simonmackay Archive

USB-C displays are coming in droves–what should you look for?

Article

Dell S2718D 27" slimline monitor press image courtesy of Dell

Dell’s slimline 27″ monitor with its electronics in its base is an example of a USB-C monitor

Best USB-C Monitors for PC in 2019 | Windows Central

My Comments

An increasing number of standalone display monitors are becoming equipped with the USB-C connection as a path for connecting your computer to them.

This connection works uses the DisplayPort alt path offered by the connection standard for video transfer from the host computer as a minimum feature. This is part of the USB-C standard that allows different host-peripheral connection paths like DisplayPort to be run via the same physical cable along with the USB-based host-peripheral data transfer. But most of these monitors will support being a power source compliant to the USB Power Delivery device class so they can provide power to and charge a laptop that is connected to them as a host. Better implementations of this standard will even support being their own powered USB 3.x hub and have two or three traditional USB 3.0 ports.

These USB-C plugs are now another connection path for linking your computer to a display monitor

There will be at least some HDMI or standard DisplayPort input connections for legacy setups such as desktop or laptop computers that don’t come with USB Type-C connections. But you can exploit the hub functionality in those monitors that implement it if you use a USB cable that has a Type C connector on one end and a traditional Type A connector on the other end.

If the monitor has any sort of audio functionality, this will be facilitated through the DisplayPort or HDMI connections. In the case of the USB-C setup, the sound will be transferred using the DisplayPort alt ability that this connection provides. Most of the monitors with this function will have a 3.5mm stereo audio-output jack that can work to headphone or line-out specifications and may have integral speakers.

You will need to have your computer use the “display audio” driver rather than its audio chipset to use the monitor’s audio abilities via the USB-C, DisplayPort or HDMI connections. As well, don’t expect much in sound quality from the integral speakers and it may be a better idea to use a set of good active speakers or your favourite stereo setup for the sound.

Like with monitors that don’t come with the USB-C connection, buying a USB-C monitor will be more of a “horses for courses” approach. Here you will come across 4K UHDTV screens with wide colour gamut and HDR support which will come in handy if you engage in photo or video editing. This is while there will be monitors optimised to work with the latest high-performance discrete display subsystems for those of us who like playing the latest high-end games.

Another question that will come up if your computer has a Thunderbolt 3 output is how these screens will fit in with external graphics modules that you may use. Most of these modules will require you to connect their video output to the monitor’s HDMI or DisplayPort connections as if you are connecting a legacy host computer but some may use a secondary Thunderbolt 3 / USB-C connection to allow you to connect your USB-C monitor with its video coming from the module’s graphics infrastructure.

Use Cases

One main use case would be for those of us who have a laptop-based working environment. Here, you would use a USB-C monitor with integrated hub functionality and connect your wired peripherals to the monitor while your laptop is connected to your monitor using one cable. You then end up dealing with just one cable when you bring your computer to or remove it from that workspace.

Another main use case is if you are dealing with a “next unit of computing” midget computer or other small-form-factor computer that implements this connection type. Where manufacturers see the USB-C connection type as a way to reduce the computer’s size, these monitors can earn their keep as a preferred display type for these systems.

Do I need to replace my existing monitor for one with a USB-C connection

At the moment, you don’t need to replace your existing monitor with one that has a USB-C connection if your existing monitor serves your needs well. This is more important for those of us who have existing computer equipment that isn’t equipped with this connection or aren’t buying equipment that will have this connection.

But if you are replacing an existing monitor with something that better suits your needs or adding one to a multiple-display setup, this connection type can be a valid feature to be aware of when comparing the feature lists of each candidate unit. Here, it will be about having one that is future-proof especially when you use computer equipment that has this connection type.

What to look for

Make sure the monitor you are after has the display size, aspect ration and other abilities that suit your key usage scenario. For example, gamers should look for monitors that work tightly with their preferred high-performance graphics cards.

Look for a USB-C monitor that has a USB hub with plenty of USB 3.0 downstream connections. Another USB-C downstream connection can be an asset worth considering. But at least one of the USB sockets must be easily discoverable and accessible from your operating position.

The USB-C monitor should have be able to work as a power source compliant to the USB Power Delivery specification with an output of 45 watts or more. This will mean that you don’t need to use your laptop computer’s battery charger to run your laptop at home or work.

Audio-equipped USB-C monitors must have an external line-level or headphone audio output so you can use them with your favourite audio devices.

If the monitor has an integrated Webcam, it may be an asset for your privacy to have a user-operated shutter across the camera lens or the Webcam to be of a “pop-up” design that is concealed when not in use.

Conclusion

Over this year, the appearance of display monitors with a USB-C connection will become more common as the number of laptop and small-profile computers kitted out with this or the Thunderbolt 3 connection increases.

Send to Kindle

What will passwordless authentication be about?

Facebook login page

You soon may not need to remember those passwords to log in to the likes of Facebook

The traditional password that you use to authenticate with an online service is in the throes of losing this role.

This is coming about due to a lot of security risks associated with server-based passwords. One of these is for us to use the same password across many online services, leading towards credential reuse and “stuffing” attacks involving “known” username/password or email/password pairs. As well, the password is also subject to brute-force attacks including dictionary attacks where multiple passwords are tried against the same account. It also includes phishing and social-engineering attacks where end-users are tricked in to supplying their passwords to miscreants, something I had to rectify when an email account belonging to a friend of mine fell victim to phishing. This is facilitated by users creating passwords based on personal facts that work as aide-memoires. Passwords can also be stolen through the use of keyloggers or compromised network setups.

Managing multiple passwords can become a very user-unfriendly experience with people ending up using password-vault software or recording their passwords on a paper ore electronic document. As well, some applications can make password entry very difficult. Examples of these include connected-TV or games-console applications where you pick each character out using your remote control’s or game controller’s D-pad to enter the password.

You will be able to set your computer up to log you in to your online services with a PIN, fingerprint or other method

The new direction is to implement passwordless authentication where a client device or another device performs the authentication role itself and sends an encrypted token to the server. This token is then used to grant access to the account or facilitate the transaction.

It may be similar to multifactor authentication where you do something like enable a mobile authenticator app after you key in your online service’s password. But it also is very similar to how a single-sign-on or social-sign-on arrangement works with the emphasis on an authenticated-session token rather than your username and password as credentials.

The PIN will be authenticated locally nd used to enable the creation of a session token for your online service

There will be two key approaches which are centred around the exchange of an asymmetric key pair between the client and server devices.

The first of these will be the primary client device like your laptop computer or a smartphone that you are using the online service on. Or it can be a secondary client device like your smartphone that is holding the private key. You authenticate with that device using a device-local PIN or password or a biometric factor like your fingerprint or face.

Android security menu

The same holds true for your Android or other smartphone

The second will involve the use of a hardware token like a FIDO2-compliant USB or Bluetooth access key or an NFC-compliant smart card. Here, you activate this key to pass on the credentials including the private key to the client computer for your online session.

It is being facilitated through the use of FIDO2, WebAuthN and CTAP standards that allow compliant Web browsers and online services to implement advanced authentication methods. At the moment, Windows 10 is facilitating this kind of login through the use of the Windows Hello user-authentication functionality, but Android is in the process of implementing it in the mobile context.

There is effectively the use of a form of multifactor authentication to enable the cryptographic key pair between the client and server devices. This is based around the device you are using and the fact you are there to log in.

HP Elitebook 2560p business notebook fingerprint reader

The fingerprint reader on this HP Elitebook and similar laptops will become more important here

If the authentication is to take place on the primary client device like a laptop or smartphone, the device’s secure element like a TPM module in a laptop or the SIM card in a smartphone would be involved in creating the private key. The user would enter the device-local PIN or use the fingerprint reader to enable this key which creates the necessary session token peculiar to that device.

On the other hand, if it is to take place on a secondary device like a smartphone, the authentication and session-token generation occurs on that device. This is typically with the user notified to continue the authentication on the secondary device, which continues the workflow on its user interface. Typically this will use a Bluetooth link with the primary device or a synchronous Internet link with the online service.

The online service has no knowledge of these device-local authentication factors, which makes them less likely to be compromised. For most users, this could be the same PIN or biometric factor used to unlock the device when they switch it on and they could use the same PIN across multiple devices like their smartphone or laptop. But the physical device in combination with the PIN, fingerprint or facial recognition of that user would be both the factors required to enable that device’s keypair and create the session token to validate the session.

A hardware token can be in the form of a USB or Bluetooth security key or a NFC smart card. But this device manages the authentication routines and has private keys kept in its secure storage.

There will be the emphasis around multiple trusted devices for each service account as well as the same trusted device supporting multiple services. Some devices like hardware tokens will have the ability to be “roaming” devices in order to do things like enabling a new device to have access to your online services or allow ad-hoc use of your services on shared equipment such as the public-use computers installed at your local library. They will also work as a complementary path of verification if your client device such as a desktop PC doesn’t have all the authentication functionality.

Similarly, when you create a new account with an online service, you will be given the option to “bind” your account with your computer or smartphone. Those of us who run online services that implement legacy-based sign-in but are enabled for passwordless operation will have the option in the account-management dashboard to bind the account with whatever we use to authenticate it with and have it as a “preferred” authentication path.

Some of the passwordless authentication setups will allow use with older operating systems and browsers not supporting the new authentication standards by using time-limited or one-use passwords created by the authentication setup.

Questions that will arise regarding the new passwordless Web direction is how email and similar client-server setups that implement native clients will authenticate their sessions. Here, they may have to evolve towards having the various protocols that they work with move towards key-pair-driven session tokens associated with the particular service accounts and client devices.

There will also be the issue of implementing this technology in to dedicated-purpose devices, whether as a server or client device. Here, it is about securing access to the management dashboards that these devices offer, which has become a strong security issue thanks to attacks on routers and similar devices.

IT WILL TAKE TIME TO EVOLVE TO PASSWORDLESS

Send to Kindle

It will be easy to use your voice to delete what you previously said to Alexa

Amazon Echo on kitchen bench press photo courtesy of Amazon USA

You will be able to use your voice to delete instructions you said to your Amazon Echo

Articles

How to See and Delete Alexa’s Recordings of You | Tom’s Guide

You Can Now Tell Alexa To Delete Your Conversations | Lifehacker

My Comments

An issue that anyone with a voice-driven home assistant device will be wanting to have control of is what the device’s platform has recorded when they spoke to that device. It also includes the risk of your device being accidentally triggered by situations such as an utterance of the wake word in a recording or broadcast. A previous article that I have written describes how to achieve this kind of control with your Amazon Echo or similar Alexa-based device.

But Amazon have taken this further for the Alexa platform by allowing you to speak to your Alexa-based device to delete recordings left on the platform during particular time ranges.

How to enable this function

You have to use the Amazon Alexa app or Website to enable this feature but you don’t have to install another Alexa Skill in to your account for this purpose. Once you are logged in to your Amazon Alexa app or Website, enter the Settings section which would be brought up under a hamburger-shape “advanced-operations” menu.

Then you go to your “Alexa Account” option in that section and bring up the “Alexa Privacy” menu. Go to the “Review Voice History” screen and you will see the  “Enable Deletion By Voice” option that you can toggle on or off. Having this feature on will allow you to use the voice commands that will be listed below. When you enable it, you will see a warning that anyone with access to your Alexa-based devices will be able to delete what was said to the Alexa ecosystem.

Commands

“Alexa, delete everything I said today” will cause your Alexa-based device to delete anything you said to it from midnight (0:00) of the current day to the time you gave that instruction.

For greater control, Amazon will roll out this other command: “Amazon, delete what I just said”. This will delete what was last said to your Alexa device and can be of use when handling a nuisance-trigger situation for example.

Conclusion

I would see the other voice-driven assistant platforms provide the ability to delete what you said under your voice control as a user-enabled option. This will be more so as the light shines brightly on what the Silicon Valley establishment are up to with end-user data privacy amongst other issues like corporate governance.

Send to Kindle

NewsGuard to indicate online news sources’ trustworthiness

Articles

Untrustworthy news sites could be flagged automatically in UK | The Guardian

From the horse’s mouth

NewsGuard

Home Page

My Comments

Google News screenshot

Google News – one of the way we are reading our news nowadays

Since 2016 with the Brexit referendum and the US Presidential Election that caused outcomes that were “off the beaten track”, a strong conversation has risen up about the quality of news sources, especially online sources.

This is because most of us are gaining our news through online resources like online-news aggregators like Google News, search engines like Google or Bing, or social networks like Facebook or Twitter. It is while traditional media like the newspapers, radio or TV are being seen by younger generations as irrelevant which is leading to these outlets reducing the staff numbers in their newsrooms or even shutting down newsrooms completely.

What has been found is that this reliance on online news and information has had us become more susceptible to fake news, disinformation and propaganda which has been found to distort election outcomes and draw in populist political outcomes.

Increasingly we are seeing the rise of fact-checking groups that are operated by newsrooms and universities who verify the kind of information that is being run as news. We are also seeing the electoral authorities like the Australian Electoral Commission engage in public-education campaigns regarding what we pass around on social media. This is while the Silicon-Valley platforms are taking steps to deal with fake news and propaganda by maintaining robust account management and system-security policies, sustaining strong end-user feedback loops, engaging with the abovementioned fact-check organisations and disallowing monetisation for sites and apps that spread misinformation.

Let’s not forget that libraries and the education sector are taking action to encourage media literacy amongst students and library patrons. With this site, I even wrote articles about being aware of fake news and misinformation during the run-up to the UK general election and the critical general elections in Australia i.e. the NSW and Victoria state elections and the Federal election which were running consecutively over six months.

Google News on Chrome with NewsGuard in place

NewsGuard highlighting the credibility of online news sources it knows about on Google News

But a group of journalists recently worked on an online resource to make it easy for end-users to verify the authenticity and trustworthiness of online news resources. NewsGuard, by which this resource is named, assesses the online news resources on factors like the frequency it runs with false content; responsible gathering and presentation of information; distinguishing between news and opinion / commentary; use of deceptive headlines and proper error handling. Even factors that affect transparency like ownership and financing of the resource including ideological or political leanings of those in effective control; who has effective control and any possible conflicts of interest; distinction between editorial and advertising / paid content; and the names of the content creators and their contact or biographical information.

NewsGuard in action on Google Chrome - detail with the Guardian

The NewsGuard “pilot light” on Chrome’s address bar indicating the trustworthiness of a news site

End-users can use a plug-in or extension for the popular desktop browsers which will insert a “shield” behind a Weblink to a news resource indicating whether it is credible or not, including whether you are simply dealing with a platform or general-info site or a satire page. They can click on the shield icon to see more about the resource and this resource is even described in an analogous form to a nutrition label on packaged foodstuffs.

For the Google Chrome extension, there is also the shield which appears on the address bar and changes colour according to how the Web resource you are reading has been assessed by NewsGuard. It is effectively like a “pilot light” on a piece of equipment that indicates the equipment’s status such as when a sandwich toaster is on or has heated up fully.

NewsGuard basic details screen about the news site you are viewing

Basic details being shown about the trrustworthiness of online news site if you click on NewsGuard “pilot light”

It is also part of the package for the iOS and Android versions of Microsoft Edge but it will take time for other mobile browsers to provide this as an option.

NewsGuard is a free service with it gaining a significant amount of funding from the Microsoft’s Defending Democracy program. This is a program that is about protecting democratic values like honest and fair elections.

It is also being pitched towards the online advertising industry as a tool to achieve a brand-safe environment for brands and advertisers who don’t want anything to do with fake news and disinformation. This will be positioned as a licensable data source and application-programming interface for this user group to benefit from. Libraries, educational facilities, students and parents are also being encouraged to benefit from the NewsGuard browser add-ons as part of their media-literacy program and curriculum resources.

Detailed "Nutrition Label" report from NewsGuard about The Guardian

Click further to see a detailed “nutrition label” report about the quality and trustworthiness of that online news resource

But I see it also of benefit towards small newsrooms like music radio stations who want to maintain some credibility in their national or international news coverage. Here, they can make sure that they use news from trusted media resources for their news output like the “top-of-the-hour” newscast. Students, researchers, bloggers and similar users may find this of use to make sure that any media coverage that they cite are from trustworthy sources.

The UK government are even considering this tool as a “must-have” for Internet service providers to provide so that British citizens are easily warned about fake news and propaganda. It is in the same approach to how users there can have their ISPs provide a family-friendly “clean feed” free of pornography or hate speech.

It is now being rolled out around the rest of Europe with France and Italy already on board with this service for their mastheads. Germany is yet to come on board but it could be a feasible way to have other countries speaking the same language climbing on board very quickly such as having Germany, Austria and Switzerland come on board very quickly once German presence is established.

As NewsGuard rolls out around the world, it could effectively become one of the main “go-to” points to perform due-diligence research on that news outlet or its content. It will also become very relevant as our news and information is delivered through podcasts and Internet-delivered radio and TV broadcasts or we use Internet-connected devices to receive our news and information.

Send to Kindle

AVM earns Connect awards for their routers

Article – From the horse’s mouth

AVM FRITZ!Box 3490 - Press photo courtesy AVM

AVM earns more industry recognition for their Fritz!Box devices

AVM

AVM is delighted to win two Connect awards (Press Release)

My Comments

AVM has just earned two Connect awards for their German-designed home-network technology.

The first of these was for the Fritz!Box routers and mesh setup. No wonder they would earn industry recognition for their home-network products especially since they were the first company to break the mould regarding home-network routers by supplying self-updating firmware.

The issue of self-updating firmware became very important due to the fact that most of us aren’t updating our home-network router’s firmware regularly and it was a security hole. This is thanks to the “out-of-the-box” software coming with bugs and weaknesses that can be exploited by hackers against the typical home network.

Another step in the right direction was to implement distributed-wireless networking through a free software update rather than requiring customers to replace their AVM home-network devices. This was about providing a function update to the Fritz!Box modem router’s FritzOS firmware to open up this functionality. There was even the ability to roll out the functionality to Fritz!WLAN Repeaters and Fritz!Powerline access points to bring on the simplified distributed-wireless functionality to them all. It also applied to some recent-model Fritz!Box modem routers to cater for the reality that an older router can be “pushed down” to be an access point while the new router works as the edge of your home network.

But they also earned awards for their IP-based telephony equipment which was considered important as European telcos are moving towards IP-based telephony and away from the traditional telephone system. One of the products was a CAT-iQ DECT cordless handset that worked with their Fritz!Box modem routers that had DECT hase-station functionality for VoIP telephony. This had abilities similar to what you would expect of a mobile phone of the “feature phone” class.

What is being shown here is that the European companies are coming through on functionality innovation when it comes to the home-network “edge” router or infrastructure devices for your home network.

Send to Kindle

Internet-radio platforms are drifting towards new content directories

Articles – From the horse’s mouth

Kogan Internet table radio

You may find that the Internet radio service is not working if you are using the vTuner Internet-radio directory used by most Internet radios

Frontier Silicon

Support Notice regarding changeover (English language / Deutsche Sprache / Langue Française)

Airable by Tune In Gmbh

Product Page regarding Internet radio directory service

Message From The Team (Press Release)

My Comments

Recently, it has been found that vTuner, the Internet-radio directory used by many Internet radios and audio equipment with that functionality including the ones previously reviewed on this Website, has become unreliable as a service. This has caused some of the set manufacturers to receive user complaints about their products through their product-support contact paths.

These manufacturers and Internet-radio platform providers like Frontier Silicon have found that they can’t assure their end users can benefit from proper service continuity. So they are changing their Internet-radio and audio-on-demand service provider to Airable by Tune In. This German company is a different company to the TuneIn Radio app and Website we commonly use to bring Internet radio to our computers, smartphones and tablets.

Revo Domino Internet radio

Check the update options in your Internet radio’s menus for any directory service updates

In a lot of cases, the manufacturer will supply a firmware update which may be delivered via the Internet connection or as a downloadable software package to be transferred to the Internet-radio device via a USB memory stick. Devices based on the Frontier-Silicon platform which includes Roberts, Bush, Kogan, Ruark, Revo or Sangean equipment will simply take on a small configuration update which may require the set to be turned off then on for it to be implemented.

There will be some older audio-equipment models, mainly “big sets” (hi-fi equipment, stereo systems and the like) offered by some of the big names, that may not be able to be updated to newer Internet-radio services. In most cases, these units will lose Internet-radio functionality and this is due to a traditionalist approach towards managing “end-of-life” models by these brands.

The same issue will also apply with equipment like the Ruark R7 Radiogram

If your device is based around a mobile-platform app, something that would be common with Wi-Fi-based multiroom speakers, you may have to update your app from the mobile platform’s app store. Typically this is facilitated using the “Update” option within the app-store menu. The same issue also applies to smart TVs, set-top boxes, games consoles, mobile-platform apps and the like whereupon you would have to visit the platform’s app store or download location to obtain an app update or a substitute Internet-radio app.

Other than that, check with your set’s manufacturer’s support Website for any software updates if you have found that you aren’t benefiting from Internet-radio service continuity.

Once the firmware update or configuration update has completed, you will find that the menu tree for your equipment’s Internet-radio or online services mode has been revised. You will also find that you will have to store your favourite stations using your set’s preset buttons rather than an online resource. This means you will have to rely on your set’s preset-station functionality for this purpose.

Since 5 August, Frontier Silicon have built up a new Web portal for you to manage your favourite stations in addition to using your set’s preset-station buttons. This will work with devices based on their platform like Bush, Roberts, Ruark or Kogan sets that are updated to use Airable.

Speaking of which, you may have to reallocate your favourite Internet-radio stations to your set’s preset buttons. This is because these buttons keep a reference to the station’s entry to the Internet-radio-directory-service’s directory rather than the full URL for that online stream. For example, a reference to Heart London’s Internet stream as a preset button on your set may only point to the reference in the vTuner Internet-radio directory which has all the stream addresses for that “turn up the feel good” London pop-music radio station. But this station would be under a different reference with Airable or another directory.

Sony CMT-MX750Ni Internet-enabled music system main unit

Some of these sets may not be able to benefit from Internet radio thanks to the manufacturer not supplying further software updates

Airable were even stating in their latest press release that they were on the receiving end of various support tickets as each brand was switching over to them to provide Internet-radio service continuity. They were even finding that they had to claw through the support requests while the switchovers were taking place.

If you discover a new online media resource, you may have to share the resource’s stream URL for audio streams  or RSS Webfeed URL for podcasts to Airable’s “suggest content” page. This will be something that podcasters and new Internet-radio broadcasters will have to do as they come on board with online content.

The same issue about Internet radio service continuity can apply to smart TVs, set-top boxes and game consoles that implement an Internet radio app

Companies who are using the Airable internet-radio-directory service on their products have the ability to “link” with audio-content services that implement the Airable.API interface. Here, it avoids the need to add to their device’s firmware many software “hooks” to allow the online service to be available from that device’s control surface. It also avoids the need to refresh device firmware if the content directory has to be amended.

What may also have to happen is for the Airable API to implement RadioDNS as part of their directory and software. It is becoming important where the Internet radio concept is very much about “hybrid radio” operation with “single-dial” tuning and rich displays along with the classic view of Internet radio as the “new shortwave”.

The changeover will take time to complete and will yield useability problems but it will, in most cases, be about continuing to listen to Internet radio. At the same time, Tune In will have to scale up their servers to answer increased demand and keep investing in their service all the time to avoid becoming oversubscribed or running on old data.

Update: 8 August 2019 – Frontier Silicon rebuilding their favourite-stations Web portal that works with Airable for their Internet-radio platforms.

Send to Kindle

Australian media raises the issue of fake celebrity and brand endorsements

Article

Event page for spammy Facebook event

Facebook is one of many online platforms being used for fake celebrity and brand endorsements

Networks warn of fake ads, scams. | TV Tonight

Media Watch broadcast on this topic | ABC

My Comments

An issue that has been called out at the end of April this year is the improper use of endorsements by celebrities and brands by online snake-oil salesmen.

ABC’s Media Watch and TV Tonight talked of this situation appearing on Facebook and other online advertising platforms. Typically the people and entities being affected were household names associated with the “screen of respect” in the household i.e. the TV screen in the lounge room. It ranged from the free-to-air broadcasters themselves including the ABC who adheres strictly to the principles established by the BBC about endorsement of commercial goods and services, as well as TV shows like “The Project” or “Sunrise”, or TV’s key personalities like Eddie McGuire and Jessica Rowe.

Lifehacker Website

…. as are online advertising platforms

Typically the ads containing the fake endorsements would appear as part of Facebook’s News Feed or in Google’s advertising networks, especially the search-driven Adwords network. I also see this as being of risk with other online ad networks that operate on a self-serve process and offer low-risk high-return advertising packages such as “cost-per-click-only” deals and had called this out in an earlier article about malvertisement activity.

There has been recent investigation activity by the Australian Competition and Consumer Commission concerning the behaviour of the Silicon Valley online-media giants and their impact on traditional media around the world. It will also include issues relating to Google and its control over online search and display advertising.

Facebook have been engaging in efforts to combat spam, inauthentic account behaviour and similar activity across its social-network brands. But they have found that it is a “whack-a-mole” effort where other similar sites or the same site pops up even if they shut it down successfully. I would suspect that a lot of these situations are based around pages or ads linking to a Website hosted somewhere on the Internet.

A question that was raised regarding this kind of behaviour is whether Facebook, Google and others should be making money out of these scam ads that come across their online platforms. This question would extend to the “estate agents” and “landlords” of cyberspace i.e. the domain-name brokers and the Webhosts who offer domain names or Webhosting space to people to use for their online presence.

There is also the idea of maintaining a respectable brand-safe family-and-workplace-friendly media experience in the online world which would be very difficult. This issue affects both the advertisers who want to work in a respectable brand-safe environment along with online publishers who don’t want their publications to convey a downmarket image especially if the invest time and money in creating quality content.

As we see more ad-funded online content appear, there will be the call by brands, publishers and users to gain control over the advertising ecosystem to keep scam advertising along with malvertisements at bay along with working against ad fraud. It will also include verifying the legitimacy of any endorsements that are associated with a brand or personality.

A good practice for advertisers and publishers in the online space would be to keep tabs on the online advertising beheaviour that is taking place. For example, an advertiser can keep reporting questionable impressions of their advertising campaigns including improper endorsement activity while a publisher can report ads for fly-by-night activity that appear in their advertising space to the ad networks they use. Or users could report questionable ads on the Social Web to the various social network platforms they see them appear on.

Send to Kindle

Lenovo starts the Thinkbook line of small-business laptops

Articles

Lenovo’s new ThinkBook line offers ThinkPad-level features at a lower price point | The Verge

Lenovo’s new ThinkBook laptop line is built for slimness and security | Engadget

Lenovo launches less-expensive ThinkBook laptops | CNet

From the horse’s mouth

Lenovo

Thinkbook Series (product page)

Meet the New ThinkBook: Built for Business, Designed for Generation Next (Press Release)

Product Tour Video – Click or tap to play

My Comments

Lenovo ThinkBook 13s press picture courtesy of Lenovo

Lenovo ThinkBook 13s small-business notebook computer

HP and Dell have, for a long time, created a separate range of regular computers that stand between the consumer-class and enterprise-class product lineups. These product lineups known as ProBook in the case of HP or Vostro in the case of Dell were effectively targeted at small-to-medium business / community-organisation users or self-employed / freelance professionals.

Lenovo, Acer and some other computer manufacturers didn’t target this kind of user class effectively with a product lineup that answered their particular needs without adding to much extra functionality. Typically, the computers offered by these manufacturers wore the lower-tier models of the enterprise product range or the premium consumer products in their product lineup.

Lenovo ThinkBook 14S press picture courtesy of Lenovo

Lenovo ThinkBook 14s small-business notebook computer

But Lenovo have answered the small-to-medium-size organisation’s or freelancer’s needs by launching the ThinkBook product lineup targeted at these user classes. Here, they removed all the extra management features associated with enterprise-class computers, added the kind of multimedia features associated with consumer-grade products and presented them with a stylish look.

This satisfies the reality that this user class doesn’t run or contract an IT management and support team. Rather they have their solutions provider or an independent computer store provide the necessary after-sales support.

Similarly, this user class tends to work these computers as a “work-home” computer system which has to perform well in an all-round multimedia context as well as looking stylish for the home. It includes the fact that a significant amount of the small/medium business or freelance / self-employed user class places emphasis on doing at least some of their work from home.

Lenovo answered this situation by integrating an essential subset of security features in the form of a discrete TPM security chip along with a fingerprint reader that is integrated in the computer’s power switch. These work together to provide authentication for local or Web resources according the the “open-frame” FIDO2 standards. The camera also supports the end-user’s privacy through the use of a mechanical shutter over the lens that the user can slide back when they want to use the camera with Lenovo marketing it as the ThinkShutter.

There is also the business-class durability associated with the ThinkPad business product range built in to the new ThinkBook product range. This means that the small-organisation or freelancer user isn’t treated as a second-class citizen in this respect.

But the ThinkBook 13s and 14s which are clamshell laptops implement multimedia features like Dolby Audio and Harman sound tuning for the sound output and Dolby Vision colour management for the Full HD display. Both these laptops were also designed to have the stylish looks and are finished in a sliver housing rather than a black or charcoal-grey housing associated with business-grade computer equipment.

The ThinkBook 13s (13” screen) has the integrated Intel UHD 620 graphics whereas the ThinkBook 14s (14” screen) has AMD Radeon discrete graphics with AMD Dynamic Switchable Graphics operation. Both of them support Bluetooth 5.2 and Wi-Fi 5 (802.11ac) dual-stream for wireless operation along with a USB-C port and one of the two standard USB 3 ports supporting “Plug and Charge” operation when the computer is closed up.

The keyboard layout will be similar to most laptops on the market and it will use a normal touchpad and not have the IBM/Lenovo thumbstick associated with the ThinkPad. There are dedicated function keys for managing voice / video calls with Skype or other softphone / videophone software that responds to standard call-control function keys.

The ThinkBook laptop range are expected to appear at least in the North-American market by the end of May. But I would see this as a chance for Lenovo to build out a regular-computer product range dedicated to the small organisations and self-employed or freelancing professionals of this world.

It will also be a chance for more of the computer vendors to build up and identify out their “prosumer” products that fill the gap between consumer-focused and business-focused or professional-focused markets. This is through practices like designing products with the essential security, durability and reliability features but presented in a stylish form and capable of satisfying multimedia work and play activity.

Send to Kindle

Should we be managing multiple email accounts?

Windows Live Mail client-based email interface

Multiple email accounts may be beneficial to your privacy and work-life balance.

Some of us may find it convenient to handle all of our email through one account. The advantages that are often seen include dealing with one inbox and sending from one account.

But we are increasingly entering a world where we have to deal with multiple email accounts.

Why run multiple email accounts?

One reason this is becoming important is to keep business and private email separate. Here, it may be about preserving a separate business and social persona, or simply to delineate your time between home and work activity. Similarly, the separate email address for business / work email is an advantage in preserving a professional appearance.

As well, the correspondence associated with your personal email address that you maintain yourself isn’t subject to the same kind of legal scrutiny that the correspondence associated with your business email address would be subject to. This is important if your workplace or business is to change hands or is a party to legal action of any sort.

People who have a public-facing business life such as politicians or celebrities will maintain a public-facing email address to maintain an email correspondence consistent with that public-facing role. This is becoming more important where people in the public eye are becoming more vulnerable to “dirt-digging” – the practice of trawling for any information to discredit one’s reputation.

This practice is also becoming important with the emails we “tie” with various social-network presences. Here, we may want to operate a professional-looking persona on the public-facing social-media profiles while keeping a private persona that you have on your personal social-media profiles.

The situation extends to where we have our email address on material that the public have easy access to, whether it’s that notice on the church noticeboard or our entry on that petition.

Those of us who engage in online dating are having to find that maintaining a separate email address for use with dating apps and Websites gives us greater control over what potential suitors know about us. It may also offer a chance to control when they can contact us while keeping this life private from family or work.

Account types list in the Add Account option including option to add POP3 or IMAP4 accounts

It also applies to businesses and organisations who maintain a public-facing email address that is written on the public-facing material. This keeps a professional appearance and keeps your staff’s business and private email more private. Similarly, you can maintain multiple email address for particular job descriptions or workflow requirements.

Conversely, some of us maintain a separate email address that we give to marketers or online email newsletters as a crude method of spam control. Similarly, separate email addresses are being seen as important as a failover measure should one email server crash or as a security verification means for email services.

How is this achieved?

Who will provide the email inboxes

email settings in Samsung Android email app

Add Account option in email settings on Android (Samsung) email app

Your workplace will give you an email address that is tied to your tenure with that employer. The provision of a tied email address will also apply for most college students or staff who have access to college IT resources. If you run a small business or other organisation with a Web presence and own domain name, your Webhost or domain name provider will offer at least one email inbox under the main domain name you purchased.

Most ISPs or telcos will provide you with at least one email inbox as part of your Internet-service deal. It will be something that is very common with fixed-line Internet service especially from major providers.

Of course, there are the Webmail providers like Outlook.com and Gmail who will provide you at least one email address for free. It also includes the secure email hosts who provide a secure user experience at a premium price.

Now we are seeing the rise of dedicated service providers who provide email inboxes as their main business. Such providers will offer Web-based or standard client-based access to these mailboxes.

What to look for

Samsung Android email app account types

Account types offered by the Samsung Android email app

A feature I consider very important for email accounts is that they support multiple-device access and full “on-the-road” use. Typically it would mean use of a major Webmail host or a host that implements “hosted Exchange” or IMAP4 email protocols. This is important where we use a mobile device or secondary laptop computer to work our emails and want to work our email from anywhere.

You may find that a Webmail interface that allows the operation of multiple accounts from competing services may come in handy if you are using shared computers or public computing facilities.

How do you handle the multiple email inboxes

Different users may manage their email from multiple accounts using one of two paths. One is to use a single interface for all of the email accounts, with the other being to use different interfaces for different accounts.

It may include having all your personal email accounts operated with one interface like a Webmail interface while your work or business email accounts are operated with another interface like a business-optimised email client.

One email interface for all accounts

Most email interfaces, whether Web-based or client-based, will support the operation of multiple email accounts. In this case, using the one interface will underscore the idea of going to one email interface for all of your email activity.

Your email interface will have an option in its account-management settings to add or delete email accounts. Most of the current interfaces will have a “quick-setup” routine for the popular Webmail providers; and will have a setup option for accounts using Microsoft Exchange, POP3 or IMAP4 accounts.

Receiving email

The user experience for reading your email will have separate inboxes for each of the accounts you manage. You may also find that some of the email interfaces like the GMail Web interface may offer a combined-inbox view for all of your email accounts with better interfaces using visual clues to differentiate each account.

Sending email

Should you send an email, you will be asked to choose which account you use to send your email via.

On some email interfaces where you choose the account you are operating at the moment like Windows 10’s Mail app, the account you are operating would be the one you send your email via. Other interfaces may require you to determine which account you send the email from when you click the “Send” button. As well, most of these interfaces may offer a default-account setting for new email, with the option to override this when you compose your new message.

The default behaviour for replying and forwarding would be to use the email service you received the email via for sending the replies or forwarding the email.

Your contacts list

Of course the contact list kept in your email interface will, in most cases, be shared amongst all of the accounts you operate.

Different email interfaces for different accounts

On the other hand, some of us may choose to operate each inbox with its own interface setup. This may be due to an email client not handling multiple inboxes how we want it or simply to delineate the operation of each inbox as a separate task.

This is a simple task with operating each interface with its own account. You will have to copy across contact details you want to use across multiple accounts if you operate them with separate interfaces.

A combination of this situation and the former situation will apply if you choose to operate some accounts with one interface and others with another interface. This is a useful practice for those of us who want that “church and state” separation between business and personal or public and private email activity.

Conclusion

Operating multiple email accounts may come in to play as a measure to protect your privacy and manage our email inbox properly.

Send to Kindle

The UK to mandate security standards for home network routers and smart devices

Articles UK Flag

UK mulls security warnings for smart home devices | Engadget

New UK Laws to Make Broadband Routers and IoT Kit More Secure | ISP Review

From the horse’s mouth

UK Government – Department of Digital, Culture, Media and Sport

Plans announced to introduce new laws for internet connected devices (Press Release}

My Comments

A common issue that is being continually raised through the IT security circles is the lack of security associated with network-infrastructure devices and dedicated-function devices. This is more so with devices that are targeted at households or small businesses.

Typical issues include use of simple default user credentials which are rarely changed by the end-user once the device is commissioned and the ability to slip malware on to this class of device. This led to situations like the Mirai botnet used for distributed denial-of-service attacks along with a recent Russia-sponsored malware attack involving home-network routers.

Various government bodies aren’t letting industry handle this issue themselves and are using secondary legislation or mandated standards to enforce the availability of devices that are “secure by design”. This is in addition to technology standards bodies like Z-Wave who stand behind logo-driven standards using their clout to enforce a secure-by-design approach.

Netgear DG834G ADSL2 wireless router

Home-network routers will soon be required to have a cybersecurity-compliance label to be sold in the UK

The German federal government took a step towards having home-network routers “secure by design”. This is by having the BSI who are the country’s federal office for information security determine the TR-03148 secure-design standard for this class of device.  This addresses minimum standards for Wi-Fi network segments, the device management account and user experience, along with software quality control for the device’s firmware.

Similarly, the European Union have started on the legal framework for a “secure-by-design” certification approach, perhaps with what the press describe as an analogy to the “traffic-light” labelling on food and drink packaging to indicate nutritional value. It is based on their GDPR data-security and user-privacy efforts and both the German and European efforts are underscoring the European concern about data security and user privacy thanks to the existence of police states within Europe through the 20th century.

Amazon Echo on kitchen bench press photo courtesy of Amazon USA

… as will smart-home devices like the Amazon Echo

But the UK government have taken their own steps towards mandating home-network devices be designed for security. It will use their consumer-protection and trading-standards laws to have a security-rating label on these devices, with a long-term view of making these labels mandatory. It is in a similar vein to various product-labelling requirements for other consumer goods to denote factors like energy or water consumption or functionality abilities.

Here, the device will be have requirements like proper credential management for user and management credentials; proper software quality and integrity control including update and end-of-support policies; simplified setup and maintenance procedures; and the ability to remove personal data from the device or reset it to a known state such as when the customer relinquishes the device.

Other countries may use their trading-standards laws in this same vein to enforce a secure-by-design approach for dedicated-function devices sold to consumers and small businesses. It may also be part of various data-security and user-privacy remits that various jurisdictions will be pursuing.

The emphasis on having proper software quality and integrity requirements as part of a secure-by-design approach for modem routers, smart TVs and “smart-home” devices is something I value. This is due to the fact that a bug in the device’s firmware could make it vulnerable to a security exploit. As well, it will also encourage the ability to have these devices work with highly-optimised firmware and implement newer requirements effectively.

At least more countries are taking a step towards proper cybersecurity requirements for devices sold to households and small businesses by using labels and trading-standards requirements for this purpose.

Send to Kindle