Show of 05-23-2020

Tech Talk May 23, 2020

Email and Forum Questions

  • Email from Alice in Baltimore: Dear Dr. Shurtz and Jim. Thank you for the “news you can use” that was dispensed on last Saturday’s show regarding the use of 70% alcohol for the safe and effective disinfection of cellular devices. I was actually able to find some 70% wipes at my local CVS. My question – are eco-friendly, non-alcohol based cleansers that use Sodium Coco-Sulfate and Citric Acid effective as anti-virals?  I enjoy the show – most of the time. Sincerely -Alice in Baltimore
  • Tech Talk Responds: While Sodium Coco-Sulfate and Citric Acid will kill 99.99 percent of pathogens according to research, I cannot find any vendor that recommends their use on cell phones. These ingredients are used in shampoos and cleaners and can cut grease. However, Apple only recommends 70% alcohol solution on a microfiber cloth. One of the best ways to completely disinfect your phone screen is to use a UV sanitizer. Although a UV phone sanitizer costs more than all your cleaning tools and cleaning agents combined, these devices claim to kill 99.9% of common household germs.
  • Email from Jim in Michigan: Dear Doc and Jim. Is it safe to run a laptop without a battery installed? I have heard conflicting answers and I would really love to have your opinion on the matter. The battery in my Lenovo ThinkPad T400s has gone bad, and I do not really want to replace it unless I absolutely have to. I plan to use this machine as a “Desktop PC” until it completely stops working. Jim in Michigan
  • Tech Talk Responds: Your laptop will run just fine without a battery installed with nary a problem. If you ultimately decide to go that route, you shouldn’t encounter any issues at all. But that being said, there a few things to consider before you decide to forgo the battery altogether:
    • A battery can come in handy at times even when a laptop is used as a “Desktop PC”. For example, it can serve as a built-in battery backup/UPS during times of severe power fluctuations and momentary outages (which happen to occur fairly often). Have you ever had the power go out right before you save a lengthy document that you’ve been working on? If so, you know how troublesome that can be.
    • While your intention is to use your laptop as a “Desktop” PC, you might wish to temporarily move it to another room or take it with you on a trip every now and then. And both are much easier to do if there is a hot battery installed.
    • Most replacement laptop batteries are actually relatively cheap these days. As a matter of fact, as of this writing brand new replacement batteries for your T400s are around $60 on Amazon.
  • Email from Rich in Madison, Wisconsin: Dear Tech Talk. We have only Android phones, but the rest of the family has iPhones. Is there an easy way to share files between iPhones and Android phones. I would like something like AirDrop, but that is only on the iPhone. Enjoy the podcast. Rich in Madison, Wisconsin
  • Tech Talk Responds: Getting files from an Android device to a Mac or iOS device is not always easy or convenient, and the same goes for transferring content from a Mac or iOS device to an Android device.
  • I recommend that you use Snapdrop. Snapdrop uses web browsers and the current Wi-Fi network you’re on to send data from one device to another. It first connects to a signaling server online via WebSocket. If it determines that the two devices work together as needed, the data transfer is completed using WebRTC (Web Real-Time Communication) over DTLS (Datagram Transport Layer Security), which sends the file from browser to browser. The server is only used to establish that the two devices can work together, and it will not have any access to the actual files being transferred since that happens peer-to-peer from one device directly to the other using DTLS. Data is encrypted, so the transfer happens securely.
  • Currently, all browsers support the WebSocket protocol, but ones that support WebRTC include Google Chrome, Mozilla Firefox, Opera Mobile, and Apple Safari. Now, connect both your Android phone or tablet and macOS or iOS device to the same Wi-Fi network. Then, with a compatible web browser, visit the following link (https://snapdrop.net).
  • With the website open, you’ll see a small radar image and a message that says, “Allow me to be discovered by: Everyone in this network.” The symbol looks very much like AirDrop’s icon, and the message also gives that illusion, though, unlike with AirDrop, you cannot change it from “everyone” to “contacts only” or “no one.” Your device is now discoverable to anyone on the network. Still, all file transfers require permission to download on the receiving end, so nobody can send you a payload or other infected file without you seeing it, at least. While it’s all pretty much the same, selecting a file on your device to transfer to another device will look different from Android to iOS to macOS. However, all will work similarly in some regards, such as when you try sending multiple files at once. You can do so, but unlike with AirDrop, they will be transferred one at a time, with each file needing permission on the receiving end to download separately.
  • Email from Joy in Ashburn: Dear Tech Talk. My friend just bought a Chromebook after the salesman at the computer store told her they are safer to use than Windows computers. He said it’s impossible for a Chromebook to catch a virus. I’d just like to know if you agree with him because I’m needing to get a new laptop myself. Joy in Ashburn, VA
  • Tech Talk Responds: He was incorrect when he told your friend that it is impossible for a Chromebook to catch a virus. While they don’t run Windows, Chromebooks still operate by executing a series of programming instructions. That means they are susceptible to catching a virus if one manages to make it through the powerful security that Google has built into the Chrome operating system. That can and does happen on rare occasions. However, the likelihood of a Chromebook becoming infected with a virus or some other form of malware is much less than with a Windows machine, for the following reasons:
    • There are a lot more Windows machines in use today than there are Chromebooks. That entices the hackers of the world to primarily target Windows machines since they provide “the most bang for the buck”. If Chromebooks ever become more numerous than Windows machines that will surely change.
    • Chrome OS is very basic and much less complex than Windows. That means there are simply a lot fewer potential avenues of attack for hackers to exploit.
    • Chrome OS has security protections built-in that prevent the entire machine from becoming compromised by a single malicious website or snippet of dangerous code. When you close the tab containing a security threat, the remaining tabs will continue operating just fine.
  • On the other hand, Windows computers have some great advantages of their own. For example, there are thousands of powerful and truly useful programs and apps that run under Windows but not under Chrome OS. And the same can be said about Apple’s Mac family of computers as well.
  • If you need a laptop primarily for Internet use and you want it to be as secure as possible, a Chromebook is indeed an excellent choice. However, if you need a powerful machine that can run (and do) pretty much anything you’d probably be better off sticking with either a Windows laptop or a Macbook.
  • Email from Alex in Fairfax: Dear Doc and Jim. What is an RTF file and how do I open it. Someone at work gave me an RTF file and I am at a loss. Alex in Fairfax
  • Tech Talk Responds: A file with the .RTF file extension is a Rich Text Format file. While a normal text file stores only plain text, RTF files can include extra information about font style, formatting, images, and more. They are great for cross-platform document sharing because they are supported by lots of apps.
  • RTF was created by the Microsoft Word team back in the 1980’s. It was intended as a universal format that could be used by most word processors, making it easier for people to share Word documents with people who do not use Word. Microsoft discontinued the development of RTF in 2008, but it’s still widely supported by apps on almost every operating system. If you have got any word processing app installed—Microsoft Word, LibreOffice, OpenOffice, AbiWord, and so on—you can open an RTF file with it.

 

Profiles in IT: Michael Saul Dell

  • Michael Saul Dell is founder and CEO of Dell Technologies, Inc.
  • He was born February 23, 1965 in Houston, Texas. The son of an orthodontist, Dell attended Herod Elementary School in Houston, Texas.
  • At age 8, Dell sent away for equivalency testing to earn his high school diploma.
  • He got a job as a dishwasher at age 12 and was quickly promoted to maître d’.
  • That same year, he formed a direct marketing company, which offered a national stamp auction through the mail. He earned $2,000 on the venture.
  • Dell had his first encounter with a computer at the age of 15 when he broke down a brand new Apple II computer and rebuilt it, just to see if he could.
  • Dell attended Memorial High School in Houston where he did not excel.
  • At age 16, he developed a scheme to sell newspaper subscriptions for the Houston Post through targeted marketing, and bought a BMW with the $18,000 he earned.
  • While a freshman pre-med student at the University of Texas, Dell started an informal business putting together and selling upgrade kits for personal computers in Room 2713 of the Dobie Center residential building. He applied for a vendor license to bid on contracts for the State of Texas, winning bids by not having overhead.
  • His parents were beginning to worry about his grades, so he promised he would quit his computer venture and devote himself to the books if his business did not perform.
  • During his first month of business, Dell made $180,000 in sales. But by the end of the year, the company was making $50,000-$80,000 a month.
  • With the help of an additional loan from his grandparents, Dell dropped out of college at the age of 19. In January 1984, Dell registered his company as “PC’s Limited.”
  • Operating out of a condominium, the business sold between $50,000 and $80,000 in upgraded PCs, kits, and add-on components.
  • In May 1884, Dell incorporated the company as “Dell Computer Corporation” and relocated it to a business center in North Austin.
  • Since day one, Dell has stuck to a unique set of business strategies. The company sells direct to the consumer, sidestepping the usual retail markups.
  • Each PC is made-to-order, and the company only keeps eight to 12 days worth of inventory on hand at any time, often purchasing components when the prices are low. Dell pioneered revolutionary supply chain practices
  • In July 1996, Dell offered online purchasing. By the late 1990s, the company was selling an average of $18 million a day online.
  • In the first quarter of 2001, Dell Inc. reached a world market share of 12.8 percent, passing Compaq to become the world’s largest PC maker.
  • In 2013, Michael Dell with the help of Silver Lake Partners, Microsoft, and a consortium of lenders took Dell private. The deal was reportedly worth $25 billion and faced difficulties during its execution. Dell received a 75% stake in the company.
  • In 2016, Dell acquired th enterprise software and storage company, EMC Corporation, for $67B.
  • In December 2018, Dell went public again.
  • Forbes estimates Dell’s net worth as of May 2019 at $41.3 billion.

Happy Birthday Pacman

  • The classic and enormously popular Pac-Man video game came out in Japan on May 21, 1980, and by October of that year it was released in the United States.
  • The yellow, pie-shaped Pac-Man character, who travels around a maze trying to eat dots and avoid four hunting ghosts, quickly became an icon of the 1980s.
  • To this day, Pac-Man remains one of the most popular video games in history, and its innovative design has been the focus of numerous books and academic articles.
  • The game was created by Namco in Japan, and released in the U.S. by Midway.
  • By 1981, approximately 250 million games of Pac-Man were being played in the U.S. each week on 100,000 Pac-Man machines.
  • Since then, Pac-Man has been released on nearly every video game platform. On May 21, 2010, the Google Doodle even featured a playable version to mark the 30th anniversary of Pac-Man’s release.
  • According to Japanese game designer Toru Iwatani, Pac-Man was conceived as an antidote to the overwhelming number of games with violent themes, such as Asteroids, Space Invaders, Tail Gunner, and Galaxian.

Observations from the Bunker

  • This is a great time to advance your career options.
  • What about the job dilemma? You cannot get a job without experience. You cannot get experience without a job.
  • The answer (drum roll please) is to get unpaid project-based experience.
  • Select a project and work on it.
  • Read industry rags (publications) to keep current.
  • Join user groups and participate in any virtual events (or real events when allowed).
  • The trick is to act like a professional so you will be viewed like a professional.

Most In-demand Side Hustles According to Fiverr and Upwork

  • Here are some areas where you can find lucrative work that you can do from home, according to experts from freelancer platforms Fiverr and Upwork.
  • Blogging, building websites and social media
  • As more businesses transition online, they’re looking to hire people who know how to build an online presence.
  • There are lots of ways you can do this, for example, you can earn anywhere from $75 to $1,045 writing an online article, or $135 to $995 optimizing existing content for SEO, according to Fiverr, which looked at a sampling of what users are earning now in their more than 300 categories.
  • Building a website, which entails writing code for WordPress, can earn you $395 to $4,095, according to Fiverr.
  • Video editors can charge between $100 and $3,200 to edit everything from social media videos to event footage.
  • And managing social media accounts for a brand, which includes strategizing, writing and creating posts for platforms like Twitter and YouTube, can earn you $25 an hour on average, according to Upwork.
  • App development and product testing
  • Mobile app development is one of the highest-paying side hustles on Fiverr, with projects costing between $300 and $3,000, but this requires knowledge of software engineering and coding.
  • Graphic designers who focus on UI, or user interface (which basically means designing the way users interact with a product like an app or website via the buttons they click or the text entry fields that use, etc.), can earn $185 to $6,300 on app projects.
  • Quality assurance testing, which is essentially testing that a piece of software or an application does what it says, can earn you $36 an hour on average. QA testers typically have a computer science background and knowledge of testing software like Selenium.
  • Teaching whatever you’re good at
  • Fiverr introduced new service categories between March 20 and April 3 to cater to people stuck at home during the pandemic, such as crafting, cooking, music, language and fitness lessons. People charge from $5 a class to $100 depending upon how involved the lesson is, and their own experience.
  • For example, home chefs sell recipes and remote cooking tutorials starting at $5, and as high as $100.
  • Personal trainers offer virtual training sessions or classes from $15 to $75.

Mac has Arrived: Malware Infects one in 10 Mac Users

  • According to security firm Kapersky, Macs have been the frequent target of what’s called the Shlayer Trojan.
  • The company reports that this has been active since at least early 2018, but in 2019 specifically it was the most common threat to macOS.
  • Around 10% of all Macs were attacked with it, and by itself, Shlayer represents 30% of all the Trojans detected on macOS.
  • The Shlayer Trojan is a delivery mechanism for a variety of malware payloads. It gets onto a Mac and then fetches other malicious code, typically adware.
  • Here is the sequence of events.
    • The first is that they click on a link to a site, which initiates a download of the Shlayer Trojan to the user’s Mac. Thousands of websites include this download, typically because the sites partner with cyber criminals.
    • Typically links take users to advertising pages which try to persuade them to download software. A common method is to display faked messages about Adobe Flash being out of date. The “Download Flash” button actually downloads the Trojan.
    • Once downloaded, the user is prompted to install an application.
    • Then when it has been installed, the Shlayer Trojan itself downloads adware or other such malicious apps.
  • One type of malware that the Shlayer Trojan installs is a Safari Extension and the Mac does ask if you are sure that you want to use it. However, while macOS is warning that this is an unrecognized extension, Shlayer is overlaying that message with a fake dialog box saying that the installation is complete.
  • Users see an “Okay” button and click it, but in reality they are clicking a Trust button that macOS was actually displaying. They are telling the Mac that it is okay to install this software, so it does.
  • Once installed, Mac users are bombarded with ads. Any browsing can also be affected by targeted ads being presented.

Gamers Beware of SMR Drives

  • Toshiba has just published a full list of all the consumer hard drives in their lineup that use SMR (shingled magnetic recording) technology.
  • Shingled magnetic recording (SMR) is a magnetic storage data recording technology used in hard disk drives to increase storage density and overall per-drive storage capacity.
  • Conventional hard disk drives record data by writing non-overlapping magnetic tracks parallel to each other (perpendicular recording), while shingled recording writes new tracks that overlap part of the previously written magnetic track, leaving the previous track narrower and allowing for higher track density.
  • The overlapping-tracks architecture complicates the writing process since writing to one track also overwrites an adjacent track. If adjacent tracks contain valid data, they must be rewritten as well. Hence, these drives are slower. This can affect gamers or high intensity uses like video editing.
  • This list was released after Western Digital publishing a full list of all their consumer HDDs using SMR. Now Seagate is the only HDD vendor which has not yet published a full list of their consumer HDDs using SMR.
  • Toshiba does not use SMR in the N300, a NAS drive intended for the consumer market — unlike Western Digital which uses SMR in some low-end WD Red NAS devices.

New CISA Security Alert: Millions of Users Risk

  • The Cybersecurity and Infrastructure Security Agency (CISA) warned this week over “rapid” deployments of Microsoft Office 365, organizations have been forced to change their collaboration methods.
  • The issue is that those organizations “may not be fully considering the security configurations of these platforms.”
  • The same measure that prompted Microsoft to warn enterprise customers of a “really, really, really, high” hacking risk back in February. “If you have an organization of 10,000 users,” the company said, “50 of them are going to be compromised this month.” That means more than one million compromised accounts per month.
  • According to CISA—the cybersecurity agency within DHS, “hasty deployments can lead to oversights in security configurations and undermine a sound Office 365-specific security strategy.”
  • That one measure is, of course, multi factor authentication (MFA). According to Microsoft, “Multi-factor authentication would have prevented the vast majority of the one-million compromised accounts [per month].” The shocking fact is that only 11% of enterprise users have this enabled, with the rest wide open to attack. Almost all of the enterprise Office 365 users reading this will not have MFA enabled.
  • Without MFA enabled, stupidly simple attacks are behind more than 80% of that vast number of account compromises—usually brute force password guessing or applying breached data from other sites to take advantage of password reuse.
  • CISA urges MFA to be enabled for administrator accounts, where successful attacks can be very damaging to an organization. But MFA should also be applied to all user accounts. It almost eradicates account compromises.
  • CISA also advises defining multiple administrator roles such that not every administrator compromise is a license to everything. It is clearly sensible to apply the principle of ‘Least Privilege,’ “assigning administrators only the minimum permissions they need to do conduct their tasks.”
  • CISA also advises disabling legacy protocols—POP3, IMAP and SMTP, which have much more limited security measures and do not support MFA. IMAP, SMTP, POP enablement creates a much, much higher target.