No, we’re not going to try to fix your printer. Here’s why. (Part 1 of 2)

The printer pictured at the top of this post is my recently failed Canon MAXIFY MB5120, an all-in-one inkjet printer I’ve had a love/hate relationship with pretty much ever since I bought it. I loved that it printed very well and scanned very competently, at least when it worked properly. I hated the haphazard way that Canon implemented its otherwise thoughtful feature set. For example, the printer offers fairly robust paper handling, but it is so inconvenient to change paper types on this model that I mostly found myself trying to avoid doing so. I loved that this printer is primarily intended to be used as a network printer, but hated that it took at least five minutes for the printer to wake up its network interface and connect to my (wired!) network after being power cycled. But most of all, I hated the frequency with which its print head would become partially clogged. For most of the time I’ve had this printer, I could never be sure if a print job was going to print in full color or not.

This printer is not “dead”. Notice that I said it had merely “failed”. It could be fixed, if someone wanted to do so badly enough. The problem is that it needs a new print head, and the cost of a new print head is close to what I paid for the whole printer. That’s more than I’m willing to pay to fix a printer that I’m not enamored with, even at today’s new printer prices, especially considering that a new print head probably wouldn’t perform better or last longer than the original one did. But the tale of how I got to this point with my printer will demonstrate to you why I generally won’t attempt to fix clients’ printers.

As I wrote earlier, this printer has always had problems with clogging print head nozzles, no matter whose ink I used in the printer. The trouble started even before I ran out of the Canon brand ink that came with the printer. I’m also quite sure the problems weren’t caused by the print head drying out, because I normally print upwards of 20 full color pages per week. Whatever the cause, certain colors wouldn’t print consistently; sometimes, it depended on whether I was printing on plain paper, envelopes, card stock or photographic paper. When the problem became consistent, I would run the built-in cleaning cycle, and if that didn’t clear things up, I’d run the deep cleaning cycle. Usually, one or two deep cleans would get things looking right again, but by the time the printer was six months old, the built-in cleaning cycles weren’t doing any good.

I suppose I could have made a warranty claim at that point. However, the Canon MAXIFY MB5120 has a print head that can be removed fairly easily for cleaning (or replacing), unlike the printer it replaced, an Epson WorkForce WF3640 all-in-one. (Part 2 of this series will discuss more about this.) A simple head cleaning seemed like a task that should be easy enough for one who fixes computer equipment for a living, so I looked up the procedure for my MAXIFY MB5120 and went to work on it. Getting the print head out was easy enough; finding ways to flush the print head out with solvent was more challenging. The job took me the better part of 2 hours, and I left the print head out to dry overnight, but when I put the print head back in, the printer was back to printing normally. Annoyingly, there was enough solvent left in the print head that it took about 50 pages worth of printing before the ink stopped smudging, but overall, it was a win.

About a year (and two sets of compatible ink cartridges later – so there, Canon!), I had to clean the print head again. The procedure and inconvenience were the same as the first time, but again, I had a working printer when I was done. The printer continued to work reasonably well for another year and a quarter.

Then, about a week and a half ago, the printer started producing muddy, inaccurate colors, skewing to red/brown. Clearly, there was a problem with cyan ink delivery. In fact, the built-in nozzle test print showed that the printer wasn’t squirting any cyan ink at all. The built-in cleaning and deep cleaning cycles didn’t restore even a little cyan ink flow, so out came the tools, and out came the print head for another manual cleaning. Only this time, when I put the print head back in, it still wasn’t delivering any cyan ink. Well, that wasn’t good. I could see the ink flowing during my cleaning procedure, so I was sure I wasn’t just experiencing a bad clog. Then the printer began having trouble recognizing the ink tanks. That combination is a pretty good sign of a print head gone south.

I went searching online for a replacement print head, but quickly discovered that the only thing harder than finding a print head for this printer that cost less than I had paid for the whole printer was finding one that I could get in the first place. Most sellers were out of stock. That wasn’t surprising, because my printer is almost three years old, and Canon doesn’t seem to be producing it anymore. (It’s still available as new-old stock from some online sellers, for about twice what I paid for it, but I don’t like this printer enough to pay that much for another one.) I finally found an Amazon seller offering the print head for just over $50, so I went for it.

A few days later, my replacement print head arrived. The inner foil package was torn open, the plastic head protector was missing and there were drops of clear liquid all over it; not good signs. Nevertheless, I installed it in the printer, put in my ink tanks, powered up the printer and… the printer displayed an error code. It didn’t take much troubleshooting to determine that I had received a faulty print head, so I filed for a return, and the seller sent out another one. The second print head looked more promising, as the package was properly sealed. The printer didn’t display any errors after I installed it, but when I printed the nozzle test, the cyan, yellow and magenta test patterns were fine, but there was a big gap in the black test pattern. I ran another cleaning cycle, followed by a deep clean, neither of which fixed the problem. Not surprisingly, when I tried printing a web page as a live test, much of the black text was unreadable. It was now apparent that a) the print head seller was peddling refurbished print heads, and b) he was doing a poor job of refurbishing them. I filed for another return, and was only offered the option for a refund this time, which was just as well because I really didn’t want to find out if the third time would be the charm or not. So, I am now in the market for a new printer, which will be Part 2 of this series.

Let’s recap what this process has entailed so far, and the amount of time I’ve wasted doing it. First, there was the job of trying to clean the original print head. That took about two hours of my time, not counting downtime for the printer. Then there was shopping around for a replacement print head, which took about another hour and a half. Then we have removing three print heads and installing two (remove original, install first replacement, remove first replacement, install second replacement, remove second replacement), each of which took about 15 minutes. Finally, there will be the time and inconvenience of taking the defective print heads to my nearest Amazon dropoff so I can get my purchase price back, which will be another half-hour. All together, that’s 5.25 hours, which would be up to $446.25 of billable time, if I were doing this for a client.

And there’s the rub, as Shakespeare might have said. Most inkjet printers aren’t worth $446.25. In fact, even with today’s inflation goosed, supply chain affected printer prices, most of you would be loath to spend more than $300 on a brand-new inkjet printer, much less $400+ to fix an old one. That’s why if you call to ask me to come and fix your printer, I will most likely tell you to just replace it. It’s not because I’m lazy or I feel that printer repairs are beneath me. It’s because I know from experience that trying to fix your printer will cost too much money with too little chance of success to be worth the attempt. In the end, you’ll spend less money and be more satisfied if you cut your losses and buy a new one.

My Email Was Hacked! (No, it wasn’t.)

Every two or three weeks, I get a call from someone who is sure their email was hacked. As the title of this post implies, in every case to date, I have found that their email was not, in fact, hacked, but there are a number of reasons why someone not thoroughly familiar with how the online world works might think otherwise. Note that just because someone’s e-mail wasn’t hacked doesn’t mean that a bad actor didn’t gain access to it. The purpose of this post is to help you understand how this actually happens and what you can do to protect your email account.

Hacking vs. Cracking

Let’s start with proper terminology: If someone gains access to your email account, or any other account or device you have, that isn’t hacking per se. “Hacking” means writing a short computer program for some very specific purpose. That purpose isn’t necessarily malicious. In fact, traditionally, it wasn’t malicious. Think in terms of “life hacks” featured in YouTube videos that show you how to soften butter faster for baking, or get wrinkles out of shirts without ironing, or build a mousetrap for less than $1.00. In the programming world, “hacking” is, quite literally, coding a hack, i.e., writing a bit of program code that solves a specific or unanticipated problem. For example, one of my clients depends heavily on being able to access data on a NAS via certain drive letters. Windows sometimes “forgets” those drive mappings, so I wrote a hack for them, in the form of a batch script, that re-establishes their drive mappings.

The proper word for breaking into a device or account is “cracking”.

Once upon a time, cracking usually involved hacking, although as you’ll see later in this post, that is usually no longer the case. Therefore, I’m going to use the words “crack”, “cracked” and “cracking” when referring to accessing someone’s account or device without permission.

How Can You Be So Sure That My Email Wasn’t Cracked?

The short answer is because cracking the security on email servers is hard, and crooks are lazy.

As I’ve said often, the days when people wrote malware, broke into computers and committed other online mischief just to get a thrill or show off or maybe find a job as a programmer are long gone. That’s not to say people no longer desire those things; it’s just that technology has provided more effective ways to get them.

Nowadays, people trying to get into other people’s accounts are usually trying to steal money. The attempt may be direct, like getting into someone’s bank account, or indirect, like using someone’s e-mail address to send out scammy spam mail that tries to bilk lots of people out of their savings. On rare occasions, the unauthorized access may be the work of an online stalker or cyberbully, but most of the time, money is the motive.

What nearly all modern cyber-criminals have in common is that they’re lazy and impatient. Getting good enough at cracking to breach logon security takes a lot of time, effort and money. That’s why I can be so certain that your email wasn’t cracked. Server software companies learned decades ago that as long as their logon systems were easy to defeat, there would be crackers breaking in, so they made logon systems among the toughest to crack. That’s not to say cracking them is impossible. If you’re enough of a celebrity or your work involves the sort of information that international spy organizations want, there might just be enough motivation for a bona fide professional cracker to break into whatever computer systems you use and get it. And if you’re one of those high-risk individuals, then I recommend you stop reading here and go find yourself a very high-level cybersecurity company to protect your digital assets. But the overwhelming majority of us aren’t worth that kind of effort, and the petty crooks and schnooks who want access to our accounts aren’t motivated, patient or capable enough to crack in.

But someone got into my email! If they didn’t hack/crack in, how’d they get in?

The short answer is that you gave them your email address and password.

Previously, I said that cracking into servers, particularly email servers, is too hard for most of us to be worth the effort, and I stand by that statement. But it’s very easy and inexpensive to trick people into handing over their account logon information, and so that’s what modern cybercriminals do. Here are the most common ways this is done:

Phishing

This is, by far, the most common method of stealing email passwords, as well as other kinds of account credentials, and even personal information. Since we started talking about people thinking their email had been hacked, I’ll pick on that. The perpetrator composes an email message intended to look as though it came from a popular email provider, such as Google (GMail), Yahoo or Microsoft (Outlook.com). The email will claim that your account has been compromised, that the company is cleaning up old accounts and you need to prove that you’re actually using yours so they don’t close it, or some other persuasive come-on to get you to click on a convenient link and log on. If you click on the link, it takes you to a web site that looks like your regular GMail, Yahoo Mail or Outlook.com logon page. And if you then type in your email address and password, it will add those to a list of email account credentials the crook has been collecting, then, most likely, pass you through to your real email account.

The reason you have no recollection of having been phished is because the crooks rarely make use of the addresses and passwords they collect. Instead, they collect them for awhile, then sell their lists on the so-called Dark Web, which refers collectively to shady web sites where stolen information is bought and sold. Whoever buys that list will eventually make use of your credentials, but that probably won’t happen until months after the phishing incident took place.

Malware

While less common than phishing, there have been incidences of malware being used to capture account credentials and report them via the Internet to a server-side program being run by cyber-criminals to collect them, either for their own use or for selling on the Dark Web. A number of data breaches reported by major companies in recent years were perpetrated by such malware.

The most difficult part of using malware to steal account credentials is getting the malware installed on a targeted computer. Computers running up-to-date versions of Windows or Mac OS have enough anti-malware software built right in to foil typical attempts to run malware on them. Some of the corporate data breaches of the last few years were perpetrated by insiders, who were employees who were disgruntled, bribed or new hires who were part of the cyber-criminal ring. In other cases, phishing or tech support scam pages were used to trick employees into turning off their computers’ antivirus software and installing them malware, or allowing a criminal to remote in using common remote control software to run the malware.

OK, so someone got into my email because they have my password. What do I do now?

If you still have access to the account, log into it right away, change the password and make sure your account recovery information, typically a cell phone number and an alternate e-mail address, is set so that you and only you receive account recovery and password change request messages. This will lock out the unauthorized person and any ‘bots sending out spam via your account.

And what can I do to prevent this from happening again?

The single best thing you can do to prevent an account takeover – which is what generally happens after your email account credentials end up in the wrong hands – is to turn on two-factor authentication (2FA), sometimes called multi-factor authentication (MFA). Doing this requires anyone wanting to log into your email to have physical access to a second device, usually your cell phone, in order to log into your account, even if they have your e-mail address and password. That, combined with making sure your account recovery information is up-to-date, makes your account extremely difficult to take over.

2FA/MFA works by either sending a message to your second device anytime you want to log into your email, or by requiring a code generated by a smartphone app, such as Google Authenticator. It’s a minor inconvenience, but one well worth bearing, as it makes an account takeover almost impossible.

2FA/MFA is fine for people who access their email via a web browser, but it was a tough sell for those who use 3rd party email client software, such as Windows Mail and Mozilla Thunderbird, as it locked those programs out. Fortunately, 3rd party email clients have evolved to work with 2FA/MFA or their alternatives. For example, Mozilla Thunderbird can display a GMail logon page, and it is also designed to work with the Oauth2 protocol that GMail uses to allow 3rd party software to work with it.

But it’s so convenient to use the same password for more than just email. Is there anything else I can do to foil phishing?

YES!

For starters, get a password manager that will store your passwords invisibly and securely, will fill them in for you whenever you need to log into something, and can be shared among your computers, phones and tablets. That way, you can have the convenience of just remembering one password – for your password manager – without putting your email and other accounts at risk. Lebowitz IT Services is pleased to offer LastPass subscriptions on a monthly basis to our clients.

For our corporate clients, we also offer MailAssure, a world-class, managed anti-spam system. Anti-spam systems treat most phishing attempts as spam. We also offer Ironscales, another managed solution that targets phishing attempts that get past your anti-spam solution and quarantines it.

Finally, learn to recognize what phishing looks like. Remember the old refrain, “But I read it on the Internet — it must be true!”? Internet access has been commonplace for over 20 years now, but surprisingly, there still people who believe that. Phishing depends heavily on that mindset, or at least on the reader’s unwillingness to think critically about what’s on the screen in front of him. If the e-mail message has a Fifth/Third Bank logo in it, then it must have come from Fifth/Third Bank, right? Well, wrong, actually!

I’ve read many articles that talk about telltale signs that can help you recognize phishing attempts. A logo that doesn’t look quite right or doesn’t match the name of the company that the message purports to be from are two such signs. Misspellings, poor grammar, circumlocutions and stilted wording are others. An email domain name that doesn’t look like the company’s domain name is yet another sign, as are URLs that don’t look anything like the company’s domain name when you hover your mouse pointer over links in the message. But all these require attention and a bit of technical knowledge that not everyone has, and many people don’t have the English skills to spot misspellings and grammar mistakes.

So, is there anything that can tip you off to a phishing attempt even if you didn’t ace AP English or have a degree in Computer Science? Absolutely.

Start by looking at the name of the company the message is supposed to have come from. Have you ever had an account with that company, or done business with them in any capacity? You’d be surprised how many people don’t ask this basic question. If you receive a message saying your Yahoo Mail account is going to be deleted if you don’t log into it *right now*, and you can’t remember ever having a Yahoo Mail account, that’s a sure sign of a phishing attempt. If you receive a renewal notice for McAfee or Norton security software, and you have no recollection of ever buying their software, then the message is most likely a phishing attempt. If you need more evidence, hover your mouse over each icon in the “hidden icons” section of your Taskbar Notification Area. If you don’t find a McAfee or Norton icon there, then you aren’t using their software, and the message is most likely a phishing attempt.

Another question to ask yourself is, “Why would this company send me this kind of message?” Since we’ve been talking about email account cracking and takeovers, let’s pick on GMail. GMail is Google’s email service. Google is a company that has long been accused of keeping too much information about everybody. How much information is too much, what kind of information is appropriate for them to keep, and even whether or not this assertion is true are beyond the scope of this article, but if you accept it as fact, then why would Google need to ask you to log into your GMail account *right now* to confirm that you’re still using it? (I’m just going to let that one sink in for a moment. How is it that the same people who believe Google tracks what they ate for breakfast this morning can be tricked into thinking that Google doesn’t know when they last checked their GMail?)

Finally, think about the propriety of using email, which is generally a non-secure, easily faked means of communication, to reach out to someone whose account has been flagged as problematic. The majority of companies know better than to do that. What they do if their internal checks detect something amiss about your account is they lock your account and simply wait until the next time you try to log in. When you do, they display a message saying that your account is locked and why, and then they direct you to a page where you can take whatever action is appropriate, such as changing your password or contacting Customer Service. So, if you receive a message in your email that notifies you of an account problem, particularly if it includes an all-too-convenient hyperlink to a web form, that’s probably a phishing attack.

SSDs Fail, Too

I’m on the second week of helping someone recover from an encounter with ransomware. The details of that aren’t relevant, except that it’s likely that the next few blog posts will be drumbeats for backups. If you already have a backup regimen in place, good for you; you can stop reading now and go check to make sure your backups are running when they’re supposed to. For the rest of you…

The photo above is of a solid state drive – SSD, for short – that came out of a client’s laptop. There are two remarkable things about it. The first is its size. It’s an M.2 2230 NVMe SSD. M.2 is the type of socket it fits into. NVMe stands for “Non-Volatile Memory Express”, which means nothing to you unless you’re a computer hardware engineer or you’re playing a very recently revised game of Trivial Pursuit, but it’s the fastest type of consumer-replaceable SSD available as of this post. The 2230 is probably the most interesting thing about this SSD, because it describes its physical dimensions: nominally 22mm wide by 30mm long. SK Hynix managed to cram 512GB of memory on this tiny thing. Most 512GB SSDs are size 2280 – 22mm wide by 80mm long. I placed the SSD in the protective container from a 2280 size SSD to offer you some perspective.

That leads me to the second remarkable thing about the pictured SSD: it failed. So, if you guessed that the protective container it’s sitting in came from its replacement, which was a more common 2280 size SSD, then you deserve an award for deductive reasoning. But depending on who you’ve asked about data storage options recently, you might also be asking, “How’s that again? An SSD FAILED? They can do that?”

The short answer is yes, SSDs can fail, even though they have no moving parts. You may have been told by me that SSDs are far more reliable than conventional hard drives, and that modern ones typically outlive the computers they’re installed in. I stand by those statements, and, in general, I don’t install conventional hard drives anymore. But while SSD failures are rare, they do happen. (Don’t fixate on the brand or model here. With only one exception, and this SSD isn’t it, nothing in my experience suggests that any one brand or model of SSD is any more or less reliable than any other.) When they do fail, they usually do so catastrophically and with no advance warning. In addition, SSDs offer no inherent protection against malicious data destruction, such as ransomware encryption, and because they store and handle data very differently from hard drives, many of the tricks for getting files back after accidental deletion don’t work on SSDs.

So, even if all your computers use late-model SSDs for data storage, making and keeping regular backups is a must. If you don’t have a regular backup regimen, reach out to us right away. Getting started with a backup plan is quick, painless and inexpensive, and even the most expensive backup plans we offer cost a lot less than data loss, recovery attempts and related downtime do.

Cable Management: It’s a Necessity, Not an Option

Let’s face it, nobody likes to take the trouble to organize all the cables that run between their computer peripherals. But failure to do so can make it difficult to troubleshoot or replace equipment that fails, and also lead to a nest of cables that you can hook with your shoe all to easily, which can result in unplugged devices and even damaged cables. Then there are the extreme cases, like the time I was called in to unscramble a mass of cables running over and under a tabletop. That mess, which had been growing for years, was hiding cables that went nowhere, obsolete equipment and even old network hubs that should have been replaced with switches over a decade earlier. The result not only looked neater and made for easier service, but also improved network speed and reliability considerably.

Fortunately, organizing your cables doesn’t have to require anything fancy. Here is an article from pcmag.com that shows how to do it with inexpensive hardware items and even things you might have lying around the house.

https://www.pcmag.com/how-to/clean-up-your-messy-cables

Windows Wednesdays – “Folders” On the Windows 11 Start Menu

If you liked the Choose Which Folders Appear on Start settings in Windows 10, then you will appreciate today’s tip. I am going to show you how this feature was implemented in Windows 11, and how it makes use of otherwise wasted space on the Windows 11 Start Menu.

By default, the Windows 11 Start Menu has a line of empty space along the bottom, outlined in red in the picture below:

The good news is that you can fill that space with shortcuts for things like Documents, Pictures, Network and Settings, just as you may have had in the left margin of the Windows 10 Start Menu. To do that, start by opening Settings. There are a number of ways you can do this, but one good way is to right-click on your Start button and then (left) click on Settings, as shown below.

This will open the Settings window. From there, click Personalization.

From Settings -> Personalization, scroll down (a scrollbar will appear along the right edge if you hover your mouse pointer over it) until you see Start in the right section, then click on it.

From the Start subsection, click on Folders.

You will now be looking at the Folders subsection.

On my computer, I then need to scroll the right section of the window down a bit (again, there’s that hidden scrollbar along the right margin) so I can see all the folders. If your screen is large enough, you might not need to do that. I then click on the Off/On toggles for each “folder” I want to appear at the bottom of my Start Menu, like this:

Note that these are the items I like to have at the bottom of my Start Menu. Your preferences may vary. When you’re finished, simply close the window; there’s no Save button to click. Now, when I click my Start button, my Start Menu looks like this:

The red rectangle won’t appear on your Start Menu. I just added that to highlight my new, useful icons. But here’s something that will appear: If you hover your mouse over one of your new icons, the icon will highlight and a fly-over description will appear. Here’s an example in which I hovered my mouse over the Documents icon:

Windows Wednesdays – Widgets

Windows Vista, which many people don’t remember because it was widely considered a rough draft of Windows 7 as well as the second-most-infamous Windows That Should Never Have Happened, introduced an interesting, entertaining and even somewhat useful Desktop feature called Sidebar. Sidebar was a narrow rectangle of Desktop space, resembling a filmstrip, that could display clickable rectangles of information on the Desktop. Each of those rectangles contained a mini-app, which Microsoft called a Gadget, which was written in some combination of HTML and web scripting languages. Users could control the dimensions of the Sidebar and how many Gadgets were in it. It was probably used most often to display a clock, although I recall seeing Gadgets that displayed news feeds and thumbnail slideshows of the user’s Pictures library. Sidebar was available for awhile in Windows 7 (also, curiously, in Windows Server 2008), but at some point, Microsoft began recommending that users stop using it because its ability to run HTML and web scripts outside of the “sandbox” of a web browser made it a security threat. Microsoft eventually removed it about halfway through Windows 7’s lifecycle.

In the meantime, people were introduced to smartphones and tablets, both of which allow users to place handy information displays on their home screens using elements called “widgets”, at least on Android phones and tablets. For example, I placed widgets that display weather information, my current day’s schedule and my top five Evernote notes on my Android smartphone’s home screens. I can tap on the information in those widgets to open them up in their respective apps and interact with it.

Given how useful widgets are on phones and tablets, it’s not surprising that Microsoft decided to try another stab at bringing that functionality to the Windows desktop. And in Windows 11, they have done exactly that in a new feature called, predictably enough, Widgets.

However, Widgets in Windows 11 behave differently from widgets on a smartphone. I actually consider that a good thing, because I, for one, use my desktop and laptop computers very differently from the way I use my smartphone. The nature of a smartphone – small screen that can really only display one app at a time, and limited processing power and memory that really aren’t that great at multitasking – pretty much guarantees that you’ll be returning to your home screens often. And every time you do so, you see your widgets. Contrast this with a computer. I don’t know about you, but I always have lots of windows open on my computers, and I switch among them using keyboard shortcuts as the Taskbar, so I rarely see my Desktop. If my Widgets lived on my Desktop, I wouldn’t see them often, and they wouldn’t be convenient to access. So, Windows 11 provides a Widgets window for looking at and interacting with Widgets.

You can open the Widgets window from your Taskbar:

If you don’t see the Widgets icon, circled in the picture above, you may have turned it off. To turn it back on, simply right-click on the Taskbar anyplace where there isn’t a program icon, choose Taskbar Settings from the context menu and then turn Widgets back on from there.

After you click the Widgets button in the Taskbar, the Widgets window will open.

Click on something displayed in any widget to open it up in a web browser — Microsoft Edge, of course. Widgets with a line of horizontal or vertical bubbles contain multiple windows of content. Hover your mouse over the line of bubbles to make its scroll arrows appear, and then click on one of the scroll arrow to move to another item in the widget. The selection of widgets and their content appear to come from the same sources as the MSN news feed that Microsoft Edge displays on new tabs if you selected the “Informational” option when you set up Edge.

Do my Widgets look a little sparse and lonely? Don’t worry, there are plenty more. Did you notice that the window has a scroll bar? (To be fair, it’s hard to notice the scroll bars in many Windows 11 windows. That’s one of the things I dislike about it.) Here is another screen print to point it out:

There, now you can’t miss it – I’ve put a red oval around its slider. Slide that down, or press the down arrow or Page Down on the keyboard, and you quickly find that there can be many more pages of widgets. Here’s the next screenful of mine:

You can move your widgets around by dragging and dropping them within the Widgets window. The process feels similar to rearranging the Start menu in Windows 10, actually. Also notice that each widget has a horizontal 3-dot button in its lower right corner. This allows you to customize the widget’s size, content and other options, or remove it from the Widgets window.

If you accidentally delete a Widget that you’re interested in, or you simply want to see what other widgets you can add, scroll back to the top of your Widgets window, and click the “Add widgets” button:

Doing this will, of course, display a window of widgets you can add:

So, are widgets useful? The answer to that is highly subjective. Personally, I don’t use them very much, because I find a web browser to be a much more precise way to look for information. Those who are more in tune with the smartphone way of doing things may find widgets more helpful. Then again, those who are more in tune with the smartphone way of doing this may simply find themselves reaching for their smartphones. Ultimately, the only way to find out if Windows Widgets are useful to you is to use them. If you’re inclined to do that, hopefully I’ve given you a good start.

Windows Wednesdays – Focus Assist & Night Light

In my last Windows Wednesdays post, I began exploring Windows 11’s new Quick Settings panel. This week, I’m going to highlight two features that were actually introduced in Windows 10, Focus Assist and Night Light, which didn’t get much attention at the time because Microsoft didn’t do anything to call attention to them. Windows 11 brings them nearly to the forefront by featuring them on the default Quick Settings menu. So, unless you had reason to seek out these features before, you’ll probably notice them for the first time after upgrading to Windows 11.

Focus Assist is an interesting, almost ironic addition to Windows. Back in 1990, I attended a Microsoft product roll-out presentation for Windows 3.0, which had just been released to the public. The presenter was quick to show how Windows constantly “talked” to you. (I put that in quotation marks, because few computers in those days had sound capabilities beyond the tiny “beep” speaker inside the case, and software that could actually talk to you didn’t exist yet.) And, if you weren’t sure what to do, just clicking anywhere with the mouse would probably make something happen. Contrast this with an article I read about Unix at around the same time, which described Unix as a terse operating system, because, to quote from the article, “…when there’s nothing to say, Unix says nothing.” Each subsequent version of Windows ramped up the amount of information relayed to us by the operating system, the ever-increasing variety of software running on computers meant even more messages for us to see, and networking, which brought web site messages, e-mail notifications and various kinds of instant messages, have all made the average Windows Desktop a very noisy place. As far as I know, Focus Assist is the first feature built into Windows that’s specifically intended to quell your computer’s constant calls for your attention, ostensibly so you can get your work done.

Focus Assist aims to do this by letting you decide what programs may interrupt you during various kinds of activity. You set this up by clicking on the Network/Volume/Power icon group in the Taskbar Notification area to display the Quick Settings panel, right-clicking on Focus Assist, and then choosing “Go to settings” from the context menu. After that, you activate Focus Assist by clicking on its pad in the Quick Settings panel; doing that rotates among Priority Only, Alarms Only and Off modes.

A detailed explanation of how to use Focus Assist is beyond the scope of this post, but if you’re interested in trying it out, here is a link to a great article to get you started: https://www.theverge.com/22696232/focus-assist-windows-11-microsoft-how-to

Night Light is a much simpler feature with a much simpler mission: to reduce eye strain by reducing the amount of blue light radiating from your screen when you’re using the computer in a darkened room. As with Focus Assist, you can change its default settings by right-clicking on the Night Light pad in the Quick Settings panel and choosing “Go to settings” from the context menu. The relevant settings allow you to determine the balance of blue vs. red/green light (accomplished with a simple slide control), activate Night Light immediately so you can test your selected color balance, and schedule the computer to automatically turn Night Light on and off at certain times of the day.

Smishing – the (Relatively) New Phishing

Have you experienced an increase in simple text messages that appear to be intended for someone else? I have; in fact, I’m receiving, on average, three of them per day, and it’s getting rather annoying. The picture at the top of this post is a recent sample.

You probably have some familiarity with SMS scams, i.e., scams perpetrated by text messages, but this doesn’t look like any of the ones I knew about previously. There’s no link to tap on, no well-known company name, no imperative and no real sense of urgency. And you probably already know to just delete all texts like that without a second thought. (Well, hopefully you already know that. If you didn’t, then consider yourself informed.) But this is just a casual, “how ya doin’?” type of text message from someone I don’t know, and apparently intended for someone else I don’t know. So, what harm could there be in texting back a “Sorry, wrong number” message? Which is exactly what I might have done if I hadn’t been busy when the first one arrived and if a second, third and fourth such message hadn’t arrived so soon after the first.

Plenty, it turns out. I had to do some online digging in order to find out what these harmless-looking messages from strangers are all about. Most of the search hits were predictable: warning after warning to delete, without any kind of response, any text message that exhorts you to tap on a link or call a phone number. But messages like those are direct attempts at phishing – called “smishing” when perpetrated by text message – and I already knew about them. I finally happened upon a video clip of a TV news report about the kinds of text messages I’ve been receiving lately. It turns out that they are a relatively new form of social engineering, and an indirect attempt at smishing.

According to the news report, if you respond to one of these texts, the very least that will happen is your cell phone number will end up on a “suckers list”, a list of people likely to fall for texting scams. But the scammer will also try to strike up a conversation with you. They may include a photo of a pretty woman, if they think you’re male, or a hunky man, if they think you’re female. Depending on the sort of information the scammer wants to get from you, the photo may be more than just a head shot, and the person pictured may be dressed in a sexy manner or not at all. That may be an attempt to get you to share a compromising photo of yourself. (That’s not the scam an old guy like me would fall for, but I’m told that many people in their teens, twenties and maybe even thirties are quick to share semi-nude or even nude photos of themselves.) Or the scammer may try to convince you to share financial information, account credentials or personal information. Ultimately, that information will be used to blackmail you, raid your bank account, charge things to your credit cards or steal your identity.

It’s easy to sit there reading this and say to yourself, “Oh, I would never fall for that!”, but social engineering is the art of gaining your trust in order to convince you to willingly give over whatever it is that the scammer wants. There is no doubt in my mind that the perpetrators of this scam are very good at this. The best way to avoid falling for the scam is not to engage them. Just delete the text without responding.

As far as steps you can take to avoid this scam, there currently aren’t many. You could block the phone number, but the scammers use throwaway phones and phone numbers to perpetrate these scams, so the chances are your next scam message will come from a different number. You could forward the text message to “7726” (spells SPAM on a phone keypad), which all the major US cell phone carriers are supposedly using to collect spam reports. Personally, I couldn’t figure out how to do that from my smartphone without it looking like the spam came from my own number, but maybe it’s easier to do this on your phone. You could call your cellular provider, which might be an attractive option if your cellular account doesn’t include unlimited texting, but if you get as many of these irritating texts as I do, it seems to me that you’ll spend a lot of time on the phone with your cellular provider if you do that. Your best option may be to set your phone to block text messages from all numbers not in your contact list. That wouldn’t work for me, because my cell phone number is my business phone number, but I would seriously consider doing that for a personal cell phone number.

My quest for information also turned up some gleeful reports from people who claimed to have counter-scammed the scammers, by texting back things like “Congratulations, you have successfully subscribed to ‘Prayer of the day’! Your account will be debited $0.50 for each new daily message.”, followed by what appeared to be increasingly desperate attempts by the scammer to cancel the “service”. Take these with multiple, large grains of salt. First of all, all those counter-scam reports I saw were 3+ years old. Second, cell phone scammers are probably savvy enough to know that even if they did opt into such a service and couldn’t cancel it, they could solve that problem with a call to their own cellular provider. That’s assuming they’re using their own cellular account in the first place. If they’re using a throwaway phone or account, they won’t care, because they probably provided stolen payment information to the provider in the first place, and their intention is to just ditch it at the end of the month or whenever the provider gets wise to them and shuts the account down, whichever comes first. So, your best bet is to follow my first piece of advice: do not engage.

HP Instant Ink Nasty Surprise

A client called me earlier this week because his HP printer had stopped printing. That, in and of itself, would not have been blog-worthy. There’s nothing out of the ordinary about an HP printer that stops printing. Nor is there anything out of the ordinary about any other brand of printer that stops printing, for that matter. What was unusual was the reason: a message, displayed on the printer’s LCD panel, said something to the effect that the printer was unable to print due to a problem with the client’s HP account. (Sorry, I do not have the exact text of the message.)

I get called to fix all sorts of printer problems. One thing I can tell you is that messages about accounts, and other things based on the Internet or local network, are generally displayed on the computer or other device that’s sending the print job to the printer. Until this incident, all error messages I had ever seen on a printer’s LCD panel indicated some sort of hardware problem, such as “out of paper”, “out of ink”, “paper jam”, etc. It seemed strange to me that a printer would know anything about an online account, and that stayed in the back of my mind as I went through my usual troubleshooting procedures.

I checked the printer properties in Windows, and found nothing amiss, except that, even more interestingly, the printer was connected via USB cable. (The client was in another city, so I was troubleshooting remotely; otherwise, I would have been able to tell at a glance that the printer was connected via USB.) That just made it all the stranger that the printer was so concerned about an HP account; the printer didn’t even have direct access to the Internet, so how could it check such a thing?

Since this was an HP printer, I downloaded and ran the HP Print and Scan Doctor, but it found nothing wrong. At this point, I was quite puzzled, as everything seemed to be in order, and the computer appeared to be communicating with the printer. Yet, nothing was printing, and there was that strange error message on the printer’s display.

Paraphrasing from Dr. Sigmund Freud, who allegedly said, “Sometimes a cigar is just a cigar,” it occurred to me that sometimes, an error message actually means just what it says. Since nothing else had helped up to that point, I decided that I might as well have the client log into his HP account, if he had one, and see if it could offer any clues as to what was wrong. It turned out that the client did have an HP account, which he had more or less forgotten about. Once we had gone through a “forgot password” procedure and gained access to the account, we finally received a message with clearer information: the client had signed up for HP Instant Ink, and his payment information had expired.

I will digress slightly here to say that I don’t know much about HP Instant Ink. If you’ve looked at any HP printers within the last few years, or maybe even bought one, then you probably know at least as much as I do about it, and maybe more. The concept of HP Instant Ink is that you buy genuine HP brand printer ink on a subscription basis. Unlike corporate copier leases and service contracts, which generally involve monitoring software that reports actual printer usage to the company and tells them when you need more printer supplies, HP Instant Ink has you sign up for a predetermined number of pages per month. HP then sends you ink cartridges on a regular basis, based on their estimates of how much ink your printer will need to print that number of pages. Estimate too low, and you run out of ink; estimate too high, and you’ll be hoarding ink cartridges, because HP doesn’t monitor actual usage. I assume that it’s possible to change the number of pages you’ve subscribed for on an ad hoc basis so that you can “right-size’ your subscription.

I’ve never looked to see if HP Instant Ink is a good value or a poor one. Frankly, I don’t recommend HP’s inkjet and all-in-one printers in the first place, due to frequent problems with their software. Most of my clients who buy HP printers anyway don’t sign up for Instant Ink, so I’ve never looked up the details. But the details are exactly where the problem is. Reading some HP support forum posts reveals that if you’re signed up for HP Instant Ink, your printer will stop printing if the printer loses contact with your HP Instant Ink account, if the credit card info the user entered as part of signing up for it expires, if the user cancels his Instant Ink account, or if anything else happens that prevents the printer from exchanging ink status with the HP Instant Ink account. The fine print on the main page where one can go to subscribe to HP Instant Ink says one can cancel at any time, but it doesn’t say that the printer will stop printing if one does so. It also doesn’t say that if the account is suspended due to expired credit card info, canceled by the user or has any other problem that any HP Instant Ink cartridges one has in the printer will cause it to stop printing, even though they were already paid for via the HP Instant Ink program. I’m sure that information is buried somewhere in an end user agreement that one has to accept during the sign-up process, but HP’s failure to disclose it up front strikes me as being awfully sneaky.

It is possible to get the printer working again without signing back up for Instant Ink, updating the payment information or fixing whatever other problem there is with the account. However, that involves buying new ink cartridges at retail. It seems that HP Instant Ink cartridges have a specially programmed chip that identifies them as HP Instant Ink, and the printer has programming to be aware of the subscription status and stop working if the account is suspended, canceled or unavailable and HP Instant Ink is detected.

There is a prospective dark side to this technology. We’ve now seen that HP can compel HP Instant Ink subscribers to keep their subscriptions active or lose the ability to use ink that they’ve already paid for. It would be quite simple for HP to build a line of printers that only works with an HP Instant Ink subscription, fail to disclose that in any way a customer can see prior to buying the printer, and leave the customer with the inconvenience of having to return the printer if they don’t want to sign up for HP Instant Ink. An even more insidious trick would be for HP to push out a firmware update that turns an HP printer that can use HP Instant Ink into one that only uses HP Instant Ink. I don’t think HP would risk the customer anger, horrible PR and possible class-action lawsuits that such a move would likely spur, but who knows for certain? Tech companies have done boneheaded things before.

Getting back to my client, he was happy with HP Instant Ink, and now that he knew what the problem was, he updated his payment information and was printing again within minutes. But my advice is to remember this incident if you are considering HP Instant Ink.

Windows Wednesdays – Quick Settings

By now, you may have noticed that Windows 11 has a new menu that appears when you click the Network, Volume or Power glyph in the Taskbar’s Notification Area:

(I added the red outline for clarity. When you hover your mouse pointer over any of those three glyphs, the section of taskbar indicated by the outline will appear to light up slightly.) The menu that appears is called the Quick Settings menu:

This is actually a bit annoying if your goal is simply to connect to a wireless network, because it adds a step. In Windows 10, you could simply click on the network glyph, which would pop up a list of available wireless networks, choose a network from that list and enter the password for it. In Windows 11, this menu first appears. Next, you have to click on the “>” button next to the Network glyph (which now looks the same as the wireless network icon in Mac OS and on most smartphones if you’re connected to a wireless network, looks like a monitor with a little antenna sticking up next to it if you’re connected to a wired network, or looks like a wire representation of a globe if you’re not connected to a network). For me, at least, this is not intuitive, and when connecting to a new wireless network, I often find myself staring at the Quick Settings Menu, as I try to remember what I’m supposed to do next. In any case, once you click on the “>” button, you can finally click on the desired wireless network and enter the password for it.

The other icons that appear on my Quick Settings menu, shown above, are the default icons, as I haven’t changed them. They are: Bluetooth (“C1L” happens to be the name of my Bluetooth earbuds, which I am using right now as I type this), VPN, Airplane Mode, Focus Assist, Night Light, (screen) Brightness, Audio Volume, Power settings (the battery), Quick Settings Menu Settings (the pencil) and Windows Settings (the gear). But the nice thing about the Quick Settings menu is that you can change what appears on the Quick Menu. A little bit. So, I’ll go ahead and click the pencil glyph so you can see whyI haven’t changed my Quick Settings menu.

The buttons shown in the upper part of the Quick Settings Menu can now be removed, by clicking on the crossed-out pushpin in each button’s upper right corner, and even rearranged, just as you can rearrange pinned icons on the Start Menu. But rearranging these buttons is of limited value, because there just aren’t that many of them, and rearranging them here has no impact beyond how they appear on the Quick Settings Menu. The ability to rearrange the buttons would be of more value if you could add more buttons. Well, in fact, you can add more buttons; just click the + Add button at the bottom:

This is the list of additional buttons you can add to the Quick Settings Menu. As you can see, it’s not a long list, and the reason I haven’t added any buttons to my Quick Settings Menu is because I have no use for any of them. But each of them is potentially useful to somebody. If you have a use for any, then add away, and click the Done button when you’re finished.

Adding more buttons to the Quick Settings Menu will not change the glyphs that appear in the Notification Area in any way. But adding them will make the corresponding functions more convenient for you to get to — if you can remember to click on the Network, Volume or Power glyph in the Notification Area to get to them!

Next week, we’ll begin exploring the Quick Settings Menu buttons.