Show of 11-05-2016

Tech Talk

November 5, 2016

Email and Forum Questions

  • Email from Lynn in Ohio: Dear Doc and Jim. I surf the web quite a bit and don’t like anyone to track me or what sites I am looking at, or what products I might buy. I am curious can the websites that I visit track me or even worse identify me. Love the show. Lynn in Ohio.
  • Tech Talk Responds: When you view a webpage, the web server receives the IP address of the last device in the chain of connections between your computer and that server. Most commonly, that’s the IP address assigned to your router. If your computer is connected directly to the internet, that’s its IP address. If you’re connected through a router, that’s the IP address assigned by your ISP to your router.
  • The IP address is a fundamental component of how the internet works. The server must know the IP address to which it should send its response. It’s like the return address on a postal mail envelope.
  • In most home and small businesses, the IP address is assigned by your ISP to your router’s internet connection. Law enforcement could get that information using a warrant.
  • If your internet connection is through a corporate network, proxy, or VPN, things get more complex. The IP address seen by the web server might only indicate the company providing your internet connection, proxy, or VPN service.
  • In fact, this is one of the reasons that TOR – The Onion Router – exists. It uses a multi-layered series of proxies in such a way that even with things like court orders and legal justifications, your origin IP address cannot be determined.
  • So, to answer at least part of your question: to hide your origin IP address, use something like a VPN service or TOR.
  • If you provide any information to a site, they can remember you and track you using a cookie, a small piece of data saved by your browser. When you return, the cookie provides the information that  you provided previously. There are also “supercookies” or “evercookies”, which use a variety of techniques to create a digital fingerprint of your connection. Such a fingerprint might include everything from your IP address, traditional cookies, the browser you use, and even the operating system and screen resolution reported by your browser. Advertisers love to use cookies to serve you targeted ad.
  • Therefore, in the final analysis, your anonymity cannot be guaranteed if you do any type of business on the Internet. Even TOR users, who used bitcoin, were eventually tracked down. Because of element of their digital signature ultimately was linked to them personally.
  • Email from Wendy in Fairfax: Dear Doc and Jim. I am thinking of getting a new car. I would like to get the latest audio and navigation system. I have been reading the Apple has a system that supports the iPhone. It is worth it. I am a iPhone user. I love to use Waze on my iPhone. What is your opinion of CarPlay? Love the show. Wendy in Fairfax
  • Tech Talk Responds: Apple’s CarPlay is trying to re-invent the way you use your phone in the car with “second screen” in your navigation system. Basically, CarPlay is iOS for your car. It has a simplified interface for easy use in a vehicle.
  • You can buy a car with a CarPlay-ready system already installed, or buy an aftermarket head unit. A good aftermarket unit is the Kenwood DDX9903S. Pioneer and JBL also have aftermarket CarPlay units.
  • CarPlay is basically comprised of a main screen with shortcuts to all your currently-installed applications. The sidebar on the left-hand side always houses the “home” button, as well as apps that are running in the background, like Maps.
  • The biggest thing CarPlay has going for it is Siri. If you have “Hey Siri” enabled, you no longer have to actually touch the head unit itself for most actions. CarPlay is not a standalone product. The unit will have a USB input where you’ll use your own Lightning cable to connect your phone to the head unit. It also charges your phone.
  • One disadvantage is that third-party apps are pretty limited. For example, you are essentially stuck with Apple Maps, since Google Maps on CarPlay is simply not an option. The same applies to Waze; you have to use Apple navigation and maps.
  • In addition, the cost of CarPlay-compatible head units is high, well over $1,000. So why not just buy a $7 mount for your phone and just continue using your phone.
  • CarPlay definitely has its benefits: its bigger screen and simpler interface are just a more car-friendly experience. You can call people more easily, and control your tunes without really taking your eyes off the road. Basically, it’s safer, which is nice. But at this point, it just is not worth it. Perhaps with a little more AI, my opinion will change.
  • Email from Charlie in Kansas: Dear Tech Talk. I have a large home and am having trouble getting Wi-Fi coverage over the entire house. I have fiddled with Wi-Fi extenders and they were so complicated to setup that I gave up. What are my option now? Enjoy the podcast. Charlie in Kansas
  • Tech Talk Responds: Charlie, your best bet is to get a Wi-Fi mesh system. They are easy to set up, much easier than the old Wi-Fi extenders. They typically come in sets of three. You simply place the three units around the house and they automatically configure themselves as a mesh. There are lots of people entering the market right now, so it might make sense to wait a few months. Google Wi-Fi has been announced, but not release. You can go to Google and join the waitlist. Their units will be around $129 each. Others in the market include Luma ($347 for 3), Eero ($190 for 3), Ubiquiti Amplifi HD ($299 for 3). It is all about throughput. PC magazine rating Ubiquiti the as the best available. However, Google Wi-Fi was not rated. If I were in your position, I would wait for the release of Google Wi-Fi and check the reviews. This is new category that will mature very quickly. Just Google Wi-Fi Mesh to check the progress.
  • Email from Lacy in San Francisco: Dear Doc and Jim. I have been reading about a critical security flaw in Windows that was announced by Google. Should I stop using my Windows computer until it is fixed? Or should I try something else? What are my options. Love the podcast here in SF. Lacy.
  • Tech Talk Responds: Google has revealed a critical security flaw in Windows which it says leaves users vulnerably to being hacked. Google was not happy that Microsoft was so slow in responding. The good news is that Microsoft has announced that the patch will be available November 8, 2016.
  • On October 31st, Google posted on its security blog outlining a vulnerability in the Windows kernel which would essentially allow hackers to bypass the usual security measures and potentially infect the PC with malware, spyware and more. Microsoft has not yet patched the flaw, and Google claims it is already being “actively exploited”. In fact, Microsoft has confirmed this and said in a TechNet blog that the group behind the “low-volume” attack is called STRONTIUM.
  • The issue is a ‘security hole’ in the Windows kernel, which applies to all versions of Windows. Essentially it means that hackers can gain privileges for their software so that it can break out from the usual protected area (the sandbox) of a web browser and install malicious code on your computer. However, according to Microsoft, STRONTIUM has to accomplish three things for an attack to succeed. First it must exploit Adobe Flash. Second it must “elevate privileges” to escape the browser’s sandbox (the walled-off area which it is limited to) and third, install a backdoor to gain access to the victim’s computer.
  • Google’s blog says that Adobe has already fixed the vulnerability in Flash within five days of being notified, but Microsoft will not patch Windows until November 8, 2016.
  • To protect yourself, make sure you have the latest version of Flash. You can either completely uninstall it from your computer through the Control Panel, use the Flash Updater utility on your computer to get the latest version or go to Adobe’s website to manually install the update.
  • If you’re running Windows 10, use either the latest version of Chrome or Microsoft’s Edge web browser as these already provide protection from the versions of this threat.
  • If you’re running a previous version of Windows, the only way to be truly protected is to disable all networking on that computer or leave it turned off until the patch is available next Tuesday. But MS would prefer that you just upgrade to Windows 10.

 

Profiles in IT: Nathan Myhrvold

  • Nathan Paul Myhrvold, formerly Chief Technology Officer at Microsoft, is co-founder of Intellectual Ventures and the principal author of Modernist Cuisine.
  • Myhrvold was born in on August 3, 1959, in Seattle, Washington.
  • He attended Mirman School for gift students. He graduated from Santa Monica High School in 1974. He began attending Santa Monica College at age 14.
  • He studied mathematics, geophysics, and space physics at UCLA, receiving BS and MS degrees in 1959.
  • He was awarded a Hertz Foundation Fellowship for Princeton. He earned an MS in mathematical economics in 1981 and a PhD in theoretical physics in 1983.
  • For one year, he held a postdoctoral fellowship at the University of Cambridge working under Stephen Hawking (along with a number of other students).
  • In 1985, Myhrvold co-founded Dynamical Systems Research, in Oakland, CA, which sought to produce a clone of IBM’s TopView multitasking environment for DOS.
  • Microsoft purchased DSR in 1986 for $1.5M. Myhrvold worked at Microsoft for 13 years, ultimately as CTO. He founded Microsoft Research in 1991.
  • In 2000, after Microsoft, Myhrvold co-founded Intellectual Ventures, a patent portfolio developer, which has acquired over 30,000 patents.
  • Intellectual Ventures exploits the market for inventions and patents, buying patents from inventors under the assumption the patents will be more valuable in the future.
  • Intellectual Ventures has been widely criticized for being a patent troll.
  • The think tank has spun off two businesses. The first was TerraPower, a company that’s building a new, cleaner nuclear reactor. The second is Kymeta, which uses metamaterials to produce antennas that improve satellite connections.
  • Myhrvold is thought to owns approximately 40% of Intellectual Ventures Management Company, generating $20M-$40M annual income for Myhrvold.
  • Myhrvold is a prize-winning nature and wildlife photographer and a member of the USA Science and engineering Festival’s Advisory Board.
  • He has also been involved with paleontological research on expeditions with the Museum of the Rockies and has been published in many journals and magazines.
  • He and Peter Rinearson helped Bill Gates write The Road Ahead, a book about the future that reached No. 1 on the New York Times bestseller list in 1995 and 1996.
  • In addition to his business and scientific interests, he is a chef, earning his culinary diploma from École de Cuisine La Varenne in France.
  • Myhrvold is the principal author of a culinary text entitled Modernist Cuisine, released in March 2011, on the application of scientific research principles and new techniques and technology to cooking.
  • He has also won first place at the Memphis barbecue championship and appeared as a guest judge on Top Chef.
  • Personal Website: http://nathanmyhrvold.com/

What’s the Worst Hackers Could Do to the US Election?

  • You’ve undoubtedly heard the rumors that Russia is meddling in our presidential election, and plotting a massive hack on our electronic voting machines to tip the scales in favor of Trump.
  • They couldn’t do that even if they wanted to. Our voting machines are old technology and not connected to the Internet. Hacking a voting machine requires physical access to the machine so that its read only memory (ROM) can be replaced or malicious software installed via a thumb drive. Malicious software would be easier for poll workers to detect than a replaced ROM chip. Neither is likely because it would require a massive network of individuals at thousands of polling locations. This is very, very unlikely.
  • However, they could engineer attacks that could affect voter turnout. This would be in the form of a massive DDoS cyber-attack like the one that brought down tons of sites worldwide on October 21st.
  • Hackers could strategically take down websites and services that are important to voters
  • The widespread attack a couple weeks ago didn’t bring down the internet. It targeted a preeminent domain name service (DNS) company, which maintains a directory of the names of websites and then translates those names into the IP address needed to access them. Without that translation, you can’t get to the site, which is why you couldn’t access Twitter, Spotify, Netflix, Reddit for several hours that day.
  • On Election Day, these hypothetical hackers could take down more than one DNS company.
  • They could possibly bring down campaign websites, so they can target what information is and isn’t available to the public. If there are sites urging individuals to vote, or helping them register/find polling places, they could plan targeted attacks. They can also target sites that are frequented by one party or another, which can slant voter turnout.
  • They could also target the media to create chaos during the vote tally. This could also cause massive delays and disorder on election night. Associated Press would be particularly problematic. AP’s system could be a critical point of failure on election night and could result in a delayed tally. And in the current political environment, delayed results will spread suspicions of voter fraud.

Nearly 3 Million Samsung Washing Machines Are Being Recalled

  • Samsung just can’t get a break. First exploding Note 7 cell phones. Now exploding washing machines.
  • Samsung is recalling 2.8 million of Samsung’s top-loading washing machines after reports that 730 units exploded, resulting in nine injuries.
  • The tops of the affected units weren’t secured enough based on a design failure. And the top just completely blows off. The fasteners apparently loosen during vibration.
  • The recall affects 34 of Samsung’s top-loading models that were sold from March 2011 to November 2016.

Massive cyber-attack brings down Liberia’s Internet

  • The attack was a distributed denial of service, in which a network of infected computers is directed to bombard its target with traffic and overload its servers
  • The entire internet infrastructure of the African nation of Liberia has been brought to a halt after it was targeted by hackers using the same weapon that caused the largest cyber-attack in history just two weeks ago.
  • The attack was a distributed denial of service, or DDoS, in which a network of infected computers – a botnet – is directed to bombard its target with traffic, overloading its servers.
  • The weapon used in the October attack, the Mirai botnet, was particularly effective because it harnessed infected, internet-connected devices such as DVR players and digital cameras.
  • Now the same weapon has been used over the past seven days in continued attacks on the west African nation of Liberia.
  • It is not known who is controlling the Mirai botnet against Liberia, or whether it is a state actor or independent hackers.

Is Tim Cook like Steve Ballmer?

  • When Bill Gates retired, he appointed Steve Balmer as CEO
    Steve increased the quarterly profits each year, as he rode the Windows cash cow to the ground.
  • In the process, he missed the mobile phone and cloud markets.
  • He was good for short term profitability, but bad for long term survival.
  • Now let’s look at Tim Cooke, selected by Steve Jobs as a successor.
  • He has increased quarterly profits and driven up the near term stock price as he has ridden the iPhone cash cow to the ground.
  • Is he missing long term markets like Steve Ballmer did? What about VR, home assistants like Echo, home automation, AI, machine learning, self-driving cars, etc.
  • I annual Apple product annual product announcement is no longer exciting. It is a boring incremental product improvement.
  • Even Microsoft’s product announcement of the Surface Studio was deemed to be more like Apple than Apple. And Google is moving into Apples hardware business quickly.