simonmackay Archive

What could be done to simplify your router upgrade

Telstra Gateway Frontier modem router press picture courtesy of Telstra

There needs to be a standard filetype to simplify the process of upgrading your home network router without reconfiguring your home network

An issue that will crop up through the life of a home network is to upgrade the router. This will be brought on with replacement of carrier-supplied equipment with retail equipment, replacing that half-dead router that you are always powering off and on many times a week, or upgrading to higher-performance equipment.

But you will end up having to transcribe out configuration data from your old equipment so you can enter it in to your new equipment especially if you want to avoid having to reconfigure other network equipment on your same home network.

Most routers offer a way for users to back up the current configuration details. This is typically to allow a user to do things like perform a factory resent or to test a configuration without losing a prior known-to-work state.

The process typically requires the user to download a configuration file to the computer they are configuring the router from in a similar manner to downloading a resource from the Web. But there isn’t a consistent file schema for storing this data in a manner for transferring to devices supplied by different vendors. In some cases, you may not be able to transfer the configuration data to newer equipment from the same vendor such as to install a newer router model.

AVM have taken steps in the right direction by allowing users to save a configuration from an older Fritz!Box router and upload it to a newer Fritz!Box router running a newer version of the Fritz!OS firmware. It is also to factor in allowing the router to persist your configuration to a newer version of the firmware.

But what can be done to make this work better would be to use a standard file format, preferably an XML-based schema which could be used for storing a router configuration. This would have to be agreed upon by all of the vendors to provide true vendor interoperability.

There would also be issues about providing multiple methods of storing this data. It could be about maintaining the traditional HTTP download / upload approach with Web clients on the same local network. Or it could also be about transferring the data between a USB Mass Storage device and the router such as to facilitate an out-of-box install.

Such a setup could allow for a range of scenarios like simplifying the upgrade path or to make it easier for support staff to keep information about different configurations they are responsible for.

The configuration data would have to cater for WAN (Internet) and LAN details including details regarding Wi-Fi wireless network segments, advanced network setups like VLAN and VPN setups, VoIP endpoint setups as well as general and security-related data.

Of course an issue that will crop up would be assuring the user of proper network security and sovereignty, something that could be assured through not persisting the management password to a new router. Also you won’t be able to keep Wi-Fi channel data especially if you deal with self-optimising equipment, because you may have to face an evolving Wi-Fi spectrum landscape.

What will need to happen is to provide methods to allow seamless upgrading of devices that serve as your network-Internet “edge” so you can simplify this upgrade process and get the most out of the new equipment.

Send to Kindle

Brother offers to Europeans a full-colour thermal label printer

Article – From the horse’s mouth

Brother Europe

Brother VC-500W full-colour label printer press picture courtesy of Brother Europe

Brother VC-500W full-colour label printer

VC-500W Full-Colour Label Printer

Product Page (EU – English, UK)

My Comments

Brother is offering to the European market the VC-500W compact thermal label printer as a full-colour label printing solution. It is being pitched at applications like colour-coded labels, labels with multi-colour company logos or employee/visitor security badges that use full-colour photos. In the UK, Brother were even pitching the printer not just as a business tool but as part of home-based craftwork and hobbies – think of labelling those jars of marmalade, jam or other preserved fruits you make and give as gifts.

It is while some of the other printer brands are releasing at least one model of full-colour compact label printer using inkjet printing or some other compact full-colour printing technology. The question about full-colour small-form (label / receipt / ticket) printing is whether it is a real business tool or simply a toy, especially where the technologies will become initially expensive to buy and use.

This label printing system is based on the ZINK thermal printing system that Polaroid developed in the 1990s. But ZINK was mainly used for compact photo printers and digital cameras with integrated printers in order to share hard-copy prints of digital snapshots “there and then” like with Polaroid’s instant-camera legacy. Here, this used the direct-thermal printing process but uses the heat-pulse length and intensity to bring up particular colours.

A question that can be raised about the use of ZINK technology is how long the printed labels will keep their same colour before they deteriorate. It also includes whether how long unused rolls of the ZINK-based label tape for this printer can stay unused before they print below par or jam up in the label printer.

This printer uses the P-Touch software for regular Windows or MacOS computers or uses a special colour label-printing app for iOS and Android. It can link to the host computer device via USB or Wi-Fi whether directly or via an extent Wi-Fi network. It can work with a range of label widths up to 50mm and each label roll comes with 5m worth of full-colour label tape.

Brother could also take the ZINK technology further by implementing it in A4/Letter page sizes to create a highly compact mobile colour printer of the same ilk as the “PocketJet” mobile printers. Here, the issue of long-term archiveability for ZINK-based colour printouts would have to be tested for it to have business value. But it could be considered acceptable for applications where full colour is required in transactional printouts like work quotes.

As Brother slowly releases the VC-500W full-colour label printer around the world, it could be a chance to prove to home and business users real use case for full-colour small-form printing rather than it just being a toy.

Send to Kindle

How can social media keep itself socially sane?

BroadcastFacebook login page

Four Corners (ABC Australia) – Inside Facebook

iView – Click to view

Transcript

My Comments

I had just watched the Four Corners “Inside Facebook” episode on ABC TV Australia which touched on the issues and impact that Facebook was having concerning content that is made available on that platform. It was in relationship to recent questions concerning the Silicon Valley social-media and content-aggregation giants and what is their responsibility regarding content made available by their users.

I also saw the concepts that were raised in this episode coming to the fore over the past few weeks with the InfoWars conspiracy-theory site saga that was boiling over in the USA. There, concern was being raised about the vitriol that the InfoWars site was posting up especially in relationship to recent school shootings in that country. At the current time, podcast-content directories like Spotify and Apple iTunes were pulling podcasts generated by that site while

The telecast highlighted how the content moderation staff contracted by Facebook were handling questionable content like self-harm, bullying and hate speech.

For most of the time, Facebook took a content-moderation approach where the bare minimum action was required to deal with questionable content. This was because if they took a heavy-handed approach to censoring content that appeared on the platform, end-users would be drifting away from it. But recent scandals and issues like the Cambridge Analytica scandal and the allegations regarding fake news have been bringing Facebook on edge regarding this topic.

Drawing attention to and handling questionable content

At the moment, Facebook are outsourcing most of the content-moderation work to outside agencies and have been very secretive about how this is done. But the content-moderation workflow is achieved on a reactive basis in response to other Facebook users using the “report” function in the user-interface to draw their attention to questionable content.

This is very different to managing a small blog or forum which is something one person or a small number of people could do thanks to the small amount of traffic that these small Web presences could manage. Here, Facebook is having to engage these content-moderation agencies to be able to work at the large scale that they are working at.

The ability to report questionable content, especially abusive content, is compounded by a weak user-experience that is offered for reporting this kind of content. It is more so where Facebook is used on a user interface that is less than the full Web-based user experience such as some native mobile-platform apps.

This is because, in most democratic countries, social media unlike traditional broadcast media is not subject to government oversight and regulation. Nor is it subject to oversight by “press councils” like what would happen with traditional print media.

Handling content

When a moderator is faced with content that is identified as having graphic violence, they have the option to ignore the content – leave it as is on the platform, delete the content – remove it from the platform, or mark as disturbing – the content is subject to restrictions regarding who can see the content and how it is presented including a warning notice that requires the user to click on the notice before the content is shown. As well, they can notify the publisher who put up the content about the content and the action that has been done with it. In some cases, the content being “marked as disturbing” may be a method used to raise common awareness about the situation being portrayed in the content.

They also touched on dealing with visual content depicting child abuse. One of the factors raised is that the the more views that content depicting abuse multiplies the abuse factor against the victim of that incident.

As well, child-abuse content isn’t readily reported to law-enforcement authorities unless it is streamed live using Facebook’s live-video streaming function. This is because the video clip could be put up by someone at a prior time and on-shared by someone else or it could be a link to content already hosted somewhere else online. But Facebook and their content-moderating agencies engages child-safety experts as part of their moderating team to determine whether it should be reported to law enforcement (and which jurisdiction should handle it).

When facing content that depicts suicide, self-harm or similar situations, the moderating agencies treat these as high-priority situations. Here, if the content promotes this kind of self-destructive behaviour, it is deleted. On the other hand, other material is flagged as to show a “checkpoint” on the publisher’s Facebook user interface. This is where the user is invited to take advantage of mental-health resources local to them and are particular to their situation.

But it is a situation where the desperate Facebook user is posting this kind of content as a personal “cry for help” which isn’t healthy. Typically it is a way to let their social circle i.e. their family and friends know of their personal distress.

Another issue that has also been raised is the existence of underage accounts where children under 13 are operating a Facebook presence by lying about their age, But these accounts are only dealt with if a Facebook user draws attention to the existence of that account.

An advertising–driven platform

What was highlighted in the Four Corners telecast was that Facebook, like the other Silicon Valley social-media giants make most of their money out of on-site advertising. Here, the more engagement that end-users have with these social-media platforms, the more the advertising appears on the pages including the appearance of new ads which leads to more money made by the social media giant.

This is why some of the questionable content still exists on Facebook and similar platforms so as to increase engagement with these platforms. It is although most of us who use these platforms aren’t likely to actively seek this kind of content.

But this show hadn’t even touched on the concept of “brand safety” which is being raised in the advertising industry. This is the issue of where a brand’s image is likely to appear next to controversial content which could be seen as damaging to the brand’s reputation, and is a concept highly treasured by most consumer-facing brands maintaining the “friendly to family and business” image.

A very challenging task

Moderating staff will also find themselves in very mentally-challenging situations while they do this job because in a lot of cases, this kind of disturbing content can effectively play itself over and over again in their minds.

The hate speech quandary

The most contentious issue that Facebook, like the rest of the Social Web, is facing is hate speech. But what qualifies as hate speech and how obvious does it have to be before it has to be acted on? This broadcast drew attention initially to an Internet meme questioning “one’s (white) daughter falling in love with a black person” but doesn’t underscore an act of hatred. The factors that may be used as qualifiers may be the minority group, the role they are having in the accusation, the context of the message, along with the kind of pejorative terms used.

They are also underscoring the provision of a platform to host legitimate political debate. But Facebook can delete resources if a successful criminal action was taken against the publisher.

Facebook has a “shielded” content policy for highly-popular political pages, which is something similarly afforded to respected newspapers and government organisations; and such pages could be treated as if they are a “sacred cow”. Here, if there is an issue raised about the content, the complaint is taken to certain full-time content moderators employed directly by Facebook to determine what action should be taken.

A question that was raised in the context of hate speech was the successful criminal prosecution of alt-right activist Tommy Robinson for sub judice contempt of court in Leeds, UK. Here, he had used Facebook to make a live broadcast about a criminal trial in progress as part of his far-right agenda. But Twitter had taken down the offending content while Facebook didn’t act on the material. From further personal research on extant media coverage, he had committed a similar contempt-of-court offence in Canterbury, UK, thus underscoring a similar modus operandi.

A core comment that was raised about Facebook and the Social Web is that the more open the platform, the more likely one is to see inappropriate unpleasant socially-undesirable content on that platform.

But Facebook have been running a public-relations campaign regarding cleaning up its act in relation to the quality of content that exists on the platform. This is in response to the many inquiries it has been facing from governments regarding fake news, political interference, hate speech and other questionable content and practices.

Although Facebook is the common social-media platform in use, the issues draw out regarding the posting of inappropriate content also affect other social-media platforms and, to some extent, other open freely-accessible publishing platforms like YouTube. There is also the fact that these platforms can be used to link to content already hosted on other Websites like those facilitated by cheap or free Web-hosting services.

There may be some issues that I have covered in this article that may concern you or someone else using Facebook. Here are some

Australia

Lifeline

Phone: 13 11 14
http://lifeline.org.au

Beyond Blue

Phone: 1300 22 46 36
http://beyondblue.org.au

New Zealand

Lifeline

Phone: 0800 543 354

Depression Helpline

Phone: 0800 111 757

United Kingdom

Samaritans

Phone: 116 123
http://www.samaritans.org

SANELine

Phone: 0300 304 7000
http://www.sane.org.uk/support

Eire (Ireland)

Samaritans

Phone: 1850 60 90 90
http://www.samaritans.org

USA

Kristin Brooks Hope Center

Phone: 1-800-SUICIDE
http://imalive.org

National Suicide Prevention Lifeline

Phone: 1-800-273-TALK
http://www.suicidepreventionlifeline.org/

Send to Kindle

HP to start a bug bounty program for its printer firmware

Articles

HP OfficeJet 6700 Premium multifunction printer

HP to implement a bug bounty program to assure high-quality secure firmware for their printers like thisi OfficeJet.

HP Becomes the First Printer Maker to Launch a Bug Bounty | Tom’s Hardware

HP Launches $10,000 Bug Bounty for Printers | ExtremeTech

My Comments

Over the last few years, dedicated-function devices like printers, videosurveillance cameras, routers and the like have been identified as a weak point when it comes to data security.

This has been highlighted through some recent cyberattacks like the Mirai botnet attack which was driven by dedicated-function devices like videosurveillance cameras running compromised firmware along with recent security exploits associated with home and SOHO routers being able to run compromised firmware. There is also the fact that manufacturers are building the same kind of computer power in to these devices as what would be expected from a regular computer through the 1990s or 2000s. There is also the fact that these devices can be seen as an entry point in to a network that handles confidential data or be used as an onramp for a denial-of-service botnet.

Hewlett-Packard have answered the reality of firmware integrated within their printers by starting a bug-bounty program where software developers, computer hackers and the like are paid to “smoke out” bugs within this firmware. Then this leads to meaningful software updates and patches that are sent out to owners of these devices, typically through an automatic or semi-automatic installation approach. It is a similar practice to what Microsoft, Apple and others are working on to make sure that they are running high-quality secure operating-system and application software.

This has been seen as of importance for printers targeted initially at the enterprise market because they would be processing significant amounts of company-confidential data in order to turn out company-confidential documents. But this approach would have to apply to home, SOHO and small-business machines as well as the larger workgroup machines found within the enterprise sector. This is because these kind of machines can be used by people working at or running a business from home along with those of us in charge of small businesses or community organisations.

By HP setting an example with their printer firmware, it could become a standard across other vendors who want to maintain a culture of developing high-quality secure firmware for their dedicated-function devices. This is more so as the consumer and enterprise IT market raises expectations regarding the software quality and security that affects the devices they use.

Send to Kindle

JBL Link View Google-powered smart speaker up for pre-order

Articles JBL Link View lifestyle press image courtesy of Harman International

JBL Link View now up for preorder as the next Amazon Echo Show competitor | CNET News

JBL’s Google-powered smart display launches next month for $250 | The Verge

JBL’s Google-powered smart display is available for preorder | Engadget

JBL Link View Google Assistant smart display up for pre-order, ships September 3rd | 9 to 5 Google

From the horse’s mouth

JBL

Link View (Product page – link to preorder)

My Comments

The Amazon Echo Show is just about to face more competition from the Google Assistant (Home) front with JBL taking advance orders for their Link View smart speaker. This is although Lenovo has just started to roll out a production run of their Smart Displays which are based on the Google Assistant (Home) platform.

JBL have taken advance orders on this speaker since Wednesday 2 August 2018 (USA time) with them costing USD$250 a piece. They expect to have them fully available in the US market by September 3 2018 (USA time). The display on this unit serves the same purpose as the one on the Lenovo Smart Displays where it simply augments your conversation with Google Assistant using a visual experience.

These units look a bit like a boombox or stereo table radio and have an 8” high-definition touch screen along with two 2” (51mm) full-range speakers separately amplified and flanking the screen for stereo sound reproduction. Here, this traditional approach with the stereo speakers at each end of the device leads towards better perceived stereo separation. CNET saw this as offering more “punch” for music content compared to other “smart-display” devices that they experienced.

There is the camera to work with Google Duo but this device has also been designed to take care of user privacy needs thanks to a privacy shutter over the camera along with a microphone mute switch.

Like other Google Assistant (Home) devices, the JBL Link View can work as a wireless speaker for Chromecast Audio and Bluetooth links from mobile devices.

This is the start of something happening with the Google Assistant (Home) platform where the devices being offered by Lenovo and JBL are offering more than what Amazon are currently offering for their smart displays. It includes the stereo speakers for the JBL Link View along with larger displays for both the Lenovo and JBL products. LG and Sony are intending to launch their Google-powered smart displays soon but I don’t know when.

Personally, I would see Amazon and Google establishing a highly-competitive market for smart speakers and allied devices especially if both of them answer each other with devices of similar or better standards. As well, licensing the Alexa and Google Assistant (Home) standards to third-party consumer-electronics companies will also open up the path for innovation including incremental product-design improvements.

Send to Kindle

Lenovo launches the first smart display to compete with Amazon Echo Show

Lenovo Smart Display press picture courtesy of Lenovo USA

Lenovo Smart Displays now available in the USA (press picture courtesy of Lenovo USA)

Articles

Lenovo delivers the first Google Assistant smart display | Engadget

Google and Lenovo’s Smart Display Trounces Amazon’s in Every Way | Gizmodo

First of the Google Assistant-Powered Smart Displays Arrives This Week From Lenovo | Droid Life

From the horse’s mouth

Google

The first Smart Displays with the Google Assistant are now available in stores (Blog Post)

Lenovo

Smart Display (Product Page, Blog Post)

Video – Click or tap to play

My Comments

Google premiered the idea of smart displays based on their Google Assistant (Home) platform at the Consumer Electronics Show in January 2018. This is seen as an intent by Google to answer Amazon’s Echo Show smart display and they had Lenovo and JBL register their intent by presenting prototype products at that trade show. Lenovo even exhibited two models – a baseline unit with an 8” display and a premium unit with a 10” display.

Now Lenovo have made these Smart Displays available to the US market. Here, they will be made available through most of the well-known online and bricks-and-mortar stores who sell household technology like Walmart, Best Buy, Amazon, Costco and Sams Club, as well as being available direct through Lenovo.com.

The baseline model has an 8” screen with a 1280×800 resolution and a single full-range 10-watt speaker and being sold for USD$199.99. The premium model has a 10” display with a 1920×1200 resolution, two full-range speakers and a bamboo finish on the back for USD$249.99. Here, even the baseline model offers a larger display than what the Amazon Echo Show is equipped with.

There is the access to Google’s online services including YouTube, Duo and Maps. Users can even sign up to YouTube TV to receive most of the USA’s over-the-air and cable TV networks on this device via the Internet for USD$40 per month. As well, users also have access to Spotify, Pandora, iHeartRadio, TuneIn Radio along with most of the other popular content services available to the US market. They can also engage in videocalls using the Google Duo “over-the-top” IP-telephony platform thanks to an integrated video camera. Google Photos also allows these Smart Displays to become electronic picture frames as well.

Like other devices based on the Google Assistant (Home) platform, these Lenovo Smart Displays support the Google Assistant Routines which are effectively like “macros” or “scripts” that run a user-determined series of actions under one command. There is also the ability for these smart displays to interlink with “smart home” devices that work with the Google Assistant (Home) platform and can run video from compatible devices like the Nest Cam.

Individual privacy has been taken care of properly with a mechanical shutter that is slid over the camera along with a switch to mute the microphone. That feature is also important to prevent Google Assistant acting on “wake words” or other commands that may be said in normal conversation or uttered by a device.

From what I have seen of the photos posted online of this device, there is a clear concise graphically-rich user experience offered on the screen. It is rather than having a second-rate text-based display offered on the Amazon Echo Show devices. This is because the visual component of Google Assistant (Home) is based on the Android variant of the Google Assistant and it makes it easier to achieve a visual user interface across both Android devices and these Smart Displays.

But there is limited portrait-mode support amongst the app based offered for this platform. It is a sign that the visual-aid functionality for Google Assistant (Home) is still a “rough diamond” and Google and third parties will be needing to refine this functionality further.

I would see some of the other makes like JBL launch at least one Smart Display product for the Google Assistant (Home) ecosystem over the next few months, if not by year’s end.

Send to Kindle

U2F-compliant security keys now seen as phish-proof

Articles

Facebook login page

It is being proven that the use of a hardware security key is making the login experience phish-proof

Google Employees’ Secret to Never Getting Phished Is Using Physical Security Keys | Gizmodo

U2F Security Keys Show Extreme Effectiveness Against Phishing | Tom’s Hardware

Google: Security Keys Neutralized Employee Phishing | Krebs On Security

My Comments

An issue that is being raised regarding SMS-driven two-factor authentication is that it can be used to facilitate phishing and other fraud against the user’s account. Here, it relies on the user receiving an SMS or voice call with a key value to enter in to the login user interface and this is totally dependent on the SMS or call being received at a particular phone number.

The area of risk being highlighted is that the user could be subjected to social engineering to “steer” their phone number to a mobile device under the hacker’s control. Or the IT infrastructure maintained by your mobile telephony provider could be hacked to “steer” your phone number somewhere else. The ease of “steering” your mobile phone number between devices is brought about thanks to a competitive-telephony requirement to “port” mobile or local numbers between competing telephony-service providers if a subscriber wishes to “jump ship” and use a different provider.

Google have proven that the use of hardware security keys that are part of the FIDO Allance’s U2F (Universal Second Factor) ecosystem are more secure than the SMS-based second-factor arrangement used by most online services. This is a “follow-on” from the traditional card-size or fob-size security token used by some banking services to verify their customers during the login process or when instantiating certain transactions.

Here, Google issued all their employees with a U2F-compliant security key and made it mandatory that their work accounts are secured with this key rather than passwords and one-time codes.

Most of these keys are connected to the host computer via plugging them in to a vacant USB port on that host. But there are or can be those that use Bluetooth and / or NFC “touch-and-go” technology to work with mobile devices.

Why are these U2F security keys more secure than the SMS-based two-factor authentication or app-based two-factor authentication? The main reason is that the U2F security key is a separate dedicated hardware device that works on an isolated system, rather than a backbone system dependent on mobile-telephony infrastructure or software that runs on a computer device that can be exposed to security exploits.

For most users, the concept of using a U2F-compliant security key for their data relates it to being the equivalent of the traditional key that you use to gain access to your home or car as in something you possess for that purpose. Most U2F-compliant security keys that use USB or Bluetooth would also require you to press a button to complete the authentication process. Again this is similar to actually turning that key in the lock to open that door.

This has underscored the “phish-proof” claim because a person who uses social engineering to make an attempt on the user’s credentials would also need to have the user’s security key to achieve a successful login. It is something that is similar to what happens when you use an ATM to withdraw cash from your bank account because you need to insert your account card in the machine and enter your PIN to commence the transaction.

What kind of support exists out there for U2F authentication? At the browser level, currently Chrome, Opera and Firefox provide native support but Firefox users would need to enable it manually. At the moment, there isn’t much production-level support for this technology at the operating-system level and a handful of applications, namely password-vault applications, provide native support for U2F authentication.

The issue of providing support for U2F authentication at the operating-system level is a real issue thanks to operating systems having an increased amount of native client-level support for online services “out of the box”. It also includes the use of Web browsers that are developed by the operating system’s vendor like Edge (Microsoft Windows) and Safari (Apple MacOS and iOS) with the operating system set up “out of the box” to use these browsers as the default Web browser. As well, Microsoft, Google and Apple implement their own platform-wide account systems for all of the services they provide.

Other questions that will end up being raised would be the use of hardware-key authentication in the context of single-sign-on arrangements including social-sign-on, along with the 10-foot lean-back user experience involving the TV set. The former situation is underscored through the popularity of Google, Facebook and Microsoft as user credential pools for other online and mobile services. This is while the latter situation would underscore console-based online gaming, interactive TV and video-on-demand services which are account-driven, with the idea of being able to support simplified or “other-device” user authentication experiences.

What has been proven is that easy-to-use dedicated security keys are a surefire means of achieving account security especially where the main attack vector is through social engineering.

Send to Kindle

Across-the-room data transfer–many questions need to be answered

Transfer data between two smartphones

Wirelessly transferring data between two devices in the same space

The industry has explored various methods for achieving point-to-point across-the-room data transfer and user discovery. This would avoid the need to use the Internet or a mobile phone network to share a file or invite another user to a game or social network. Similarly, it would be a way to exchange data with a device like a printer or an interactive advertising setup in order to benefit from what that device offered.

Methods that have been tried

The first of these was IrDA infra-red transfer working in a similar to how most TV remote controls work to allow you to change channels without getting off the couch. This was exploited by the legendary Palm Pilot PDA and some of the Nokia mobile phones as a way to “beam” one’s contact details to a friend or colleague with the same device.

Bluetooth pushed forward with the Object Push Profile and File Transfer Profile as methods for exchanging data across the room. This was typically useful for contact details, low-resolution photos or Weblinks and was exploited with the popular feature phones offered by the major phone manufacturers through the 2000s. This method was also exploited by the out-of-home advertising industry as a way to convey Weblinks or contact details from a suitably-equipped poster to suitably-equipped mobile phones set to be discoverable.

But Apple nipped this concept in the bud when they brought out the highly-popular iPhone. The concept has been kept alive for the regular-computer operating systems and for Android mobile applications but mobile users who want to exchange data would have to ask whether the recipient had an Android phone or not.

Bluetooth also implemented that concept with the 4.0 Low Energy Profile standard by using “beacons” as a location tool. But this would be dependent on application-specific software being written for the client devices.

Microsoft is even reinstigating the Bluetooth method to transfer files between two computers in the same room as part of the functionality introduced in the Windows 10 April Update. But I am not sure if this will be a truly cross-platform solution for Bluetooth as was achieved with the earlier Object Push Profile or File Transfer Profile protocols.

Apple tried out a method similar to Bluetooth Object Push Profile called AirDrop but this implemented Wi-Fi-based technology and could only work with the Apple ecosystem. It was associated with “cyberflashing” where lewd pictures were forced out to unsuspecting recipients and Apple implemented a “contacts only” function with contacts’ emails verified against their Apple ID email logins as a countermeasure against this activity.

QR Code used on a poster

QR codes like what’s used on this poster being used as a pointer to an online resource

The QR code which is a special machine-readable 2D barcode has the ability to convey contact details, Weblinks, Wi-Fi network parameters and other similar data to mobile phones. These can be printed on hard-copy media or shown on a screen and have a strong appeal with business / visiting cards, out-of-home advertising or even as a means for authenticating client devices with WhatsApp.

Facebook even tried implementing QR codes as a way to share a link to one’s Profile or Page on that social network. Here, it can be a secure method rather than hunting via email or phone number which was raised as a concern with the recent Facebook / Cambridge Analytica data-security saga,

The Android and Windows communities looked towards NFC “touch-and-go” technology where you touch your phones together or touch an NFC card or tag to transfer data. This has been exploited as a technique to instigate Bluetooth device pairing and implemented as a method of sharing contact data between Android and / or Windows devices. For a file transfer such as with contact details, the data itself is transferred using Bluetooth in the case of Android Beam or Wi-Fi Direct in the case of Samsung’s S Beam feature.

The Wi-Fi Alliance are even wanting to put up a Wi-Fi-based method called Wi-Fi Aware. Here, this would be used for data transfer and other things associated with the old Bluetooth Object Posh Profile.

This is implemented on a short-range device-to-device basis because users in the same room may not be connected to the same Wi-Fi Direct or Wi-Fi infrastructure network as each other. There is also the reality that a properly-configured Wi-Fi public-access network wouldn’t permit users to discover other users through that network and the fact that a typical Wi-Fi network can cover the whole of a building or a street.

But there could be the ability to enable data transfer and user discovery using Wi-Fi Aware but being able to use a Wi-Fi infrastructure network but allow the user to define particular restrictions. For example, it could be about limiting the scope of discovery to a particular access point because most of these access points may just cover a particular room. Using the access points as a “scoping” tool even if the host devices don’t connect to that network could make the concept work without jeopardising the Wi-Fi infrastructure network’s data security.

Applications

There are a series of key applications that justify the concept of “across-the-room” data transfer. Typically they either involve the transfer of a file between devices or to even transfer a session-specific reference string that augments local or online activity.

The common application here is for a user to share their own or a friend’s contact details with someone else as a vCard contact-detail file. Another common application is to share a link to a Web-hosted resource as a URL. But some users also use across-the-room data transfer to share photos and video material such as family snapshots. In the same context, it could be about a dedicated-pudevice sending or receiving a file to or from a regular computer or mobile device such as to transfer .

In the advertising and public-relations context, “across-the-room” data transfer has been seen as a way to transfer a URL for a marketer’s Website or a visual asset to an end-user’s phone or computer. For example, the QR code printed on a poster has become the way to link a user to a media-rich landing page with further explanation about what is advertised. Similarly some out-of-home advertising campaigns implemented the Bluetooth Object Push Profile standard as a way to push an image, video or Weblink to end-users’ mobile phones.

But “across-the-room” data transfer is also being used as a way for users in the same space to discover each other on a social network or to identify potential opponents in a local or online multiplayer game. I find this as a preferred method for discovering someone to add to a social network or similar platform I am a member of so that I can be sure that I am finding the right person on that platform and they are sure about it. Also, in the case of a local multiplayer game, the players would have to continue exchanging data relating to their moves using the local data link for the duration of their game.

Facebook even explored the idea of using QR codes as a way to allow one to invite another person whom they are chatting with to be their Facebook Friend or discover their Facebook Page. It is infact an approach they are going to have to rediscover because they are closing off the users’ ability to search for people on the social network by phone number or email thanks to the Cambridge Analytica scandal.

What does the typical scenario involve?

The users who are in the same area are talking with each other about something that one of them has to offer such as contact details or a photo. Or, in the context of advertising or other similar situations, there will be some prior knowledge that there is something to benefit from knowing more about the offer using an online experience.

One of the users will invoke the transfer process by, for example, sharing the resource or hunting for a potential game opponent using their device’s user interface. The other use will share a nickname or other identifier to look out for in the list that the initial user is presented.

Then the other user will confirm and complete the process, including verifying success of that transfer and agreeing that the contents are what they were expecting. In the case of adding another user to a social network or multiplayer game, they will let the instigating user know that they have been added to that network or game.

What does a successful across-the-room data transfer or user-discovery ecosystem need?

Firstly, it needs to be cross-platform in that each device that is part of a data transfer or user/device discovery effort can discover each other and transfer data without needing to be on the same platform or operating system.

Secondly, the process of instigating or receiving a data transfer needs to be simple enough to allow reliable data transfer. Yet end-users’ data privacy should not be compromised – users shouldn’t need to receive unwanted content.

The protection against unwanted discovery or data transfer should be assured through the use of time-limited or intent-based discovery along with the ability for users to whitelist friends whom they want to receive data from or be discovered by in the wireless-based context. Intent-based discovery could be to have the recipient device become undiscoverable once the recipient device confirms that they have received the sender’s data or, in the case of a local multiplayer game, the players have completed or resigned from the game.

Conclusion

The concept of “across-the-room” data transfer and user/device discovery needs to be maintained as a viable part of mobile computing whether for work or pleasure. Where operated properly, this would continue to assure users of their privacy and data sovereignty.

Send to Kindle

Are we going to expect more from distributed Wi-Fi setups?

Article

NETGEAR Orbi distributed WiFi system press image courtesy of NETGEAR

We could be expecting more from distributed-Wi-Fi devices of the NETGEAR Orbi ilk thanks to 802.11ax Wi-Fi and the Internet of Things

Distributed Wi-Fi: How a Pod in Every Room™ Enables Connected Smart Homes | Wi-Fi Now Blog

My Comments

The Wi-Fi Now consortium wrote up a blog article where we are to expect more from a distributed Wi-Fi installation especially in the context of Internet Of Things and the smart home.

One of the key drivers for this issue will be the 802.11ax standard for Wi-Fi wireless networks. This is intended to be the successor to the current 802.11ac but also is about high throughput and the ability for multiple devices to work at once from the same network. As well, it is expected to yield high-efficiency operation with an experience similar using an Ethernet network that uses a switch like when you have devices connected to your home network’s router via its Ethernet LAN ports.

According to the article, 802.11ax with its increased throughput is pitched as being suitable for newer broadband-service technologies like fibre-to-the-premises, DOCSIS 3.1 HFC cable-modem and 5G mobile broadband. In the context of the distributed Wi-Fi network, 802.11ax will be positioned for use as a wireless backhaul between the access-points and the edge router that links to the Internet.

But the article places an expectation on these access-point pods being installed in every room due to the increased number of Wi-Fi-based network-enabled devices connected to the home network. There is also an expectation that these access points will support Bluetooth and/or Zigbee as well as Wi-Fi thus becoming a localised network bridge for smart-home and Internet-Of-Things devices based on these wireless technologies. But I would place in the same scope Z-Wave, DECT-ULE and other similar “Internet Of Things” wireless technologies.

Previously this kind of functionality was offered through separate network bridges that interlinked a Bluetooth, Zigbee or similar-technology device to your home network via Wi-Fi or Ethernet.

Such equipment was typically offered as an accessory for a smart-home device like a smart lock by the device’s manufacturer and you weren’t sure if this piece of equipment would work with other smart-home devices implementing the same wireless-link technology. Or it was offered as a “smart home hub” which worked with devices using a particular wireless technology and supporting certain function classes. But these hubs offered various smart-home controller functions including remote management as long as you were using particular apps or services.

This new approach could allow for an increased number of IoT devices in each room “talking” with the access-point pods and this data moves along the backhaul to the “edge” router for that “smart-home-as-a-service” setup. The article also sees it as allowing for an IoT device, especially one that is battery-powered, not to be part of a large Zigbee, Z-Wave or Bluetooth mesh thus leading to increased device reliability. I would also see it become relevant with setups that use technologies like DECT-ULE which use a “hub and spoke” topology.

For this concept to work properly, the network-bridge devices that interlink Zigbee or similar IoT wireless technologies to an IP-based network have to work independent of particular smart-home controller software. Then the smart-home controller software has to be able to work with any IoT-based device no matter which of these network bridges they are talking to as long as they are on the same logical network. This situation would be of concern with portable user-interface devices like remote controls that are likely to be taken around the premises.

Although this article is Wi-Fi focused, I would still see the wired network being important. For example, some house designers and builders are even wiring the homes they design with Ethernet whether as standard or as an option while the home is being built or renovated. As well, there is powerline networking based on either HomePlug AV500 or AV2 standards. Here, these wired-network technologies are still viable as a backhaul connection alternative especially if you are dealing with building materials and techniques like double-brick or sandstone construction, or foil-lined insulation that can slow down Wi-Fi wireless communications.

But could these wireless-network access-point “pods” be simply a dedicated device installed in each room? It could be feasible for a device that offers other functionality that benefits from the network to be an access point or one of these “pods” in its own right. For example, a network-capable printer or a consumer-electronics device like a home-theatre receiver could connect to an existing network’s backhaul but also be an access point in its own right.  In this context, a Smart TV installed in a lounge area further down the end of the house could become an access point or smart-home “pod” to cover that end area.

The idea has been proven in the form of the Amazon Echo Plus smart speaker which has a built-in network-bridge function for Zigbee smart-home devices. This is alongside the ability for it to be a controller for these devices in context with the Amazon Alexa ecosystem.

What is being put forward with the Wi-Fi NOW “Pod In Every Room” concept is the idea of a single logical network with a high-speed wireless data backbone and access-point devices serving all wireless networking applications for both regular data transfer and smart-home/IoT applications. As long as the approach is driven by common open standards without dependence on particular technology owned by one vendor, then there is the ability for this approach to multi-function Wi-Fi networking to work properly.

Send to Kindle

Laptops and mobile devices could implement system-wide battery-saving techniques

Dell Inspiron 13 7000 2-in-1 Intel 8th Generation CPU at QT Melbourne hotel

There needs to be software-wide support for determining when a laptop like the Dell Inspiron 13 7000 2-in-1 is on battery power or not so it runs in a manner to conserve battery power

I had read a Lifehacker article about how one could disable real-time malware scanning on a laptop while it is running on battery power as a way to “spin out” the battery runtime further. This was because if the desktop-security program is performing real-time scanning, it would be using a processor thread and demanding more power to do that job.

It is in addition to Microsoft researching ways to minimise screen refreshing while a portable computer is running on batteries so as to conserve battery power. Here, it was about avoiding the need for the CPU and graphics infrastructure to devote lots of energy to “painting” the whole screen when there is a small amount of animation taking place.

Here, I am advocating a “dual-power” approach for software development to allow software to operate in two different modes – a high-performance mode and a power-economy mode. The operating system would sense if the computer is running on external power or battery power and convey this power status to the software applications accordingly. This is in addition to optimising the display, Wi-Fi or other functionality depending on their power source.

USB-C connector on Samsung Galaxy S8 Plus smartphone

It also applies to smartphones like this Samsung Galaxy S8 Plus so they can take advantage of time they are connected to a charger

It is similar to how some portable electronics made through the 70s to the 90s operated depending on the power source. For example some portable radios and boomboxes along with some personal audio players would have the dial or display illuminated while they were connected to external power but you could activate this lighting at the press of a button if the unit was running on batteries. Or some devices would charge rechargeable batteries installed therein while they were connected to external power.

Also there is a reality that most of us will plug our laptops, tablets or smartphones in to a charger while we are at home, in the office or in the car even while we have a full battery in our devices. This is typically to “spin out” the battery runtime and make sure the battery’s “topped off”. In this situation, if we use our devices while they are plugged in to the external power source, we could see a situation where they work in a higher-performance mode.

For example, a game could activate extra “between-move” animations only while the laptop, tablet or smartphone is connected to external power. Or a program which does a lot of calculations like a photo-editing program could work in a “high-performance” mode while on external power. Similarly an email client or similar program could work in a “manual refresh” mode on battery power or an endpoint security program could enable real-time scanning and similar functionality only while on external power.

Candy Crush Saga gameplay screen Android

Games like Candy Crush Saga could work in a manner to provide the best experience depending on if the mobile device is connected to external power or not

What needs to happen is for the desktop or mobile operating system to convey the device power-mode status to all of the apps as part of an “application-programming-interface” hook and for the apps to take advantage of that hook to adapt their behaviour.  The functionality could be enabled or disabled for each application through a configuration option in the application’s settings window.

A security issue that can easily be raised is enablement of unwanted cryptomining and other processes while the mobile device is on external power as a way to facilitate stealthy operation of these processes. This is to make it appear to the user that the unwanted processes don’t exist because there isn’t the excessive battery drain taking place with these processes.

In the privacy context, determining whether a device is running on external power could be used to assume whether the device is at a fixed location or not because AC mains power is the common power source associated with these locations. This is although external power supplies can be used in a mobile context such as being connected to a vehicle’s, boat’s or aircraft’s power infrastructure and used while underway for example.

What is being highlighted here is for the feasibility for operating systems in portable computing devices to convey a system-wide power-mode status relating to use of external power. This is to allow application software to work in a manner to conserve the host computer’s battery power.

Send to Kindle