We Gotcha

 

Anyone who uses the internet regularly has likely encountered a CAPTCHA or reCAPTCHA gatekeeper at a website requiring a login, and the puzzles they present to the user are meant to distinguish human visitors from bots, which is a good idea. Another good idea from the standpoint of Google, or Alphabet or whatever they’re calling themselves these days, is the use of unpaid labor from solvers of the puzzles to train artificial intelligence for tasks such as digitizing books or driving cars.

Waymo self-driving car side view.gk
A Waymo self-driving car on the road in Mountain View, California, headquarters of Google, or Alphabet or whatever they’re calling themselves these days. Waymo is a division within the technology behemoth, and logically it would be filed under “W”. Photo by Grendelkhan.

 

Ten years ago, internet users mostly encountered CAPTCHAs, which stands for Completely Automated Public Turing test to tell Computers and Humans Apart. CAPTCHAs were text-based puzzles, and Google put people to work solving them in the interests of both internet security and of training artificial intelligence to recognize letters and numbers in all sorts of peculiar configurations, such as might be found in all the books Google was digitizing. Now reCAPTCHAs are more common, and they are handy for training self-driving cars because they are image-based, and the images are most often of street scenes.

No doubt the engineers and executives at Google count themselves as quite clever for employing digital security puzzles to help amass the enormous amount of data necessary to train artificial intelligence without spending a penny, at least for labor. It’s a good bet most internet users are unaware of their exploitation at the hands of that technology behemoth or of other ones, like Facebook, which uses photographs uploaded by its users to train facial recognition software. Of those who are aware of what’s going on, some may not care. The technology companies, in that case, have little concern for the possibility of a public outcry over their exploitative practices; people are so eager to hand over their personal data for purposes they perceive as benefiting themselves that they don’t notice or don’t care how the companies are using the mountains of freely given information.

Artificial intelligence requires so much data to be effective that not even all the free data sneakily gleaned from internet users is enough, and therefore the technology companies have to pay some laborers, however poorly, to do the monotonous tasks necessary to train artificial intelligence for every imaginable scenario. The weakness of artificial intelligence, being nothing more than an extremely powerful computer, is its incapability of imagining scenarios outside of logic, or of imagining anything at all. Powerful as it is, it is still only a number cruncher.



John Cleese in conversation with Appian CEO Matt Calkins at a technology conference in 2018. In another video, John Cleese demonstrates the leaps of imagination and intuition that set the human brain apart from artificial intelligence.

 

Google’s reCAPTCHA sometimes gets the wrong message from its images, for example by insisting a diagonally striped no parking zone is a pedestrian crosswalk. There is no arguing with it. All the internet user can do in order to move on then is play along with the error or try reloading a different image. One has to wonder if training one’s replacement for free is not enough of an indignity without also suffering the insult of having to humor an insufficiently intelligent automaton that is nonetheless a humorless and dully unimaginative know-it-all.
— Techly

 

Facebooktwitterredditmail

Leave It to Google

 

People go out of their way to use the Linux operating system on their desktop and laptop computers for all sorts of reasons, and it’s a fair guess that among them is the desire to stay clear of the tentacles of major technology companies like Microsoft, Apple, and Google. Microsoft has never made any pretense of being anything but evil, while Apple has pretended to be above the fray, and perhaps the least trustworthy of the three is Google, which tipped everyone off to their evil intentions by sanctimoniously proclaiming at one time “Don’t be evil”. Any individual or organization professing to abide by moral certainties that should not even be in question is not to be trusted.

 

It’s ironic then that because of some holes in Linux development such as lack of drivers for some peripherals, usually printers, Linux users may find themselves forced to rely on Google services as workarounds. In the case of printers, incompatibility with Linux has become less of a problem over the past 20 years as Linux has climbed in market share to around five percent. Microsoft’s Windows is around 75 percent, with Apple’s Mac operating system at about 15 percent, although it seems no one can agree on the exact numbers. Google’s Chrome operating system makes up most of the remaining percentage in use for desktops and laptops, and because it has access to all Google services built in, including Google Cloud Print, printing from Chrome OS is never a problem even if proprietary drivers are not available from the printer manufacturer.

 

MagpieOS infofetch
Magpie OS is an Arch-based Linux distribution, developed by Rukunuzzaman, a Bangladeshi developer. Screenshot by Kabirnayeem.99. There are hundreds, perhaps thousands, of different Linux distributions, enough to suit anyone’s preference.

Some printer makers still do not provide drivers for Linux, and in cases where generic drivers won’t work the Linux user is confronted with either turning their incompatible printer into a doorstop or falling back on workarounds like using Google Cloud Print. It’s an efficient service that comes in handy. It’s also free. Free often comes at a price, however, and in the case of Google, like many other technology companies, that means turning the user of the free service into a product sold to marketers. Google is perhaps no worse in this respect than companies like Facebook, only more pervasive by its utter ubiquity. It’s nearly impossible to escape Google entirely and still get along in today’s technological world. Google’s Chrome OS may bring up the rear among major desktop and laptop operating systems, but its Android OS for smartphones leads the next highest competitor, Apple’s iOS, by a huge margin at around 85 percent to 15 percent.

Printer manufacturers appear interested mostly in configuring their drivers for the two biggest desktop and laptop operating systems, Windows and Mac, and Linux is generally an afterthought. Chrome can fend for itself, and to some extent Linux can as well, but not without having to resort to using Google services occasionally. Linux developers are volunteers, and they can’t keep up with the myriad of proprietary configurations for all the printer models hitting the market each year. Much of the proprietary nature of printer drivers has nothing to do with actually making the product perform its basic functions, but rather with marketing gimmicks like greeting card suites.

Al Pacino in The Godfather: Part III, a 1990 film directed by Francis Ford Coppola. Not that large technology companies are necessarily comparable to the Mafia, but to some people their grasp may feel similarly inescapable.

Now more than ever people need a reliable printer at home. About the only way left of obtaining tax forms is to download them from the internet and print them at home. Using the internet and printing out web pages has become a major factor in children’s schoolwork, and their parents need to print out receipts and coupons or run a home office. Getting along without a printer, or having to jump through hoops in order to get one to work properly, can no longer be part of how most people cope with the modern world. For most people, the 90 percent who use either Windows or Mac computers, compatibility problems are rare to nonexistent; for the 10 percent minority, and particularly those who wish to go against the flow with Linux, incompatibility between operating system and printer should no longer be an issue if manufacturers want to sell their wares to all consumers and ensure the same ease of use long enjoyed by the majority. It’s about time for proprietary drivers to go into the desktop trash can.
— Techly

 

Facebooktwitterredditmail

Just Say No

 

As if the lack of trust hadn’t sunk low enough between internet users, advertisers, and the websites which host advertisements, along comes cryptojacking, a method for either honestly or dishonestly using the computing power and electricity of internet users to mine cryptocurrency. Last week, users of YouTube in some countries noticed that their antivirus and antimalware programs were alerting them to code hidden in ads on YouTube which were enlisting their computers for cryptomining without their permission. Google, which administers YouTube, claims to have fixed the problem. Unfortunately, there are many small websites that don’t have Google’s Information Technology (IT) resources and may have been hacked and had cryptojacking code installed without their knowledge.

 

Cryptojacking sounds like it should be illegal, but oddly enough it is not. There can be repercussions such as blacklisting for hiding code in ads, and of course this sort of activity serves to push more people toward the use of ad blockers, which deplete the revenue of honest websites as well as dishonest ones. There are now outfits on the web, Coinhive being the most notable, which promote to website owners the idea of replacing ads altogether with a bit of JavaScript code on the website itself that will enlist the computers of visitors in mining Monero, a type of cryptocurrency that, unlike Bitcoin, doesn’t require high end equipment. Coinhive takes 30% of the resulting mining revenue, and the website owner gets 70%. Coinhive rather dubiously promotes this as a fair business model for the website owner in a time of declining revenue from ads, while not mentioning its relative fairness for the website visitor.

Cryptocurrency Mining Farm
A mining farm of Genesis Mining in Iceland. These are mainly Zeus scrypt miners. 2014 photo by Marco Krohn. No subterfuge involved in this cryptocurrency mining operation. Note that because the calculations required to create the currency generate a lot of heat, there are fans at the ends of all the units.

As originally set up by Coinhive, the JavaScript ran without the internet user’s knowledge or permission. If an internet user visited a website running Coinhive‘s JavaScript code, and the user’s security software did not alert the user or block the code from running, the only indication the user had of being legally cryptojacked was how unusually busy their computer was and, when the electric bill arrived, how unusually high it was. Savvy computer users might also check running processes monitored by the task manager on their computer. But it’s a good bet that most computer users have no idea about task manager or where to find it on their computer. Some users don’t run any security software at all, or if they do, they misuse it. Running Coinhive software without the knowledge or permission of website visitors is sneaky at best, and more likely just plain unethical, and any arguments from Coinhive or anyone else that it is a fair replacement for ads is mere sophistry.

After some amount of pushing from internet users, Coinhive started offering an above board, opt-in type of cryptomining code so that website visitors knew what was being asked of them. Naturally that version has not proved popular with the website owners who partner with Coinhive because advising visitors of cryptomining activity only leads to the great majority of them declining to participate. People who are not computer savvy, when confronted with an option which will in all likelihood confuse and frighten them, will resort to the safest option and just say no. More computer savvy visitors will likely decide it’s not worth their while to have their computer slowed down to a crawl and their electricity bill hiked by a few dollars a month just to visit a website. Only the most indispensable websites could get away with it, and they are apt to have access to many other less complicated sources of revenue. Coinhive, meanwhile, continues offering the original, surreptitious version of its software.

Naturalist David Attenborough discusses brood parasitism among birds in this BBC wildlife segment.

The arms race between website owners and advertisers on one side, and website visitors on the other side, began when internet service was incredibly slow and most consumers had data caps. Ads, particularly Flash ads that jumped up and down to attract the visitor’s attention, slowed down internet service even more and sucked up the visitor’s limited data. Enter ad blockers. The thing about ad blockers, however, is that even though most of them offer users the ability to whitelist websites, most users are either unaware of that option or don’t bother to use it unless prompted by the website. Ad blockers often act effectively as blunt instruments then, punishing honest websites which display discreet, reputable ads in an above board manner, along with dishonest or careless websites which display gaudy ads that may or may not harbor malicious code. Like many other areas of life, on the internet a few bad actors can spoil the honest efforts of the majority of website owners. The answer to declining revenue from the arms race between advertisers and advertising blockers is not for website owners to get sneaky, however, which erodes trust, but to develop trust with their visitors and exercise restraint on their advertisers.
— Techly

 

Facebooktwitterredditmail

Open Sesame

 

The latest crisis in computer security comes from news of the Meltdown and Spectre Central Processing Unit (CPU) exploits. Nearly all desktop and laptop computers are affected, and most tablets, smartphones, and other small devices are also affected.* The difference is on account of the types of CPUs used for the various computers and devices. Since home users usually access password protected accounts like email and online banking from smaller devices as well as larger computers, they could see their privacy and online security compromised across platforms. In other words, hackers can exploit a hardware flaw in the CPUs of home computers, and then hackers could use that vulnerability to access private email and banking passwords in software that crosses platforms.

 

עלי באבא מתחבא על העץ
In the story “Ali Baba and the Forty Thieves”, Ali Baba overhears one of the thieves say “Open Sesame” to open the entrance of the cave where they store their loot. Illustration by Rena Xiaxiu.

CPU makers like Intel† are racing to fix the problem, which was first discovered by Google security researchers last June, and internet browser makers, where many users store passwords, are hurrying to tighten security on their end. In the meantime, people need to be vigilant about email and banking security themselves, starting with changing their passwords if they suspect unusual activity in their accounts and running a full suite of anti-virus, anti-spyware, and anti-malware programs on their computers. Those are routine security measures that people ought to be taking already, but unfortunately some folks don’t even do that much. When their computers are compromised by hackers, those home users are often as not completely unaware they are being used as part of a rogue network, called a botnet, to spread spam and other nasties throughout the internet. When everything is linked as with the internet, the weakest links are the easiest targets of hackers.

Even after tightening up individual computer security by using strong passwords and storing them securely, by not clicking on links in untrusted emails, by surfing the web safely using the anti-phishing feature built into most browsers, by regularly updating a security suite and running scans with it, even after all that a careful home user can still have difficulties, whether it’s because of something completely out of their control in the so-called cloud, such as when credit reporting agencies got hacked, or simply because their Internet Service Provider (ISP) momentarily gives them the Internet Protocol (IP) address of a blacklisted spammer, causing their email provider to block their account.

Since the majority of IP addresses are dynamic rather than static, meaning that each time a computer user connects to the internet the device that user is on, or possibly a larger network it is part of, is assigned a different IP address rather than keeping the same IP address from session to session. Because dynamic IP addresses are recycled, it’s a wonder that the unfortunate coincidence of being assigned a blacklisted address does not happen more often than it does. It’s impractical to remove a bad address from the rotation entirely because spammers can jump from address to address so quickly that soon all of them would be blacklisted, or the addresses would have to be prohibitively long.

Alfred Hitchcock’s 1956 film The Wrong Man explores the nightmare of mistaken identity.

The other way to get blacklisted as a spammer is to get hacked as described earlier, either through negligence or bad luck, and end up an unknowing part of a botnet distributing spam to friends and strangers alike. The use of biometrics like fingerprint and iris scans are no better a solution to account security than passwords since hackers have been at work on spoofing mechanisms for biometrics. Police can also compel people to grant access to their computers and other devices when they are locked by biometric measures, whereas they cannot compel people to divulge their passwords. There is no single, simple solution to keeping private data entirely secure on any computer or device as long as it is connected to the internet. It’s like the locks on doors and windows, which ultimately will keep out only honest people. Dishonest people will find a way in if they are determined enough, but it’s better for everyone else if it’s not too easy for them, and if they get caught sooner rather than later.
― Techly

*Post updated to enlarge number of devices affected.

†In November, long after he had learned of the vulnerability in his company’s products, but of course before the flaw had become general knowledge last week, Intel CEO Brian Krzanich sold almost all of his stock in the company for $39 million.

 

Facebooktwitterredditmail

Your Bitcoin or Your Files

 

The WannaCry, or WannaCrypt, ransomware that attacked mostly networked computers running unpatched Windows operating systems last month did not affect many non-networked home computer users, but that doesn’t mean those users will avoid future attacks. The computers of home users are often just as vulnerable as those used by banks, hospitals, and other large institutions. They are less likely to be attacked only because they aren’t generally tied into a larger network and because loss of their data is not critical. Home users also have less money, or access to Bitcoin, than large institutions, making an attack on them not as worthwhile for hackers.

 

Computer Using Cat
Cat using computer; photo by EvanLovely.
Any computer running any operating system connected to the internet is vulnerable to ransomware, malware, viruses, and a host of other exploits. Macintosh and Linux operating systems are partially less vulnerable than Windows, but not invulnerable. The same goes for the Android and iOS mobile phone platforms. Frequently updating an operating system with patches downloaded from the operating system provider is key to maintaining security. An equally important best practice is to avoid human error in daily computing, such as being wary of web links or attachments in suspicious emails, and even being careful of clicking on ads from unknown providers on sketchy websites. The internet is a teeming public square where pickpockets mix with everyone else, and where some side streets and alleyways lead to unwholesome places, increasing the likelihood of something bad happening.

 

All this seems like common sense and fairly common knowledge, so why are large institutions with professional Information Technology (IT) staff on hand nonetheless vulnerable to cybercrime exploits that home computer users who are conscientious about updating their software and careful when visiting the internet can usually avoid? Are the IT departments incompetent? The answer is they apparently do their best most of the time, like anyone else with a job to do, but their efforts are many times hobbled by that second factor mentioned above – human error. And the larger the organization and the more computers tied into the network, the greater the chances for one small human error to multiply throughout the organization. IT specialists are also hobbled by the unwillingness of higher ups to let go of outdated operating systems like Windows XP. The WannaCry ransomware targeted unpatched, networked Windows XP computers.


From Woody Allen’s 1969 movie Take the Money and Run, a job interview presumably for an IT position, with a nod to the old TV quiz show, What’s My Line?

Here we have blame enough to go around for everyone: from the executives who, whether out of cheapness or reluctance to overhaul their company’s computer systems, failed to modernize; to the IT specialists who, whether from incompetence or overwork, failed to install vital patches to an outdated operating system; to the end users or user sitting at a computer who, whether out of ignorance or foolishness, clicked on a malicious link or fell for a phishing scam, and then passed it on to co-workers. What made the WannaCry ransomware especially vicious was its ability to exploit the very minimum of human error in order to replicate throughout a network. Computer experts are still not certain of the attack vector WannaCry used to gain initial access. The patch Microsoft issued months earlier should nevertheless have protected Windows XP computers, human error or no.

 

1940 Oldsmobile Station Wagon
1940 Oldsmobile Station Wagon advertisement. You rarely see Woodies like this on the road these days!
Windows XP was Microsoft’s most popular operating system ever, and it’s understandable many users are reluctant to let it go. There are a lot of reasons Microsoft has tried to move on from Windows XP, as popular as it remains, and at this stage those reasons, good or bad, believable or not, are beside the point. The fact is Microsoft is moving on. For computer users to cling to Windows XP at this point is like automobile fanciers who own vintage cars: Yes, having a fine old car can be engaging, but don’t expect there will be many qualified mechanics available to work on it, or driving it on interstate highways will be a safe and effective means of travel in the 21st century. Windows 10, the up to date model of Microsoft’s operating system, has plenty of faults, among them being a data hog that is far too chatty with its home base so that it can mine the user’s personal data for sale, a lesson Microsoft learned well from Google, but at least it’s safely built for travel on today’s internet, the information superhighway, as Al Gore called it. Drive safely.
― Techly

 

Facebooktwitterredditmail