I have to admit that I get irrationally angry when a major internet service provider like Cox does not allow true and complete management of one’s internet service online.
It’s easy to add a Cox service in my account, like I did when our son’s internet use threatened to push us over our 1 terabyte “cap” on our internet use (1 terabyte = 1,024 GBs). So I chose Cox’s “add-on” of 500GBs additional data. Doing so ensured I wouldn’t have to pay their $10 per 50GBs overage cost.
We were on a run-rate to be closer to 1,400 GBs and it was much cheaper to pay the add-on cost of $29.99 for 500 GBs, instead of the $75 it would have cost as an overage for the possible 376 GBs additional data we would likely have used.
But now that our son has moved to Santa Monica for a job, our data use has plummeted and is well under that 1 terabyte ceiling.
So this morning I went online to Cox and discovered — just like Comcast did in the State of Minnesota we left last June — the only way to cancel or remove an add-on or service is … you guessed it … to call a human in their respective billing departments.
Yes, I know this is so they have an opportunity to convince us to keep the service or add-on. To have a chance to upsell us on new services. BUT I AM SICK OF THE GAME and just want to do what I do with my Schwab brokerage accounts, Wells Fargo banking accounts, and the myriad of other services I use that “get it” when it comes to allowing FULL MANAGEMENT OF ONE’S ACCOUNT ONLINE.
So Cox, Comcast and others … quit the bullshit games and pretend like you understand the internet, the web, and how it works. All you do is piss off people like me who see right through your veiled attempts.
Around 1971 our neighbor across the street, Tom Thiers, pulled up in his bright blue Chevrolet Camaro. As a 16 year old kid close to getting my own car, I rushed across the street to talk to him and check-out the new car (new to him as it was a used 1st generation Camaro).
Tom was not much older than me so I blurted out, “How could you afford that car?” Sitting like a cool guy in the driver’s seat, he slid down his sunglasses and said, “Because I’m now working in the field of computers.”
You see, Tom had gone to work at Control Data Corporation (CDC), the mainframe and supercomputer firm, which Wikipedia states was “…one of the nine major United States computer companies through most of the 1960s; the others were IBM, Burroughs Corporation, DEC, NCR, General Electric, Honeywell, RCA, and UNIVAC.”
As a guy who grew up knowing so many people who worked at Remington Rand’s ERA, Control Data, Cray Research, at the University of Minnesota Supercomputer Center — and was endlessly fascinated by computing — it was obvious to me that I’d end up working my entire career in technology.
At the same time I feel a great sense of sadness on what did not happen in Minnesota when it comes to the evolution of computing toward minicomputers, workstations, then personal computers, and finally all the devices we use today with computing chips in them like smartphones, tablets, Internet of Things devices, and much more. My home state could easily have become the dominant place where the future was invented.
Here are a few short videos you might enjoy:
Do you use social login? How about for remote access to your home WiFi router when you’re not at home? Unless you have good password practices and multi-factor authentication, I recommend you do NOT enable remote access of any kind, and maybe consider never using social login ever again.
I am very pleased with our Amplifi Mesh Wi-Fi System installation but have one security-related issue: For remotely logging in to the router from my smartphone, the remote-access, social login credentials are only ones from two providers: Google and Facebook.
While implementing social login is far easier for developers than building a custom login solution — and social login is often assumed by them to be the path of least resistance since these big companies can protect user credentials better than a smaller company — that “big company is more secure” assumption has been proven false and highly risky:
- KREBS: Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years
- WIRED: The Security Risks Of Logging In With Facebook
- MEDIUM: It’s time for brands to reconsider social login
- TOM’S GUIDE: 100 Million Quora Accounts Hacked: What to Do
Use of social login also assumes that the user has excellent password practices and/or uses multi-factor authentication, which is usually not the case. So if the user doesn’t implement those best-practices when it comes to protecting their Google or Facebook logins, then Amplifi’s parent company, Ubiquiti, may feel they are off-the-hook in the event of a breach?
I would argue that a blackhat hacker obtaining a social login email and password is trivial (e.g., I can name twenty-five friends and family that have had social accounts hacked in to).
Unless the user has implemented multi-factor authentication, then those social login credentials could be used to gain access to a home WiFi router that use social logins for remote access.
I’ve added this suggestion on the Amplifi community forum to ask the company to have a Ubiquiti-driven login with multi-factor authentication, and in it asked these questions:
- What is your position on security and privacy where it comes to enabling Google and Facebook to potentially monitor outbound traffic from an IP address?
- As such, do you have a security/privacy white paper that outlines how you use the Google and Facebook social APIs, and specifically what you allow Google and Facebook to monitor? (like router IP address).
While I appreciate that our Amplifi Mesh Wi-Fi System is focused on simplicity first and granular level detail on security and privacy second, I’d like to see a public/private key, encrypted, Ubiquiti-delivered remote access login (where I hold both keys) along with multi-factor authentication … at a minimum.
After I switched from Google Chrome back to Firefox, I’ve never second-guessed my decision. Especially because I use Firefox Quantum: Developer Edition every day as well, but primarily it’s when something as cool and useful as Firefox Send debuts.
Mozilla, the non-profit behind the Firefox browser, just released Firefox Send and, even though I’d used the beta version some weeks ago, I tried the final released version just now.(Please note that the servers are slammed this morning so be patient as the Send app loads).
With Firefox Send you can share files up to 2.5 GBs in size through your web browser and they will be end-to-end encrypted to its destination.
To get started:
1. Go to https://send.firefox.com
2. In the upper right click “Sign in/up”
3. Create a Firefox account and activate it via the email sent to you
4. Go back to https://send.firefox.com and try uploading one or more files (up to 2.5 GBs, of course). You can choose to have the file(s) download expire after 1 – 100 downloads and/or by placing a time limit the download will be available of 5 minutes | 1 hour | 1 day | 7 days. Most importantly you can also protect the file(s) download with a password .
5. Once your up-to-2.5 GBs of file(s) are uploaded, you can copy the link to share with one or more people:
As I’ve been dubbed “Mr. Security” by my friends, family and clients (I pay significant attention to, and use, cybersecurity, privacy and software measures) but my pleadings with them to be secure often are ignored…until they get hacked. Then they plead with me to help them out and get their digital life on track. Usually it’s too little, too late, and the work to recover is enormous.
You should care deeply about your digital life and its security, especially since the risk of getting hacked is exploding! The World Economic Forum in its 2018 report (PDF) said blackhat hackers are gaining the upper-hand in cyber warfare…and they are coming after you…and even the experts can’t keep up:
“Offensive cyber capabilities are developing more rapidly than our ability to deal with hostile incidents.”
Here’s the good news: if you haven’t yet been hacked it’s likely you will at some point, so lets get you cyber secure NOW!
I was delighted this morning to discover this Security Checklist, “An open source checklist of resources designed to improve your online privacy and security. Check things off to keep track as you go.”
The Security Checklist is very comprehensive, easy to follow, and one you should look at and implement as quickly as possible. It gives you the “why” and specific resources to use for each category, making this pretty brain-dead-simple to follow and implement:
- Password Manager
- Create a strong device passcode
- Use two-factor authentication
- Set up a mobile carrier PIN
- Encrypt your devices
- Freeze Your Credit
- Use 22.214.171.124 for DNS resolution
- Use a VPN
- Cover your webcam
- Use a privacy-first web browser
- Use a privacy-first search engine
- Review app permissions on your devices
- Review your social media privacy settings
- Educate yourself about phishing attacks
On the day you could order the new iPad Pro 11 inch for 2018, I enthusiastically ordered mine as soon as I had a moment to do so and it arrived yesterday about 3pm. With the Smart Keyboard Folio, the 2nd generation Apple Pencil, and the iPad Pro 11″ 1TB model, my total with tax was $2,167.54.
Unbeknownst to me when I began to open the iPad’s packaging, that enthusiasm would soon turn to disappointment and then outright anger! Especially since I’d intended to set this new iPad Pro up and then restore my older 9.7″ iPad Pro with my wife’s iPad’s backup so she could take it on her trip which she left on this morning. Instead I ended up wasting TWO HOURS of driving and in-store time to chase down a cable that Apple should have included in the box.
WHAT…NO DONGLE OR CABLE?
As you may know, Apple decided to move to USB-C for these new iPad Pros, a move I see as a good one. In fact, I had already made somewhat of a switch to USB-C with my MacBook 12″ and its USB-C connections. As such, I already owned several USB-C cables and dongles.
What I did NOT expect was the included USB-C and charger was like the MacBooks: USB-C on both ends! No USB-A to USB-C dongle (or cable) was included. Setting up this new iPad Pro was therefore impossible for me since the 27″ iMac Retina I bought in 2015 for $4,800 had Thunderbolt 2 and USB-A connections. Without USB-A to USB-C in some fashion, I had no way to perform the required connect-to-iTunes step to begin the set up on this new iPad Pro!
I thought, “Wait a second…Apple couldn’t be this stupid…or could they?” so I got on ‘the Google’ and confirmed that yes, Apple had been that shortsighted and I had to go and buy a USB-A to USB-C charge/sync cable. Shit.
For years I’ve been a staunch supporter and trusted Google, loved their services like Google Suite, Gmail, Google Voice, and others, all while admiring their machine learning and artificial intelligence research. One thing I specifically trusted was Google’s Don’t Be Evil motto which was baked in to their Code of Conduct for the company.
Then, back in May, I became troubled when they removed Don’t Be Evil and replaced it with Do The Right Thing. At the time I joked with a friend of mine asking him, “Is ‘do the right thing’ for us, or for Google?”
It appears the motto change was focused on Google.
The biggest shift away from that “Don’t Be Evil” motto that Google has ever done just happened. Though this thread started on Hacker News a few weeks ago, a cryptographer and professor at Johns Hopkins University whose blog I follow, Matthew Green, wrote a post entitled, Why I’m Done with Chrome. In it he said:
A few weeks ago Google shipped an update to Chrome that fundamentally changes the sign-in experience. From now on, every time you log into a Google property (for example, Gmail), Chrome will automatically sign the browser into your Google account for you. It’ll do this without asking, or even explicitly notifying you.
Green also sees this move as having serious implications for privacy and trust. Do you think!?! My trust-level in Google has plummeted. So much so that I have now shifted 100% back to Mozilla’s Firefox browser and away from Chrome. I will no longer use Chrome until they change the way they infiltrate my privacy.
SO WHAT EXACTLY DID GOOGLE DO?
Google’s recent update to Chrome (browser version 69) has done something unprecedented in their history:
a) Once you login to Chrome as a user, Google can (and does) track EVERYTHING you do in the browser. Every site you view, every login. The change? If you login to any Google service in the Chrome browser, Google will log you in to that browser to give them access to everything you’re doing within Chrome.
c) Google is increasingly using “dark pattern” user interfaces in their services to hide or obfuscate what something does when you check, uncheck or choose an option. In ExtremeTech’s article Chrome 69 Is a Full-Fledged Assault on User Privacy, they describe how Google’s dark pattern user interfaces obscure their intent to get you to enable them to do the right thing for Google:
These changes are all part of what’s known as a dark pattern. If a pattern is defined as a regularity in the world (designed or naturally occurring) that repeats in a predictable manner, a dark pattern is an attempt to trick users by designing interface options that look like the options users expect to see.
I, for one, don’t want to research, study or figure out how a company I trust might be trying to trick me in to do something that is in THEIR best interest…and not mine. I’d rather pay for offerings and am growing tired of “being the product“.
- GOOGLE NEWS COVERAGE: FIND IT HERE (yes, I’m aware of the irony)
- THE VERGE: Google criticized for Chrome change that logs users in without telling them The latest version of the browser, Chrome 69, is pushing users into sharing more data, say critics
- WIRED: A Seemingly Small Change to Chrome Stirs Big Controversy
- THREAT-POST: Google’s Forced Sign-in to Chrome Raises Privacy Red Flags
- INQUIRER: Chrome 69 secretly logs you in to Chrome Sync when you visit a Google site
- SECURITY RESEARCHER S. BÁLINT: Chrome is a Google Service that happens to include a Browser Engine
The promise of the World Wide Web and the Internet was the democratization of information and the ability for the people to participate. In many ways it has devolved in to a tool for mass surveillance, hacking and monetization that is unrecognizable from what the Web’s founder, Sir Tim Berners-Lee, envisioned…and he’s not happy about it.
Vanity Fair has a great piece that is definitely worth a read:
“I WAS DEVASTATED”: TIM BERNERS-LEE, THE MAN WHO CREATED THE WORLD WIDE WEB, HAS SOME REGRETS. Berners-Lee has seen his creation debased by everything from fake news to mass surveillance. But he’s got a plan to fix it.
I’ve always wanted to meet him and still hope to do so one day. I’d let him know all the ways his creation has changed my life and the positives FAR OUTWEIGH the negatives.
Because this is a fun-fact-to-know-and-tell, below is the original NeXT machine Berners-Lee created the World Wide Web on in 1991 and used as the world’s first “web server”:
This NeXT workstation (a NeXTcube) was used by Tim Berners-Lee as the first Web server on the World Wide Web. It is shown here as displayed in 2005 at Microcosm, the public science museum at CERN (where Berners-Lee was working in 1991 when he invented the Web).
The document resting on the keyboard is a copy of “Information Management: A Proposal,” which was Berners-Lee’s original proposal for the World Wide Web. The partly peeled off label on the cube itself has the following text: “This machine is a server. DO NOT POWER IT DOWN!!”
Just below the keyboard (not shown) is a label which reads: “At the end of the 80s, Tim Berners-Lee invented the World Wide Web using this Next computer as the first Web server.” The book is “Enquire Within upon Everything“, which TBL describes on page one of his book Weaving the Web as “a musty old book of Victorian advice I noticed as a child in my parents’ house outside London“.
This image is a new upload by Coolcaesar of the original JPEG file on en:September 22, en:2008 directly to Commons in response to continued vandalism of the original. It has been re-published on Connecting the Dots under a CC BY-SA 3.0 license.
It is likely that I discovered a bug in Apple’s Apple Store app for iOS that could make one of your Apple Store cards in your Apple Wallet vanish.
Two days ago I had three Apple Store cards in my Apple Wallet with varying amounts on them which were pretty close to the total amount of a new HomePod with tax — only $6.21 wasn’t covered by the Apple Store cards in my wallet so would, of course, be paid for using my archived credit card on file with Apple — so I decided to try to order the HomePod using the Apple Store app on my iPhone and go and pick up the unit at a nearby Apple Store in Southdale Mall (Edina, MN).
To my surprise the charge to my archived-at-Apple credit card for $6.21 kept failing! The credit card is used all the time so I tried the transaction three more times. It kept failing so I called my credit card provider Chase who told me that the card was just fine.
I then reached out to Apple Support and they basically had no idea what had happened. They did offer to order it for me or suggested I go in to an Apple Store. Of course, that completely misses the point that there is some sort of bug that disallowed me from using my credit card do I decided to give up and deal with it this coming weekend.
Whenever I come across an app or method that can radically streamline my workflow, I not only embrace it but have to share it with friends, family and write about it as it might help you too.
To say I was excited to find Wavebox is an understatement. Wait until you see what it can do for you and, most importantly to me, it’s open source so there are no shenanigans going on with backdoors and such.
First some background. My workday consists of wearing several “hats” and I need to have multiple web applications instantly available all day, every day:
- My own, personal stuff with my Gmail account as the ‘hub’ with calendar, Google Voice, and a ToDo list in Google Keep
- My secure Protonmail email account
- A postmaster email account for my server
- Two Google Suite email accounts for one of our businesses and a third Google Suite email account for yet another of our businesses
- My SteveBorsch.com Google Suite account and website
- My primary Slack account
- …and several other web applications I need to have available to me at the click of a mouse.
Using multiple Google Suite accounts within a single browser meant that ALL of them were active all the time AND, for anyone who uses multiple accounts in a single browser, you know how unworkable that is on a daily basis.
Each email account and calendar had to be open and ready. If you use Google Chrome to manage multiple Google accounts within the same Chrome instance, you know how problematic it can be to know which Google Account’s calendar you’re in at the moment!
After discovering apps that would let me generate site-specific browsers (SSBs) — which are essentially “clones” of Google Chrome and Safari but completely self-contained — I ended up with about 20 SSBs and each had multiple tabs open. (e.g., Fluid App; Coherence 5; Unite).
Fortunately my iMac has 32GBs of memory, but I was always maxing-out on memory since each tab in each browser has a “worker” process running in the background, consuming LOTS of memory on a machine. It was getting pretty crazy so I began the hunt for a solution that would be better.