Show of 05-11-2019

Tech Talk

May 11, 2019

Email and Forum Questions

  • Email from Lynn in Cleveland, OH: Dear Doc and Jim. I replaced my old broken desktop computer with a new laptop. Now I want me to copy the files off my old hard drive, but I don’t have a desktop PC to install it in. My old hard drive is a 160GB Seagate Barracuda ST3160023AS. What is the best way to recover my data? Enjoy the podcast each week. Lynn in Cleveland OH.
  • Tech Talk Responds: Your best bet is to buy a hard drive enclosure with a USB connection for your laptop. Your old Seagate hard drive is a 3.5″ drive with a SATA interface. That means you will need to purchase a 3.5″ external drive enclosure. A good option on Amazon is Mediasonic SATA to USB 3.0 enclosure that should work great with that drive. It has pretty good rating and only costs $20 on Amazon.
  • Email from Donna in Kansas. Dear Doc and Jim. I have a 15.6″ laptop and I usually rest it on my lap when I’m using it because it’s more convenient that way. My roommate is constantly tells me to stop holding the laptop on my lap because it can cause overheating and premature failure. Is he right? Donna in Kansas
  • Tech Talk Responds: A running laptop needs to “breathe” in order for its internal components to stay cool. When you rest a laptop on your lap, the air vents can become blocked, restricting the airflow into and through the machine. That leads to heat build-up inside the CPU and other critical components which could cause the laptop to fail prematurely. You can safely do that IF you rest the laptop on a lapdesk or some other stiff, flat object to facilitate proper airflow into and out of the machine. There a number of lapdesks on Amazon for around $20. Some a just a thing piece of wood with curved edges. You could make your own.
  • Question from Sarah in Baltimore: Dear Doc and Jim. I recently hid all of my Facebook contacts because I have some friends who do not get along with each other. However, I just found out that all of my friends can still see a list of the friends we have in common (i.e. our mutual friends). How can I hide the list of our mutual friends from the people I am friends with on Facebook? Enjoy the show. Sarah in Baltimore.
  • Tech Talk Responds: Unfortunately, there is no setting available that will prevent your friends from seeing who your mutual friends are. While you can easily hide your entire friends list from strangers, Facebook won’t allow you to hide your mutual friends list from the people you’re friends with. Even if you could hide your mutual friends that wouldn’t prevent your friends from figuring out which friends the two of you have in common. All they would have to do is look at your Timeline to see who is interacting with your posts.
  • Dear Tech Talk. Email from Nicole in Fairfax: Dear Doc and Jim. I am planning on buying a Chromebook, but most Chromebooks come with only 4 GB of RAM. Is that enough RAM or should I opt for more? My Windows laptop has so much more RAM. Nicole in Fairfax.
  • Tech Talk Responds: The short answer is that Chromebooks do not need that much RAM. The Chrome OS manages RAM much more efficiently than Windows. It uses a compressed block of RAM is dynamically reallocated as it fills.
  • Some Chromebooks come with as little as 2 GB of RAM, while others come with as much as 16 GB. The standard across most systems has been 4 GB for the longest time, but we are also starting to see an uptick in ‘books with 8 GB. If this will be a coffee table machine that you plan on using for light browsing, email, social networking, and the like, then, by all means, go for the 4 GB model. It is probably cheaper.
  • But if you plan on getting a Chromebook to use as your primary machine for work, school, play, and more, then you’ll likely want to spring for more RAM. While 8 GB is generally more than enough for nearly all users, the heaviest of users may want to even look at 16 GB systems.
  • Email from Mark in Richmond, VA: Dear Tech Talk. I have always encrypted the hard drive on my laptop security. I sometimes change my Windows password and am confused. If your password is used to encrypt your hard disk, how can you change your password and still be able to decrypt your disk? How is it possible that you can change your Windows password without re-encrypting a hard disk that was encrypted using that password? Enjoy the show using Alexa. Mark in Richmond, VA
  • Tech Talk Responds: I will assume you mean BitLocker whole-disk encryption used by Microsoft. You can often change the password (or passphrase) without needing to re-encrypt. The secret is simply this: your password wasn’t used to encrypt the disk.
  • When you first encrypt a disk, an encryption key is manufactured for you. It is a key you never see. It is generally what referred to as a “128-bit” or “256-bit” encryption key. It is not even something you would recognize as text. It is a purely random1 binary number. This encryption key is used to encrypt your data, not your password. In fact, your password hasn’t even been involved yet.
  • That randomly generated encryption key is itself then encrypted using your password (or some number based on your password). That encrypted encryption key is then stored somewhere, usually in your user profile on Windows. Your password unlocks the key, which unlocks the data.
  • When you change your login password, all the system has to do is
    • Decrypt the encrypted encryption key using your old password
    • Re-encrypt it using the new password
    • The actual key used to decrypt your hard disk never changed.
  • If you needed to change the encryption key used to actually encrypt your data, you would need to decrypt it completely and then re-encrypt.
  • Email from Mia in Reston: Dear Tech Talk. I would like to schedule my email delivery for a future time. I work very late at night on my emails, but I do not want them delivered until the morning when everyone is at work. I am currently using Gmail as my primary account. Love the show. Mia in Richmond.
  • Tech Talk Responds: Your in luck. Google added this feature in April 2019. Scheduling emails previously required a third-party extension. You can have up to 100 scheduled emails at a time.
  • In the Gmail website in desktop browsers, compose your email regularly. Instead of clicking the usual Send button, click the down arrow to the right of the Send button and then click “Schedule Send.” Tell Gmail when you want to send the email. You can pick a time like “tomorrow morning” or provide a custom date and time.
  • You can even schedule an email for a few years out. Perhaps you want to send a message to your future self a few years from now! Gmail will let you schedule emails up to the year 2068. If Gmail is still around in 48 years and Google has not changed the way this feature works, Gmail will send the email to your desired recipient—assuming they still have that email address.
  • In the Gmail app for iPhone or Android, compose your email normally. Instead of tapping the “Send” button, tap the menu button at the top right corner of the screen and then tap “Schedule Send.”
  • You can view your scheduled emails by clicking “Scheduled” in the left pane of the Gmail interface on your computer. Open the scheduled email that you want to stop. To cancel sending the email, click “Cancel Send” at the top right corner of the email.
  • Email from Linda in Myrtle Beach: Dear Tech Talk. I would like to connect my laptop to the HDTV in my living room. I have game apps on my laptop and would like to see them on the big screen. How can I make this connection? Linda in Myrtle Beach
  • Tech Talk Responds: A TV can even be thought of as a big computer monitor. To connect a laptop or desktop to your TV, you just need to connect an HDMI cable to the HDMI-out port on your PC and the HDMI-in port on your TV. Laptops make this extra easy, as you can just carry the laptop into your living room and set it down within cable length of your TV. Many laptops don’t have a full-size HDMI port to save space, so you may need to adapter cable. If your computer or TV is old and doesn’t support HDMI, it may support VGA or something similar. You can get an HDMI to VGA /audio adapter. Now you can view your computer’s screen on your TV.

Profiles in IT: Dustin Aaron Moskovitz

  • Dustin Aaron Moskovitz is an American Internet entrepreneur best known as co-founder and first CTO of Facebook.
  • Moskovitz was born May 22, 1984, in Gainesville, FL and grew up in Ocala, FL.
  • He attended Vanguard High School, graduating with an IB Diploma.
  • Moskovitz attended Harvard University as an economics major for two years.
  • In 2004, Mark Zuckerberg, Eduardo Saverin, Chris Hughes, and Dustin Moskovitz founded Facebook in their Harvard dorm room.
  • Moskovitz was so eager to be part of the project that he taught himself how to code over the course of a weekend.
  • Originally called thefacebook.com, it was intended as an online directory of all Harvard’s students to help residential students identify members of other dorms.
  • In June 2004, Zuckerberg, Hughes and Moskovitz took a year off from Harvard and moved Facebook Palo Alto, CA, and hired eight employees and expanded to 2,000 university and beyond. Within a year, FB generated 400M page views a day.
  • Moskovitz was Facebook’s first CTO and then VP of Engineering.
  • He led the technical staff and oversaw the major architecture of the site, as well as being responsible for the company’s mobile strategy and development.
  • On October 3, 2008, Moskovitz to co-founded Asana with Justin Rosenstein.
  • Asana is a app designed to help teams organize, track, and manage work. It has joined the unicorn club with a $600M valuation based on a series C funding round in 2016.
  • Moskovitz was also the biggest angel investor in the mobile photo-sharing site Path, run by another former member of Facebook, David Morin.
  • In 2011, Moskovitz co-founded the philanthropic organization Good Ventures with his girlfriend (and now wife) Cari Tuna in 2011.
  • Good Ventures has donated approximately $100 million from 2011 onward.
  • The joint collaboration with GiveWell led to a spinoff called the Open Philanthropy Project, whose goal is to figure out the best possible way to use large sums of money.
  • Moskovitz and Tuna are also the youngest couple to sign Bill Gates and Warren Buffett’s Giving Pledge, which commits to giving away most of your wealth.
  • For the 2016 United States Presidential election, Moskovitz announced that he and his wife are donating $20 million to support Hillary Clinton.
  • Moskovitz is married to Cari Tuna. Tuna currently works full time on Good Ventures, the couple’s private foundation, as well as the Open Philanthropy Project.
  • Moskovitz and Tuna attend Burning Man regularly, and Moskovitz has written about his reasons for doing so.
  • In March 2011, Forbes reported Moskovitz to be the youngest self-made billionaire in history. He is 8 days younger than Mark Zuckerberg, the next youngest.
  • In 2019, Dustin’s net worth is $12.5B, on the basis of his 2.34% share in Facebook

Baltimore Hit with Ransomware Attack

  • Baltimore Mayor Bernard C. “Jack” Young said Friday the city is “making progress” on recovering from the ransomware attack that crippled city government computers and servers on Tuesday.
  • The FBI is assisting city officials in an ongoing investigation, so Young couldn’t go into detail. However, he stressed that it is business as usual for city employees, except for the fact the computers are down.
  • “We’re moving forward and the citizens shouldn’t notice any difference other than they need to some and do things manually,” Young said.
  • According to officials, the city was struck by the RobinHood ransomware.
  • Authorities announced hackers were demanding about $76,000 to unlock encrypted files in city computers.
  • The same ransomware hit municipal networks in Greenville, North Carolina last month.
  • Last year, Baltimore’s 911 system was struck in a ransomware attack.
  • City employees who can’t work without computer systems may be asked if they’d be willing to help clean up the city if the attack takes longer than expected to fix.

Robinhood Ransomware Revealed

  • RobinHood ransomware is a variant of Golang ransomware.
  • It was originally coded in the Go programming language and compiled to a 32-bit executable.
  • RobinHood is a malware that encrypts the victim’s hard drive with the RSA+AES cryptographical combination and instructs the victim to reach out to them via Onion Tor website.
  • The RobinHood ransomware drops the victim notification file on the desktop detailing the demands and how to make contact.
  • Once contact is made, the attackers claim they will make a decryption tool available, thereby allowing the victim to recover their precious files, in return for payments made in bitcoin.
  • It is also notable that the ransomware does not spread within the network. It pushed on each machine individually after the initial network breach.
  • RobinHood ransomware’s CoolMaker function contains sub functions meant to disable and disrupt the victim’s PC backups and services. Some of the most interesting Golang functions are stored here, with names riddled with expletives. I can’t read those names onair. The F word is used liberally.
  • While the RobinHood ransomware does not appear to be sophisticated, it does include higher-level Go programming language code.
  • Based on the network intrusion and push tactic, this attack is reminiscent of previous SamSam ransomware attacks demanding high payouts ransoms set per machine.

Two Crypto-Mining Groups are Fighting a Turf War

  • This turf war has been secretly going on since late last year, ever since the rise of a new hacker group named Pacha, which was pretty successful at challenging Rocke — the top hacker group specialized in Monero crypto-mining operations.
  • It is the Pacha vs Rocke crypto-mining turf war.
  • Both groups operate mass-scanning operations that look for open or unpatched cloud services and servers to infect them with a multi-functional Linux-based malware strain.
  • The most aggressive of the two is, by far, the smaller Pacha group, which adopted a strategy of removing a long list of known crypto-mining malware strains on each server it infected.
  • Using this approach, Pacha hackers have slowly carved out a large piece on the crypto-mining scene.
  • The Pacha Group paid special attention to identifying and removing versions of Rocke’s miner, most likely in an attempt to eat away at its rival’s “market share.”
  • This trick of removing competitors from infected servers is also present in the Rocke group’s malware.
  • Currently, Rocke still has an advantage over Pacha due to the superiority of its malware, which has recently received the ability to uninstall cloud-based security products.
  • While initially crypto-mining operations targeted desktop users and standalone web or FTP servers, there has been a paradigm shift at the start of 2018.
  • A large number of crypto-mining groups realized that the Linux and Windows servers part of cloud infrastructure had access to far more processing power than isolated systems, and hackers shifted their focus to targeting cloud-based technologies such as Docker and Kubernetes as a result.

High-tech supremacy at stake in US-China trade war

  • A race for global supremacy in the tech sector is at the center of the fraught trade war negotiations between the United States and China.
  • The United States has long been the world’s high-tech champion, although China has made major strides and even taken the lead in some sectors.
  • But US President Donald Trump accuses Beijing of stealing American technological know-how.
  • The Communist Party has touted a program named “Made in China 2025”.
  • Beijing is aiming for technological self-sufficiency on 70% of key components and materials by 2025.
  • The plan has alarmed Washington, which fears losing a valuable market, and has complicated the trade talks between China and the US.
  • Chinese telecom giant Huawei has made great progress in its effort to become the global leader in next-generation 5G wireless technology.
  • The US government has banned all federal agencies from acquiring Huawei equipment.
  • Last year US authorities banned the sale of electronic equipment from another Chinese telecom firm, ZTE, after charging it with violating sanctions on Iran and North Korea.
  • The company, with 75,000 employees, was on the verge of bankruptcy until US President Donald Trump rescinded the decision.
  • On May 9, US regulators clamped down on China Mobile, denying the company’s request to operate in the US market and provide international telecommunications services.
  • DJI is the world’s number one producer of commercial and hobby drones, which are used for aerial pictures and video.
  • DJI produces 70% of the world’s commercial drones with no US competitor.
  • The Pentagon has banned the military from using DJI drones for security reasons.
  • In China, tech giants Baidu, Alibaba, and Tencent, collectively called BAT, dominate the market thanks in part to Beijing’s online censorship apparatus or “Great Firewall”, which blocks the likes of Google and Facebook.
  • In the field of geolocation, China uses its own satellite navigation network known as BeiDou, or Big Dipper.
  • It relies on a network of about 30 satellites and is expected to be fully operational worldwide from next year.
  • Trump has made artificial intelligence a priority sector, with the Pentagon announcing a US$2B budget last year specifically for the technology. China plans to invest US$150bil in the sector by 2030.
  • The US still files more patents than any other country, but China is expected to overtake them by 2020, according to the World Intellectual Property Organization.

Google unveils Auto-delete for Some Data

  • Google will soon let users automatically delete location history and other private data in rolling intervals of either three months or 18 months.
  • Choose a time limit for how long you want your activity data to be saved—3- or 18-months—and any data older than that will be automatically deleted from your account on an ongoing basis.
  • These controls are coming first to Location History and Web & App Activity and will roll out in the coming weeks.
  • Google location history saves locations reported from mobile devices that are logged into your Google account.
  • You can already go into your Google activity control settings to completely turn off the features that save your location history and Web and app activity.
  • But the new auto-delete option will provide a middle ground in which users who are concerned about the data storage can save activity data for a non-forever period of time without having to manually delete it once in a while.
  • Google’s announcement said that saving the data can make Google products more useful for you—like recommending a restaurant that you might enjoy, or helping you pick up where you left off on a previous search.
  • Google seemed to indicate that the auto-delete function will come to other.