Show of 04-12-2014

Tech Talk

April 12, 2014

Email and Forum Questions

  • Email from Rowdy: Dear Tech Talk, I have attempted to download your radio show, of April 5, 2014, as an MP3.  When I download the file it has an ashx file extension that I cannot play. I had this happen on the previous week as well.  Any help would be appreciated so I can hear your very informative show. Thanks. Rowdy
  • Tech Talk Responds: You can simply rename the file techtalkxxxx.mp3 and it will work. We are actually delivering MP3 files using .Net protocols.
  • Email from IP Learned: Dear Dr Shurtz, I have Verizon Fios IP service in my home in Bethesda. Had it for a Long time. I am getting 4.42 Mbps download and 1.99 upload speeds.  All of my smarter IT friends tell me that something is wrong and I should be getting 20 Mbps download speed.
  • I call Verizon and after THREE transfers and 50 minutes of ‘troubleshooting’ e.g., running speed tests using their speedtest.net site, running the Apple broadband tuner, Verizon resetting their ‘box’ on their end and them having me power-off (wait 10 seconds) and powering on my router and running another speed test Nothing is improved.
  • So I call back and ask for a manager. I’ve been on hold for 27 min. waiting for their tech manager. I now have a ‘tech’ coming tomorrow to troubleshoot my house setup. Will this likely help in your opinion? Nowhere on the Verizon bill do they state the speed rates I am paying for. Thanks, IP Learned
  • Tech Talk Responds: I use dslreports.com speed tests. My speed to much slower than advertised by Verizon. I have 9Mbps download and 3Mps upload. Bandwidth is possible but not guaranteed. You are sharing the bandwidth with others. Make certain that you have the service which you have paid for.
  • Email from Loyal Listener: My Squeezebox wanted my WPA2 passphrase!!!! I’d changed from WEP to WPA2 (almost a year back). The SQB was still working after that (I never made any change to it) except Ted Talks stopped altogether b/c of error message below. Now, issue is:  all of the sudden I’m no longer able to listen to TT b/c error says No Playlists found! How do I get TT back! I have a Logitech Squeezebox Internet Radio Model X-R0001Thanks. Loyal Listener
  • Tech Talk Responds: Logitech discontinued  the Squeezebox line in 2012. The Squeezebox ecosystem also includes software, and now there’s a serious question as to how long the now-discontinued products will continue to work at full functionality. Squeezebox products rely on the MySqueezebox.com server to access streaming services like Rhapsody, Spotify, Pandora, and Internet radio. If Logitech stops supporting MySqueezebox, Squeezebox products will be limited to streaming local digital music libraries over a home network. There is no guarantee how long this site will be supported. I would reboot your squeezebox, reboot your router, make certain that you are connection to Wi-Fi.  
  • Email from Regular Listener: Doc Shurtz, Do you have any advise how to STOP this crap from arriving??  I have attached a typical spam email. This one is from Penn State Hershey Medical Center and has an unsubscribe link at the bottom. Thanks! Regular listener :  )
  • Tech Talk Responds: This particular spam was from a legitimate sending. I would unsubscribe from their mailing list. I only do this in the case of spam that looks legitimate.  You can adjust your spam filter to block specific domains. Gmail has the best spam filter of all of my email accounts, because it is crowd sourced.

Profiles in IT: Werner Hans Peter Vogels

  • Werner Hans Peter Vogels is the Chief Technology Officer and VP of Amazon.
  • Werner Hans Peter Vogels was born 3 October 1958 in Amsterdam, Netherlands.
  • From 1991 through 1994, he was a senior researcher at INESC in Porto, Portugal.
  • From 1994 until 2004, Dr. Vogels was a research scientist at the Computer Science Department of Cornell University.
  • From 1999 through 2002, he also held a vice president and chief technology officer position at Reliable Network Solutions, Inc.
  • In 2003, Vogels received a PhD in computer science from the Vrije Universiteit in Amsterdam. His dissertation topic: Scalable Cluster Technologies for Mission Critical Enterprise Computing. His doctoral advisers: Henri Bal and Andy Tanenbaum.
  • He is the author of many conference and journal articles, mainly on distributed systems technologies for enterprise computing systems.
  • He joined Amazon in September 2004 as the director of systems research.
  • He was named chief technology officer in January 2005 and vice president in March of that year.
  • Amazon Web Services began in 2006 as a tool to sell excess infrastructure capacity to developers. Although the company does not break out AWS revenue, there are estimated to be more than half a million AWS customers.
  • Vogels maintains a blog focusing on “building scalable and robust distributed systems”, which he started in 2001 while he was still a scientist at Cornell.
  • It was mainly used to discuss early results of his research.  After he joined Amazon.com, the nature of the weblog changed to be more product-oriented with some general technology and industry writings.
  • Vogels described the deep technical nature of Amazon’s infrastructure work in a paper about Amazon’s Dynamo, the storage engine for the Amazon Shopping Cart.
  • He is generally regarded as one of the world’s top experts on ultra-scalable systems and he uses his weblog to educate the community about issues such as eventual consistency.
  • During 2008, it became evident that Vogels was one of the architects behind Amazon’s approach to cloud computing, the Amazon Web Services (AWS).
  • During that year Vogels was continuously on the road to promote cloud computing and AWS and its benefits to the industry.
  • Information Week recognized Vogels for educational and promotional role in cloud computing with the 2008 CIO/CTO of the Year award. Information Week hailed him as the “right man at the right time.”
  • Vogels is married to Annet Vogels, a former musician with the Netherlands Philharmonic Orchestra. They have two daughters.
  • Blog link: http://www.allthingsdistributed.com/

Broken iPhone Update

  • I now have an iPhone 5S
  • After I broke my screen, Apple would only give me $50 instead of the regular $175 buyback.
  • It would have been over $100 to fix the iPhone, so I traded it in.
  • Dropped my unlimited data plan since I never use more than 1G B per month
  • iPhone 5S from Verizon is unlocked out of the box
  • I will need a new SIM card. It uses a NanoSIM instead of a MicroSIM.
  • Nano SIM is the fourth form factor and measures a 12.3 mm by 8.8 mm by 0.67 mm. I holds the same amount of data as earlier SIM cards.

The Heartbleed Bug

  • The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library.
  • This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS (Secure Socket Layer/Transport Layer Security) encryption used to secure the Internet.
  • SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
  • The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software.
  •  This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content.
  • This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
  • As long as the vulnerable version of OpenSSL is in use it can be abused. Fixed OpenSSL has been released and now it has to be deployed.
  • Leaked secret keys allows the attacker to decrypt any past and future traffic to the protected services and to impersonate the service at will. Any protection given by the encryption and the signatures in the X.509 certificates can be bypassed.
  • If you are a service provider you have signed your certificates with a Certificate Authority (CA). You need to check your CA how compromised keys can be revoked and new certificate reissued for the new keys. Some CAs do this for free, some may take a fee.
  • Most notable software using OpenSSL are the open source web servers like Apache and nginx. The combined market share of just those two out of the active sites on the Internet was over 66% according to Netcraft’s April 2014
  • Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012.
  • OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.
  • Most open source servers are affected (Linux, FreeBSD, OpenBSD, etc.)
  • Exploitation of this bug leaves no traces of anything abnormal happening to the logs.
  • There is no total of 64 kilobytes limitation to the attack, that limit applies only to a single heartbeat. Attacker can either keep reconnecting or during an active TLS connection keep requesting arbitrary number of 64 kilobyte chunks of memory content until enough secrets are revealed.
  • This bug was independently discovered by a team of security engineers (Riku, Antti and Matti) at Codenomicon and Neel Mehta of Google Security, who first reported it to the OpenSSL team.
  • Codenomicon team found heartbleed bug while improving the SafeGuard feature in Codenomicon’s Defensics security testing tools and reported this bug to the NCSC-FI for vulnerability coordination and reporting to OpenSSL team.
  • A user over on GitHub has taken the liberty of checking the top 10,000 Alexa-ranked websites to see which ones are (or were) vulnerable to the bug. The good news is that the first test returned 630 vulnerable sites (April 8), while the second test returned just 178 vulnerable sites (April 10).
    • Sites affected (Mashable):  Facebook, Tumblr, Yahoo, Google, Dropbox, LastPass, OKCupid, SoundCloud.
    • Sites not affected (Mashable): LinkedIn, Amazon, Microsoft (including Hotmail and Outlook), AOL, PayPal, Evernote
  • Many feel that this vulnerability was used by security agencies (like NSA) to snoop. All have denied such usage.
  • Link to complete information: http://heartbleed.com/

The World’s Richest Ex-Hackers

  • Long before he was the two-hundred-and-second richest person on the planet, Jan Koum, was just another curious kid with a wardialer.
  • Koum, whose net worth suddenly jumped to $6.8 billion last month when his startup WhatsApp was acquired by Facebook, began his tech career as a teenage immigrant from Ukraine and fan of the 1995 film ‘Hackers.’
  • From the privacy of his Mountain View, Calif. bedroom, he’d use his wardialer—a machine that cycles through phone numbers, dialing them on a modem to find open connections—to probe the global Internet and explore faraway networks.
  • “The Internet was so insecure back then. The challenging part was finding these systems where you have to learn your way around. There were no manuals.”
  • Koum says his intentions were never malicious. He was careful not to delete anything and never participated in the distributed denial of service attacks.
  • The founders of Apple, Facebook, and Twitter all hacked before founding their companies.
  • In the late 60s, a teenage Bill Gates and his Microsoft co-founder Paul Allen, for instance, were caught with unauthorized access to an administrator account at Computer Center Corporation and even rummaged through its Dumpster for printouts of source code, according to Allen’s memoir.
  •  In 2004, Zuckerberg used login records on TheFacebook.com to break into the email accounts of Harvard Crimson reporters.
  • Twitter co-founder Jack Dorsey got his first job by breaking into the network of the dispatch company he hoped would hire him to show the company its security vulnerabilities.
  • Jan Koum’s hacking adventures played a similar role in his unlikely rise from welfare to a top spot on the most recent Forbes billionaire list released earlier this month.
  • Koum was a noted member of the 1990s hacker group w00w00, which also included Napster co-founder Sean Fanning.
  • Koum as a vital contributor to the development of the Nmap security scanner, a tool used today by both attackers and defenders of networks to discover vulnerabilities.
  • Zuckerberg, Steve Jobs, Bill Gates, Wozniak, Paul Allen, all have told stories or written in autobiographies about how when were younger they engaged in legally questionable activities, and how they used those mostly harmless experiences to create the biggest tech companies in the world.
  • Steve Jobs, who once partnered with Apple co-founder Steve Wozniak to sell “Blue Boxes,” tools that skirted the phone companies’ security measures to allow free calls. “If it hadn’t been for the Blue Boxes,” Jobs told his biographer Walter Isaacson before his death, “There would have been no Apple.”
  • And if there had been no wardialer, there may have never been Whatsapp.

Netflix’s Net-Neutrality Plea Gets Rejected  by the FCC

  • The FCC has no plans to expand its net-neutrality rules to ensure that services like Netflix can connect to Internet providers’ networks for free.
  • FCC Chairman Tom Wheeler argued that the government has a critical role to play in overseeing how networks connect to each other. The FCC will oversee contracts between Netflix and Internet Service Providers. This is not a net neutrality issue.
  • The statements reject the recent plea from Netflix CEO Reed Hastings to expand the FCC’s Open Internet Order to cover interconnection deals.
  • But the FCC could decide to enact separate regulations on the issue or force Comcast to accept new rules in order to receive permission to buy Time Warner Cable.
  • In February, when Netflix agreed to pay Comcast to connect directly to its network.
  • The agreement helped to ensure that Comcast subscribers can stream Netflix videos smoothly, with less buffering time and fewer interruptions.
  •  This was the first time that Netflix had ever had to pay an Internet service provider for a direct connection deal. They wanted FCC to ensure that it would be last time.
  • Hastings urged the federal government to enact “strong net-neutrality” rules that bar Internet providers from charging a toll for direct access to their networks.
  • The FCC’s original net-neutrality rules, enacted in 2010, required Internet service providers to treat all Internet traffic equally. The rules did not affect how Internet networks connect to each other.
  • The FCC is reworking its net-neutrality rules because a federal court struck down the old version earlier this year.

8 ways to extend your iPhone battery

  • Former Apple Genius Bar worker Scotty Loveless offers tips.
  • Battery drain has always been one of smartphone users’ biggest problems, particularly since the launch of Apple’s iOS 7.1.
  • Most of the time it is not iOS itself that is causing the iPhone’s battery to drain quickly, but the apps that are running on it.
  • The first thing to do is check your Usage and Standby times under Settings > General > Usage. The Usage time is how long you have used your device since the last charge, and Standby is the total time since the last charge. Usage time should be significantly lower than Standby time.
  • You can further test this by making a note of the Usage and Standby times, and then putting the device to sleep for five minutes. When you come back, take note of the change in times.
  • If your device is sleeping properly, the Standby time should have increased by five minutes and your Usage time by less than a minute. If your Usage time has risen by more than a minute, something is keeping your device from sleeping properly.
  • Disable location and background app refresh for Facebook. The Facebook app for iPhone consumes a huge amount of memory and processing power, even when you’re not using it. Turning off background app refresh can actually cause your battery percentage to increase.
  • Disable background app refresh for apps you don’t care about. Background App Refresh was a feature added in iOS 7, to allow apps to check for new content and download updates even when they’re not running.
  • Stop quitting your apps in multitasking. Most people tell you that closing your apps will save your battery life because it keeps the apps from running in the background. However, this can actually make your battery life worse if you do it on a regular basis. The truth is, apps in your multitasking menu are not running in the background at all: iOS freezes them where you last left the app. Unless you have enabled Background App Refresh, most of your apps are not allowed to run.
  • Disable push email temporarily. Push email allows your device to receive instant notifications every time you get an email. Try changing the setting to fetch emails every hour, thirty minutes, or fifteen minutes.
  • Disable push notifications for apps that annoy you. Every time you get a push notification, your phone wakes from sleep for 5 to 10 seconds to light up your screen.
  • Turn off battery percentage.
  • Enable airplane mode in areas of poor cellular service. When the iPhone detects that you are in a place of low signal, it will increase the power to the antenna.
  • Go to an Apple retail store. Get the new ‘Extended Battery Life Test’ that allows them to see a detailed report of battery usage on your device.