5.30.2016

Why It’s Impossible to Own an Apple Product

iTold you so

Apple Co-Founder Steve Jobs Holds a MacBook Air

Apple, the world’s most valuable company, has two major product categories: the iPhone* and the Mac. However their Macintosh line, which was once geared towards professionals, has become a status symbol no different than their line of cellphones. Think: what brand of computer fills coffee shops the world over?

*(You could divide it up into “iOS devices” and “OS X devices” but with consistently shrinking iPad sales, it’s simpler to think of Apple’s mobile category as just smartphones. Not to mention, the iPhone accounts for over three-fifths of Apple’s revenue).

In recent years, the advent of the smartphone has changed consumer culture in a serious way; people no longer think of a computer (including iPhones and everything “smart”) as an appliance that one buys to fulfill a need, a costly once-on-a-blue-moon purchase one clings to until it ceases to function. As a computer salesman, I see it everyday; people are downright embarrassed of their dated technology. Thrift nowadays is not associated with savvy but rather with poverty and/or a personal failure to keep up with the times.

"People are downright embarrassed of their dated technology."

The frequency with which the average person upgrades their smartphone and laptop is now cyclical, a bi-annual tax on computer ownership. It’s for this reason that people no longer own their trendy cellphones and computer, and Apple has spearheaded this consumer trend.

The MacBook Air, released in 2008 and perfected in 2010 with the inclusion of an SSD, became its best-selling notebook. In fact, it was so well-received that Intel devised a pseudo-standard just to compete with the Air. Dubbed “Ultrabooks” and also known as “thin and lights”, these laptops borrowed heavily not just from Apple’s killer design aesthetic but their policy of sealing in components and soldering the memory and hard drive to the motherboard, making upgrades and repair out of the question for most owners. In the case of Ultrabooks, users will ship the computer to the manufacturer if the limited warranty is active and applicable. Otherwise, they must buy an entirely new machine or pay hundreds of dollars to a technician. 

Clearly, computer technicians have an important role to play when diagnosing and remedying serious issues like a haywire LCD or defective motherboard, but bad RAM or a failing HDD were once user replaceable. In the case of modern Apple computers, Apple offers its expensive AppleCare program for both iPhone and Macs. The end user isn’t expected to repair their own product, they must pay upfront for computer insurance or risk having to pay even more money in the event of system failure.

"The end user isn’t expected to repair their own product."

The line between smartphone and personal computer has been blurred so thoroughly that they are nearly the same product, albeit in a different form factor. Apple co-founder Steve Jobs famously dubbed the Apple iMac, an all-in-one desktop, “the digital hub.” By this he meant that our various peripherals would be managed, backed up and synced to the PC. In essence, he was promising that the personal computer would be anything but a throwaway device.

In the final keynote presentation of his life, Jobs declared an end to his company’s digital hub strategy. The cloud would now play this role. It doesn’t matter that Macs cost over $1,000 or that an iPhone will set you back roughly $700, Jobs’ brainchild will rent you your stylish toy and the servers that host your personal data. No wonder Apple is the planet’s richest corporation, long after Apple’s mastermind and the promise he made are both dead.

Google Continues Working Towards the Elimination of Passwords

Real-time user tracking utilized for the greater good?
Google Introduces Project Abacus at I/O 2015

Google imagines a world where we don’t have to make, remember and change long, complex passwords. Rather than passwords and two-factor authentication, Project Abacus will instead monitor how you use your phone as a means of authentication. This might include keystroke speed, speech patterns, location, walk rhythm, facial features and just about anything else the phone can sense. These different metrics will be used to create a “Trust Score” used to prove your identity.

The tech giant’s head of Advanced Technology and Projects Daniel Kaufman, said that Google has created a Trust API to be released in June for beta customers. If the beta is successful, Project Abacus will be available for all Android users by 2017.

"Project Abacus will be available for all Android users by 2017."

Senior Executive Regina Dugan said the Trust API will be used for opening apps and locking or unlocking your phone. She then claimed the system is ten times more secure than fingerprint sensors (some of which can be fooled by an inkjet printer) and one hundred times safer than 4-digit pin codes (so about as secure as 6-digits ones, then?)

This is example of security through diversity. Phones these days contain microphones, gyroscopes and other features with the sole purpose of collecting data. Using multiple metrics like this has the potential to be much more secure than standard two-factor authentication (typically a password and a link in an email).

5.25.2016

Are You LinkedIn?

New details emerge regarding 2012 data breach


Back in 2012, LinkedIn suffered a massive data breach which included login details and encrypted passwords for 6 million user accounts. The most recent reports now say that the 2012 breach has resulted in the online sale of email addresses and passwords of about 117 million LinkedIn users. 

Four years after the breach, a hacker nicknamed “Peace” is offering for sale a database of 167 million email addresses and hashed passwords, including 117 million already cracked passwords. The passwords were encrypted with the SHA1 algorithm, however they were not salted. (A salt is an extra piece of data which makes it more difficult to crack easy passwords like “123456”.) Because the passwords were not salted, it took only 72 hours to crack 90% of the passwords.

"117 million already cracked passwords"

Troy Hunt, the independent researcher who runs the “Have I Been Pwned?” website, has reached out to victims to confirm that the leaked info is real. A LinkedIn spokesperson has said that the company is investigating.

Along with the massive data breach earlier this month, which covered credentials from Gmail, Yahoo and more, an insane number of account credentials have hit the net. It may be impossible to tell how accurate or recent the account details are, but I feel it safer to assume we’ve all been hit. Be sure to change your passwords often, and try not to recycle passwords between services.

5.24.2016

Google Plans to Remove Flash from Chrome

And they've already started


Just last week, Google took a huge step in eliminating Adobe Flash from the web. Soon HTML5, rather than Flash, will be the default web player when HTML5 is available. Flash will remain part of Chrome for now, but by the end of the year will not be a listed plugin or supported media type.

Google says that when a user browses a site that needs the Flash Player, they will be prompted to allow it on the site. If the user accepts, Chrome will refresh the page, unhide Flash Player and remember their choice for the site. If a site doesn’t notice Chrome’s hidden Flash Player and the user goes to Adobe’s download page, Chrome will instead offer to use its Flash Player.

Google will temporarily exclude the ten websites with the highest Flash usage, including YouTube and Facebook. Take the open-source Chromium web browser, which unlike Chrome does not have Flash pre-installed, for example. Some YouTube videos will not play without Flash (some monetized content requires the legacy player to properly display ads). Even more surprising was that no videos on Facebook will play without Flash, despite their move towards HTML5 last December. Google’s list of sites on which to allow Flash Player could change by the end of the year. (And likely will with enough user complaints.)

"No videos will play on Facebook without Flash."

Some may wonder why this is a big deal. The answer is that Flash is one of today’s most insecure web technologies. Two weeks ago, Adobe patched a zero-day vulnerability and at least twenty-five other bugs. 

Again, this is a big step to securing the web. I hope that eventually, enough web content providers will have moved to HTML5 in order to remove Flash from web browsers entirely. After all, a scary prompt isn’t enough to keep most users from their funny cat videos.

5.15.2016

Overwatch First Impressions


Overwatch is a ”Team-Based Shooter” from Blizzard Entertainment, and I was able to play it last weekend. The open beta ran from May 5th to May 10th, with the release scheduled for May 24th. The game is a 6 vs 6 team-based shooter containing 21 heroes, 12 maps and 3 game modes (as of this writing). The full game was playable during the beta, and you can read my thoughts below.

Before the Game

Overwatch requires the battle.net client to download and play it. The full game was a small 6.2 GB and took about an hour to download on my home connection. It also includes a feature where you can play the game before some assets finish downloading. The extra assets were a small part of the full download, and I did not have the chance to try it.

After opening the game and navigating to the settings, I found that the graphic defaults were set to low. This is good for users who just want to jump in. Overwatch includes low, medium, high, ultra and epic graphics presets. I ran the epic preset between 40 and 55 frames per second with an NVIDIA GeForce GTX 750 Ti. The game’s Pixar-inspired look is beautiful, and distinguishes it from other recent shooter games.

Gameplay

Once I started the game, Overwatch greeted me by suggesting I go through their tutorial. For the tutorial level, I played as Soldier: 76.

 

Weapon ammo is unlimited, but most weapons need to reload. Each hero only has one primary weapon, and unlimited ammo means you won't have to scavenge dead bodies. Soldier: 76’s weapon is an assault rifle which can also fire a volley of rockets with the right-click. I thought it was interesting that a weapon's primary and alternate fire share an ammo clip. His abilities include a sprint and an area of effect heal, making him a versatile hero overall.

Each hero in Overwatch also has an ultimate ability which must charge before use. A hero’s ultimate ability will charge on its own, but kills and assists are much faster. Soldier 76’s ultimate ability is tactical visor. The ability locks on to the nearest foe, basically guaranteeing bullets will hit. This is helpful, as the lack of a scope can be difficult to get used to. The locked hip-firing gave me a lot of trouble hitting my targets.

After finishing the tutorial, I was able to try out each of the heroes on a firing range. The range included robots which I could practice against while I learned what each class did. The last step was a practice match against bots which was completely one-sided.

Game Modes

Right now there are only three modes and one hybrid mode.
  1. Escort has one team try to move a payload across the map, while the other must stop them from doing so until time runs out. 
  2. In Assault, the attacking team must capture points while the other team defends them. 
  3. Control is a king of the hill style battle where each team tries to capture the control point for as long as possible. Battles in control mode were three rounds long with each round taking place in a different part of the map.
The only Hybrid Mode blends assault and escort, with a capture point followed by a payload.
Each of the 12 maps were designed with a specific mode in mind, and it shows. Each map I saw has plenty of positions for firefights of any range, and the detail in the environments is great. Below is a screenshot of Dorado from Overwatch’s official website.


Heroes

The 21 heroes are divided into four main roles; offense, defense, support and tank. Offense heroes focus on high mobility and damage, and are great for taking objectives. Heroes in the defense role are good at guarding areas and defending objectives. Supporting heroes heal, shield and buff allies, and debuff enemies. Tanks have a lot of health and are good for protecting allies and disrupting the enemy team.


Even within the four roles, each hero has a unique way of doing their job. Reaper uses his teleportation to get behind enemies, while Tracer’s mobility confuses her opponents. Torbjorn builds a turret, but Bastion is a turret. Each hero is unique in their strengths and weaknesses, and requires strategy to beat.

Overwatch will allow a team to have any mix of heroes, and does not limit the number of a single hero. During hero select, tips such as “too many snipers” will show on screen, but can be ignored. For readability, I won’t talk about each hero, but you can find more information about each of them here.

Miscellaneous

During hero select, I found that my keyboard would use a ripple effect when I selected a hero. I own a Razer BlackWidow Chroma, and my keyboard lighting changed while playing. Playing as D.Va changed my keyboard to pink (Purple? Magenta?), while playing as Tracer made it orange. Ability and movement keys are colored differently, and ability keys change when cooldowns end. The most interesting lighting I found was Lucio’s, which had a wave effect with the color of his active buff.

Overwatch also contains a very limited highlights feature. During the beta, up to five personal highlight plays were available to view for a short time. Any available highlights were lost when I closed the game. There were no options to export the replays, and doing so required a third-party program. Searching on the battle.net forums suggests a full highlight system is still under construction.

The game even has a loot system. You get loot boxes when leveling up, and can open the boxes from the title screen. The loot boxes don’t need a key, and contain a mix of 4 or 5 items. Customizations like skins, poses, and voice lines as well as currency can be found in the boxes. Each hero has 54 unlockables, and in-game currency can buy items for your favorite hero. There were no micro-transactions, and all unlockables are cosmetic, so no pay-to-win concerns yet.

I found no in-game story besides voice lines and dialogue exchanges between characters. You can find the story in trailers (like this one) and webcomics (found here). This isn’t necessarily a bad thing, and lets people invest as much or little in the world as they like. This approach reminds me of Riot Games’ League of Legends, and I don't mind the flexibility.

5.05.2016

Good Samaritans and Bad USB Drives

Don't trust tramps found on the street; use protection or risk infection


It’s a common scenario. You happen to find a USB in a computer lab or a parking lot, and with the intent to return it to its owner, you plug it in. You open it in your file browser of choice and start opening files, hoping to figure out who would be careless enough to leave it behind. What many such people fail to consider is the risk that an unknown USB device brings.

A recent study at the University of Illinois dropped 297 USB drives around the school’s Urbana campus. The researchers found that if malware had been installed on these drives, all those who plugged them in would have been infected. The drives contained files which phoned home when opened, and the first abandoned drive phoned home less than 6 minutes after being dropped. In the end, the researchers knew that 48% of the drives were plugged in and had their files opened.

"The first abandoned drive phoned home less than 6 minutes after being dropped."

Users who plugged in the sticks were presented a short survey, which found that 68% of the users took no precautions when accessing the drives. 16% scanned the drive with anti-virus software, 8% believed their operating system features would protect them, and 8% sacrificed a personal computer of university resource to protect their own equipment. (How considerate) 

These are scary statistics. Abandoned USB drives are an increasingly common attack vector for hackers, especially in otherwise difficult to access areas. After all, any USB drive in a government parking lot has to have something interesting on it, right?

There are a few potential solutions to this problem, but I believe it starts with user education. Although returning a USB drive may be the right thing to do, it is rarely the best thing to do.

Anything from malware to illegal material can be on an abandoned drive, and they may suffer the consequences of causing a data breach or possessing illicit material. These days every organization needs to have clear policies outlined for the use of USB devices. It is increasingly common for USB drives to be prohibited entirely in government and health care offices.

If a policy is not in place, I hope that users don’t go opening files at random hoping to find full contact details and promises of a reward. Instead, they should place a suspect thumb drive in a lost-and-found or even better, bring it to their IT department. Their IT department should have ways of dealing with an unknown USB device, such as write-blockers (like these USB condoms) or sandbox programs. Or maybe they’ll “get right on it” and send it to the recycle bin.

For anyone who would like to read the full paper, it can be found here.