A thief can steal your iCloud account with your phone's PIN code

Sunday, March 12, 2023

There was this article from Wall Street Journal about how an iPhone thief can change iCloud password of the account in that phone without knowing the current iCloud password. Basically, when changing iCloud password from an iPhone, you only need to enter the PIN code to unlock the phone, no need your current iCloud password. So, a thief will first try to steal that PIN code by shoulder surfing or just looking at your hand when you type to code; then they steal your phone; immediately change iCloud password with that PIN; and boom, you lost your phone AND your iCloud account along with everything associated with that account: photos, contacts, notes, and other passwords. Then, they can use those passwords to log in into bank accounts, social accounts, and so on.

It is probably a tough decision to allow changing iCloud password only with the PIN code because there are many many more people who forget their iCloud password than get their phone and PIN code stolen. I just hope Apple can make a way to fix it, especially for people who care about this.

And the situation is similar in the Android world. With the PIN code of an Android phone, a thief can change the Google account password.

Just for password, using Apple's built-in password manager is already better than nothing. But I still prefer a third-party password manager.

And now I change to an alphanumeric passcode. Harder to type but with FaceID enabled, I rarely need to enter that long passcode, like 3 times a day max.

How will you measure your life?

Saturday, March 12, 2022

I just finished another book from Clayton Christensen called How will you measure your life?. I love The Innovator's Dilemma and I think I like most of this book, about 80%, probably because I am also a researcher. I like the way how a theory can be considered as a lens to look at other things, especially from a different point of view. And this book presented good theories to address the question of how one may measure their life. And instead of saying what one should do, those theories give guidance on how one should think about this question. Reading this book gave me a clear answer for many inspirational speeches as well as complaints I saw recently.

There are three sections addressing three aspects: happiness in career, happiness in relationships, and integrity and staying out of jail. There are parts I really like, others probably 50-50. The ranking is probably related to how personal the question in that section is. Whatever part I was reading, it was also good to always ask to what extend I agree or disagree with this part, and move on.

About happiness in career, what I like most is that although it also starts with finding what motivates you to work, it does not say BS about passion and stuff. Instead, it brought up that satisfaction and dissatisfaction are separate, independent measures. The opposite of job dissatisfaction is not job satisfaction, but rather an absence of job dissatisfaction. You can be dissatisfied with a job with low salary but giving you high salary with that job does not mean you will be satisfied, and vice versa. It then presented Motivation theory which, roughly speaking, says there are hygiene factors and motivation factors. Hygiene factors are what need to be addressed so that you are not dissatisfied. Examples are status, compensation, job security, work conditions, company policies, or supervisory practices. Motivation factors are what truly, deeply satisfy us, what cause us to love our jobs. Examples are challenging work, recognition, responsibility, or personal growth. Of course, each person has their own list of factors. So where do we find it? Well, keep balancing those factors and keep trying if you have not found it yet.

The section about happiness in relationships is really a personal one, so naturally many parts did not resonate well with me. But I really like the Resource-Process-Priority framework applied there. These are things, according to this framework, considered to fully describe a business and constitute a company's culture. These things are also matched well when applied to a family and personal relationships. What are priorities I want my family (including future kids) to strive for? Be rich? Be kind? Be bold? Be generous? Be responsible? Be thoughtful? Love working? What and how much resources (e.g., time, money, health) do I have and how do I allocate those to align with whatever priorities I choose? When should I start investing those resources? Well, there are just a lot in this section.

About integrity and staying out of jail, short and simple, most people who ended up in really bad situation (and probably in jail) was because of small mistakes they did added up.

So, a quick summary of a book I like. Highly recommend and hope to have a chance to discuss with you about this book.

The Innovator's Dilemma

Tuesday, March 8, 2022

I finally read The Innovator's Dilemma. Such a great book, especially for the one caring about technology like me. It brought a new theory (new as of 1997). As a researcher, I love great theory, and this book brought a great one.

It is both a management and "technology" book with the questions being asked are "Why is success so difficult to sustain?" and "Is successful innovation really as unpredictable as the data suggest?". My key takeaways probably are:

  • Big successful companies are really good at dealing with new innovations that sustain their success (their market, the process, their values, ...) but almost paralyzed by potential innovations that can disrupt their success. Because at the beginning, those potentially disruptive innovations do not pose any threats to their success: they have different goals (different markets, processes, values, ...)
  • The rate of increase of market demand is often slower than the improvement rate of technology. So disruptive innovations often start at lower end, less profitable markets (basically do not threaten the mainstream market of big successful companies at all), and then gradually move up.
  • And there are ideas about how to identify these potentially disruptive innovations and harness these principles (instead of fighting them)

Technology in war

Thursday, March 3, 2022

Russia invaded Ukraine a few days ago. Even though it seems far away from here, I still feel sad about this situation. But I recently thought more about what if China invade Vietnam, which happened so often in the past and it was even a hot topic in Vietnam just a 3 or 4 years ago, and the role that technology plays.

One big reason why so many countries stood against Russia this time, even a country like Switzerland which always tried to stay neutral previously, is that there is much much more information on the Internet about the war and came directly from people inside warzones. Ukrainian people showed the world what was happening there, sometimes in real time, and other people reacted and amplified that. This created higher and higher pressure on governments and businesses to act.

I hope this would show leaders around the world how connected the world is now, and probably much more in the future, and how people can have more voice and can be heard from afar, and how that can change the course of the war. And I hope China will seriously take that into account.

It also showed social media can bring that power to people and amplify it, which I still believe is true. I believe they bring net good to the world, which is why I still work for Meta. I do not see people criticize Meta or Twitter this time.

Poverty and energy demand

Saturday, June 5, 2021

An interesting but not surprising finding about energy demand for poor families: here. It is probably well-known that it is more expensive to be poor. And expensive here means relative to the income. For example, a poorer family would need to spend a larger portion of their income on basic stuff like food, gas, or clothes. In this finding, looking at this from a global warming point of view, a poorer family on average tends to spend more energy than a richer one because they often use less efficient sources of energy (e.g., wood or coal vs. electric) and need more steps for the same thing (e.g., boil vs. filter drinking water). This made me believe even more that to fight global warming, instead of slowing down development, we need sustainable development.

Alternative App Store

Thursday, May 27, 2021

The court battle between Apple and Epic Games has been going on for weeks. It is still basically fighting over money so I do not care about it too much. However, there is one thing that can greatly affect iOS users like me and most of my family that I want to talk about. It is the possibility of alternative app stores or app sideloading.

Currently, the only way for normal iOS users to install apps is through Apple's App Store. All apps available on the App Store have to pass a review process which at least prevents 99% of bad apps from coming to users' devices. Haters gonna hate, but I am glad that the review process and installation restriction exist. As the only person in my family with a computer science background, I have been helping many family members and friends fixing their computers for years. And most people I help have no idea how dangerous things can be on the computer and on the Internet. I have also written iOS and Android apps once in a while. And what gives me a bit of peace in mind is that when I know my family uses an iPhone, their phones are less likely to be attacked because of that review process and that App Store restriction.

The phone is the most important, and sometimes the only, computer my mom and dad use for almost everything: messages, news, learning, entertainment, banking, ... You name it. Just thinking about another alternative where my mom opens a website, a popup shows up, my mom naturally clicks OK, an unknown app is installed and can do bad stuff without anyone knowing anything. It is scary. And it is just not for my parents but also for all other dozens of my relatives.

For power users who (hopefully) know what they are doing with their computers and phones, it is OK to give them more flexibility. But for the majority of casual users, it is our job to protect them.

Videos explaining COVID-19 vaccines

Thursday, May 27, 2021

Excellent videos from Vox explain why we cannot simply compare COVID-19 vaccines just based on 1 of their efficacy numbers. Basically, the number which is often referred to by the media when talking about how effective a vaccine (like the Pfizer-BioNTech vaccine is 95% effective) only shows how the vaccine prevented individuals in the clinial trial from getting infected by the virus. Different clinical trials were done at different times and places, so it is not fair to just compare them with that number. Also, although that number is an important metric, it is not the most important thing we want from a COVID-19 vaccine. What we really want a vaccine to do is to prevent everyone from being seriously sick if they get infected. And all of the current vaccines approved by the US, EMA, and WHO can do that at almost 100% effectiveness.

Another excellent video explains the difference between different kinds of COVID-19 vaccines currently available in how they are made.

Chosen kernel

Wednesday, May 26, 2021

Student: Oh, and we use this Matérn kernel instead of the Squared exponential kernel we used before. Do you know why?

Mentor: Why?

Student: Because M comes before S.

First or Last

Thursday, May 13, 2021

Well, another piece of advice from my mentors today:

You want to do the first or the last paper in a topic.

Exploration

Wednesday, March 24, 2021

Doing a PhD has never been easy, at least for me. I have not even finished it yet. It has been a long journey with so many ups and downs (mostly downs). I have been working on a paper for more than 6 months, again with many ups and downs. Today, after keeping exploring for months, it seems like we arrived where we started, with just more knowledge of why we are here. It actually keeps coming back to this starting point many times. But this time, I feel better, especially after knowing this quote from T. S. Eliot that my mentor sent me:

We shall not cease from exploration, and the end of all our exploring will be to arrive where we started and know the place for the first time.

Net neutrality in action

Thursday, March 18, 2021

If you ever heard of "net neutrality", I hope you like it. If not, here is its definition: "the principle that internet service providers should enable access to all content and applications regardless of the source, and without favoring or blocking particular products or websites". Basically, it is like "every car can use a freeway, regardless of its origin or brand".

The US killed nation-wide net neutrality in 2018. But some states still set their own net neutrality law. The CA law came into effect last month and this show from AT&T may show you why you want to care about it.

Basically, net neutrality stops this shit: HBO Max, a AT&T owned service, can be streamed WITHOUT counting towards the data cap while other streaming services count unless they pay AT&T. AT&T then said that net neutrality killed "free-data" because now they have to stop the action above and streaming HBO Max will count towards data cap. However, they CAN do this: allow all streaming services not to count towards the data cap. But of course, they would not choose this fairer way, or more neutral way. Net neutrality prevents these anti-competitive schemes and probably be the first thing why you wanna care about it.

How easy it is to intercept text messages

Tuesday, March 16, 2021

I have known that SMS is not secure, probably since when I worked a bit with SS7 protocol before. But I do not know it can be "hack" for $16. Joseph Cox wrote for Vice about "A gaping flaw in SMS lets hackers take over phone numbers in minutes by simply paying a company to reroute text messages". The white-hat hacker then took over WhatsApp, Bumble, and Postmates accounts of Cox. All for $16. For long, SMS has not been considered secure, especially for authentication. It is not even personal as an email because you do not really own a phone number, or we should say differently that you are much closer to owning an email address than a phone number.

Vaccinated

Monday, March 15, 2021

I got my COVID-19 vaccine last Friday, which was 3 days ago. I am in the Education sector so I could get a vaccine earlier than many. I got Janssen vaccine. Although some people might say this Janssen vaccine is not as good as vaccines from Pfizer/BioNTech or Moderna because those vaccines showed about 95% effective while Janssen vaccine is about 72%, I see that is a reckless comparison. Different times, different places. So it is not fair to compare them that way. Also, the efficacy of Janssen increases and after around 2 months, the efficacy is more than 90%. There is a cool chart about it here, slide 41. Most importantly, it prevented 100% participants from hospitalizations and deaths. In addition, only the Janssen vaccine has shown high efficacy against new mutations. And you need only 1 dose.

I got expected side effects: pain at the injection site, mild fever, chills, and fatigue. So it was good that I got it on Friday and had the weekend to recover. Feeling much more hopeful now. I hope more people will be able to get vaccinated and will be willing to get vaccinated.

Traditional Chinese Medicine clinical trial started

Tuesday, March 9, 2021

Our pilot study about safety of using traditional Chinese medicine for COVID-19 patients started last week with the first participant. The compound used in this study was used in Wuhan when the pandemic hit hard there. It is designed to prevent patients from developing into severe cases. Now we want to see if it is safe for people in the US, and potentially in other places, and if a larger study is feasible.

COVID-19 pandemic is still not much better than several months before and there are always the next waves looming there. Hopefully we will have more effective and cheaper treatments available.

Here is the link to the article about the study on USC Dornsife website: link.

Online security and privacy for friends - Password

Friday, March 5, 2021

TL;DR: Use a password manager. Use a long passphrase that is easy for you to remember. Avoid sharing passwords as much as possible

Let's talk about passwords. If you have an account anywhere, most likely you will need to know your password to login. You may think it is like a key to get into your property. So it may be good.

But passwords are bad. You have to remember them and this creates most of the issues. I use a singular form "password" here because many people only use one password for almost every account. Why? Because they cannot remember many different passwords. Yes, it makes total sense to have differently passwords for different accounts, just like different keys for different locks you can open. So now, what do you think if the same key is used for all of your locks?

What do you think if that key can be stolen? And you do not even know that it was stolen. For example, I am not sure if any of you are aware of VNG database leak, but I have no idea until I check my email on Firefox Monitor and they told me my account was in that leak and showed me my password in plaintext. I have not used that account and password for a very long time. But you know what, Zalo of VNG is definitely a big thing in Vietnam. So, I used that leaked account with that plain password to log in into Zalo. And I was in. With all my friends who are actively using Zalo. I really don't know why VNG let it be that way. Leaked passwords are bad, even worse if you do not know that.

Even if there might be nothing wrong with your password, every once in a while, a website or your IT team will ask you to change your password because it is too old. Then you have to create and remember a new password, which often has to be different from the old password. Just like every once in a while, your mom will change the key and ask you to keep a new key and the old keys.

To make it worse, more and more places requires stronger passwords, like longer, more numbers, more weird characters. It is already hard for you to remember easy passwords, and now you have complex passwords to remember. Good luck with that.

And none of those issues is your fault. It is the failure of the engineering system. And the good thing is people have been trying to fix it, with mixed results. For example, if you are using a good smartphone, it can be a good example because instead of typing your passcode, you can just touch your finger to a button or just look at your phone and it will open. It works most of the time and can fall back to using passcode if it fails. One day it will work like that or better everywhere. But right now, we still live with passwords.

For passwords, my first advice for you (if you have not done it yet) is to use a password manager. A password manager is essentially a software that stores passwords for you so that you do not have to remember many passwords. You ideally only need to remember one password that opens the password manager. This password is often called the master password. So, you can generate a complex password for each website, save it in the password manager, and forget it. When you need that password to log in into the site, open the password manager with your master password, copy the complex password for the site, and log in. I am using BitWarden now but there are many other options and most popular web browsers also have this password manager feature. With a good password manager, you do not have to remember many passwords. And this would solve most of the problems. You can use different passwords for different websites, worry less if a data breach contains for your password, simply change password if your IT team asks, and use much longer and/or more complex passwords with ease. So, use a password manager.

No matter whether you use a password manager or not (although you should), use a long passphrase rather than a sU03&_C(0)iiiPL3x password. I think the requirement for such super complex passwords with weird characters is ridiculous. It is much easier to remember a long phase that is familiar for you than that super complex password. It is also often much faster to type. It is also more secure from all technical, social, and human interaction perspectives.

One more thing, avoid sharing passwords as much as possible. This includes not sharing the same password for multiple accounts and also not sharing passwords with other people. If you have to share it, change it later. In other cases, like if you need to use/share a password with a team, no problem. You will also see that in that case, using a password manager to share a password with a team is even more convenient and secure. But if it is your personal account, avoid sharing passwords as much as possible.

Online security and privacy - For friends

Thursday, March 4, 2021

If you ever went through my research page, the work "privacy" appears frequently and is more recent because my PhD work is about location privacy. Let us not go too technical. It just meant that I have learned and worked on privacy, mainly for location data but still about privacy in general. So I think it can be beneficial for my friends to get some information about what is happening around their online privacy and what they can do to balance different aspects, like security, privacy, utility and so on. And you will see those different aspects sometimes agree, sometimes conflict with each other.

I choose privacy as the theme, but many times it would be about security because that is often a more serious issue and I hope people can take care of that quickly. And of course, for individuals, strengthening security often also means improving privacy protection, but not always. For example, you may not want a stranger to see all of your Facebook photos because of your privacy concern. So keeping your Facebook login information safe would also help protect your privacy. One way to further prevent somebody from logging in to your Facebook account is to allow Facebook to send you a text message whenever someone triees to log in. This may concern you because you need to give them your phone number, which they can use for other purposes.

And here is the important thing: I write these things to you as a friend, not your IT support. Of course I hope everyone would at least know something about protecting yourself on the Internet, especially when many things I write will be basic stuff. But people around me and people I know are ones I care most and ones I believe will believe what I say is for their benefit. And I also believe they would be understanding if things I said changed over time or does not apply to some situations. I remember when I helped "fix" computers for my friends years ago. They would give me their computers, let me do anything with it as I saw fit, and understand that what I did and what I told them to do was for their benefit. That is the same theme here.

Now I think it is obvious to talk about passwords first. Next post is here.

Pandemic

Tuesday, February 16, 2021

It does not sound fun to start something with a pandemic. It sounds better to start something in a pandemic. And this personal blog is one of those.

This is the 2nd year in the COVID era. It has been almost one full year since we - my wife and I - started working from home. Many things happened along the way, even without considering many COVID-related events.

And that was why I wanted to write.

I thought about writing on Facebook. The issue was that I do not often read long posts on Facebook. And I do not want to write something that I myself do not want to read. There used to be a "Notes" section on Facebook that I actually enjoyed reading because when I opened a note, I mentally prepared for a long story1. But that "Notes" section is no more. I do not know exactly why they removed that feature. My best guess is that not many people used it. I do not miss it, but I miss the old notes I was tagged. Also, with Facebook, while I understand the visibility setting for posts and notes, the fact that it cannot be reached from search engines troubles me.

I thought about writing on my old website2 which used Google Sites. It is easy to write simple pages there but it is just not a good platform to write a blog. As a developer, I also want a bit more control and customization.

That is why this new website came to life, in the middle of a pandemic.

It is hard to summarize an entire year living through this pandemic in the US. So I do not attempt to summarize it. But this is definitely a sad year. I am not talking about daily COVID-19 death rate in the US because although I knew it was bad, especially after my friend had to go to ICU because of it, we did not experience it firsthand. What I felt most was the lost of my grandfathers-in-law. We could not go back to Vietnam to see them because of travel restrictions, even though we registered to go back for months. And during those months, it was sad knowing that they were getting weaker and that nothing we could do, even just to visit them.

And it is just amazing how we adapted. Changing to living and working inside all year long. Seeing friends only once or twice; even avoiding people when we went outside. And staying at home together all year long without much trouble. It was really difficult for my wife to find a job after she graduated this summer. But she managed to land a great position, and seemed to enjoy working from home. I also prefer working from home to my 1-hour commute with Los Angeles traffic, but I still think it is better to have a working environment. When I lived near USC campus, I went to our lab at 8am and back home at 6pm. I cannot say much on my own productivity during this time compared to normal time because I do not know how to measure it. If you are a PhD student, you probably understand this.

We have just started a new lunar new year. Most people here, who know about lunar new year, would say it is the year of ox. But for Vietnamese people, it is the year of buffalo. I do not care much about that animal, except when it is a horse. But I do feel a new year has come. My wife took 2 days off. We bought many flowers, including peach flowers. We cooked many traditional dishes. We called our family many times than normal. And I started something.

⎯ · ⎯ · ⎯ · ⎯
  1. I prepared, but whether a note is interesting enough for me to read is a different story.

  2. Still my main website as of February 16, 2021.