Listen to the Podcast
22 May 2020 - Podcast #694 - (20:29)
It's Like NPR on the Web
If you find the information TechByter Worldwide provides useful or interesting, please consider a contribution.
If you find the information TechByter Worldwide provides useful or interesting, please consider a contribution.
On Mother's Day, we had a virtual gathering on Zoom. I had used the service once previously for a conference call with New York City's Metropolitan Transportation Authority. That was followed by alarming news about Zoom's security, or lack of it. Let's see how the company is dealing with the challenge.
Click any of the small images for a full-size view. To dismiss the larger image, press ESC or tap outside the image.
One of the primary weak spots was Zoom's technique for generating meeting numbers and not requiring a password to enter the meeting. Another was lack of encryption. As a result, random people could wander in to meetings and, if meetings were recorded, they were available online without any protection at all.
Alarming (at least to me) is that some physicians were using Zoom for telemedicine sessions with their patients. There's simply no way that Zoom was complaint with Health Insurance Portability and Accountability Act (HIPAA) privacy guidelines. The HIPAA Journal, after previously stating that Zoom was an acceptable telemedicine alternative, now says "Until the security issues with Zoom are resolved, alternative telemedicine solutions should be used."
Zoom is working to provide end-to-end encryption, but only for paid users. Zoom has acquired Keybase, a startup company the specializes in encryption. Until that happens, Zoom is adequate — when used with care — for family meetings, many business meetings, and schools. It's still questionable for use in healthcare settings where protected health information is shared. The list of what is considered personal health information is long. In part, it includes patient name, location, birth date, phone numbers, fax numbers, Social Security numbers, medical record numbers, email addresses, biometric identifiers, photos, and a lot more.
Scammers are nothing if not inventive, so naturally they're taking advantage of the confusion surrounding Zoom, but not to steal Zoom credentials.
One scam reported by Abnormal Security works this way:
Links in messages are an ongoing source of attacks and users should follow links only when they are absolutely certain that the message was sent from someone they know. Or, better still, log in directly to Zoom to check for recordings of missed meetings. The best advice always is not to click a link in an email.
On 1 April, Zoom CEO Eric Yuan announced a 90-day plan during which developers would work exclusively on fixing safety and privacy issues. Just before Mother's Day, Zoom made a few changes:
These all seem like such good basic security measures that it's odd that they were overlooked until now. Unfortunately, many developers spend a great deal of time on making applications easy to use and fine-tuning the user interface, and choose to look into security for the application only if it catches on. That may be what happened with Zoom.
The company is now in a race with competing providers of online meeting technologies and some large companies have internal policies that forbid the use of Zoom for company meetings. The revised functions and additional work on making the platform more secure may win back some of those big paying customers because Zoom has developed a system that's extremely easy to use.
Zoom responded quickly, but a couple of big competitors — Microsoft and Google — also responded quickly by adding features that Zoom users like to their applications. Both have added a feature that looks a lot like Zoom's popular grid view and Microsoft added the ability for users to add custom backgrounds to their images.
Zoom is reminding users to update client applications to Zoom 5.0 before the end of May. Any meeting participants with earlier versions "will receive a forced upgrade when trying to join meetings."
When you set up a meeting, you can use an (1) existing meeting ID, make up a meeting ID, or let Zoom choose one for you. Let Zoom do it. People are predictable and allowing the system to create the ID eliminates that danger. The meeting password option (2) can no longer be disabled. If you don't like the password Zoom recommends, you can create your own. Only those who have the password can either enter the meeting or get to the waiting room.
Both (3) Host and Participant cameras should be turned off initially. This is less a security measure than a way of avoiding the potential for embarrassment if the camera is switched on before the organizer or the participants are ready.
Don't enable (4) the ability for participants to enter the meeting before the host arrives. This is off by default, and it's also a good idea to mute participants when they enter the meeting and to enable the waiting room. With all participants muted, the meeting organizer will need to give someone permission to speak. Leave automatic recording of the meeting off, too. If you need to record a meeting, you can start the recording once the meeting has started.
Once the meeting has been scheduled, Zoom offers the organizer the opportunity to copy a meeting invitation that can then be sent via messenger or email to the participants. If security is a concern, you should avoid using this because it violates a key security practice: The password should never be included in the same message with the login procedure. This suggests that the folks at Zoom still don't quite "get" security.
But Zoom is becoming more secure and, used with caution, it's sufficiently secure for most uses.
If you've ever wished you could download a video from YouTube, you've probably been frustrated to see that no such option exists. You'd almost think that YouTube doesn't want you to download videos, and you would be right.
Click any of the small images for a full-size view. To dismiss the larger image, press ESC or tap outside the image.
In fact, Google would prefer that you not download videos from YouTube. Google owns YouTube and makes money from advertising revenue. YouTube Premium does allow users to download videos and provides several other nice features, but at a cost of $144 per year. There's more. The premium service removes ads, enables downloading, lets you continue playing videos when using other apps, and includes YouTube Music without ads. If those services are worth the cost, then signing up for YouTube Premium makes sense.
If you need to download only an occasional video, don't care about the ads, and use another music service such as Pandora or Spotify, then $12 per month may seem like a needless expense.
Before going out any further on this limb, maybe it would be wise to ask about legality.
I am not a lawyer or a legal scholar, and this is not legal advice. Instead, it's what I've worked out on my own by reading the opinions of those who are lawyers and legal scholars. The conclusion I've reached is this: You're probably safe so long as you are downloading a YouTube video for your own personal use and you are not planning to share the video publicly, claim it as your own work, or share it on the internet.
If you want to share a YouTube video, YouTube provides links (A) that can be shared to various social media services and embedded on a website. You can also (B) save a link to your own playlist for viewing later. A common reason for wanting to download a video is the ability to view it when you have no internet connection. Downloading for that reason seems to be both legal and ethical even though it technically violates Google's terms of service that state "you agree not to access Content through any technology or means other than the video playback pages of the Website itself, the YouTube Player, or such other means YouTube may explicitly designate for this purpose."
I have to think that Google and YouTube will not be concerned about users who download videos solely for their own use, and Google claims nowhere that doing so is illegal — only that it violates their terms of service and that they can close your account if they determine that you have violated the terms of service. So having your account closed seems unlikely unless you really are a pirate.
There are online services that can download videos for you as well as free and paid applications that can do the job.
If you're looking for the best option and don't mind paying for it, just download and install the 4K Video Downloader, and then follow the instructions to pay for the Pro upgrade. It's $15 dollars. Not $15 per month or $15 per year. Just $15. Once. The price includes installation on up to three computers. Some users have reported that the registration key doesn't show up, but the developer will respond quickly to requests to have the key emailed. It's avaialable for Windows, MacOS, and Linux computers. The free version has some limitations, such as the number of videos that can be downloaded in a single session, so the paid version is a good deal. (The podcast says $12. The podcast is wrong.)
Despite the name, the 4K Video downloader can handle 8K videos and the user can decide whether to downsample the video for playbackk on a mobile device or just to save disk space. If you want just the audio and don't care about the video, there's an option for that. Besides YouTube, the application can download videos from Facebook, Vimeo, SoundCloud, Flickr, Dailymotion, Metacafe, Twitch, TikTok, and Likee. And it supports virtually all video formats. (Partial list: MP4, FLV, WMV, MOV, ASF, AVI, M4V, MKV, MPG, OGV, TS, VOB, and WEBM.)
In normal download mode, the user selects the preferred quality manually. The 4K Video Downloader will show (1) the resolution of the video and and available lower resolutions. There's also a (2) Smart Mode that the user can activate so that someone who downloads videos for use on a mobile device can select a lower resolution, or someone who captures videos for archival and historical reasons could choose to always download the highest quality available.
If you'd prefer an application that's complely free, YouTube Downloader HD is a good choice. Currently it doesn't handle 4K or 8K videos. If you select a download quality that's (1) higher than that of the video, (2) YouTube Downloader HD suggests the next lower option. The process continues (3) until it idenfies a download option that's the same as or lower than the source video, and then (4) displays a success notice when the download is complete.
These are two excellent options, but there are others. Here are just three that you might consider.
We're beginning to see some indications of what stores will look like for the foreseeable future — at least that part of the future prior to the development of a vaccine to protect against the novel coronavirus. Some companies seem to be more willing than others to adapt.
Apple, for example, closed all of its stores. About 100 have re-opened around the world and they are different from what customers remember. Apple senior vice president of retail, Deirdre O'Brien, sent a message to customers in mid May. O'Brien says that stores will limit occupancy and that face coverings will be required for all employees and customers. Apple will provide masks for customers who arrive without one and each customer's temperature will be checked at the door; then the customer will be asked questions about potential exposure to the virus.
Smokehouse Brewing, a large brew pub in Central Ohio hasn't yet opened, even though it could. Instead, the management has said that they are working on plans for a responsible re-opening, including a policy that will require reservations, even for the bar. "We won't be packed. We can pay more attention to you. You can feel relatively safe. Are we nervous? You betcha. Will this work? We hope so. Is it worth the effort? We think so. Are you worth it? Absolutely."
Many restaurants and bars are developing similar procedures that will allow them to reduce the risk to employees and customers. Some have not. The first weekend in Ohio that allowed bars and restaurants to re-open was marred by bad actors and their patrons. Social distancing was ignored. Masks were not in use. These are the kinds of businesses that are literally killing their clientele.
As Moe Howard sometimes said in the Three Stooges motion pictures, "SPREAD OUT!"
About one third of workers believe that a machine could replace them. This is according to research by CareerAddict.com. About 40% of part-time workers believe they will be replace by a machine, compared to 30% of full-time workers.
More than 1000 people were surveyed at the beginning of 2020 to gain insight into the future of work. Respondents shared their views on automation, work-life balance and learning new skills in the context of the future workplace. Additional key findings:
The survey used the "Perceived Readiness for the Future of Work" index to investigate how different demographics meet the requirements for the future of work through their existing skills. Overall, respondents' index scores averaged 68/100, with Millennials scoring the highest compared to other age groups (70/100).
The index findings showed that women score higher in leadership and emotional intelligence; men scored higher in technological skills; Gen Zers scored higher in programming; Gen Xers scored higher in complex problem-solving; and Baby Boomers scored higher in emotional intelligence.
Sometimes it's hard to find good information, and the COVID-19 pandemic has unleashed a huge amount of misinformation and disinformation. A recent meme noted the difficulty of trying to figure out who to believe: Public health officials, doctors, nurses, epidemiologists, and scientists, or the people from high school who flunked basic science? I'll go with the public health officials, doctors, nurses, epidemiologists, and scientists.
If that's your choice, too, here are some useful sources of accurate information:
Apple had been selling its WebObject Java web application server for $50,000. Apparently sales weren't particularly brisk at that price, so the company dropped the price to $700 (1.4% of the previous price). A few years later, Apple included WebObject with OSX server software.
That didn't help and Apple announced plans to deprecate the product in 2006. In 2016, Apple announced that all support had ended. Support is still provided by the WOCommunity in Project Wonder, a collection of open-source WebObjects plug-ins.