Wednesday, April 23, 2014

Netiquette - Developing a Job Seeker's Code of Ethics and It's Benefits - Via Netiquette IQ



Ethics is an essential part of Netiquette as well as areas in philosophy, religion and other practices and beliefs. I have long maintained that having a definable code of ethics will serve to further much of what you are looking to achieve in electronic communication. See how the article below can assist you in developing your own code.
=========================================


Ten Writing Tips for Creating an Effective Code of Conduct
ethics.org December 31, 2003 Jerry Brown

You have been given the task of writing an effective code of conduct for your organization. A blank pad of paper rests in front of you along with a freshly sharpened number two pencil and a mint fresh copy of Roget's Thesaurus. Ten minutes pass. Twenty minutes slip away.
You've held meetings, sought and received input, looked at samples, identified provisions you want in your code of conduct and yet nothing springs out of your mind and onto the page. Why not? You're a good writer. You were chosen for this project because your reports are fact filled and precise; you are a champ at describing processes in concrete terms. What's wrong with you?
Nothing.
You are simply faced with the reality of writing about abstract concepts rather than the physical world. To start writing a code of conduct, think in terms of values, beliefs and expectations rather than facts.
Tip 1: Think in terms of values, beliefs and expectations rather than facts
People within an organization are inclined to feel that their situation in life is unique and that no other organization is faced with the same challenges, constraints and operational realities that they have to deal with on a daily basis. The sense of individual uniqueness is countered somewhat by a sense of group unity. The group is unified behind a core of shared beliefs that may be informally recognized within the organization or may codified in the form of an organizational values statement.
The organization's values are the foundation upon which the code of conduct will grow. They express what a group of people drawn together as an organization believes in the words of Frank Navran, "… to be right, good and fair."
Once you recognize that you are not writing a report and that you may be called on to use language you usually avoid in formal reports because it may imply that you are judgmental or are assigning values to actions, you'll be able to start writing.
Tip 2: Put your thesaurus back on the bookshelf.
In most hands a thesaurus is a dangerous weapon. Lock it away and resist the temptation to use it. Your code will benefit from common language usually employed in your organization and understood readily by employees at all levels. This doesn't mean you should become immersed in jargon. "Keep it simple," is the best advice for codes. In the words of a former professor of mine, "Eschew pomposity and verbosity assiduously."
Tip 3: Choose to be concise…within reason.
Conciseness can be a virtue. It can also be boring and choppy. To find a happy medium, avoid long sentences with linked phrases. Instead write sentences that express one thought and vary in length. A mix of short and medium-length sentences tend to hold your readers' attention better than will long, complex sentences.
Tip 4: Use active voice rather than passive.
While there is a place in writing for passive voice, active voice tends to convey ideas more clearly and with fewer words. In sentences written in active voice, the subject performs the action expressed in the verb. In passive voice, the subject is acted upon by the verb. Overuse of passive voice tends to make prose flat and uninteresting and passive voice sentences tend to be awkward. For example, "The code is required annual reading." [PASSIVE] "You are required to read the code annually." [ACTIVE]
Tip 5: Give examples when it is appropriate to do so.
If there is any doubt about the meaning of a code provision, an example may help provide clarity. Codes may vary in length and content. Those that are more compliance-oriented than value-centered may be better understood if you provide good, generic examples of what constitutes acceptable and unacceptable conduct.
Tip 6: Remember to write for your reader.
By this point in the process, you have become your organization's expert on the code of conduct. Don't lose sight of your readers. Something obvious to you may not be obvious to them. Think about what you are writing in terms of readers who have NOT had your experience with the code.
Tip 7: Don't attempt to write polished prose when drafting.
DREP - Draft; review; edit; and, polish. Draft the entire code without being overly concerned about grammatical errors, punctuation and word choice. Once you have a draft on paper, review it carefully for clarity, content, conciseness, grammar, spelling and punctuation and clean it up. Edit the cleaned copy paying special attention to word choices and meaning. Finally, polish your final draft with the understanding that the next tip may just bring you back to this tip one more time.
Tip 8: Read your work aloud to yourself.
When you read your written work aloud, you will find errors and points of confusion because you have involved another of your senses. After all, you have thought about the code, written at least two drafts, edited a draft, and polished the text. Hearing the words may detect problems that your eyes, which are use to seeing the copy, have missed. If you find errors, repeat tips 7 and 8 until it sounds right as well as looks right.
Tip 9: Make your writing look easy to read.
Take a look at your final draft and ask the critical question, "How does this look to me?" You want this final draft to look professional because the reviewers you will pass it to next will judge what you have done based on its appearance as well as what you have written. Avoid using words and phrases written all in capital letters unless they are acronyms or unless they are specialized terms that are always written in fully capitalized form. Avoid presenting material in lengthy stretches of italics. They are hard to read. Avoid odd type fonts, especially those that mimic handwriting.
Tip 10: Have others, especially your harshest critics, read what you have written.
Once you are satisfied that what you have written makes sense and looks good, obtain the opinion of others. Sure, you can have some of your friends read what you have written. They may give you good feedback or they may sugarcoat their comments to you. I like to choose the critics who are the harshest judges of my work for a final review. If I can get what I have written past them, I have succeeded.
Good luck with your code.
video




Netiquette IQ Securty update - Apple Releases Security Updates for Mac OS X and iOS

From time to time I post security updates as this really is a part of Netiquette. Here are the latest from Apple.
==================================================
As posted today on US-CERT:


§  CFNetwork HTTPProtocol
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, and OS X Mavericks 10.9.2
Impact: An attacker in a privileged network position can obtain web site credentials
Description: Set-Cookie HTTP headers would be processed even if the connection closed before the header line was complete. An attacker could strip security settings from the cookie by forcing the connection to close before the security settings were sent, and then obtain the value of the unprotected cookie. This issue was addressed by ignoring incomplete HTTP header lines.
CVE-ID
CVE-2014-1296 : Antoine Delignat-Lavaud of Prosecco at Inria Paris
§  CoreServicesUIAgent
Available for: OS X Mavericks 10.9.2
Impact: Visiting a maliciously crafted website or URL may result in an unexpected application termination or arbitrary code execution
Description: A format string issue existed in the handling of URLs. This issue was addressed through additional validation of URLs. This issue does not affect systems prior to OS X Mavericks.
CVE-ID
CVE-2014-1315 : Lukasz Pilorz of runic.pl, Erik Kooistra
§  FontParser
Available for: OS X Mountain Lion v10.8.5
Impact: Opening a maliciously crafted PDF file may result in an unexpected application termination or arbitrary code execution
Description: A buffer underflow existed in the handling of fonts in PDF files. This issue was addressed through additional bounds checking. This issue does not affect OS X Mavericks systems.
CVE-ID
CVE-2013-5170 : Will Dormann of CERT/CC
§  Heimdal Kerberos
Available for: OS X Mavericks 10.9.2
Impact: A remote attacker may be able to cause a denial of service
Description: A reachable abort existed in the handling of ASN.1 data. This issue was addressed through additional validation of ASN.1 data.
CVE-ID
CVE-2014-1316 : Joonas Kuorilehto of Codenomicon
§  ImageIO
Available for: OS X Mavericks 10.9.2
Impact: Viewing a maliciously crafted JPEG image may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow issue existed in ImageIO's handling of JPEG images. This issue was addressed through improved bounds checking. This issue does not affect systems prior to OS X Mavericks.
CVE-ID
CVE-2014-1319 : Cristian Draghici of Modulo Consulting, Karl Smith of NCC Group
§  Intel Graphics Driver
Available for: OS X Mountain Lion v10.8.5 and OS X Mavericks 10.9.2
Impact: A malicious application can take control of the system
Description: A validation issue existed in the handling of a pointer from userspace. This issue was addressed through additional validation of pointers.
CVE-ID
CVE-2014-1318 : Ian Beer of Google Project Zero working with HP's Zero Day Initiative
§  IOKit Kernel
Available for: OS X Mavericks 10.9.2
Impact: A local user can read kernel pointers, which can be used to bypass kernel address space layout randomization
Description: A set of kernel pointers stored in an IOKit object could be retrieved from userland. This issue was addressed through removing the pointers from the object.
CVE-ID
CVE-2014-1320 : Ian Beer of Google Project Zero working with HP's Zero Day Initiative
§  Kernel
Available for: OS X Mavericks 10.9.2
Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization
Description: A kernel pointer stored in a XNU object could be retrieved from userland. This issue was addressed through removing the pointer from the object.
CVE-ID
CVE-2014-1322 : Ian Beer of Google Project Zero
§  Power Management
Available for: OS X Mavericks 10.9.2
Impact: The screen might not lock
Description: If a key was pressed or the trackpad touched just after the lid was closed, the system might have tried to wake up while going to sleep, which would have caused the screen to be unlocked. This issue was addressed by ignoring keypresses while going to sleep. This issue does not affect systems prior to OS X Mavericks.
CVE-ID
CVE-2014-1321 : Paul Kleeberg of Stratis Health Bloomington MN, Julian Sincu at the Baden-Wuerttemberg Cooperative State University (DHBW Stuttgart), Gerben Wierda of R&A, Daniel Luz
§  Ruby
Available for: OS X Mavericks 10.9.2
Impact: Running a Ruby script that handles untrusted YAML tags may lead to an unexpected application termination or arbitrary code execution
Description: An integer overflow issue existed in LibYAML's handling of YAML tags. This issue was addressed through additional validation of YAML tags. This issue does not affect systems prior to OS X Mavericks.
CVE-ID
CVE-2013-6393
§  Ruby
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, and OS X Mavericks 10.9.2
Impact: Running a Ruby script that uses untrusted input to create a Float object may lead to an unexpected application termination or arbitrary code execution
Description: A heap-based buffer overflow issue existed in Ruby when converting a string to a floating point value. This issue was addressed through additional validation of floating point values.
CVE-ID
CVE-2013-4164
§  Security - Secure Transport
Available for: OS X Mountain Lion v10.8.5 and OS X Mavericks 10.9.2
Impact: An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL
Description: In a 'triple handshake' attack, it was possible for an attacker to establish two connections which had the same encryption keys and handshake, insert the attacker's data in one connection, and renegotiate so that the connections may be forwarded to each other. To prevent attacks based on this scenario, Secure Transport was changed so that, by default, a renegotiation must present the same server certificate as was presented in the original connection. This issue does not affect Mac OS X 10.7 systems and earlier.
CVE-ID
CVE-2014-1295 : Antoine Delignat-Lavaud, Karthikeyan Bhargavan and Alfredo Pironti of Prosecco at Inria Paris
§  WindowServer
Available for: OS X Mountain Lion v10.8.5 and OS X Mavericks 10.9.2
Impact: Maliciously crafted applications can execute arbitrary code outside the sandbox
Description: WindowServer sessions could be created by sandboxed applications. This issue was addressed by disallowing sandboxed applications from creating WindowServer sessions.
CVE-ID
CVE-2014-1314 : KeenTeam working with HP's Zero Day Initiative
===================================================
In addition to this blog, I have authored the premiere book on Netiquette, " Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". You can view my profile, reviews of the book and content excerpts at:
 www.amazon.com/author/paulbabicki
 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and  Yahoo I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ Rider University and  PSG of Mercer County, NJ.

 Great Reasons for Purchasing Netiquette IQ
·         Get more email opens.  Improve 100% or more.
·         Receive more responses, interviews, appointments, prospects and sales.
·         Be better understood.
·         Eliminate indecision.
·         Avoid being spammed 100% or more.
·         Have recipient finish reading your email content. 
·         Save time by reducing questions.
·         Increase your level of clarity.
·         Improve you time management with your email.
·        Have quick access to a wealth of relevant email information.
Enjoy most of what you need for email in a single book.
===========================================

video