to blur journalistic lines. This violation, if true, is clear.

Assuming Tim Cook didn’t appear apropos of nothing on Chris Ziegler’s doorstep the day his dual employment began, and nothing in what I’ve read so far indicates an immaculate hiring, The Verge should at least brand every article Chris wrote for the past 6 months as suspect. His motives aren’t known. We can only speculate when Mr. Ziegler entered into discussion and ultimately received the offer to join Apple.

Apple should dismiss Mr. Ziegler if the accusations are true. If he was duplicitous to The Verge management, co-workers, and readers it stands to reason he will be duplicitous to Apple as well. His ethics, at least, are questionable.

If someone I hired knowingly still worked in such a conflict of interest I would fire them for cause. I’d be curious to learn of environments where such action wouldn’t be the norm.

Again, I don’t know all the details or all the facts. If correct, the course for Apple and The Verge is clear.

My latest Thursday, 20160908

It’s a rainy, hurricane #Tokyo today. Yesterday was earthquake Tokyo.
@edgarr0jas and I recorded @pvcsec #EP78. I edited and uploaded #EP77 but the show notes are slow going. Someone deleted last week’s run sheet. No @timothydeblock or @cmaddalena or @infosecsherpa, sadly.
I’ve been diving into #blockchain and #fintech during breaks working on a client deliverable.
I can’t help but chime in on the @apple announcement: I’m glad I bought my iPhone 6s+ a few weeks ago. I think there might be a run on them (https://apple.news/AtodeT67IQiKYmKB2s3fvvA).
Big security day today, product and provider oriented. @Dell finished their @EMCcorp acquisition ( http://www.wsj.com/articles/dell-closes-60-billion-merger-with-emc-1473252540), @HPE sold their enterprise software to @MicroFocus (whomever they are; http://reut.rs/2ckMx4c), and @Intel spun off @McAfee Security (http://www.wsj.com/articles/intel-nears-deal-to-sell-mcafee-security-unit-to-tpg-1473277803).
Oh, and I’m playing around with http://www.dayoneapp.com.

En Route to Tokyo Observations, Part I

Random musings and reflections and notes from my current trip to Tokyo:

  • The Hilton Tokyo Shinjuku doesn’t answer their phone. I tried calling three times to inform them of my delayed arrival. I called the Hilton Diamond Help Desk and even they couldn’t confirm the information was understood once they managed to communicate with the hotel. Apparently this location has a reputation.
  • Delta still doesn’t know how to board planes. Our flight took 40% longer to board than it should have (by my estimation). Boarding was like elderly man’s urination stream, dribbles and drabs.
  • Airbus might want to have airlines mount signs at the entry informing passengers where the row numbers are.
  • I do love the overhead bins on the Airbus A320(OW), the “turn your bag on its side” kind.
  • It’s funny that the cabin crew had to explain how the “space ship” style overhead controls work, and funny how they did it.
  • The woman sitting next to me is 5’0″ or so, yet she has an iPhone 6s Plus. She uses it like a tablet and it works well for her. I’m oddly impressed.
  • The Hootoo travel router ROCKS.

Motorola Provides an Argument for Apple as a Corporate Mobile Standard

I’m unlikely to recommend Android devices until Google and the hardware providers get the upgrade situation under control. I might make an exception for the Nexus and Samsung devices, but as I write this I have no faith in the rest of the Android ecosystem.

As I often do, let me tell you a story to illustrate this opinion:

When I started with IBM I chose the Motorola Droid Maxx over other Android phones and Apple iPhones.

My choice wasn’t arbitrary. I did my research.

The decision of iOS versus Android wasn’t a fair fight. KitKat made it easier to be effective. Sharing data between apps was not just easier, it was POSSIBLE on Android. iOS could copy and paste, but not much else.

The Maxx offered excellent battery life (I easily get through a full day on a single charge), a decent screen, an adequate amount of storage, and a rugged build according to my research. Two other major reasons I went with it was that Motorola was a part of Google (at the time) and they listed it as on the upgrade path to Android Lollipop.

14 months later and the only thing still true is the battery life. The screen cracked easily and repeatedly with regular use, the 16GB storage barely keeps up with my minimal workload, and it quickly becomes sluggish unless I close apps and/or reboot.

As for the upgrade to Lollipop, Motorola changed tack yesterday:

We apologize that we will not be upgrading DROID Ultra/Mini/Maxx to Android Lollipop, as we had hoped. We know how important software upgrades are to our customers, and we’re very sorry that we are unable to provide the upgrade.

The Maxx is still on 4.4.2 while Marshmallow (version 6) is the release du jour on Nexus. Verizon released few updates (and they’re complicit in the upgrade mess) but not at the cadence required. I’m sure my Maxx is vulnerable to many issues long since fixed on other platforms. Corporate mandates and enforces robust mobile security, yet I only use my corporate issued phone for email, calendar, tasks, and internal instant messaging. I don’t trust the phone to do much more. I’ve removed almost all non-stock applications.

My personal phone, the older OnePlus One with the Cyanogen Android flavor at 5.1.1, sees vastly more attention than the Motorola. On the 1+1 I do my social media and podcasts and RSS feeds and whatnot, much of which is work related or adjacent.

The funny thing: I used to carry a second phone to protect me from my benevolent corporate overlords. Now my personal phone protects my clients.

iPhones receive regular updates – some better than others, but Apple updates viable phones for a long time (the iPhone 4S, anyone?). Apps have to keep up, for better or worse. Newer iOS versions addressed the data sharing issue, making Apple  devices more useful to me as productivity tools.

The moral of my story is that I’m going through the process to replace the Maxx with an iPhone, but it’s a bureaucratic mess that takes time. Now that Motorola came clean, the upgrade path theoretically eases.

What about you? What are your experiences in this space? Have you standardized on iOS or Android or Windows? Or do you struggle with the mercurial nature of the vendors and your users? What about when vendors pull the rug out from under you? Are you considering alternate platforms like Microsoft Windows Mobile and Ubuntu?

Full Disclosure: I work for IBM. IBM and Apple are partners (who would have thought that in the 80’s?). My opinions are mine alone.

Known unknowns – detecting rootkits under OS X – We Live Security

A rootkit is a piece of malicious software which has the advanced capability of hiding itself on an infected system. This is usually done by hooking system functions. For example a rootkit could be used to hide files from the user by hooking functions responsible for listing the contents of a directory. Rootkits are frequently used in combination with other malware, which it hides from users and security products. The number of malware families that have rootkit capabilities and targeting Microsoft’s Windows systems is well into double figures.

We think that there could be rootkits targeting the OS X platform, but we have very limited visibility into that threat right now. We know that we don’t know. We also know that various websites and even paperback books [1, 2] document how rootkits can work under OS X. We have seen OS X malware using rootkit techniques in the past. The most notable example being OSX/Morcut [3] also called Crisis by other vendors. This malware was used to steal information from infected Macs and loaded a kernel extension so as to hide its files from the victim.

Detecting a rootkit under OS X currently involves dumping and analyzing kernel memory. It requires time and knowledge. It is not something accessible to everyone.

via Known unknowns – detecting rootkits under OS X – We Live Security.

Apple details security fixes in iOS 7. And there’s a ton of them! | iMore

Apple has distributed a list of security fixes in the just-released iOS 7 software update. And it’s as long and encompassing as you’d imagine any major platform update would be. I haven’t seen them online yet, so I’m reproducing it here for anyone who’s urgently interested. When/if Apple posts it to their knowledge base, we’ll update and link out.

via Apple details security fixes in iOS 7. And there’s a ton of them! | iMore.

I haven’t updated any of my devices yet, and I doubt I’ll go down the iPhone 5* path. I’m happy Apple addressed security issues. I hope they’ll backport some of these for devices that can’t run iOS7.

Apple’s “Touch ID” fingerprint login – not everyone is cock-a-hoop about it | Naked Security

Apparently, there may be yet another reason to be underwhelmed by the iPhone 5s: a lawyer named Marcia Hofmann, writing for Wired, offers the opinion that its fingerprint authentication might end up eroding a long-cherished legal right.

In this case it wouldn’t be the government chipping away at your statutory protections, but technology itself.

The protection that Hofmann thinks might be at risk relates to self-incrimination.

Many jurisdictions give you some sort of “right to silence” – in the USA, it’s usually known as the Fifth, because the Founding Fathers neglected to enshrine it in the original constitution, leaving it to be retrofitted in the so-called Fifth Amendment some three years later.

via Apple’s “Touch ID” fingerprint login – not everyone is cock-a-hoop about it | Naked Security.

What I’m Not Missing – the iPhone 5

I don’t normally miss things, but I find myself missing my work laptop. It’s funny, since I tried to return it for being too big. It ran Ubuntu Linux well. It was maxed out with CPU, memory, disk, display, and on and on and on. I miss the dual head monitor setup in my old office.

What I don’t miss is the iPhone 5. I didn’t realize it until I read this article about Apple cutting orders of iPhone parts due to low demand.

Last year I upgraded my iPhone 3GS work cell phone with a shiny new iPhone 5. The speed was nice. The additional screen space was nice. The new Lightning connector sucks if you, like me, own a bunch of the all ready inconvenient 30-pin accessories. The iPhone 5 is light and slick and thin. While it slips into a hip pocket easily it also lends itself to drops and slips.

I was never wowed by the phone.

My personal phone is an iPhone 4S. It’s a bit heftier. It’s more energetic. Vibrate notification feels like it could fell the Tacoma Narrows Bridge. It’s the same OS but seems easier to navigate with one hand. It’s fast enough. And my iPhone 4S has more space than my former employer was willing to provide with the work iPhone 5, so music and podcasts are no problem.

Will my next phone be an Apple product? Setting aside whatever my next employer offers, my next personal phone probably won’t be an Apple product, at least not one of the current models.

Six Weeks of MacBook Air use in a Wintel Corporate World

My trusty ThinkPad X301 running Windows 7 Enterprise was dying. It wouldn’t shut down. It had a hard time starting up. It might Blue Screen of Death (BSoD) while reading email or editing documents. It might decide to not charge either of the two batteries in the case. It might forget that it has a wifi and bluetooth adaptor.

I handed it off to the appropriate internal technical support team. Unfortunately the loaner laptops were all in use. I had three options.

  1. Use my own laptop until my work laptop was fixed
  2. Demand a new laptop without knowing if my current laptop is fixable
  3. Go without a laptop until mine is fixed

Option 3 doesn’t work. I travel too much to go without a laptop. Mobile devices are a gray area, but I shudder to think about editing my budget spreadsheets in an iPad.

Option 2 is within the realm of possibility, but I don’t know what I would take to replace my X301. It doesn’t have the biggest RAM footprint or a current CPU or even competitive graphics. It does have a good display and good battery life and it is light. I’m not due for another laptop until 2013. The longer I can wait the better the hardware will be.

Option 1 is workable. There is only one problem: my laptop is an Apple MacBook Air (late 2011).

My European colleagues can use Apple products. My Asia Pacific colleagues can as well. In the Americas it is a different story. I’ve written about this before.

Nevertheless, things came to a head. I could adhere to the unwritten policy or I could keep working. I chose the latter.

So far the only folks that even care are those in my organisation that would like an Apple option and our VP. I hung a sign on my laptop while using it that told folks: “Don’t Get Your Hopes Up: This is Temporary” for the VP’s benefit. She laughed but also asked how it was working for me.

I told her it’s working well.

The thing is, it’s actually working better than I expected. Here’s why and how.

First, I have a corporate copy of Windows 7 x64 Enterprise running in a Parallels 7 Desktop session. It is on the Active Directory (AD) domain. All of my business applications, even those I could run in OS X, run in the VM. I use Coherence mode to better integrate the Windows apps. It works really well for me.

For the network I carry a USB to 100MB Ethernet adaptor. I assign it to the VM only and use guest wireless access for the MBA. If physical ethernet isn’t available I will fire up a VPN from the VM guest to get it on-line. I can use a USB wireless adaptor as well if I want.

As my team manages the VPN environment, it is a good idea for me to drink our own champagne (as it were). As the head of IT security, the separation of work from personal in a functional way is a powerful example.

I expanded my environment with an Ubuntu guest VM for some GNU and F/OSS tools not available for native Windows for work. I added some of the tools in the MBA via MacPorts just in case.

The other stuff? Being on the domain means links I open in the email client open in IE 9. I can view and edit MS Visio and Project files that can’t be opened in OS X without expensive third-party software using software licenses already assigned to me. I can be permissive and allow opening of files in either environment. I can be restrictive and allow opening files only in one environment.

From the user experience angle, after logging into the VM guest I don’t think much about it. It works really well.