All Shows

Show of 05-01-2021

 

Tech Talk May 1, 2021

Email and Forum Questions

  • Tech Talk Facebook Post from from Robert Taylor: Dear Doc and Jim. I have a website that is hosted by GoDaddy. When I made a change to a web page on the site and then publish that change, the change initially did not show up in Brave or Edge. I cleared the cache and the change showed up. I then made further changes to that web page, but those changes did not show up. I again cleared the cache and cookies but the new changes did not show up.  I know the site is updating because when I look at it using Firefox I see the changes. I have cleared the cache and cookies again in both of the other browsers with no effect.  I have used Glary Utilities and CCleaner to clean my computer’s files and cache cookies etc. and still Brave and Edge do not show the updates to the web page. I checked the Brave and Edge browsers a few hours later and the new information was displayed from the website. I do not know why but there seems to be a delay in the cache being deleted for some reason I guess.  Robert Taylor
  • Tech Talk Responds: To speed up browsing, web browsers save copies of website data to your computer as a set of files called a cache. When you load a website, you are often viewing a local copy of elements from the site (such as images) pulled from your cache. Normally, if the browser loads a website and detects a change, it will fetch a new version of the site from the remote web server and replace the cache. But the process is not perfect, and sometimes your browser may end up with a local copy of the website data in your browser cache that doesn’t match the latest version on the server. As a result, a web page may look incorrect or not function properly.
  • To fix this, we need to force the web browser to discard what it already has in the cache and to download the latest version of the site. Many people call this a hard refresh.
  • In most browsers on PC and Mac, you can perform a simple action to force a hard refresh. Hold down the Shift key on your keyboard and click on the reload icon on your browser’s toolbar.
  • There are also keyboard shortcuts to perform the equivalent hard refresh. For instance, in Chrome, Firefox, or Edge for Windows, Press Ctrl+F5 (If that doesn’t work, try Shift+F5 or Ctrl+Shift+R).
  • Be aware that some web hosting services use caching plugins on the backend without letting the user know explicitly. You may be able to turn this off via your webhost’s configuration panel. Just to be sure, you can ask a webhost support member if any caching plugins are used, and request to have them turned off if needed.
  • Email from Bob in Maryland: Dear Doc, Jim, and the ethereal Mr. BigVoice. It appears there is no honor among thieves. Here is another example of hackers taking advantage of other greedy wannabe hackers with malware. The malware poses as hacker tools on Telegram but is actually steals digital coins. Researchers have named the malware HackBoss and say that its operators likely stole more than $500,000 from wannabe hackers that fell for the trick. What do you think, Doc? All the best, your faithful listener, Bob in Maryland
  • Tech Talk Responds: Researchers at Avast analyzing HackBoss note that the malware is packed in a .ZIP file with an executable that launches a simple user interface. Its single purpose is to add cryptocurrency-stealing malware on the victim’s system. The malware is designed to simply check the clipboard for a cryptocurrency wallet and replace it with one belonging to the attacker. When the victim initiates a cryptocurrency payment and copies the recipient’s wallet, HackBoss quickly replaces it, taking advantage of the fact that few users check the string before hitting the pay button. The endeavor appears to be profitable. Avast researchers say in a blog post that they found over 100 cryptocurrency wallet addresses associated with the HackBoss operation that received more than $560,000 since November 2018. What goes around, come around.
  • Email from Susan Church: Good morning, Doc and Jim. I don’t think you’ve featured Daniel Kaminsky before in “Profiles in IT.” The internet security expert (“savior”) died at the age of 42 on Friday, April 23, 2021. Susan in Alexandria
  • Tech Talk Responds: Great suggestion. We will feature Kaminsky today.
  • Email from Donna in Pittsburg: Dear Doc and Jim. Do you know when Microsoft is planning to release Windows 11? If memory serves they have always released a new version of Windows every 3 years or so and it’s already been longer than that since Windows 10 was released. I really need to buy a new laptop but I’d rather wait to get one with Windows 11 if it’s going to be available pretty soon. Donna in Pittsburg, KS
  • Tech Talk Responds: Microsoft isn’t currently planning to release a “Windows 11” at all. Several years ago they made the decision to move to a “rolling update” process for Windows 10 instead of periodically releasing a new version. Under their rolling update model they’re releasing a major feature update for Windows 10 every six months (more or less) and regular “bug fix” and maintenance updates once a month (and occasionally more often when situations require it). The semi-annual major feature updates are not new versions of Windows. They are simply updates to add new features to Windows 10.
  • I believe this is a good move for both Microsoft and Windows users. After Windows 8.1, reaches the end of its life cycle, Windows 10 will be the only “desktop” version of Windows remaining. That means Microsoft will no longer have to spend money and resources maintaining multiple versions of the operating system. That means new software will be simpler and more reliable because the developers won’t have to worry about building in legacy support for older Windows versions.
  • Email from Kathy in Boulder: Dear Tech Talk. My son has been wanting a nice gaming computer and I’m planning to buy him one for his 12th birthday. I looked at the gaming computers on Amazon and virtually every computer that came up runs Windows 10. It was the same thing at Best Buy. My son has been playing around with Linux for a while and he really likes it. That is why I’m trying to find a gaming PC with Linux on it. My question is why aren’t there any gaming computers that run Linux? And if there are some, can you recommend one? Kathy in Boulder, CO
  • Tech Talk Responds: There’s one simple answer: There are a LOT more Windows PCs in the world than there are Linux computers. Game developers target the Windows market because that’s where the real profit potential lies. Those companies have limited R&D and marketing budgets so they need to spend their money and concentrate their efforts on the population that promises the most return for their investments, and right now that population is Windows users. That’s also why there are more viruses aimed at Windows machines than Linux boxes or Macs.
  • There is also a secondary reason why gaming PCs tend to be Windows machines: Windows is simply better suited for gaming because it has much better support for gaming and the more powerful hardware that’s typically required for running the most resource-intensive games.
  • Email from David in Myrtle Beach: Dear Tech Talk. In early 2018, I installed a Samsung 250GB SSD in my Dell laptop. I recently read on another site that all SSDs wear out over time because they can only be written to a certain number of times. I am worried because this drive is now 3 years old and I have a lot of personal files on it that I don’t want to lose. My question is do you think this drive is likely to fail at some time in the near future? If you think it might I’ll go ahead and replace it now rather than taking a chance on losing my files. David in Myrtle Beach, SC
  • Tech Talk Responds: I’m glad you upgraded your laptop by installing a fast SSD. As you discovered they really can drastically speed up most any computer. The fact that you’re concerned about the possibility of losing your irreplaceable files to a drive failure leads me to believe that you haven’t been making regular backups of the data on the drive. Tthat is a huge mistake.
  • Just like hard drives, solid state drives can fail at any time. That’s why I strongly recommend that you start creating regular backups of your data right now. Since you’re using a Windows machine you can easily back up your SSD’s entire contents onto an inexpensive external USB hard drive using Windows’ built-in System Image utility. Having a recent System Image Backup on hand will ensure that you’ll be able to restore the entire contents of your SSD onto a new drive should the current drive ever fail. Luckily, System Image Backups are very easy to create.
  • You should not replace your SSD. Depending on how you use your computer (and how much) that drive could easily last another 3 years, or even longer.
  • When the drive finally fails, you’ll be able to simply install a new SSD in its place and then restore Windows and all of your programs and files from the backup. Within just a few minutes you’ll be right back where you left off before the old SSD died.

Profiles in IT: Daniel Kaminsky 

  • Daniel Kaminsky was a computer security researcher and co-founder of WhiteOps, a computer security company, best known discovering a security flaw in the DNS.
  • Daniel Kaminsky was born in San Francisco on February 7, 1979.
  • After his father bought him a RadioShack computer at age four, Kaminsky taught himself to code by age five.
  • At 11, his mother received a call from a government security administrator who told her that Kaminsky had used penetration testing to intrude into military computers, and that the family’s Internet would be cut off.
  • His mother responded by saying if their access was cut, she would take out an advertisement in the San Francisco Chronicle to publicize the fact that an 11-year-old could break military computer security.
  • Instead, a three-day Internet “timeout” for Kaminsky was negotiated.
  • Kaminsky attended St. Ignatius High School and Santa Clara University.
  • After graduating from college, he worked for Cisco, Avaya, and IOActive, before founding White Ops, his own firm.
  • He was a respected practitioner of “penetration testing,” the business of compromising the security of computer systems at the behest of owners who want to harden their systems from attack.
  • In 2008, Kaminsky discovered a fundamental flaw in the Domain Name System (DNS) protocol that could allow attackers to easily perform cache poisoning attacks on most nameservers.
  • He found a way that thieves or spies could covertly manipulate DNS traffic so that a person typing the website for a bank would instead be redirected to an impostor site that could steal the user’s account number and password.
  • Kaminsky’s first call was to Paul Vixie, a longtime steward of the internet’s DNS system. Vixie recalled that his panic grew as he listened to Kaminsky’s explanation.
  • Kaminsky then alerted the Department of Homeland Security and executives at Cisco and Microsoft to work on a fix.
  • Kaminsky worked with DNS vendors in secret to develop a patch to make exploiting the vulnerability more difficult, releasing it on July 8, 2008.
  • He presented his findings at the Black Hat Briefings. Kaminski, who typically wore a T-shirt, shorts and flip flops, wore both a suit and roller skates for the presentation. His mother requested that he wear a suit and shoes with toes in them.
  • In April 2008, Kaminsky discovered various ISPs had experimented with intercepting return messages of non-existent domain names and replacing them with advertising content.
  • This could allow hackers to set up phishing schemes by attacking the server responsible for the advertisements and linking to non-existent subdomains of the targeted websites.
  • Kaminsky went public after working with the ad networks in question to eliminate the immediate cross-site scripting vulnerability.
  • On March 27, 2009, Kaminsky discovered that Conficker-infected hosts have a detectable signature when scanned remotely. Signature updates for a number of network scanning applications are now available, including NMap and Nessus.
  • In 2009, Kaminsky discovered numerous flaws in the SSL protocol. These include the use of the weak MD2 hash function by Verisign in one of their root certificates and errors in the certificate parsers in a number of Web browsers that allow attackers to successfully request certificates for sites they do not control.
  • In June 2010, Kaminsky released Interpolique, a beta framework for addressing injection attacks such as SQL injection and cross-site scripting in a manner comfortable to developers.
  • At various points in his career, Kaminsky shifted his focus to work on projects related to his friends’ and family’s health.
  • He developed an app that helps colorblind people, worked on hearing aid technology, and developed telemedicine tools related to AIDS among refugees.
  • In a 2016 interview, Kaminsky said, “the Internet was never designed to be secure. The Internet was designed to move pictures of cats. We didn’t think you’d be moving trillions of dollars onto this. Some of us got to go out and fix it.”
  • Kaminsky died on April 23, 2021 of diabetic ketoacidosis at his home in San Francisco.
  • He had been frequently hospitalized for the disease in prior years. After his death, he received tributes from the Electronic Frontier Foundation, which called him a “friend of freedom and embodiment of the true hacker spirit”, and Jeff Moss, who said Kaminsky should be in the Internet Hall of Fame.

Observations from the Bunker

  • Hacking is a Mindset, Not a Skillset.
  • You see, originally, hacking had nothing to do with computer programming: In fact, “hack” was originally a term used to describe pranks performed by MIT students: their pranks are projects or products that are completed to some end, but that also afford the participants some enjoyment by the mere fact of participating.
  • Hacking entails some form of excellence, for example exploring the limits of what is possible, thereby doing something exciting and meaningful. Activities of playful cleverness can be said to have “hack value
  • It’s what Silicon Valley is built on. A recent Harvard Business Review blog post described Silicon Valley as having a culture that believes “things are hack-able— that the way we’ve designed various systems is not pre-ordained or immutable.
  • We can tinker, re-design, and play with them.” It went on to say that participants in Silicon Valley companies “don’t ask for permission to do what they do… They are less interested in technologies per se than in playing with established ways of doing things and conventional ways of thinking, creating, learning, and being.”
  • They’ve adopted a hacking mindset. They translate this clever, ethical, enjoyable, excellence-seeking behavior to their everyday lives.
  • Hacking is a mindset, not a skillset. When you seek, in your everyday life, to deliberately find opportunities to be clever, ethical, to enjoy what you are doing, to seek excellence, then you’re hacking.
  • Now the key here is that this behavior is deliberate. Not a happy accident. If you are not acting this way deliberately, then we need to change your thinking and behavior a little bit in order to make this your default MO. In fact, your mission for tomorrow should be: “Do something that has hack value.”
  • The Principles of The Hacking Mindset
    • Challenge accepted! (Barriers are welcomed)
    • Blow away the box. Look for unexpected ways to make something better.
    • Bring your friends. Unique perspectives create more robust solutions.
    • Give it away now. Information and knowledge should be shared openly, freely.
    • Pay it forward. Teach the next generation to think like a hacker.
  • Based on the original definition of hacking, these are 5 principles that you can use to rethink situations, re-evaluate problems, and hack everything you do.

Neuralink Microchip Embedded in Monkey Brain

  • Elon Musk‘s Neuralink Corp. released a three-minute video on April 8, revealing a 9-year-old macaque monkey playing video games via two of the company’s implantable brain chips.
  • The company records from more than 2000 electrodes implanted in the regions of the monkey’s motor cortex that coordinate hand and arm movements.
  • Using these data, they calibrate the decoder by mathematically modelling the relationship between patterns of neural activity and the different joystick movements they produce.
  • After only a few minutes of calibration, they can use the output from the decoder to move the cursor instead of the joystick.
  • Though the monkey moves the scientist-unplugged joystick with his hand by “habit,” he interacts with the game entirely by method of “decoded neural activity.”
  • As the monkey thinks about moving his hand, the video game moves accordingly.
  • Are humans next? This may help paralyzed patients interact with the world.

Memory Lane: First Pagers Were Developed for Doctors

  • In the early 1950s, NYC-area doctors enlisted the aid of the Reevesound Company of Long Island City, NY to construct a remote notification system for the purpose of calling doctors back to the hospital in the event of an emergency.
  • The system was a success, but was quite a bit more complicated to use than modern pagers.
  • If a doctor needed to be recalled to the hospital using the 1950s model, the hospital would call a local station (operated by Telanswerphone, Inc.) and give them the name of the doctor they needed to contact.
  • The station would then take a piece of movie film (the standard 16mm variety) encased in a plastic stick that had the doctor’s specific identification code imprinted on it. That piece of film would then be fed into a machine with a primitive scanner, which would read the identification code and then transmit it to the tower, which would then amplify it up to 25 miles around the base station.
  • The doctor in question would turn on his radio receiver at least once per hour to listen for his number being broadcast. This would indicate that he was needed in some capacity and he would, in turn, phone back to his hospital or the transmitting station to receive a more specific notice.
  • The service cost $12 a month (equivalent to roughly $127 in today’s money) and was extremely popular with doctors, soon spreading to other professionals with time-sensitive jobs.
  • By the mid-1950s, Motorola was mass producing radio pagers for the New York City region.

The Pentagon Released UFO Videos.

  • The Pentagon released three Navy videos that have driven speculation about unidentified flying objects for years, saying it meant to “clear up any misconceptions” about whether the unclassified footage was real or complete.
  • The videos, captured by naval aviators, show objects hurtling through the sky, one rotating against the wind, and pilots can be heard expressing confusion and awe.
  • The Pentagon’s release cheered enthusiasts in the search for extraterrestrial life, even though experts caution that earthly explanations usually exist for such sightings.
  • Navy pilots spoke about objects that seemed to defy the laws of physics. Details emerged about a mysterious, five-year Pentagon program and claims of metal alloys said to have been recovered from unidentified phenomena.
  • Astrophysicists say there are many potential explanations for what appears in the Navy videos, including atmospheric effects, reflections, and bugs in the code of imaging and display systems of fighter jets.

Mars helicopter makes 4th flight, gets extra month of flying

  • After proving powered, controlled flight is possible on the Red Planet, NASA’s Mars Ingenuity helicopter has new orders: scout ahead of the Perseverance rover to assist in its search for past signs of microbial life.
  • The next phase extends the rotocraft’s mission beyond the original month-long technology demonstration. Now, the goal is to assess how well flyers can help future exploration of Mars and other worlds.
  • The type of reconnaissance that Ingenuity performs could one day also prove useful to human missions, by scoping out the best paths for explorers to traverse, and reaching locations that aren’t otherwise possible.
  • The four pound (1.8 kilogram) mini chopper successfully performed the fourth of its five originally planned flights on Friday, “going farther & faster than ever before.”
  • The fifth is planned in the coming days, then its mission will be extended, initially by one Martian month.
  • Whether it continues beyond that will depend on if it’s still in good shape and if it’s helping, rather than hindering, the rover’s goals of collecting soil and rock samples for future lab analysis on Earth.
  • It may be the cold nights that define its limits. Ingenuity keeps warm with a solar-powered heater, but it was only designed to last for a month and engineers aren’t sure “how many freeze and thaw cycles (it) can go through before something breaks,”.
  • NASA initially thought Perseverance would be driving away from the site where it landed at the Jezero Crater on February 18, just north of the planet’s equator.
  • That would have meant the rover leaving Ingenuity behind and moving beyond communications range.
  • Now though, the agency wants to keep Perseverance in the area for some time after finding a rocky outcrop that they believe contains some of the oldest material on the crater floor.