TechByter Worldwide

If you enjoy today's article, please share it!

Program Date: 02 Mar 2014

Dropping the Ball, Apple Style

Apple users sometimes like to claim that Apple computers, which are based on the BSD (Berkeley Software Distribution) Unix operating system, are all but impervious to attacks of any kind. That has always been questionable, but Apple's release of a seriously flawed version of its Mavericks operating system (OSX version 10.9) and the company's slow response to fixing the problem should cause even die-hard Apple fans to view the claims a bit more realistically.

This week Apple finally patched Mavericks to eliminate a flaw that would allow thieves to view data on connections that users thought were encrypted. The same security problem existed on IOS, the operating system that powers Apple's mobile devices, but Apple patched that operating system several days earlier.

The danger of this bug would be difficult to overstate. It could put at risk financial data, user names, passwords, and any accounts that the user accessed from the computer. If you have an Apple computer or mobile device and you haven't updated the operating system this week, stop reading this report right now and perform the update!

The bug would allow your Apple device to believe that it has received a valid encryption certificate when in fact the certificate might be fraudulent.

Apple has refused to discuss how long the security hole has been present, but researchers have found evidence that the bug was present in mobile devices starting late in 2012. It appears not to have been introduced into OSX until October of last year. That's still a long time for a security problem this serious to remain unpatched.

This is the kind of flaw that lends itself to attacks that are characterized as "man in the middle" exploits in which a user thinks the computer has connected to a secure server at, for example, a bank, but it has actually connected to a fraudster's computer and that computer passes the connection through to the bank. Hence the "man in the middle" name. The intermediate computer can capture everything the hapless user's computer sends or receives.

The takeaway from this account is not that Apple is bad. Apple manufactures excellent hardware. The operating system is first rate. But neither the hardware nor the software is perfect.

Updates Are Everywhere

Operating systems update themselves. Browsers update themselves. Some applications update themselves. Now even televisions update themselves. "Would you like to download and install an update for {insert the name of something here}?" is a question that I'm asked several times most days.

I mention televisions because I bought a new flat-panel TV to replace an older set that had failed. It's a Samsung set, one of the new "smart" TVs that can connect to the Internet. After installing the set, I found that it could reach the Internet, but was unable to connect to Samsung's servers, so I called support and eventually the problem was solved with a firmware update.

A few weeks later, I received a follow-up call regarding the support call. I had spent about 40 minutes on the phone with a level-1 tech and another 20 minutes with a level-2 tech. Both of them were completely baffled by the problem. When I was passed on to a level-3 tech, I described the problem once again and she said "That's a known problem and I can fix it." And she did, by logging on to the television and updating the firmware.

The person who called with the survey questions seemed a bit surprised to learn that I felt the level-1 technician and the level-2 technician should have been made aware of the "known problem".

Since then, the television has downloaded and installed one additional update. "Sam" (I think the television should have a name, so I called it Sam) told me one evening that a new update was ready. I could choose to have it installed immediately or wait until I turned the set off.

There was no indication how long the update would take, but I expected it to take about the same amount of time as the firmware update that the level-3 technician installed—in other words, a few minutes. Install it now is what I told Sam. The process consumed most of the evening. Fortunately, I had a book to read. The book was on my Nexus 7 tablet and I was able to continue reading it once the tablet had installed updates for a few of the apps.

This week, when I turned Sam on (somehow that doesn't sound quite right, does it?), he wasn't able to display an image for WOSU-HD on Wide Open West's channel 205. The other local HD channels were also blank, so I called WOW's support number to see what was up.

The technician asked for the serial number from the set top box so to ensure that she would be looking at the right device. The solution involved sending an update from WOW's server to the set top box and suddenly the PBS News Hour reappeared. Unfortunately, that problem occurred again the following night and the update in this case involved taking the set-top box back for an exchange. And the TV had another update that would have taken 5 hours if I had allowed it to run to completion. Instead, I canceled it and allowed the update to take place while I was sleeping.

Computers run just about everything these days, so I have to wonder what happens when the pilot of a commercial airliner receives a notice at 55,000 feet: Would you like to update the airplane's software now or wait until you are at the gate?

Just kidding .... I think. But consider this: People can log on to my TV to install firmware patches. We buy a book, download it, and begin reading in less than a minute. It's easy to carry 100 or more books around with us wherever we go. In most cases, cars tell technicians (nobody calls them "mechanics" any more) what's wrong with them. Could any of us have predicted this even a decade ago?

Panicked by Windows 8?

If you're in a panic because Windows 7 will no longer be available after November 1 of this year, relax. Microsoft says that computer manufacturers will be able to continue selling Windows 7 after the planned end date. Microsoft, of course, manages to say (with a straight face) that this decision has nothing to do with the end of support for Windows XP or the lukewarm acceptance of Windows 8.

The company says that Windows 7 represents the largest percentage of installed systems. XP is probably second, but XP becomes an orphan in April.

What hasn't changed, though, is the end-of-support date for Windows 7: Standard support ends on January 13, 2015, and extended support will cease on January 14, 2020.

Here's how Microsoft defines those terms:

Mainstream support: Microsoft will offer mainstream support for a minimum of 5 years from the date of a product's general availability, or for 2 years after the successor product is released, whichever is longer. For example, if you buy a new version of Windows and five years later another version is released, you will still have two years of support left for the previous version.

Extended support: Microsoft will offer extended support for either a minimum of 5 years from the date of a product's general availability, or for 2 years after the second successor product (two versions later) is released, whichever is longer.

If you think that regular computer users are averse to change, compare them next to corporate IT directors. Some CIOs and CTOs would probably still be using IBM 360 systems with dumb terminals if management would let them. Windows 7 Pro is stable, known, understood, and well-supported, so it's understandably popular with chief information officers and chief technology officers.

Some have suggested that Microsoft's new policy is intended primarily for small businesses, but certain large businesses are now fixated on Windows 7, having only recently started migrating users away from XP. They install 32-bit systems unless the user can make a compelling case for a 64-bit system and then hobble the 64-bit system with only 4GB of RAM. These are companies that have only recently migrated from Internet Explorer 6 to IE 8 (which is 3 versions out of date). Yes, I do know of a company like this.

What these laggards, if I may call them that, seem not to realize is that there is no requirement to use the Metro interface on desktop or notebook computers, that Windows 8 is faster and more secure than Windows 7, and that Windows 8 makes synchronization of some settings between various computers much easier.

Short Circuits

You're About to Lose Your Facebook Email Address

Oh, you didn't know you had a Facebook e-mail address? Most people who have Facebook accounts seem equally unaware of this fact and that's why Facebook will retire it's e-mail service.

Facebook added e-mail in 2010. Now, in terminating the service, it says that any mail sent to your facebook.com address will simply be forwarded to the e-mail address you provided when you signed up.

The address you may not know you have will be "[your Facebook name]@facebook.com" and anyone can send a message to that address even if you've never made it public. Facebook does limit the number of messages that you can receive from people who you don't list as friends, but that limit is a number that's greater than zero. Facebook says that it also tries to identify and filter out spam.

Because most people didn't know about their Facebook address, they didn't check the account for messages. As a result, these addresses weren't spam targets. But with all messages to Facebook accounts scheduled to be forwarded to addresses that users do check, spammers will probably show some interest.

So if you start receiving messages from people you don't know in a few weeks, those messages might be coming from Facebook.

Netflix Buys a Pass

It didn't take long for Netflix to cave and agree to pay Comcast to give precedence to Netflix's streaming video. This is the first indication that Net neutrality is officially dead.

Netflix becomes the first content provider to agree to pay for better access to a broadband provider's customers. Call me crazy, but it seems to me that it's Comcast's responsibility to provide good service to its customers and if those customers want to watch streaming video, they should be able to. They are, after all, paying to have broadband service delivered to their homes.

So now we're entering a phase in which large, profitable companies will be able to pay the ransom demanded by broadband providers. Smaller companies, and start-ups in particular, won't have the money needed to buy their way in to the insiders' club. The principle of a free, open Internet has been discarded by a clueless federal court and a trembling Federal Communications Commission that has, for decades, refused to take its regulatory responsibilities seriously, except when there's a wardrobe malfunction during halftime at the Super Bowl.

Comcast subscribers who view Netflix streaming video will see some benefit now, but this agreement sets a precedent that will be bad for everyone in the longer term. How long will it be before Netflix starts charging more for its services? How long will it be until broadband providers further increase their already high fees. Users in the United States currently pay higher monthly fees for slower service than do most consumers in Europe and Asia.

If we (and by "we" I mean the administration, Congress, regulators, the courts, and the common folk like you and me) seriously believe that the United States should be a leader instead of a follower, now is the time to get our act together.

This agreement between Netflix and Comcast is exactly the wrong way to go about it.

For additional information, an article on The Verge (although profane) is worthwhile reading. If profanity is something you don't want to read, then avoid the article. Otherwise, here's what Nilay Patel had to say on The Verge. If you want the takeaway in a single sentence and without the profanity, here it is: THE INTERNET IS A UTILITY, JUST LIKE WATER AND ELECTRICITY.