Wikipedia:Reference desk/Archives/Computing/2017 May 26

Computing desk
< May 25	<< Apr | May | Jun >>	May 27 >

Welcome to the Wikipedia Computing Reference Desk Archives
The page you are currently viewing is an archive page. While you can leave answers for any questions shown below, please ask new questions on one of the current reference desk pages.

May 26

Viruses, worms, Trojan horses, malware, and cyberwarfare

I know almost nothing about cyber security beyond "Is my computer compromised?" Tell me how this work and where to start. For example, how can nations attack each other using computers? Television sets receive and send long-distance signals too. Can they be infected by a virus, or do viruses only affect computers? How is the Internet connected? 50.4.236.254 (talk) 03:45, 26 May 2017 (UTC)

I know almost nothing about cyber security... - Professor Messer has study materials for CompTIA certification. While I'm not recommending some sort of career change, it is a good resource for making yourself more familiar with computer security. I'd link to more but the Great Firewall is currently blocking all of my VPNs (even my SoftEther VPN, which I don't understand how they can target without shutting down HTTPS), and I'm getting the rather distinct impression that China doesn't want people to learn computer security except through channels they can monitor (like classrooms). (Considering most of the computers around here use "88888888" as the password and are loaded with software that would trigger at least a yellow alert on any non-Chinese security software...) Mr. Robot (TV series) is also noted for its technological accuracy.

...beyond "Is my computer compromised?" - That's not all there is to worry about. Check Have I Been Pwned to see if any of the passwords to your accounts have been leaked. Enter your email(s) and if it registers any hits, change your password. There's some debate about what makes a good password but a few statements that are generally accepted:

• Do not write it down or share it with anyone. What I usually tell people is "Rule number one of passwords: NO."
• It should use all of the following: uppercase letters, lower case letters, numbers, and other characters (e.g. !, @, #, $). Some websites and programs won't let you use other characters and those site designers are idiots.
• It should be long, at least 16 or so characters. You really shouldn't need one longer than 32 characters. Some website and programs won't let you make the password longer than 16 characters. This is not unreasonable but still uncool. If they don't let you make the password longer than 12 characters, they're stupid and you probably shouldn't bother making an account with them.
• Do not use a word or name from any language, or phrase that comes up in a web search, unless you've put it through some sort of code (I don't mean a computer code but a cryptography). It doesn't have to be random gibberish that you'll never remember, though. When I need a quick password that I won't completely forget, I could look for a Barbarous name or nonsense Patter from a rare grimoire on my shelf (making sure it doesn't come up on the net), or a string from A Million Random Digits with 100,000 Normal Deviates chosen on the basis of Numerology, and process it through leetspeek and Kabbalah. Word search books (similarly processed) could also work, though a collection of word search books could stick out unless you're a hoarder. Then I can just write a note somewhere else with the page number and a shorthand note of which cipher I used and another shorthand note in a third place to remind me which book belongs to what account.

how can nations attack each other using computers? - If you mean "what would they do that for," they might want to gain access to classified documents, monitor or even disrupt communication, adversely affect a nation's private industry, etc... As for the actual techniques, WP:BEANS aside it's pretty much the same principles as trying to hack someone's personal computer or a small business, just on a much larger scale.

Television sets receive and send long-distance signals too. - Older televisions, especially analogue CRT models, aren't programmable (or at least, not on the level of complexity needed for a virus). It simply translates a signal and that's it. Some newer televisions have some limited computer functions but there's very little reason to write a virus for them.

How is the Internet connected - You can think of the Internet as just a really really big computer network. A computer network is when you connect at least two computers together so they can send messages to each other. Ian.thomson (talk) 05:06, 26 May 2017 (UTC)

The claim about new televisions is IMO misleading. Technically it's true viruses for televisions are I think basically unheard of. But "virus" in computer terms is often used simply to mean some variant of malware. And there is definitely malware for smart TVs. Beyond the infamous CIA programme which realisticly probably has its counterparts in most other major spy agencies, there is sufficient concern over smart TVs being used as other Internet of things have been to make a botnet for DDOSing or other purposes that the US government specifically gives it as an example [1]. Considering that smart TVs are potentially more powerful than a number of other devices which have been targeted there's no reason to think they won't be targeted. Probably the reason they haven't been yet on a significant scale (AFAIK) is because while their security isn't good, it tends to be slightly better than other internet of things devices. Mirai (malware) for example just tries to log on to devices and then use them for some purpose, but smart TVs are less likely to have such functionality (possibly not for security reasons but simply because it's useful). TVs may infact be less likely to be "listening" to the internet at all although they do sometimes. (I once had a weird connection attempt to my TV, since then I've disconnected it.) If the TV isn't listening, you'd need to be actively using it in some risky way, which tends to be less common with TVs. (And plenty of people with smart TVs just don't use the "smart" functionality so never connect them.) Of course TVs can be [2], and have been infected with malware which targets whatever software they're running. E.g. Android [3] [4]. Nil Einne (talk) 11:51, 26 May 2017 (UTC)

"Do not write it down or share it with anyone."

Well, don't share it with anyone, sure. But advice to not write it down can do more harm than good.

Forcing people to memorize passwords leads to weak passwords. If you can't memorize a strong password, then a strong password written down in a locked drawer is far better than using a poor password just because it's easy to remember. ApLundell (talk) 15:07, 26 May 2017 (UTC)

Note that I followed with techniques for writing reminders of what the passwords are. Ian.thomson (talk) 07:25, 28 May 2017 (UTC)

Do not follow suddenly appearing messages. Most of them are made to guide You to an infected website. When You wanna troubleshoot the computer, use a reliable security software which got several reviews. A simply way is to google search for the exact words of the appeared message. It causes You to find causes, not something offered as a so called "solution". It also avoids You to follow the hoax, when somebody reliable has written about it. About newer TVs, see them as a smartphone with missing GMS/UMTS adapter and a large screen, with all abilities to run any installed software or app. Also mention, this what Apple calls "Appstore", Google named his one "Playstore" or similar repository might be resticted to consumers and managed by a provider or manufacturer. Using remote administrated device in Your network might be spending some ideas about what could be achieved by this configuration. Mention, detecting gestures require a camera. Detecting voice commands require a microphone. And I think, it is my living room. --Hans Haase (有问题吗) 08:03, 26 May 2017 (UTC)

How does this work?

The following discussion is marked as answered. If you have a new comment, place it just below the box.

How do the Similar Authors section in this website work?--Joseph 05:58, 26 May 2017 (UTC)

In collaborative filtering, "similar" is not defined. You make up a metric and use it to find things that are similar. It is highly likely that the site considers authors to be similar if they share a large portion of people who like them. They could say "People who like X also like Y", but Amazon uses that and actually has a patent on it that is very general and they can use to stifle competition [5]. So, while we cannot say what the exact metric is, the overall use of the metric is no different than what anyone else is doing. 209.149.113.5 (talk) 12:21, 26 May 2017 (UTC)

In most cases, Google's algorithms are kept pretty close to the vest, to prevent people trying to game them, so I doubt anyone can provide a reference as to how this exact thing works.

If you're looking for how such systems work in general, it's an area of ongoing research, but our articles on Recommendation engine and Collaborative filtering would be an excellent place to start, as would the sources in those articles. ApLundell (talk) 14:14, 26 May 2017 (UTC)

Such things generally work similarly to the Music Genome Project, but using qualities of books and authors, not songs and musicians. ᛗᛁᛟᛚᚾᛁᚱPants Tell me all about it. 14:25, 26 May 2017 (UTC)

The Music Genome Project is very labor-intensive because it involved getting expert opinions on the content. I'd be very surprised if Google was operating like that. They tend to be much more into using Big Data to extract the wisdom of the crowd. ApLundell (talk) 14:59, 26 May 2017 (UTC)

They don't need to gather the data the same way (there's plenty of free sources of data about books they could pull from with a bot), they just tend to handle it the same way when serving up suggestions to the end user. Indeed, I would imagine that one of their data collection methods would be looking for keywords in different internet postings about the book, a classic Google move. ᛗᛁᛟᛚᚾᛁᚱPants Tell me all about it. 19:54, 26 May 2017 (UTC)

Python 2.7.10, Firefox 53.0.3, MacOS 10.12.5: new bug

I have some little Python scripts that use the library function webbrowser.open(); as you might guess, its job is to pass a link to my default browser. Since MacOS updated to 10.12.5, it gives this warning every time:

0:70: execution error: "https://en.wikipedia.org/wiki/List_of_coronae_on_Venus" doesn’t understand the “open location” message. (-1708)

... although it still works!

(To see whether the bug is in Firefox, I made Safari my default browser, and restarted. The next time I ran the script, Firefox opened.)

What's going on? And where should I complain about it? —Tamfang (talk) 18:33, 26 May 2017 (UTC)

Looking at https://github.com/jupyter/notebook/issues/2438 they are pinning this on a MacOS bug. The claimed solution is to edit ~/.jupyter/jupyter_notebook_config.py and put in c.NotebookApp.browser = u'Safari' (or perhpas c.NotebookApp.browser = u'Firefox' or chrome) or edit ~/.bash_profile to put in BROWSER=/Applications/..... Also see http://www.andrewjaffe.net/blog/2017/05/python-bug-hunt.html. Graeme Bartlett (talk) 04:42, 27 May 2017 (UTC)

The warning went away in MacOS 10.12.6. —Tamfang (talk) 21:05, 21 July 2017 (UTC)