All Shows

Show of 09-25-2021

Tech Talk September 25, 2021

Email and Forum Questions

  • Dear Tech Talk Heroes. I listen to the show all the time on 1500 AM, and have learned a couple things. One astounding development is that my wife said she is starting to enjoy the show too, and she HATES computers. I remember when you were discussing hard drive replacement, and that you could simply reload windows on the new hard drive and it would work without the authorization codes, because Microsoft tracks the computer itself. I was trying to remove some adware.  In the process, I removed something important and windows would not start.  Remembering what you said about hard drive replacement, I replaced my hard drive with a nice SSD and put my old hard drive into an external hard drive enclosure with a USB cable? It booted much faster with that SSD, and when I plugged in the old hard drive to the laptop USB port, all the data was there. So, thanks for saving all my data! I will continue listening for the next nuggets of wisdom! Tom Schum
  • Tech Talk Responds: Thanks for the feedback. I am glad your data is safe. You have a better computer now. But do not forget about the backup.
  • Email from Bob in Maryland: Dear Doc and Andrew. I was surprised to come across this article that speculated that Apple could be forced to kill Lightning and adopt USB-C in iPhones. The EU might finally kill Lightning, once and for all. I personally dislike the wide variety of nonstandard “standards”, but it looks like the EU might be pushing things in a certain direction. Apple claims this will increase electronic waste, but the EU says the opposite. What is going on here, Doc? All the best, your faithful listener, Bob in Maryland
  • Tech Talk Responds: the EU has announced new legislation that would standardize phone charging ports among phone manufacturers, requiring that all new phones use USB-C from 2024 onward. This could mean that the 2023 or 2024 iPhone would finally come with a USB-C port, in Europe at least. Granted, it would be silly for Apple to sell USB-C iPhones in Europe and Lightning iPhones everywhere else. So, if this legislation passes, it could effectively kill a proprietary port that was first introduced in 2012.
  • Apple is fighting this action. They contend that Lightning ports are smaller. This gives Apple an advantage. They can make slimmer devices. Apple also contends that Lightning ports may also be more durable than USB-C. With Lightning, the connecting tabs are on the cable itself. USB-C has connecting tabs on the port. Since these tabs are possible points of failure, Lightning ports are more durable.
  • Email from Lauren in Kansas: Dear Tech Talk. I am always upgrading my smart phone. I now have many deactivated laying around the house. It is possible to use the camera portion of these phones for a security cam? What other applications can I use for these phones? Lauren in Manhattan, KS
  • Tech Talk Responds: A deactivated iPhone still has a WiFi connection. You can still surf the web or as a remote for your Apple TV. Probably the best use as a webcam or baby monitor. There are dozens of incredible Android and iOS apps that can transform your phone into a useful smart home fixture and surprisingly smart security camera (especially if you are willing to mount it on a wall near an outlet for power). Note: This is an easy way to get a security cam, but your smart home security camera will not be great for the outdoors. Here are three options.
  • Alfred — If you’re looking for the best security cam app to turn an old phone into a security asset, Alfred is your pick. This excellently designed app is installed on two phones — one for using your phone’s camera as a security cam, and one for controlling all of your settings and viewing footage. Both Android and iOS versions are available.
  • Not only do you get streaming footage on your phone, but Alfred also offers a siren feature, two-way talking, motion detection, and a low-light filter. There’s also a “trust circle,” where friends will be able to access the cam themselves if necessary. It even works for multiple smartphone-turned-cam devices for whole-house monitoring. Paid versions are available for more advanced storage features.
  • AtHome Camera — AtHome is another app packed with useful features, including two-way talk options, night vision, and A.I. learning to recognize moving people as opposed to branches swaying in the wind. There’s also a mode that gives you a 24-hour time-lapse of everything the cam saw in the last 24 hours, so you can quickly look for anything suspicious. Both Android and iOS versions are available.
  • If your phone has the right sensors, it can even automatically start filming if it detects vibration. Note that there are two versions of the app, one for the phone that will act as a cam, and one for your own phone for controls, so make sure you download the right options.
  • Manything — Manything is a free app that can convert your iPhone, iPod Touch, or iPad into a Wi-Fi-connected security camera. Then, you can use a second iOS device as your mobile monitor or opt to keep an eye on things from the Manything web app. Both Android and iOS versions are available.
  • This app provides more than just a security camera; it has its own IFTTT channel, so you can link it to a huge range of web services and connected devices. For example, if you have Philips Hue lights in your house, you could set them to turn on automatically whenever Manything detects motion — making your phone act as both a motion-activated smart switch and a handy home-security tool that makes it look like someone’s at home.
  • Email from Leslie in Fairfax: Dear Tech Talk. Is there a way to listen to Pandora without WiFi or Internet? I mow 4 acres of grass and it sure does get boring. I would love to take Pandora with me. Leslie in Fairfax, VA
  • Tech Talk Responds: Pandora does have an Offline Mode that lets you download three stations (of Pandora’s choice) to your device via WiFi and then listen to them offline at a later time. Once you initiate the download procedure Pandora will select up to three of your stations and download the music for those stations to your device. Of course you’ll need enough free space on the device to hold the downloaded music files. Just be aware that this special Offline Mode is not available for those on the free plan (which is what I have).
  • I use Pandora all the time and just stream the data using my cellular connection. I do not listen to the car radio any more. It switches to the off line more, in cellular dead zones. Audio streaming does not take too much bandwidth. Pandora can stream music at several different sound qualities with different bit rates.
  • Currently, in the free version, Pandora allows users to choose from standard and higher quality. The standard setting streams at 64Kbps or 480Kb per minute and about 23MB an hour. The higher quality option runs at 128Kbps or 1.2MB/minute and 58MB/hour. However, if you subscribe to Pandora’s Premium and Plus packages, an even higher audio quality option streams at 192Kbps, as well as a lower 32Kbps for those who don’t want to use as much data.
  • For instance, using Pandora’s standard 64Kbps, you’ll hit .23GB in month, if you’re a casual 3-5 hour/day listener.
  • Alan in Manassas: Dear Doc. I thinking of tinkering around with Linux on my old laptop. What version of Linux looks and works most like Windows? I ready to expiment and to learn something new. Alan in Manassas, VA
  • Tech Talk Responds: Until recently, my usual answer was Linux Mint with the Cinnamon Desktop (https://linuxmint.com/edition.php?id=288).
  • Windowsfx have created Linux distros that mimics the look-and-feel of Windows 11. Windowsfx 11 (https://www.windowsfx.org/index.php/downloads/x86-64-bit-pc) is now available as a free download.
  • Just be aware that like any other Linux distro, Windowsfx is going to come with a learning curve for any Windows user who is giving Linux a try for the first time.
  • While the Desktop, Start Menu and many other screens mimic Windows 11 quite well, it’s still Linux underneath with all the advantages and disadvantages that entails.

 

Profiles in IT: Moxie Marlinspike

  • Moxie Marlinspike (real name Matthew Rosenfeld) is cryptographer and computer security researcher, best known as the creator of Signal messaging software.
  • He was born in Georgia, but he most keeps details of his childhood secret.
  • Marlinspike had the idea to try programming videogames on an Apple II in the school library. He copied commands from manuals to make shapes fill the screen.
  • Browsing the computer section of a local bookstore, Marlinspike found a copy of 2600 magazine, the catechism of the ’90s hacker scene.
  • After his mother bought a cheap desk­top computer with a modem, he used it to trawl bulletin board services, root friends’ computers to make messages appear on their screens, and run a “war-dialer” program overnight, reaching out to distant servers at random.
  • By his teens, Marlinspike was working after school for a German software company, writing developer tools. After graduating HS, he headed to Silicon Valley in 1999.
  • Jobless and homeless, he spent his first nights in San Francisco sleeping in Alamo Square Park beside his desktop computer.
  • Eventually, Marlinspike found a programming job at BEA-owned Web­Logic. But he wanted out, bored by the routine of spending 40 hours a week in front of a keyboard.
  • He started squatting in abandoned buildings with friends, eventually moving into an old postal service warehouse.
  • He took up hitchhiking, then he upgraded his wanderlust to hopping freight trains.
  • And in 2003 he spontaneously decided to learn to sail. He spent a few hundred dollars, all the money he had, on a beat-up 27-foot Catalina and rashly set out alone from San Francisco’s harbor for Mexico, teaching himself by trial and error along the way.
  • The next year, Marlinspike filmed his own DIY sailing documentary, called Hold Fast. It follows his journey with three friends as they navigate a rehabilitated, leaky sloop called the Pestilence from Florida to the Bahamas, finally ditching the boat in the Dominican Republic.
  • Marlinspike took for granted that authority was the enemy. He describes harbor patrols and train yard guards who harassed him and his fellow hobo voyagers. Cops evicted him from squats, hassled him in the towns he and his friends passed through, and impounded their car on what seemed to be thin pretenses. But merely going to demonstrations never felt like the right way to challenge the world’s power structures.
  • Instead, around 2007 he turned his political interests back to the digital world, where he’d seen a slow shift toward post–Patriot Act surveillance. He felt Internet insecurity is used by people he did not like against people he does like.
  • In 2008, Marlinspike settled in a decrepit brick mansion in Pittsburgh and started churning out a torrent of security software. The next year he appeared for the first time at the Black Hat security conference to demonstrate a program he called SSLstrip, which exposed a critical flaw in web encryption. In 2010 he debuted GoogleSharing, a Firefox plugin that let anyone use ­Google services anonymously.
  • In May 2010, he launched Whisper Systems, along with a pair of Android apps: Text­Secure, to encrypt text messages, and RedPhone, to protect voice calls. When the Arab Spring exploded across North Africa, Whisper Systems was ready with an Arabic version to aid protesters.
  • Twitter acquired the company for an undisclosed amount in 2011. The acquisition was done primarily so that Marlinspike could help Twitter improve security.
  • In 2011, Marlinspike presented a talk, “SSL And The Future Of Authenticity”, at the Black Hat security conference in Las Vegas. He outlined many of the problems with certificate authorities and announced the release of a software project called Convergence to replace them.
  • In 2012, Marlinspike and Perrin submitted an Internet Draft for TACK, which is designed to provide SSL certificate pinning and help solve the CA problem, to the Internet Engineering Task Force.
  • Marlinspike left Twitter in early 2013 and founded Open Whisper Systems as an open source project for the continued development of TextSecure and RedPhone.
  • At the time, Marlinspike and Trevor Perrin started developing the Signal Protocol, an early version of which was first introduced in the TextSecure app in February 2014.
  • In November 2015, Open Whisper Systems unified the TextSecure and RedPhone applications as Signal.
  • Marlinspike’s time at Twitter had given him an ambitious sense of scale: He was determined to encrypt core chunks of the Internet, not just its fringes.
  • He met a Whats­App cofounders Brian Acton and Jan Koum. Koum, who had grown up in Soviet Ukraine under the constant threat of KGB eavesdropping. Both men were almost immediately interested in using Marlinspike’s protocols to protect WhatsApp’s international user
  • Between 2014 and 2016, Marlinspike worked with WhatsApp, Facebook, and Google to integrate the Signal Protocol into their messaging services.
  • On February 21, 2018, Marlinspike and WhatsApp co-founder Brian Acton announced the formation of the Signal Foundation.

Observations from the Faculty Lounge

  • Moxie Marlinspike, Anarchist or Hero.
  • Moxie Marlinspike’s ingenious code protects texts and calls from snoops and spies. That has privacy advocates celebrating and law enforcement worried.
  • Marlinspike has quietly positioned himself at the front lines of a quarter-century-long war between advocates of encryption and law enforcement.
  • Since the first strong encryption tools became publicly available in the early ’90s, the government has warned of the threat posed by going dark.
  • The government warns that encryption software would cripple American police departments and intelligence agencies, allowing terrorists and organized criminals to operate with impunity.
  • In 2013, Edward Snowden’s leaks revealed that the NSA had secretly sabotaged a widely used crypto standard in the mid- 2000s and that since 2007 the agency had been using large volumes of data from tech firms’ data with and without their cooperation.
  • When we gave government the power to collect our communication data with the Patriot Act, our fears of abuse and overreach were validated.
  • While Marlinspike may present himself as an eccentric outsider, his ability to write secure software has aligned him with some of the tech industry’s biggest companies.
  • Marlinspike has enabled the largest end-to-end encrypted communications network in history, transmitting more texts than every phone company in the world combined.
  • He has protected the little man form the overreaching power of government authority.
  • So the question remains: anarchist or hero. I come down of the side of hero.

Trivia of the Week: Power Button Evolution

  • The international symbol for power buttons is a simple circle intersected at the top by a line.
  • This symbol is the fourth evolution of the standard for power buttons since the 1940s.
  • Early computer and electronic systems had toggle switches that were simply labeled On and Off on the respective sides of the toggle.
  • This standard was replaced fairly quickly in an effort to make switches universal across languages.
  • On and Off were replaced with the numerals 1 and 0, a nod to the binary system, indicating the power was on (1) or the power was off (0).
  • When toggle switches were replaced by push buttons, the symbol evolved again, this time to a circle with a line in the center indicating that the single button was capable of turning the machine on and off.
  • The introduction of lower-power states (such as the standby mode on modern computers) necessitated a fourth revision. The most recognizable iteration of the symbol, a circle broken by a vertical line, indicates that the button can power a machine on, off, or enter it into a power saving state.

Microsoft Moves to Eliminate Passwords

  • Microsoft is extending its passwordless sign-in option from enterprise customers that use Azure Active Directory (AAD) to consumer Microsoft accounts on Windows 10 and Windows 11 PCs.
  • It is simple to set up. If you have a Microsoft account, you can use the Authenticator App and within a few steps you can be passwordless.
  • Authenticator apps generate a one-time code that you use to confirm that it is you logging in to a website or service; they provide the second part of what’s called two-factor authentication (2FA).
  • When you set up an authenticator app with a website, that site generates a secret key – a random collection of numbers and symbols – which you then save to the app. The site usually shows you that key in the form of a QR code. When you scan that with the app, the key is then saved to your phone.
  • Then when you log in again to that website, it asks you to check your app for a code which it displays for a short time, usually 30 seconds. The app generates that code by combining the key the website gave you when you first set it up with the current time. If the key in the access code matches the one the website holds for you, it knows the right person is trying to sign in.