Show of 05-31-2014

Tech Talk

May 31, 2013

Email and Forum Questions
  • Facebook Post from Ken Hutchison: Email from You said today that the Obama administration revealed the existence of Stuxnet. According to a June 28, 2013 article with the title “Retired General Defends Himself Amid Leak Reports,” “Retired Marine Gen. James ‘Hoss’ Cartwright, former vice chairman of the U.S. Joint Chiefs of Staff…has reportedly been named as a target of a…Justice Department investigation into how reporters learned details about the United States’ role in the sabotage of an Iranian nuclear facility by a computer virus in 2010.” (http://www.npr.org/blogs/thetwo-way/2013/06/28/196722017/retired-general-defends-himself-amid-leak-reports) It was an unauthorized leak. Please don’t believe right-wing radio, TV, and blogs.
  • Tech Talk Responds: Thanks for the feedback. I checked several sources and these is definitely politics in the mix. James Cartwright was a lone wolf in the Pentagon. He bypassed his superiors and went directly to President Obama. He was known as Obama’s general. He was not liked in the Pentagon. I would say that this investigation was prompted by those who don’t like him. There is no definitive conclusion as to who did the leaking
  • Email from Dave: Dear Tech Talk, How can I get rid of my Facebook account. I want to just disappear. By the way, how do I eliminate my entire online presence? Thanks, Dave
  • If you deactivate your account, your Timeline disappears from the Facebook service immediately. People on Facebook won’t be able to search for you, though some info, like messages you sent, may still be visible to others. We also save your Timeline information (ex: friends, photos, interests) in case you want to come back.
  • To deactivate your account, Click on “triangle” in upper right corner, select settings, select security. The link to deactivate on the bottom of the security items listings.
  • If you don’t think you’ll use Facebook again, you can request to have your account permanently deleted. Please keep in mind that you won’t be able to reactivate your account or retrieve anything you’ve added. Before you do this, you may want to download a copy of your info from Facebook. Then, if you’d like your account permanently deleted with no option for recovery, log into your account and click on the link below. Before you delete your account delete your as much as you can. Not everything will be removed with account deletion, particularly if it appears on another account.
  • Link: http://www.facebook.com/help/contact.php?show_form=delete_account
  • If you can’t log in to your account, you’ll need to reset your password first. To do this, go to www.facebook.com and click the Forgot your password? link below the password field. Once you’ve followed the instructions to reset your password and can log into your account, you can deactivate or delete your account using the steps outlined above.
  • If you want to get the links to remove all of your online accounts, you can use Just Delete Me (http://justdelete.me/). It outlines what can be deleted and provide a direct link to the account delete page, which many times is difficult to find.
  • Email from Tung in Ohio: Dear Tech Talk. I understand that my password can likely be figured out by a computer driven program using trial and error. What I don’t understand is this – wouldn’t a hacker, be it a person or a machine, have to actually try each and every one of these computer derived guesses on the sign-in screen of the website that they are trying to access to see if they get lucky? My experience tells me that after just a few failed attempts at entering a password, the website will not allow any more tries? So how are they able to try out all of the thousands of possible passwords that he comes up with? Love the show. I listen to it while gardening in my back yard where I grow carrots and cucumbers. Thanks, Tung in Ohio
  • Tech Talk Responds: What you’ve described is called a “brute force attack” and you’re quite right; it’s a rare system that will allow such an attack to proceed past the first few errors. Most good systems will note that the same person has been trying to log in unsuccessfully too many times, and lock the account either for a few minutes or perhaps for an extended period of time.
  • When hackers use bots to attack accounts directly, they try the most common passwords and hit pay dirt often enough to make it worthwhile. Don’t use passwords like: 123456, qwerty, iloveyou, password, etc. Here is a list of worst 500 passwords from Symantec: http://www.symantec.com/connect/blogs/top-500-worst-passwords-all-time
  • Now let’s talk about passwords are stored. They create what’s called a hash of the password. Think of it as a kind of a one-way encryption that can’t be undone. In other words, you can create a hash from a password, but you can’t get the password from that hash. And it’s statistically impossible for two passwords to generate the same hash. So when you set your password, the service creates the hash associated with it and stores the hash.
  • When you login, the service again creates the hash of whatever you typed in as your password. It then compares this hash with the hash that it created when you set your password. If those two hashes match, then you must have typed in the same password this time as you did when you created the password in the first place.
  • Sometimes a hacker can gain access to the user account database. That’s the list of user IDs and password hashes. Then on their own computers, at extremely high speed, they can literally try every possible password. With each attempt, they create the hash; then they see if that is in the database they just stole. This is where password length and complexity now come into play.
  • It’s currently quite feasible to try all possible 8-character passwords. That’s why most industry experts now say 10, or even 12 characters or longer, is the new minimum length of a password.
  • Email from Bob in Maryland: Dear Tech Talk. I do love your show and listen whenever I can. I recommend it to all my friends as the best technology show to learn about how technology really works. I do have a couple of small corrections to suggest from this week’s Profiles in IT:
  • I think the physics professor at MIT you mentioned is Phil Morrison, not Philip Morris. I know this since I went to MIT in physics and attended Professor Morrison’s lectures. I worked at Bell Labs in area 11 (i.e. pure research, more specifically, 112 which was information sciences, not 111 which was physics. I did eat lunch every day with people from 111 however).
  • The guys there told me that UNIX was created by people in research (like Thompson and Ritchie) as a way to thumb their noses at “Development” (about 99% of Bell Labs was “Development” i.e., not area 11). Multics was a Development project and the managers turned it into a “dogs breakfast”, in other words, a huge mess.
  • C++ also came out of research, and was fought frantically by the management.
  • The people at Bell Labs also identified Multics as being more associated with Honeywell than GE Bob in Maryland.
  • Tech Talk Responds: I checked out the Morse reference. Here is an excerpt from Creating the Computer: Government, Industry, and High Technology by Kenneth Flamm: “The Navy continued promoting the development of computer science at MIT well into the 1950s. MIT had established the Center for Machine Computation, directed by Professor Philip M. Morse, to supervise the use of computing machines at MIT, which included Whirlwind, when it was not being used for air defense studies.” I think this was a correct reference because Corbato was assigned a project using Whirlwind. I enjoyed your comments about the organization and politics of Bell Labs. At that time, it was at the forefront of innovation in the US.
Profiles in IT: Roger Lee Easton, Sr.
  • Roger Lee Easton, Sr. is the father of GPS and a pioneer of modern day navigation.
  • He was born on April 30, 1921 in Craftsbury, Vermont.
  • He graduated from Middlebury College in 1943.
  • He began working at the Naval Research Laboratory (NRL) in 1943. He was assigned to work in the Radio Division on radar beacons and blind-landing systems.
  • Easton also worked in the Rocket-Sonde Branch on space related research.
  • In 1955, he had a part in writing the proposal for the Vanguard Project, which was a satellite program for the International Geophysical Year. The Eisenhower Administration selected Project Vanguard and Easton was also part of the design team for the satellite itself.
  • In 1957, he went on to design a system called Minitrack, which tracked various Earth-orbiting objects. When Sputnik I was launched, Easton extended the system to actively follow unknown orbiting satellites.
  • In 1959, he designed the Naval Space Surveillance (NAVSPASUR) system. The Naval Space Surveillance System became the first system to detect and track all types of Earth-orbiting objects.
  • It goes through the 33rd parallel, which is basically coast to coast.
  • Later in his career at NRL, Easton conceived, patented, and led the development of essential enabling technologies for the United States Global Positioning System (GPS).
  • But he ran into an issue: the timing of the tracking stations wasn’t synchronized, leading to problems with tracking. So Easton had the idea to put highly accurate clocks in multiple different satellites, which would then be able to accurately determine the precise location of someone on the ground.
  • During the 1960s and early 1970s he developed a time-based navigational system with passive ranging, circular orbits, and space-borne high precision clocks.
  • Initially, he called the system Timation, short for Time-Navigation.
  • The idea was tested with four experimental satellites: TIMATION I and II (in 1967 and 1969) and Navigation Technology Satellites (NTS) 1 and 2 (in 1974 and 1977).
  • NTS-2 was the first satellite to transmit GPS signals.
  • Eventually, the Department of Defense adopted a number of features from the time-based nav system and re-named it the Global Positioning System in the early 1970s.
  • Easton retired in 1980. In 1986, Easton ran for Governor and served 3 terms on the Board of the New Hampshire Electric Cooperative.
  • Easton died on May 8, 2014 at the age of 93.
  • George W. Bush awarded Easton the National Medal of Technology for his “extensive pioneering achievements in spacecraft tracking, navigation and timing technology that led to the development of the NAVSTAR-GPS” in 2006.
Surprise Visit from David Burd
  • Face Recognition Software
    • Getting better each year
    • Used in Facebook, Picasa, and other picture storage sites to group photos
    • Used to search the web for a particular person (very intrusive)
    • Used in surveillance cams to track suspicious movement.
  • Privacy implications are troubling and no controlling legislation is in sight.
  • Some individuals are wearing disguises around surveillance cams.
Flying drone at Maryland State Capitol
  • Drone Wi-Fi hotspot jammed and camera image blocked
  • No other action taken
  • Drone group photo had to be moved to another location where the camera would function properly.
Apple’s iMessage Issues
  • Apple’s iMessage system is a convenient way to connect iPhones.
  • But trying to leave the ecosystem is the very painful.
  • The Internet is filled stories from those who have traded in their iPhone for an Android phone only to find their text messages trapped within Apple’s cloud.
  • The issue arises when an iPhone customer trades in his or her phone for another brand and keeps the same phone number that Apple’s messaging system recognizes as an iPhone.
  • The iMessage problem is now the subject of legal action by a California woman seeking class-action status for a suit against Apple. She charges that Apple’s message-grabbing ways are depriving former customers of the ability to get full value from their wireless service after they give up their iPhone.
  • The issue dates back to 2011, when iMessage was introduced with Apple’s iOS 5 OS.
  • iMessage relies on Apple’s messaging system to intercept a text message sent to another iOS device and re-routes it through its servers rather than sending it via the wireless carriers as a standard SMS or MMS message.
  • The benefits of iMessage include bypassing a wireless carrier’s text messaging charges, enabling the ability to tell when a message is read or delivered and to send a message simultaneously to all of one’s iOS and Mac devices.
  • However, Apple’s system needs to have an accurate knowledge of which phone numbers are actually associated with iPhones. And for those who leave, what was once a series of added features turns into a headache.
  • Users can avoid problems if they turn off iMessage on their iPhone and uncheck the phone numbers from any other Apple devices on which they are using iMessage before switching to a new non-Apple device.
  • However, this requires some planning.
  • Apple also has a means to try to remove users from its iMessage system after they have switched off their iPhones, but this process has a more spotty track record.
  • Apple released a statement to the Re/code blog addressing the issue, and promising help would be coming in the form of a software update.
    • We recently fixed a server-side iMessage bug which was causing an issue for some users, and we have an additional bug fix in a future software update,” Apple told Re/code in a statement. “For users still experiencing an issue, please contact AppleCare.”
Stratford University Innovation Workshop
  • Key academics met in Annapolis this week
  • We are revamping the entire curriculum in order to make education more enjoyable and to instill more intrinsic motivation in the classroom.
  • In order to ignite intrinsic motivation, we need
    • Autonomy. Students need projects in which they can control the task, the technique, the team, and the time. This is very similar to the approach taken by Marie Montessori in the early 1900.
    • Mastery. Students need tasks leading to mastery which are not too easy (boring) and not too hard (impossible), that are “just right.” These Goldilocks’s task are made available by the instructor (mentor) and give each student both a challenge and a success.
    • Purpose. Students must know the big picture to see how it all fits together.
  • The offsite provided a chance to think with the right side of the brain and innovate. The team painted, did scavenger hunt, sailed, and innovated. A  very successful week overall.
OpenSSL security project gets some much-needed funding
  • During May 2014, the Linux Foundation rounded up vendors to fund work to improve and buttress the OpenSSL open-source security project. It announced the first concrete steps to do that work.
  • Specifically, the foundation’s Core Infrastructure Initiative (CII) said it will pay for two developers to work on the OpenSSL project and for an audit of the technology to be conducted by the Open Crypto Audit Project.
  • The CII also added new members – Adobe, Bloomberg, HP, Huawei, Qualcomm, and Salesforce.com– who will join Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Rackspace, VMware and the Foundation in this effort.
  • The OpenSSL Project is also accepting donations (https://www.openssl.org/support/)
  • Nearly everyone agrees that OpenSSL does important work that many vendors use in their software and services. But very few of them provided money to fund that work, a sore point that arose after the Heartbleed vulnerability fiasco surfaced in early April.
  • CII members commit to contributing $100,000 per year for at least three years so the total investment now stands at $5.4 million spread for that period. The CII said it will also devote resources to the Network Time Protocol for clock synchronization between systems and OpenSSH for encrypted communications — so that money will