Posts Tagged

software

More Antivirus is Not Always Better!

Elizabeth Technology August 9, 2022

Built-In Antivirus

Microsoft Windows has come with it’s own antivirus for quite some time. Windows 10 and 11, for example, came with Windows Defender built in and on automatically unless another antivirus was installed, at which point it would automatically switch off. Windows Defender by itself is plenty of defense for the kind of run-of-the-mill threats you’d run across browsing unsecured websites or trying to download games from websites other than big, trusted ones like Steam (given you’re listening to it when it suggests you double-check the source and double-check that you meant to download a .exe file) but some people would rather have this protection from a paid-for antivirus like Kaspersky or McAfee. The fact that those programs cost money doesn’t necessarily mean they’re better, but it can be a peace of mind thing – complaining about something that cost money means that some penalty can be extracted if the user isn’t satisfied, even a penalty as small as a partial refund.

This Computer’s Not Big Enough for the Two of Us

Windows Antivirus is unique for automatically stepping down when another program steps up. Many others don’t!

Antiviruses do not get better the more that you have. They interact in ways that step on each other’s toes and lead to false alarms. As an example: say a computer has both Norton antivirus and McAfee antivirus installed. McAfee will try to scan the computer for new threats upon startup, but will be interrupted by Norton, who interprets the file-checking as potentially hazardous behavior. Norton isn’t wrong, because ransomware will often sweep through files in some way or another, but it doesn’t recognize McAfee, and almost no other program has a reason to do that anti-viral scanning. Thus, Norton then tries to report McAfee to you! Some antiviruses have safety rails that literally will not let you whitelist (whitelisting refers to telling a program that a file or action is okay, or ‘whitelisted’) certain executable programs, so you get stuck in this horrid, unbreakable loop of antivirus fingerpointing every time you boot up your computer.

These interactions actually make your computer less safe – if both antiviruses have deadlocked themselves out of scanning because the other one says it’s a virus, your computer is not being scanned. That’s bad! Scanning is not completely foolproof, and a regular residential antivirus won’t necessarily be able to catch or handle something industrial grade, but it catches plenty of small things like trojans before they become serious problems that can cripple your computer.

Your computer is much better off with just one brand of antivirus on it at a time. Instead of more, buy better. And if you’re unsatisfied with one brand’s performance, completely uninstall it before you install the program you replace it with. Not only does that prevent them from interacting in a negative way, it also prevents the previous program from hassling you to renew it with pop-ups (McAfee is infamous for this). Either way, it’s going to save you some annoyances!

And in Other Realms

The antivirus problem is a pretty unique one because most programs don’t interact with every file on your computer in the way that they do. Two art programs are not going to start fighting over which one you should use, for instance. However, some other cases can be pretty similar. Like VPNs! Having more VPNs is going to slow down your computer without much additional benefit. The way a VPN works is that it takes your request, encrypts it, sends it to a server, unencrypts it, completes the request, encrypts it again, and then sends it back to you. This keeps your ISP from seeing this request, but it doesn’t necessarily anonymize the data – after all, the VPN’s server has to unencrypt the data to actually complete the request, so the VPN knows what the data is, and it knows where the request is coming from in the first place. The VPN has the same visibility the ISP initially had. Adding more VPNs to your computer will not solve this problem, it will just move it down the chain, and add extra time to each request you make in the meantime as it bounces around VPN servers.

If you only need to protect your data from the coffee shop’s open Wifi or want to watch Netflix Canada, the kind of VPNs you see advertised on Youtube will be able to do the job – the data won’t be strictly, unsubpoenably anonymous, but it will be encrypted and rerouted well enough to make those two things happen. If you’re trying to search for things that nobody can know about, you’d be better off downloading TOR (which stands for The Onion Router), a popular VPN with an excellent reputation for encryption and security. Using TOR to do illegal things is illegal, of course, but the act of downloading it and using it by itself is not.

Intro To Phishing, And How To Avoid It

Elizabeth Technology July 14, 2022

What is Phishing?

Phishing is the action of sending someone messages with the intent to deceive them into parting with information they otherwise wouldn’t have shared. While it’s commonly used to try and steal logins, cookies, and other digital data, it can be used to snatch things like government-assigned identification numbers, important medical information, and more.

It’s also not limited to email, despite the common perception – ‘smishing’ is phishing over text using things like fake verification texts, and the ever-popular phone scams can phish by pretending to be a bank or other service that the victim may actually use.

What’s the Risk?

Getting your PII (your personally identifying information) stolen is kind of a nightmare. You probably don’t need me to explain all the ways identity theft can really screw up your credit and reputation!

If a scammer gets ahold of the login to your bank service, and you don’t have 2FA enabled on your account, they can do quite a bit of damage to your account by requesting cards, making fraudulent purchases, or transferring out money. Even if your bank has policies to protect you and undo all that mess, it’s still going to be a very frustrating and anxious few weeks of reclaiming control of your account, communicating with the bank, and the bank trying to track down the phisher (if they even can). That’s just one login!

Aside from the big, important services like your bank and utilities, getting your password and login stolen from a service you don’t consider important can still really suck. It can even lead to the phisher getting into the services you do consider really important. Take a smishing attempt that looks like Fedex has tried to deliver a package, but couldn’t. Were you expecting a package? If you were, you’re probably a little concerned. You don’t notice there’s a typo in the text, or that the number it sent from is different than usual. You click on the link, and it leads you to Fedex Smart Delivery manager, prompting you to log in. If you type in the login, then you just gave them your Fedex credentials! That doesn’t sound like a big deal – Fedex is easy to reset, right? But it is a big deal. Your address is in Fedex. You have your telephone number in Fedex. Your delivery history is in Fedex. The phisher can use some of that information to open accounts in your name that they don’t intend to pay for, which can impact your credit score. Plus, if you reused that password anywhere else, you have to reset it everywhere it was used, because odds are the phisher is going to try and get into everything they can to gather more data and steal working accounts.

How to Better Protect Your Accounts

All of this sounds really painful. Luckily, there are a few tips that can make your information safer! Firstly, don’t re-use passwords. You may groan at the thought, but reusing a password for services makes it much easier to steal an account of yours if they get that password via a site breach or a scam. We recommend a password manager like LastPass – it makes it much easier to store and create unique, strong passwords for every site!

Secondly, you’ll be better protected if you use two-factor authentication on every website that has the option to. If you do fall for a phishing scam, the scammer won’t have the code necessary to get in! Of course, some scams are sophisticated enough to think of that beforehand: Craigslist, for example, had a bad rash of scammers a while back who would “text a code” to a seller “to make sure they were a real person”. The seller then gives them the code, and the scammer now has a Google Voice number with the seller’s phone number as the verified number behind it! They just social-engineered their way into bypassing 2FA. This is why you should never give out verification codes – especially if you didn’t request them. Instead, it might be time to reset the password of the account that verification email came from. Just don’t click any links in those verification emails, either: go straight to the home page of the site instead to log in. The verification email might be a phishing attempt all by itself, hoping you’ll click a fake link to the website!

How To Avoid it in the First Place

It’s better if they never get to test 2FA at all. There are a few key tips to avoid phishing scams. Firstly, is there a sense of urgency? Your utility companies aren’t going to call and say they’ll shut off your water without at least a few mailed reminders that your bill is due! The same goes for your bank. If they demand that you resolve a problem right then, right there, out of the blue, it’s probably a phishing scam (if you’re nervous it’s not a scam, call the alleged company using their number off of their Google page or their real website). This goes for both phone and email phishers.

 If it’s an email or a text, ask yourself if you were expecting an email or a text from that company. If you get a Fedex text update that you didn’t sign up for, it might be a phishing scam. If you got a notification from Walgreens that your photos have finished printing, and you didn’t print any photos, it might be a phishing scam. They want you to click or tap the links they include to see what’s going on. Spelling errors are also a common tell – it’s not impossible for a company to make spelling errors in their communications with you, but they won’t be littering the page with them! Phishing scams do that to weed out people who know better so they won’t waste time on targets that won’t crack.

You should also check the sender of the email! Spoofing is a technique that attaches a real name that you might know to an email address or phone number that definitely doesn’t belong to them. Anyone can set their name to George Smith or Big Company Customer Service in Gmail, but they can’t change the email address they’re sending from. If it’s [email protected] and not [email protected], for example, it’s probably a phishing scam.

The same goes for caller ID, although it’s getting harder and harder to tell real calls from fake ones – scammers can set their name to something like “Hospital” or “School” to make it more likely you’ll pick up. Some more sophisticated operations can even make it look like they’re calling from a different number altogether, using VOIP technology to match the area code of the caller to the person being called. Just like in the urgency tip, you should be able to call a legitimate company or organization like a school back from the number they have on their website, or the number you know to reach them at. If they’re really resistant to you hanging up and calling back for reasons that don’t make sense, it might be phishing. Unfortunately, some scam calls are really tough to pick up on, and the FCC can’t do much to stop them if they’re not in the US. Many people today don’t answer their phone unless they were explicitly expecting a call as a result, and phone companies themselves sometimes offer up call and text screening.

Spear Phishing

Spear Phishing is much more sophisticated by default. It’s a scam that can’t just be blasted out to 500 people, they want to get you! They’ll use every trick in the book they can to get you to click a link or give out information you shouldn’t. If they think you have valuable information on your company, for example, they may send an email pretending to be a coworker by using spoofing, and they will write more carefully to avoid misspelling anything. If something doesn’t feel right, it’s important to check the ‘coworker’s’ email address for spoofing, which should stop most spear phishing attempts in their tracks. If you examine the entire domain name for misspellings, you may find one! For example, somebody using [email protected] or [email protected] instead of [email protected] might snag a few people who didn’t look closely enough. A scammer may also try to use a line like “I’m locked out of my work email, so I’m using my personal one” to try and impersonate your coworker. Many organizations have policies against using personal addresses for this exact reason – how can you verify they’re with the company if they’re using Gmail or Yahoo? Anyone could make an account with their name at that point! In this case, if the coworker didn’t warn you or share this address with you beforehand, you shouldn’t interact with the email further. Don’t click any links or attachments in the meantime.

You can even forward the email to IT! If you’re worried that the coworker really needs that sensitive data (which fits into creating a sense of urgency, like mentioned above) consider the risks of falling for a phishing scam vs. the risks of standing your ground when you didn’t need to. A phishing scam can completely pull down your entire operation, lock up or steal files, and wipe computers of their data, setting a company back with nearly nothing. Not giving information out to an email address you don’t recognize can delay a project or annoy a client, yes, but it’s much better than wrecking your organization, in which case you’ll also delay projects, but for much longer as your company recovers from a phishing-based security breach. Better to be safe than sorry!

Why Didn’t Projection Keyboards Take Off?

Elizabeth Technology May 12, 2022

They’re Not Actually That Convenient

While they look cool, and the premise sounds like it’d be more convenient, the reality is that they weren’t. Anything made of light can be interfered with using other light, firstly – all of the coolest demo pics showed the keyboard being used in a low-light situation, primarily so you could see it better in these super cool pics but secondarily so it would work better. Speaking of seeing it better, that’s a problem too. Looking at bright things in the dark can cause eye strain, and while you probably don’t need the lights completely off to see your keyboard, your monitor itself is going to produce light, so working in suitable conditions for the keyboard may not be suitable given your monitor. You can lower how much light the monitor produces, but you also don’t have to do that for other keyboards, so.

Secondly, you now have to have a flat surface to type on. You may think “regular keyboards need that too!”, but they don’t need it as badly as the projection keyboards need it. You can type on a laptop on your lap. The keyboard (unless you’re typing on a flimsy, ultra-thin device) can support its own weight, and you can sit while doing it. If you don’t have a place to set the projection – like a table, or even a smooth chair – you’d end up setting it on the floor so it can project evenly. This then means that you’re touching the floor, or the wall, or whatever surface you have instead of your desk.

While this is, again, not a consistent problem, it’s the kind of thing you don’t want to discover in an airport or out on a hike looking for endangered frogs.

Nobody Likes Slapping Plastic

Turns out, a lot of people like haptic feedback. At the very least, they’re used to it. Typing on tablets can be frustrating for some because it’s unclear if they actually activated the button, requiring them to glance between the keyboard and the screen where the letters are appearing. Everything from long nails to caffeine shakes to physical disabilities can make it harder to type on tablets. The same applies to the projection keyboard. You’re left typing on whatever surface you have – most tables are hard, one way or the other, and so you’re slapping your fingertips down on something that doesn’t have any ‘give’ like normal keyboards do. It’s cool-looking, but not cool-feeling.

Mac ran into a similar issue when it was making the slimmest laptop yet – not only did the size compromise the strength and power of the laptop, it also achieved that size by eating up key height, which was the computer equivalent of breeding the snout off of an American Bulldog “because it’s what the breed standardizers want”. That keyboard felt like typing directly onto a hard surface, too, and a significant portion of the people who bought it didn’t like that.

Does it Actually Work?

It looks cool, and given the conditions are right, it works, right?

The high end models do for sure. The problem is that, like with any electronic, not every product on the market is legitimate or well-made for the price. The high end models can handle uncertainty in projection-to-desk distance, they can handle differences in light and a bright room, they can even handle small warps in the typing surface. The cheaper knockoffs of the original idea simply cannot, and in the same way Roseart pastels can convince children that pastels just aren’t for them, these cheaper projection keyboards did nothing to ingratiate the general public to the much more expensive version. After all, before you drop 300$ on something, you want to be sure you like it with a 50$ version first, right? That’s good advice for everything from fishing rods to model kits, because if you don’t enjoy it, you haven’t set yourself back $$$ to learn that.

At the end of the day, projection keyboards look cool, but they’re not actually that convenient to use, and not every model can even do the things keyboard needs to. Until they can do better than the flexible keyboards already on the market, projection keyboards are going to remain a niche item.

Games and Permanent Marks

Elizabeth Technology April 13, 2022

Should games be messing with file registries?

Before you read this, there are game-behavior spoilers for games from 2017 and back.

Games like being creative. They especially like doing interesting things to punish you for making poor choices or mistakes, although how the game defines ‘punishment’ is completely up to the developers. For example – sometimes, punishment for taking on an enemy you weren’t prepared for is simply dying a frustrating death, but you still get to keep your stuff and levels (like the Halo games). Sometimes, punishment means losing some levels, some of your stuff, and any consumables you used in the fight, because dying to the boss doesn’t mean going back to a checkpoint, it means going back to a spawn point (like Dark Souls).

Some games go even a step further than that – they write your failures or poor choices somewhere besides the game, so you can’t escape your failures unless you find those files.

It’s not a new phenomenon, although it has gotten a little more popular as of late. An old RPG by the name of Zork! would curse you if you tampered with a corpse, and you’d never be able to pick up treasure again. It would keep the curse stored in the Windows Registry, so not even reinstalling could help you. Fun!

The Famous Undertale “Genocide Route”

Undertale is a cute game with many twists, the first one being that you don’t actually have to kill any of the enemies – you can, and you’ll still beat the game, but you don’t have to. You may not realize this upon first playthrough, though, so when you beat the game, look up discussions or lore, and realize oh man I killed some guys you can go back through and play it pacifistically to get the ‘true’ ending. No penalties, you made an uninformed mistake and can fix it now that you know better.

However, this doesn’t apply if you decided to start maliciously slaying everything in and out of your way (the way other RPGs expect you to grind for experience points)! It really doesn’t feel good, not just because the characters are cute, but because the game is designed for random encounters, so actually finding every killable enemy in an area takes much longer than playing the game normally – even as your damage increases. At that point, you get a different final boss fight that’s even harder than the original Flowey fight (which isn’t spoilers), and you carry the mark of what you just did with you forever (intentionally vague). And the game really does mean forever. Even if you complete the total pacifist run afterwards, at the very last second, the game shows that it still knows what you did. Even at reinstall.

The game’s check that you killed everyone is in a folder that is separate from the game’s main ones. While it isn’t hard to find if you know it’s there, it was unsettling to the people who’d played the genocide route, uninstalled, reinstalled, and then discovered the game still remembered their crimes.

Anti-Pirating Techniques

In-game DRM, most popular in games from the late nineties up to the mid-2000s, prevents the game from functioning as intended. Some prevent the game from starting at all, others actively shame you for  downloading an illegitimate copy, but most sit somewhere in between. In the Spiro games, for example, you can still play… but you’ll never get to finish the game if it thinks you have an illegally made copy. The game becomes increasingly difficult to play, and when you get to the end, the game crashes and wipes your save. In Alan Wake, the game just slaps an eye patch on your character and guilts you without actually touching any playable aspect of the game. Restarting doesn’t make either of these things go away, but reinstalling might… if the legit copy was just faulty, or if you actually did replace your… faulty… copy with a legitimate copy of the game.

The DRM is part of the game, so it’s not technically a permanent mark on the computer, but a permanent mark on the game itself. Don’t pirate indie games!

Doki Doki Literature Club

If you’ve been online in the game-sphere in the past 7 or so years, you’ve probably seen the Japanese-Dating-Sim-inspired DDLC (or Doki Doki Literature Club) mentioned at least once. If you haven’t, this section will contain some vague spoilers. DDLC is infamous in the indie game scene for jerking very hard to the left, and executing that turn so well that it permanently shaped the way that flavor of indie game was made. The game actually pulls from the Windows or Mac directory to get your real name, but that’s not all. It actually invites you into the game’s files at the finale, and it organizes itself so neatly that removing a character is as simple as removing a folder with her name on it. It’s not quite that simple if you were to actually look inside the files (the game is actually doing a check to see if you’ve removed that file, and if you have, it removes the relevant character, because actually sorting character information like that is practically begging for bugs) but it is a very interesting way to handle the last scenes of the game.

Games That Uninstall Themselves

Some games actually refuse to leave any trace at all, insisting that you don’t replay them without at least a little bit of introspection in between runs.

Or, they realize they’re already on track to be uninstalled, and simply do it themselves. Meme games, meme horror games, and art games sometimes fit this description, but it’s honestly pretty rare. It makes it tough to get back into the game, because reinstalling games is annoying, so the games that do this either understand they’re special or understand they’re annoying. DDLC did this too, and so do a handful of Japanese games. One of the big ones is Nier Automata – if you don’t let characters delete themselves, you don’t get the ‘true’ ending.

If you like spoilers, or you just like seeing how games handle the concept, TVTropes actually has a whole page of games that self destruct, delete your data, or otherwise tamper with themselves as a game mechanism: https://tvtropes.org/pmwiki/pmwiki.php/Main/DeletionAsPunishment

Games That Install Things That Aren’t Really Part of the Game

The My Little Pony fangame Luna Game was sort of famous for this, if famous is the right word – within the incredibly niche community of MLP Horror fans, there existed this platformer that pretty much only played for long enough to serve up some jumpscares and then leave, granting you one final jumpscare with an edited creepypasta-style .jpeg that opened right after the game quit itself out. Later editions would open up the notepad and tell you something ominous.

Eventually, horror games realized this was associated with the sort of games that were easy to make and scariest for 12-year-olds who weren’t allowed to play scary games yet, but were afraid of breaking the family computer by downloading ‘a virus’ and getting caught.  As such, notepad txt files and simple jpegs aren’t really used this way anymore. When games want to show off their monsters, they put a gallery with still images of it in the game itself!

And, once again, DDLC did something higher with this concept – after the game deletes itself, it leaves a note for you, one that’s actually sincerely tied into the game and not a jumpscare or warning. While there’s a lot of room for creativity, there’s also a lot of room for things to go wrong. Some antiviruses, for instance, don’t take kindly to the ‘wrong’ kind of file opening while a game is playing. Other computers just don’t let the game put the files in the way it wants them to, meaning it can’t pull them back out the way it will need to at the end of the game.

Overall, there are many ways to add to a game within a game, so maybe twists and turns from fiddling with source files isn’t the only way to add scares or intrigue to the game!

Sources:

https://classicreload.com/zork-i.html

The myth of the Rust Programmer

Elizabeth Technology April 8, 2022

The Rust subreddit is populated by a bunch of people who seem to be the programming equivalent of Sasquatch, in that everyone who goes there as a different programming language’s expert never sees these people in real life. Stack Overflow loves Rust, but 97% of the polltakers who declared that don’t use it as their primary language. What is Rust? Why does finding people who write in it seem so hard?

Finding Training In It

If you go down to your local Barnes and Noble, you should head to the technology section. There, you’ll see a couple of strong trends – Python, Javascript, Java, and C (including C#, C+, and C++) as well as a couple of general hacking books (white hat, obvi) and a small sprinkle of other languages used for specific goals, like WordPress and Linux. At the bottom, at the end of the shelf, you might see a small book about Rust.  

Steve Klabnick, who’s written books on many of the popular programming languages, does have two books on Rust out for the public, but unlike Python or C#, his books were not available in the store. Online resources go deep, but not as deep as other living languages do, or even as deep as other offshoots of C do!

But Rust isn’t some weirdo language with one specific purpose, so why’s it so rare?

Why So Rare?

Firstly, Rust was created by Mozilla Firefox, the software company most famous for making the Firefox browser alongside a handful of other privacy-related projects. The origin of any language changes how it’s received – if C# and Linux had traded parents, we’d be looking at penguins right now. Secondly, Rust is pretty young, released in 2010. For comparison, most people put it next to Python because both are fairly powerful and concise, but Python was born in 1991. Rust is just not as well-established as its older siblings are.

Thirdly, when it comes to the language itself, it’s not alien to other programming languages, but it’s got some quirks to it. It’s format, for example, is sort of like writing a haiku instead of an essay to achieve a desired result. Its conciseness is a major source of power, but it’s much easier to write sentence after sentence to explain your point than it is to shorten that point to a handful of available syllables. Additionally, when people say it’s ‘safe’, they don’t mean safe-safe, they mean programming-safe, as in memory-safe: it’s not going to buffer-overflow your computer into a crash, but that doesn’t mean a determined beginner can’t find some other way to change their machine with it. Rust also does not default to compile inside a Virtual Machine unless you put one in its way, which is a little bit scary.

What Is Rust Used For?  

Rust touches on pain points that other languages can’t. It’s exceedingly powerful, and elegantly simple; it’s suitable for bare-bones programming alongside more complex demands. Rust is a free offshoot of C++, a language commonly used by Windows, so it’s easy to get into if you’ve got some experience in something else. In general, Rust is a good all-rounder application, although you probably wouldn’t want to use it to make games.

Sources:

https://codilime.com/blog/why-is-rust-programming-language-so-popular/

Rust vs. Python: Why Rust is gaining in popularity

Audacity Security Breach

Elizabeth Technology February 11, 2022

Audacity is a free software that would allow you to edit audio files. It was an excellent software, one that despite being free was remarkably flexible and stable, a godsend for newbie producers and potential hobbyists who aren’t sure they’re ready for a more expensive program. Or worse, a subscription service. Audacity fell from favor after an update threatened the security and privacy of it’s users after Muse Group purchased it.

Audacity’s newest privacy update (as of April 2021) now specifies that they’re allowing themselves to ‘collect data’ for ‘potential buyers’ and ‘law enforcement’. They do not specify what data they’ll be collecting, or if it’s even limited to the app. They do not specify if law enforcement needs a warrant, or if they’re just allowed to have anything they ask for as a rule. They do not specify what all is included in the group ‘potential buyers’, which – if you think about it – could be literally anybody who could potentially have the money necessary to make the purchase. That’s obviously really broad, but that’s the issue! The full scope of this tiny little throwaway line in the updated privacy agreement carries all this weight on it with no special attention made to highlight it.

Even worse, we know they intend to use that data collection, because they’ve stated children are not meant to use the app (because collecting data on children under the age of 13 is not legal in the US). Telemetry features were very quietly added to the application in that April update, meaning if you’ve updated, there’s a possibility they’ve already begun collecting.

Of course, the company denies that any of this means anything, and says that other privacy policies include the same language. The difference, of course, being that a free, open-source software that wasn’t doing that now is, introducing a whole new set of rules for it’s use. This complicates things tremendously for schools and other reasonable places where kids might learn to use software like Audacity (which is both free and open-source, meaning no copyright issues if no modifications are made) and now they can’t because of that whole ‘violating federal law’ thing.

Substitutes exist, of course. If you look on the web, you’ll see things like Dark Audacity and Reaper, both designed to fill gaps that the original Audacity couldn’t even before that critical update. Audacity making an unfortunate move doesn’t mean everyone else has to, or that they’d somehow cornered the free, open-source audio-editing software market.

Hang in there!

Sources:

Audacity’s new “Privacy Notice” has left many concerned

https://www.itpro.com/security/privacy/360116/audacity-privacy-update-sparks-outrage

V-Tubers: The Virtual Youtuber

Elizabeth Technology February 7, 2022

You might have seen videos on Youtube’s front page for what looks like anime characters playing games. What’s the deal?

The Human Ones

We all know fans can be insane. A fan fatally shot Selenas at a concert. A group of teenaged fans targeted celebrities to steal from. Fans surround famous TikTokers’s houses and park in the street, hoping to get a picture or video of them for the app. In Japan, idols are very reluctant to date, because the insane idol culture means that male fans see them as future girlfriends, and a real boyfriend would mean they were ‘cheating’. Superfans seem to think they ‘own’ celebrities. As such, it’s kind of dangerous to actually be out in the wild as a celebrity.

A solution? Make sure people don’t know what you, your house, or your room looks like, and it makes you harder to find. Software can be used to superimpose a 2-D character over a 3-D person, and have it follow their movements. The real person never actually appears on screen, but their facial expressions and gestures are still caught on screen via their avatar. Win-win – the streamer gets to livestream their reaction to their game anonymously.

However, obscuring one’s real identity isn’t the only reason they’re in use. Some streamers use them because they’re fun and colorful, others use them because they can be used to interact with chat without actively interacting with chat – text can scroll across blank spaces on virtual wings or T-shirts. Virtual confetti can rain down on the virtual streamer with some trigger from chat, with no mess to clean up. Sometimes, the person has appeared live before, but just doesn’t want to dress up for their stream – the V-Tuber version of themselves is always perfectly dressed!

The first one, Kizuna Ai, broke ground when she first began streaming. Motion-Capture tech used to be for movies only, as it was prohibitively expensive, and usually required special kinds of suits.

Motion Capture

If you were around for the filming of The Hobbit, you might remember that video of Benedict Cumberbatch flailing around on the ground in a skintight suit covered with white dots. That was the motion capturing process. They used that footage to rig to the face of Smaug, the villain of the story.

But why?

CGI artists would eventually hit a wall if they were to only make things move by hand. Yes, in the short term, doing it manually looked better (and was faster) than motion capturing, smoothing the capture out, rendering, adding in shadows, etc. However, in the long term, motion capture provides a much more realistic experience at a fraction of the cost and time of doing it the old way, especially as models got more and more detailed.

It also caught key parts of human expression and human movement better. Grimacing has many other, smaller facial movements than just the mouth turning downwards, for example. The artist used to have to move all those little details by themselves, and then repeat that for each expression or word, over and over. The other option was an uncanny-valley creation, or one that felt flat – there just wasn’t another way before motion capture.

When filming The Hobbit, Benedict just had to make his expressions into a camera, and then the computer could use key points of the human face to connect to key points of Smaug’s face. It could register his ‘skeleton’ in the footage with those dots on his suit, and use it to create a functioning, moving Smaug shell that followed along. The computer just has to be told where to attach the dots on his suit to the Smaug shell, and Voila!

Science World compares it to three dimensional rotoscoping. Over time, facial recognition software has gotten much better. The Virtual Youtuber doesn’t even need to be wearing a suit for the virtual model to work anymore. It simply understands what a face looks like now, which is incredible. The rigs that streamers use can understand facial expressions, and as long as you tell it where the eyebrows and mouth are, it can mimic them in the virtual shell. This allows for incredible freedom when designing the character – if you want your character to have a tail, all you have to do is tell it what the tail reacts to. Wings? Same deal, you can attach them to your arms’ movements if you want, and they’ll move when you move. Some programs understand clothing physics, and can move capes according to arm movements.

Many programs are in use today[HYPERLINK V-TUBER WIKI]. CodeMiko on Twitch uses the Unreal Engine software, a program used widely by game studios. FaceRig and Animaze are also popular choices, but freeware programs exist as well. It’s entirely possible to make yourself into a V-Tuber with a little elbow grease, and a willingness to work with the models.

An Opinion: V-Tubing is Friendlier than Virtual Influencing

I like V-Tubers. I don’t like Virtual Influencers. They arrived with a kind of smugness, from both their creators and assorted news outlets: “We’re winning. We’re totally funnier and hotter and more interesting than real people.” Yeah. That’s… not really a revelation. Of course an entire team of people, none of which have to actually appear in front of the camera, is going to be more successful at being hot than a real person. Lil Miquela doesn’t have pores or acne or feelings. She is a CGI’d doll that doesn’t have to actively respond to the environment like a V-Tuber rig does. The whole draw of influencers is that they create the illusion that attractive people exist – real people will photoshop themselves too, but normally they have the decency to hide it.

Meanwhile, V-Tubers have the opposite approach. “We all win. Let’s have fun together with this system.” When people can’t show their faces, they can wear a suit that shows their expressions, allows them to interact with chat, and allows them to communicate nonverbally where they otherwise couldn’t. The rig allows them to connect more organically to their audience, not take advantage of them. They were never meant to replace real people – they’re mostly anime-like characters with big eyes and big heads. The person behind the mask is still playing the games, and talking, too; Lil Miquela barely ever has to ‘appear’ for her audience. 90% of her interaction boils down to text that someone else writes and pictures someone else makes. Meanwhile, a V-Tuber is actually behind the screen. A V-Tuber is ultimately a real person with a tool, not a tool being used to replace a real person.  

Sources:

https://www.theguardian.com/lifeandstyle/2009/oct/27/lindsay-lohan-paris-hilton-robbed

https://www.engadget.com/2014-07-14-motion-capture-explainer.html

http://www6.uniovi.es/hypgraph/animation/character_animation/motion_capture/history1.htm

How Motion Capture Works

https://www.sportskeeda.com/esports/what-codemiko-really-like-off-camera

https://virtualyoutuber.fandom.com/wiki/List_of_VTuber-related_software_and_resources

Is It True That Macs Don’t Get Viruses?

Elizabeth Technology December 22, 2021

Absolutely not. Here’s why!

Apple devices are slightly harder to weasel into from outside, but that doesn’t mean that it’s impossible. A virus has to be crafted differently to even function on an Apple computer. For the same reason that Apple needs its own version of browsers and games, it needs its own version of viruses, and with Microsoft being the default for most ‘sensitive’ systems, like pharmacies, school networks, and hospitals, hackers and other malicious individuals just don’t seem to care that much about Mac devices.

But not caring that much is not the same as not caring at all.

Apple’s known virus count is slowly creeping up, although viruses that use weaknesses in the system to get in are quickly made obsolete by updates. Apple viruses are a special kind of pain to deal with because the person who made them surely made them out of spite – as said previously, Mac’s system is not compatible with Microsoft’s, so viruses are custom tailored.

Their recommendation is to completely avoid third party apps – for good reason. The primary way that malware ends up in the computer’s system is via scam downloads. Those can look like a couple different things. Everybody (or almost everybody) knows not to click those flashing banners at the top of blog sites that advertise “FREE iPAD! CLICK NOW!” because it used to be the most common way to steal information from non-tech-savvy people.

“Free Flash Player!” “Free Game! Connect With Friends! Download Now!” are it’s equally outdated cousins. Anything that tells a Mac user that they need to download it has the potential to be a virus, and if the user is unlucky enough to get a virus prepared for a Mac, they’re in for a headache. But it’s tough to trick people with those flashing banners anymore, right? So…

The next easiest way is to fake an email from an app publisher, or even from Apple itself! This still won’t get a lot of people, but the people who fell for the flashing banners the first go-round might fall for an email that looks juuuuust official enough to make them doubt themselves.

One version of this scam involves sending an email with a downloadable attachment to ‘fix’ a ‘virus’ that ‘Apple’ has detected on the device. That’s not Apple, and there’s no virus until the recipient downloads the attachment. That was the goal! And now the virus is on the computer. Oh no!

Alternatively, if you’ve downloaded some game or another that you trusted, even though it was third party, and then received an email about a big patch that needs to be downloaded, you might fall for it! Depending on the game, they could have your email to send patches to, right? Official platforms like Steam certainly have their user’s email.

And that’s not even the game download itself! Downloading a game off of third party websites can lead to some nasty results, which is why Apple goes out of it’s way to warn you every step of the download, and also warn you off of third party downloads in every help forum. The risk that what you downloaded could be malware is just not worth the inconvenience of waiting for that game to come out on an Apple-licensed platform.

Long story short: it’s very possible, albeit difficult, to get viruses on a Mac computer. Don’t download attachments from strangers!

Source: Apple.com resources

What is a DOS attack?

Elizabeth Technology December 20, 2021

DoS stands for ‘Denial of Service’. What this means is that someone plans to deny service to and from a website by crashing it, or making it run so poorly that it may as well be offline. As for ‘why’, there are many reasons – someone could be ‘disagreeing’ with the content of the website or it’s discussions, they may be attempting to drive viewers elsewhere, it may be political, it may be simple trolling, the list goes on.

So, how is it done?

The How

Denial of Service is just that: a denial of service. Any means may be used to get to that point. If it’s a poorly secured website, getting in via hacking or password stuffing and changing the contents on-site could be a DoS. If it’s a poorly balanced website, and if it’s one that allows for posting of pictures and memes, sending an image that’s too large for the website to handle could do it. Similarly, sending too much text, animate gifs, or other content that the website wasn’t prepared for could shut it down. Requesting too much data and opening several tabs at once of a big image that did load could simulate an http attack, although that may be equally hard on the computer that’s doing the requesting.

Inputting code into poorly made text entry spots can also crash the website, if the owner didn’t know how to prevent SQL injections. Dinging the website too many times in one go can crash some websites, although that usually requires things like bot nets, which turns it from a DoS to a DDoS.

In that same family, SYN flood attacks can also deny service by requesting information over and over until the website is so overloaded that it can’t respond. In a SYN flood, the computer sends requests to connect to the server repeatedly, but never actually completes them. If it’s done right, the server runs out of ports to take the requests, and legitimate requests mixed in with the faulty ones now have to wait much longer.

Preventing it

Many of these are simple issues of preventing out-of-format content. If a posting box has a hard limit of 10,000 characters, the DoSer could whip up a bot to post over and over, but the website owner would be able to tell that something was going on before it crashes the website. Many picture printing places won’t allow photos over a certain size or resolution to be sent over the web, because it can clog the intake – especially places like drugstores that aren’t set up for large high-quality images. If the network isn’t prepared, it’s entirely possible for photographers to DoS them (at least in the photo station) by accident!  Instead, it’s much easier to keep these incidents out at the gate: configuring comment sections and image requirements for size is a bare minimum.

As far as SQL injections go, we have a whole article on sanitizing inputs (here) – the essence of prevention is keeping data inputs and the command to get it to the database separate from each other. This prevents a number of issues by itself, but is good advice to avoid DoSing via SQL as well.

For SYN floods and other brute-force attacks, configuring the firewall and installing an IPS (Intrusion Prevention Software) are what security vendor PurpleSec recommends. In the olden days, attacks like these may not have crashed the site, but they could still drive the hosting costs through the roof – the owner is then incentivized to pull the plug themselves so they don’t drown in fees from their server company.

To prevent breaches, use two-factor authentication when building your site. Please. Microsoft reports that it stops 99.9% of fraudulent login attempts. It is one of the easiest ways to improve your security.

How is it different from DDoSing?

DDoSing relies on multiple computers to get the desired effect; DoSing takes much fewer. This has many benefits for the person trying to wreck a website. Firstly, DoSing doesn’t involve gathering other computers to attack with – you already have all your resources at your fingertips! However, that’s a double-edged sword, as you can’t attack with more than you have.

DoSing is also easier to coordinate as other people are (usually) only minimally involved. Getting other people to DDoS a site organically is difficult because it requires organizing strangers, and doing it with a botnet requires buying a virus or making one yourself and then distributing it. DoSing with a SYN flood or with SQL injections is hard – but it might be easier than trying to get ever-more-wary strangers to click a suspicious link. Outsourcing to a hacker group, of course, is easier than both unless the malicious party lacks the funds to do so.

On the other hand, hacking into a website that’s only password-protected with a password stuffer (or doing it semi-manually by guessing passwords yourself) is probably easier than any other method. While this carries some risk (if they can tell where the login came from, they may be able to find the attacker), it also has a lot of potential for damage if the website owner hasn’t backed up the website. The problem with this method is that the website has to be poorly secured for it to work – 2FA stops the vast majority of these attacks, and being smart with who gets admin permissions can limit the effectiveness of the attack.  

Sources: https://purplesec.us/prevent-syn-flood-attack/

How to Stop a DDoS Attack in Its Tracks (Case Study)

What’s the Deal with Linux?

Elizabeth Technology December 17, 2021

You’ve probably heard of it. What does it do? Why is it so different from Windows or Mac? Why don’t offices use it if it’s so versatile?

First: Battle of the OS

              Let’s start from the point that Windows 1 was launched. Microsoft’s new OS (Operating System) is designed to be fairly user friendly. It’s not perfect, but it accomplishes its task: making computers accessible to the layman, to small businesses, and to people who don’t have any experience with computer languages. Apple soon comes out with its own OS, designed to be better than Windows for immediate usability, and also makes a big splash. Microsoft outcompetes other OS’s in the business world by offering Excel for free! with purchase of Windows. Have you ever heard of IBM’s Lotus spreadsheet software? It was an extra charge on top of the OS software. Microsoft’s Excel was not. Lotus goes extinct.

 Apple in turn offers a better version of Excel (one that can do more complex things, thanks to the Macintosh OS). This pattern continues for some time.

 Other OS’s are still around, but many fizzle out shortly after they launch: Microsoft is a big company with a lot of excellent programmers in its ranks, and when Microsoft improves something, IBM and Apple were usually the only ones who could keep up. Everyone else had relied on specializing to specific companies, which is both time-consuming and inefficient, and gradually little companies died out.

 Enter: 90’s. UNIX has been around since the 70s (and spent part of that time free due to an anti-trust law), although it’s commercial use kept shrinking as Microsoft’s share of the market grew. It just couldn’t do as much as Windows, and you weren’t allowed to modify it, so if somebody wanted to spend the money, they’d usually lean towards Microsoft when it became widely available. A Swedish college student really appreciates the base form of UNIX and decides that with a few tweaks (that slowly turned into a lot of tweaks), he could make a version that was good enough to satisfy most people. The rest is history; Microsoft comes to dominate the business world, while Apple follows close behind for the residential computer market, and Linux lives on, ready to port to any number of available devices.

Why Use It?

  1.  It’s free! Completely free. Anybody can download the base form of it and modify it. If someone has the right experience, they can push a computer to the limits.
  2.  It’s open source. Open source means that anybody can access the inner workings, create tools with it, fiddle with the coding, etc. so for people who want to ‘make’ their own OS experience, this is a fantastic tool that doesn’t have other invisible programming getting in the way. This can quickly turn into a curse if you’re hoping to just hop right in with limited experience, but it’s possible. There are also plenty of pre-made versions with a little more meat on their bones for folks who want to download something for a custom computer or smart device, but those usually cost money; like anything else, it’s a tradeoff. Most smartphones use a modified form of Linux.
  3.  Linux is lightweight on hardware. By it’s very nature, raw Linux doesn’t have as much software as a fully completed OS, so when you’re looking to make a robot or get a really old computer up and running, Linux may be the answer to your problems. It allows you to trim the fat where you need to without losing room for features you need. It’s actually a pretty common software/firmware choice for that reason – certain car brands with smart features rely on Linux, along with smart TVs, and a lot of Cloud Infrastructure.

Why not?  

What does it do worse?

  1. A lot of people are faster on Windows or Mac than they are on Linux. People who have always used Macs are faster at using Macs, and the same goes for Microsoft computers. This comes down to experience, and it’s not really a downside to Linux so much as a natural part of training employees. However, when a company also needs a lot of ordinary tools, like Excel or Word, buying Windows computers and bulk licenses is frequently cheaper than making and training employees on the tools yourself.
  2. There’s only vendor support for your Linux tool if it A) was bought from a vendor and B) they offer vendor support. In-house projects have the power of the programmer that made it, and online support from forums, which relies on the free time of experts. That can become scarce right when it’s needed most, and it’s certainly not guaranteed if the project is too deep for an expert to want to toy with for free. If the company gets itself into trouble with the project, or if something goes terribly wrong, the only options become fixing it themselves or hiring an outside firm experienced in Linux. This is a very ugly option to a lot of companies, so vendor-supported tools are usually the first choice.
  3. Linux is only more secure if you know what you’re doing – it’s very possible to overextend a feature and create problems for yourself/your company.
  4. As for home use, it’s not just like Windows unless you make it that way. Hobbyists and professionals alike like Linux for its flexibility, but if you’re an average person who just wants to change the way movies play on your device, it might be easier to see what other people have built for your favorite OS and go from there.
  5. Linux is famously incapable of playing games straight out of the box, so that’s a bummer.

Really, most of the downsides to Linux are that it’s not pre-made, which is also it’s biggest strength.

Sources: https://www.howtogeek.com/196493/what-concepts-were-used-before-operating-systems/

https://en.wikipedia.org/wiki/Unix

https://opensource.com/article/18/5/differences-between-linux-and-unix

https://en.wikipedia.org/wiki/Linux

‹  Older posts