An oldie but a goodie: I no longer have the phone but I found this screenshot:
So where’s the “Cancel” Button?
An oldie but a goodie: I no longer have the phone but I found this screenshot:
So where’s the “Cancel” Button?
I have written before about Microsoft pushing the Windows 10 upgrade on users of Windows 7 and 8.1. I also showed how to uninstall and hide the “Security Updates” that try to shoehorn Microsoft’s latest offering on not-always-willing users.
I have nothing personal against Windows 10, I just don’t want it. However, this unwanted upgrade has brought me much additional income as a computer-fixer-person from folks who upgraded (or, more accurately, were upgraded) and then found that peripherals such as printers no longer worked. I do, however, question the need to upgrade an operating system that is still supported and works well. I also find the determination of Microsoft to upgrade users almost against their will quite disturbing.
The Bad News: Microsoft won’t take no for an answer. On at least three occasions I have “hidden” the update that pushes Windows 10 onto the machine, and each time Microsoft “accidentally” un-hides it and includes and selects itself on the next patch Tuesday. These folks won’t take no for an answer.
The Good News: To keep the Corporate and business customers happy, Microsoft has implemented a workaround that disables the upgrade. However, they do not make it easy for the uninformed user to implement this, as it involves changes to the Windows Registry. If you don’t know what that is, you *definitely* don’t want to monkey with it.
The Great News: Steve Gibson has written a tiny little program called “Never10” that makes the task trivial. Get it here.
I have had a love-hate relationship with you for well over a decade.#In that time I have gone through several varieties of flip phones and two smart phones — and am about to move to my third. I have found your service to be first-rate — I can drive from my house to Florida, a journey of nearly a thousand miles — without losing voice or data connectivity. Bravo.
When I started with you many years ago, I found you to be both reasonable and proactive. Your Customer Service was matchless; when you made a billing error on your favor, you refunded me twice the difference. I have not seen that before or since. Bravo.
However, my recent experiences with you have left me wondering if you are suffering from some form of corporate form of megalomania.
My first Smartphone was a Motorola Droid X2. I had opted for an Android-powered phone as I knew that Android was an “open” system. Unlike most others, which are shrouded in secrecy, the Android Operating System is “open-source” which means that the source code for the operating system was freely available for download, which means that members of the public can access the source code and “roll their own” operating systems — and before long, communities of folks appeared on the internet who love to do just that. As a tinkerer, this appealed to me. As a consumer, I saw that this made it possible to extend the life of a phone beyond the date at which the manufacturer will support it.
This was particularly important in the case of the Droid X2: while on paper, this was an excellent piece of kit (it was one of the earliest phones to have a dual-core processor), it suffered from reliability/heat problems. One of its favorite party pieces was to freeze/lock-up/reboot while on the road while I was using it for navigation.#Being the adventurous type, I looked around for the solution to this problem, and I found it in the form of “rooting”. I have already written on this subject of rooting, so I will not bore you with the details. Any road up, with a little research, a lot of reading and a bit of work, I was able to “root” the phone and disable or remove unnecessary software. This made the phone run faster, more reliably and with less overheating and fewer freezes.
But time marches on, and so does Android; The phone went through several updates, from Android version 2.2 (“Froyo”) to 2.3.5 (“Gingerbred). Like all Android updated, these changes originated from Google, but went through you before they got to your phone. And you could not resist the temptation to add little “gifts” in the form of “security enhancements” — and it seems that the removal of root access was always at the top of your list. As a result, every time an Over-The-Air update (“OTA”) became available, I had to avoid, delay or turn off the update mechanism until some bright spark could figure out if this update broke root, and how to get the useful Android updates that I wanted without losing the control of the phone that I had worked so hard to obtain.
Time went by, and I outgrew the DX2; it was no longer man enough for some of the tasks that it was being called upon to perform. So I upgraded to a Samsung Galaxy S3. This one started at Android 4.0.4 (“Ice Cream Sandwich”), and this time you saw fit to “lock” the bootloader in an attempt to prevent S3 owners like me from actually doing what they wanted with their phones. But thanks to some innovative hackery, the bootloader was speedily unlocked, and the phone was liberated from your shackles. Naturally, I rooted it right out of the box. Further updates came — Android 4.3 (“Jellybean”) and 4.4 (“Kitkat”), and at every turn you kept finding new and innovative ways to lock down my phone and make it ever more unhackable — all in the name of “security”.
Eventually I tired of fighting with your destructive updates and installed a Custom ROM. Yes, you don’t approve. I get that. Yes, that means that you won’t support it; I guess that’s the price of freedom.
The Samsung Galaxy S3 is now three years old, and one of the best-selling Android phones in history. But time marches on, and newer, faster phones have become available. I just purchased a used S4, and this will be my third smartphone. It will be placed into service in a few weeks, as soon as:
I am not your typical user. I understand that 99% of your user base neither need nor want rooted phones; I get that. For the majority of users, rooting is giving them more power than they need. And I understand that your Customer Support folks do not want to deal with a thousand hacked variants of every phone on the market. It is not unrealistic to insist that these phones be tamper-proofed while under warranty, and it is not unreasonable to deny support for tampered phones if the tampering is the cause of the problem. I get that. But this is a problem that can be solved to everyone’s satisfaction.
This is not without precedent. Until recently, you, like all cell phone carriers, locked your phones to prevent them from being connected to other carriers; nobody wanted to be the first to find their phones being connected to competing services. But Congress has recently ruled that all cell phone companies should unlock phones on demand. This has the effect of making phones more useful and extending their lives, rather then becoming expensive doorstops.
Yours is the only major cellphone company in the world that goes to such extraordinary lengths to lock down your phones. For the vast majority of your users, this is understandable, but for the 1% of technically competent users who wish to exercise control of their phones at the expense of warranty support, you should allow unlocking of bootloaders and allow those of us who wish to tinker with our phones the freedom to do so.
After all. It’s my phone.
I just got this notification from Microsoft on one of my Windows XP machines:
Naturally I installed it, only to find out that now Microsoft Security Essentials (MSE) never goes green. It goes orange – the color that it uses to alert the user of a problem. What’s worse, on every boot, it nags me about XP going out of support on April 8th – even though MSE will be supported until July 2015.
Given that Microsoft last month released an “urgent-but-pointless” update to XP to remind users that Windows XP is about to be “End-Of-Lifed”, this update is completely unnecessary. To make matters worse, they made this “update” impossible to install by itself.
The only good news is that it is fairly simple to uninstall and reinstall MSE, which does not (yet) include this update.
As the go-to- guy for my friends and family, I am sick and tired of having to deal with Microsoft’s fearmongering. While Windows 7 is reputedly more secure than XP (though most exploits are common to all versions of Windows), the fact is that most ten-year-old computers are not man enough to run Windows, and until users can afford a machine that is, my advice is simple:
Now I have to add “Don’t install KB2949787” to the list.
Microsoft, you have crossed the line with this one.You have scared users without needing to – and worse, you have pissed me off.
I view this as a mean-spirited, cynical, dishonest and borderline evil move by Microsoft to scare people into upgrading to Windows 7 or 8. Apparently I am not the only person who feels this way.
Just Say No.
Or: How to prevent your online accounts from getting hacked.
Every now and them I get an e-mail from someone know, with no message but a cryptic link. That’s right, someone’s e-mail account has been hacked, hijacked or compromised in some way. It is almost always a Yahoo address.
For those of us who just use e-mail to circulate gossip and cat pictures, this is not a big deal.However, if you do your banking online, a hacked e-mail account is a quick way to have your accounts drained.
The problem is that the standard method for resetting your password is an “e-mail loop”. It works like this: you go your bank’s website, click the “forgot your password” link, and a reset e-mail is sent to… your e-mail address… which has been compromised. Now they have the ability to change your password and lock you out of your account. Next thing you know, your hard-earned money is winging its way off to a parts unknown, never to return.
It’s not just banking. Some years ago, my brother found a bunch of bogus auctions on his eBay account, and he had to get in touch with eBay to have them stopped. A few days earlier, while on a business trip, he had used a hotel’s computer to access his eBay account. Evidently the computer had been compromised with a keylogger, which enabled bad actors (villains, that is – not William Shatner!) to get his username and password, and once in his account they could post bogus auctions on his account. If they can succeed in changing eBay’s email address for his account then they could also make off with the money.
So how to stop this? The banks’ came up with the idea of “secret questions”. We’ve all seen this at some time or other; they ask you to answer questions such as “What was your mother’s maiden name?“, etc. But when you think about it, this is just another “something you know”. In other words, it is effectively another password. And since the “secret questions” and answers are stored in the bank’s databases, they too are vulnerable to the kind of “exfiltration” (a posh word for theft of data) that seems to be happening on a monthly, if not weekly, basis,
The banks love this approach for one simple reason — it’s cheap. With security, as with so many other things, there is “Good” security, and there is “Cheap” security. Guess which one corporations prefer. Guess which one works best.
Remember when Bank of America came up with Credit Cards with your picture on it? Ever wonder why they don’t do that anymore? Because they found out that 1) Putting the pictures on the cards cost more than the losses due to to fraud, and 2) most cashiers don’t look at the picture anyway. Which made it 1) Expensive and 2) Not very effective.
The good news is that many big players on the Internet are finally adopting good security. One approach is to use a code transmitted to a cellphone by voice call or text message. The good news is that this approach requires that you have your phone. The bad news is that… this approach requires that you have your phone. If you lose or misplace it, you are stuck until you have jumped through several hoops. And if your phone is stolen and is not protected by a PIN lock, they may be able to crack a whole bunch of accounts at once – the holy grail of identity theft.
Another approach is to use a code generator; a device that generates a unique code each time it is used. This can be done using a hardware device (like the Paypal “Football ” code generator) or a software-based code generator like Google’s Authenticator, which generates a new code every thirty seconds. The cool thing about this is that if a bad guy steals your password, they still can’t get in. And even if they steal the key as well, and is invalid thirty seconds later. I am not even sure if a key can be re-used, but if you are paranoid about re-use (which I am not), you can just wait until it is just about to expire before you use it. Google uses this to secure their e-mail accounts; I used this. If Mat Honen, senior writer with Wired Magazine, had used this approach, the epic hacking of his Apple account could have been easily avoided.
The best security of all requires the use of a dedicated hardware token, such as a swipe card or a cryptographic key. My weapon of choice is a YubiKey – I’ve been using it for some years and it YubiKey guards access to my PayPal account and my password manager.
So there you have it: If you don’t want to get hacked, Get a YubiKey or some other form of hardware-based second-factor authentication. It’s that simple.
A few days ago I received an email from eBay.
Apparently someone had clicked the “forgot my password” link, which triggered an email. Since I knew that I had not clicked on that link, I was somewhat concerned. What was noteworthy, however, was the ip address from which the request originated.
Most websites’ “forgot my password” links work by sending an e-mail to your account’s “registered e-mail address”. If the hacker can break into your e-mail address and access that e-mail message, all is lost. They can change your e-mail password (locking you out of your account) change the website’s password, log into the site (in this case eBay) and hijack your account. Mat Honan found this out the hard way last year. Takeaway quote: “Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened”
Fortunately, my e-mail login is protected by two-factor authentication, so I have little to worry about on that front. eBay, however, is another matter. What if they are able to successfully guess the password? The solution was easy enough; I simply logged onto eBay, and turned on two-factor authentication there.
So, my little yellow friend, you are out of luck. Please go away and bother somebody else. Thanks!
“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” – The 4th amendment of the U.S. Constitution.
The recent revelations that the US Government has been spying on its citizens has come as no surprise to me. As a technologist, I am familiar with what is possible and what is not. And the Snowden revelations have not only proven that the tinfoil-hat mob were right all along, but the extent to which they were correct surpassed even their wildest ravings.
The intelligence community have a hard job; to keep America safe from enemies foreign and domestic. Giving them the resources to store and search through Internet communications is not unreasonable. What is unreasonable is the lack of due accountability.
What pushed me to this point, however, was the saga of Ladar Levison of LavaBit, a Texas-based company that supplied secure-e-mail to its clients. Over the years, the FBI have presented warrants to obtain data on individual clients, and LavaBit has always complied. This is right and reasonable. But earlier this year, they demanded that LavaBit hand over their SSL keys – the same technology that banks use to safeguard out transactions online. This allows them to eavesdrop on all of LavaBit’s clients, whether under active investigation or not. After being compelled by a secret court to turn over the keys and legally bound to not tell anyone that he had done so. Ladar found himself in a dilemma; the service that he was selling to his clients was secrecy, but with the SSL keys in the hands of the government, he could no longer deliver on this promise. So he closed down the company – an act that has gotten him into even more trouble.
I have no problem with targeted surveillance; I appreciate that we need this for national security. What I have a problem with, however, is blanket surveillance – the collection of all information in case it is needed some day. There are three reasons for this:
The only check on “infinite surveillance” is the time-honored search warrant, issued by an independent court that requires a burden of proof or reasonable suspicion. In response, recent laws have established secret courts that issues warrants to search records. But the security community seem to think that this is too much to ask for. That they should have the right to search what they want, where they want, without limitation — and without having to ask for a judge for a warrant.
I have no problem with wiretapping. But I have a big problem with warrantless wiretapping.
The final straw was when the Director of National Intelligence told Congress that they were not spying on the American people. When the Snowden revelations put the lie to this, his excuse was “I forgot about section 215 of the Patriot Act“. To add insult to injury, he got to keep his job. I doubt that such an excuse would serve to keep any of the rest of us out of jail.
It has become clear to me that the intelligence community has no respect for the same Constitution that the President and I – along with all of our men and women in uniform – swore to uphold and defend.
And so I have made the reluctant decision to encrypt my communications as a matter of policy wherever possible. Not because I have anything to hide, but because I believe that the too many of our rights have already been taken from us, and peaceful protest is the only course of action left open to me.
“But what do you have to hide?” some of you may ask with a sneer. That’s not the point. But I will answer that with a question of my own: “Do you want a surveillance webcam installed in your bathroom/shower/bedroom?” I don’t think so. Contrary to popular belief — and a wrong-headed and stupid Supreme Court ruling, we *do* have a right to privacy; the only point of argument is where we choose to draw the line. My answer is simple: “I have nothing to hide from those whom I trust”.
I am not your enemy. And I shall prove this to you – just bring me a warrant.
Just got a message from LivingSocial.
The bad news is that somebody apparently hacked into their server and got their hands on names, e-mail addresses and passwords.
The good news is that the passwords were salted and hashed.
I’m not worried.
And even if I was, the password they stole is quasi-random and never used anywhere else.
Nicely done, chaps!
Or: No, Microsoft, you’re not FaceBook
This post started as a rant at Microsoft. Last patch Tuesday, one of my machines auto-patched and auto-rebooted, causing data loss and corrupted files. However, the damage was minimal, and I got over it. Since then, however, something quite worrying has happened.
I have an old Hotmail address that I occasionally check; I used it before I moved to GMail, which is superior in every way, some years ago. I use the Android Hotmail app to access it from my phone. Some time within the past few days it auto-updated, and when I ran it this morning, it instructed me to “upgrade” to the Outlook.Com app.
So… I Installed the new shiny Outlook App. Surprisingly, the new app did not remember my login credentials. That is because it is also not an “upgrade” at all – it is a completely different app – the old, now-useless and completely brain-dead Hotmail app was left in place.
When I entered my credentials, it took me to another screen where it asked for permission to access my data.
Wow… that’s asking for a lot of personal information. mail, contacts, calendar, tasks, e-mail addresses, gender, picture, contacts, friends…
But I don’t want another FaceBook clone, just an e-mail client, so naturally I said “No”. And then…
I checked the password. It was OK. Note that this request for information is in the app itself, NOT in the Play store. And before you ask, yes, you can “change these settings at any time”, but any app that is given access to your phone’s information can scarf all the data it wants in half a second, changing permissions later would be like locking the barn door after after the horse had bolted and was merrily cavorting in the next county.
This looks like Microsoft is trying to scarf my personal data by stealth, without going through the Google Permission screens. If so, they should be soundly spanked in public for this. How can you tell? Simple. If Microsoft are not trying to… er… “borrow” your data, they will fix this so the app can be used without those “permissions”. If they don’t, just like Verizon’s broken-for-eight-months-with-no-fix-in-sight data-usage widget, we will know precisely where they stand.
Until then… Shame on you, Microsoft.
|TAXI!! | Wizard Pran… on OK Stupid|
|The Blame Game | Wiz… on Why I can’t vote for…|
|Twitter has jumped t… on The Un-personing of Milo|
|Brave New World | Wi… on OK Stupid|
|Bravery | Wizard Pra… on OK Stupid|