Show of 08-18-2018

Tech Talk

August 18, 2018

Email and Forum Questions

  • Email from James Messick: Dear Doc and Jim. Profiles in IT suggestion is Steve Coast, who founded OpenStreetMap. A longtime listener. James Messick
  • Tech Talk Responds: That is an excellent suggestion. We will feature him in today’s show. He is the perfect candidate for Profiles in IT.
  • Email from Feroze in Fredericksburg: Dear Doc and Jim. I have heard a lot about 5G cellular. What is it and when will it be deployed. Love the show. We listen the live stream over Amazon Echo. Feroze in Fredericksburg
  • Tech Talk Responds: At the end of 2017, the wireless industry came up with the first official 5G standard. 5G has three advantages: greater speed (to move more data), lower latency (to be more responsive), and the ability to connect more devices at once. The standards bodies involved are aiming at 20Gbps speeds and 1ms latency.
    • 5G networks will use a type of encoding called OFDM (orthogonal frequency-division multiplexing), which is similar to the encoding that 4G LTE uses.
    • 5G may also transmit data over the unlicensed frequencies currently used for Wi-Fi, without conflicting with existing Wi-Fi networks.
    • 5G networks are much more likely to be networks of small cells rather than huge towers radiating great distances. More cells equal more bandwidth.
  • AT&T has announced that it will launch in 12 cities by the end of this year. It will be probably be MM wave 5G, which requires dense networks of small cells (1,000 foot)
  • Verizon will start with a fixed 5G home internet service launching in three to five cities by the end of 2018. Verizon will follow with a mobile 5G network in 2019, the carrier has said.
  • T-Mobile is building a nationwide 5G network on the 600MHz band starting in 2019, with full national coverage by 2020.
  • Email from Alex in Fairfax: Dear Tech Talk. I would like to check whether a few images that I have found on the web have been stolen. How can I do that? Enjoy the podcast. Alex in Fairfax.
  • Tech Talk Responds: You have two options: review the metadata or perform a reverse image search.
  • To check embedded copyright metadata, you can download the image and check using your operating system’s built-in tools or you can online metadata viewer like Metapicz. If it is there, the copyright data will be prominently displayed. If the copyright data doesn’t line up with the page where it’s posted, then there’s a good chance it’s being used without permission.
  • In the event that the metadata has been stripped out (and that is very easy to do), you can use reverse image search. Google’s is the most well known, but Bing also has a good one. TinEye is interesting, and their matching technology is better than most.
  • Email from Joan in Springfield: Dear Tech Talk. I have heard about bone conducting headphones. Are they the next great technology or just a gimmick? Enjoy the podcast. Joan in Springfield
  • Tech Talk Responds: If you often find yourself in a situation where you need to be aware of your surroundings but would also like to be able to listen to music, then a good set of bone conduction headphones may be right for you.
  • Instead of going inside or on top of your years, essentially blocking out most other sounds, bone conduction headphones transmit sound thought the bones in your skull.
  • Because they’re not blocking outside noise like most air conduction headphones do, sound quality won’t be quite as good. The sound won’t be as loud either, especially on the lower end. Here are a few good options
    • AfterShokz Trekz Air ($150) — It connects over Bluetooth 4.2, promises up to six hours of play time and 20 hours of standby, and charges in just two hours.
    • Vidonn F1 Titanium ($70) — It uses Bluetooth 4.1 for wireless connectivity, offers up to six hours of playback time and seven days of standby, and charges up in just two hours. Most of these metrics match that of the Trekz Air, making the F1 Titanium an excellent value.
    • AfterShokz Sportz Titanium ($50) – This is a wired headset. You will get 12 hours of playback time with these since they’re not also powering a Bluetooth module. Standby time comes in at 60 days, while the charge time is still a two hours. All solid numbers if you’re after a simple wired solution.
  • Email from Mary Margaret in Kansas: I have been using Chrome for quite awhile because it is more secure. Why does Google Chrome say website are not secure so often? Enjoy the podcast. Mary Margaret in Kansas
  • Tech Talk Responds: Starting with Chrome 68, Google Chrome labels all non-HTTPS websites as “Not Secure.” Nothing else has changed.
  • Chrome displays a lock and the word “Secure” when connected to an HTTPS site. Even if you enter passwords, provide credit card numbers, or receive sensitive financial data over the connection, the encryption ensures no one can eavesdrop on what’s being sent or alter the data packets while they’re travelling between your device and the website’s server.
  • This occurs because the website is set up to use secure SSL encryption. Your web browser uses the HTTP protocol to connect to traditional unencrypted websites, but uses HTTPS–literally, HTTP with SSL—when connecting to secure websites. Website owners have to set up HTTPS before it will work on their websites.
  • HTTPS also provides protection against malicious people impersonating a website. For example, if you’re on a public Wi-Fi hotspot and connect to Google.com, Google’s servers will provide a security certificate that is only valid for Google.com. If Google was just using unencrypted HTTP, there would be no way to tell whether you were connected to the real Google.com or to an imposter site designed to trick you and steal your password. For example, a malicious Wi-Fi hotspot could redirect people to these types of imposter websites while they’re connected to the public Wi-Fi.
  • BTW, these are all of the reasons that I use a VPN when connecting to a public hotspot. My data is encrypted whether the site is HTTPS or not.
  • Email from Lynn in Ohio: Dear Tech Talk. I am creating my own company to sell party supplies over the web. I don’t know anything about websites. About 5 months ago, I hired a web developer/marketer to create our site and handle our SEO. He created it in Drupal and began operation. However, the site has never been fully functional. We sought out alternative developers. Every one of them explained that he grossly over charged, under delivered and damaged our internet footprint. We are going to be working with a different company going forward.
  • He’s created a labyrinth of interconnected sites and it’s unclear who owns what or where it is actually hosted. He knows we are moving forward with a different company and he is threatening to either hold our sites ransom or arbitrarily shut them down unless we pay him over the top hosting fees. Love the show. Lynn in Ohio
  • Tech Talk Responds: If you own the domains and have the source code of your websites, it’s not a problem. Just hire another developer to move your sites to another hosting and continue with the development as if nothing happened. It won’t take much time to move everything.
  • If the rogue developer owns your domains, it’s harder. He can just turn them off anytime. You’ll need help from a domain name lawyer to get them back. The results are not guaranteed if the domain names are not protected by your trademark. So the first step will be getting the domains.
  • If you don’t have the source code from the site, it’s also not a big problem. Just hire a developer, who’ll download all the HTML/CSS of your existing websites and make a new Drupal or WordPress template and move the content. Then he’ll just make new installs for those websites on a new hosting. The complexity and time requirements of this task are low, unless you have some custom programmed features on those websites that take time to replace.

Profiles in IT: Steve Coast

  • Steve Coast is best known as founder of the OpenStreetMap community-based world mapping project and CloudMade, a geography-related company.
  • He was born December 20, 1980 in the UK and raised in Walderslade and London.
  • In the summer of 1999, Coast interned with Wolfram Research. He built polyhedra models in Mathematica.
  • In 1999, he enrolled in University College London, majoring in Computer Science.
  • In 2002, he was hired as a software engineer for Xrefer. He built graph layout algorithms to visualize the connections between large scale factual reference works.
  • In 2004, he founded the OpenStreetMap Foundation. He wrote all the early software, gave hundreds of talks, ran the mailing lists, maintained the server infrastructure.
  • He did initial mapping by riding a bike around London with a laptop and GPS.
  • He hosted mapping parties, where interested individuals would completely map small area in one weekend (like the Isle of Wright).
  • The project now has 1.6 million active contributors and is the de-facto map for large areas of the world. It has become the Wikipedia of maps.
  • In 2005, he received a BS in Physics from University College London.
  • In 2005, Coast co-founded Z.X.V. Consultancy with three friends.
  • In 2008, Coast moved to the US, first to San Francisco and later to Colorado.
  • In 2008, he co-founded Cloud Made, which attempted to be the RedHat of open source maps. It raised VC money from Nikolaj Nyholm and Sunstone Capital.
  • CloudMade provided a platform for software developers to build geo-enabled applications using of OpenStreetMap data.
  • He resigned from CloudMade in October 2010, although he remained a shareholder.
  • By 2015, CloudMade had pivoted twice, first to focus on location-based in-game advertising (“Zigi”) and more recently to the “connected car” market.
  • In 2011, he moved to Microsoft as Principal Architect. He wrote software for Bing Maps using open data.
  • In 2013, he moved to Telenav as Head of Open Source Mapping. He helped define product direction and community engagement. The company shipped Scout, the first turn-by-turn navigation system that used OpenStreetMap.
  • In November 2015, Coast published “The Book of OSM”. The book contains 15 interviews conducted by Coast with various users who had participated in the project.
  • In 2017, Coast was hired as Senior Manager at DigitalGlobe, the leading provider of high-resolution Earth imagery, data and analysis.
  • He has served as advisor to a number of tech companies, including Parknav, ChoreHat, what3words, MapJam, Auth0, SpaceKnow, and Navmii.
  • Open Street Map Link: https://www.openstreetmap.org/

Investor Sues AT&T for $224M Over Cryptocurrency Hack

  • Investor and tech entrepreneur Michael Terpin sued AT&T for its role in a hack that involved thieves stealing $24 million from his cryptocurrency accounts.
  • The incident occurred in January, when an AT&T employee in a Norwich, Conn. store transferred his number to an imposter.
  • This allowed thieves to intercept Terpin’s personal information, which was used to break into his cryptocurrency accounts.
  • According to Terpin, AT&T should’ve prevented the hack.
  • Access to his account was supposedly protected by an additional security measure: the need for a special six-digit passcode that only he knew.
  • In addition, the carrier had elevated his account to a special “high risk” security level after hackers stole his AT&T number in another SIM-swapping incident in June 2017.
  • According to his lawsuit, AT&T admitted to Terpin that the company employee in Connecticut had given up his number to the imposter without the need for the special passcode or even a scannable ID.
  • The lawsuit is demanding AT&T pay Terpin the $24 million lost in the hack and another $200 million in punitive damages.
  • It isn’t the first time a carrier has been sued over SIM swapping. In February, a Washington man filed a lawsuit against T-Mobile in a similar incident involving hackers porting over his number to steal his cryptocurrency funds.
  • To protect yourself, you should consider removing your phone number from important accounts. You can also substitute SMS-based two-factor authentication with alternatives like using an authenticator app, which will generate the special codes without the need for your mobile phone carrier. Cryptocurrency exchanges such as Coinbase support authenticator apps.

FBI warns global ATM bank heist could happen this week

  • The FBI warned banks on Friday that hackers are preparing to steal millions of dollars from ATMs in a digital heist.
  • The FBI has obtained unspecified reporting indicating cybercriminals are planning to conduct a global Automated Teller Machine cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an unlimited operation.
  • The report explained that cyber crooks could hack the banks or the card processing systems to clone cards. The hackers could then change account fraud controls, maximum withdrawal limits and even the amount of money in each account.
  • And that would allow the criminals to withdraw large sums of cash from ATMs around the world.
  • Earlier this year, hackers programmed ATMs to release cash from some banks in Virginia at preplanned times. Between 2016 and 2017, a series of cyberattacks targeted Virginia’s National Bank of Blacksburg. Hackers made off with $2.4 million from ATMs around the country in two different attacks on the bank. While customers got their money back, the bank did not.
  • The FBI is urging banks to go over their security procedures, and is suggesting that they implement strong password requirements, and audit and monitor their networks for suspicious activity.
  • Caruso also suggests making sure your debit card has a multi-factor authentication (also known as 2FA) set up on your accounts, or a two- or more step method to confirm your identity. For example, when withdrawing money at the ATM, you’ll enter a pin and then get an alert on your cellphone or via email to enter another six-digit access code.

Study of the Week: Women’s Pockets Too Small for Cellphone

  • According to The Pudding’s findings, pockets in women’s jeans are, on average, 48 percent shorter and 6.5 percent narrower than those of men’s.
  • The site says that only 40 percent of women’s front pockets can completely fit a iPhone X. The number only goes down for the Samsung Galaxy or Google Pixel (20 percent and 5 percent).
  • The Pudding marks a 100 percent success rate for the iPhone X, 95 percent for the Samsung Galaxy, and 85 percent for the Google Pixel.
  • They measured 80 pairs of jeans that all had a 32 inch waistband, meaning that these jeans were all made to fit the same size person.

Gmail’s Confidential Mode on Mobile Devices

  • Google’s big Gmail redesign was released in April.
  • One of the key features, Confidential Mode, is now available for mobile devices.
  • Once you’ve turned on confidential mode for a specific email, you can set an expiration date and passcode so that you can restrict access to the email either in the web interface or via SMS.
  • Recipients of these confidential emails won’t be able to copy, paste, download, print or forward the message, and attachments will be disabled.
  • Although confidential mode helps prevent the recipients from accidentally sharing your email, it doesn’t prevent recipients from taking screenshots or photos of your messages or attachments.
  • Recipients who have malicious programs on their computer may still be able to copy or download your messages or attachments.
  • The Electronic Frontier Foundation (EFF) digital privacy advocacy group thinks that this new mode isn’t secure at all, and might even lend users a false sense of security.

Smart Vacuum Hacked: Camera Accessed

  • Two researchers with enterprise security company Positive Technologies discovered vulnerabilities affecting the Dongguan Diqee 360 line of robotic vacuum cleaners and have shared details of the security flaw.
  • The vacuum cleaners, manufactured by Chinese smart home manufacturer Diqee, are equipped with Wi-Fi and a 360-degree camera for a mode known as “dynamic monitoring” that turns the machine into a home surveillance device.
  • The remote code vulnerability can give an attacker who obtains the device’s MAC address system admin privileges. The vulnerability is contained within the REQUEST_SET_WIFIPASSWD function and exploiting it requires authentication, though a default username and password combo is common (admin/888888).
  • The researchers suspect that the vulnerability in the Dongguan Diqee 360 robotic vacuum model might affect other products sharing the video module, including outdoor surveillance video cameras, smart doorbells and DVRs. Diqee also manufactures vacuums sold under other brands, as well, and researchers suspect that those devices would also be affected by the vulnerability.
  • The vacuum does come equipped with a privacy protection cover. Positive Technologies informed the manufacturer of the vulnerability, although no information is available yet about a patch.

Apple Files Hacked by Teen

  • A teenage boy from Australia has pleaded guilty to hacking into Apple’s network and downloading internal files, according to reports.
  • The 16-year-old accessed 90 gigabytes worth of files, breaking into the system many times over the course of a year from his suburban home in Melbourne, reports The Age newspaper.
  • It says he stored the documents in a folder called ‘hacky hack hack’.
  • Apple insists that no customer data was compromised.
  • Apple discovered the unauthorized access, contained it, and reported the incident to law enforcement. The matter was referred to the Australian Federal Police (AFP).
  • An AFP raid on the boy’s home revealed two laptops with serial numbers matching those of devices which had accessed the system. Police also seized a mobile phone and a hard drive.
  • The teen had boasted about his activities in WhatsApp messages. It reports that he had hacked into the firm because he was a huge fan and dreamed of working there.
  • His defense lawyer said that he had become very well-known in the international
  • The boy’s name has not been made public for legal reasons. He is due to be sentenced on 20 September.

Google Employees Protest Secret Work for China

  • Hundreds of Google employees are upset at the company’s decision to secretly build a censored version of its search engine for
  • The employees wrote in a letter that the project and Google’s apparent willingness to abide by China’s censorship requirements “raise urgent moral and ethical issues. Currently we do not have the information required to make ethically-informed decisions about our work, our projects, and our employment.
  • The letter is circulating on Google’s internal communication systems and is signed by about 1,400 employees.
  • China has the world’s largest internet audience but has frustrated American tech giants with content restrictions or outright blockages of services including Facebook and Instagram.

Recent Graduates Lack Soft Skills, New Study Reports

  • A recent Bloomberg study revealed that four in 10 corporations and almost half of academic institutions believe that recent graduates lack certain so-called “soft skills” needed in the workforce to be successful, including emotional intelligence, complex reasoning, negotiation, and persuasion.
  • Employers are now more focused on interpersonal skills rather than GPA, according to the study. In response, some universities are releasing extracurricular transcripts that demonstrate a student’s individual skills in addition to grades.
  • Such activities can provide a window into soft skills that employers increasingly are demanding in the workplace, from teamwork and self-regulation to multicultural competency and perseverance.
  • “Businesses are learning that GPA was an artificial measure of how successful the student could be on the job.
  • Due to the evolution of the workforce, adaptability is important.
  • Within the Bloomberg study, both corporations and academia found teamwork, analytical reasoning, complex problem-solving, agility and adaptability to be the most important soft skills.
  • K-12 education mostly focuses on standardized testing, which doesn’t assess soft skills. <
  • Things are changing so fast right now, an employee may have come out with a set of hard skills, but those may be obsolete in the next two to three years.
  • Soft skills, by contrast, do not become obsolete. Though they aren’t directly taught in most schools, some institutions are taking initiative.