Windows Wednesdays – Focus Assist & Night Light

In my last Windows Wednesdays post, I began exploring Windows 11’s new Quick Settings panel. This week, I’m going to highlight two features that were actually introduced in Windows 10, Focus Assist and Night Light, which didn’t get much attention at the time because Microsoft didn’t do anything to call attention to them. Windows 11 brings them nearly to the forefront by featuring them on the default Quick Settings menu. So, unless you had reason to seek out these features before, you’ll probably notice them for the first time after upgrading to Windows 11.

Focus Assist is an interesting, almost ironic addition to Windows. Back in 1990, I attended a Microsoft product roll-out presentation for Windows 3.0, which had just been released to the public. The presenter was quick to show how Windows constantly “talked” to you. (I put that in quotation marks, because few computers in those days had sound capabilities beyond the tiny “beep” speaker inside the case, and software that could actually talk to you didn’t exist yet.) And, if you weren’t sure what to do, just clicking anywhere with the mouse would probably make something happen. Contrast this with an article I read about Unix at around the same time, which described Unix as a terse operating system, because, to quote from the article, “…when there’s nothing to say, Unix says nothing.” Each subsequent version of Windows ramped up the amount of information relayed to us by the operating system, the ever-increasing variety of software running on computers meant even more messages for us to see, and networking, which brought web site messages, e-mail notifications and various kinds of instant messages, have all made the average Windows Desktop a very noisy place. As far as I know, Focus Assist is the first feature built into Windows that’s specifically intended to quell your computer’s constant calls for your attention, ostensibly so you can get your work done.

Focus Assist aims to do this by letting you decide what programs may interrupt you during various kinds of activity. You set this up by clicking on the Network/Volume/Power icon group in the Taskbar Notification area to display the Quick Settings panel, right-clicking on Focus Assist, and then choosing “Go to settings” from the context menu. After that, you activate Focus Assist by clicking on its pad in the Quick Settings panel; doing that rotates among Priority Only, Alarms Only and Off modes.

A detailed explanation of how to use Focus Assist is beyond the scope of this post, but if you’re interested in trying it out, here is a link to a great article to get you started:

Night Light is a much simpler feature with a much simpler mission: to reduce eye strain by reducing the amount of blue light radiating from your screen when you’re using the computer in a darkened room. As with Focus Assist, you can change its default settings by right-clicking on the Night Light pad in the Quick Settings panel and choosing “Go to settings” from the context menu. The relevant settings allow you to determine the balance of blue vs. red/green light (accomplished with a simple slide control), activate Night Light immediately so you can test your selected color balance, and schedule the computer to automatically turn Night Light on and off at certain times of the day.

Smishing – the (Relatively) New Phishing

Have you experienced an increase in simple text messages that appear to be intended for someone else? I have; in fact, I’m receiving, on average, three of them per day, and it’s getting rather annoying. The picture at the top of this post is a recent sample.

You probably have some familiarity with SMS scams, i.e., scams perpetrated by text messages, but this doesn’t look like any of the ones I knew about previously. There’s no link to tap on, no well-known company name, no imperative and no real sense of urgency. And you probably already know to just delete all texts like that without a second thought. (Well, hopefully you already know that. If you didn’t, then consider yourself informed.) But this is just a casual, “how ya doin’?” type of text message from someone I don’t know, and apparently intended for someone else I don’t know. So, what harm could there be in texting back a “Sorry, wrong number” message? Which is exactly what I might have done if I hadn’t been busy when the first one arrived and if a second, third and fourth such message hadn’t arrived so soon after the first.

Plenty, it turns out. I had to do some online digging in order to find out what these harmless-looking messages from strangers are all about. Most of the search hits were predictable: warning after warning to delete, without any kind of response, any text message that exhorts you to tap on a link or call a phone number. But messages like those are direct attempts at phishing – called “smishing” when perpetrated by text message – and I already knew about them. I finally happened upon a video clip of a TV news report about the kinds of text messages I’ve been receiving lately. It turns out that they are a relatively new form of social engineering, and an indirect attempt at smishing.

According to the news report, if you respond to one of these texts, the very least that will happen is your cell phone number will end up on a “suckers list”, a list of people likely to fall for texting scams. But the scammer will also try to strike up a conversation with you. They may include a photo of a pretty woman, if they think you’re male, or a hunky man, if they think you’re female. Depending on the sort of information the scammer wants to get from you, the photo may be more than just a head shot, and the person pictured may be dressed in a sexy manner or not at all. That may be an attempt to get you to share a compromising photo of yourself. (That’s not the scam an old guy like me would fall for, but I’m told that many people in their teens, twenties and maybe even thirties are quick to share semi-nude or even nude photos of themselves.) Or the scammer may try to convince you to share financial information, account credentials or personal information. Ultimately, that information will be used to blackmail you, raid your bank account, charge things to your credit cards or steal your identity.

It’s easy to sit there reading this and say to yourself, “Oh, I would never fall for that!”, but social engineering is the art of gaining your trust in order to convince you to willingly give over whatever it is that the scammer wants. There is no doubt in my mind that the perpetrators of this scam are very good at this. The best way to avoid falling for the scam is not to engage them. Just delete the text without responding.

As far as steps you can take to avoid this scam, there currently aren’t many. You could block the phone number, but the scammers use throwaway phones and phone numbers to perpetrate these scams, so the chances are your next scam message will come from a different number. You could forward the text message to “7726” (spells SPAM on a phone keypad), which all the major US cell phone carriers are supposedly using to collect spam reports. Personally, I couldn’t figure out how to do that from my smartphone without it looking like the spam came from my own number, but maybe it’s easier to do this on your phone. You could call your cellular provider, which might be an attractive option if your cellular account doesn’t include unlimited texting, but if you get as many of these irritating texts as I do, it seems to me that you’ll spend a lot of time on the phone with your cellular provider if you do that. Your best option may be to set your phone to block text messages from all numbers not in your contact list. That wouldn’t work for me, because my cell phone number is my business phone number, but I would seriously consider doing that for a personal cell phone number.

My quest for information also turned up some gleeful reports from people who claimed to have counter-scammed the scammers, by texting back things like “Congratulations, you have successfully subscribed to ‘Prayer of the day’! Your account will be debited $0.50 for each new daily message.”, followed by what appeared to be increasingly desperate attempts by the scammer to cancel the “service”. Take these with multiple, large grains of salt. First of all, all those counter-scam reports I saw were 3+ years old. Second, cell phone scammers are probably savvy enough to know that even if they did opt into such a service and couldn’t cancel it, they could solve that problem with a call to their own cellular provider. That’s assuming they’re using their own cellular account in the first place. If they’re using a throwaway phone or account, they won’t care, because they probably provided stolen payment information to the provider in the first place, and their intention is to just ditch it at the end of the month or whenever the provider gets wise to them and shuts the account down, whichever comes first. So, your best bet is to follow my first piece of advice: do not engage.

HP Instant Ink Nasty Surprise

A client called me earlier this week because his HP printer had stopped printing. That, in and of itself, would not have been blog-worthy. There’s nothing out of the ordinary about an HP printer that stops printing. Nor is there anything out of the ordinary about any other brand of printer that stops printing, for that matter. What was unusual was the reason: a message, displayed on the printer’s LCD panel, said something to the effect that the printer was unable to print due to a problem with the client’s HP account. (Sorry, I do not have the exact text of the message.)

I get called to fix all sorts of printer problems. One thing I can tell you is that messages about accounts, and other things based on the Internet or local network, are generally displayed on the computer or other device that’s sending the print job to the printer. Until this incident, all error messages I had ever seen on a printer’s LCD panel indicated some sort of hardware problem, such as “out of paper”, “out of ink”, “paper jam”, etc. It seemed strange to me that a printer would know anything about an online account, and that stayed in the back of my mind as I went through my usual troubleshooting procedures.

I checked the printer properties in Windows, and found nothing amiss, except that, even more interestingly, the printer was connected via USB cable. (The client was in another city, so I was troubleshooting remotely; otherwise, I would have been able to tell at a glance that the printer was connected via USB.) That just made it all the stranger that the printer was so concerned about an HP account; the printer didn’t even have direct access to the Internet, so how could it check such a thing?

Since this was an HP printer, I downloaded and ran the HP Print and Scan Doctor, but it found nothing wrong. At this point, I was quite puzzled, as everything seemed to be in order, and the computer appeared to be communicating with the printer. Yet, nothing was printing, and there was that strange error message on the printer’s display.

Paraphrasing from Dr. Sigmund Freud, who allegedly said, “Sometimes a cigar is just a cigar,” it occurred to me that sometimes, an error message actually means just what it says. Since nothing else had helped up to that point, I decided that I might as well have the client log into his HP account, if he had one, and see if it could offer any clues as to what was wrong. It turned out that the client did have an HP account, which he had more or less forgotten about. Once we had gone through a “forgot password” procedure and gained access to the account, we finally received a message with clearer information: the client had signed up for HP Instant Ink, and his payment information had expired.

I will digress slightly here to say that I don’t know much about HP Instant Ink. If you’ve looked at any HP printers within the last few years, or maybe even bought one, then you probably know at least as much as I do about it, and maybe more. The concept of HP Instant Ink is that you buy genuine HP brand printer ink on a subscription basis. Unlike corporate copier leases and service contracts, which generally involve monitoring software that reports actual printer usage to the company and tells them when you need more printer supplies, HP Instant Ink has you sign up for a predetermined number of pages per month. HP then sends you ink cartridges on a regular basis, based on their estimates of how much ink your printer will need to print that number of pages. Estimate too low, and you run out of ink; estimate too high, and you’ll be hoarding ink cartridges, because HP doesn’t monitor actual usage. I assume that it’s possible to change the number of pages you’ve subscribed for on an ad hoc basis so that you can “right-size’ your subscription.

I’ve never looked to see if HP Instant Ink is a good value or a poor one. Frankly, I don’t recommend HP’s inkjet and all-in-one printers in the first place, due to frequent problems with their software. Most of my clients who buy HP printers anyway don’t sign up for Instant Ink, so I’ve never looked up the details. But the details are exactly where the problem is. Reading some HP support forum posts reveals that if you’re signed up for HP Instant Ink, your printer will stop printing if the printer loses contact with your HP Instant Ink account, if the credit card info the user entered as part of signing up for it expires, if the user cancels his Instant Ink account, or if anything else happens that prevents the printer from exchanging ink status with the HP Instant Ink account. The fine print on the main page where one can go to subscribe to HP Instant Ink says one can cancel at any time, but it doesn’t say that the printer will stop printing if one does so. It also doesn’t say that if the account is suspended due to expired credit card info, canceled by the user or has any other problem that any HP Instant Ink cartridges one has in the printer will cause it to stop printing, even though they were already paid for via the HP Instant Ink program. I’m sure that information is buried somewhere in an end user agreement that one has to accept during the sign-up process, but HP’s failure to disclose it up front strikes me as being awfully sneaky.

It is possible to get the printer working again without signing back up for Instant Ink, updating the payment information or fixing whatever other problem there is with the account. However, that involves buying new ink cartridges at retail. It seems that HP Instant Ink cartridges have a specially programmed chip that identifies them as HP Instant Ink, and the printer has programming to be aware of the subscription status and stop working if the account is suspended, canceled or unavailable and HP Instant Ink is detected.

There is a prospective dark side to this technology. We’ve now seen that HP can compel HP Instant Ink subscribers to keep their subscriptions active or lose the ability to use ink that they’ve already paid for. It would be quite simple for HP to build a line of printers that only works with an HP Instant Ink subscription, fail to disclose that in any way a customer can see prior to buying the printer, and leave the customer with the inconvenience of having to return the printer if they don’t want to sign up for HP Instant Ink. An even more insidious trick would be for HP to push out a firmware update that turns an HP printer that can use HP Instant Ink into one that only uses HP Instant Ink. I don’t think HP would risk the customer anger, horrible PR and possible class-action lawsuits that such a move would likely spur, but who knows for certain? Tech companies have done boneheaded things before.

Getting back to my client, he was happy with HP Instant Ink, and now that he knew what the problem was, he updated his payment information and was printing again within minutes. But my advice is to remember this incident if you are considering HP Instant Ink.

Windows Wednesdays – Quick Settings

By now, you may have noticed that Windows 11 has a new menu that appears when you click the Network, Volume or Power glyph in the Taskbar’s Notification Area:

(I added the red outline for clarity. When you hover your mouse pointer over any of those three glyphs, the section of taskbar indicated by the outline will appear to light up slightly.) The menu that appears is called the Quick Settings menu:

This is actually a bit annoying if your goal is simply to connect to a wireless network, because it adds a step. In Windows 10, you could simply click on the network glyph, which would pop up a list of available wireless networks, choose a network from that list and enter the password for it. In Windows 11, this menu first appears. Next, you have to click on the “>” button next to the Network glyph (which now looks the same as the wireless network icon in Mac OS and on most smartphones if you’re connected to a wireless network, looks like a monitor with a little antenna sticking up next to it if you’re connected to a wired network, or looks like a wire representation of a globe if you’re not connected to a network). For me, at least, this is not intuitive, and when connecting to a new wireless network, I often find myself staring at the Quick Settings Menu, as I try to remember what I’m supposed to do next. In any case, once you click on the “>” button, you can finally click on the desired wireless network and enter the password for it.

The other icons that appear on my Quick Settings menu, shown above, are the default icons, as I haven’t changed them. They are: Bluetooth (“C1L” happens to be the name of my Bluetooth earbuds, which I am using right now as I type this), VPN, Airplane Mode, Focus Assist, Night Light, (screen) Brightness, Audio Volume, Power settings (the battery), Quick Settings Menu Settings (the pencil) and Windows Settings (the gear). But the nice thing about the Quick Settings menu is that you can change what appears on the Quick Menu. A little bit. So, I’ll go ahead and click the pencil glyph so you can see whyI haven’t changed my Quick Settings menu.

The buttons shown in the upper part of the Quick Settings Menu can now be removed, by clicking on the crossed-out pushpin in each button’s upper right corner, and even rearranged, just as you can rearrange pinned icons on the Start Menu. But rearranging these buttons is of limited value, because there just aren’t that many of them, and rearranging them here has no impact beyond how they appear on the Quick Settings Menu. The ability to rearrange the buttons would be of more value if you could add more buttons. Well, in fact, you can add more buttons; just click the + Add button at the bottom:

This is the list of additional buttons you can add to the Quick Settings Menu. As you can see, it’s not a long list, and the reason I haven’t added any buttons to my Quick Settings Menu is because I have no use for any of them. But each of them is potentially useful to somebody. If you have a use for any, then add away, and click the Done button when you’re finished.

Adding more buttons to the Quick Settings Menu will not change the glyphs that appear in the Notification Area in any way. But adding them will make the corresponding functions more convenient for you to get to — if you can remember to click on the Network, Volume or Power glyph in the Notification Area to get to them!

Next week, we’ll begin exploring the Quick Settings Menu buttons.

Not All Phishing Is Done Via E-mail

I received an interesting – and scammy – letter in the mail last month. It was from a company calling itself “United States Domain Authority” and, at first glance, appeared to be a reminder to renew my domain name. The letter was a slick job, liberally festooned with American flags on both sides of the letter, and even on the envelope and return envelope. (Apparently, when people see American flags, they’re supposed to drop all caution and common sense and just do what purports to be the patriotic thing, which, in this case, would be to pull out the checkbook and respond to the pitch.) Here is the letter for you to see:

(For those of you wondering, I did not blank out my company name or address because I purposely post those online. I only blanked out the data items that someone might, for whatever reason, use to respond to the ad in my name.)

So, how did I know this was a scam? The answer is that this is one of those situations in which knowing just a little bit about your own organization can save you, even if you don’t know a whole lot about what it takes to have an Internet presence. Specifically, I knew that my domain name wasn’t up for renewal, because I had just renewed it several weeks before the date on the letter.

That had me looking more carefully at the letter. The next thing that stuck out, other than those pervasive American flags, was the big, bold text in the upper right corner, which proclaim “MARKETING SERVICES”. A letter from my domain name registrar, were they to send me one, would not have such text. It would be focused on domain name renewal, which is what they would be all about. Before you think that the scammers are doing you a favor by clearly identifying their wares as “MARKETING SERVICES”, they aren’t. The reason that text is there is because it is a federal crime to use the United States Postal Service to perpetrate fraud, which is exactly what making a letter like this look like a domain name renewal notice is. So, they prominently label the letter as “MARKETING SERVICES”, and then design the rest of the letter to distract your eyes from that text. This is what’s known as covering one’s legal a**.

Recognizing the remaining clues that this letter isn’t what it appears to be requires at least a bit more technical knowledge. But that’s OK — that’s what we’re here to provide!

Let’s start with the name of the sender: United States Domain Authority. It’s fairly easy to do a web search and find out if they actually are a domain name registrar, but I can tell you that I know which companies handle most domain name registrations in the United States, and this company’s name didn’t sound familiar. I also happened to know it isn’t the name of my domain name registrar. And if you read carefully, you can see the letter discloses, in smaller print, and in the middle of a paragraph that’s easy to gloss over, that they admit that they aren’t a domain name registrar:

Next, we have the cost. There is no MSRP for domain name registrations, as far as I know. Prices vary from registrar to registrar, and also depend on the exact domain name you are registering. Registrations in certain top-level domains can be extremely expensive. But I knew from my past domain name renewals that $289 was very high for just one year.

In fact, all this letter is really selling me is an opportunity, if you can call it that, to have my domain name listed in some directory that I’ve never heard of. That’s a dubious value, to say the least, and certainly not worth $289. For all I know, all it would do is put me on a list for receiving more junk mail, which I can certainly do without. There’s even the possibility that the letter is from a company that’s just a front for collecting account information to be sold on the dark web. I honestly don’t know or care. I just thought it made for an interesting blog entry and subsequent denizen of my circular file.

Evolution of External Storage

Some of the work I do involves transferring data from one device to another. This includes computer storage drive upgrades, recovering data from non-working computers. getting data from PC to Mac or vice versa, and more. To do this, I have an array of USB devices of various types and capacities, including flash drives (also known as “thumb drives”, which is the equivalent of calling a facial tissue a “Kleenex”, or “pen drives”, a phrase that I believe originated in the UK, although I don’t know its etymology) and USB hard drives, as well as several devices that enable me to connect several different kinds of internal hard drives and solid state drives to a computer’s USB port.

I recently needed to replace my 1TB USB hard drive. A lot has changed since I purchased that 1TB USB hard drive, in terms of the per-gigabyte cost of storage and the technologies used to connect them. Mulling this over, I still rarely need drives larger than 1TB, but since most computers nowadays have at least one USB 3.x port, many also have the smaller, more versatile USB C ports, and data recovery tools that run outside of Windows have supported both of those connections for some time, I opted for a Crucial X6 SE USB 3/USB C Solid State Drive. I’ve had an opportunity to use it a couple of times now, and when plugged into a healthy computer that supports its fastest connection options, it can copy large amounts of data in blessedly short periods of time. (Of course, if the computer isn’t healthy or only supports a USB version older than 3.0, it will be limited to much slower speeds.) As a solid state drive, it’s also fairly impervious to drop damage, unlike my USB hard drives. And it’s compact and lightweight enough to have a permanent home in my laptop bag. It’s surely a fine addition to my toolkit.

Looking over my collection of USB drives, pictured above, offers a snapshot of how external storage has evolved over the last 15 years or so. Note that all of these drives cost $85 or so at the time they were purchased.

Starting from the top, I have a Western Digital My Passport 250GB model, official model number WD2500ME-01. This is a very old drive, purchased new sometime in 2007-2009, since all the manuals I can find for this line of drives mention support for Windows 98SE through Windows Vista. (Windows 7 came out in 2010.) It works well enough, but the conventional hard drive inside spins at only 5400 RPM, which is on the slow side for a hard drive, and its interface is USB 2.0. Between its relatively slow speed and small capacity, I only use it for small data transfers, and then only if my other drives are unavailable.

Second from the top is a unit that started out as an Iomega Prestige 500GB model. The reason it’s in a funny-colored case that says “acomdata” instead of “Iomega” is because I transplanted it into a 3rd party drive enclosure. Iomega, which was known for its innovative storage products in the 1990s, was no longer so innovative by 2012, when I bought this drive. They were selling relatively low-cost USB hard drives, though, which is mainly what attracted me to this model. I hadn’t owned it for six months when its mini-USB port broke. Since it was still under warranty, I sent it in for warranty service, finding out in the process that Iomega had been acquired by Lenovo, which fulfilled my warranty. Alas, the mini-USB port on the drive I got back didn’t last any longer than the first one did. At that point, I could still have sent it in for yet another warranty repair or replacement, but a quick look on told me that I could get a 3rd party enclosure for the drive for about what it would cost me to send the drive back to Lenovo again. I gambled that the mini-USB port on the 3rd party enclosure would last longer than the one on another Prestige drive would. That gamble paid off, and the drive still works fine. However, like the WD My Passport drive, it doesn’t get used often anymore, because while its capacity is more in line with what I need for data transfers, its USB 2.0 interface makes it quite slow, although not as slow as the My Passport drive.

The third drive from the top is a Seagate Expansion 1TB USB hard drive. I bought it in 2017 or 2018, and it’s the drive I’ve been using most often, because its USB 3.0 interface makes it much faster than the WD My Passport and the Iomega Prestige. I actually used to have two of these, but one was ruined when I dropped it on the floor accidentally. Unlike the My Passport and the Prestige drives, whose drives could theoretically be replaced with off-the-shelf hard drives or solid state drives, the Seagate Expansion uses a specially-made hard drive with a USB circuit board instead of a conventional SATA board. This meant there was nothing I could do but recycle the whole thing. This is the drive that’s being replaced.

Finally, at the bottom, we have my brand new Crucial X6 SE. The solid state drive inside it is many times faster than the conventional hard drive in the Seagate Expansion, and when plugged into a computer with a USB C port (or a USB 3.2 Type A port), it supports data transfers of up to 800MB/sec. Its real-world maximum speed is probably closer to 500MB/sec, but that would still make it three times as fast as the Seagate Expansion drive it replaced. (Despite USB 3.0’s theoretical top speed of 625MB/sec, I’ve never seen the Seagate Expansion copy faster than 175MB/sec, and it rarely exceeds 130MB/sec.) That means it’s far better for moving data to and from modern computers with very fast NVMe solid state drives.

It’s always interesting to see how technologies evolve over time!