Jan 23, 2019

Jan - 23 2019 | By

1) Out-Of-Date Google Searches?? IE: Google’s own “oAuth” system supersedes
old Username/Password system which remains Documented but worthless…
2) the MICRO:BIT Embedded System
3) aaa = “authentication authorization accounting” and the Recovery Process…
4) Prime and Punishment and the 2nd A “Authorization”
5) Real World Music from its Own Countries– HOW?!
6) QR Full Business Card Generator
7) “White” LED Light?
8) Twinning App & 10 year challenge- DON’T. It helps Facial Recognition.

 


 

Additional notes

Notifications of new show notes and edits are tweeted at: twitter.com/ddhart.
– They’re tagged with #Zentech.
– When what’s said is unclear to me (or I’m unfamiliar with a topic) I tend to quote (” “) verbatim.
– Editor’s comments are delimited by < >

For a couple of months, the audio of today’s show is here. Recent shows are here.

The intro and outro music was by Pentatonix.

 

Both Glenn & Paul were in the studio today.

 

Before getting to the Community Calendar, Paul mentioned that he was on the Other Side show yesterday to present some music. The show is produced by Mikail Graham and can be found in the archives, along with other KVMR shows. Paul also mentioned that KVMR has another archive that goes back 12 to 15 years and has mostly talk shows here.

Glenn did the disclaimer:
The views expressed on this show are those of the speakers only and not necessarily those of KVMR, our board, staff, volunteers or contributors.

Paul started the main part of the show talking about how websites like Google or Facebook do authentication, authorization and accounting when a user logs in. Authentication is to make sure you are who you claim to be. Authorization determines what you’re allowed to do once you’re logged in. Accounting is about keeping a record of your activity on the site.

A number of years ago Google started using the improved authenticating system Oauth. <Also see the link above> It comes from a consortium of companies: Microsoft, Google and a few others. If you try to create an new account, as in the Thunderbird email program for instance, to read/write to your Gmail, Oauth will popup a box to fill in the user name & password and will take you to Google for verification. When Google verifies you, it will create a token (like a long serial number), which Thunderbird will use to access your Gmail content. The actual password is not stored in Thunderbird, only the token.

Paul quickly noted that you might have trouble finding info about how Google uses Oauth. If you do a search about authenticating with Google (or anything for that matter), the top search results tend to be old because they’ve been around the longest.

Older equipment may not know how to do Oauth authentication, which Google insists on using. There is a workaround that Paul was reluctant to mention. He said there’s a setting in Google to make it use less secure authentication, the way things were before it started using Oauth. But if you do, you may have some problems. Paul did just that for one of his clients and they started getting inundated with security warnings in their email. The other workaround is to use your browser to go to Gmail and access your email.

For years, email programs have used SSL to secure the transmission of username and password to the servers. But now that’s not good enough. Google and others don’t want the username & password stored on your machine by programs they don’t trust. Paul thinks Oauth should be adopted industry wide.

A few years ago there was a transition to using HTTPS. <It secures data going to and from a website>. It used to be only banks and other critical sites that used it, but almost all websites use HTTPS now, Paul said.. Secure web certificates are now free from Letsencrypt. <Mentioned in the 1-31-18 show>. Google will downgrade sites that don’t use certificates, in their search results.

Moving on to item 4 (in the list above), Paul talked about how Amazon authenticates and authorizes you as a member of Amazon. You get authorization by doing reviews of the products you buy. But the process can be subverted. Read the Prime and Punishment article that’s linked to at the top of this page.

Glenn asked if Ebay has a similar problem. Paul said it’s quite different from Amazon. But it has it’s own problems. He once paid for a Mac Book from a fraudulent Ebay seller and the computer never arrived. Eventually, Ebay figured out it was scam, and when Paul complained, he was told to click the link “go to resolution”.

Paul related an experience of his friend who bought a bunch of Apple devices. He accidentally typed in the wrong Apple ID password 3 or 4 times and got locked out. Apple uses reciprocal backoff where every time you enter the wrong password, it takes longer to respond. After 3 errors, it waits 24 hours and if you try again before the 24 hours have gone by, you’re locked out for 3 days. It gets hard to know what’s going on because they don’t tell you that you’re being punished for your errors.

Item 5 from the top of this page refers to internet radio stations that stream content from all over the world. Paul said that you can listen to these stations with a “wifi hardware radio”. He said you can find stations with the kind of music you like by doing a Google search.

Item 6 is about QR codes, which are 2 dimensional barcodes that can contain an address tag, web tag, Twitter tag, Facebook link, etc. Paul has one on his business card. If you point your phone at a QR code it will tell you the information it contains. In Paul’s case, it will display his contact information. An app called Scannable can read these codes. The link at the top for Full Business Card Generator will take you to a site that will generate for free a .pdf file that has several business cards, using the information you provide <with the QR code I guess>. You can then take the .pdf file to a place like Staples to have it printed.

The Japanese company that developed the QR code did take out a patent but made its use free of royalty.

Item 8, the 10 year challenge, is about people posting pictures of themselves on Facebook. One is a current picture the other is from 10 years ago. Paul said this makes it easier for facial recognition programs to identify you. He also spoke of another picture that shows a cassette tape and a pen and you’re asked if you know what these items are. If you answer yes, you’ve just revealed that you’re likely over 50 year old. The takeaway being that it’s easy to unknowingly reveal things about ourselves.

Item 7 is about the relatively new technology of LED lights. The white ones come in different color temperatures: daylight, tru white, warm white. They have the same kind of spectrum as tungsten filament bulbs (incandescent). The LED light starts as blue and when it hits the phosphorus coating in the bulb a white glow is generated. On the other hand, the colored LED light you get from other products is propagated directly, is much brighter and comes from a narrow spectrum that is a much purer color.

A caller corrected Paul when he attributed a quote to Jefferson when it actually came from Ben Franklin. It was a quote about giving up a little bit of liberty for safety and deserving neither.

The caller also said that he upgraded his Mac OS from Snow Leopard to El Capitan. Now he gets frequent popups from the Java Developer Kit (JDK). Paul was perplexed about how it got on his machine in the first place. He suggested deleting it. Do a Google search on how to remove the Java Runtime. Time was running short so Glenn asked him to email the show so they’ll be reminded to follow up.

Last Updated 1:06 AM 1-24-2019