Wednesday, February 7, 2018

Digital Assistants or AI Everywhere

One of the major topics of conversation coming out of this year's CES was that digital assistants seemed to be everywhere. Digital assistants are an example of artificial intelligence (AI) and are found in products like Amazon's Alexa, Google's Google Assistant, Apple's Siri and Microsoft's Cortana. The products most associated with these AI are Amazon Echo, Google Home, and just recently available for sale, Apple HomePod. They range in price from slightly under $50 for Amazon Echo Dot and Google Home Mini to $349 for Apple HomePod. There are also third party manufacturers creating devices for use with these AI, e.g., Harman Kardon makes a speaker for Cortana. Sonos makes a speaker that works with Alexa and promises to integrate eventually with Google Assistant.

Google Assistant, Siri and Cortana have all been around for several years and accessible via smartphone, tablet and/or computer. So, we've had a little while to get used to the pros and cons of interacting with voice activated digital assistants. But their move into the home started with Amazon's Echo, essentially a smart speaker, a couple of years ago.

Smart speakers coordinate with music streaming services so you can ask them to play a wide variety of music. The AI can look up information on the web so you can ask for weather or news updates. You can ask also ask for event information like movies and times near you. You can even ask for calculations and conversions, e.g., teaspoons to ounces for cooking, or Fahrenheit to Celsius. Smart speakers are often tied in with the Internet of Things and can work with various gadgets and appliances. As they tend to take answers off the top without scrutiny, they may not always be the best sources for reliable unbiased information. Alexa tends to over rely on Wikipedia, for example. So when people change the Wikipedia entries, answers can change. A recent article in Fortune: 'Who Is Jesus?' Google Home Couldn't Answer and People Weren't Happy  helps illustrate some of the potential problems in AIs remaining unbiased in a polarized information world. Amazon Echo, in particular, also has a large variety of third party skills available so it can be used for an ever growing number of games and various tasks.

Digital assistants are offering a lot of possibilities to people with visual and physical disabilities. They may prove particularly useful to our aging population. They offer quick information in response to verbal requests and can be asked repeatedly for the same information without ever showing signs of tiring or exasperation. As they can also be tied in to IoT hubs and devices, they can be used for routine tasks like turning on and off lights, locking doors, changing channels on TV, setting thermostats, as well as monitoring cameras and doors for security. People can use them to order groceries or other supplies as well as provide reminders of appointments or times to take medications. They can be linked to family members' devices for quick calling features. In short, they might make it easier for people to stay in their homes and for families to feel comfortable about it. There are many articles such as this one written on the topic: Amazon Echo for Dementia: Technology for Seniors

One of the downsides is privacy concerns over always on listening devices in the home. There are indications when they're actively listening. The Echo lights up blue as in the photo.
However, one does notice that they seem to turn on periodically for no apparent reason. This is particularly true if they're near a radio or TV. People seem to say the A-word setting off the Amazon Echo at an alarming frequency. There are other optional wake words for Amazon's product. You can change it in settings to: Amazon, Echo or Computer. But I doubt any of these will solve the problem especially if you watch or listen to tech podcasts like I do. It will still turn on at odd times. The phrase, "Hey Google" is probably a lot less likely to be uttered by accident. In the case of the Echo, you can go into the settings and see when it was activated and what were the triggers and responses. You can also delete any or all entries from your history. But many are uncomfortable that information is being collected and stored. And law enforcement has at least once that we know of asked for it. So, if you have privacy concerns, you might want to think twice about bringing listening devices into your home. But do keep in mind that most phones, particularly newer Android phones are also always on listening devices. They're just not quite so open about it.

There are some open source solutions.
Mycroft Mark 1 pictured here. As it's open source, it's designed to be modified and customized by users. But it will also provide basic AI functions like answering questions, controlling IoT devices, playing music, etc. From reading some of the information on their website, I think that the key difference they offer is that your voice information is aggregated so that it cannot be tracked back directly to you. This is different from Amazon which connects your queries to your Amazon account as one of the services offered is shopping via your Echo device. Google also offers shopping capabilities. As their main business is advertising, so you can assume that Google Assistant information goes into their aggregate database about you and your interests, all the better to direct ads at you. Apple offers a more privacy oriented service for those who are willing to shell out premium dollars. 

The allure of open source is its customization. For those who are so inclined, one can use the Mycroft software on a raspberry pi and enable a number of different devices and uses. The downside is that it might be a bit trickier for non-techies to set up and troubleshoot and it may not work with certain services. Digital assistants seem to be following the services silo model. Amazon products work best with Amazon services: Echo with Amazon Prime music and video, Fire TV, Google Home with Google Play and YouTube, Apple HomePod with Apple Music and iTunes. They all purport to work with major third party services like Spotify. But if you're tied to a particular service, it would be a good idea to make sure that it is supported by the device of your choice.

So, what does all of this mean for libraries? I think it will continue to be important for librarians to help educate the public about new products and how they can be used or possibly misused. It also seems very important to make people aware of the privacy implications of many of these devices and services. People should understand there's a trade off between convenience and giving up personal information and data so that they can make better informed decisions. 

But there are wider implications as well. What about the increasing reliance on voice control? It is convenient but it does limit the kind of information that is routinely accessible. There is no and evaluation of sources and perhaps not even a citation. But I have heard Alexa say a piece of information came from Wikipedia. There's also very little opportunity to drill deeper or question further. Part of the assistance offered might be to help people set up their own custom news briefings so that they can get news of interest to them from reliable sources.

Once again, librarians also have to ask how they can get their services on some of these devices. One of the features people love is the availability of audiobooks. Unfortunately, as far as I know, this only applies to purchased audiobooks. Wouldn't it be great if the libraries' offerings were available as well? And how about ordering library materials via digital assistants? Shouldn't our ILS be searchable as well? It goes back to the notion of meeting our patrons where they are. If they are spending more and more time with digital assistants, shouldn't we be there as well?

Tuesday, January 23, 2018

Wifi networking options for your library

There is a lot to know about networking in general and wireless networking in particular. So, I've put together a bibliography with articles and videos you can watch to learn more about the overall topic and/or a few specifics.

From CNET: Home networking: Everything you need to know
From KnowHow on the TWIT Network:
Networking 101 The whole series is helpful, but the episode on
Router WiFi Setup may be particularly helpful as that's what I referred to when setting up mine.

There are some interesting alternatives for setting up subnetworks for trusted, untrusted and perhaps totally untrustworthy devices using old routers. You might want to check out the Know How episode:
Networking 102 - Part 4: 3 Dumb Routers

Friday, October 20, 2017

KRACK safety precautions


I've had a chance to track down more information about the KRACK attack and what can be done to protect against it.

It's what is known as a "Man in the Middle" attack. Someone has to be physically on your network in order to execute an attack on your router or devices. This makes it unlikely to be a problem for home users. And probably not a huge issue for a small library wifi network. But it's always better to patch devices when you can and take precautions.

A few points that can stand further clarification:

  • Windows and iOS devices are not particularly susceptible to this breach as WPA2 was never implemented entirely correctly in these operating systems. The protocol didn't work as planned. Neither does the hack. Regardless, both Microsoft and Apple have patches in the works.
  • Android 6.0 and higher are most vulnerable to attack. Google is working on patches for Android. Whether or not your device gets an update is largely up to the manufacturer. Most current models will most likely get the patches eventually. Many old ones won't. But these devices have always been vulnerable to attacks. This is just another one to add to the list.

Information of a highly confidential nature that requires a good measure of privacy protection should probably never be done over wifi. If you have such a network, the best advice is to turn off the wifi router and use ethernet cabling to make it a wired LAN. It's always a good practice to use ethernet for secure transmissions.

Other general good practices for wifi networks will help protect you in this instance as well:

  • Use a VPN (Virtual Private Network) when you're connected to a wifi network. This creates a kind of tunnel connecting your device to a server owned by the VPN company. That information is not accessible to anyone on the wifi network with you. When your request reaches the company's server, it then proceeds the rest of the way to its destination via the wired Internet. But don't rely on a free VPN. They may not to be reliable or trustworthy. Remember the adage, if the service is free, you're what's being sold. But even a paid VPN can slow you down and they don't work with every site.
    We'll look at VPN options in a future post.
  • Https Everywhere: https://www.eff.org/https-everywhere
    Electronic Freedom Foundation offers an extension for your browser that chooses the secure web protocol https over the unsecured general protocol http when more than one is available on a website. It's available for Chrome, Firefox and Opera browsers. The impetus behind this is reasonable. A secure website connection is better for many reasons including protection from attacks like KRACK. Financial and shopping sites, in particular, should be using this protocol and you should look for it. And, opting for it, when it's available, as this extension is supposed to do, is a good practice. Unfortunately, the extension can also break some sites if there is no https available. Or if the transfer from one protocol to another cannot be completed smoothly. Possibly worth a try, but don't be surprised if you hit some snags.
  • Cellular data - using a cell phone's data option is almost always more secure than public wifi. If you're concerned about security, you should probably consider increasing your data plan and reducing your use of public wi-fi. You can also use your cell phone as a modem and tether a laptop or tablet to it for use outside the home.


Steve Gibson makes the point on Security Now that is CLIENTS not ACCESS POINTS that particularly need to be patched. This cartoon shows a reason why.

That said, the other option to protect a network from a man in the middle attack is to update the router. Many router manufacturers are offering firmware updates. It's a good idea to check your make and model number on the manufacturer's website to see if there are updates available. Protecting the router becomes particularly important when you're running a network with a lot of IoT (Internet of Things) gadgets on it: doorbells, cameras, light switches, thermostats, etc. Cheaper gadgets, like cheap Android phones, will probably never get updates or patches. So they are best protected from the router side. If your wireless router is so old that you have no way to update it, it may be time to get a replacement. 

For more information on the KRACK Attack

Monday, September 11, 2017

How to protect yourself in a massive data breach

Hopefully, everyone is aware of the data breach at Equifax, one of the major credit bureaus. Reportedly, the data of 143 million people has been compromised, including social security numbers, names, addresses, phone numbers, credit card numbers, in short everything someone would need to commit identify theft.

Equifax is offering a website where you can go and enter your name and part of your social security number to see if you are among those whose information has been compromised. Some hackers and tech enthusiasts claim that the viability of this system is questionable as it provides different results to the same information entered in subsequent queries. It also has provided positive results for fabricated data. It's probably safe to assume that your data has been compromised and proceed from that assumption.

Equifax also provides a solution for that possibility: a year's free enrollment in their identity protection program: Trusted ID. Many are skeptical as to whether they want to trust the company whose potential gross negligence resulted in the problem in the first place.

CNET offers A guide to surviving the Equifax data breach (without Equifax's help). Not all of the information provided in this piece is uniformly agreed upon. For example, apparently enrolling in the Equifax Trusted ID program no longer requires you to opt out of a class action lawsuit. I think most of the advice about checking credit reports, freezing credit, setting fraud alerts and being vigilant during tax season is good advice.

Update 9/12/2017 - Thanks to Diane Van Gorden and Alex Clark
How to Protect Yourself from Identity Theft - Montana Legal Services Association

Update 9/14/2017 - Thanks to Steve Gibson on Security Now
Credit Freeze Guide: The best way to protect yourself against identity theft

Here is more information and background on the data breach from some of my preferred sources:

Wednesday, August 23, 2017

Unlimited data - can it replace your home broadband?

The FCC has recently released an inquiry on the current state of broadband in the U.S. One of the questions they raise is whether or not it's necessary to have a wired broadband connection (fiber or cable) and to reach the previously set targets of 25 Mbps down and 3 Mbps up for home users. Or is a cellular connection enough?

This report from 2016 shows that the U.S. lags well behind most of the rest of the world in cellular data download speeds at around 10 Mbps.
See how painfully slow 4G LTE is in the U.S. compared to the rest of the world
That's also about what I've gotten on personal tests on Verizon in my area.

But there are also questions about data caps and throttling. So, along come new unlimited data plans from the major cellular carriers.
VERIZON'S UNLIMITED DATA PLAN HAS CHANGED. HERE'S HOW IT COMPARES TO OTHER CARRIERS

You can see there are limits on mobile tethering. So, the data is not unlimited if you want to use it with a tablet or PC. Plus there are limits on video quality and the data can be throttled even if you stay under a given level.

This may be good news for some cellular users. But it doesn't look like an adequate replacement for high speed broadband, particularly in areas with spotty cell service.

Friday, August 18, 2017

Passwords Guidelines Changed

Finally the guidelines about passwords that made me crazy - change every 90 days, include an upper case, lower case, number and other character - are being changed as we see in this NPR article.
Forget Tough Passwords: New Guidelines Make It Simple

I'd often thought it couldn't be terribly secure if we had to write it down to remember it. Of course, I find the best solution is still a password manager.

Here's some information and a review of some of the best rated ones from PC Magazine:
The Best Password Managers of 2017

I use LastPass and have generally been quite happy with it but it can be a challenge to use with mobile apps and sites.

Friday, June 9, 2017

Internet of Things article from Pew Research

There was a fascinating if long article from Pew Research Center on Internet and Technology on:
The Internet of Things Connectivity Binge: What Are the Implications?

Well worth at least a scan to remind you of the potential risks in unbridled connectivity with no questions asked.