Category Archives: Software/Tech

Should you get rid of Windows 10 passwords?

Microsoft’s new approach is to rely (mostly) upon an Authenticator app on your phone.

Whether this is important depends on what type of passwords you use now. The Authenticator app model is useful to those who have secure access to their phone and currently use simple (not complex) passwordsand have access to cell phone service when needing to use your Windows 10 computer.

…it’s still a win-win for most people, most of the time. That’s because most people don’t have unique, long, complex, random passwords for every account and use a password manager to, well, manage them. That said, if you do, then there’s no real rush to dump your password access route to be honest.

The problem, though, is ensuring those users who would benefit both know the option is available and encouraging them to take it.

Source: Delete Your Windows 10 Password Now: Microsoft Suddenly Issues Security Update For Millions

You do not want to rely on the Authenticator app to log in to your Windows 10 notebook computer when traveling in areas without cell or Internet access.

You can set up an alternative PIN or facial recognition (if your device has a camera) or finger print recognition (if your device has a fingerprint reader) as alternatives. A PIN can contain numbers – or be the same as an alphanumeric password. The only difference between a PIN and a password is the PIN is unique to your device, not your Microsoft account.

For example, I use a notebook computer to read Kindle books when in campgrounds having no cell phone service. The new Microsoft Windows 10 “passwordless” model would require I set up a PIN as an alternate, putting me right back in to the password model. I use complex passwords anyway so the Authenticator app mostly adds complexity to basic Windows desktop login without adding much additional security.

An easy way to create and remember a complex password is to remember a sentence or phrase from a movie – or some other phrase that is important to you.

To illustrate, consider the famous line “May the Force be with you” from Star Wars (I do not recommend you use this). Make your password be the first letters of each word:

MtFbwy

Now, make some obvious substitution like changing “Force” to the number 4.

Mt4bwy

Perhaps add some non-numeric characters such as

Mt4bwy#?

Again, do not use an obvious phrase like this one but pick a sentence that is meaningful to you. Then change some values such as converting the word “to” to 2, or the letter I to 1, and so on.

A phrase or sentence that is meaningful to you will make it easy to remember a complex password that otherwise looks like a sequence or random letters.

Also consider choosing a longer phrase than the example above. For example, “My mama always said life was like a box of chocolates.”

Mmaslwlaboc

Then look for simple substitutions to add numbers and symbols.

As long as you do not re-use your password on multiple accounts and services, you do not actually need to periodically change your password. If you use the same or similar passwords elsewhere, then you should periodically change passwords in case those accounts are compromised in a security breach.

For critical accounts – including those with access to your email, or access to financial accounts (banks, brokerages), or to retailers where you have saved a credit card, you should set up 2-factor Authentication that relies (ideally) on an authentication app or SMS confirmation (less secure). Additionally, if your telephone service provider enables you to set up a separate PIN for account modifications, do that. Some hackers figured out ways to change your cellular service provider account to redirect SMS messages – but the additional account PIN can stop that too.

Online coding school lays off most staff

“Coding” school “boot camps” have become popular. The programs, often six months or so in length, promise to train students in specific programming skills, such as JavaScript web app development, with an expectation of high paying jobs.

Some require a 4-year degree in any subject, prior to start, while others do not.

This coding bootcamp received publicity for promoting the idea that management was not necessary and staff could complete their work in 32 hours per week.

Treehouse attracted national attention in 2013 and 2015 with two unorthodox management strategies: The company eliminated all layers of management and it moved to a 32-hour-work week.Neither experiment worked.

Source: Online coding school Treehouse, formerly based in Portland, lays off most of its staff – oregonlive.com

They later re-introduced both management and a 40 hour work week before imploding in 2021.

In my view, coding boot camps likely have value to those who have appropriate backgrounds and are seeking specific skills in software development. Boot camps do not substitute for degrees in computer science, software or computer engineering.

However, the reality is that much software development is more akin to a high skilled “blue collar” workforce that is developing specific projects with a limited skill set domain. You do not need a degree in computer science to develop most web or mobile applications.

Continue reading Online coding school lays off most staff

Apple’s plan to scan iPhones and Macs for child abuse can be used to frame people

Someone who wishes to frame you can set up a anonymous email account and email illicit photos to you. Apple will detect these photos and turn you over to the police.

APPLE has unveiled plans to scan U.S. iPhones for images of child sexual abuse – a move that has drawn applause from child protection groups but raised concerns among some security researchers. Tho…

Source: Apple to scan iPhone photos for images of child sex abuse – raising fears system could be used to SPY on users

While I do not use an iPhone, I do use a Mac Book. While I intended to continue using the Mac Book, I have also acquired a Surface Pro and this will hasten my migration off of all Apple products.

Low code: The end of software engineering for apps?

Application development tools haven been improving for decades and are to the point where many applications no longer require the skills of a highly trained software engineer:

When I was starting my career in tech, software development was the preserve of skilled engineers. That paradigm is rapidly becoming obsolete, thanks to the rise of low-code dev tools that allow employees without coding experience (aka “citizen developers”) to create powerful apps using prebuilt templates and intuitive, drag-and-drop interfaces.

Source: The untapped potential of citizen developers

The “shortage” of software developers may disappear as fewer skilled software workers are needed.

Most application development, even when writing apps in Javascript or Python – which are not “low code tools” – does not require the detailed skills of computer science. Hence, six month “coding boot camps” and certification.

Software development becomes a combination of moderate skilled blue collar “boot camp” programmers, and low-code. The latter is more akin to the teaching of typing skills in high school 3 or 4 decades ago. It’s just a modern “typewriting” class to learn low-code tools.

Remember that shortage of software developers?

Low-code platforms allow ordinary people to develop extraordinary apps that solve everyday business problems.

Source: The untapped potential of citizen developers

This has been underway for quite some time as tools have become simpler to use, and the necessity of efficient algorithm designs became less as hardware became much faster. Pretty soon, lots of apps can be created using simpler tools, opening app creation to a larger audience of non-specialists.

All of a sudden, we may not need all those “boot camp” web site developers.

Australia’s smart phone contact tracing app found 17 potential “cases”

The Australian government says its COVIDSafe app identified 2,827 potential close contacts from 37,668 encounters in NSW and Victoria. Only 17 cases in NSW were identified separately to manual contact tracing efforts, however.

Source: COVIDSafe uploaded 1.65m ‘handshakes’ and was only used by NSW and Victoria | ZDNet

I have been pointing out for 15 months that the technology for smart phone contact tracing is inadequate and prone to significant errors, with a high false positive rate, and missing many actual contacts. Ultimately, the teach has found very few unique cases – but it has managed to shut down whole industries in the UK after flagging 600,000 people in one week, and forced a fully vaccinated Prime Minister who also had natural acquired immunity since he had the disease – in to a 10 day quarantine.

Strava fitness tracking app grew during pandemic

Strava, a fitness tracking app created by two former Harvard University rowers, has more than 86 million users and saw massive growth amid the pandemic as more people have started to work out at home.

Source: In Peloton competition with gyms, fitness app Strava can win

I used it for a bit but for me, I did not have much use for tracking my own fitness activities. But it did work well.

(A extended family member has worked for Strava for several years.)

Hmmmm: “Apple removes Fakespot from App Store after Amazon complains”

Like all social media with user generated content, Amazon’s reviews have tons of fake reviews:

Apple has removed Fakespot, a well-known app for detecting fake product reviews, from its App Store after Amazon complained the app provided misleading information and potential security risks.

Source: Apple removes Fakespot from App Store after Amazon complains

Fakespot and ReviewMeta help identify the degree of fakeness and misinformation in their reviews.

Apparently the FakeSpot app, however, basically superimposes itself over the Amazon web pages to insert app review information. Users make purchases via the FakeSpot app interface which passes the information through to the Amazon API. While Amazon says they dispute the “fake reviews” analysis, the grounds for their requesting the app be removed appears to be the potential for information security problems with an app acting as an interface to the Amazon services.