Junkmail from Bob, 2016/12/14

Free Update!

Some computers and smart phone makers provide free updates to the system software. Microsoft has done this for years with Windows and other products. Microsoft also provides free updates to Windows 10. However, the Windows 10 updates are not optional. In fact, the updates occasionally cause problems with the otherwise problem-free systems. This is called "enhanced user experience."

      http://www.windowscentral.com/windows-10-anniversary-update-...

      http://www.infoworld.com/article/3131052/microsoft-windows/p...

      https://www.thurrott.com/windows/windows-10/81659/microsoft- ...

      http://www.zdnet.com/article/microsoft-releases-fix-for-wind...

      https://tech.slashdot.org/story/16/12/10/014231/new-bug-in-w ...

These update problems are common enough for Microsoft to have another free product, the Windows Update Troubleshooter

This is one reason (of several) that I am still using Windows 7. I would be at least a little irritated if I woke up one day to learn that Microsoft had updated my copy of Windows and in the process killed my display driver, rendering my computer unusable, all without my consent, approval, permission, or knowledge.

Samsung recently came out with the Galaxy Note 7 smartphone. It had a few bugs, which is not unusual. Among these was the battery's tendency to catch on fire, which is unusual. A few people didn't like this, but Samsung was nice enough to give refunds and exchanges to anybody who was interested. About 93% of Galaxy Note 7 users took the offer.

Now, to prevent fires and lawsuits, Samsung is issuing forced updates to all the remaining Galaxy Note 7 phones it can reach. These updates are not exactly improvements. This "update" bricks the phone. It disables the phone's charger and prevents it from connecting to a network, making it unusable.

      https://www.theguardian.com/technology/2016/dec/09/galaxy-no ...

      http://www.theverge.com/circuitbreaker/2016/12/9/13899852/ve...

With the ability of computer and phone manufacturers to force updates onto their users, it would be technologically possible for some government with a slightly unbalanced egomaniac in charge to force manufacturers to disable the smart phones and computers of anybody not on an "approved citizen" list. This would naturally be done in the name of national security, or possibly to fight some sort of immoral behavior. I don't think this is likely to happen in most countries, but it is possible to do.

License Plate Scanners

When you drive, for example, from Kansas or Arkansas to Oklahoma on an interstate, you get to have your photo taken, at no charge! It's one of the few social services not threatened by the recent Oklahoma budget shortfalls. If I'm paying attention, I'll make a funny face for the camera, or pretend to be asleep at the wheel.

I believe they scan the license tag from the images and save them to a database, along with tag, time, and locations from a whole bunch of other cameras scattered around the country.

Your license tag can be scanned with stationary cameras or with cameras carried in cars. The system recognizes your license tag number and logs the time and location of your car in a database. This is a handy tool for police. They can drive around, logging tags from parked or moving vehicles. The tags are checked in real time and the officer is alerted if the car has been reported stolen, was recently involved in a bank robbery, or was illegally flown in from Mars.

https://en.wikipedia.org/wiki/Automatic_number_plate_recognition

It also works backwards. If I rob a bank, the police can search the database to see where I've been before the bank was robbed. That way they'll be more likely to find me if I take a taxi home from the bank robbery, and less likely to waste time on me if I was nowhere near the bank at the time of the robbery.

Some people don't like this, and consider it a violation of their privacy. Other people point out that highways are public places, and license tags are required to be visible, so there can be no expectation of privacy. I think there have been some court decisions both ways, but the tag readers seem to be winning.

http://arstechnica.com/tech-policy/2016/12/court-license-pla...

I generally support personal privacy, but in this case I'm in favor of the tag readers. They should also be used for turnpike tolls, in my opinion. But regardless of what I think, tag readers are here and they're going to get more common.

In fact, you can get a license tag scanner for your front yard. Then you can log the tag number of everybody who drives by your house, day and night. It's a little expensive to get one that recognizes the tag number, so you might want to put up a motion activated security camera instead, and read the tags manually if you ever need to.

If you want to record other cars from your car, just get an inexpensive dashcam. It's also handy in case someone drives a truck into your rear-view mirror and denies it.

Lafayette Escadrille

The Lafayette Escadrille was formed 100 years ago, on December 6, 1916. It was as squadron of 38 U.S. flyers and 5 French officers fighting for France in World War I, a year or so before the U.S. joined the war.

Spad VII n° 1660 du Sgt Ray Bridgeman - Pilote de l'escadrille N 124 "La Fayette" du 1er mai 1917 au 18 février 1918 - Il a utilisé cet avion du 27 aout au 18 décembre 1917 - Photo collection Willis B. Haviland transmise par son petit-fils Lamm que je remercie pour son aide.

Les pilotes de l'escadrille américaine N 124 posent sur le terrain de Luxeuil en mai 1916 - De gauche à droite : Sgt Victor Chapman - Sgt Elliot Cowdin - Sgt Bert Hall - Slt William Thaw - Cne Georges Thénault, commandant l'escadrille - Ltt Alfred de Laage de Meux - Sgt Norman Price - Sgt Kiffin Rockwell - Sgt James M.Connell - Photo SHD section Air du château de Vincennes.

      http://albindenis.free.fr/Site_escadrille/escadrille124Lafay...

      https://airandspace.si.edu/stories/editorial/operational-log ...

      https://en.wikipedia.org/wiki/Lafayette_Escadrille

Nihonium, Moscovium, Tennessine, and Oganesson

There are four new names in the Periodic Table of Elements, Nihonium, Moscovium, Tennessine, and Oganesson, for elements 113, 115, 117 and 118. The elements were predicted quite a while back, but were discovered between 2002 and 2010. They now have names!

http://www.nytimes.com/2016/12/01/science/periodic-table-new...

Data Breaches

A few companies, governments, organizations, and disorganizations have been in the news recently after of having their computer networks hacked and their data stolen. Here are a few articles:

Australia
Philippines
Republican National Committee (confirmed by the CIA and denied by Trump)
Democatric National Committee
the Clinton Campaign
Sony
MBS (multiple companies' data)
Yahoo
U.S. Navy
U.S. Office of Personnel Management (more info here, here, here, and and here)
LinkedIn (more here and here)
DropBox
FDIC
Adult Friend Finder
Ashley Madison
Oracle
Verizon
Staminus Communications
I Dressup
Living Social
Scottrade
Time Warner
LastPass
JP Morgan
V Tech
the Internal Revenue Service (more here)
Minecraft
Patreon
U.S. Department of Homeland Security (more here)
Seagate
eBay
Target (more here)
the CIA
the NSA
Microsoft (no data stolen)
The Lottery (multistate)
TV5Monde
Android Phones
Lots of Banks, with some insider help

All these companies are just a drop in the bucket. Here's a more comprehensive list of companies and organizations that have enjoyed data breach:

      http://www.informationisbeautiful.net/visualizations/worlds-...

And, just this week Yahoo announced that 1 billion Yahoo accounts have been hacked, and they have no idea how.

      http://arstechnica.com/security/2016/12/yahoo-reveals-1-bill...

What happens with all this data? If someone gets a stolen credit card number, it's pretty easy to guess the expiration data, security code, and billing zip code. You just send guesses to multiple sites at once so no site recognizes the brute-force search.

      http://arstechnica.com/security/2016/12/thieves-can-guess-yo...

Many people use the same username and password for multiple web sites. I do this on sites unimportant to me so I can log in quickly. When someone has my name and password (along with a billion others, in the case of Yahoo), they can try it on other sites and see what accounts of mine they can get into. Fortunately, there's not much monetary reward getting into my account at bugguide.net, chess.com, or slowtwitch.com, and I have not seen a problem with this.

But if I had used my 4-year-old MySpace username and password for Github, someone might have used it to login to my Github account and add their malware to a downloadable application that I wrote or manage.

      http://arstechnica.com/security/2016/06/github-attacker-laun...

The gist of all this is that it there is very little online that is 100 percent secure. Whether it's email, financial information, or an irate rant on an online forum, it's possible for it to be disclosed to the public. My email is not very interesting, and my rants are highly insightful if largely ignored. OK, OK, my rants are completely ignored. Either way, there's not a large demand for Russian hackers to get into my personal information. I do try to be careful with my financial data, but there have been a lot of banks and a few brokerages hacked lately. Most banks and brokerages will reimburse any losses due to fraud, but there are limits.

If you use a credit card for online shopping, it might be a good idea to have at least one more credit card you can use at Walmart when the other one gets stolen and used to buy skateboards and smart phones. You won't have to pay for the purchases made on the stolen card, but you will have to wait while they send you a new card. There are very few sites on the internet that save my credit card number. I type it in most of the time and tell them not to save the number.

The big question is, do they have my information? The answer is, there's a good chance they do. You can find out here:

      https://haveibeenpwned.com/

I've got three email addresses and a couple of usernames that have been "compromised" at several sites. But there's a good chance that it doesn't matter.

Most of the data breaches involve limited disclosure, and most of us are not targets with a good enough risk-return for hackers to spend time on. Either way, if one of your accounts is listed on https://haveibeenpwned.com/ , it would be a good idea not to use that password anywhere else.

This definitely reinforces the notion that anything you put on the internet is liable to be public one day.

USB Killer

There's a new USB "peripheral" you can use to kill a PC, laptop, tablet, phone, etc. Just about anything with a USB port can be zapped with 220 volts, which is enough to break most devices. You, too, can own a USB Killer for the low, low price of $50. Or you can build one. It's actually pretty simple.

The USB Killer used the 5 volts from the USB port to charge some capacitors. When they're fully charged, they discharge a 220v pulse back into the USB port. This repeats until the USB power goes out.

http://arstechnica.com/gadgets/2016/12/usb-killer-fries-devices/

This is kind of creative, but it's not really so unique or scary. You can accomplish the same thing by wiring a USB connector to a 110v or 220v power cord.

MyShake

Some people are Berkeley have come out with an app for phones and tablets to detect earthquakes. Most smart phones and tablets have accelerometers built in. These can be used to measure earthquake vibrations.

Of course, a seismograph will do a better job at detecting an earthquake, but if they have lots of MyShake devices everywhere, they can measure the extent of the earthquake's motion and the varying intensity over a wide area.

The ability of personal devices (or their software) to recognize earthquakes is definitely not foolproof, but if you have lots of them networked you can statistically dampen out the expected 7% false positives.

http://myshake.berkeley.edu/

http://advances.sciencemag.org/content/2/2/e1501055.full

Stupid Patent of the Month

December's stupid patent of the month would be obvious to any semi-competent 4th grader, and is definitely not unique according to current standards: "A patent for streaming cloud-base content."

http://arstechnica.com/tech-policy/2016/12/effs-stupid-paten...

SFMTA

The San Francisco Metropolitan Transit Authority was hacked last month and infected with ransomware. The hackers involved demanded 100 bitcoins, about $73,000 at the time. (The bit coin price is up over $780 now).

To their credit, the SFMTA never considered paying off the hackers. They restored everything from backups, analyzed what went wrong, and took steps to prevent that from happening in the future.

A funny part of the story is that the hacker himself was hacked by a security researcher. By guessing the answer to a "secret question", the researcher was able to reset the password to the hacker's email accounts (cryptom27@yandex.com and cryptom2016@yandex.com).

Note: When you save the answer to a "secret question", make sure it's impossible to guess. I generally use something complex and completely unrelated to the question if it's an account I care about. This should be as secure as the password, since in many cases it can be used to reset the password.

The hacker's email provided a lot of information on recent activities. He used a number of scanners to check servers for known vulnerabilities, the most common being that of some Oracle products. The SFMTA did not appear to be specifically targeted.

According to Brian Krebs, "The list of victims from our extortionist shows that the SFMTA was something of an aberration. The vast majority of organizations victimized by this attacker were manufacturing and construction firms based in the United States, and most of those victims ended up paying the entire ransom demanded -- generally one bitcoin per encrypted server."

https://krebsonsecurity.com/2016/11/san-francisco-rail-syste ...

The FBI has some good advice on protecting your system against ransomware.

https://www.ic3.gov/media/2016/160915.aspx

This is pleasantly surprising after their loss of credibility during the Presidential elections, and after their decision to make national security their primary mission as opposed to law enforcement.

Global Internet

On my personal web site https://xpda.com,, where you can find Junkmail, 30 percent of visitors are from outside the United States. The world is connected!

1	United States	68.75%
2	Russia	4.53%
3	United Kingdom	3.69%
4	Canada	2.87%
5	Germany	2.31%
6	France	1.83%
7	China	1.60%
8	Australia	1.52%
9	India	0.68%
10	Netherlands	0.62%
11	Spain	0.59%
12	Brazil	0.49%
13	Ukraine	0.48%
14	Italy	0.44%
15	Mexico	0.40%
16	Japan	0.36%
17	Switzerland	0.35%
19	Sweden	0.34%
20	Nigeria	0.31%
21	Belgium	0.31%
22	New Zealand	0.29%
23	Austria	0.26%
24	Poland	0.26%
25	South Korea	0.24%
26	Norway	0.24%
27	Philippines	0.21%
28	Czech Republic	0.19%
29	Kenya	0.19%
30	Denmark	0.18%
31	Indonesia	0.18%
32	Turkey	0.17%
33	South Africa	0.17%
34	Taiwan	0.16%
35	Ireland	0.16%
36	Portugal	0.15%
37	Finland	0.14%
38	Thailand	0.14%
39	Israel	0.13%
40	Greece	0.13%
41	Malaysia	0.13%
42	Romania	0.13%
43	Iceland	0.13%
44	Iran	0.12%
45	Belarus	0.11%
46	Singapore	0.11%
47	Argentina	0.10%
48	Hong Kong	0.10%
49	United Arab Emirates	0.09%
50	Hungary	0.09%
51	Vietnam	0.08%
52	Saudi Arabia	0.08%
53	Colombia	0.07%
54	Serbia	0.07%
55	Ghana	0.07%
56	Slovakia	0.07%
57	Egypt	0.06%
58	Puerto Rico	0.06%
59	Bahamas	0.06%
60	Sudan	0.06%
61	Madagascar	0.06%
62	Croatia	0.06%
63	Chile	0.05%
64	Pakistan	0.05%
65	Bulgaria	0.05%
66	Slovenia	0.05%
67	Kazakhstan	0.05%
68	Latvia	0.05%
69	Moldova	0.04%
70	Georgia	0.04%
71	Luxembourg	0.04%
72	Cyprus	0.04%
73	Peru	0.04%
74	Venezuela	0.04%
75	Dominican Republic	0.03%
76	Ecuador	0.03%
77	Malta	0.03%
78	Costa Rica	0.03%
79	Algeria	0.03%
80	Uzbekistan	0.03%
81	Oman	0.03%
82	Panama	0.03%
83	Azerbaijan	0.02%
84	Morocco	0.02%
85	Mauritius	0.02%
86	Qatar	0.02%
87	Lithuania	0.02%
88	Papua New Guinea	0.02%
89	Bosnia & Herzegovina	0.02%
90	Haiti	0.02%
91	Kuwait	0.02%
92	U.S. Virgin Islands	0.02%
93	Sri Lanka	0.02%
94	Nepal	0.02%
95	Afghanistan	0.02%
96	Cameroon	0.02%
97	Guernsey	0.02%
98	Guatemala	0.02%
99	Tunisia	0.02%
100	Greenland	0.02%
101	Jamaica	0.02%
102	Trinidad & Tobago	0.02%
103	Iraq	0.02%
104	Uganda	0.02%
105	Armenia	0.01%
106	Bangladesh	0.01%
107	Estonia	0.01%
108	Jersey	0.01%
109	Jordan	0.01%
110	Kyrgyzstan	0.01%
111	Lebanon	0.01%
112	Zambia	0.01%
113	Antigua & Barbuda	0.01%
114	Bahrain	0.01%
115	Sint Maarten	0.01%
116	Bolivia	0.01%
117	Belize	0.01%
118	Congo	0.01%
119	Monaco	0.01%
120	Martinique	0.01%
121	Paraguay	0.01%
122	Tanzania	0.01%
123	Uruguay	0.01%
124	Macedonia	0.01%
125	Malawi	0.01%
126	Réunion	0.01%
127	Senegal	0.01%
128	Andorra	0.01%
129	Cayman Islands	0.01%
130	St. Lucia	0.01%
131	South Sudan	0.01%
132	Kosovo	0.01%
133	Albania	0.01%
134	Bermuda	0.01%
135	Côte d’Ivoire	0.01%
136	Cambodia	0.01%
137	Myanmar	0.01%
138	Namibia	0.01%
139	Nicaragua	0.01%
140	Turks & Caicos Islands	0.01%
141	Angola	0.00%
142	Aruba	0.00%
143	Barbados	0.00%
144	Benin	0.00%
145	Brunei	0.00%
146	Congo	0.00%
147	Curaçao	0.00%
148	Faroe Islands	0.00%
149	Montenegro	0.00%
150	Niger	0.00%
151	Suriname	0.00%
152	Anguilla	0.00%
153	Burkina Faso	0.00%
154	Central African Republic	0.00%
155	Cuba	0.00%
156	French Guiana	0.00%
157	Guadeloupe	0.00%
158	Guam	0.00%
159	Honduras	0.00%
160	Mauritania	0.00%
161	Mozambique	0.00%
162	Rwanda	0.00%
163	El Salvador	0.00%
164	Togo	0.00%
165	Tajikistan	0.00%
166	Zimbabwe	0.00%
167	Botswana	0.00%
168	Dominica	0.00%
169	Gabon	0.00%
170	Grenada	0.00%
171	Gibraltar	0.00%
172	Guinea	0.00%
173	Guyana	0.00%
174	Isle of Man	0.00%
175	Liechtenstein	0.00%
176	Liberia	0.00%
177	Mali	0.00%
178	Mongolia	0.00%
179	Macau	0.00%
180	Northern Mariana Islands	0.00%
181	New Caledonia	0.00%
182	French Polynesia	0.00%
183	St. Pierre & Miquelon	0.00%
184	Palestine	0.00%
185	Sierra Leone	0.00%
186	San Marino	0.00%
187	Syria	0.00%
188	Swaziland	0.00%
189	St. Vincent & Grenadines	0.00%
190	Vanuatu	0.00%
191	Yemen	0.00%

Russia doesn't really have that much normal traffic. It's mostly from hackers scanning the site looking for vulnerabilities. Some months Russia makes up more than 20 percent of all traffic. The bottom several countries may only have one or two visitors.

Superiority

Arthur C. Clarke wrote the story "Superiority" in 1951.

Some people think this is pertinent today. I'm not sure, but it is an interesting story.

Pilots with the 33rd Fighter Wing prepare to take off during an exercise at Volk Field, Wisconsin., August 26, 2016.

http://www.nytimes.com/2016/01/25/us/despite-decades-of-stea...

The Navy's most technologically advanced surface ship USS Zumwalt steams in formation with USS Independence and USS Bunker Hill on the final leg of her three-month journey to her new homeport in San Diego. Upon arrival, Zumwalt will begin installation of her combat systems, testing and evaluation, and operation integration with the fleet.

http://www.npr.org/sections/parallels/2016/09/01/492255620/a...

All About Birds

Cornell University has an excellent bird site called "All About Birds". They have general information, bird identification, bird surveys, and a great phone app for identifying birds:

http://merlin.allaboutbirds.org/

If you see a bird, you can use the app to describe it and bring up photos and bird calls. The bird calls it plays are so good that in some wildlife areas, such as George Washington Ditch, they prohibit the playback of bird calls on phones because it riles up the wildlife. You can also do this at the online bird guide:

https://www.allaboutbirds.org/guide/search/

A wood duck I ran across on Pinckney Island, near Hilton Head.

Thieving Hawkeyes

The Thieving Magpie is an 1817 opera written by Rossini. It's pretty good. The thieving hawkeyes are what some might call Iowa's "Interdiction Team".

A few years ago I was driving along Interstate 80, minding my own business and leaving a moderate trail of destruction, and I passed from Nebraska into Iowa. I was stopped for speeding and given a warning. I thought it was a little odd because I was only going 7 mph over the speed limit, but I just assumed the patrolman felt like being a little strict. Maybe he was having a bad day.

Today I read about the Iowa Interdiction Team, or the State Forfeiture Team as it is called by the Des Moines Register. They stop drivers on I-80 and confiscate cash, vehicles, and other property from thousands of people. Most of these people are never convicted of anything, but they still lose their money and property. The busiest location for these stops is 5 miles from the Nebraska border, just about where I got my warning. It's scary to think that I could have lost my iPod or electric shaver to some overzealous highway patrol officer. Anything else wouldn't bother me too much.

Iowa has been getting some bad publicity about this, after seizing cash totaling $55 million from about 1,000 people per year. The money goes to state and local law enforcement agencies in Iowa, often the same departments that are confiscating the money. As a result of the flack, Iowa is disbanding its Interdiction Team.

      http://www.desmoinesregister.com/story/news/investigations/2...

      https://www.techdirt.com/articles/20161206/08223036207/iowa- ...

      http://www.desmoinesregister.com/story/news/2015/11/13/iowas...

The U.S. Constitution says you can't be deprived of property without due process of law. Seizures like this are generally considered constitutional, because federal law says they are legal. There have been several unsuccessful attempts to get the law changed, but it hasn't happened. Ironically, one of the U.S. Senators who has been working to change this is from Iowa.

      http://www.desmoinesregister.com/story/news/investigations/2...

Handel

We're singing Handel's Messiah on Friday, December 23rd, start to finish, solos in unison.

The nth annual, two and a half hour musical attempt will take place at Jerry and Stephanie's house. Singing food (cookies, cake, chips, etc.) starts at 5:00 and continues throughout. The Overture starts at 5:30. Singing ability is not important. Enthusiasm is very important.

Be there! Practice here:

https://xpda.com/messiah