Smishing – the (Relatively) New Phishing

Have you experienced an increase in simple text messages that appear to be intended for someone else? I have; in fact, I’m receiving, on average, three of them per day, and it’s getting rather annoying. The picture at the top of this post is a recent sample.

You probably have some familiarity with SMS scams, i.e., scams perpetrated by text messages, but this doesn’t look like any of the ones I knew about previously. There’s no link to tap on, no well-known company name, no imperative and no real sense of urgency. And you probably already know to just delete all texts like that without a second thought. (Well, hopefully you already know that. If you didn’t, then consider yourself informed.) But this is just a casual, “how ya doin’?” type of text message from someone I don’t know, and apparently intended for someone else I don’t know. So, what harm could there be in texting back a “Sorry, wrong number” message? Which is exactly what I might have done if I hadn’t been busy when the first one arrived and if a second, third and fourth such message hadn’t arrived so soon after the first.

Plenty, it turns out. I had to do some online digging in order to find out what these harmless-looking messages from strangers are all about. Most of the search hits were predictable: warning after warning to delete, without any kind of response, any text message that exhorts you to tap on a link or call a phone number. But messages like those are direct attempts at phishing – called “smishing” when perpetrated by text message – and I already knew about them. I finally happened upon a video clip of a TV news report about the kinds of text messages I’ve been receiving lately. It turns out that they are a relatively new form of social engineering, and an indirect attempt at smishing.

According to the news report, if you respond to one of these texts, the very least that will happen is your cell phone number will end up on a “suckers list”, a list of people likely to fall for texting scams. But the scammer will also try to strike up a conversation with you. They may include a photo of a pretty woman, if they think you’re male, or a hunky man, if they think you’re female. Depending on the sort of information the scammer wants to get from you, the photo may be more than just a head shot, and the person pictured may be dressed in a sexy manner or not at all. That may be an attempt to get you to share a compromising photo of yourself. (That’s not the scam an old guy like me would fall for, but I’m told that many people in their teens, twenties and maybe even thirties are quick to share semi-nude or even nude photos of themselves.) Or the scammer may try to convince you to share financial information, account credentials or personal information. Ultimately, that information will be used to blackmail you, raid your bank account, charge things to your credit cards or steal your identity.

It’s easy to sit there reading this and say to yourself, “Oh, I would never fall for that!”, but social engineering is the art of gaining your trust in order to convince you to willingly give over whatever it is that the scammer wants. There is no doubt in my mind that the perpetrators of this scam are very good at this. The best way to avoid falling for the scam is not to engage them. Just delete the text without responding.

As far as steps you can take to avoid this scam, there currently aren’t many. You could block the phone number, but the scammers use throwaway phones and phone numbers to perpetrate these scams, so the chances are your next scam message will come from a different number. You could forward the text message to “7726” (spells SPAM on a phone keypad), which all the major US cell phone carriers are supposedly using to collect spam reports. Personally, I couldn’t figure out how to do that from my smartphone without it looking like the spam came from my own number, but maybe it’s easier to do this on your phone. You could call your cellular provider, which might be an attractive option if your cellular account doesn’t include unlimited texting, but if you get as many of these irritating texts as I do, it seems to me that you’ll spend a lot of time on the phone with your cellular provider if you do that. Your best option may be to set your phone to block text messages from all numbers not in your contact list. That wouldn’t work for me, because my cell phone number is my business phone number, but I would seriously consider doing that for a personal cell phone number.

My quest for information also turned up some gleeful reports from people who claimed to have counter-scammed the scammers, by texting back things like “Congratulations, you have successfully subscribed to ‘Prayer of the day’! Your account will be debited $0.50 for each new daily message.”, followed by what appeared to be increasingly desperate attempts by the scammer to cancel the “service”. Take these with multiple, large grains of salt. First of all, all those counter-scam reports I saw were 3+ years old. Second, cell phone scammers are probably savvy enough to know that even if they did opt into such a service and couldn’t cancel it, they could solve that problem with a call to their own cellular provider. That’s assuming they’re using their own cellular account in the first place. If they’re using a throwaway phone or account, they won’t care, because they probably provided stolen payment information to the provider in the first place, and their intention is to just ditch it at the end of the month or whenever the provider gets wise to them and shuts the account down, whichever comes first. So, your best bet is to follow my first piece of advice: do not engage.

HP Instant Ink Nasty Surprise

A client called me earlier this week because his HP printer had stopped printing. That, in and of itself, would not have been blog-worthy. There’s nothing out of the ordinary about an HP printer that stops printing. Nor is there anything out of the ordinary about any other brand of printer that stops printing, for that matter. What was unusual was the reason: a message, displayed on the printer’s LCD panel, said something to the effect that the printer was unable to print due to a problem with the client’s HP account. (Sorry, I do not have the exact text of the message.)

I get called to fix all sorts of printer problems. One thing I can tell you is that messages about accounts, and other things based on the Internet or local network, are generally displayed on the computer or other device that’s sending the print job to the printer. Until this incident, all error messages I had ever seen on a printer’s LCD panel indicated some sort of hardware problem, such as “out of paper”, “out of ink”, “paper jam”, etc. It seemed strange to me that a printer would know anything about an online account, and that stayed in the back of my mind as I went through my usual troubleshooting procedures.

I checked the printer properties in Windows, and found nothing amiss, except that, even more interestingly, the printer was connected via USB cable. (The client was in another city, so I was troubleshooting remotely; otherwise, I would have been able to tell at a glance that the printer was connected via USB.) That just made it all the stranger that the printer was so concerned about an HP account; the printer didn’t even have direct access to the Internet, so how could it check such a thing?

Since this was an HP printer, I downloaded and ran the HP Print and Scan Doctor, but it found nothing wrong. At this point, I was quite puzzled, as everything seemed to be in order, and the computer appeared to be communicating with the printer. Yet, nothing was printing, and there was that strange error message on the printer’s display.

Paraphrasing from Dr. Sigmund Freud, who allegedly said, “Sometimes a cigar is just a cigar,” it occurred to me that sometimes, an error message actually means just what it says. Since nothing else had helped up to that point, I decided that I might as well have the client log into his HP account, if he had one, and see if it could offer any clues as to what was wrong. It turned out that the client did have an HP account, which he had more or less forgotten about. Once we had gone through a “forgot password” procedure and gained access to the account, we finally received a message with clearer information: the client had signed up for HP Instant Ink, and his payment information had expired.

I will digress slightly here to say that I don’t know much about HP Instant Ink. If you’ve looked at any HP printers within the last few years, or maybe even bought one, then you probably know at least as much as I do about it, and maybe more. The concept of HP Instant Ink is that you buy genuine HP brand printer ink on a subscription basis. Unlike corporate copier leases and service contracts, which generally involve monitoring software that reports actual printer usage to the company and tells them when you need more printer supplies, HP Instant Ink has you sign up for a predetermined number of pages per month. HP then sends you ink cartridges on a regular basis, based on their estimates of how much ink your printer will need to print that number of pages. Estimate too low, and you run out of ink; estimate too high, and you’ll be hoarding ink cartridges, because HP doesn’t monitor actual usage. I assume that it’s possible to change the number of pages you’ve subscribed for on an ad hoc basis so that you can “right-size’ your subscription.

I’ve never looked to see if HP Instant Ink is a good value or a poor one. Frankly, I don’t recommend HP’s inkjet and all-in-one printers in the first place, due to frequent problems with their software. Most of my clients who buy HP printers anyway don’t sign up for Instant Ink, so I’ve never looked up the details. But the details are exactly where the problem is. Reading some HP support forum posts reveals that if you’re signed up for HP Instant Ink, your printer will stop printing if the printer loses contact with your HP Instant Ink account, if the credit card info the user entered as part of signing up for it expires, if the user cancels his Instant Ink account, or if anything else happens that prevents the printer from exchanging ink status with the HP Instant Ink account. The fine print on the main page where one can go to subscribe to HP Instant Ink says one can cancel at any time, but it doesn’t say that the printer will stop printing if one does so. It also doesn’t say that if the account is suspended due to expired credit card info, canceled by the user or has any other problem that any HP Instant Ink cartridges one has in the printer will cause it to stop printing, even though they were already paid for via the HP Instant Ink program. I’m sure that information is buried somewhere in an end user agreement that one has to accept during the sign-up process, but HP’s failure to disclose it up front strikes me as being awfully sneaky.

It is possible to get the printer working again without signing back up for Instant Ink, updating the payment information or fixing whatever other problem there is with the account. However, that involves buying new ink cartridges at retail. It seems that HP Instant Ink cartridges have a specially programmed chip that identifies them as HP Instant Ink, and the printer has programming to be aware of the subscription status and stop working if the account is suspended, canceled or unavailable and HP Instant Ink is detected.

There is a prospective dark side to this technology. We’ve now seen that HP can compel HP Instant Ink subscribers to keep their subscriptions active or lose the ability to use ink that they’ve already paid for. It would be quite simple for HP to build a line of printers that only works with an HP Instant Ink subscription, fail to disclose that in any way a customer can see prior to buying the printer, and leave the customer with the inconvenience of having to return the printer if they don’t want to sign up for HP Instant Ink. An even more insidious trick would be for HP to push out a firmware update that turns an HP printer that can use HP Instant Ink into one that only uses HP Instant Ink. I don’t think HP would risk the customer anger, horrible PR and possible class-action lawsuits that such a move would likely spur, but who knows for certain? Tech companies have done boneheaded things before.

Getting back to my client, he was happy with HP Instant Ink, and now that he knew what the problem was, he updated his payment information and was printing again within minutes. But my advice is to remember this incident if you are considering HP Instant Ink.

Windows Wednesdays – Quick Settings

By now, you may have noticed that Windows 11 has a new menu that appears when you click the Network, Volume or Power glyph in the Taskbar’s Notification Area:

(I added the red outline for clarity. When you hover your mouse pointer over any of those three glyphs, the section of taskbar indicated by the outline will appear to light up slightly.) The menu that appears is called the Quick Settings menu:

This is actually a bit annoying if your goal is simply to connect to a wireless network, because it adds a step. In Windows 10, you could simply click on the network glyph, which would pop up a list of available wireless networks, choose a network from that list and enter the password for it. In Windows 11, this menu first appears. Next, you have to click on the “>” button next to the Network glyph (which now looks the same as the wireless network icon in Mac OS and on most smartphones if you’re connected to a wireless network, looks like a monitor with a little antenna sticking up next to it if you’re connected to a wired network, or looks like a wire representation of a globe if you’re not connected to a network). For me, at least, this is not intuitive, and when connecting to a new wireless network, I often find myself staring at the Quick Settings Menu, as I try to remember what I’m supposed to do next. In any case, once you click on the “>” button, you can finally click on the desired wireless network and enter the password for it.

The other icons that appear on my Quick Settings menu, shown above, are the default icons, as I haven’t changed them. They are: Bluetooth (“C1L” happens to be the name of my Bluetooth earbuds, which I am using right now as I type this), VPN, Airplane Mode, Focus Assist, Night Light, (screen) Brightness, Audio Volume, Power settings (the battery), Quick Settings Menu Settings (the pencil) and Windows Settings (the gear). But the nice thing about the Quick Settings menu is that you can change what appears on the Quick Menu. A little bit. So, I’ll go ahead and click the pencil glyph so you can see whyI haven’t changed my Quick Settings menu.

The buttons shown in the upper part of the Quick Settings Menu can now be removed, by clicking on the crossed-out pushpin in each button’s upper right corner, and even rearranged, just as you can rearrange pinned icons on the Start Menu. But rearranging these buttons is of limited value, because there just aren’t that many of them, and rearranging them here has no impact beyond how they appear on the Quick Settings Menu. The ability to rearrange the buttons would be of more value if you could add more buttons. Well, in fact, you can add more buttons; just click the + Add button at the bottom:

This is the list of additional buttons you can add to the Quick Settings Menu. As you can see, it’s not a long list, and the reason I haven’t added any buttons to my Quick Settings Menu is because I have no use for any of them. But each of them is potentially useful to somebody. If you have a use for any, then add away, and click the Done button when you’re finished.

Adding more buttons to the Quick Settings Menu will not change the glyphs that appear in the Notification Area in any way. But adding them will make the corresponding functions more convenient for you to get to — if you can remember to click on the Network, Volume or Power glyph in the Notification Area to get to them!

Next week, we’ll begin exploring the Quick Settings Menu buttons.

Not All Phishing Is Done Via E-mail

I received an interesting – and scammy – letter in the mail last month. It was from a company calling itself “United States Domain Authority” and, at first glance, appeared to be a reminder to renew my lebowitzit.com domain name. The letter was a slick job, liberally festooned with American flags on both sides of the letter, and even on the envelope and return envelope. (Apparently, when people see American flags, they’re supposed to drop all caution and common sense and just do what purports to be the patriotic thing, which, in this case, would be to pull out the checkbook and respond to the pitch.) Here is the letter for you to see:

(For those of you wondering, I did not blank out my company name or address because I purposely post those online. I only blanked out the data items that someone might, for whatever reason, use to respond to the ad in my name.)

So, how did I know this was a scam? The answer is that this is one of those situations in which knowing just a little bit about your own organization can save you, even if you don’t know a whole lot about what it takes to have an Internet presence. Specifically, I knew that my domain name wasn’t up for renewal, because I had just renewed it several weeks before the date on the letter.

That had me looking more carefully at the letter. The next thing that stuck out, other than those pervasive American flags, was the big, bold text in the upper right corner, which proclaim “MARKETING SERVICES”. A letter from my domain name registrar, were they to send me one, would not have such text. It would be focused on domain name renewal, which is what they would be all about. Before you think that the scammers are doing you a favor by clearly identifying their wares as “MARKETING SERVICES”, they aren’t. The reason that text is there is because it is a federal crime to use the United States Postal Service to perpetrate fraud, which is exactly what making a letter like this look like a domain name renewal notice is. So, they prominently label the letter as “MARKETING SERVICES”, and then design the rest of the letter to distract your eyes from that text. This is what’s known as covering one’s legal a**.

Recognizing the remaining clues that this letter isn’t what it appears to be requires at least a bit more technical knowledge. But that’s OK — that’s what we’re here to provide!

Let’s start with the name of the sender: United States Domain Authority. It’s fairly easy to do a web search and find out if they actually are a domain name registrar, but I can tell you that I know which companies handle most domain name registrations in the United States, and this company’s name didn’t sound familiar. I also happened to know it isn’t the name of my domain name registrar. And if you read carefully, you can see the letter discloses, in smaller print, and in the middle of a paragraph that’s easy to gloss over, that they admit that they aren’t a domain name registrar:

Next, we have the cost. There is no MSRP for domain name registrations, as far as I know. Prices vary from registrar to registrar, and also depend on the exact domain name you are registering. Registrations in certain top-level domains can be extremely expensive. But I knew from my past domain name renewals that $289 was very high for just one year.

In fact, all this letter is really selling me is an opportunity, if you can call it that, to have my domain name listed in some directory that I’ve never heard of. That’s a dubious value, to say the least, and certainly not worth $289. For all I know, all it would do is put me on a list for receiving more junk mail, which I can certainly do without. There’s even the possibility that the letter is from a company that’s just a front for collecting account information to be sold on the dark web. I honestly don’t know or care. I just thought it made for an interesting blog entry and subsequent denizen of my circular file.

Evolution of External Storage

Some of the work I do involves transferring data from one device to another. This includes computer storage drive upgrades, recovering data from non-working computers. getting data from PC to Mac or vice versa, and more. To do this, I have an array of USB devices of various types and capacities, including flash drives (also known as “thumb drives”, which is the equivalent of calling a facial tissue a “Kleenex”, or “pen drives”, a phrase that I believe originated in the UK, although I don’t know its etymology) and USB hard drives, as well as several devices that enable me to connect several different kinds of internal hard drives and solid state drives to a computer’s USB port.

I recently needed to replace my 1TB USB hard drive. A lot has changed since I purchased that 1TB USB hard drive, in terms of the per-gigabyte cost of storage and the technologies used to connect them. Mulling this over, I still rarely need drives larger than 1TB, but since most computers nowadays have at least one USB 3.x port, many also have the smaller, more versatile USB C ports, and data recovery tools that run outside of Windows have supported both of those connections for some time, I opted for a Crucial X6 SE USB 3/USB C Solid State Drive. I’ve had an opportunity to use it a couple of times now, and when plugged into a healthy computer that supports its fastest connection options, it can copy large amounts of data in blessedly short periods of time. (Of course, if the computer isn’t healthy or only supports a USB version older than 3.0, it will be limited to much slower speeds.) As a solid state drive, it’s also fairly impervious to drop damage, unlike my USB hard drives. And it’s compact and lightweight enough to have a permanent home in my laptop bag. It’s surely a fine addition to my toolkit.

Looking over my collection of USB drives, pictured above, offers a snapshot of how external storage has evolved over the last 15 years or so. Note that all of these drives cost $85 or so at the time they were purchased.

Starting from the top, I have a Western Digital My Passport 250GB model, official model number WD2500ME-01. This is a very old drive, purchased new sometime in 2007-2009, since all the manuals I can find for this line of drives mention support for Windows 98SE through Windows Vista. (Windows 7 came out in 2010.) It works well enough, but the conventional hard drive inside spins at only 5400 RPM, which is on the slow side for a hard drive, and its interface is USB 2.0. Between its relatively slow speed and small capacity, I only use it for small data transfers, and then only if my other drives are unavailable.

Second from the top is a unit that started out as an Iomega Prestige 500GB model. The reason it’s in a funny-colored case that says “acomdata” instead of “Iomega” is because I transplanted it into a 3rd party drive enclosure. Iomega, which was known for its innovative storage products in the 1990s, was no longer so innovative by 2012, when I bought this drive. They were selling relatively low-cost USB hard drives, though, which is mainly what attracted me to this model. I hadn’t owned it for six months when its mini-USB port broke. Since it was still under warranty, I sent it in for warranty service, finding out in the process that Iomega had been acquired by Lenovo, which fulfilled my warranty. Alas, the mini-USB port on the drive I got back didn’t last any longer than the first one did. At that point, I could still have sent it in for yet another warranty repair or replacement, but a quick look on Amazon.com told me that I could get a 3rd party enclosure for the drive for about what it would cost me to send the drive back to Lenovo again. I gambled that the mini-USB port on the 3rd party enclosure would last longer than the one on another Prestige drive would. That gamble paid off, and the drive still works fine. However, like the WD My Passport drive, it doesn’t get used often anymore, because while its capacity is more in line with what I need for data transfers, its USB 2.0 interface makes it quite slow, although not as slow as the My Passport drive.

The third drive from the top is a Seagate Expansion 1TB USB hard drive. I bought it in 2017 or 2018, and it’s the drive I’ve been using most often, because its USB 3.0 interface makes it much faster than the WD My Passport and the Iomega Prestige. I actually used to have two of these, but one was ruined when I dropped it on the floor accidentally. Unlike the My Passport and the Prestige drives, whose drives could theoretically be replaced with off-the-shelf hard drives or solid state drives, the Seagate Expansion uses a specially-made hard drive with a USB circuit board instead of a conventional SATA board. This meant there was nothing I could do but recycle the whole thing. This is the drive that’s being replaced.

Finally, at the bottom, we have my brand new Crucial X6 SE. The solid state drive inside it is many times faster than the conventional hard drive in the Seagate Expansion, and when plugged into a computer with a USB C port (or a USB 3.2 Type A port), it supports data transfers of up to 800MB/sec. Its real-world maximum speed is probably closer to 500MB/sec, but that would still make it three times as fast as the Seagate Expansion drive it replaced. (Despite USB 3.0’s theoretical top speed of 625MB/sec, I’ve never seen the Seagate Expansion copy faster than 175MB/sec, and it rarely exceeds 130MB/sec.) That means it’s far better for moving data to and from modern computers with very fast NVMe solid state drives.

It’s always interesting to see how technologies evolve over time!

Something Zany for the New Year

One of my favorite magazines, Consumer Reports, has long had a back page feature dedicated to publicizing exaggerated claims, overreaches and silly errors in advertising. While shopping for a 1TB solid state drive today, I came across a very unfortunately named SSD on amazon.com, something that would be right at home on that page. Here it is, for your end-of-year amusement:

I can only assume that English is not the seller’s first language, because I can’t imagine what he thinks a somnambulist is. (If English isn’t your first language, I will save you a run for your dictionary: a somnambulist is a sleepwalker.) It’s certainly not a characteristic I would want to find in a solid state drive, or a conventional hard drive, for that matter.

Wishing everyone good health, happiness, success and plenty of good humor in 2022!

Windows Wednesdays – Does Windows 11 Force You To Use the Microsoft Edge Browser?

I have a confession to make: I like Microsoft Edge. I’ve been using it as my default web browser since Microsoft came out with the Chromium-based version of it. Chromium is the open-source web browser engine on which Google Chrome is based, and the first Chromium-based version of Edge was almost indistinguishable from Chrome, except for a couple of minor user interface elements. Microsoft has steadily made changes that differentiate it. Some of those changes have been good, like the “under the hood” changes that have improved its performance. Some changes I could’ve done without, such as making downloads Firefox-like, except that Edge makes the downloads indicator in the upper right disappear after a short while, while Firefox keeps it visible. (I find Firefox’s implementation more convenient.) But the main thing that got me to switch to Edge was that Chrome, which had been my default browser, was running slowly on certain sites that I use frequently, and Edge worked with them much faster.

The important thing is that I didn’t notice any of the issues that various pundits have reported about using other browsers with Windows 11 because I was already using Edge as my default browser. However, I’m a fickle web browser customer; I’ve been known to change default web browsers every six to twelve months. So, let’s see how difficult this really is.

First, I decided to try making Firefox my default web browser. That’s easy enough: just run Firefox, go into its Settings, and we see the button to make Firefox the default browser right there, in the first section:

I click on the button and… nothing seems to happen, except that the status changes from a blue face and the description “Firefox is not your default browser” to a yellow smiley face and description “Firefox is currently your default browser”. Wow, that was easy. I didn’t even get a Windows default browser pop-up like the one I used to get in Windows 10 (which also used to display a message alerting me to the presence of Edge and make me click an additional “Switch Anyway” button). Could it actually be this easy? I switched to my e-mail program, opened a message with a clickable link, clicked on that link and sure enough, Firefox opened and displayed the page!

However, if I click my Start button, type a URL, like “https://www.amazon.com” in the search field and press [Enter], the web page opens in Microsoft Edge. Maybe this is what the pundits mean by Microsoft forcing Windows 11 users to use Microsoft Edge, but, to be fair, this behavior is virtually unchanged from Windows 10. In Windows 10, it was all but impossible to get Windows Search to display web results in any browser other than Edge.

Let’s have a look at what’s going on behind the scenes. I open Default Apps (there are a number of ways to do this, but I find the most direct is to click the Start button and start typing the word “default”):

Next, I search for Firefox:

Hopefully, your Default Apps only lists Firefox once (if you have Firefox installed at all). A quick check of the two entries I have reveals that they both have the exact same settings. Speaking of which, let’s click on Firefox (either one, in my case) and see what those settings are:

Well, now, that’s interesting: Firefox was made the default program for file types .htm, and .html, and, scrolling down, we find it’s also the default program for HTTP and HTTPS protocols. Firefox did not make itself the default program for some lesser-known file types, such as .svg and .webp (Microsoft Edge is still the default for those) or for the MAILTO protocol, which is just as well, because I want Mozilla Thunderbird, my e-mail client, to remain the default program for that.

Now let’s see what happens when we make Google Chrome the default browser. The first steps are simple enough: Run Chrome, click the 3-dot button in the upper right to drop down the Chrome Menu, choose Settings and, since the default browser setting isn’t the first thing we see, I type “default browser” in the Search field at the time in order to find it:

I click the “Make default” button, and this time, Windows responds by opening the Default Apps settings:

Well, that’s not very helpful, to say the least! It’s unclear to the average user what they’re supposed to do next. A quick experiment of closing Chrome, reopening it and going back to the Make Default Browser setting reveals that nothing has changed, and Chrome is still not the default browser. It would seem that to make it so, we must manually change the Chrome settings in Default Apps. So, let’s look those up. Type “chrome” in the “Search apps” field, and click on Google Chrome when it appears. Sure enough, we quickly see that Firefox is still the default for HTML files and the HTTP/HTTPS protocols, and the rest of the settings are unchanged from what they were. For Chrome, at least, I have to update the default program settings one at a time. So, I click on the first one, for .htm files, and see something familiar from Windows 10:

I click on Google Chrome, and the setting for .htm files changes to Google Chrome with no further challenge. Now I do the same for .html, .shtml, .svg, .xht, .xhtml, FTP, HTTP and HTTPS. (Most users could probably leave .shtml, .svg, .xht and .xhtml unchanged and never know the difference.) Close Chrome and reopen it, and now, when I check its Default Browser setting, it reports that Google Chrome is my default browser. Go back to my e-mail, click on the link, and, sure enough, it opens in Google Chrome. OK, that was a bit laborious, but not terrible.

Since I actually want to continue using Microsoft Edge as my default browser, I go back into MIcrosoft Edge and click on its “Make default” setting. (I will spare you the details, since you’re probably all Google Chrome fans, anyway! ) As with Firefox, the change is made silently, and if I manually open the Default Apps settings, I see that Edge made itself the default for all the web browser file and protocol types that matter. I might call this a home field advantage, except that Firefox was able to do this, too. Evidently, out of the three most popular browsers, only Chrome needs extra help to make it the default. And it would also appear that most of the pundits who have been writing about Windows 11 are Google Chrome purists.

So, does Windows 11 really force you to use Microsoft Edge? I would say no, not in any way that really matters or is new to Windows 11. But making Chrome your default browser is more difficult in Windows 11 than it should be.

Today’s Silly Tech: The Alexa-Controlled Coffeemaker

Every once in a while, I come across an application of technology that is just plain ridiculous. For example, years ago, I walked into a Norelco store (back when such stores existed) to see about getting my electric shaver fixed (OK, now I guess I’m really dating myself — who fixes shavers anymore?) and look at some new ones. The man behind the counter proudly showed me Norelco’s latest and greatest model, which had some absurdly high price tag on it. Since I didn’t see any gold plating on the thing, I asked the salesperson what made this shaver worth so much. He replied that the shaver had a microprocessor in it that kept its motor spinning at precisely 3600 RPM at all times. OK, that was unexpected. If he had said something about diamond-edged blades or precision combs, it might have made some sense to me. But we were talking about shaving here, not keeping time or spinning records (oops, dated myself again!). So I paused, blinked a few times and then asked the salesperson, “And how, exactly, does guaranteeing a motor speed of precisely 3600 RPM give me a better shave?” He didn’t have an answer to that, so I either handed him my old shaver for repair or purchased a more reasonably-priced replacement, and that was that. But I never forgot the encounter for being an obvious case of techno-gimmickry.

This morning, I experienced another such encounter without even leaving my home. I received an Amazon Treasure Truck notification on my phone, about an amazing, get it while it’s hot, 42% discount on a Hamilton Beach Smart Coffee Maker, just $54.99 instead of the usual $99.99. And what’s so smart about it, you may ask? (Well, you should ask; after all, I did.) Why, you use Alexa to turn it on, that’s what! Don’t take my word for it; see it for yourself at https://smile.amazon.com/dp/B07TFLNDNR/ref=cm_sw_em_r_mt_dp_19ZZA1WE7RAX4YGF8ZY0

Looking through the photos and description, I suddenly found myself thinking about an episode of the original 1970s-’80s “Fantasy Island”, in which Tattoo excitedly shows Mr. Rourke his new invention, a fly killer, which consists of two wooden blocks. When Mr. Rourke asks how it works, Tattoo’s explanation begins with, “First, you catch a fly…”; you can probably figure out the rest for yourself. Turning back to Hamilton Beach’s technological wonder, we see that before you tell Alexa when you want her to set your coffee a-brewin’, you must first load up the machine with water, a conventional filter and coffee grounds. Oh, and close the loading door. Manually.

Is there a way to connect the machine to your kitchen’s water supply? Nope. Does the machine have a hopper for, say, a pound of coffee grounds or beans so Alexa can tell it, on the fly, how much coffee to make? Nope. Can it eject the spent grounds and filter into a nearby receptacle and clean itself? Nope, nope. So, what, exactly, does Alexa bring to the table here? Uh, she can tell the coffee machine to turn itself on when you’re not there. That’s nice, but my completely conventional Mr. Coffee brewer can do that just about as well, and for less than half the discounted price, with its delayed brew timer. So, all the smart features really do is increase the cost of the machine, and, if the seller has had a lot of practice as a carnival barker, increase his profit margin. I’m going to guess that didn’t work out too well for Hamilton Beach or Amazon, because the latter just put the machine on the Treasure Truck at a much more conventional price, and the former has discontinued the product.

Don’t get me wrong here. I love technology. I’m in the business of selling and servicing technology. But I will never sell you technology that serves no purpose beyond the product description.

Windows Wednesdays – The Recommended List

I have devoted a lot of prose in this series to the upper half of the new Start Menu. It’s about time we looked at the lower half, cryptically labeled “Recommended”. I say “cryptically” labeled because “Recommended” seems like something of a misnomer. An attentive Windows 11 user notices fairly quickly that the list of entries in that section changes constantly. So, what’s up with that?

The short answer is that this section is actually just the latest variant of Windows longstanding “Recent Files” list. Windows has offered users a way to see their most recently edited files at least since Windows 98. (Prior versions may have had it as well, but my memory is a bit foggy, this has proven to be a bit of an obscure feature, and online documentation about it is a bit scarce, so in the interest of brevity, I will plead ignorance.) The Recent FIles list was hidden by default in Windows XP, Vista and 7, but savvy users could make it appear on the Start Menu by turning it on the Start Menu Properties. It was available in Windows 8 and 10, but those versions of Windows required a bit of navigation to get to it in File Explorer. I have read of some shortcuts for getting to it in those versions, but since this blog entry is about Windows 11, I’m not going to ferret out those details.

In Windows 11, the Recent Files list resurfaces in plain sight, with some improvements (in my opinion), as the Recommended section of the Start Menu. When you first bring up the Start Menu, the Recommended section shows the six most recently accessed items, whether they’re files or recently added programs. The items – calling them “files” would be inaccurate here – are sorted with the most recently used first, and, as far as I can tell, there’s no way to customize the sort. (That makes sense in this context.) Click on the “More >” button above and to the right of the list, and the view changes to a scrollable list of your recently used items. In the case of files, they’ll appear if they were merely opened, not necessarily edited and saved again.

If you right-click on an item in the Recommended list, a context menu will appear. The items on the context menu vary depending on what the item points to (remember, items in Recent Files have never been the files themselves, just shortcuts to them), but the one item that appears on all the context menus is “Remove from list”. This gives you some control over what items you see in the Recommended list, but remember that the Recommended list is fluid, updating constantly as you edit files or install software. If there are particular files in the Recommended List that you want to keep close at hand at all times, then your best bet is probably to right-click on them, choose “Open file location”, and create a Desktop shortcut to them. I explained how to create a Desktop shortcut in last Wednesday’s entry, so I won’t go into it here.

All in all, I like the new Recommended section. I’ve always liked having the list of my most recently used files readily visible, and this new way of showing it on the Start Menu dovetails nicely with the way I work.

My Observations About Open-Source Router Firmware

A number of years ago, I had my first encounter with open-source router firmware. My revelation came in 2014 or ’15, in the form of an old Linksys WRT54G pressed into service by a VoIP vendor. My casual observation at the time (backed up, after the fact, by some research I did for this blog post) was that the router had to be at least 10 years old, and my experience with consumer-grade routers was that they rarely provided more than 5 years of 24/7 service. There were much more powerful, industrial-grade routers to be had in 2014, so it seemed rather odd to me that a commercial VoIP vendor would choose such an old, clunky, outdated router to direct an office’s VoIP traffic. So, I did what came naturally to me: I asked the vendor, politely and diplomatically, of course, about his choice of routers for this application. His answer was that I was correct, a stock Linksys WRT54G would not be an appropriate piece of equipment for handling VoIP. However, this was not a stock Linksys WRT54G; it was a WRT54G whose original firmware had been replaced by an open-source router firmware called Tomato. Tomato not only had the magical power (well, it seemed magical to me at the time) to resurrect a failing consumer-grade router, but it could also unleash capabilities not normally found in consumer-grade routers. Well, that was certainly not the answer I had anticipated, and not knowing what else to do with it, I made a thoughtful face, uttered “Cool!”, or maybe a Mr. Spock-esque “Fascinating.”, and filed the information away in my brain for future reference.

The next time I thought about this was a year or so later, when my own home wi-fi router started acting flaky. Before running out to buy a replacement, I thought, “Hey, wait, let’s see if maybe this Tomato or Potato or Avocado or Whatever-o (I knew it was some fruit or vegetable ending in ‘o’) can resurrect my dying router. I fired up a web browser, did a quick search, and… no dice. I quickly discovered that Tomato didn’t support my router. It only supported a handful of routers, mainly variants of the Linksys WRT54G. I also found that there were other open-source router firmwares available, such as OpenWRT and DD-WRT, but they didn’t support my router, either. So, I went back to Plan A, and bought a new router. I didn’t think much about it again until 2018 or 2019, when I once again encountered an old, outdated-looking router in an office, only to discover that the router had been loaded with open-source firmware, this time DD-WRT.

Fast-forward to a little over a month ago, when my current router, a Netgear Nighthawk R7000P AC2300 model, started dropping wi-fi connections intermittently. It’s not an old router, but, frustratingly, its problems began just a couple weeks after its one-year warranty ended. Two Netgear firmware upgrades failed to fix it, Netgear’s online help provided no useful information, and all I could find out about it from public forums were posts from plenty of other Netgear R7000P owners who were experiencing the exact same problem, with no solutions mentioned. That’s when I remembered that VoIP vendor’s statement from all those years ago, that third-party, open-source firmware could sometimes fix problems with a failing wi-fi router. My most recent encounter with open-source router firmware was DD-WRT, so I looked up its web site and found that it works with my router. Yes!

I then set about finding out what I had to do to wave DD-WRT’s magic wand over my increasingly malfunctioning router. It didn’t take long for me to come across a stern warning to read DD-WRT wikis and forum posts before beginning, find the correct version of the firmware for my router, and then carefully follow the installation instructions, because there was a very real chance of turning my already unhappy router into a paperweight if I did something wrong. And to emphasize all that, the introductory instructions included the warning that “TL:DR is no excuse”. That did give me pause, at first. But then I remembered that my router was failing anyway, so, if worse came to worst, my attempt to load DD-WRT on it would brick the thing, at which point I’d just go buy a new one.

I’m not going to bore you with the technical procedures that transformed my flaky, stock Netgear Nighthawk R7000P into a DD-WRT-powered wi-fi router that seems to be stable so far. The main reason is that the procedures vary from router to router. Your router might require different procedures, or might not be supported at all. One thing you learn from reading those wikis and forum posts is that no two consumer-grade router manufacturers agree on how to implement the technology, and routers from the same manufacturer might all require different steps for loading DD-WRT. It must have been a maddeningly complicated project for DD-WRT’s developer community to make the product work with as many routers as it supports, and it sounds like an equally maddening project to continue to fix bugs and make improvements to the firmware. The bottom line is that if you want to run open-source firmware on your router, you’ll have to do your own homework, and a lot of it.

I will provide you with my observations, though. First, the results: As of right now, all the major features I was using before the firmware change – Internet routing, wired network switch, wi-fi network, guest wi-fi network and sharing a USB-connected external hard drive over my network – are working, at least for the most part. There appears to be a bug that prevents the 5GHz guest network from working, and attempts to make it work make the other wi-fi connections unreliable, but I can live without that. The parental controls that Netgear included with my R7000P, Netgear’s flavors of OpenDNS and Circle, are gone, but I no longer need those.

Another thing I picked up along the way is why not all routers can be supported by open-source firmware. First and foremost, in order for a router to be supported, its factory firmware must run on Linux. In fact, this is why the original Linksys WRT54G was the router supported by the first open-source router firmwares: it was the first consumer-grade router known to run Linux, which made it hackable. (Note that to programmers, “hacking” is not necessarily a bad thing. It simply refers to writing short, clever program code intended to accomplish a task. Only when we’re talking about a malevolent hacker does the task involve breaking through security and stealing data.) To this day, not all consumer-grade routers run Linux.

Be aware that when you load open-source firmware onto your router, you effectively become your own tech support provider. Open-source router firmware, like open-source application software, is written by consortia of volunteer programmers. There is generally no company bankrolling the project, and there is no company paying tech support agents to help people use it. There are wikis and knowledgebases containing a wealth of information about the firmware, but it, too, is written by volunteers, so it’s not always well-organized, it’s often out of date and it’s not unusual to encounter conflicting information. You can join the support forums for the firmware and post messages there requesting assistance, but if your message makes it obvious that you’ve made no attempt to look in the wikis or for other forum posts dealing with your issue, then you’ll most likely receive a brusque referral to those wikis or posts, or your message may be ignored entirely. And if you cop an attitude by demanding a response, calling programmers idiots or complaining about rude or inattentive support personnel, you will get a frosty response at best, and might even get banned from the forum. Open-source is a very cool concept, but you must remember that when you opt for open-source products, you are nobody’s valued customer.

Part and parcel with learning to support your open-source router firmware is learning a whole slew of unfamiliar terms. For example, earlier, I mentioned that I had gotten my “guest wi-fi network” working. You may be familiar with the concept of a guest wi-fi network from your own router, but when you look through DD-WRT’s administration pages, you won’t see any mention whatsoever of a guest wi-fi network. That’s because in DD-WRT, guest wi-fi networks are simply a specific application of what they call “virtual access points”. In a nutshell, to create a guest wi-fi network in DD-WRT, you create a virtual access point, turn on the Unbridged, AP (Access Point) Isolation and Net Isolation options, specify an IP address range and a DNS address, visit another page to set your virtual access point’s password and security settings, and visit yet another page to turn on something called Dnsmasq and type in several arcane-looking lines of code to make Dnsmasq create a DHCP server for your virtual access point. Got all that?!? Probably not, but maybe now you have gained some appreciation of all the things your stock wi-fi router does for you behind the scenes when you activate its guest wi-fi network feature, name it and give it a password. Personally, I had never heard of a Dnsmasq before. I still don’t quite know what one is, although I now have some idea of what it does.

This is my foray into DD-WRT open source firmware so far. It’s going to be an ongoing adventure for me, and I may post more about it in the future if it leads to any new, interesting stuff. I actually kind of hope it doesn’t, because now that my router appears to work reliably again, I would very much like it to go back to being an appliance that just works in the background and doesn’t require me to think about it much. I decided to write this only because I like to post once a week about interesting tech adventures, and this certainly qualifies. But it is not an announcement of a new product or service from Lebowitz IT Services. Please do not ask me to load DD-WRT or any other open-source firmware on your router. If you do, then my reply will tell you that as of right now, I don’t have the experience and in-depth understanding of open-source router firmware to do such a project, very likely followed by an offer to send an estimate for what a new router or mesh wi-fi system would cost.