Show of 10-13-2018

Tech Talk

October 13, 2018

Email and Forum Questions

  • Email from Hac in Bowie: Dear Doc and Jim. I recently installed Roku on te TV in the living room. I want to use this TV for Karaoke, but the YouTube interface is very difficult to use. Is it possible to use the YouTube client on my iPhone and simply mirror the screen to the Roku device? I have tried to do this can can’t figure it out. Love the show. Hac in Bowie, Maryland
  • Tech Talk Responds: The easiest way to look up Karaoke videos is to use the YouTube client on your iPhone. The YouTube client in Roku is very difficult to use. The good news is that Roku has a built in Chromecast capacity making screen mirroring very easy. First, you must got to setup in Roku and turn on screen mirroring for any device.
    • To begin with, go to “Network” and connect your Roku to the WiFi connection where the iPhone is connected.
    • After that, you need to set up your Roku Play device. Go to “Settings” and then choose “System”. Click “System update” to check whether your device is the latest version. If not, update it.
    • Once done, go back to “System”, choose “Screen mirroring” and enable its mirroring feature.
    • Right after setting up the Roku Play device, it is now time for you to mirror iPhone to Roku.
  • Now simply open the YouTube app on you iPhone and click the Chromecast icon. It will display the all-available Roku devices. Select the Roku device that is active on the mirroring TV. Any other app that supports Chromecast can also be mirrored.
  • Since Roku is a newly-developed technical product in terms of mirroring on television, there are some issues that you may face.
    • You may experience that a video takes some time to play. At that time, just wait for it and don’t be panic.
    • You may also find some time lag between the visuals and the audio of the video you are streaming.
    • The mirroring sometimes does not start while you stream iPad to Roku. Just turn it off and repeat the steps given above.
  • Email from Susan in Alexandria: Good morning, Gentlemen! So disappointed! Last week’s show teaser included a reference to a bug in the latest Windows 10 update that may delete some files, but time ran out before Dr. Shurtz got back to that topic.  Please do not forget to tell us “the rest of the story” next time! Thanks for “Tech Talk Radio.” Susan in Alexandria
  • Tech Talk Responds: Microsoft stopped the flawed update and have since fixed it. The new update does not delete files anymore. You are safe. I will cover it during today’s show.
  • Email from Lavona in Dumfries: Dear Doc and Jim. I am paranoid and all these smart home devices have me worried. Are they listening to my every word and collecting data 24/7? I feel like I am putting a spy in my house voluntarily. What are you thoughts about this? Lavona in Dumfries, Virginia
  • Tech Talk Responds: We are all paranoid about devices spying on us (and rightfully so). There have been so many stories about NSA hacks that allow smart televisions or laptops to spy on their owners. Are these worries justified.
  • Most smarthome devices need to be connected to the internet to function properly. This lets you control devices remotely from your phone or use voice commands to turn things on and off. Whenever you send a command to your devices, that data gets sent to the company that made that particular device.
  • If I’m away from home and I want to turn on my smart lights from my phone, I open up the Hue app and turn on the lights. That data gets sent to Philips to get processed. Whenever you activate Alexa, Siri, or Google Assistant, your voice command gets sent to their servers for processing, and what comes back is the result of your voice command. These companies also store all of the voice commands you’ve ever said, but you can easily erase the history if you’d like. Wi-Fi cameras do the same—video recordings are stored in the cloud. So your Nest Cam recordings are stored on Nest servers. They’re encrypted, so only you can view the video recordings.
  • This is not spying, especially since you agree to all of this data getting sent to these various companies. Furthermore, your smart speaker is not continually recording your conversations 24/7. Yes, it is always listening for the wake word, but it is not recording.
  • Being spied on by the companies themselves is one thing, but users are also afraid of being spied on by hackers who break into their smarthome devices. There’s a legitimate fear around this for sure, and theoretically, it’s possible. The NSA has proven it. However, if you make sure that all of your devices are locked down with a password, as well as two-factor authentication (if available), you make it difficult for something bad to happen.
  • Furthermore, it is best to stick with reputable brands when buying smarthome products, rather cheap knock-off Chinese brands. The bigger, popular companies have a reputation to uphold, so it is always in their best interest to create a secure interface for their devices, whereas a cheap Chinese brand that no one has ever heard of doesn’t need to care.
  • Email from Phillip in Pittsburg, KS: Dear Doc and Jim. I would like to delete my Facebook account. However, I have stored so many of my pictures there. Is there a way to download all my pictures easily and quickly from my Facebook account? After I do that, how do I delete my account? Love the show. Phillip in Pittsburg Kansas
  • Tech Talk Responds: You can download all your Facebook information, including pictures. Go to Settings. Then click on Your Facebook Information in the upper left-hand corner. From this window, you can both backup your data and delete your account. Click on Download your Information. You can download all of it at once, or you can select only the types of information and date ranges you want (like Photos and Videos). You can choose to receive your information in an HTML format that is easy to view, or a JSON format, which could allow another service to more easily import it. JSON (JavaScript Object Notation) is a lightweight data-interchange format. Select high media quality to get your pictures and videos in the highest resolution. Downloading your information is a password-protected process that only you will have access to. It may take an hour or so to create your file, depending on the size of your Facebook page. The file will be compressed using zip. You will need software to read the zipped file. The file will be available for download for a few days.
  • One you have verified your data, you can delete your account. Go back to Facebook/Settings/Your Facebook Information. Click on Delete your Account and Information. Enter your password and a captcha, and, it’s done. There’s a 14 day cooling down period where you can log into your account and stop the deletion process. Don’t log in for two weeks and it’s gone for real. All your account data will be deleted from Facebook’s servers (although it can take up to 90 days to be fully removed).
  • Email from Dennis in Maryland: Dear Tech Talk. I do not like to be tracked while I am on the Internet. How can I hide my IP address while surfing the web? Dennis in Maryland
  • Tech Talk Responds: Your IP address is like your public ID on the internet. Any time you do anything on the internet, your IP address lets servers know where to send back information you have requested. Many sites log these addresses, effectively spying on you, usually to deliver you more personalized ads to get you to spend more money.
  • One of the big reasons that people hide their IP addresses is so that they can download illegal material without being tracked. One reason is geographic restrictions and censorship. Some content is blocked by the government in certain areas, such as in China and the Middle East. The other reason to hide your IP address is simply for more privacy and to prevent misuse of your personal information.
  • The two primary ways to hide your IP address is to use a virtual private network (VPN). This is an encrypted data stream through a proxy server. When you browse the web while connected to a VPN, your computer contacts the website through the encrypted VPN connection. The VPN forwards the request for you and forwards the response from the website back through the secure connection. If you’re using a USA-based VPN to access Netflix, Netflix will see your connection as coming from within the USA. I recommend a paid VPN service (Express VPN or Nord VPN). Installing a VPN is as simple as heading to the signup page, downloading the client app onto your device. Windows, Mac, Linux, iPhone, and Android are all supported.

Profiles in IT: David Karp

  • David Karp is best known as founder and CEO of the blogging platform Tumblr.
  • Born in NYC July 6, 1986, Karp grew up on the Upper West Side of Manhattan.
  • Karp attended the Calhoun School from aged three through 8th grade.
  • At 11, he began learning HTML and was soon designing websites for businesses.
  • Karp attended Bronx Science for one year before dropping out at the age of 15 and started homeschooling. Karp had aspirations of getting in MIT or a NYC university.
  • Karp never returned to high school or earned his high school diploma.
  • Karp began interning at age 14 for animation producer Fred Seibert, founder of Frederator Studios. Karp’s mother had taught Seibert’s children at Calhoun School.
  • When entrepreneur John Maloney sought technical help with UrbanBaby, an online parenting forum, a Frederator employee recommended Karp for the job.
  • Karp completed the project, which had to be done in a couple of days, within four hours. Maloney made him UrbanBaby’s head of product and gave him some equity.
  • Karp left UrbanBaby after it was sold to CNET in 2006.
  • Using money from the sale of his shares, Karp started his own software consultancy company, Davidville, envisioning a mix of client work and his own products.
  • Marco Arment joined the company as an engineer after replying to a Craigslist ad.
  • Karp had been interested in tumblelogs (short-form, mixed-media blogs) for some time and was waiting for one of the established blogging platforms to introduce them.
  • As no one had done so after a year of waiting, Karp and Arment began working on their own tumblelogging platform during a two-week gap between contracts in 2006.
  • Tumblr was launched February 2007 and within two weeks, it had gained 75K users.
  • Fred Seibert introduced him to one of his own investors, Bijan Sabet of Spark Capital.
  • He was impressed with the Tumblr platform and tried to get him to launch a startup.
  • But getting Karp to commit to it as a business was tough. When Sabet brought Karp his a sheet Karp refused saying it was “too much money and too much pressure.”
  • But when the kitty was reduced to $750,000 at a valuation of $3 million, led by Spark and Union Square Ventures, Karp allowed himself to be persuaded.
  • In October 2007, Karp shut down his consultancy to work full time on Tumblr.
  • Davidville was renamed Tumblr, Inc. and 25 percent of the company was sold VCs.
  • He wanted to say small (4 employees), and the VCs (his mentors) wanted to scale.
  • As Tumblr’s user base climbed into six and seven figures, the site increasingly had stability issues. Not having an engineering team cost Tumblr several months.
  • On May 20, 2013, Yahoo bought Tumblr for $1.1 billion. Karp remained as CEO.
  • Karp announced in November 2017 that he will be leaving Tumblr by year end.
  • As of November 1, 2017, Tumblr hosts over 375.4 million blogs.

Update: Bug in Windows 10’s Update that Deleted Files Fixed

  • The Windows 10 October 2018 update had serious problems.
  • Microsoft halted the Windows 10 October 2018 Update because it was deleting some people’s files. Now, Microsoft has fixed the problem and explained what happened.
  • The problem was with the “Known Folder Redirection” feature. This is the feature that lets you move a known folder like C:\Users\Name\Downloads to D:\Downloads, for example. Other folders you can move include Desktop, Documents, Pictures, and Videos. After the April 2018 Update, some people who had previously used this feature reported an extra empty copy of the original folder. For example, an empty copy of the original C:\Users\Name\Downloads folder appeared. So, to solve the problem, Microsoft introduced code that would delete those old, empty folders.
  • There was just one problem: The code deleted these folders even if they weren’t empty. So, if you moved your Downloads folder to D:\Downloads but still had a C:\Users\Name\Downloads folder with files inside it, Windows 10’s October 2018 Update would remove the original folder and the files inside it.
  • Microsoft has now fixed this problem, and Windows 10’s October 2018 Update should stop deleting these “old” folders full of files.

Was your Facebook Data Stolen?

  • Hackers stole personal data from 29 million Facebook users in a recent hack, including information like phone numbers, emails, gender, hometowns and even relationship data.
  • There’s an easy way to check if your data was stolen. I just checked this weekend and mine was not stolen, but yours may have been.
  • Visit the Help Center page on Facebook’s website and log in to your account.
  • Link: https://www.facebook.com/help/securitynotice?ref=sec
  • It will tell you whether or not your data was stolen, and which data in particular was stolen.
  • It is worth noting that no “payment card or credit tha card information” was stolen.
  • Hackers would have been able to see the last four digits of a user’s credit card through this hack. Facebook also says it will reach out to people directly if their data was stolen.

Bloomberg’s Original Story: How China Implanted Spy Chips in Computers

  • Bloomberg’s original story had anonymous sources and has been denied, but it is still an interesting take on what could happen in a corrupted supply chain.
  • In 2015, Amazon.com Inc. evaluated a startup called Elemental Technologies, a potential acquisition to help with a major expansion of its streaming video service, Amazon Prime Video.
  • To help with due diligence, AWS, which was overseeing the prospective acquisition, hired a third-party company to scrutinize Elemental’s security.
  • The first pass uncovered troubling issues, prompting AWS to take a closer look at Elemental’s main product: the expensive servers that customers installed in their networks to handle the video compression.
  • These servers were assembled for Elemental by Super Micro Computer Inc., a San Jose-based company (commonly known as Supermicro) that’s also one of the world’s biggest suppliers of server motherboards, the fiberglass-mounted clusters of chips and capacitors that act as the neurons of data centers large and small
  • In late spring of 2015, Elemental’s staff boxed up several servers and sent them to Ontario, Canada, for the third-party security company to test, the person says.
  • Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice that was not part of the boards’ original design.
  • Amazon reported the discovery to U.S. authorities. Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.
  • During the ensuing top-secret probe, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.
  • This is a major concern for the US intelligence, since China makes 75 percent of the world’s mobile phones and 90 percent of its PCs.
  • This story has been denied by Amazon, Apple, and DHS.

More Evidence of Chinese Microchip Tampering

  • Another Bloomberg article published October 9, 2018, suggests that the story is not only real but pervasive. The microchip manufacturer Super Micro is again at the story’s crux. The company is alleged to have had its motherboards infiltrated by Chinese malware during the manufacturing process before their export to U.S. markets.
  • Bloomberg’s source is security expert Yossi Appleboum who was hired to scan “several large data centers” made by Super Micro and operated by an unnamed telecoms company. Appleboum claims he found additional evidence of the clandestine microchips implanted on the company’s motherboards — surveillance instruments meant to intercept data and spy on America’s biggest tech companies.
  • The malicious hardware was discovered in August, according to various forms of documentation Appleboum supplied to Bloomberg.
  • Unusual communications from a Supermicro server and a subsequent physical inspection revealed an implant built into the server’s Ethernet connector, a component that’s used to attach network cables to the computer, Appleboum said.
  • Appleboum offered a grim assessment of the Chinese supply chain, which dominates the manufacturing sector of the technology industry.
  • “Supermicro is a victim—so is everyone else,” he told Bloomberg. “That’s the problem with the Chinese supply chain.”
  • This story has also been soundly denied by Apple, Amazon, and the intelligence community. The Department of Homeland Security says that it has “no reason to doubt the statements from the companies named in the story.” The statement concurs with what UK cybersecurity officials said on Friday: that they were aware of the reports, but did not have any reason to doubt Amazon and Apple’s forceful denials that their systems were compromised.
  • DHS notes that it is aware of the report, and said that it recently launched several “government-industry initiatives to develop near- and long-term solutions to manage risk posed by the complex challenges of increasingly global supply chains.”
  • Cybersecurity experts have warned that such a threat does exist, and that it could be difficult to detect.

Deepfakes are being weaponized to silence women

  • Fake sex videos are not a new phenomenon, but advancement in AI is worrying as ‘deepfakes’ are becoming increasingly harder to distinguish from real videos.
  • Deepfake tech has become easily accessible and videos can be made via FakeApp or on affordable consumer-grade equipment, which is partly why earlier this year the web was flooded with pornographic films of high-profile female celebrities.
  • For 24-year-old Noelle Martin, her battle with deepfake pornography started six years ago. Anonymous predators stole non-sexual images of her from social media and posted them onto porn sites and threads.
  • The situation escalated even more, when it moved to doctoring images of her into graphic pornography, on the cover of pornographic DVDs.
  • Although it’s been six years since the first deepfake of Martin, she still faces continued harassment today.
  • Martin has continued to speak out publicly against deepfakes, and even gave a Ted Talk to share her story as a victim:
  • These deepfakes are still easily found by searching Martin’s name, raising questions about her future employability and online reputation. This is a real problem, in search of a solution.

Mirai botnet creators praised for helping FBI, won’t serve prison time

  • Three men pleaded guilty to creating and operating the Mirai and Clickfraud botnets, and then cooperated with the FBI.
  • Mirai degraded or completely took down Twitter, GitHub, the PlayStation network, and hundreds of other sites by targeting Dyn, a service that provided domain name services to the affected sites.
  • Prosecutors announced that the men had provided “extensive” and “exceptional” assistance to federal law enforcement. A federal judge then sentenced each of them to just five years of probation—no prison time.
  • The men, Paras Jha, 22, of Fanwood, New Jersey; Josiah White, 21, of Washington, Pennsylvania; and Dalton Norman, 22, of Metairie, Louisiana, will continue to cooperate with the FBI.
  • Prosecutors referenced their assistance in the 2017 federal takeover of the Kelihos botnet. In addition, they helped stop online fraud, prevent further DDOS attacks, mitigate an attack that leveraged a weakness in servers using the Memecache object caching system, and even assisted researchers investigating an attack from a possible state actor.
  • Jha admitted to being behind Mirai, according to court documents that were unsealed late last year. The Rutgers University computer science student was originally publicly identified as a likely suspect in January 2017 by Brian Krebs.
  • In a sentencing memorandum submitted on September 11, 2018, Adam Alexander, a federal prosecutor, marveled at how the men could be so notorious in the online DDOS community, and yet at the same time, “socially immature young men living with their parents in relative obscurity.”

Don’t Give Apps Access to Your Email (Even to Save Money)

  • Some online services want full access to your email account, so they can scan it for purchases, travel plans, or annoying newsletters. Apps like these generally sell your private data.
  • When you sign up, you “connect” your email. This gives the service access to your entire email account. They can see every email you have ever sent or received as well as all new incoming and outgoing emails.
  • But the contents of your email are unusually personal. A company with access to your email account could take all kinds of personal data and sell it.
  • Your email isn’t just a repository for receipts and newsletters. It’s a central point from where you manage all your other accounts. If someone has access to your email, they can reset the passwords for everything from your online banking to your Facebook account.
  • This also applies when you give apps access to other accounts, such as your Facebook, Twitter, and Dropbox accounts.
  • We recommend you check which apps have access to your accounts, review them, and revoke any apps you do not use.

Facial Recognition To Help Women Find Egg Donors

  • Every year, thousands of women struggling with fertility issues use egg donors so they can have babies of their own.
  • However, getting a child who looks like them is generally left up to the doctor’s judgement and fate.
  • A European company called Ovobank has created a facial recognition app called Ovomatch that not only uses the recipient’s phenotypical characteristics—like height, hair color, eye color, skin color, etc.—but also facial characteristics to find the best match possible to ensure the child will look as much like the parents as possible.
  • Most countries in the world require anonymous egg donation, which means the real identity of the donor is never released to the recipient or the child once they get older.
  • It is the doctor’s job to find a donor that physically resembles the recipient. Not only can that be taxing for the doctor, but it’s also completely subjective.
  • With Ovomatch, the recipient need only enter a bit about their general characteristics, then snap a selfie. The app will do the rest, pairing the recipient with the best match from its donor database.
  • The recipient is not allowed to see what’s going on, nor do they ever see an image of the potential donor match.
  • After this process is carried out, the app sends out two reports: One to the collaborating IVF center so they can begin to program the treatment, and the other to Ovobank so that it can prepare the necessary paperwork related to the egg donation.

The Pareto Principle in Software Design

  • The Pareto principle (also known as the 80/20 rule, the law of the vital few, or the principle of factor sparsity) states that, for many events, roughly 80% of the effects come from 20% of the causes.
  • Management consultant Joseph M. Juran suggested the principle and named it after Italian economist Vilfredo Pareto, who showed that approximately 80% of the land in Italy was owned by 20% of the population.
  • In software design, 80% of your users use 20% of your features or 20% of the code causes 80% of the errors
  • There is a well-known maxim that goes “done is better than perfect”.
  • Imagine a floor for a moment. 80% of the traffic uses 20% of this floor. It makes sense to focus your cleaning efforts on that 20% since the most people use it. You will not have a 100% perfectly clean floor, but you will get 80% of the way there in 20% of the time.
  • MVPs (minimum viable products) are the Pareto Principle in action. An MVP is an approach to software and product development.
    • The approach can be summarized as: build the thing you want to build with the least amount of features to engage early adopters. Once you have got those early adopters, you can start to learn from them and use this research to develop your product iteratively and incrementally.
    • When building an MVP, you need to gather research on your target users, their needs and goals. This research will give you the knowledge to work out the 20% of the critical and necessary features of your product to get 80% of the user satisfaction.