Category Archives: digital home

Having better risk-based analysis for your banks and credit cards

Posted on by
1

When someone tries to steal money from your bank or credit card accounts, these days it is a lot harder, thanks to a number of technologies. I recently personally had this situation. Someone tried to use my credit card on the other side of Missouri on a Sunday afternoon. Within moments, I got alerts from my bank, along with a toll-free number to call to verify the transactions. In the heat of the moment, I dialed the number and started talking to my bank’s customer service representatives. Then it hit me: what if I were being phished? I told the person that I was going to call them back, using the number on the back of my card. Once I did, I found out I was talking to the right people after all, but still you can’t be too careful.

This heat-of-the-moment reaction is what the criminals count on, and how they prey on your heightened emotional state. In my case, I was well into my first call before I started thinking more carefully about the situation, so I could understand how phishing attacks can often work, even for experienced people.

To help cut down on these sorts of exploits, banks use a variety of risk-based or adaptive authentication technologies that monitor your transactions constantly, to try to figure out if it really is you doing them or someone else. In my case, the pattern of life didn’t fit, even though it was a transaction taking place only a few hundred miles away from where I lived. Those of you who travel internationally probably have come across this situation: if you forget to tell your bank you are traveling, your first purchase in a foreign country may be declined until you call them and authorize it. But now the granularity of what can be caught is much finer, which was good news for me.

These technologies can take several forms: some of them are part of identity management tools or multi-factor authentication tools, others come as part of regular features of cloud access security brokers. They aren’t inexpensive, and they take time to implement properly. In a story I wrote last month for CSOonline, I discuss what IT managers need to know to make the right purchasing decision.

In that article, I also talk about these tools and how they have matured over the past few years. As we move more of our online activity to mobiles and social networks, hackers are finding ways at leveraging our identity in new and sneaky ways. One-time passwords that are being sent to our phones can be more readily intercepted, using the knowledge that we broadcast on our social media. And to make matters worse, attackers are also getting better at conducting blended attacks that can cut across a website, a mobile phone app, voice phone calls, and legacy on-premises applications.

Of course, all the tech in the world doesn’t help if your bank can’t respond quickly when you uncover some fraudulent activity. Criminals specifically targeted a UK bank that was having issues with switching over its computer systems last month, knowing that customers would have a hard time getting through to its customer support call centers. The linked article documents how one customer waited on hold for more than four hours, watching while criminals took thousands of pounds out of his account. Other victims were robbed of five and six-figure sums after falling for phishing messages that asked them to input their login credentials.

Steve Ragan in a screencast below shows you the phishing techniques that were used in this particular situation.

The moral of the story: don’t panic when you get a potentially dire fraud alert message. Take a breath, take time to think it through. And call your bank when in doubt.

 

Finding the right escape room for your group

Posted on by
1

I am a bit slow to the whole escape room phenomenon, but it seems like a great idea to me. While I am not a computer gamer, I have run sites with that editorial content and know many professional gamers as a result. I am also a big Sudoku and crossword fan, having done those puzzles for more than a decade.

The idea, if you are still not tuned in, is to bring a few friends to a facility and try to escape from a locked room within an hour. You have to solve various puzzles. Actually, you have to find the clues and then figure out the puzzle, without a lot of guidance. If you haven’t ever done a room, you first have to be very observant, looking at what objects have been placed in the room, what information is written on the walls or displayed on various monitor screens, and what objects might lead you to other things. For those of you that don’t like solving puzzles, this is probably not something you are going to like. If you do like puzzles, or if you go to haunted houses every fall (or even build your own), this is probably something you have already checked out.

While I am not a computer gamer, I recognize that many years ago I spent weeks of my life trying to solve the puzzles of Myst. Back then, I said that “Myst starts out a total puzzle, and as you gain skills and understand the sequence of play involved, you get drawn into the universe of the game and lose track of real life and elapsed time.” You can say that about many modern computer games too. The problem with this is that you only have an hour to escape your particular room, and you don’t know how many puzzles you will have along your journey.

Given that there are thousands of rooms in cities all over the world, if you want to try one out the next hurdle is going to be to find one that suits your particular skills, experience, and group. Wouldn’t it be nice if someone reviewed rooms with some sort of consistency? Fortunately, there is a site that does called EscRoomAddict. I spoke to one of their editors, named Jeremie Wood. (You can see a sample of one review here.)

The site has teams of reviewers in LA, Chicago, New York, Kansas City, Denver and Toronto, which is where they began four years ago. They have reviewed more than 400 rooms in North America. There are other sites that have reviews, but not as well organized or as consistent in their evaluations as ERA, as they call themselves. The site doesn’t pay their reviewers, but usually the room operator comps the reviewers to do the room. Many of his reviewers have played 50 or more rooms during their tenure, and Wood himself has lost count but thinks he has been party to at least 180 room reviews.

He told me based on his experience that he doesn’t think the escape room craze has peaked yet, and there are still new rooms being built. One opportunity is to try to attract more corporate customers, who use the room as a team-building exercise. And part of that effort is what motivated the founders to start ERA, so that corporate customers could find the best rooms in a particular location.

The escape room landscape is also changing. “Many of the early operators have closed, mainly because the standards for the best experience keep going up.” You might think that the best rooms are the ones that take the most money to build, but that hasn’t been his observation. “I have seen great rooms that didn’t cost much, and lousy rooms that were very expensive,” he said. ”You don’t have to spend huge amounts of cash, but you do have to know what you are doing and design something that has really great puzzles and a great story.”

One of the reasons I like the ERA site is that it attempts to have consistent review metrics for all of its room reviews. The teams from the various cities met earlier this year here in St. Louis to try to iron out consistent style and to set up minimum requirements for their reviews. The reviewers also try to take into account a wide range of puzzle solving ability in their write-ups. Each room is done by at least three different people, who then collaborate on the review, and they usually agree on their evaluation.

Having been to so many rooms, Wood told me that the average Canadian rooms are smaller and more suitable for 4 to 6 people, whereas in the States, they can hold more participants. Also, in Canada, you usually book a room exclusively for your own group, even if it is smaller than the room capacity. In the US, your team is sharing the room with others if the demand is there.

If you have particular room experiences and want to share them with my readers, please post a comment here.

Hedy Lamarr, The First Geek Movie Star

Posted on by
Reply

The story sounds almost like a Hollywood plot, except it is true: A young starlet doing nude scenes as a teenager, goes on to invent a critical wartime technology that is ignored by the US Navy but ultimately forms the basis of WiFi and cell phones that we use today. Of course, I am talking about the life and times of Hedy Lamarr, the subject of a 2017 documentary film called Bombshell that is available from the streaming services.

She was also the subject of a 2011 biography from Richard Rhodes. I heard Rhodes back when he was promoting his book. Rhodes is the author of many intriguing history of science works, including the story of the Manhattan Project, and his book is worth reading. So is the film, which is also based on a 1990 taped interview that was recently found.

She is a fascinating study in how someone with both beauty and brains can not necessarily make the best of both thee worlds, but was constantly reinventing herself.

The movie traces her acting career and has various clips, including scenes from the provocative film Ecstasy, the one cited earlier that began her career and was banned by Hitler eventually. Lamarr was even the basis of one character in Mel Brooks’ Blazing Saddles.

Both the film and the book show how one of Lamarr’s many inventions, which she developed with her music composer neighbor George Antheil, came about through an odd inquiry. Lamarr was interested in a boob job and Antheil had written about early efforts in that area, again presaging another important intersection of Hollywood and technology. The duo went on to get a patent for a new technique for frequency-hopping radio communications. While not taken seriously at the time, it ultimately was deployed by the military in the 1960s during the cold war. While the technique involved piano rolls, the basis of frequency hopping continues to be used as part of spread-spectrum radio communications that are in common use today. Along the way, Lamarr made many movies and married and divorced six husbands, the first of whom was a Nazi arms merchant that got her interested in developing new technology for the war effort once she fled to America. She lived to be honored by the Electronic Frontier Foundation a few years before she died in 2000.

It is hard for many of us to grok a movie star with her trips to the patent office and test tube rack in her trailer on the movie set, but she was the real deal.

Lamarr once said that “Any girl can be glamorous. All you have to do is stand still and look stupid.” She was anything but.

My tinnitus story

Posted on by
1

I have been living with Tinnitus for 20 years, but until recently, I didn’t own it. Before I tell you how this came to be, a little background.

In 1998, I was diagnosed with Meniere’s Disease. I was experiencing intense dizzy spells, and many of you who are readers of this journal have heard or lived through what follows: dietary changes, a series of unsatisfying visits to various MDs, and a great deal of frustration. Back then, it wasn’t easy to do Internet research, but eventually my attacks stopped. What I got out of that experience was a case of Tinnitus.

My situation is a bit unique: I have been deaf in my left ear since birth. My right ear hears just fine – except for this continuous tone that sometimes is louder, sometimes is softer, but is always there. Over the years, I have learned to deal with it, but owning it? Nope. Sometimes I would hold a pity party for myself, sometimes it was more than annoying, especially when I was in crowded noisy rooms or restaurants. I remember one time I was at a professional conference of about 300 people. For dinner, we were seated at a very long tables and the noise was literally deafening. I quickly ate my meal and literally ran back to my room, in pain from the noise. I know it looked odd to my dinner companions.

I have been a member of ATA for most of those decades, and appreciate the amount of knowledge that the association provides its members in trying to understand and cope with this disease. But I didn’t own my Tinnitus. That is, until I went to the Iowa conference this past summer.

The conference is small – less than 100 attendees and that includes many of the speakers over two very full days. The audience is 90% professionals, including nurses, MDs and audiologists, with a few of us patients scattered in and allowed to participate. It was very worthwhile, and I want to describe some of the things that I learned during the event. I was surprised at how much I didn’t know, and it wasn’t just learning medical jargon, but actual, actionable, useful stuff that helped me begin to own my disease.

What does owning mean? It means that you control it, rather than it controlling you. You aren’t defined by your Tinnitus, you aren’t at its mercy, and you manage your own treatment and your own response to the disease. The noise you and I hear may be all in our heads, but we have to use our brains to figure out a way to cope and live our lives. Many of the stories here in this journal have carried this theme, but for some reason I didn’t really understand what they were getting at until I was sitting in the conference, listening to the various presentations. Then it all clicked, so to speak. (Sorry for that pun.)

Here are a few other things that I heard and took away from the event.

While I knew that Tinnitus is different for everyone, I didn’t realize how different it was. Meeting others who have it and hearing their stories was good to understand its individuality and the different paths that patients have taken to understand and cope with Tinnitus. When you see the breadth and depth of variations of research that is going on around the world, you begin to understand this is a huge problem – or many problems – to solve. You can get some of this by attending one of the local ATA support groups, too.

Another thing that I liked about the Iowa conference is that you get to put yourself in your doctor’s shoes and see Tinnitus from his or her perspective. This is helpful in understanding how they will treat you and respond to your needs and concerns. There were several presentations from audiologists, therapists, and other professionals so again you could appreciate their different points of view.

Meeting the ATA staff and board members attending the conference (ATA is one of the sponsors) was also a treat. It helps to put a face with the organization, and also gave me an opportunity to thank them personally for all their hard work in helping us.

The conference is also a good place to get first-hand knowledge about cutting-edge research, particularly by the University of Iowa team that has been involved in Tinnitus work for decades. By the end of the two days, you feel like you know these folks quite well.

At the conference, vendors present their devices and explain how they are used and whom they are intended. During one of these sessions, I learned that hearing aids are ways to manage Tinnitus, even if you don’t have much in the way of hearing loss. This is because they ca be programmed to block out the frequencies that you think you are hearing with your Tinnitus noise(s). Now I know I am a bit of an unusual situation – no hearing in one ear, and the opposite in the other. Not to worry – there are specific kinds of aids for this problem. Years ago I investigated in using a BAHA hearing aid, which involves implanting a microphone in the side of your skull (in my case, the left side) and transmitting the sound through your bones to your hearing ear. When I tried on the sample aid back then, I could actually hear stereo and locate the source of the sound coming from behind me – both of these for the first time. I opted not to use the aid then. But the advances of technology with regards to digital signal processing are significant, and now there are wireless CROS aids that can work with your cellphone via Bluetooth connections. At the conference, I could talk to audiologists who have installed both BAHA and CROS aids and get their first-hand experience. That kind of insight would be nearly impossible as an ordinary patient.

As patients, we tend to interact with the medical/industrial complex at the moment when we have a problem: we break a bone, we want it fixed. We have an infection, we want to get rid of it. But the single point of contact with our doctors method doesn’t work with a chronic condition such as Tinnitus (or Meniere’s or whatever). That is because research is ongoing: new drugs, new procedures, new devices, and so forth. We aren’t watching the medical literature like our doctors are doing, because we are busy living our lives. And even if we are willing to put the time into doing Internet research, we aren’t going to medical conferences and learning about many of the latest technologies and techniques. Until I attended the Iowa conference, my knowledge of Tinnitus was limited to what I read in this journal. While that is great it can’t provide me with everything that is going on in the world. The Iowa conference can quickly bring you up to speed in a way that doing your own net-based research or reading a medical journal article, even one intended for patients, can’t easily do.

Now, most medical conferences are way beyond my skills and knowledge (or so I imagine), and probably yours as well. The jargon of just understanding the different parts of the human body alone is daunting enough. The Iowa conference certainly had its moments when I was totally lost. But it had plenty of other moments when I got useful information that was clearly explained and in terms that any layperson could understand.

Next summer, put Iowa City on your calendar and plan on coming to the conference. You will be welcomed, and you might get to understand more about our common affliction. The cost is minimal for the benefits I received.

Keeping your home safe from the Internet of Bad Things

Posted on by
5

Back before we had nearly universal broadband Internet in our homes, the only safety electrically-powered device that we had to worry about was to replace the batteries in our smoke detectors every six months. With the Internet of Things, we now have a lot more capabilities, but a lot more worries.

Some friends of mine have 23 connected devices to their home network: a Nest thermostat, security cameras, Alexa, smart TVs, network printers, gaming systems, smart watches and their computers. I am sure I have forgotten a few others. All of them can be exploited and used for evil purposes. Think of them as that back door to your home that is wide open.

This exploit for smart TVs was a news item last year. It uses a special digital broadcast signal to gain access to your TV’s firmware. I have been trying to update my firmware for weeks with no success, but I guess hackers are more adept. Still, this is a major concern for IoT devices both in the home and in the workplace. Many device makers don’t have any firmware update mechanism, and those that do don’t make it easy or automatic for users to do it. And devices are usually not monitored on corporate endpoint protection tools, which are usually designed for Windows, Mac and Linux machines.

Part of the problem is that the number of IoT devices continues to climb, with estimates in the tens of billions in the coming years. These devices are seemingly everywhere. And they are an attractive target for hackers. Hajime, Mirai, Reaper, Satori and Amnesia are all IoT-based malware that has been seen in the past couple of years. The hackers understand that once you can discover the IP address of a device, you can probably gain entry to it and use it for evil purposes, such as launching attacks on a corporate target or to leverage access to a corporate network to steal information and funds.

So what can you do? One friend of mine is so concerned about his home network that he runs his own firewall and has two different network-attached storage devices that make copies of his data. This enables him to get rid of having any data on his computers and removes all at-risk programs on them to further secure them. That is probably more than most of us want to do, but still it shows the level of effort that you need to keep things safe.

If you aren’t willing to put this much effort into your home network, here are a few easier steps to take. First, make sure you change all of your devices’ default passwords when you first install them – if you can. Some products have a hard-coded password: if security is a concern, toss them now. Second, if you don’t have a firewall/router on your home network (or if you are using the one supplied by your broadband provider), go out and get one. They now cost less than $100 and are worth it if you can take the time to set them up properly to limit access to your networked devices. Next, make sure your Wifi network is locked down appropriately with the latest protocols and a complex enough password. If you have teenagers, setup a guest network that limits their friends’ access.

Granted, this is still a lot more work than most of us have time or the patience for. And many of us still don’t even replace our smoke detector batteries until they start beeping at us. But many of you will hopefully be motivated to take at least some of these steps.

Backing up your social network data

Posted on by
4

(updated 10/26/18, 7/18/19,11/22/22 and 1/10/25)

Brian Chen’s recent piece about social media privacy in the NY Times inspired me to look more closely at the information that the major social networks have collected on me. Be warned: once you start down this rabbit hole, you can’t unlearn what you find. Chen says it is like opening Pandora’s box. I think it is more like trying to look at yourself from the outside in. There is a lot of practical information and tips here, you might want to file this edition of Web Informant away for future reference when you have the time to absorb all of it.

TL;DR: If you are short on time, F-Secure has this website where you can gather this data from the leading social networks quickly. But you still might want to ready about my experiences below.

Why bother? For one thing, the exercise is interesting, and will give you insights into how you use social media and whether you should change what and how you post on these networks in the future. It also shows you how advertisers leverage your account – after all, they are the ones paying the bills (to the news of some US Senators). And if you are concerned about your privacy or want to leave one or more of these networks, it is a good idea to understand what they already know about you before you begin a scrub session to limit the access of your personal information to the social network and its connected apps. Also, if you are thinking about leaving or migrating to another non-Twitter service, it would be nice to have a record of your contacts before you pull the plug. One other warning: these archives are only available for a limited time period, so BOLO for the emails telling you when you can download them, otherwise the links will expire and you will have to issue another request.

None of the networks make obtaining this information simple, and that is probably on purpose. I have provided links to the starting points in the process, but you first will want to login to each network before navigating to these pages. In all cases, you initiate the request, which will take hours to days before each network replies with an email that either contains a download link or an attached file with the information.

The results range from scary to annoyingly detailed and almost unreadable. And after you get all this data, there are additional activities that you will probably want to do to either clean up your account or tighten your privacy and security. Hang on, and good luck with your own journey down the road to better social network transparency about your privacy.

Facebook:  https://www.facebook.com/dyi?x=AdkA0Kau6MLj_7I0

Facebook sends you an HTML collection of various items, some useful and some not. You download a ZIP archive. There is a summary of your profile, a collection of your posts to your timeline, a list of all of your friends (including those who have left Facebook) and when you connected with them, and any videos and photos that you have posted. Two items that are worth more inspection are a list of advertisers that have your information: I noticed quite a few entries to more than a dozen different state chapters of Americans for Prosperity PACs that are funded by the Koch brothers. Finally, there is a list of your phone’s contacts that it grabbed if you ran its Messenger application, which it justifiably has been getting a lot of heat for doing. Note that this is different from your friend list. Also, when I requested the archive Facebook temporarily locked my account which I then had to unlock before the download.

(The Verge has very detailed step-by-steo instructions that they try to keep current on the deletion process.)

LinkedIn:   https://www.linkedin.com/psettings/member-data

LinkedIn sends you two ZIP collections of CSV files that you can open in separate spreadsheets that contain different lists. The first set includes connections, contacts, messages that you have exchanged with other LinkedIn members, and profile information, and the second has activity, account history and invites Most of the files contained just a single line of data, which made looking at all of them tedious. The two collections of files is a bit odd: you should ignore the first one (which you get almost immediately) and wait for the “final” archive, which is more complete and arrives several hours later. Most of this data is rather matter-of-fact. One file contains a summary of your profile that is used for ad targeting, but there is no list of advertisers like with the other networks. Another file contains the IP addresses and dates of your last 50 logins, and another contains the dates and names of people that you have searched for on the network. What bothered me the most about my list of LinkedIn connections was the number of them differed by two percent from what is displayed on my LinkedIn home page and in the spreadsheet itself. Why the difference? I have no idea.

Google:  Takeout.google.com

Google operates somewhat differently and more opaquely than the others mentioned here. First, you go to the link above, which is a separate service that will collect your Google archive. The screen shot shows you just some of the dozens of different Google services that you can select to use in the gathering process. In my experiment this process took the longest: more than three days, whereas the others took minutes to several hours. Even before you get your archive, scanning this list and selecting which services you want included in your report is a depressingly lengthy activity.  When I finally got my archive, it spanned three ZIP files and more than 17GB in total, which is more than all the others combined.

However, that is just the beginning. When you bring up a web page that shows the various Google services, you have to separately extract the data for each service individually and each service uses it own data format that you then need to view in a particular application: for example, your calendar items are in iCal format, your email data is in MBOX format, and others are extracted in JSON format. Analyzing all this information can probably take a data scientist the better part of a few days, let alone you and I, who don’t have the tools, dedication or time. If you are thinking of de-Googling your life, you will have to do more than just switch to an iPhone and give up Gmail.

But wait, there is more: emails that you delete or find their way into your Spam folder are still part of your archive. In the Googleplex, everything is accounted for. Note that if you have uploaded any music to Google Play Music, this data isn’t part of your archive and you’ll have to download that separately.

Twitter: https://twitter.com/settings/account

Twitter will send you two files: one that is a PDF attachment that contains a list of all the advertisers that have your information, but the advertisers’ names are shown in their Twitter IDs and thus not very meaningful. The second document is an Html collection of all your tweets, and you can bring up your browser or access the data via in two formats: JSON and CSV exports by month and year. Notice that there is nothing mentioned about downloading all of your Twitter followers: you will have to use a third-party service to do this. One thing I give Twitter props for is that you have a very clear series of settings menus that might be useful to study and change as well, including connected apps and privacy settings. Facebook and LinkedIn constantly are rearranging these menus and make changes to their structure and importance, which makes them more difficult to find when you are concerned about them. But Twitter at least give you more control over your privacy settings and tries to make it more transparent.

Apple: http://privacy.apple.com/

Apple opened up its privacy portal earlier this summer to a few geographies and then to US and other countries in the fall. It took a day to request my data from 12 different datasets that it maintains, as you can see in the screenshot here. Each database corresponds to a particular app, such as AppleCare requests, iCloud bookmarks, interactions with your AppleID account, and contacts. You get .ZIP files for each one (split into smaller segments, if you request that), and you have to individually download each one. The link to the downloads expires in two weeks, which is a nice touch.

Manipulating these files isn’t easy. Almost each of these 12 files contain one or more nested .ZIP files within them, and it feels at time you are chasing your data down a hall of mirrors. My total downloaded, when everything was unzipped, was 7GB and covered more than 170 different files. Everything unzips into mostly .CSV files that will require parsing in your favorite spreadsheet. A lot of the information is coded in such a way that it meaningless without a lot of further study to tie back to your activities. For example, my Apple ID sign in file has a list of login dates for different services. Because it comes in an CSV import, you have to ensure that you format the date fields properly. In other words, getting this data is easy. Getting any actionable or useful information from the trove is not.

One data collection is useful, and that is your contacts that is in either iCloud or in your Apple address book. You will get individual vCards for each person, which could be useful in case of a disaster. There is also a list of all the phone calls made on your iPhone (if you have one), and again, parsing that into a spreadsheet will be some effort. That can be found in the “Other data/Apple Features using iCloud/Call history bucket. Think of this exercise as a treasure hunt. Like some of the other vendors’ data dumps, there is a CSV collection of advertisers, under marketing communications, along with the date and time they were delivered to your endpoint device. There are copies of anything you have purchased at an Apple store, which is also useful, if you can find them buried deep within in the Apple Online and Retail Store folder.

Action items

So what should you do? First, delete the Facebook Messenger phone app right away, unless you really can’t live without it. You contacts are still preserved by Facebook, but at least going forward you won’t have them snooping over your shoulder. You can still send messages in the Web app, which should be sufficient for your communications.

Second, start your pruning sessions. As I hinted in the Twitter entry above, you should examine the privacy-related settings along with the connected apps that you have selected on each of the four networks. The privacy settings are confusing and opaque to begin with, so take some time to study what you have selected. The connected apps is where Facebook got into trouble (see Cambridge Analytica) earlier this month, so make sure you delete the apps that you no longer use. I usually do this annually, since I test a lot of apps and then forget about them, so it is nice to keep their number as small as possible. In my case, I turned off the Facebook platform entirely, so I lost all of these apps. But I figured that was better than their hollow promises and apologies. Your feelings may be similar.

Third, protect your collected data. Don’t leave this data that you get from the social networks on any computer that is either mobile or online (which means just about every computer nowadays). I would recommend copying it to a CD (or in Google’s case, several DVDs) and then deleting it from your hard drive. Call me paranoid, or careful. There is a lot of information that could be used to compromise your identity if this gets into the wrong hands.

Finally, think carefully about what information you give up when you sign up for a new social network. There is no point in leaving Facebook (or anyone else) if you are going to start anew and have the same problems with someone else down the road. In my case, I never gave any network my proper birthday – that seems now like a good move, although probably anyone could figure it out with a few careful searches.

A new way to speed up your Internet connection

Posted on by
2

How often do you comment on how slow the Internet is? Now you have a chance to do something to speed it up. Before I tell you, I have to backtrack a bit.

Most of us don’t give a second thought about the Domain Name System (DNS) or how it works to translate “google.com” into its numerical IP address. But that work behind the scenes can make a difference between you having and hot having access to your favorite websites. I explain how the DNS works in this article I wrote ten years ago for PC World.

Back when I wrote that article, there was a growing need for providing better DNS services that were more secure and more private than the default one that comes with your broadband provider. But one of the great things about the Internet is that you usually have lots of choices for something that you are trying to do. Don’t like your hosting provider? Nowadays there are hundreds. Want to find a better server for some particular task? Now everything is in the cloud, and you have your choice of clouds. And so forth.

And now there are various ways to get DNS to your little patch of cyberspace, with the introduction of a free service from Cloudflare. If you haven’t heard of them before, Cloudflare has built an impressive collection of Internet infrastructure around the world, to deliver webpages and other content as quickly as possible, no matter where you are and where the website you are trying to reach is located. If you think about that for a moment, you will realize how difficult a job that is. Given the global reach of the Internet, and how many people are trying to block particular pieces of it (think China, Saudi Arabia, and so forth), you begin to see the scope and achievement of what they have done.

I wanted to test the new 1.1.1.1 DNS service, but I didn’t have the time to do a thorough job.  Now Nykolas has done it for me in this post on Medium. He has somewhat of a DNS testing fetish, which is good because he has collected a lot of great information that can help you make a decision to switch to another DNS provider.

There are these five “legacy” DNS providers that have been operating for years:

  • Google 8.8.8.8: Private and unfiltered. Most popular option and until now the easiest DNS to remember. Their IP address was spray-painted on Turkish buildings (as shown above) during one attempt by their government to block Internet access.
  • OpenDNS 208.67.222.222: Bought by Cisco, they supposedly block malicious domains and offer the option to block adult content.
  • Norton DNS 199.85.126.20: They supposedly block malicious domains and integrate with their Antivirus.
  • Yandex DNS 77.88.8.7: A Russian service that supposedly blocks malicious domains.
  • Comodo DNS 8.26.56.26: They supposedly block malicious domains.

I have used Google, OpenDNS and Comodo over the years in various places and on various pieces of equipment. As an early tester of OpenDNS, I had some problems that I document here on my blog back in 2012.

Then there are the new kids on the block:

  • CleanBrowsing 228.168.168: Private and security aware. Supposedly blocks access to adult content.
  • CloudFlare 1.1.1.1: Private and unfiltered, and just recently announced.
  • Quad9 9.9.9.9: Private and security aware. Supposedly blocks access to malicious domains, based in NYC and part of the NYCSecure project.

How do they all stack up? Nykolas put together this handy feature chart, and you can read his post with the details:

As I mentioned earlier, he did a very thorough job testing the DNS providers from around the globe, using VPNs to connect to their service from 17 different locations. He found that all of the providers performed well across North America and Europe, but elsewhere in the world there were differences. Overall though, CloudFlare was the fastest DNS for 72% of all the locations. It had an amazing low average of 5 ms across the globe. When you think about that figure, it is pretty darn fast. I have seen network latency from one end of my cable network to the other many times that.

So why in my commentary above do I say “supposedly”? Well, because they don’t really block malware. In another Medium post, he compared the various DNS providers’ security filters and found that many of the malware-infested sites he tested weren’t blocked by any of the providers. Granted, he couldn’t test every piece of malware but did test dozens of samples, some new and some old. But he found that the Google “safe browsing” feature did a better job at block malicious content at the individual browser than any of these DNS providers did at the network level.

Given these results, I will probably use the Cloudflare 1.1.1.1 DNS going forward. After all, it is an easy IP address to remember (they worked with one of the regional Internet authorities who have owned that address since the dawn of time), it works well, and plus I like the motivation behind it, as they stated on their blog: “We don’t want to know what you do on the Internet—it’s none of our business—and we’ve taken the technical steps to ensure we can’t.”

One final caveat: speeding up DNS isn’t the only thing you can do to surf the web more quickly. There are many other roadblocks or speed bumps that can delay packets getting to your computer or phone. But it is a very easy way to gain performance, particularly if you rely on a solid infrastructure such as what Cloudflare is providing.

Using your cellphone when overseas (2018 edition)

Posted on by
8

I just returned from a trip to Israel, and as the old joke goes, my arms are so tired. Actually, my fingers, because I have been spending the better part of two days on the phone with support techs from both AT&T and Apple to try to get my phone back to the state where it works on the AT&T network.

My SOP for travel is to use a foreign SIM card in my phone. This has several benefits. First, you don’t pay roaming charges for local in-country calls, although if you are calling back to the States, you might have to pay international long distance charges, depending on your plan. Second, if people in-country are trying to reach you, they don’t pay for any international calls either, since they are calling a local number. (Some of the networks overseas have the more enlightened method of calling party pays, but we won’t go there for now.) You also don’t use any minutes or data GB on your American cell account, which is nice if those are limited.

For the past several years, I had been using two different travel SIMs. First is one from FreedomPop, which was a very inexpensive card with monthly fees around $15 for a decent plan. I had some billing issues initially but these were resolved. It doesn’t work in Israel, so I ended up buying another SIM at the airport kiosk in Tel Aviv. My last trip in October had some major hiccups with that card, and so I decided to try a new supplier, Call Israel. They offered a plan for $50 that seemed reasonable. AT&T charges $60 a month with lower data usage for Israel. If you go elsewhere the fees could be less.

Call Israel mailed me a SIM a week before my trip, and right away I saw an issue: I was just renting my SIM card. At the end of my trip, I had to mail it back. Strike 1.

But strike 2 was a big one. I made the mistake of taking my Israel SIM out of my phone when I changed planes in Europe on the return trip, and put in my AT&T SIM card. That confused my phone and got me in trouble. When I landed in the States I spent an hour on the phone with a very nice AT&T person who verified that my phone was working properly on their network. Except it wasn’t: I could get voice service, but not broadband data service. Some parameter that the Call Israel SIM had needed was still set and messing up my phone, and there was no way that I could access that information to remove it.

I ended up speaking to Apple next, because I figured out that they could get rid of whatever it was that was blocking my data service. I had to find an older iTunes backup that I had made before I went abroad (lucky I had done so with Time Machine), and then wipe my phone clean and bring that backup to the phone. All told, several hours were wasted. I found out that there is a subtle but important difference in how iTunes and iCloud handle backups. I was fortunate to find a very nice woman from Apple who called me back as we tried various strategies, and eventually we figured out what to do. This took place over the course of a couple of days. Here is the bottom line: your phone has hundreds of parameters that determine whether it will communicate properly. Some of them aren’t accessible to you via the various on-screen controls and are hidden from your use. The only way to change them is to restore from a known working backup.

So if you are planning on being out of the country, think carefully about your options. Consider if you need a foreign SIM for a brief trip. If you can afford service from your American provider, do so. Or if you can find Wifi hotspots, you probably can do 90% of the work on your phone by setting it to airplane mode when you leave town and not turning it on until you return. Under this scenario, you would use Facetime, What’sApp and Skype for voice and texting. Does that additional 10% make the difference? If you have a terrible sense of direction and need Google Maps, for example, you will need that broadband data. Or if you are traveling with other Americans and need to meet up, you might need the cellular voice flexibility.

SIMs come in at least three different sizes, and most suppliers ship them with cardboard adapters so you can fit them in your phone’s compartment. It doesn’t hurt to check this though.

Next, don’t swap SIMs until you reach your destination. If you need to look at buying a local SIM, make sure you understand how you have to bring your phone back to its original state when you come home. Make backups of your phone to your computer, to the cloud, to as many places as possible before you leave town. If you have an iPhone, read this article on how to find the iTunes backups on your system.

Next, when you are looking for a mail-order SIM, make sure you are actually buying it and not just renting it. Check to see that it will work in all the countries on your itinerary. Or wait until you get to your destination, and buy a local SIM from a phone store or airport kiosk.

Finally, examine the calling plan for what it will entail and match it with your expected usage on texting, data, and voice volume. Examine whether your calls back to the States are included in the plan’s minutes or not. If you don’t use a lot of data, you probably can get by with a cheaper voice-only plan and finding WiFi connections.  Happy trails, and hope they don’t turn into travails.

The intersection of art and technology with Thomas Struth

Posted on by
1

As I grow older, I tend to forget about events in my youth that shaped the person that I am now. I was reminded of this last week after seeing a Thomas Struth photography exhibit at the St. Louis Art Museum. Struth’s pictures are enlarged to mural size and depict the complex industrial environments of the modern age: repairing the Space Shuttle, a blowout preventer at an oil rig (shown here), the insides of physics and chemistry labs, the Disney Soarin’ hang glider simulation ride, and chip fabrication plants. Many of these are places that I have had the opportunity to visit over the years as a technology reporter.

The pictures reminded me of a part-time job that I had as an undergraduate student. My college had obtained a set of geometrical string models that were first constructed back in the 1830s and demonstrated conic sections, such as the intersection of a plane and a cone. Back then, we didn’t have Mathematica or color textbooks to show engineering students how to draw these things. These models were constructed out of strings threaded through moveable brass pieces that were attached to wooden bases, using lead weights to keep the strings taut.

The models were first built by a French mathematician Theodore Olivier, and were used in undergraduate descriptive geometry courses up until 1900. I was one of the students who helped restore them. While the models look very nice now, back when I was a student they were in pretty bad shape: the wooden bases were cracked, the brass pieces were tarnished, and the strings were either tangled or missing. It took some effort to figure out what shapes they were trying to display and how to string them properly. Sometimes there were missing parts and I had the help of the college machine shop and local auto body shops to figure out what to do. The best part of this job was that it came with its own private office, which was a nice perk for me when I needed to escape dorm life for a few quiet hours. After I graduated, the college put the finished models on display for everyone to see.

The intersection of art and technology has always been a part of me, and it was fun seeing Struth’s work. it was great to get to see the details captured and the point of view expressed from these images, lit and composed to show their colors and construction. And the photos reminded me of the beauty of these advanced machines that we have built too.

Behind the scenes at a Red Cross shelter

Posted on by
1

A friend of mine, Dave Crocker, has been volunteering for Red Cross activities around the California fires and Houston floods over the past several months, and has been working as a volunteer for them for more than nine years. I thought it would be an interesting time to chat with him about his experiences and consider why the media is so often critical of the Red Cross .

Crocker was in Houston for two weeks, starting two weeks after the hurricane hit. He has been a shelter supervisor at both small and large operations, a dispatcher for daily, local disasters, and helps out in other situations, both in the field and in their offices. Given his tenure as a volunteer, he has taken numerous Red Cross training classes, including learning to drive a fork lift (although not that well, he ruefully notes).

The work is challenging on several levels. First are the 12 hour shifts, usually 7 to 7. Except they often don’t end exactly at 7:00; so your shift lasts 13 or 14 hours or more. If you are on a night shift, that can be even tougher. You get one day off per week, if you are lucky. You sleep wherever you can find a bunk, sometimes that means you don’t exactly have five-star accommodations, or even one-star. “I’ve slept on a shelter’s army cots, but in Ventura I paid for my own accommodations and got a hotel room. I don’t sleep well on cots. Some of my fellow volunteers have slept in their cars or on the ground.”

He is very proud of his volunteer efforts, although he doesn’t carry any personal hubris in what he does. “First and foremost, it’s about helping our clients,” he told me in a recent phone call and over a series of emails and Facebook posts. “Self-praise almost never shows up in anyone’s behavior. The focus is the work.”

One of the things he learned from the recent series of disasters was to expand his definition of a “client”. Originally, he thought just the people displaced by the floods or fires were his clients, but other volunteers pointed out that the Red Cross ecosystem is much greater, including someone who donates items or funds to a relief effort. “The rest of the community is also our client, because they are also affected by the disaster and are compelled to be connected to it, by coming to the shelter to donate or by asking how can they help.”

One of the challenges is that these spontaneous donations can become overwhelming. In the Ventura County fires, Crocker experienced this first-hand. “We saw an enormous amount of donations of water, snacks, face masks, diapers, clothing, toys, and more, That was all brought to our shelters, and our warehouses quickly got filled. Processing all that requires a lot of staff. Historically, these donations have been turned away by the Red Cross, with a request to just send money. This has regularly produced word-of-mouth criticism of the Red Cross. This year, Red Cross policy changed and the rule is to say yes and then figure out how to make it work.”  Crocker said that many tens of thousands of bottles of water were donated, as were donations that had been ordered online, with enough showing up to fill a shipping container.

Running a large disaster response is sometimes compared to the logistics of running a military deployment. “Even the smallest shelter has an enormous amount of detail to it,” Crocker told me. “There is the whole setting-up of beds and linens, and then taking it all down, the ongoing cleaning of various items as clients leave and new ones register; then there is feeding three meals a day plus snacks. It is a massive logistics game and the situation is highly dynamic. Communication is challenging because you have to deal with a lot of noisy information. And equipment and geography can be difficult.”

Fires are unpredictable, especially when the wind changes, and that puts a wrench in your plans, for who is affected and where to locate the shelters. The Ventura Fairgrounds shelter he worked at had roughly 250 clients, with a peak of about 500, before he arrived. The range of quality in facilities that are available is also highly variable. At Ventura, the shelter was in a building that is typically used for livestock shows. “We were in better shape in the wine country fires because we had use of a church with excellent kitchen and shower facilities and had been explicitly designed for be used as a shelter.” That church-based facility has hosted a disaster shelter 11 times in the last few years. In Houston, there were roughly 4,000 volunteers in the relief effort, divided amongst 25 different shelters.

The timing of the Ventura fires produced an unusual benefit for the shelter’s clients. Because the fires were around the holidays, a lot of corporate parties were canceled and as a result restaurants had surplus food that they repurposed as donations to feed the volunteers working the shelters.

One of the frustrations Crocker cites for himself and his colleagues is the negative press surrounding the response of the Red Cross volunteers to these disasters. “Sometimes the reporting focuses only on the negative, citing only one or another disgruntled person.” While certainly there are issues, for the most part he sees the relief efforts as run as well as they can be, given the complex and dynamic circumstances that any large effort like this will have. “Certainly, there are people who try to scam the system, something that I’ve seen in my limited volunteer efforts. But Red Cross policy is to err in the direction of helping rather than rejecting people who ask for assistance.”

“The work itself, and the privilege to do it, is what I enjoy, and being around people with a similar attitude, and getting the work done.” Crocker mentioned in one Facebook post that “everyone has had a collaborative tone” including Red Cross volunteers, employees and even clients, which could be because many clients have been displaced by multiple fires in past years. Note that more than 90% of Red Cross staffing is done by volunteers.

I highly recommend taking a moment, and getting involved in your local Red Cross chapter. Give blood, give money, give your time. You are working with a great group of people and for something very worthwhile.