Phishing Attacks with Unicode Domains

One more attack vector to be thinking about!

From a security perspective, Unicode domains can be problematic because many Unicode characters are difficult to distinguish from common ASCII characters. It is possible to register domains such as “xn--pple-43d.com”, which is equivalent to “аpple.com”. It may not be obvious at first glance, but “аpple.com” uses the Cyrillic “а” (U+0430) rather than the ASCII “a” (U+0041). This is known as a homograph attack.

Chrome 59 will protect you from these phishing attempts by converting the maliciously-similar name to the Punycode version, thus making you aware of something amiss.

Firefox users can limit their exposure by going to about:config and settingnetwork.IDN_show_punycode to true. This will force Firefox to always display IDN domains in its Punycode form, making it possible to identify malicious domains. Thanks to /u/MARKZILLA on reddit for this solution.

Thus, the attack form of apple.com will show as https://www.xn--80ak6aa92e.com

On Twitter @Xudong_Zheng  says a simple way to limit the risk from bugs such as this is to always use a password manager, which can identify that the similar letters are not the same.

 

In the slow lane: the state of Fiber Broadband in Maine

Maine has a three-part internet access problem that is affecting our collective economic prospects. Scarce rural access, slow internet speeds and expensive  data plans are causing us Mainers (and our companies) to not gain the full benefits of modern cloud-computing services and infrastructure—and we are actually overpaying for connectivity, relative to other cities in the USA and even across the world. (Sources.)

However, Maine is also one of the rare states with an advanced fiber-optic network, called the Three-Ring Binder, strung throughout its territory, connecting (some) rural areas to (some) population centers.

Learn more about its genesis (from both private and federal investment dollars) at Maine Fiber Company:

Maine Fiber Company owns and operates an extensive high-capacity dark fiber network in the northeastern US. The network is largely an open-access middle-mile infrastructure and is available to all carriers and service providers on a non-discriminatory basis.

So that’s the good news; we have a solid foundation. But there are many barriers to broadband expansion and competition in Maine, including geographical barriers (rural sparsely-populated areas) that discourage commercial profit-driven development, and also opposition from  incumbent telecom companies who strive to make pole attachment difficult and lobby (and litigate) against community-owned networks.

Where market forces have failed to provide choice, quality of service, and modern speeds, a feasible solution is for communities to build their own networks, as Rockport did (see news story). Maine, with its Three-Ring Binder network, has the necessary “dark fiber” to allow communities and local service providers to connect and offer very fast speeds at lower prices than the incumbents.

Check these informative resources to learn more about the national movement for community-owned broadband.

A VISION FOR MAINE

As a software company owner and resident, my vision for Maine in the 21st century is for us to become a State with the highest percentage of its population connected via Gigabit Fiber networks —to each other, and to the world.

Why “Gigabit”? It’s all about the speed of getting things done.

Many professional services will benefit from faster downloads and uploads, including:

  • remote medical imaging/diagnostics (aka telehealth)
  • video production
  • consumer cloud services like offsite hard-drive backups
  • sharing big data with AI computing engines for business analysis
  • streaming virtual reality data for field-augmented holographic vision
  • video conferencing
  • smart building controls

We especially need improvements to our upload speeds, where the lopsided difference is indefensible by existing providers (it’s about economics, not physics).

Quick quiz: do you know why your office downloads are (somewhat) fast, but upload speeds are slow, at around 5Mb or 10Mb? Short answer: internet providers built out their networks as if the internet was passive TV; we can consume data but we can’t easily “broadcast” or publish anything ourselves.

UNDERSTANDING SPEED

21st Century states need Gigabit speed, which is 1,000 Mbps. To compare: currently most of us with Cable internet access in Maine have a top speed of 50Mb for downloads / 5Mb for uploads. (Note again the huge disparity between upload and download speed.)

To understand how measurements are made, learn this simple rule:  Bytes are for storage, bits are for data”  and the ratio of:  1 Byte = 8 bits.

So this means you could describe speeds or file sizes interchangeably, by converting “bits-to-bytes” but it’s best to stick with the B (storage)or b (data) as appropriate.

e.g.  8Gb (speed) = 1GB (file size), and 1Gb (speed) = 125MB (file size).
You’ll note that 125 x 8 = 1,000

Here’s a chart with common examples of file sizes versus the data transfer speeds it would take to download:

Chart courtesy of FastMetrics.

PRACTICAL BENEFITS

Let’s study a particular use case: online (cloud) backups, for personal or corporate archiving. Let’s say you have a small 500gb hard drive that needs continuous, offsite backups… here’s how long it would take to do the initial upload to a cloud backup service over 3 different upload speeds.

Typical: 5 Mbps Upload speed

That’s over 9 days to do a first-time sync. Ever completing that transfer is highly unrealistic, especially if its with a laptop that you need to take from office to home and back, interrupting the progress.

Better speed: 200 Mbps upload rate:

A 5 hour transfer time is much more reasonable; set it in motion before bed and by the morning it will be complete.

Dream speed: with a 1 Gbps upload rate:

1gb transfer speed

Just think of how productive we could be with video uploading and sharing projects (like uploading your marketing videos to Youtube); with transferring gigabyte datasets across corporate locations; streaming Virtual Reality data in real-time; and many more business activities—and I am purposefully not mentioning the benefits to all the myriad entertainment services available, since such “non-critical” uses (download 40 music files per hour! watch 5 different movies at home!) can be used to detract from the urgent necessity of better speeds for actual business or professional applications.

WE CAN DO BETTER

From the linked Akamai report, and according to PCMag:

…better government planning in South Korea has improved internet connection speeds across the country dramatically. Additionally, a competitive Korean ISP market has led to exceptional service levels for end users. In the city of Cheongju, average internet speeds to citizens of 124.5Mbps are standard. Further, 1Gbps internet plans are available in South Korea for just $20 USD.

Maine’s ConnectME defines broadband as:

The ConnectME Authority Board currently defines effective broadband as 10 Mbps/10 Mbps – 10 megabits down and 10 megabits up. Areas that have maximum available broadband speeds of at least 10 Mbps/10 Mbps are considered served. Areas with available broadband speeds that are lower than 1.5 Mbps download are considered unserved. Areas where the maximum available service is between 1.5Mbps download and 10Mbps/10Mbps are considered underserved.


My office currently pays $75/mo for a 30Mb/5Mb plan. Here’s what a widely-used speed test shows I am getting at this moment:
This is a shared cable network, so when other users nearby are using the internet, speeds will slow. But 6Mb upload is not acceptable in today’s world, and according to Maine’s standards. What can be done?

A CALL TO ACTION

So let’s join together to create better connectivity options in our state! Here’s how, specifically:
  1. Ask your ISP for faster upload speeds. When they tell you it’s impossible or will cost $500–$1,000 per month for a “business plan”, go to steps 2–7.
  2. Join the Maine Broadband Coalition (visit their website) and track the latest issues concerning our state.
  3. Ask your State Rep or Senator (find them here) for help in encouraging any state-level initiatives to help Maine advance the cause of 21st century connectivity.
  4. Ask your town to join Next Century Cities; we have 6 in Maine so far!
  5. Follow Maine’s ConnectME agency (charged with community broadband development) and speak out;
  6. Buy your service from an ISP (internet service provider) who offers better packages than the bigger brand names.
  7. Ask your town if they have plans to create a municipally-owned or managed “internet utility” to fill voids left by the private sector.

Consumers Prefer Text Conversations with Support Reps

Question for you: do you favor a less personal connection with the support reps you need to interact with in our modern life, or a more personal, face-to-face experience?

A 2014 study showed consumers favor the less personal, compressed experience of Texting/messaging versus voice or video support. Source.

Spending Too Long On Hold – Spending time on hold is a major source of frustration for consumers. 38 percent of respondents have spent 10-30 minutes on the phone with a customer support representative, while over half (56 percent) actually said that they’ve waited an hour or more to have their problem solved.

The company that commissioned the study makes SMS messaging platforms. It was acquired by Salesforce in Sept. 2016

http://www.heywire.com/

Sometimes you might be in the mood to chat with a live person, with all the empathetic channels of voice in force, and other times you may prefer the single-channel avenue of ascii text. Let the customer decide which channel they prefer!

Space colonization as Backup Plan B or to protect Earth – Yes!

Ars Technica had an article about Jeff Bezos’ motivations for space rocketry and travel:

http://arstechnica.com/science/2016/10/jeff-bezos-dismisses-idea-of-a-backup-plan-says-we-must-protect-earth/

Bezos dismissed this approach on Oct. 22, during the Pathfinder Awards at the Seattle Museum of Flight. In remarks first shared by GeekWire, Bezos said Earth should be zoned as a residential area. “I don’t like the Plan B idea that we want to go into space so we have a backup planet,” he said, noting NASA’s efforts to send probes throughout the solar system. “Believe me, this is the best planet. There is no doubt this is the one you want to protect. This is the jewel. We evolved here, we’re kind of made for this planet. It’s gorgeous, and we can use space to protect it.”

Humanity has two futures, Bezos said. It can continue to grow, or it can settle into some kind of population equilibrium. As an example of the planet’s limitations he offered energy as an example. Taking the baseline energy use on Earth, and compounding it at 3 percent for 500 years, would require covering the entire surface of the Earth in solar cells to meet the demand by the year 2500.

“We need to go into space if we want grow as a species,” he said. “Another route would be just to face stasis, but I don’t think that’s as interesting. I don’t think we want to just survive on this planet, I think we want to thrive and do amazing things.”

Magpie Developers

Classic article from Jeff Atwood in 2008 at Coding Horror:

I’ve often thought that software developers were akin to Magpies, birds notorious for stealing shiny items to decorate their complex nests. Like Magpies, software developers are unusually smart and curious creatures, almost by definition. But we are too easily distracted by shiny new toys and playthings.

Jeff added: I became a programmer because I love computers, and to love computers, you must love change. And I do. But I think the magpie developer sometimes loves change to the detriment of his own craft.

Jeff is the programmer who created Stack Overflow and Discourse.

Which Voice is best for Digital Assistants?

“Conversational computing” is a growing high-tech field that is solving interaction inefficiencies (finger-typing on tiny screens) but are also opening up new dimensions of relating to our devices that can reinforce social/cultural stereotypes.

Do you like your Digital Assistant from Google, Apple or Amazon to be female? Male? Educated-sounding? What does that mean, even?  In the English-speaking world, for example, are British accents (think Jarvis) more educated than Southwestern American?

The teams behind Google Home, Apple’s Siri, Samsung’s Viv, Amazon’s Echo with Alexa, Microsoft’s Cortana—all need to balance their users’ gender, cultural and emotional biases. Whew.

Good reading here at NYTimes, article by Quentin Hardy.

Google Assistant “is a millennial librarian who understands cultural cues, and can wink at things,” said Ryan Germick, who leads the personality efforts in building Google Assistant. “Products aren’t about rational design decisions. They are about psychology and how people feel.”

Should you learn to code?

Perhaps a better way for a “tech neophyte” to try out coding is to learn how to write HTML/CSS. This pairing is far more self-contained and visual, and gratifying, than programming initially is (no matter the flavor, whether JS, Python, Swift, they all are far more complex with abstract logic).

Learning how to create a static web page only requires a layout, a text editor and a browser. You can try your hand at building a magazine page, for example, with its masthead, article areas and footer—and you will not be dealing with math or abstract problem solving that coding soon requires.

The learner can see how the basic HTML language syntax works (e.g. simple tags go around the words to style or structure them)… experience how the browser is strict about typos (early experience in debugging!); see how dependencies are linked in (graphics, external hyperlinks); see how the classes and IDs from the CSS file influence the HTML elements; and so on.

If the somewhat tedium of composing blocks of HTML and CSS code is gratifying to the learner, and it sparks an interest, then they can continue gaining fluency in the constructs and begin to appreciate how WYSIWYG editors work (like in WordPress or BigCommerce, say). This can be so helpful for business owners or bloggers, to fix the mistakes that RTEs can introduce from copy/paste actions from other sources (ie. Word pastes).

So, I’m proposing that fluency in HTML is a more basic, essential skill for today’s professionals than actual coding.