What is 5G?

It depends.

Briefly, there are actually 3 bands being used with 5G technology.

The 5G low band (600-700MHz) can cover hundreds of square miles with service that ranges from 30 to 250 megabits per second (Mbps) in speeds. That frequency also readily penetrates buildings; think old analog TV signals.

The 5G mid band (2.5/3.5GHz) can cover a several-mile radius that currently ranges from 100 to 900Mbps. That frequency is close to Wi-Fi so think about what Wi-Fi can penetrate, e.g. interior walls and brick but not so much concrete.

Finally the 5G high band (millimeter wave/24-39GHz) works within a one-mile or lower radius to deliver roughly 1-3 gigabits per second (Gbps) speeds. That frequency won't penetrate your hand! This is pretty much only useful in arena type scenarios, e.g. football games.

So the speeds of the low and mid band signals are Ok (250Mbps) to nice (900Mbps) but the real high speed band is very limited in penetration. Think too that to get 900Mbps to even one device will require a gigabit backhaul.

Oh, and not all "5G" phones (don't get me started on AT&T's "5Ge") have radios in all three bands.

Double oh, not all "5G" carriers use all three bands.

Don't rush into 5G mobile phones.

Lenovo Tab M8 FHD

That's one of the worst product names I've come across.

You'll remember that I wasn't thrilled with the Amazon Fire HD 8.

[It] would be tolerable if it was blazingly fast but it's not. 

It only has 1.5 GB of RAM so apps are constantly restarting. The launcher "fix" works by letting the Amazon launcher run then running the alternate launcher so you get a noticeable flash every time you press the Home button. 

I'm just not sure.

So I came across the Lenovo Tab M8 FHD for $120 and went for it. There are several variants. In addition to the FHD there's an HD model with lower resolution.

It's pretty much everything that the Amazon Fire HD 8 isn't.

LAUNCH	Announced	2019, September
	Status	Available. Released 2019, October
BODY	Dimensions	7.84 x 4.80 x 0.32 in
	Build	Glass front, aluminum back, aluminum frame
DISPLAY	Type	IPS LCD capacitive touchscreen, 16M colors
	Size	8.0 inches (~76.5% screen-to-body ratio)
	Resolution	1080 x 2160 pixels, 16:10 ratio (~189 ppi density)
PLATFORM	OS	Android 9.0 (Pie)
	Chipset	Mediatek MT6761 Helio A22 (12 nm)
	CPU	Quad-core 2.0 GHz Cortex-A53
	GPU	PowerVR GE8320
MEMORY	Card slot	microSDXC (dedicated slot)
	Internal	32GB 3GB RAM
		eMMC 5.1
MAIN CAMERA	Single	13 MP, AF
	Features	LED flash
	Video	1080p
SELFIE CAMERA	Single	5 MP
	Video	1080p
SOUND	Loudspeaker	Yes
	3.5mm jack	Yes
COMMS	WLAN	Wi-Fi 802.11 a/b/g/n/ac, dual-band, Wi-Fi Direct, hotspot
	Bluetooth	5.0, A2DP, LE
	GPS	Yes, with A-GPS, GLONASS, BDS
	Radio	FM radio
	USB	microUSB 2.0, USB On-The-Go
FEATURES	Sensors	Accelerometer, proximity
BATTERY		Non-removable Li-Po 5000 mAh battery
MISC	Colors	Iron Grey, Platinum Grey

I don't think it will be getting regular security updates nor Android 10.

Still good enough for a bedside table.

Windows as a Service

Oh, you didn't know that Windows was a service? Just keep reading.

Windows users have been complaining about a problem with the search box for months. There was even an out of band cumulative update (archive.is) offered for it in January 2020. I thought that this was the search box in Windows Explorer but it's not.

The search box in question is the one that shows up on the taskbar. That's one of the first things that I disable on a Windows 10 installation.

So I turned it back on and looked to see what build I had.

Since I'm not using it I wasn't familiar with the various build numbers.

The point here is that Microsoft is capable and is, in fact, updating the build of Windows Search over the Internet WITHOUT notification nor interaction. Read this Computerworld article (archive.is) about the details. And there's more here (archive.is) with examples of dynamic changes.

Folks, that's called "Windows as a Service."

What else is Microsoft updating silently?

That's not what I signed up for.

Acer Spin 1

I'm a sucker for bargains.

I've got several laptops and several tablets but I haven't really ever had a TOUCH laptop.

When this Acer Spin 1 came up for $149, I just couldn't resist it.

It has:

• Processor: Intel® Pentium® Silver N5000 Quad-Core (Up to 2.7GHz)
• Display: 11.6" HD (1366 x 768) Widescreen LED-backlit Multi-Touch
• 4GB LPDDR4 Onboard Memory
• Hard Drive: 64GB eMMC
• Audio: Two Built-in Stereo Speakers
• Built-In Digital Microphone
• Ports: 1 x USB 3.0, 1 x USB 2.0, 1 x HDMI® 2.0 port with HDCP support, 1 x 3.5mm combo jack (headphone/speaker), 1 x DC-in jack for AC adapter
• Webcam: Webcam (640 x 480)
• Wireless: Intel Wireless-AC 9560 802.11ac Gigabit WiFi which can deliver up to 1.73Gbps throughput when using 160Mhz channels (Dual-Band 2.4GHz and 5GHz)
• Up to 10 Hours Battery Life
• Bluetooth 5.0
• Dimensions: 11.46" (W) x 7.95" (D) x 0.67" (H)
• Weight: 2.76 lbs
• Graphics: Intel® UHD Graphics 605 supporting Microsoft® DirectX® 12

I upgraded to Windows 10 Pro and installed Microsoft Office 2016 Pro.

I wish it had a fingerprint reader. I wish it used USB C charging.

But for $149!

Office Deployment Tool

Recently I bought a new laptop. It didn't come with Microsoft Office.

I used to have a TechNet subscription that gave me a number of Office licenses but those have all been used up.

I found one of those gray market key vendors and bought a Office 2016 Professional key for less than $30. It came promptly and even included a link to a Microsoft download site.

I downloaded the bits and ran it expecting to get the old fashioned dialog that would let me choose which application and features would be installed.

I usually use that dialog to omit all the Office apps except Word, Excel, and PowerPoint.

But that's not what happened.

The download installed installed all the Office apps without give me any options. As the new laptop only has a 64GB SSD, I wanted to minimize the space used.

I searched for a while and came across several articles on Microsoft's Office Deployment Tool. The instructions were primarily aimed at enterprise installs. After a couple of failed attempts, I came across MS Guides.

The article (archive.org) is written mainly to describe how to use the Office Deployment Tool to add/change languages within Office. But a few obvious changes tailored it to just what I wanted to do.

The process even automatically downloaded the Office bits.

Startpage

Are you worried about what Google knows about you? Here's a way to reduce that AND what the web sites you visit know about you.

It's startpage.com.

Their tagline is:.

The world's most private search engine.

While that's not a very high bar, every little bit helps.

Startpage is headquartered in the Netherlands so it operates under the European Union's privacy regulations.

If you've tried alternative search engines, you've probably been disappointed with the results. However Startpage has an arrangement with Google  This is done without saving the users' IP addresses or giving any personal user information to Google's servers.

But the part I really like of Startpage is the anonymous surfing feature. Here's an example.

Here's where the Anonymous View took me.

Notice that the page is framed so that you know you are anonymous. You can break out by clicking on the "door" in the bottom right corner.

I was interested in why there was this big blank space so I loaded the page normally.

The nytimes.com site was trying to get the user to give them credentials.

Good job Startpage!

Happy New Year

The start of a new year is a good time to review a few things and make sure everything is right. Here's my list of things I think you should check once a year.

Some of the steps may be a little out of date but I think you can find your way around. If not, leave me a comment and I'll help.

PayPal Preapproved Payments
Offline Backup
Certificate Store
Router Configuration
Windows Defender and Windows Defender Offline
Controlled Folder Access
System Restore

Mobile Data History

I track my mobile data monthly and have been doing this since early 2010.

Pretty interesting.

You can certainly see where the smartphone data picked up in April 2011 when I got a Samsung Galaxy S. My wife's data picked up later that year when she got an iPhone.

The spikes generally correlate to travel where either I'm using my smartphone for tethering or where we use mobile data rather than Wi-Fi.

The bright green bars are from Android Auto or Car Play. The spikes there are when we are traveling and using both the mapping capabilities and streaming Memphis radio.

AT&T's plans have been outstripping my mobile data usage. For the last 12 months, my average was less than 2GB. The highest month was less than 4GB when we were traveling. My AT&T plan is 35GB with one month rollover.

I regularly review AT&T's plans but lowering the data plan doesn't significantly reduce the monthly cost. Their incentives are to drive customers to unlimited data plans. This is often at the loss of tethering.

My WWW is Missing

Do you use Google Chrome? If you do, this post is for you.

In recent versions of Chrome, Google has removed "trivial" subdomains like "www". They had already removed the "http://".

If you are using Chrome right now, look up at the address bar. You don't see the "http://" or the "www".

Now single left click in the address bar. The URL turns blue.

Now press "Home".

That changed didn't it? That is what Google calls trivial.

Generally that removal isn't a problem but recently I ran into a situation where it was.

I was on the phone with a Delta Vacations representative looking for hotels. She told me to go to "hotels-delta.com". That gave me a 404 error. She and I were both confused.

Here's what the full URL should have been:

https://www.hotels-delta.com/

I had to type the "www." in front of hotels-delta.com.

Here's how Ghacks describes this problem:

Another issue that users may run into is when a site uses www exclusively. Chrome displays the domain without www only and some users may try to load the domain without www as a consequence in the future. If there is no redirect, Chrome will display a 404 not found error instead.

Think about the problems this is creating for the Delta Vacations Customer Service department.

And you.

Wyze Camera Update

I've posted a couple of articles about my Wyze camera.

I'm still extraordinarily pleased with it, so much that I've expanded my usage.

I wanted to put one on each front corner of my house and keep the first one on my back porch.

While the Wyze cameras are sold as indoor, there are several vendors offering enclosures that seem to have pretty good reviews. I bought a 3-pack of these.

Then I bought 2 additional Wyze cameras and Wyze 32GB microSD cards.

In each location, I had an electrician put a receptacle for the USB power adapter inside my crawl space. Then I ran the USB cable through a hole in the soffit into the crawl space. I notched the base of the outdoor case to allow the USB cable to go underneath the base. Then I put the base of the outdoor case over the hole in the soffit. Works like a charm.

Running the cameras in SD mode gives 5-7 days of continuous video recording. SD mode is still 1920x1080. Here's a sample of the video.

Stop/Start Killer

Different manufacturers have different terms for this technology. In summary what it does is kill the engine when you stop while still in gear, e.g. at a stoplight. Then when you release the brake the engine will restart. Let's just say that this is not a very popular feature in newer vehicles.

I had wrestled with this new-fangled technology when I was shopping for an SUV in late 2017. I actually bought a lower model SUV to avoid this technology.

3 years later my daughter bought a 2019 Chevrolet Traverse. Needless to say it had this Stop/Start feature. While it irritated her she tolerated it.

Until...

She had an aftermarket DVD system installed. When the engine restarted as she released the brake the DVD system sensed the voltage drop and powered down. This didn't sit well with her 3-year old.

The organization that had installed the DVD system performed all the tricks that they had with no resolution.

I acquired SmartStopStart from smartstopstart.com. The method of installation was to install the device inline with the sensor for the hood. It worked by tricking the ECU into thinking that the hood was open when the engine started. This succeeded in defeating the Stop/Start and the engine keep running. However, the remote start capability no longer worked. The vendor worked closely with me but couldn't overcome the loss of remote start. I returned the device.

Then I came across the Start/Stop Disabler from Range Technologies. The method of installation was even easier that SmartStopStart. It simply plugs into the OBD2 port under the dash.

And it works perfectly.

32,766, 32,767, 32,768, BANG

That's the sound of your data becoming permanently unreadable.

Calm down. Unless you have a RAID system populated with Hewlett Packard Enterprise (HPE) Serial-Attached SCSI solid-state drives.

HP Enterprise (HPE) recently confirmed that some SAS interface SSD has a serious BUG, will be the total power-up time accumulated to 32768 hours (3 years, 270 days 8 hours) after hanging up directly, the result is that the disk storage content is all disappeared, and can not be recovered. - from small tech news

While this almost certainly doesn't affect consumer systems, the risk for enterprise customers is very real.

And think through this. If an enterprise had populated a RAID system with these drives and turned them on at the same time (as would be normal), ALL of the drives in the RAID system would fail simultaneously. There goes your data.

Bad news.

Worse, these drives were made by an unnamed supplier. The same problem could manifest in other brands of drives.

A Fool and His Data Are Soon Parted

Azure just keeps having problems. And a recent incident happened while their CEO was speaking at a conference in Sydney "focused on showing off how Microsoft's cloud technology can have a transformative impact on businesses."

While it's easy to pile on with Azure, the situation is endemic to the cloud environment. Not withstanding my recent post, cloud implementations still carry significant risks. The news.com.au article states:

While cloud technology can have a massive impact on the way businesses run, as we are currently witnessing, it can also create new headaches when things don’t work how they’re supposed to.

And this was the second Microsoft cloud outage in 24 hours.

Really worrisome to me is that the Microsoft Office portal wasn't responsive.

As usual the comments are the most interesting. Clearly some are trolls but some are really to the point.

captain goodvibes
Anyone who trusts cloud technology to store data risks it disappearing into thin air. The only way to safely store data is on a hard drive. To paraphrase an old adage, a fool and his data are soon parted.

Anthony
The problem is for a lot of organisations is that they are too small to safely and economically run their ICT. Large vendors can provide resilience, security, and responsive services easier. And no, I don’t work for Microsoft, but I have worked in outsourcing :-) so I know the numbers

HG
If your business model is a monopoly, make sure your cr*p works.

Gordon
I spent most of my career in IT, I just do not understand why anyone would trust another company to manage all of their business critical data off site....

Yeah, worry about your business critical data.

But Can You Do Better Than This

If you've been reading this blog, you know that I worry about cloud availability.

However, most of the time the big cloud providers have more availability and redundancy capability than almost any enterprise can provide.

For an example, Microsoft recently had an outage of its Multifactor Authentication (MFA) for Azure and Office 365 users in North America,

There's a report on it here. And here's Microsoft's Root Cause Analysis.

Go read the Next Steps. Here's #1:

1. Fine-grained fault domain isolation work has been accelerated. This work builds on the previous fault domain isolation work which limited this incident to North American tenants. This includes:

• Additional physical partitioning within each Azure region.
• Logical partitioning between authentication types.
• Improved partitioning between service tiers.

Do you think your enterprise could add "Additional physical partitioning," "Logical partitioning between authentication types," and "Improved partitioning between service tiers?"

If you could, you must be in the Fortune 100. And that's just the first bullet of actions.

These outages from the cloud providers get a lot of publicity but unless you're a mega-scale enterprise any of them are way more capable than you'll ever hope to be.

The Cloud is Full

Recently ZDNet's  All About Microsoft reported that Microsoft Azure customers had reported hitting virtual machine limits in U.S. East regions.

This is scary.

There were a small number of comments (7) that related that they had had the same experience. Here is a typical comment.

GetNrDone
Happened to me. I tried to deploy a new SQL database in eastus2 2 weeks ago only to be greeted by an error. Opened a tickets and was basically told there was nothing they could do. Escalated the issue with our TAM which also could not get approval for 1 database to deploy. I was asking for the smallest database they offer (s0) and was told we couldn't have it. No communication before, no warning emails, no blog posts, nothing in the service dashboards, even our account team didn't know anything about it. Completely blindsided me and delayed development on an app for a week while i could move resources to another region. Unacceptable and definitely does not live up to promises made!

There's a reddit thread on this here.

dops0
We've faced this issue in North Europe, East US and West US 2. This has just started happening over the last couple of weeks and what's even more frustrating is, we already have sufficient quota allocated to us, but, our users haven't been able to deploy their machines even when within this quota.

This issue hasn't blown up so either it has been resolved or customers were able to work around it as GetNrDone did.

Regardless this is another consideration for using anyone's cloud services. I'd even suggest trying to putting a clause in your contract that guaranteed x% of available capacity on the vendor's part. I'd bet that none of the vendors would accept that but that would at least make the vendor play their cards.

Cloud Management Skills

Recently McAfee published a report on cloud adoption and risk. The Register did a review of the McAfee study.

The Register concluded:

The ongoing rash of data leaks caused by misconfigured clouds is the result of companies having virtually no visibility into how their cloud instances are configured, and very little ability to audit and manage them.

That's really scary. But it supports my concerns that moving workload to the cloud doesn't eliminate work/effort, i.e. manpower, but rather changes the skills required.

An organization should thoroughly understand the skills change that moving to the cloud brings.

These changes may be addressed with training but may require changing personnel to acquire the appropriate skills. These changes and the change management time and effort should be incorporated in the project timeline and budget for cloud implementation.

McAfee observed:

It’s possible the speed of cloud adoption is putting some practitioners behind.

The number 1 cause of cloud security issues noted by McAfee was "Lack of staff with the skills to secure cloud infrastructure."

That entire list is a good reference when considering moving workload to the cloud.

Nebo Professional Note-Taking

I had promised more about my new iPad so here it is.

One of my primary objectives for any tablet is to be able to take handwritten notes on it. I even tried that on my Asus Transformer Mini. I used MyScript's Nebo on it but it's a Windows tablet and you know how that is.

So the new iPad supports the Apple pencil technology. Of course I wouldn't buy an Apple pencil. That'd be too easy and expensive.

I ended up with a Adonit Note stylus for half the price of the Apple pencil..

Then I needed a handwriting app. My search kept coming back to MyScript's Nebo. While I wasn't wild about the $10 price I knew from my own experience that it would work well.

And it does.

The following slide show walks through a couple of the help screens. Then you can see my handwriting and the real-time conversion to text. Then I exported it to OneDrive in .docx format.

Slide show

It all works really well. There are a lot of formatting tricks that you can do but I just want to capture the text.

iPad Bluetooth Keyboard

When I posted recently about my new iPad, I said that there would be more posts. This is the first of several.

One of my primary uses of an iPad is typing. Even though I use Google's Gboard keyboard, typing on a touch screen is not to my liking.

On my previous iPad Air I had used a Zagg Bluetooth keyboard. I used it so long and hard that the hinge finally broke.

I couldn't find that Zagg had a similar keyboard for the 6th generation iPad.

After some searching I found a Bluetooth keyboard for this iPad.

Slide Show

It's not a ThinkPad keyboard but it works pretty well. And when closed it protects the iPad's screen.

Checkm8 - Now Is A Good Time To Start Worrying

Have you heard about the new exploit of many iPhone models' boot ROM?

It works on iPhones from the 4S to the X.

There are articles here, here, and here.

Ars  Technica summarized it as:

• Checkm8 requires physical access to the phone. It can't be remotely executed, even if combined with other exploits
• The exploit allows only tethered jailbreaks, meaning it lacks persistence. The exploit must be run each time an iDevice boots.
• Checkm8 doesn't bypass the protections offered by the Secure Enclave and Touch ID.
• All of the above means people will be able to use Checkm8 to install malware only under very limited circumstances. The above also means that Checkm8 is unlikely to make it easier for people who find, steal or confiscate a vulnerable iPhone, but don't have the unlock PIN, to access the data stored on it.
• Checkm8 is going to benefit researchers, hobbyists, and hackers by providing a way not seen in almost a decade to access the lowest levels of iDevices.

Physical access, only tethered jailbreaks, lacks persistence, doesn't bypass Secure Enclave and Touch ID, etc.

Doesn't seem to be a big deal to most people.

But the last bullet is the really important one. Even this minimizes the BIG point.

Checkm8 is going to benefit ... hackers by providing a way ... to access the lowest levels of iDevices.

What this means is that from now until the iPhone X is no longer supported by Apple, every security release of iOS will be immediately reverse engineered to discover what vulnerabilities have been fixed. Then malicious hackers will rapidly develop exploits that don't require physical access, tethered jailbreaks, are persistent, and bypass Secure Enclave and Touch ID, etc. Further the hackers will be able to examine Apple's security code for further vulnerabilities and then exploit them as zero days.

Steve Gibson explained this is depth on Security Now #736 (YouTube, PDF):

That means that the instant an update is released, it can now be fully reverse engineered, analyzed, and compared against the previous version, which will allow both security researchers, but also bad guys, to figure out what Apple has changed, what it is exactly that Apple fixed. And if they're able to get an exploit out into the wild before a targeted device has been updated, they could take advantage of that. 

Apple can no longer lock down their platform. It is going to be open for anyone to reverse engineer any changes Apple makes to devices which are necessarily still being supported and are receiving updates.

Now is a good time to start worrying.

Undesign

There was a recent article in Quartz about Elon Musk’s quest for “undesign.”

When Elon Musk leads engineering meetings at SpaceX, he says, “the thing I am most impressed with is, what did you undesign?”

Which is to say, what complications did engineers remove? How did they simplify the vehicle?

Without getting sidetracked on Elon Musk, I really like his concept of “undesign.”

For most of my career I have striven for 2 sometimes conflicting objectives: scale and availability.

My experience is that complexity, particularly the associated boundaries, contribute to un-availability.

At first it would seem that even with the compounding of high availability, e.g. 99.999% and 99.999% you would still get 99.998% availability. But that's not the real world. Cobbling together the interconnects (boundaries) you will be lucky to get them to 99.9%. Then do the math. 99.999% x 99.999% x 99.9% gives 99.898%. You've gone from 5 9s to less than 3 9s.

Explain that to your boss.

When I was with a large Memphis-based logistics company, I would always choose simplicity.

That caused us to struggle with scale but that was easier to buy than availability. And the struggle with scale was easier to explain to management.

Take Elon’s advice to heart.