Show of 03-02-2019

Tech Talk

March 2, 2019

Email and Forum Questions

  • Email from Tom Schum: Dear Tech Talk. I don’t print often, and I was bothered by dried out inkjets for a long time. Now I have a Canon Selphy printer. It runs by dye sublimation and thermal transfer, so there is no ink.  This means no inkjets to dry out. Latest model is Selphy CP1300 for $99. It prints on 4×6 paper. A pack consisting of print ribbon and 108 4×6 sheets costs $30. Therefore, cost per print is high, about 30 cents each. But, you can put it in a box for a year and when you take it out and print it works perfectly, always. For the bigger print jobs I go over the internet, as you have recommended. Tom Schum
  • Tech Talk Responds: You are clever. The inkjet is only the cheapest if you use all the ink before it dries up. That is never the case for me either. I also have a Canon Selphy printer for the same reason. The dye sublimation and thermal transfer paper does not dry up. I use it to print pictures to share with guests directly from my cell phone. I use an inkjet for my normal document printing, which can get quite extensive.
  • Email from Rich in Madison: Dear Doc and Jim. I have having trouble getting sound from my Xbox Game Console. I recently purchased a new flat screen TV. The Xbox had been connected to very old flat screen from 2002. I connected to the HTMI port on my TV. Picture is fine, just no sound. Enjoy the show. Rich in Madison, Wisconsin
  • Tech Talk Responds: Your 2002 TV did not have an HDMI port (High Definition Media Interface). The first HDMI standard was released in 2002 ad large scale adoption to a few years. You TV supported DVI (Digital Video Interface). This interface was video only, not audio. Your TV probably supported optical fiber for high audio. I suspect that you Xbox is configured for DVI and optical fiber, which means that you need to change the Output Video and Output Audio configuration. To change the settings. Select System > Settings. Select Display & sound. Select Video output. Select TV connection. Select the HDMI option (rather than DVI). Select Audio output. Turn off optical audio. Turn on HDMI audio. Choose stereo, Dolby 5.1 or Dolby 7.1. BTW, your only audio option is optical audio until you change the output video to HDMI.
  • Email from Harry in Fairfax: Hi Dr. Shurtz, I got my first Roku player, the Roku LT, about six or seven years ago. It had composite cables which fit nicely in my old tube TV, and it’s been working well ever since.  After I bought it, I noticed that every few months new versions of the Roku player would come out.  I did not bother with most of them as my original seemed to work fine, but I did get a Roku HDMI streaming stick for my flat screen TV a few years ago. Recently I noticed that my Roku LT doesn’t support some apps such as Hulu Live, but the streaming stick does. I will now have to upgrade my Roku LT if I want to have those apps on my tube TV, which I do plan to keep as I feel the picture and sound quality is better than the flat screen models (and you cannot get tube TVs anymore).  My question is why so many new models of the Roku player, and how often should I be prepared to by a new one? Is it going to be like Apple products where you have to buy something new every year or two? Harry in Fairfax
  • Tech Talk Responds: Most of the changes in streaming sticks have been caused by increased steaming speed and more sophisticated applications. Both require more RAM. Stream speeds dictates more RAM for buffering. Larger applications equire more RAM to open. Plus, as you have seen, interface standards evolve from composite video to HDMI. The new hardware attempts to meet the new standards and continue backward compatibility with the old standards. To maintain cost, the devices are released with sufficient RAM for today’s apps, but not necessarily for tomorrows. The same is true for smartphones. The good news is that the upgrade cycles in video are slowing down so your upgrade frequency should also slow. Congratulations for keeping your old tube TV. You probably have the only one in the block.
  • Email from Doug in Richmond: Dear Doc and Jim. I am installing a new TV in my family room and am considering wireless HDMI for the connection. That way I can get rid of all my cables. What are your thoughts on this? Doug in Richmond
  • Tech Talk Responds: I briefly considered this technology a few years ago. Wireless HDMI products have been around for almost a decade, but they have not gained a lot of popularity. There are a lot of Wireless HDMI products on the market and they’re all pretty easy to set up. You plug a transmitter into the HDMI port of a video source and a receiver into the HDMI port of a TV and that’s all there is to it.
  • Wireless HDMI doesn’t require a Wi-Fi connection. The transmitter that you plug into your video source sends out a microwave frequency and the receiver that is plugged into your display decodes that frequency into video. Most Wireless HDMI products work around the 5 GHz microwave frequency, which can get congested by Wi-Fi and cellphone signals. Most new Wireless HDMI products use dynamic frequency selection to adjust to the least congested frequency.
  • Wireless HDMI has a latency problem. A video signal has to be encoded, transmitted, received, and decoded before it is displayed. Most Wireless HDMI products have a bit of lag. The longer the range, the greater the latency up to a few milliseconds. It is not good for gaming. However, you can use one cable box for multiple TVs. They just need to all be on the same channel.
  • There are no standards for Wireless HDMI. Wireless HDMI products that are on the market are not compatible with one another. The biggest problem with Wireless HDMI is the price tag. Most Wireless HDMI kits run for about $200, and they only contain a single transmitter and a single receiver and they don’t support 4K video. Broadcasting a single video source to multiple TV’s is just too expensive and difficult.
  • The bottom line is that streaming over Wi-Fi has simply overtaken this technology. Since I have cut the cord, I am steaming all my video over Wi-Fi without any HDMI cables. The streaming sticks simply plug into the HDMI port on each TV.
  • Email from Dave in Chantilly: Dear Tech Talk. I have a Ring doorbell and am worried about it security. I recently read that Ring has a vulnerability that would allow some to inject their own video into my device. Is this true and what should I do? Dave in Chantilly
  • Tech Talk Responds: A security flaw leaves Ring doorbells and cameras vulnerable to spying. Security researchers at Internet of Things security firm Dojo by BullGuard hacked an Amazon Ring video doorbell in real time. The successful exploit took advantage of a security vulnerability that could leave audio and video transmissions exposed to third-party attackers. The attacker must first gain access to the Wi-Fi network, either by guessing the password, cracking the encryption, or exploiting another smart home device connected to the same network. Once connected, the attacker can see audio and video as it is transmitted from the Ring video doorbell to the Ring application used by the owner. That footage is unencrypted when transmitted, making it easy to intercept once a hacker has gained access.
  • It easy for a hacker to spy on the homeowner and any other member of their family. The attacker could inject their own of a family friend or other regular guest like a babysitter knocking at the door to trick the homeowner into unlocking the door remotely.
  • If you are a Ring owner, you don’t need to panic too much about the hack. Amazon has been made aware of the issue and has issued an update to its Ring app to address the vulnerability. If you keep your app up to date, you should be protected from this particular attack.

Profiles in IT: Steven Pruitt

  • Steven Pruitt is best known as a Wikipedia editor who has made more edits on the English Wikipedia than any other editor.
  • Steven was born April 17, 1984, in San Antonia, Texas. The family moved to Monterey, CA for several years before settling in NoVA in 1989.
  • His mother was born in Russia. She immigrated to the US in 1979, when Leonid Brezhnev allowed Russian Jews to leave the country and reunite with relatives. Her childhood experience inspired him to create information be available to the masses.
  • In 2002, Pruitt graduated from St. Stephen’s & St. Agnes School in Alexandria, VA.
  • In 2006, he received a BA in Art History from the College of William & Mary.
  • Steven was a reader of classic literature as well as mysteries by Agatha Christie.
  • He began dabbling in Wikipedia when he discovered the online encyclopedia while he was attending William & Mary. Pruitt created his account in 2006 while a senior.
  • The first article he wrote was about Peter Francisco, a Portuguese-born Revolutionary War hero, who was Pruitt’s great-great-great-great- great-great grandfather on his father’s side of the family.
  • He puts in a couple of hours each weekday evening and more time on the weekends.
  • He is also an avid fan of opera, which provided inspiration for his username Ser Amantio di Nicolao, after a minor character in the Puccini opera Gianni Schicchi.
  • From September to June, he sings first tenor with the Capitol Hill Chorale.
  • Pruitt works at the U.S. Customs and Border Protection in DC is part of the records and information governance team. He helps transfer records to the National Archives.
  • Pruitt believes his volunteer Wikipedia work, helped him get the job at Customs.
  • In 2017, with over three million edits and more than 35,000 articles created, he was named as one of the 25 most important influencers on the Internet by Time, along with J.K. Rowling, President Donald Trump and Kim Kardashian.
  • As of February 2019, Pruitt had made over 3 million edits to Wikipedia, more than any other editor on the English Wikipedia.
  • In addition to his own writing and editing, Pruitt leads training sessions to help others learn how to edit, and he is interested in getting more women involved.
  • He has helped lessen systemic bias on Wikipedia via the Women in Red project. His Wikipedia edits have included creating articles on more than 600 women.
  • He believes that he is helping to “define who belongs in the greater canon of knowledge. With others, he is redesigning the canon.”
  • After being featured on CBS This Morning in January 2019, he decided to go on Reddit with a subreddit titled, Ask Me Anything..
  • He still lives with his parents in the home he grew up in.
  • User Page: https://en.wikipedia.org/wiki/User_talk:Ser_Amantio_di_Nicolao

FTC Fines Merchant for Fake Reviews

  • The Federal Trade Commission (FTC) successfully challenged a merchant’s use of fake, paid-for reviews for the first time.
  • The FTC targeted Cure Encapsulations, Inc. in a case that accused it of paying a third-party website to write and post fake Amazon reviews for its garcinia cambogia weight-loss supplement.
  • According to the FTC, the company advertised and sold “Quality Encapsulations Garcinia Cambogia Extract with HCA” capsules on Amazon.com as an appetite-suppressing, fat-blocking, weight-loss pill.
  • The FTC said the company paid a website called amazonverifiedreviews.com to write and post reviews of the weight-loss product for its Amazon listing, and also claimed that it asked the reviewers to ensure it maintained a rating of at least 4.3 stars out of a maximum 5.
  • Settling the case this week, the FTC imposed a fine of $12.8 million, with $50,000 due immediately and the rest suspended upon specific conditions.
  • In addition, Cure Encapsulations has been ordered to contact customers who bought the supplement, and to inform Amazon that it used fake, paid-for reviews.
  • The company has also been banned from making the same or similar products unless it has “competent and reliable scientific evidence” of their effectiveness in the form of human clinical testing.

Fakespot Used to Identify a Fake Reviews

  • Fakespot is a free site that analyzes Amazon product reviews to help you separate the good from the fake.
  • All you do is copy and paste the link to the product page, then click Analyze.
  • The service also offers browser extensions for Chrome, Firefox and Safari. Just click the Fakespot icon in your toolbar for instant analysis.
  • It is also available for Android and iOS.
  • Fakespot analyzes both reviews and reviewers, looking for questionable spelling and grammar, the number of reviews, purchasing patterns, mismatched dates and other telltale signs of suspicious review activity.
  • For example, a reviewer who’s new to Amazon, has posted only one review and uses lots of words like “great” and “amazing”? That review is almost certainly going to be marked “unreliable.”
  • Link: https://www.fakespot.com/

Teen Becomes a Millionaire Though Hacking

  • Nineteen-year-old Santiago Lopez from Argentina has become the world’s first hacker to make $1M from hacking legally.
  • He goes by the handle @try_to_hack.
  • He started reporting security weaknesses to companies through HackerOne bug bounty programmes in 2015, and has since reported more than 1,600 security flaws to organizations, including Twitter and Verizon Media Company, as well as private corporate and government initiatives.
  • More than 1,200 other organizations – among them the US Department of Defense, General Motors, Google, Twitter, GitHub, Nintendo, Lufthansa, Panasonic Avionics, Qualcomm, Starbucks, Dropbox, Intel and the CERT Coordination Center – have partnered with HackerOne to find more than 100,000 vulnerabilities and award in excess of $45m in bug bounties.
  • Lopez is a top-ranked hacker on HackerOne’s leaderboard, out of more than 330,000 hackers competing for the top spot. His specialty is finding insecure direct object reference (IDOR) vulnerabilities.
  • Lopez is self-taught. He was first inspired by the 1995 film Hackers and learned to hack by watching free online tutorials and reading popular blogs.
  • In 2015, when he was 16, Lopez joined HackerOne and earned his first bounty of $50 months later.
  • In the past three years, Lopez has been hacking after school, and now full-time, earning nearly 40 times the average software engineer salary in Buenos Aires.
  • HackerOne is now offering Hacker101, a free collection of videos, resources and hands-on activities that will teach everything needed to operate as a bug bounty hunter.
  • Website: https://www.hackerone.com/

NATO used Fake Facebook Accounts to Trick Soldiers

  • Anyone with a presence online leaves a digital footprint wherever they go.
  • The NATO Strategic Communications Centre of Excellence conducted an experiment to trick serving members of the armed forces.
    • Could they gather information about a planned NATO exercise?
    • What information regarding individual service personnel could they acquire?
    • Was it possible to directly influence people’s actions and behavior?
  • The experiment involved setting up fake accounts on, designing pages to attract attention and lure people in, setting up closed/secret Facebook groups, and using targeted advertising.
  • The premise was simple – the fake accounts, pages and groups all purported to be from, or affiliated to, members of the armed forces.
  • Soldiers preparing for a NATO military exercise shared details about it with the people behind the false accounts, which demonstrates the ease with which malicious actors or state agents could obtain sensitive information.

Periodic Table is 150 Years Old

  • French chemist Antoine-Laurent de Lavoisier came to publish the first comprehensive list of chemical elements, known today as the periodic table.
  • It was Lavoisier and his wife Marie-Anne who pioneered the technique of measuring quantitatively what went into and came out of a chemical reaction, as a way of getting to the heart of what such a reaction really is.
  • Lavoisier’s list of elements, published in 1789, five years before his execution, had 33 entries. Of those, 23 — a fifth of the total now recognized — have stood the test of time. Some, like gold, iron and sulphur, had been known since ancient days. Others, like manganese, molybdenum and tungsten, were recent discoveries. What the list did not have was a structure. It was, avant la lettre, a stamp collection. But the album was missing.
  • Creating that album, filling it and understanding why it is the way it is took a century and a half. It is now, though, a familiar feature of every high-school science laboratory.
  • Its rows and columns of rectangles, each containing a one- or two-letter abbreviation of the name of an element, together with its sequential atomic number, represent an order and underlying structure to the universe that would have astonished Lavoisier.
  • In 1794 Lavoisier was branded a traitor because of his involvement with taxation. He was also unpopular with revolutionaries because he had supported foreign scientists whom the revolutionaries wished to strip of their assets.
  • Antoine Lavoisier died by the guillotine at the age of 50 on May 8, 1794 in Paris.