Posted on

Online Conferences and Covid-19

The sled and traveller stopped, the courier’s feet
Delayed, all friends shut out, the housemates sit
Around the radiant fireplace, enclosed
In a tumultuous privacy of storm.

Ralph Waldo Emerson, The Snow-Storm

Sounds cozy doesn’t it? Clustered around the fire, hot chocolate, spiced cider, hot buttered rum…

All friends shut out, the housemates sit…

Yeah. Right. We’ve been sitting around the fire with our housemates for what is it? Seven months now? That’s about long enough with our friends shut out, wouldn’t you say?

People bridle at the enforced privacy of pandemic lockdowns and social distancing. For me, the isolation is not so bad. I know the ropes of working from home and I’m an introvert.

I like and enjoy other people, but person to person encounters drain the life out of me. I know many of my friends are energized by getting together and breathing the same air with others, but it rarely works that way for me.

Pre-pandemic, I joined with a good friend or two for lunch regularly. Oh, I enjoyed those lunches, but when they were over, I exhaled a sigh of relief and took a nap to recover the energy I had lost. I used to think this personal quirk was a disadvantage, but now, I realize it is a boon not to be troubled by all this isolation. I’ve noticed that there are other folks like me, but in a group of ten, maybe only two of us.

The Washington Library Association online conference

This week, I’ve been participating in an online library conference. I’ve read that the online event business is booming. I can understand why. Online conferences are cheap and they work remarkably well; I prefer online conferences to the in-person species.

For attendees, traveling to and from these gatherings is expensive. Airfare, hotels, and meals cost, and time away from regular work costs more. On the event business side, conference hotels and centers are orders of magnitude more costly than electronic platforms. Speakers charge less to present electronically because presenting from a home or office takes less time and effort than crossing the country to check into a venue that is not much of a perk for a speaker who endures one-size-fits-all hotel décor several times a month.

As I understand it, the firms that stage these events have reduced their fees and made them back and more because the number of attendees has increased. This year, the Whatcom County Library System was able to purchase blanket admission to the Washington Library Association online conference that lets the entire library staff, and trustees attend rather than individual registrations.

I’ve gone to the Washington Library Association conference every year since I became a library trustee, but I almost decided not to go this year. I enjoy and benefit from attending, but the hectic move from our Ferndale house back to Waschke Road disrupted just about everything on top of the pandemic. Making it worse, I’ve started some time-consuming projects. I’ve always worked during conferences on a laptop or tablet, but this year, I’ve been able to work from my office in between conference events. It’s been great.

I have some suggestions for attending online conferences.

Schedule your time carefully

Attending a conference in person is a scheduling challenge. It’s easy to miss a session that you really wanted to attend because you skipped a page in the agenda, or you were distracted by a conversation with a colleague. When you’re attending from home, scheduling is more difficult because the events in your life are not built around the conference schedule— for example, your lunchtime may clash with sessions you want to attend. You can always listen to the recording, but that’s never the same. Review the agenda and plan ahead as carefully as you would in person.

Don’t multi-task

Efficiency experts liken multi-tasking to a speedway multi-car pileup. You get less done and what you do is seldom done well.

The temptation to multi-task is strong, especially attending a conference in your home office where you are likely to have several screens up and running. My usual home setup is a primary screen for the project I’m working on, another for online lookups, and a third for communications. I don’t have any trouble concentrating on my project at hand. For me, having one browser open to an online dictionary and another to email and Slack is the reverse of distracting: a quick side glance to a secondary screen and I’m back to the main subject. But when I have to fiddle opening and switching windows and desktops, I am distracted and likely to get stuck on whatever I have to bring up.

All those screens while listening to a conference presentation is different. Even the best presentations have dead spots that tempt me to look aside and process the current crop of sub-urgent communications or check on the latest minor question that’s been bugging me. Don’t do it! Boredom is lack of engagement. The instant I disengage, loss of interest in the presentation begins to snowball and before I know it, I am researching which village in Cornwall was most likely to have been the location of King Arthur’s round table, or some equally pressing subject, instead of taking a once in a lifetime chance to raise a question about tracking outcomes of library strategic initiatives. Yikes!

Take notes

I’m terrible at taking notes at conferences. While I am participating, new ideas and concepts pop into my head with crystal clarity that I couldn’t possibly forget. No need to write anything this exciting down.

Steller’s Jay eying the last thing that entered my head.

Sure. I’m seventy-one years old. If I’m distracted, the content of my head disappears with the cheerful readiness of a Steller’s Jay stealing peanuts. The arrival of the next idea clears my head of everything but lingering enthusiasm for whatever’s not there anymore. Come to think of it, the same thing happened 50 years ago when I was an undergraduate attending lectures.

Take notes, grasshopper.

Use chat

In the software development groups I used to lead, chat apps, like Slack, often were the key to productivity and communication. Most conferences have provisions for chatting among session attendees and community discussions. If you participate, chat takes the place of the conversations that go on in the hallways and over meals and drinks. Not perfect for establishing friendships, but chat discussions are often thoughtful, cogent, and well worth your time.

Remember, “On the Internet, no one knows you’re a dog.” In a chat session, you’re as smart as what you say. Take time to think, be courteous, but don’t be shy.

Setup

Have your professional appearance, background, camera, microphone, and lighting set up before the conference begins. Not all sessions allow you to interact with the speakers, but when they do, be prepared as a courtesy to your fellow participants.

Your setup is like a pandemic mask. You wear it for others, not yourself. You won’t get any personal benefit from clear sound and a flattering Zoom image. Your questions will still be answered if you look like a bear in a cave and sound like a mouth full of crushed granite. And the chances that your boss will notice your setup are slim. Sorry, but this is true. However, think about your fellow participants. They want to be part of a professional and dignified group, not a pack of ill-fed scavengers. Give them a break. And a good appearance will make you feel better too.

I’m impatient with the pandemic. Like most people, I wish it were just over, but I’m a historian as well as an engineer. Plagues don’t disappear in a blink of the eye. They fade away with effects lingering for decades, even centuries. The plague in 14th century Europe is sometimes said to have lead to the Renaissance. We don’t know what the long term effect of covid-19 will be, but our best hope is to adapt to the snow storm, not fail at ignoring it.

Posted on

Fall 2020: Ransomware Still Hurts

I was at cruising altitude over the mid-west the first and only time I watched ransomware bite a victim. I had tried not to listen as the lady sitting next to me placed a call using the old-style in-flight cell phone mounted on the bulkhead in front of us. I used to fight for those delightful 737 bulkhead seats with a few inches extra leg room. Later, she asked me if I knew what to do about the blue screen on her laptop. I would have told her not to make the call if she had asked me earlier. A full-screen message in fixedsys hardware font instructed her to call a 900 number to fix her laptop. She said she had been charged a hundred dollars for the call and she gave them her credit card number. Clearly exasperated, she still couldn’t use her laptop.

Oh boy, I thought. This person is in for trouble.

That must have been over twenty years ago. Ransomware attacks have become more frequent and vicious in 2020. IT departments are more familiar with ransomware and better at recovery, but the attacks are still nasty: the cost of each attack on U.S. businesses averaged over three-quarters of a million dollars, which I suspect is under-reported because cyber-insurance often pays up on ransom demands, but insurers don’t like to reveal that they are easy targets. Despite the costs, close to 95% of victims get their data back. The majority restored their data from backups, but over a quarter paid the ransom. See the Sophos 2020 ransomware report.

Attacks on federal, state, and local government have increased and voting places are subject to disruption through ransomware. There are hints that this increase is from cyberattacks from hostile countries, but there is also big money in hacking, so don’t discount greed as motivation.

What Is Ransomware?

Ransomware is a malicious attack on a device that disables the device and extracts some form of payment from the device owner to return the device to normal. As hacks go, ransomware is a relatively simple way for unorganized hackers to extract money from computer networks. Unlike the lady on the plane’s case, hackers usually encrypt critical data and demand payment for decrypting it. Ransomware has encrypted hospital data files and caused at least one death. Payment is usually in the form of cryptocurrency, which is harder to trace than common credit card payments and cash transfers, but not impossible.

Ransomware’s starting point is usually social engineering in the form of a phishing expedition, email that tricks users into installing malicious code. The sudden transition to working from home this year has increased confusion at work, particularly around IT, which is a gift to hackers. Unfamiliar work equipment and routines have made tricking users into unwise clicks easier. Fake invoices and made up court cases are favorite phishing tackle for luring in unsuspecting victims.

These days, who can resist a friend’s urges to click on a tear-jerking web site or a friendly IT guy asking for your password? Make sure the person asking is your friend, not a masquerading criminal and be extremely cautious about giving out credentials like passwords. Make anyone who asks for them explain exactly why they need it and don’t be shy about making phone calls for verification.

Good News for Individuals

I have not seen reports that ransomware attacks on individuals have increased, perhaps because hacking businesses, healthcare facilities, and government is more lucrative. IBM reports a shift toward deep-pocketed large corporations as targets, especially manufacturing, which is perceived as more sensitive to downtime.

Still, I haven’t heaved any sighs of relief: easy DIY ransomware kits are easy to buy and do not require much expertise to implement, encouraging amateurs to try their hand at terrorizing their friends and neighbors and the pandemic has made keeping your cool under attack more difficult.

Protect Yourself

Your most effective protection from infection is not to get infected. To protect yourself follow elementary computer hygiene:

Elementary Computer Hygiene
  • Beware of social engineering
  • Use strong passwords
  • Download and install with caution
  • Patch operating systems and applications
  • Avoid dodgy sites
  • Scan regularly for malware

For more explanation of elementary computer hygiene, see Six Rules for Online Security.

Windows Defender Anti-Ransomware

Windows 10 anti-ransomware facilities is excellent in theory, but can be annoying in practice.

Ransomware protection is buried in Settings under “Update and Security.” Choose “Windows Security” from the menu on the left, then click “Virus & threat protection.” A new window will pop. You may have to scroll down to see “Ransomware protection.” Click “Manage ransomware protection.” Turn the “Controlled folder access” switch on.

With “Controlled folder access” on, Windows 10 blocks unrecognized programs from accessing files in a set of critical directories (folders). In theory, this will prevent ransomware from touching your treasured data and documents. How well this will work in practice depends on how well your use of your computer corresponds to Microsoft’s notion of typical usage. If you install lots of applications and add folders for yourself outside the norm, you may have to change the lists of protected folders and permitted programs.

If your computing life is pure vanilla, or you continually configure controlled folder access to your usage of your system as your usage changes, this is excellent protection; exactly what a good IT department does to protect corporate assets. But if you don’t take the trouble to keep the system properly configured, it will drive you up a wall.

I use Windows ransomware protection and like it. However, the fact is, an individual who follows basic computer hygiene is not likely to suffer a ransomware attack and the trouble to keep this facility configured may not be worth the trouble. Protected folders decrease your risk, but not as much as basic hygiene.

When You Are Attacked

If you are invaded by ransomware, backups are your best assurance of successful recovery from an attack, but they must also be protected. Using cloud storage, such as DropBox, Microsoft OneDrive, or Google Drive help, but are not absolutely foolproof. Smart hackers encrypt your backup copies as well as your originals. This is why simply copying your files to another disk drive on your desktop is not adequate protection. Secured cloud backups are much safer. An external disk drive that you switch off or disconnect when not in use is not convenient, but ransomware can’t get to a disconnected or powered-down drive.

A vulnerable file contains anything that will cause you distress if lost. Oddly, if you bought the content, you probably don’t have to worry much about backing it up. You can almost always get a replacement copy, but material you created yourself, paid someone to create for you, or were given as a gift, is often hard or impossible to recreate. Photo, videos, and sound recordings are in this category.

Don’t fall into the trap of blind faith in your backups. Your enemies are broken media and backup programs that don’t copy everything you value. Test them periodically. Make sure they are actually backing up your critical files. A business with valuable assets at stake should rehearse restoration. But they seldom do.

Phones, Tablets, and Apple

Personally, I don’t worry about ransomware on my phone because I don’t keep much data there. If I am ever hit with ransomware on my phone, I plan to do a hard factory reset, restore my contacts and stored photos from the cloud and go on my way. Whether you need to worry about ransomware attacks on your tablets depends on how you use them. I have two Microsoft Surface tablets that I use much like laptops. I protect them as if they were a laptop or a desktop.

I am not a heavy Apple user or an expert, but Apples have no special protection against ransomware, although the Apple “walled garden” enforces basic hygiene somewhat better than Windows, so they may be a bit less susceptible.

Final Word

Elementary computer hygiene is the secret to avoiding ransomware and a host of other computer problems. I never knew the outcome of the episode with the woman sitting next to me, but her first mistake was ignoring hygiene rule one: she was socially engineered into making that phone call.

Posted on

New Normal: Covid Phishing

It’s summertime and the living’s easy… The covid-19 weather is perfect for successful phishing expeditions, emails designed to trick you into jeopardizing your computer, your finances, or your business.

The other morning, after scanning incoming email, and doom scrolling the news (checking for new trouble on the current events horizon), I went to the kitchen for a glass of water. Ten minutes later, I returned to my desk with a dry throat. I had put the breakfast dishes in the dishwasher, taken out the trash, and watered the rose bush, but I forgot to get a glass of water. Preoccupation with the virus and the economy has turned my life into struggle to stay on subject, and from what I read, I am not alone.

I got an email yesterday from PayPal about a charge to my account. That was strange. I don’t have a PayPal account. My wife and I do use PayPal, but the account is in her name because in our marriage’s division of labor, I wash the dishes and she pays the bills. Luckily, I focused my concentration long enough to spot some clues that the email was not from PayPal. I forwarded the email to PayPal’s phishing detection email address. A few minutes later I was rewarded with a return email confirming my suspicion. I permanently deleted the phony email and breathed the sigh of relief that comes after dodging a bullet.

That was close. I could easily have missed the clues in my currently distracted state and clicked on a link in the email, starting down a path toward a hacked computer, a ton of hassle, and likely a hit on our bank account.

This evening, instead of doing the dinner dishes, I’ll sidetrack into some hints on how to detect a phishing attempt.

Rule #1 when dealing with phishing attempts: when reading any email, don’t click on anything, don’t allow images to display, don’t call phone numbers, or send messages until you are sure the email is genuine and not a phishing expedition.

Your email client, the computer application you use to view emails, should be configured not to automatically display images from untrusted sources. This is the default for most clients. If a box pops up asking if you want images displayed, take a second to think: can I trust this sender? The problem is that when your computer reads an image file, it runs a program to convert the zeroes and ones in the file into an image you can see. Hackers doctor images to run malicious code embedded in the image file. Your operating system and email client makes this difficult, but hackers are always looking for new ways to do this kind of stuff.

Here are a few points to consider:

  • Criminals know that many of us worry a lot these days and they know how to take advantage of your fraught state. If you receive an email that raises a worrisome possibility, think twice, turn up your fraud sensors. The fact that I do not have a PayPal account in my name was a whopping clue, but I could have missed it because the email brought up a disturbing possibility: it claimed someone had charged an expensive video game to my account. Exactly what would happen if a criminal script kiddy got access to my PayPal account. In my current distractible state, the haze of worry could easily draw my attention from the precautions I would ordinarily have taken.
  • Phishermen try to force your hand. Click HERE. Call THIS NUMBER. You must respond NOW. Emails that feel like frantic attempts to get a response, are suspect. My wife and I do buy video games occasionally, mostly for our grandsons. The charge could have been legitimate, but this email insisted that I click or call immediately. That is not normal. A legitimate warning would simply point out unexpected charges; not insist on immediate action. Again, cause for doubt.
  • Look at links and email addresses carefully. On most browsers, when you hover over a “live” link, the actual address will pop up somewhere, usually the lower left corner of the window. Look at those little popups. When reading internet addresses, the most significant part of the address is to the right. “support.microsoft.com” is the support division of Microsoft Corporation. “microsoft.suport.ru” is some unknown “suport” site in Russia that has nothing to do with Microsoft. Also, be on the alert for subtle typos and misspellings. If you see “mcrosoft.com” you can be pretty sure some hacker is trying to trick you.
  • When you have doubts, suspicions, or tiny qualms, you can always contact the sender and ask. But not via links, numbers, or addresses in the suspect email. I googled “PayPal phishing” and quickly found instructions for dealing with suspicious PayPal emails from the official PayPal site.

The summer of 2020 is tough. Don’t make it worse by letting some crudball take advantage of your concern for yourself and your neighbors.

Posted on

Zoom Steps Up

If you host Zoom meetings you probably received an email from Zoom today. They’ve made some changes to the default settings for meetings that will appear Sunday, April 5. Good changes. Bravo! Let’s hope they continue to step up.

With the announced changes, Zoom defaults to meetings with waiting rooms and passwords. These defaults will make zoom-bombing harder. I hope the Zoom devos are also fixing some of the other troubles that are not so obvious to users. This is the way I expect responsible software developers to work.

The Zoom interface is well-designed. I’ve been comparing online meeting platforms this week and Zoom is still tops with me, both in ease of use and performance. Without instrumentation, getting a meaningful read on performance is difficult because it depends on network conditions at least as much as the meeting platform. However, in my limited experience, Zoom yields a smoother meeting with fewer jerks and breakups than other platforms I’ve tried since social distancing began. Online synchronized swimming instructors take note.

Go Zoom!