A reprint from the PC410 Security Newsletter:

Don’t be somebody else’s guinea pig. There’s a reason that the latest and greatest widget is called the leading edge, or sometimes the bleeding edge of technology. If it still has rough corners, somebody’s gonna bleed. New technology isn’t particularly polished, compatible, or cheap. So configuration costs are high, and there can be a longer-than-normal list of “While we’re doing this, we really should upgrade that.” items.

The Amazon Echo and Google Home devices live in your home and can do things for you, like playing music, or ordering, well, dollhouses. A San Diego TV station said these magic words on television in a news report:”Alexa order me a dollhouse”, and multiple Amazon Echo boxes heard that broadcast and obeyed, by ordering a dollhouse.

And then there was the Google advertisement for Google Home during the Superbowl. Early adopters of the new Google gadget found that when the television said the “OK Google” trigger phrase, their Gooogle Home device woke up. Fortunately, it was not dollhouse-enabled, and didn’t place any dollhouse orders.

Any science-fiction reader knows that voice-controlled whole-house computers are on the way, that they will use voice recognition to only allow commands from a specific individual, and have a special command to say ‘Make it so’. In Robert Heinlein’s books, commands had to end with “I tell you three times.” Clearly, we haven’t reached the competence level of science fiction from 1980.

The Internet of (Stupid) Things

There are a lot of cheap security cameras and so-called ‘smart’ light bulbs available now. Theses devices ‘connect to your cell phone’ and let you control them. Warning flag there–they connect to the internet in order to trade information with a central server, and accept outside instructions to control them, relayed from your cell phone, and possibly any other system that knows the sometimes-obvious default password, which is generally ‘1234′.

In the past year, there have been incidents like these:

• The largest web site attacks ever seen were accomplished by taking over security camera video recorders (network DVRs), telling millions of them to attack a single site and take it down. As over 80 brands of security DVRs are made by just one company in China, and they share the same settings, and passwords like “123456”, they’re trivial to find online and then turn into attack ‘bots.
• Some purchasers of video baby monitors were surprised to find that their baby monitors showed someone else’s nursery. There were some basic security flaws that didn’t account for two monitors on one account, or monitors returned as unwanted needing to be reset to factory defaults.

For many of these products, there is no way to contact the purchasers with a fix, and no way for purchasers to contact the manufacturer; a no-name product means no updates, no notices of security issues, and no fixes.

Jerry Stern
Chief Technology Officer, PC410.com

A reprint from the PC410 Security Newsletter:

Lately, I’ve been asked why some old good stuff doesn’t work anymore. Usually, that’s for software, printers, and scanners. Basically, it’s because old tech doesn’t understand how to talk to new tech, and new tech has no drivers, or translators, for old tech.

While you can use any one device forever, in offline isolation, or as long as it lasts on its own, when you combine it with other technology, especially printers or the Internet, compatibility issues start showing up when it’s too different in age from the other systems in use. This works as long as nothing breaks. Replacing whatever died starts a mismatch of old and new, and the work to keep it all going surges badly.

My basic rule is to try to have all the technology in an office be of a similar age, preferably with a 4-year range. That’s generally reliable. Beyond that, the savings in not buying new hardware or software are gradually overwhelmed by additional configuration expenses.

But How Old is Old?

For computers, the rule used to be, according to Microsoft and Intel, that a computer is due for replacement after three years. As both those companies wanted to sell more products, their opinions include a lot of bias. What I’ve seen over the years is that desktop computers that are kept off the floor, had no basic defects, and have an annual internal de-dusting, become useless from a lack of compatibility with new software long before they actually stop working from hardware issues. Basic defects can make a big difference on some groups of computers, like the bad lead-free solder and leaky capacitors that killed off nearly every 2003 computer.

And better computers last longer, but not always because they’re better. Dell’s low-end home computers have exactly the number of internal connectors they need, plus one spare power connection. Need to add another drive? The power supply isn’t powerful enough for that. Need to add a USB 3 card? No, there isn’t a connector to power that, or an open slot to install it in. The same upgrades in their more-expensive business products are routine.

Notebooks add handling to the age question. The cheaper ultra-light notebooks are frequently all plastic, impossible to upgrade (obsolete sooner), and more fragile. Sturdier notebooks, like a Lenovo ThinkPad, have metal hinges and corner reinforcements, and can survive a drop or a bad thump that would crack a plastic hinge. And inside, solid-state drives can survive bumps where a spinning hard drive would bounce the read/write head off the spindle and lose alignment. Again, the better computer will last longer.

Mismatches:

QuickBooks only supports the last three annual versions of their product. If you need payroll tables inside the product, or links to an industry-specific company management product, plan to upgrade at least that often. If not, you can wait until your version of QuickBooks won’t install in your new version of Windows; new versions of Windows are mostly supported by only the most-recent annual edition of QuickBooks.

Some old laser printers just won’t die. But they need parallel printer cables, not USB connections. While I can add a printer port to anything, there is no printer driver software for a printer of that age in Windows 10, so some ‘emulation’ driver will have to be used, because every printer can make believe that it is something truly generic. That was an ‘IBM Pro Printer’ 20 years ago, and ‘PCL 5’ now. Emulations work, but advanced features of those old printers won’t.

Specialty software, mostly industry-specific, is mostly a case of letting your software vendor control your office. They will release updates, and you’re either ready or not. The better vendors will warn you about big changes one month in advance, mostly, but they aren’t willing to spend their programmer hours on any version of Windows that is over 5 years old. That’s Windows Vista and older now, and will be Windows 7 in April of 2020, when the security patches from Microsoft stop.
Replacement Cycles:

Some computer shops suggest replacing every computer on a staggered schedule every three years, and only buying computers with 3-year on-site warranties. This saves those shops from ever opening a computer or going on-site. While it’s a sure recipe for reducing down-time, here is a more cost-effective replacement cycle:

4 years for notebooks and small servers.
5 years for most information-worker computers.
3 years for power users (video editing, computer-assisted design/CAD).
7 seven years for non-critical desktop computers that aren’t in daily use.

Jerry Stern
Chief Technology Officer, PC410.com