Wednesday 13th February 2019
Checking For Windows Updates
If you go to Settings, Update & Security and click on Check For Updates, you are deemed to be a "seeker", i.e. someone who wants to get the latest updates before they would be automatically released. So, just be cautious that clicking Check For Updates makes you a 'guinea pig' for testing updates before they are more widely released - unfortunately, Microsoft don't tell you this! Have a look at this "How-To Geek" article for more on this subject:-
Updating Windows 7/8.1 to 10
Just to confirm what I said last month, I had the opportunity to update a Windows 8.1 system to Windows 10. I did this by running setup.exe from a USB Installation Drive made with the Media Creation Tool (see last month's Blog for details). The newly updated Windows 10 automatically activated with a digital licence, so there was no requirement to enter a Product Key.
You can use this method of updating from the USB Installation Drive to perform one of the big Feature Updates (e.g. 1809), or just to re-install Windows on a system that is not performing correctly. This method preserves the installed apps, although I recommend backing up before any big update.
Windows 7 Support
Windows
7 has about 11 months of support remaining until 14th January 2020.
After that, it will no longer receive security updates from Microsoft. Anyone
still using Windows 7 would be advised to move to Windows 10 in the next few
months. You should be able to use the above technique to update your Windows 7 system to 10.
File History
We had a brief discussion of the File History feature in Windows 10 and how to restore a backed up file. You can learn more about this and backup on Windows 10 in general from my Backup in Windows 10 document:-
bit.ly/CE-Backup
We also talked about USB-C, the new smaller, reversible USB connector. This is also described in the above document.
We also talked about USB-C, the new smaller, reversible USB connector. This is also described in the above document.
Nextdoor.co.uk
Following
a query from Brian, just a quick mention of this web site. Nextdoor is an USA
based organisation that operates local social networks in many countries around
the world. In the UK, it took over a site called Streetlife in 2017 which
performed a similar function. It provides a local forum in your
neighbourhood where people may offer goods and services for sale (e.g. house
cleaning, gardening, etc), users might ask for recommendations for local
plumbers, washing machine repairers, etc.
You
can invite other neighbours to join by email, WhatsApp or postcard. It is free
to use. You can use it via the web site or download the app onto your mobile
device. As with any social network, the usual privacy aspects should be
considered, so check the Privacy settings to control how much information you
reveal and be cautious what you include in your Profile.
Google+
The little-used social networking site, Google+, is being closed down on 2nd April this year. If you are using it (and obviously, not many people are!) you need to ensure that you have copies of any photos that you may have uploaded to Google+, as these will be deleted when the service closes. You can see Google's notice about this here:-
https://support.google.com/plus/answer/9195133?hl=en-GB&authuser=0
Google+
The little-used social networking site, Google+, is being closed down on 2nd April this year. If you are using it (and obviously, not many people are!) you need to ensure that you have copies of any photos that you may have uploaded to Google+, as these will be deleted when the service closes. You can see Google's notice about this here:-
https://support.google.com/plus/answer/9195133?hl=en-GB&authuser=0
Mesh Routers
Tony asked a question about BT's mesh routers which they call "BT Whole Home Wi-Fi". The idea of mesh routers is to provide better distribution of Wi-Fi throughout the house. They consist of a number of nodes - usually 2 or 3 is enough, but you can add more. Each node communicates with nearby nodes, but they operate as a single wireless network. So your device (e.g. iPad) would connect to the nearest node. If you move around the house with your iPad, it will seamlessly switch its connection to the nearest node, so it is always receiving a strong wi-fi signal. If you want to read more, have a look at this "How-To Geek" article:-
https://www.howtogeek.com/290418/what-are-mesh-wi-fi-systems-and-how-do-they-work/
Web Site Encryption
Tony asked a question about BT's mesh routers which they call "BT Whole Home Wi-Fi". The idea of mesh routers is to provide better distribution of Wi-Fi throughout the house. They consist of a number of nodes - usually 2 or 3 is enough, but you can add more. Each node communicates with nearby nodes, but they operate as a single wireless network. So your device (e.g. iPad) would connect to the nearest node. If you move around the house with your iPad, it will seamlessly switch its connection to the nearest node, so it is always receiving a strong wi-fi signal. If you want to read more, have a look at this "How-To Geek" article:-
https://www.howtogeek.com/290418/what-are-mesh-wi-fi-systems-and-how-do-they-work/
Web Site Encryption
Following
a query from Brian about email encryption, I thought it might be useful to have
a quick look at how web site encryption works in general.
Originally,
most web sites use a protocol called HyperText
Transfer Protocol (HTTP) which did not provide any encryption. HyperText Transfer Protocol Secure
(HTTPS) is an extension of HTTP which encrypts the communication between your
device (the client) and the server. It
used to be the case that HTTPS was only used where personal or financial data
was being entered, such as a payment page where you enter your credit card
details. More recently however, HTTPS has become the norm for most web pages.
Google, in particular, have encouraged this move to HTTPS by progressively
flagging up HTTP sites as insecure – see:-
HTTPS
sites show a locked padlock symbol in your browser.
The
system used to secure HTTPS pages was known as SSL (Secure Sockets Layer). This system has been superseded by a more
secure system called TLS (Transport Layer
Security), although it is often still referred to as SSL. SSL/TLS offers
three main security benefits:-
- Encryption. The data passing between you and the server would be unintelligible to anyone if they were to intercept it.
- Authentication. This ensures you are communicating with the correct server, not an impostor.
- Integrity. This ensures that no data has been lost or altered between client and server.
Modern
encryption systems are based on Public/Private Key cryptography, otherwise
known as asymmetric cryptography
which was developed in the mid-1970s. Symmetric
cryptography, on the other hand, is a relatively simpler system, where both
parties use the same key. However, the drawback of symmetric keys is that the
key has to be passed to the other party and could get intercepted, allowing a
third party to decrypt the transmission.
Public/Private
cryptography uses two mathematically related keys with the following
properties:-
- It is mathematically infeasible to compute the
Private Key from the Public Key.
- Data encrypted with the Public Key can ONLY be
decrypted by the Private Key.
- Data encrypted with the Private Key can ONLY be
decrypted by the Public Key.
[The
maths behind this is a nightmare, but if you really want to try to understand it, look at this article (don’t
say I didn’t warn you!):-
Essentially,
this asymmetric encryption enables you to send a secret to the server which no
one else can read. This secret could be a symmetric encryption key which the
client and server can use to communicate during the time you are connected.
This combination of asymmetric and symmetric cryptography is commonly used on
the Internet, with the symmetric key being discarded at the end of the session.
The reason for using a symmetric key for the main part of the session is that
it is computationally easier and, therefore, quicker.
If
you want a simple overview of HTTPS encryption (with no maths!), have a look at
this short video:-
Digital Certificates
The
web server needs to acquire a Digital
Certificate which is “signed” by a Certificate
Authority (CA). The CA verifies that the web site is genuine before it will
issue a certificate. The certificate is actually a small data file which
includes the name and domain of the web site, an expiry date, and the web
site’s Public Key. When your browser connects to a web site, it requests a copy
of the certificate. The details of the CA on the certificate must match the details
in the Trusted Root Certificate store in your browser for it to be valid and
trusted by your browser.
If
you click on the locked padlock symbol of a web page in your browser, you can
view the details of the certificate, including the public key.
Digital Signing
The
concept of Digital Signing of a certificate (or other document) referred to
above consists of 2 steps:-
- Creating a Hash of the document. A Hash is a mathematical computation based on the content of the document using a standard algorithm. A Hash is also known as a Checksum. A hash is irreversible, i.e. you could not re-construct the document from the Hash. If the document was changed in any way, the Hash it produces would be different.
- The hash is encrypted with the Private Key of the CA.
When
your browser receives the Digital Certificate (in plain text) and Signature
(i.e. the encrypted hash) from a web site, it first uses the Public Key of the
relevant CA (which will be in the browser’s Root Certificate Store) to decrypt
the Hash. It then uses the same algorithm to hash the Certificate. If these 2
hashes match, then the Certificate can be trusted and has not been tampered
with. The browser can then use the web site’s Public Key from the Certificate
to begin the encrypted communication as described above.
Verified By Visa
Margaret raised a query about her credit card provider now asking for a mobile phone number to be used as payment verification. As I understand it, this system will be replacing the existing Verified By Visa procedure which requires you to enter characters from a password you created when you registered. The new system will send a code by Text message to your phone, you then need to enter this code into the payment site to complete the purchase. There was an article on this on "This is Money" in July last year:-
https://www.thisismoney.co.uk/money/saving/article-5946191/Visa-require-text-message-confirmation-online-card-purchases.html
Verified By Visa
Margaret raised a query about her credit card provider now asking for a mobile phone number to be used as payment verification. As I understand it, this system will be replacing the existing Verified By Visa procedure which requires you to enter characters from a password you created when you registered. The new system will send a code by Text message to your phone, you then need to enter this code into the payment site to complete the purchase. There was an article on this on "This is Money" in July last year:-
https://www.thisismoney.co.uk/money/saving/article-5946191/Visa-require-text-message-confirmation-online-card-purchases.html
Next Session
Wed
13th March 2019 1:30 to 3:30pm.
