Listen to the Podcast
24 Mar 2019 - Podcast #635 - (18:01)
It's Like NPR on the Web
If you find the information TechByter Worldwide provides useful or interesting, please consider a contribution.
If you find the information TechByter Worldwide provides useful or interesting, please consider a contribution.
You've probably heard of the dark web. It's a place where you can buy stolen credit card numbers, child pornography, and drugs. In other words, it's a place to avoid. But it's also a place where you can find useful and fully legal information. In other words, it's a good resource.
Click any small image for a full-size view. To dismiss the larger image, press ESC or tap outside the image.
It's easy to confuse the deep web with the dark web. The deep web describes millions of pages that are not accessible to the public and not indexable by search engines. Corporate intranet pages and secure bank pages are parts of the deep web. The dark web is much smaller -- perhaps tens of thousands of pages.
Accessing the dark web requires the Tor browser and connections should be made using virtual private network (VPN) software. Tor is an acronym for "The Onion Router". "Onion routing" was developed by US Naval Research Laboratory in the mid-1990s. The objective was to protect US intelligence communications. DARPA (the Defense Advanced Research Projects Agency) did additional development in the late 1990s.
Onion routing uses encryption in what's called the application layer of a communication protocol stack, nested like the layers of an onion. Tor encrypts the data, including the next node destination IP address, multiple times and sends it through a virtual circuit of successive, randomly selected Tor relays. The final relay decrypts the innermost layer of encryption and sends the original data to its destination without revealing, or even knowing, the source IP address. The routing information is partly concealed throughout the process, so there is no single point at which both the originating and destination addresses are known.
Tor makes it possible for users to surf the internet anonymously and it is used for both legal and illegal purposes. Tor is used by malicious hackers, but it's also used by law enforcement agencies. The US State Department, the National Science Foundation, and other agencies fund TOR. It is used in countries where access to some sites is blocked by the government. The US National Security Agency monitors the dark web in an attempt to identify terrorist activities.
So the dark web, like most technology, isn't good or bad. It just IS and it can be used for good purposes or bad.
Tor can also provide anonymous access to websites that would otherwise be blocked. Those servers that have been configured to receive inbound connections only through Tor are called onion services. Instead of revealing the server's IP address, an onion service is accessed through its onion address with the Tor Browser. The Tor network handles the routing anonymously by referring to public keys and introduction points from a distributed hash table within the network. It can route data to and from onion services even if the site is behind a firewall while preserving the anonymity of both parties.
The Onion Search Engine can be used without Tor, but links to sites won't work without TOR. For true security, even Tor needs to be used with virtual private network (VPN) software to obfuscate your computer's IP address.
The dark web is much like the web ("clearnet") in that it is a network of websites, but all traffic is encrypted with the same technologies that protect passwords when users log on to sites such as those maintained by banks and insurance companies. Sites on the dark web use the pseudo domain ".onion" instead of ".com", ".net", ".org", and other more common top level domains.
So why would you want to go to the dark web? Those in countries where access to legitimate news sources is blocked can use Tor to gain access to information from sites they would otherwise be unable to reach. Those who are looking for something that's illegal will use the dark web. But there are legitimate reasons for going there. Journalists have used the dark web to contact sources anonymously and one of the main reasons for using the dark web is to protect your privacy.
To access the dark web, you need a secure browser client. There's more than one, but the most common is Tor. The browser's objective is to connect the user to sites on the dark web and to anonymize the connection at every step by encrypting information about where the user is and what the user is doing.
Downloading and installing Tor makes your browsing anonymous, but not untrackable. To achieve total anonymity, you'll need to use Tor (or another secure browser) and also to use a virtual private network (VPN) client. Tor alone makes you much more difficult to track, but not impossible. Illegal activities are illegal whether you're on the clearnet or the dark web. There is nothing illegal if you have a legitimate need to remain anonymous.
For example, ProPublica, a respected investigative news organization maintains a dark web site to communicate with sources. Facebook, too, has a dark web site that's used by more than one million users every month.
Tor warns that it doesn't protect all of your computer's Internet traffic when you run it. Tor protects only applications that are properly configured to send internet traffic through Tor. The browser is pre-configured to protect privacy and anonymity.
There are three primary problems with .onion sites: First, the URLs are strange. You won't be able to remember them. Second, the URLs disappear without warning. You might think that there is a concerted effort to obscure sites on the dark web and you would be correct. There are several search options, some of which are on the clearweb. Third, the sites are extremely slow because of the long path Tor creates and, if you're using VPN software, the additional overhead associated with that.
The Onion Search Engine has both a standard address (onionsearchengine.com) and an address that can be accessed only with Tor (5u56fjmxu63xcmbk.onion).
Another option is TorLinks (torlinkbgs6aabns.onion), which illustrates the wide variety of legal, questionable, and illegal resources on the dark web. Keep in mind that buying illegal drugs, stolen credit card numbers, and cracked commercial software is illegal no matter how or where you do the deal.
Remember Y2K, the disaster that was scheduled to affect all sorts of computer devices on 1 January 2000? Not much happened -- in part because the threat was overstated and in part because IT professionals took the steps appropriate to limit problems.
Now we have the GPS Rollover Crisis, which will occur at the end of 6 April 2019. GPS system time will "end" and the time indicators will be reset to 0. That's because each GPS epoch is 1024 weeks long, or about 19 years and 8 months. January 5, 1980, is the beginning of all time for GPS systems. But wait. That means we must have done this before.
And indeed we have. GPS System Time rolled over at midnight between 21 August and 22 August 1999. That was 132 days before the Y2K non-event. Some GPS receivers handled the rollover without a problem; others showed incorrect locations and incorrect dates. So here we are, nearly 20 years later, and the next rollover is coming. The Department of Homeland Security says "tests of some GPS devices revealed that not all manufacturer implementations correctly handle the April 6, 2019 [week number] rollover."
One of the primary differences between the rollover in August of 1999 and the one that's coming up in April is that just about everyone has a GPS unit: Some have stand-alone units, others have GPS units in their cars, and smart phones have made GPS ubiquitous.
DHS also notes that some devices interpret the week number parameter relative to a date other than January 5, 1980, which is what they should be using. Those devices won't be affected by the rollover on 6 April, but may report incorrect locations or times at some future date.
The GPS Internal Navigation Time Scale is based on the weighted average of GPS satellites and ground station clocks. An error of 1 nanosecond can equate to a positioning error of about 1 foot. A second contains 1 billion (1,000,000,000) nanoseconds, so a 1-second error would result in a ranging error of nearly 200,000 miles. This is impossible, of course, because the circumference of the Earth is only 25,000 miles. Extremely small bits of time are involved here and small differences can create unusable results.
The valid range of values for the week number parameter is 0 to 1023 and the number is incremented each week. At the end of the 1024th week, the counter resets to 0 and creates a new GPS Time Epoch.
If your GPS device starts acting wonky on 7 April, following the reset at the end of the day on the 6th (Zulu time), you may be able to fix it by turning it off and turning it back on again. Any device manufactured in the last 9 years probably conforms to a newer specification that uses a 13-bit week number, meaning that the next rollover will occur in a little less than 176 years.
The Department of Homeland Security offers suggestions for what GPS users should do between now and 6 April:
To read the full report and examine the DHS recommendations, visit the DHS website. This is recommended for those who have mission-critical GPS systems such as those used in commercial transportation or aviation.
When Microsoft releases a Windows update, it has been thoroughly tested. The Windows Insider program ensures that large numbers of users have seen the update in the Fast Ring or the Slow Ring. But "large numbers" doesn't mean everyone and sometimes errors slip through.
For example, last year's August update. For a small number of people, the update created a gigantic problem: The update caused some of the user's files to be deleted. Microsoft stopped pushing that update out and didn't release it again until January of this year.
If you installed the update in October and it caused no problems for you, great. If you waited until January to install it, great. But for those users who were bitten by the file deletion problem, what's the recovery process?
That's what backup is for. Anyone with a good backup would have been able to restore the deleted files or folders. That's actually the easy part. But what about the Windows update? What's needed is a way to get back to the previous version of Windows and there's a way to do this.
Disasters like the October update are extremely rare, but sometimes new device drivers that are installed as part of an update process fail. Why? Unlike MacOS computers, Windows computers are built by several large manufacturers and thousands of small computer shops. Some components are better than others. In short, the nearly infinite combinations of hardware and software possible on Windows computers can create issues that Microsoft engineers couldn't possibly anticipate. That's one of the primary reasons for the Windows Insider program. But not all problems are caught there, either.
So if you have a Windows update that doesn't work right, you can roll back to the previous version until Microsoft locates the root cause of the problem and fixes it.
Start by going to Settings > Update & Security > Windows Update > View Update History. At the top of the list on that panel, click Uninstall Updates. This will open a panel that looks a lot like the old Control Panel. That's because it is the old Control Panel. Not all settings have yet been migrated to the new interface.
Select the update that's causing the problem and click Uninstall. It's possible that you'll see an error when doing this. If so, restart the computer in Safe Mode, navigate back to this location, and tun the process again.
After you've uninstalled the update, you'll want to be sure that Microsoft doesn't try to install it again. You'll need to obtain a utility from the Microsoft website to do this. It's called the Show or Hide Updates utility.
After downloading it, run the utility and select the Hide Updates option. Then pick the update that caused the problem. That will keep the update process from reinstalling the component that caused the problem.