Tech Talk August 15, 2020
Email and Forum Questions
- Email from Bob in Maryland: Dear Doc, Jim, and the ‘distinguished’ Mr. BigVoice. Note that I did not mention in which way Mr. BigVoice is distinguished. The show last week was another gem. It was really interesting and I loved all of it, particularly that new feature, “Observations from the Bunker”.Anyway I stumbled across this obituary of Frances Allen. She Computer scientist Frances Allen, known for her work on compiling, dies at 88. You featured her March 27, 2010, but perhaps she deserved another mention. I am not that much of a ‘gamer’ but this week I noticed there seems to be quite a bit of drama around the Apple and Google Play stores. Epic will mock Appleâ€™s most iconic ad as possible revenge for Fortniteâ€™s App Store ban. Doc, do you have any insight you could enlighten us with? Anyway, I do love the show and always plan my weekends around it. Bob in Maryland
- Tech Talk Responds: Thanks for reminding of Frances Allen. I will feature her again today. She is a real pioneer, a woman who persevered in a manâ€™s world. As for Epicâ€™s fight. They are rebelling against the 30% commission on all in-game sales. Both Apple and Google charge exorbitant fees. They have a monopoly with their platform and they are exacting a high toll. In addition, if anyone make an app that competes with their products they ban it from the platform. In Epicâ€™s view, Apple has become the new IBM. They are mocking the iconic 1984 ad where all IBM PC users were zombies and only Apple could free them. Very effective ploy to turn the users against the platform. This may also stimulate an anti-trust investigation in Apple and Google.
- Epic Games CEO Tim Sweeney has issued a series of public comments on his personal Twitter account. In the four-part thread, Sweeney says the fight is not about money. Rather, he says Epic is fighting for â€œthe basic freedoms of all consumers and developers. At the most basic level, weâ€™re fighting for the freedom of people who bought smartphones to install apps from sources of their choosing, the freedom for creators of apps to distribute them as they choose, and the freedom of both groups to do business directly, We all have rights, and we need to fight to defend our rights against whoever would deny them. Even if that means fighting a beloved company like Apple.â€
- Email from Lynn in Ohio: Dear Tech Talk. Sometimes when I create a new account, I am given the option of logging in with Facebook or Gmail or my Email address. Why do I have these options? What difference does it make? Lynn in Cleveland, Ohio
- Tech Talk Responds: Great question. I you have you ever signed up for an online account and opted to log in to that account with your Facebook credentials instead of creating an account with that website, you gave that company permission to access your Facebook user data AND you gave Facebook permission to share it with them. That includes the use of any of your personal photos that have their privacy level set to public. This problem isnâ€™t limited just to third-party websites. It also applies to any apps that you enable on your Facebook account. Remember that quiz you took that you couldnâ€™t take until you enabled an app? The company behind that app (and quiz) probably has whatever personal information you entrusted to Facebook on their own servers right now.
- Unfortunately, itâ€™s too late to protect your data from the companies that youâ€™ve already allowed to access your Facebook account. They already have your information.
- You can limit the damage and prevent any future breaches by taking these steps:
- Log into your Facebook account and change the default privacy level of your Facebook posts from â€œPublicâ€ to â€œFriendsâ€.
- Set the privacy level of your phone number, birth date and email address on your â€œAboutâ€ page to â€œOnly Meâ€.
- Disable any apps within your Facebook account that you do not recognize, any apps you do not use or any apps that are connected to any third-party website. Better yet, disable all apps connected to your Facebook account.
- Email from Alicia in Fairfax: Dear Tech Talk. I have Windows laptop. When I close the lid it goes into sleep mode, but I would rather have it just shut down all the way because Iâ€™m usually going to just leave it in my laptop bag and not use it for a while. Is there a way to make it do that? Thanks. Alicia in Fairfax, Virginia
- Tech Talk Responds: This is easy to do and it is a good idea to shut your laptop down completely when you arenâ€™t going to be using it for awhile. Just follow the steps below to force your laptop to automatically shut down every time you close the lid:
- Right-click on the Start button and select Power Options from the drop-down menu.
- Click Additional power settings.
- Click Choose what closing the lid does.
- You should now see two columns of settings, one for when the laptop is running on battery power and one for when it is plugged into a wall outlet. In both columns, change the When I close the lid: setting to Shut down.
- Click Save Changes.
- From now on your laptop will shut down instead of going to sleep every time you stop using it and close the lid.
- Email from Alex in Baltimore: Dear Tech Talk. I have two Gateway Desktop computers, neither of which are operational. One has a bad motherboard and the other has a bad power supply. Can I replace the bad power supply with the one in the computer that has the bad motherboard? The power supplies look exactly the same and have the same cables and connectors, but the working power supply is rated at 400 watts and the bad one is only 350 watts. Alex in Baltimore, MD.
- Tech Talk Responds: You should be able to replace the 350 watt power supply with a 400 watt model with no problems whatsoeve. You should never replace a larger power supply with a smaller one (in wattage), but itâ€™s perfectly fine to replace one with a larger one. As long as the form factor (size and shape) and all the various wires and connectors match, everything should work just fine after you swap them out. You do need to verify that the mounting screw holes on the working power supply line up with the ones on the bad one.
- Static discharge can cause damage to various parts when working with the innards of a computer. To prevent static discharge damage from occurring, I strongly recommend that you always use an anti-static wrist strap when installing, removing, or even simply touching any of a computerâ€™s internal parts. These wrist straps are quite inexpensive, and you can get one at Amazon as well as many local electronics retailers.
- I also recommend that you unplug the power cord and all external devices (USB hard drive, monitor, keyboard, mouse, printer, router, etc.) and let the computer sit idle for at least 15 minutes before removing the cover from the case to work on its innards. That will give all the capacitors that are likely to cause problems due to a residual charge time to fully discharge before you start working on the computer.
- Before you disconnect anything, take a few high quality, brightly lit photos of the power supply connections to both the motherboard and all devices that receive power directly from the power supply (such as the disk drive(s) and video card).
- Email from Helen in Rockville: Dear Tech Talk. Is there anyway to block everyone from tagging me in their posts? How can I prevent them from posting things to my Timeline? Love the podcast. Helen in Rockville, MD
- Tech Talk Responds: There is no way to prevent someone from tagging you in a post, but you can force Facebook to ask your permission before a post youâ€™re tagged in appears on your Timeline. You will be able to review all requests to tag you in a post and then determine whether you want to allow it to be posted to your own Timeline. You can also specify who is allowed to post things on your Timeline. If you use Facebook in a web browser on a laptop or desktop computer:
- Log into your Facebook account.
- Click the down arrow at the far right side of the blue bar near the top of the Facebook window.
- Click Settings.
- Click the Timeline and Tagging link over in the left-hand column.
- Find the â€œWho can post on your Timelineâ€ line and click the Edit link, then change that setting to either Friends or Only Me.
- Scroll down to the â€œReviewâ€ section and change both settings to On.
Profiles in IT: Frances Elizabeth Allen
- Frances Elizabeth Allen is an American computer scientist and pioneer in the fields of compiler optimization and computer parallelization.
- She follows in the footsteps of Grace Hopper, who wrote the first compiler.
- She was born in 1932 and grew up on a small farm in upstate New York.
- Fran was raised on a dairy farm in upstate New York, the eldest of six children, in a house without electricity, plumbing or central heating
- She graduated from The New York State College for Teachers with a BS degree in mathematics in 1954, trained as a high school mathematics teacher.
- She taught high school for two years and went back to school for a Masters.
- She earned an MS degree in mathematics at the University of Michigan in 1957 and began teaching school again in Peru, New York.
- She took a graduate course in 1957 that involved programming a room-size computer to do elaborate mathematical calculations and was fascinated.
- Deeply in debt, she joined IBM on July 15, 1957 and planned to stay only until her school loans were paid, but ended up staying for her entire 45-year career.
- Starting as a programmer at IBM Research in July 1957, her first assignment was to teach the research scientists FORTRAN, which IBM had announced 3 months earlier.
- FORTRAN succeeded in generating programs that typically ran as efficiently as hand-coded programs, which was made possible by a compiler program.
- The FORTRAN achievement left a lasting impression on Ms. Allen, who spent much of her career in the field of advancing the science of making compilers more efficient.
- As a member of IBMâ€™s Stretch-Harvest project in the late 1950s early 1960â€™s, she was one of three designers assigned to the compiler.
- Stretch (IBM 7030) was delivered to Los Alamos in 1961 and was at the time considered a failure.
- As the language liaison with a project customer, the National Security Agency, she helped design and build Alpha, a very high-level code breaking language.
- From 1962 through 1968, she worked on an experimental compiler for IBMâ€™s Advanced Computing System (ACS).
- Allen designed and built the machine-independent, language-independent optimizing component of the compiler.
- Allenâ€™s seminal paper on Program Optimization first published in April 1966, described a new framework for implementing program analysis and optimization and described a powerful set of new algorithms.
- By partitioning and formalizing the problem space as it did, the work also provided a context for thinking about better solutions.
- Allenâ€™s later technical leadership on automatic parallelization projects such as the PTRAN (Parallel Translator) had significant influence on the science and technologies used in parallel systems.
- Her technical work and her advocacy for women has been widely recognized.
- Allen became the first female IBM Fellow in 1989.
- Allen is a fellow of the IEEE, the Association for Computing Machinery (ACM),
- In 1997, Allen was inducted into the WITI Hall of Fame.
- She retired from IBM in 2002 and won the Augusta Ada Lovelace Award that year from the Association for Women in Computing.
- In 2006 Allen was recognized for her work in high performance computing when she became the first woman to receive A.M. Turing Award.
- Allenâ€™s passions are climbing mountains and studying environmental issues.
- Sheâ€™s a member of the American Alpine Club and the Alpine Club of Canada, participating in exploratory expeditions to the Arctic and the Chinese/Tibet border.
- Allen died on August 4, 2020, her 88th birthday, from complications with Alzheimerâ€™s disease.
Observations from the Bunker
- Artificial intelligence is a totalitarian’s dream and we should take note.
- Individualistic western societies are built on the idea that no one knows our thoughts, desires or joys better than we do.
- Artificial intelligence (AI) will change this. It will know us better than we know ourselves. A government armed with AI could claim to know what its people truly want and what will really make them happy. At best it will use this to justify paternalism, at worst, totalitarianism.
- To prevent such a nightmare, we must not allow others to know more about ourselves than we do. We cannot allow a self-knowledge gap.
- AI allows a centralizing power to monitor citizens and know more about them than they know about themselves. China has eagerly embraced AI.
- Big tech companies collect vast amounts of data on our behavior. Machine-learning algorithms use this data to calculate what we will do and who we are.
- AI can predict what films we will like, what news we will want to read, and who we will want to friend on Facebook. From our Facebook likes, AI can predict our religious and political views, personality, intelligence, drug use and happiness.
- The Lenin said that capitalists would sell him the rope he would hang them with. AI, capitalist tech firms of Silicon Valley have sold communism a tool that threatens to undermine society. AI is Lenin’s rope.
- One way to prevent a self-knowledge gap is to raise our privacy shields. Cryptocurrencies can be “privacy-enabling.” Privacy reduces the ability of others to know us and then use this knowledge to manipulate us for their own profit.
DNC, RNC Planning Virtual Conventions
- The Democratic National Convention, which starts Monday, will take part online.
- The Republicans’ event kicks off a week later.
- The Democratic and Republican nominating conventions have been forced online, creating the biggest test yet for conducting life remotely during the coronavirus.
- The parties will seek to re-create that enthusiasm in high-production streaming events that beam their luminaries from around the country to online audiences.
- The Democrats, whose convention begins on Monday after a roughly month-long delay, have lined up the party’s most visible figures, including former President Barack Obama.
- The Republicans, who will make their case for four more years in the White House, grab the spotlight on Aug. 24.
- National party conventions date back to the 1800s and were originally raucous, spontaneous affairs filled with backroom deals and political horse trading.
- Today, conventions are scripted, choreographed affairs where little, let alone the nominee, is up in the air.
- Viewers can stream the Democratic National Convention on mobile devices through social media platforms, Twitter, Facebook and YouTube channels.
- The stream will be available on TV streaming platforms as well including Apple TV, Roku, and Amazon Fire TV and Amazon Prime Video.
- Plans for the Republican convention, which takes place Aug. 24 to 27, have been in a state of constant flux.
- Earlier this week, the GOP said it will livestream the formal re-nomination process, a move that followed pushback from the media because the committee had initially planned to hold the event behind closed doors.
- Trump says he will not give his speech in the host city and is instead mulling the White House or the Civil War battlefield of Gettysburg in Pennsylvania as potential backdrops.
Tip of the Week: Accessing a Flash Website on an iPad or iPhone
- If youâ€™ve visited an Adobe Flash-based website on your iPad or iPhone, you probably saw a message saying you need to install Flash to view that site.
- Apple has never supported Flash on the iPhone or iPad. This was Steve Jobs personal directive. Flash has never been part of the iPad or iPhone, and itâ€™s impossible to force Flash apps to run directly on these devices.
- Luckily, someone thought of a loophole! While you canâ€™t run Flash directly on an iPhone or iPad, you can simulate it. Thatâ€™s the concept behind Puffin, a browser app (currently $4.99) for the iPhone and iPad.
- It allows you to use Flash-based web apps by rendering Flash on a remote server, and then streaming the results to your device as a sort of interactive video. It also picks up your local inputs and sends them to the server, so it seems like you are using Flash locally.
- You can download Puffin from the App Store and visit your favorite Flash-based sites.
- BTW, you can also use the Photon X Flash Player app, which which handles Flash in a similar way. It has in app purchases.
New Linux Malware threatens National Security
- The FBI and NSA have issued a joint report warning that Russian state hackers are using a previously unknown piece of Linux malware, called Drovorub, to stealthily infiltrate sensitive networks, steal confidential information, and execute malicious commands.
- The Drovorub malware is a full-featured tool kit that has gone undetected until recently.
- The malware connects to command and control servers operated by a hacking group that works for the GRU, Russiaâ€™s military intelligence agency that has been tied to more than a decade of advanced campaigns, many of which have inflicted serious damage to national security.
- The Drovorub toolset includes four main components:
- A client that infects Linux devices;
- A kernel module that uses rootkit tactics to gain persistence and hide its presence from operating systems and security defenses;
- A server that runs on attacker-operated infrastructure to control infected machines and receive stolen data; and
- An agent that uses compromised servers or attacker-control machines to act as an intermediary between infected machines and servers.
- A rootkit is a type of malware that burrows deep inside an operating system kernel in a way that prevents the interface from being able to register the malicious files or the processes they spawn. It uses a variety of other techniques as well to make infections invisible to normal forms of antivirus.
- Drovorub also goes to great lengths to camouflage traffic passing into and out of an infected network.
- The malware runs with unfettered root privileges, giving operators complete control of a system.
- Drova is slang in Russian for â€˜drivers,â€™ as in kernel drivers. So the name likely was chosen to mean â€œ(security) driver slayer.
- Agency officials said that a key defense against Drovorub is to ensure that all security updates are installed.
- The advisory also urged that, at a minimum, servers run Linux kernel version 3.7 or later so that organizations can use improved code-signing protections.
- System owners are advised to configure systems to load only modules with a valid digital signature making it more difficult for an actor to introduce a malicious kernel module into the system.
Beware of Counterfeit Network Equipment
- Cybersecurity company F-Secure on July 15 released a report detailing counterfeit Cisco Catalyst 2960-X series switches..
- The investigation centered on a pair of counterfeit network switches. Investigators determined that the counterfeits were designed to bypass processes that authenticate system components.
- The counterfeits were discovered by an IT company after a software update stopped them from working.
- At the company’s request, F-Secure Consulting performed a thorough analysis of the counterfeits to determine the security implications.
- The report is a real-life, detailed technical analysis on how counterfeit devices work. It illustrates how existing IP can be compromised, duplicated, and security protection bypassed to make almost perfect clones of existing products.
- A counterfeit unit can operate outside the boundaries of legitimate and authenticated firmware. Such firmware can incorporate intentional backdoors implanted to allow network traffic monitoring and tampering.
- F-Secure’s investigators found the counterfeit devices did not have any backdoor-like
- F-Secure has the following advice to help organizations prevent themselves from using counterfeit devices:
- Source all your devices from authorized resellers
- Ensure all devices run the latest available software provided by vendors. In many cases, counterfeit units fail after the software is updated.
- Make note of physical differences between different units of the same product, no matter how subtle they might appear
- Look for suspicious console output messages such as authentication steps failing.
- Cisco provides a Serial Number Health Check tool to help in such detection. The mere existence of such a tool highlights how relevant this problem is.