Random Thoughts – Randocity!

Rant Time: Snapchat’s update failure

Posted in best practices, botch, california by commorancy on February 14, 2018

In business, the quest is always to provide the best most consistent user interface (UI) and the easiest user experience (UX) possible. Sometimes, that doesn’t always work as planned. Sometimes, it outright fails and backfires. Let’s explore.

Flickr

Before 2014, Flickr had a very useful grid layout. Sometime during 2013/2014 Marissa’s then team decided to “reinvent” Flickr. They gave it a facelift and then rolled it out to much user ire. While it’s every company’s right to make design changes to their application as they see fit, it can also spell doom to an application. Flickr was no exception. After Flickr updated their app in 2014, this drastic UI change immediately drew the anger of thousands of Flickr users. Yet, Flickr still hasn’t changed anything substantial in spite of the massive number complaints. The UI is still the disaster it was designed to be and does not in any way offer what it formerly did.

The formerly well spaced grid layout was convenient and easy to use in that it showed how many views of each photo at a glance. With the new tight grid interface of random sized images, you now have to drill into each and every photo separately to find the views of that specific photo. Sure, you can use the statistics page to see which photos are most popular or most interesting, but that’s of little concession when you simply want to see how well your most recent photos are doing at a glance. In short, the latest Flickr interface introduced in 2014 still sucks and Yahoo has done nothing to right this wrong. I’d venture to guess there are fewer users using Flickr now than ever, particularly with newer apps such as Instagram, Snapchat and Facebook… and speaking of Snapchat…

Snapchat’s Update

As of February 10, 2018 and taking a page from Flickr’s playbook, Snapchat decided to roll out a brand new interface to its app. An update that has, just like Flickr, drawn the ire of many of its app users. Some users are lamenting this new interface so much, they are seriously contemplating app deletion. Because of the app’s unannounced surprise layout, some Snapchat users were unable figure out how to post causing them to lose their streaks (a way to measure how many consecutive days a user has posted). Some users streaks have been running for several hundred days. Others are just ranting about what they don’t like about it. Here’s what some Twitter users are saying:

What a disaster. Do these companies even perform basic usability testing before a release?

Design Fails

The old saying goes, “If it ain’t broke, don’t fix it”. Literally, what problems was Snapchat trying to solve with this update? If you’re planning on a UI and UX redesign, you better throw in some bones for the users to go with it. Give people a reason to want to use the interface and they’re willing to overlook other minor inconveniences. Without such bones, it ends up as merely a change for change’s sake without offering up any useful new features. Burying UI components in ever deeper layers is not more UI efficient and does not offer up a better user experience. I’m not even sure what Snapchat was thinking when they decided to roll out this UI update.

Test, test and more testing

Here’s where the rubber meets the road. If you make a UI/UX change without adding anything useful into the app for the end user, what have you accomplished as a designer? The answer is, nothing. As a designer, you have failed. Changing a UI design requires careful consideration, even more careful planning and product usability testing. This means actually giving your app to your primary target demographic and letting them use it for a few days. Let them tell you what’s wrong with it, what they like and what they dislike. Do this long before putting the new update in the app store for general release. If you do this, you can avoid the problems that Flickr and Snapchat faced with their UI and UX redesigns. If you don’t do this, you end up in the news. Failure is not an option, but so many companies fall into this trap not really knowing how to get out of it.

Rollback Plan

If the Tweet above is true regarding that support team reponse stating that there is no way to roll back, then that’s a failure on the part of the application’s designers. You should always design a rollback plan into your releases. You can’t know what may fail as a result of a release, so offering a rollback plan should always be part of a release.

If you fail to test and fail to include a rollback plan, you’ll end up just like Snapchat (and Flickr) … that is, in the news for all the wrong reasons. What this says is that the Snapchat design team should be fired and replaced. Failure is not something any company needs to endure, especially when that failure is so visible and makes your company look inept…. and it was all preventable. In this day and age, there is absolutely no reason why companies release software into the wild that angers its user base in this way. Seriously, that is such an amateur move, it’s a wonder such companies even remains in business. Worse, after such a seriously amateur move and after the dust settles, you may not have much of a business left. Your app is your lifeblood. Screw it up and you’re done.

Overconfidence

Snapchat clearly doesn’t understand its audience. Teens are some of the most finicky users on the planet. It doesn’t take much for them to dump something and move onto the next better thing. Changing a UI interface that angers so many of them is the quickest way to lose the userbase you’ve spent so much time and effort attracting. Perhaps Snapchat will realize its mistake and correct it pronto? Perhaps it will pull a Flickr and let users suffer through with the horrible new design and not change it. With Flickr, Yahoo at least had some leverage because of all of the professional photographers entrenched in the service. Where would they go? With Snapchat, the company does not have this luxury. Snapchat isn’t a required service like Flickr is to professional photographers. This fail could easily lead to the demise of Snapchat.

It’s time for Snapchat to seriously consider all of its options here, but let’s hope they come to the right decision and rollback the interface and rethink it’s UI and UX design. Best of all, maybe they have learned a valuable lesson in software design… test your interface on your primary demographic before you ever consider a release.

Advertisements

Rant Time: eBay and shipping fees

Posted in botch, business, california by commorancy on January 30, 2018

This one will be quick. Today is the day I decided to do a little shopping and hopefully find a bargain online. Once again, foiled. Why? Let’s explore.

Bargain Shopping

I open a browser and go to eBay. I go there because I typically expect to find reasonable prices on most things. Sometimes I can find item prices at substantially reduced prices from Amazon. However, today wasn’t one of those days. I began searching for a specific item and I actually found it. In fact, I found the item at a very reasonable price. I even found the same item on Etsy with this very same listing problem. The problem wasn’t the price for the item, but it was in the shipping costs. I’ll skip mentioning this specific item because it’s not really relevant to the article. I’ve seen this problem on and off for many different items over the years. I’ve finally decided to rant about this problem.

While I can find the item I want at $5.99, I see that the shipping fee is $18.00 (or sometimes higher). What ridiculousness is this? Why am I expected to pay 3x the price of the item in shipping fees? No, I just won’t do that.

Stop These Listings

I don’t know what goes into that $18 cost, but many times I see the item is shipping within the US to a US address. Yes, I realize that FedEx and UPS and even the USPS (to an extent) aren’t always inexpensive for shipping. But, who in their right mind would pay $18 to ship an item that costs $5.99 or less? Not me.

It’s time that Amazon, eBay and Etsy stopped these listings. There is no reason to force would-be buyers to weed through useless listings like these to find someone who’s willing to offer a much more reasonable shipping fee. It would be a simple matter for these sites to decline to list items whose shipping fee exceeds 1x the cost of the item. When it gets to 3x the cost of the item’s price, it’s way too high and a waste of a listing. How many people would really pay that?

Maybe there are some people out there desperate enough to pay that high a cost for shipping, but I’m not one of them. I firmly believe that to be any kind of a deal, the shipping fee should be equal to or lower than the cost of item being listed. If shipping costs exceed the price by more than 1x the item’s price, the listing should be refused. Or, alternatively, make the default search filter remove listings with unnecessarily high shipping fees. For the people really interested in paying high shipping costs for an item, then click a checkbox to enable searching these. Yes, it is time to penalize sellers trying to price gouge through shipping fees.

Shipping Scam and Advice

I do realize that for a time there was a scam going around that sellers would back load the cost of the item into the shipping costs. So, instead of listing the item at a reasonable price, they would list the item for $.99 and then back load the item’s cost into the shipping and handling fee at something like $19.99 or similar. The reason for this is that it makes your product seem low priced until people looked at the shipping costs. It was simply a way to game the search listing sort engine. I’m sure that the seller thought they could trick someone into thinking they’re paying $.99 by not looking at the shipping fee. That’s a very old trick. A trick, in fact, that eBay is so well aware of, all of their listings now tell you shipping costs up front right in the search listing page. As a seller, it does you no good to try and trick the system using such tactics. Instead, it only makes you, as a seller, look like you’re trying to pull a fast one.

If you have something to sell, be honest with your prices and your shipping costs. People prefer honesty over trickery. If you know your shipping and handling is going to end up at $40 for a $5 item, don’t even bother to list the item in that way. It’s not worth it. This also makes you look inept. It would be better to front load your costs into the item itself and then reduce your shipping costs. In fact, you might as well just include the cost for the item plus the shipping costs together and state that it’s free shipping. You’re likely to attract more buyers this way than attempting to back load your costs into the shipping and handling fees.

Ridiculousness Abounds

Over the last several years, I’ve seen more and more of these kinds of shipping ripoff listings. These sites need to crack down on the listings with overpriced shipping and stop them (or, at least, filter them out by default). When I go shopping, I’m always looking for a deal. If as a seller, you can’t provide me with a deal at least as good as stores in my local retail area, then don’t show me those listings at all. Few people would want to pay 3x or higher in shipping costs for a seemingly low priced item. It’s just not a sustainable product offering.

If you have put items up on eBay or Etsy and sold them with a shipping cost 3x higher than the price of the item, sound off in the comments below. I’d like to know if you were able to sell that item or if the listing expired. My guess is that the listing expired. If you did sell the item, I’d like to know if your buyer was satisfied or dissatisfied with what they spent on shipping fees. I’d also like to know how many people returned the item once they found out the actual shipping costs.

Tagged with: , , ,

Home Automation: The good, bad and ugly

Posted in Apple, botch, business, Philips Hue, wink by commorancy on December 17, 2017

You’ve just picked up an Amazon Echo with a Hue Starter Kit and you have decided to take plunge into controlling small devices in your home via Alexa. Well, here is what I’ve learned so far about this process. Take note, it’s not always easy to set this up. Keep in mind that I haven’t explored every system or every device. This article documents only my experiences with those devices I’ve tried. Let’s explore.

Smart Home Hubs

The first thing you need to understand is that many home automation systems still require a centralized hub to control the accessories (i.e., lights, switches, dimmers, and plugs). Systems like Wink and Hue are good in that a hub aggregates all of the accessories under a single logical device, these devices also have their own pitfalls. Some lights and plugs are WiFi only and do not require a hub, leading to even more consumer confusion, more apps and more logins and passwords.

As an example, Hue’s bridge (hub) comes in several versions (I’ll explain the reasons for this shortly). If the you stay within the Philips universe of devices, then you’ll be good. However, the moment you step outside of the Philips universe, just like with Apple’s products, compatibility takes a significant dive. It’s the same situation for Wink. As long as you wholly subscribe to the devices that are compatible with a Wink hub, you’ll be perfectly fine. If you choose to add in a bulb that isn’t compatible, your days will become far less happy. Worse, if you want to intermix devices from the Philips universe with the Wink universe, you’re asking for a world of hurt.

Intermixing Devices

So you’re probably asking, “why would I want to intermix devices?” It’s very simple. Cost. While the Hue color bulbs are spectacular for producing vivid colors, they aren’t so great for their brightness levels and they are substantially pricey. If you want to get a bulb that supplies higher than 50-60 watts of effective illumination, you have to jump out of the Philips universe. I don’t know why Philips is dragging their feet on 75 and 100 watt Hue bulbs, but they are and its frustrating.  That means you might end up over at GE or Cree or even looking at LIFX bulb.

Costs, Value and Brightness

Hue bulbs are also incredibly pricey. At around $60 per color bulb, changing every bulb in your home is likely going to cost hundreds or perhaps thousands of dollars. Even the ambient white colored Hue bulbs at $30 are still quite pricey because they can range their colors between cold and warm white. If you simply want a bulb you can turn on and off and dim, there are far cheaper options… like the Cree Connected (~$15) and the GE Link (~$20). These are quite a bit less costly than the Hue white ambience bulbs. However, Hue also makes a 4 pack of white dimmable bulbs that cost around $13 per bulb (note that this may be holiday pricing). However, these bulbs are simple on, off and dim only. They do not vary the color hue of the bulb. The color they are is basic warm white… same for the Cree and GE Link. You also have to buy these Hue white bulbs in a 4-pack to get this lower pricing. Otherwise, each Hue bulb will cost around $17 separately. This 4-pack is your best deal for low cost hue bulbs. However, they are also not that bright.

At the time when I purchased into the Cree and GE Link, Philips still didn’t make these less costly bulbs. These are relatively new additions to Hue’s line and likely came about because of the Cree and GE Link bulbs.

What that means is that I’m not about to abandon the two bulbs I bought just to go buy four replacement Hue bulbs. The GE Link bulb is also quite bright, brighter than the Hue bulbs even though it is supposedly a 60 watt equivalent. Clearly, some bulbs are brighter than others even when rated similarly. This is why it’s important to look at the bulb illuminated to see if you like the color temperature and the brightness.

Clearly, we want good quality long lasting and bright lights. Specifically, lights that are bright enough for the given fixture and room. You may only need a 40 watt bulb in some instances, but in others you might want a 150 watt bulb. Sad to say, there aren’t many 150 watt LED equivalent bulbs on the market. Even of you find one, it’s not likely to be a connected bulb (see WiFi plugs below). The brightest bulbs seem incompatible with being connected. I don’t know why that is, but few lighting manufacturers want to produce both a connected bulb and a bulb that’s brighter than 60 watts. 60 watts is incredibly dim by itself. You’d need at least 4-7 of them in a fixture to sufficiently illuminate a living room.

Why there aren’t any 100 watt bulbs to date? I have no idea. Philips, GE and Sylvania need to get right onto solving that problem.. and soon.

Compatibility

If you’re willing to stay within a single manufacturer’s universe of apps, plugs, switches and bulbs, then you won’t run into many compatibility issues. If you want to actually do something useful, like use the Amazon Echo or IFTTT or Google Home or any other third party product, that’s when you run into problems.

Amazon’s Echo is probably the single most compatible home automation platform out there. However, that said, I’d consider Amazon’s Echo to only be about 80% compatible with most products. There are still a lot of products that cannot be controlled by Alexa, even though they have apps. IFTTT fares far worse at about 50% compatible. Apple’s Homekit is about 30% compatible with most systems. Though, if you’re willing to stay in the Philips universe, Apple’s Homekit jumps up into the high 90% range for compatibility. On the other hand, Apple’s Homekit has very little compatibility with Wink. Supposedly the Wink hub 2 is compatible with Homekit, but apparently that hub barely even works.

To get a fully functional Wink system, you have to use the Wink hub version 1 which isn’t compatible with Homekit. You’re probably asking, what is Apple Homekit? Homekit is Apple’s built-in small device automation system which is compatible with Siri. If you want task Siri to turn on, off or dim your lights, that assistant uses Homekit to get the work done. If Homekit can’t see your lights or accessories, it can’t control them.

There are many devices that Alexa can see and manage that Apple’s Homekit can’t. Apple has just floundered around doing nothing to improve compatibility to other home automation and lighting systems. This means that clicking the home icon to control your lights may or may not work on iOS… and more likely not to work than work.

Multiple Hub Versions

Hue’s system comes in several different hub versions. So does Wink. So does Zigbee and WeMo and many other device makers. These upgraded hubs add new features, such as compatibility with Apple’s Homekit or Google’s system. Keep in mind that even if a hub says it’s Homekit compatible, that doesn’t mean it’s fully compatible. It may only offer iOS the most bare bones minimums such as lights on and off, dimming and possibly color changing. Hue, for example, still prefers you to singly control all of their lights through the Hue app rather than through Apple’s Homekit compatible controls. Hue adds such extra features as light scheduling, vacation randomization and proximity fencing. Proximity fencing allows you to program the hub to turn lights on when near or off when out of range. These types of services are not visible through Homekit.

Fractured System

So what have I learned then?

  1. Philips Hue system is great so long as you don’t stray outside of it. Philips own bulbs work perfectly. Philips Hue can also see and control Hue compatible, but primarily Wink bulbs. Hue will not update firmware on any devices other than Hue devices. This is not optimal or in any way secure especially since you can only pair a device to one hub at a time.
  2. Wink will update fully Wink compatible bulbs, but won’t update firmware on Hue bulbs. Upgrades for Hue happens through Hue’s system.
  3. It is possible to run two hubs controlling different devices, but Wink’s hub won’t talk to Hue and Hue’s hub won’t talk to Wink.
  4. To bridge these two systems, you’ll need something like Alexa that can aggregate unlike device networks into a homogeneous whole.
  5. Alexa can’t aggregate bulbs and devices that aren’t Alexa compatible. So, you always have to read the box to make sure. Even then, you’ll likely need a skill to make it Alexa compatible.
  6. With Alexa’s skills, you can have Alexa log in to manage any device that offers a skill. You can then aggregate these devices under Alexa groups to control unlike systems.
  7. Homekit is the least compatible home control system out there. Don’t rely on Siri to control your devices unless you are meticulous in ensuring all of your devices are 100% Homekit compatible. This is likely to be costly because Apple is only willing to integrate with companies willing to pay money for this. That automatically means that only those companies making significant bank will be willing to pay off Apple to that end.
  8. Hue’s motion control sensor triples as a light and temperature sensor. Oddly enough, the only way to see the light and temperature pieces is through Homekit. Philips Hue app won’t show these sensors. This means you have to try and piecemeal together a system from pieces here, there and everywhere.
  9. Alexa still cannot directly set the color of Hue’s color bulbs. This must be done via a predefined IFTTT applet.
  10. Homekit can set the color of Hue’s color bulbs directly via Siri, but is limited in many other ways… specifically in the exact wording of how to get Siri to control the devices.
  11. Updating firmware on devices requires the correct app or hub. For example, Hue will update Hue devices, but not third party devices. If you want to update your third party devices, you need the right app or hub. Leading to….
  12. A device can only participate in any one hub system at any one time. Because I wanted the latest firmware on my GE and Cree bulbs, I had to buy a Wink hub and pair them with that. That also means I can’t use my Hue motion sensor to turn off one of the lights in a bedroom any longer. Now I have to buy a D-Link sensor and use that… adding to the cost and more hassles.

I find these systems fractured and annoying. There is no standard at all. Philips does what they do. Wink does similar, but is not compatible with Philips unless you buy into the Hub 2 (which is apparently junk). Sylvania is doing their own thing. Many bulb manufactures are now choosing WiFi for their bulbs to avoid even needing a hub. This means many competing standards in the lighting control area.

Until Philips or other lighting manufacturers put together a consortium to better the home automation world, home consumers will suffer with many competing and incompatible standards.

Electric Outlets

Recently I have gotten into controlling some devices using small connected outlets. Obviously, the devices to be controlled are dumb devices like plain old lamps or holiday lighting. They can’t be dimmed or change their colors, but they can be turned on or off. Once setup for control, I can enable scheduling to turn them individually on or off at specific times. However, what I’ve found here is just as fractured and confusing as the lighting systems. These plugs don’t require hubs. They are straight up WiFi devices.

I’ve so far bought the following:

  1. A WeMo branded outlet
  2. Three Conico / Jinvoo controlled outlets
  3. One TP-Link controlled outlet

Each of these devices has their own app and requires its own username and password. WeMo’s outlet uses the WeMo app, Conico uses the Jinvoo Smart app and TP-Link uses the Kasa app. Three apps and three logins for similar kinds of smart plugs. Yet more garbage on my phone and more passwords to remember.

However, because each of these apps have Alexa skills, I can set Alexa up to control all of them via a single device group. I have two of them controlling my Holiday lighting strands. I have a third as a bathroom night light and fourth and fifth not yet allocated, but likely will control more holiday lighting. I can put individual schedules on each of these plugs and I can voice control them via Alexa individually.

Unfortunately, to set up schedules, I have to do this in the phone app. This setup cannot be done in any single place. This is why this fracturing of devices is so bad.

IFTTT

What is this? This acronym stands for ‘IF This Then That’. It’s a small simple type of programming language. For example, if I say, “Alexa, trigger blue bedroom”, Alexa will send the command to IFTTT.com that will then interpret the command and perform the programmed action. The action could be turn off a light, send an email, send me a text or any of a wide array of actions. It’s a 1 to 1 action. Something happens, something is triggered.

How is this a problem here? I talked about the motion sensor above. This Hue sensor is captive to the Hue world. IFTTT has no way to capture any of the Hue sensor data and act upon it. Hue’s developers have not exposed any of this data to IFTTT for triggering alternative actions. For example, I’d like to turn on some lights if the motion sensor is tripped. While I can do that from within the Hue universe of devices, I can’t turn on both Hue and Wink lights from that motion sensor. Worse, the only thing I can do with the Hue motion sensor is turn on a device. I can’t send an SMS or email or anything else like that. Even though IFTTT can control both my Wink and Hue bridge devices, there is no action to read from the Hue motion sensor.

Instead, I had to opt into buying a D-Link WiFi motion sensor that is IFTTT compatible. This means I can then capture the motion event, send it to IFTTT to trigger an action of turning on a Wink and Hue bulb. It is not possible to do this with the Hue motion sensor. At least, that’s the theory. I haven’t yet received the D-Link sensor, but based on its description, it should be possible.

Overall, the world of home automation of small devices is fractured and confusing. There are many competing standards that don’t help the consumer in any way. In fact, this situation is made worse because device manufacturers intentionally hobble their own systems to prevent use of third party devices. This leaves home consumers to fend for themselves while trying to find a way to get their home system working. While I can understand the profit motivation in creating a captive ecosystem, it doesn’t in any way make it easier for a consumer. Until there’s a standard that all manufacturers agree to follow, we’re going to continue to see device after device using its own standard and supplying its own app to control that device.

If you’re going to invest in a smart home system, I’d suggest staying within a specific manufacturer’s ecosystem if at all possible. However, smart outlets may not be available under all systems. I don’t believe that Philips yet ships any smart plugs that are compatible with Hue. Wanting to add controls for plugs or other devices might mean the need for outside devices. However, even then I’d suggest sticking with a single manufacturer. Even if you use Hue and WeMo, that’s better than buying plugs from all over the place and trying to integrate 5 or more systems together. You may have to pay a premium to keep the number of systems down, but it will help keep the confusion to a minimum.

Why you should NOT use Disqus on your site!

Posted in botch, business, california by commorancy on October 26, 2017

What is Disqus (pronounced discuss)? This is a service that purports to offer an embedded comment / discussion service to your blog or website. Seems like a good feature, but let’s explore why this service shouldn’t be used.

Discussion Forums

Any good blog site or article site should offer a way to allow for comments. However, I find far too many sites that don’t offer comments at all. This is not the focus of this article, but it is one of my pet peeves. Should you choose to add a discussion or comment service, you should not consider using Disqus at all. Why?

Every good discussion package should offer a way to moderate posts and see every post that’s been submitted to your article. I believe that while Disqus does offer moderation, it also has a built-in spam detection package that hides posts from you that have been detected as spam. The problem with using Disqus, is that not only is their spam detection heinously faulty by filtering out many valid posts as false positives, Disqus does nothing about it. This means that as a site owner, you could be losing many, many valuable and valid comments to Disqus’s spam detection system.

As a site owner, you won’t even get to see those detected posts to know they were even there. They are simply hidden in the user’s profile on Disqus who posted their comment. Secondarily, the person leaving the comment can do nothing to get their comment unspammed. Once it’s detected by Disqus’s spam filter, that comment is lost for all eternity. Disqus not only does not monitor these failures nor do they don’t do anything about them.

If a user clicks on the This is not spam button, nothing happens. The post is not reposted. No one at Disqus looks at the comment. No one approves it. So, the comment remains in perpetual limbo solely on the user’s Disqus profile.

Disqus as a Discussion Service

As a site owner contemplating embedding Disqus as a comment platform for your site, you will want to know that the comments that your readers post will appear timely and fully. This is guaranteed not to happen with Disqus. You don’t want to use a half-baked discussion system thinking you’re actually getting to see all comments on your posts. With Disqus, I’d guess at least 50% of all comments left on an article are lost to Disqus’s extremely stupid spam filtering system. That number might even be higher than that. If you actually want to see all participation on your posts, you should find another system to enable comments on your articles. DO NOT rely on the Disqus platform as they WILL lose valuable comments from your readers… comments that you will never see.

If you really value your reader’s feedback, do yourself a favor and DO NOT USE Disqus as a platform. Until this company actually gives a damn about your users and actually gives you the tools to manage every user response (spam filtered or not), you should find another service to add discussion feedback to your articles that you post.

Better, lead your users to a Facebook page or other social media site where open discussions are, in fact, permitted without the draconian spam engine that Disqus currently uses to hide valid and valuable comments from you.

Tagged with: , ,

Beware of Silicon Valley Clean Energy and energy slamming

Posted in botch, business, california by commorancy on September 19, 2017

If you live in California, you need to read this. This situation has scam written ALL OVER IT. Let’s explore.

State / City Mandated ‘Clean Energy’

Apparently, as a result of city voting, some cities (such as Cupertino) have decided to force residents in that city to change their power generation provider to a third party instead of PG&E. In my case, it ends up being the scam outfit Silicon Valley Clean Energy. Why are they a scam? Here’s what happened.

First, they enrolled my electrical generation service under SVCE’s generation service without my permission. Then, SVCE waited over 60 days to notify me of my enrollment into their power generation service. Because they offered opting out at less than 60 days for free, this means I am not only being assessed a $5 exit fee from SVCE and I am now being put under PG&E’s transitional rates (which are likely to be higher than normal PG&E for at least 6 months). Oh, it gets even better.

Second, because I was force exited from PG&E’s generation services, PG&E gets to assess a Power charge indifference adjustment (PCIA) charge (effectively it is an exit charge for leaving PG&E’s power generation services). This charge on my last bill was $25.60. If you add this charge together with SVCE’s power generation charges, the total generation fee becomes identical to PG&E’s generation charges. If you spread this fee out over 12 months, SVCE’s charges aren’t as low as they seem. Also, this PCIA seems to be assessed once a year (or as frequently as the CPUC allows PG&E to assess it). Basically, this is a charge that PG&E gets to assess to cover generation fees they lost because you moved to a competitor. And, they get to do it each year.

Third, SVCE’s crap web site would not accept my opt-out request. Their opt-out form is entirely broken. I ended up calling their phone and opt-ing out there. Unfortunately, I have no idea if they really got my opt-out request because this fly-by-night outfit only has 9-5 call-center business hours. So, I have to wait until the following day and contact them.

Fourth, I was only notified of my ‘enrollment’ in this service because of a cheap card sent to me in the mail over 60 days after my enrollment.

Fifth, they make a lot of bold claims about using wind and solar energy for generation, but do not back up those claims anywhere. They could simply be buying PG&E generated power and reselling it.

Charges and electric slamming

Not only does PG&E get to assess random charges as a result of the customer is now using a third party power generation company, the power generation company gets to assess random exit charges for leaving their service when I never voluntarily joined it in the first place.

This entire situation smells of CLASS ACTION LAWSUIT. So far, I will have been assessed around $35 in fees plus an unknown amount for rates (up to 6 months) simply because SVCE grabbed my service without notifying me timely. This is the exact thing that long distance phone companies were doing in the 90’s. It is called slamming. This scam type is just another form of state / city endorsed slamming, now with the electric service.

The Feds need to jump on board and stop this slamming activity quick and force the same payback charges on the company who slammed the customer. Here’s what long distance providers were forced to do if they slammed someone onto their service and the end user paid the bill:

If you have been slammed, but discover it after you HAVE paid the bill of the slamming company, the slamming company must pay your authorized company 150 percent of the charges you paid the slamming company. Out of this amount, your authorized company will reimburse you 50 percent of the charges you paid the slamming company. Or, you can ask your authorized company to recalculate and resend your bill using its rates instead of the slamming company’s rates.

Electric generation companies need to be held accountable for slamming in the same way as long distance providers. Companies like SVCE riding on the coattails of city votes shouldn’t get a pass to switch services without permission. Slamming is slamming whether it’s for telephone service or power generation. No matter what it is, it’s a rip off unless the change is by consumer permission. If there are fees involved, the customer MUST authorize the change in advance. Otherwise, it is slamming.

Is the iPhone X Innovative?

Posted in Apple, botch, california by commorancy on September 17, 2017

Clearly, Apple thinks so. I’m also quite sure some avid Apple fanboys think so. Let’s explore what innovation is and what it isn’t and compare that to the iPhone X. Let’s explore.

What is innovation?

Innovation effectively means offering something that hasn’t been seen before, either on other devices or, in fact, at all. I’ll give an example of this. If I create a transporter that can rearrange matter into energy and safely transmit it from point A to B and reassmble it into a whole, that’s innovation. Why? Because even though the concept has existed in the Star Trek universe, it has never existed in the real world. This is true innovation and would ultimately change transportation fundamentally as we know it. Though I won’t get into the exact ramifications of such an invention, suffice it to say this technology would be a world game changer. This example is just to show the difference between true innovation and pseudo innovation. Innovation should be a world game changer to be true innovation.

So then, what is pseudo innovation? This type of innovation, also known as incremental innovation, is to take an existing device and extend it with a natural progression that people expect or, perhaps, have even asked for or because other devices on the market have already added it. As an example, this would be taking a traditional blender and exchanging the blender bowl with a small single service container that can double as a cup. This is a natural progression from an existing blender to a more useful and functional device. This is the kind of change that doesn’t change the world, but solves a small problem for much smaller subset of people.

iPhone X Design

Let’s dissect this design from top to bottom to better understand it better and understand why the iPhone X is not in any way truly innovative and only presents pseudo innovation.

  • OLED display While this is new to the iPhone, it is in no way new to mobile devices. Samsung has been shipping tablets and phones with AMOLED displays for years now. In fact, I’ve personally owned the Samsung Galaxy Tab S for at least 4 years that has a Super AMOLED display. This display has been amazing and remains that way to this day. Apple is substantially late to this party for the iPhone. While it’s new to Apple’s devices, OLED is not in any way a new technology created by Apple. Worse, Apple hobbled their OLED display with the unusual design of that large black brow at the top. I still have no explanation for covering 10% of the display with an unsightly black bar. Worse, when videos play or other active content is viewed, 1/10 of that content is now being obscured by that black bar unless you change the settings. Such a questionable addition to an expensive phone.
  • Removal of Touch ID This is actually negative innovation. Removal of useful features from a device serves only to leave more questions than answers. Touch ID is a relatively new addition to the iPhone. That Apple shipped the iPhone X without it is entirely unexpected. Apple should have postponed the release until they got this right. Touch ID is an intrinsic, non-intrusive technology that works in all conditions, secures the device using biometrics and offers a much safer alternative to login IDs and typing passwords (something entirely cumbersome on small phone devices).
  • Addition of Face ID — Face recognition on a phone, while new to the iPhone isn’t a new technology, nor was it created by Apple. Cameras have been capable of recognizing faces when taking photos, but it does not necessarily take the step to identify the person. Apple takes it to the identification level with Face ID. In fact, it takes it to the next step to use it to identify the owner of the phone. However, this is an untested new technology when used on a phone. While computers with hefty internet connections have been capable of performing this type of fast facial recognition, a phone will require a cloud service to provide such an identification. This means that your facial information will need to transmit to a cloud service and attempt to determine that you are you. It also means that this picture information may be stored on Apple’s servers for this purpose. It also means there’s a huge privacy concern here if Face ID captures something it shouldn’t have. Touch ID is never susceptible to this privacy intrusion problem.
  • Wireless ChargingAgain, Samsung devices have had wireless inductive charging for years. This addition, while new to Apple’s phones, is not in any way innovation. Wireless charging has previously existed on other non-Apple devices and, again, has not been created by Apple. Apple has embraced the Qi wireless charging standard up to a point. However, Apple has denied iPhone devices from using Qi fast charging, instead choosing to offer up Apple’s own standard sometime in 2018.
  • Fast Charging — This allows the phone to charge the battery perhaps 5x faster than the iPhone currently charges today. This is separate from Wireless Charging, but Wireless Charging can take advantage of it.
  • Edge to Edge DisplayWhile Apple’s implementation of this screen seems edge to edge, it really isn’t. There is a small bezel around the display due to the way the case is designed. While it is probably the most edge to edge display we’ve seen in a phone to date, it isn’t the first. Samsung’s Galaxy Note 8 offered at least side to side edge to edge display and a reasonably small top and bottom bezel. Suffice it to say that what Apple has done is merely semantics. Now, if Apple hadn’t added that questionable brow covering 10% of the display, it might have been a small achievement.
  • Faster CPU, more RAM, faster overall performance — To be expected in any new release, though it will be outdated quickly

In fact, none of what has been included on the iPhone X is in any way newly created ideas by Apple. Apple is firmly playing catchup with the Joneses (or in this case, Samsung). Samsung has already produced phones with every single one of the technological advances that Apple has put into the iPhone X.

Fanboys might claim that the iPhone X is all new. No, it’s all nuances. Apple is simply catching up with existing technologies and ideas to improve their new phones (and I use the word improve loosely). There is nothing actually innovative about the iPhone X. In fact, from a design perspective, it’s probably one of the ugliest phones Apple has yet produced. The brow seals that fate. If there were such Razzie awards for design, Apple would win it for 2017.

iPhone 8

This is one of those things that always irks me about Apple. That they’re releasing the iPhone 8 at all is a bit of a mystery. If you’re introducing a new phone, why keep this line of phones at all? Bet the bank on the new model or don’t do it. This is what Apple has always done in the past. That Apple is now hedging its bets on two different models seems a bit out of ordinary for a company that has typically bet the bank on new ideas. I guess Apple is getting conservative in its old age.

Other than wireless and fast charging introduced into the iPhone X, nothing else has trickled its way into the iPhone 8. Effectively, the iPhone 8 is simply a faster iPhone 7 with Qi wireless and fast charging support.

Let’s talk about wireless and fast charging a little here. While the iPhone 8 is capable of both wireless and fast charging, it won’t come with it out of the box. In fact, Apple’s fast wireless charging pads won’t be released until sometime (probably late spring) 2018. While there are other Qi Wireless chargers you can buy now, these chargers won’t fast charge. Worse, the iPhone 8 still ships with the standard Lightning USB cable and standard speed charger. If you want fast charging, you’re going to need to invest in the extra accessories (cables and chargers) to get that faster charging performance. Until Apple releases its wireless charging pad, you can’t even get wireless and fast charging together. In addition to your phone’s cost, expect to dump an extra $100-200 on these accessories (several times if you want something now and then again when Apple releases its accessories).

Mac Computers

Just to reiterate the point of lack of innovation, I’ll bring up one more point. The MacBook and Mac line of computers has been so stagnant and so far behind the times, I’m not even sure Apple can catch up at this point. While every other non-Apple notebook on the market (even the cheapest, smallest model) now includes a touch display, Apple continues to ship its Mac computers without touch surfaces in defiance of that trend. There’s a point where you have to realize that touch surfaces actually are a necessity to computing. The ironic thing is, we have Apple to blame for this dependency by Apple introducing the original iPad.

Yet, Apple’s stubborn stance on introducing touch displays on the Mac has actually become a sore point with these devices. Apple, lose your stubbornness and finally release touch friendly MacBook computers at the very least. Though, I’d like to see touch screens on every Mac computer. You’ve had Spotlight on the MacOS X for years now (the first step towards touch displays), yet here we are with one computer that has a Touch Bar. The Touch Bar is such a non-innovation as to be a step backwards.

Let’s just get rid of the worthless Touch Bar and finally introduce Macs with touch displays, which is what we want anyway. Since we’re playing catchup, let’s finally catch the Mac line up to every other non-Apple notebook.

Apple’s Worms

It’s clear, Apple has lost its innovative ways. Apple is now relying entirely upon existing technologies and ideas, firmly throwing together half-assed ideas and calling them complete. The iPhone X idea should have been tossed before it ever saw the light of day. Had Jobs been alive to see it, the iPhone X idea would have been tossed out the window in lieu of a new idea.

Additionally, Apple’s technology ideas across its product lines are entirely fractured:

  • The iPhone ships with Lightning connectors, but no other non-mobile computing device in Apple’s line up supports Lightning
  • The iPhone has removed the 3.5mm headphone jack for no other reason than, “just because”
  • New Macs now ship with USB-C, yet none of Apple’s mobile devices support this standard
  • USB-C Macs require dongles because none of Apple’s accessories support USB-C (other than the converter dongles)
  • The Apple Watch has no direct integration with the Mac. It only integrates with a single iPhone.
  • Apple ships Lightning headphones and those can only be used with the iPhone line, not Macs
  • Macs still fail to support touch displays
  • Macs still ship with 3.5mm headphone jacks
  • Apple’s magsafe adapters were amazingly innovative to supply power to the system, yet have been tossed out in lieu of the inferior USB-C connector
  • The iPhone and Mac are only half-assed integrated with each another. The best we get is USB connections and Airdrop. The Universal clipboard only works about half the time and even then it’s not always useful depending on copied content. The single app that works quite well is iMessage. In fact, the entire reason this integration works at all is because of iCloud.

Innovation is about putting together ideas that we’ve never before seen and that take risks. It’s about offering risky ideas in creating devices that offer the potential of changing the game entirely. There’s absolutely nothing about the iPhone X that’s a game changer. Yes, I do want an iPhone with an OLED display because I want the super high contrast ratio and vibrant colors. If that had been available on the iPhone 8, I’d probably have upgraded. For now, there’s no reason to upgrade from any of Apple’s most recent products. Wireless charging just isn’t enough. A hobbled OLED display is just not worth it.

Tagged with: , ,

How to protect yourself from the Equifax breach

Posted in botch, business, security by commorancy on September 11, 2017

Every once in a while, I decide to venture into the personal financial security territory. This time, it’s for good reason. Unfortunately, here’s a topic that is fraught with peril all along the way. It also doesn’t help when financial linchpins in the industry lose incredibly sensitive data, and by extension, credibility. Let’s explore.

Target, Home Depot and Retailer Breaches

In the last few years, we’ve seen a number of data breaches including the likes of Target and Home Depot. While these breaches are severe problems for the companies, they’re less problematic for the consumer in terms of what to do. As a consumer, you have built-in protections against credit card fraud. If a thief absconds with your number, your liability is usually limited to around $50, but that also depends on the card… so read your fine print.

With the $50 you might have to pay, the inconvenience to you is asking your credit card company to issue you a new card number. This request will immediately invalidate your current card number and then you have to play the snail mail waiting game for a new card to arrive. That’s pretty much the extent of the damage with retailer like Target or Home Depot.

No one wants to go through this, but it’s at least manageable in time… and you can get back on with your life. For breaches like Equifax, this is a whole different ball game, let’s even say, a game changer. Breaching Equifax is so much more than a simple credit card inconvenience.

Credit Reporting Agencies and Breaches

With Equifax breached, this is really where the government needs to step in with some oversight and regulations. What your social security number is the the government, your credit reporting file is to your personal financial health. This breach is a dangerous game… and worse, Equifax is basically taking it lightly, like it’s no big deal. This is such a big deal, you will absolutely need to take steps to make sure your data is secure (and even then, that only goes so far).

First, I’ll discuss what this breach means to you and how it might affect you. Second, I’ll discuss what you can do to protect yourself. Let’s start with some basic information.

There are 3 primary credit reporting agencies (aka credit bureaus):

  1. TransUnion
  2. Experian
  3. Equifax

Unless you’ve never had a credit card, you probably understand what these businesses do. I’ll explain for the uninitiated. These agencies collect and report on any outstanding credit card or revolving lines of credit you currently have. If you have a mortgage, these entities know about it. If you have a credit card (or many), they know. They also know lots of other data (i.e., previous and current address), what loans you’ve had in the past, what bank accounts you have, what balances are on your outstanding lines of credit, any collections activities and the list goes on and on. It also lists your birth date, social security number and full credit card numbers and account numbers.

Based on all of your credit lines, how well you pay and so on, these companies create a FICO credit score. This score determines how low of interest rates you’ll receive on new loans. These companies are not only a bane to actually exist, but they are your lifeline if you need new credit. Even just one blemish on your record can prevent you from getting that loan you need to buy your new house or new car. Without these linchpin companies, lenders wouldn’t be able to determine if you are a good or bad credit risk. Unfortunately, with these companies, consumers are at the mercy of these companies to produce accurate data to lenders (and to protect that data from theft)… a task that Equifax failed to do.

What did Equifax lose?

Equifax lost data for 143 million record holders. While that number may seem small, the damage done to each of those 143 million record holders will eclipse the damage produced by Target and Home Depot combined. Why? Because of how these credit reporting agencies actually work.

Equifax (and pretty much all of these credit reporting agencies) have flown under the radar in what they do. If you go to a car dealer, find a car you want and fill out loan paperwork, that dealership will pull a credit report from one or more of these agencies. Your credit report will contain a score and all loans currently outstanding. It also shows how well you pay your loans, any delinquencies in the past and other financial standing metrics. This credit report will be the basis of whether you get a loan from the car dealership and what what interest rate.

Hackers had access to this data between May and July of 2017. The hack was found on July 29th, but not reported to the public until September 8th. That’s over a month that Equifax sat on this news. It’s possible that they were requested by law enforcement to hold the announcement, we just don’t really know.

What was lost?

According to the Washington Post:

Hackers had access to Social Security numbers, birth dates, addresses, driver’s license numbers, credit card numbers and other information.

According to the New York Times:

In addition to the other material, hackers were also able to retrieve names, birth dates and addresses. Credit card numbers for 209,000 consumers were stolen, while documents with personal information used in disputes for 182,000 people were also taken.

Those dispute documents being PDFs of bills, receipts and other personally identifying information. I’ve also read, but have been unable to find the corresponding article, that the hackers may not have had access directly to the credit report database itself, but only to loose documents in a specific location. However, even with that said, do you really trust Equifax at this point? I certainly don’t.

Why is this such a big deal?

Because the credit reporting agencies have played it fast and loose for far too long. They make boat loads of money off of each credit report that’s pulled. If you pay $50 as part of the loan process to pull your credit report, the dealership will keep part of that money and the rest goes to Equifax. Because many loans applications are processed every day, some credit reporting agency is making money. Making money isn’t the problem, though.

These agencies will pull a report for anyone willing to spend money. This includes people with stolen credit cards. However, that only gets thieves so far before being caught. Instead, breaking into computers at the agency allows them to not only pull credit reports for anyone who has a record, they can get access to lots of sensitive information like:

  • Social Security Numbers
  • Birth Dates
  • Addresses
  • Places of employment
  • Home Addresses
  • Credit card numbers
  • Dispute Documents
  • Etc..

Basically, the thieves may now have access to everything that makes up your identity and could steal your identity and then attempt to divert bills away from your house, create new cards, and do other things that you may not be able to see. If they managed to get access to your credit report, they can open cards out the wazoo. They can charge crap up on those cards. And, they can perform all of this without your knowledge.

Credit Monitoring

You might be thinking, I’ll set up a credit monitoring service and have the credit reporting service report when activity happens. Even that, while only somewhat effective is still subject to being breached. If the thieves have access to all of your identity information, they can request the credit reporting service to do things like, reissue passwords to a new email address and send sensitive reports to a bogus address. These thieves can even undo security setups like a credit freeze and reassign all of that information to their own address. You won’t see or even know about this unless you regularly check your credit reports.

This problem just barely peeks into the can of worms and doesn’t even open it fully. There are so many things the thieves can do with your identity, that by the time you figure it out, it could be far, far too late. So, don’t think that signing up for credit monitoring is enough.

Sloppy Security Seconds

In fact, it wasn’t seconds, it was almost 2 months before the breach was known to the public. A move that not only shows complete disregard for 143 million people’s financial security from a company who should be known for it, Equifax doubled down by creating a lead generation tool in their (ahem) free TrustID tool. Keep in mind that that TrustID tool is only (ahem) free for one year, after that you pay. Though, protecting against new account creation is only half the problem. The other half to which TrustID can’t help is protecting your existing accounts. Because credit reports contain every account and every account number you own, if your data was compromised (and with 143 million accounts worth of data lost, it’s very possible), you need to do so much more.

Even the Security Checking Tool (which was questionably put up on a brand new created domain???) seems to have been a sham and had its own share of SSL certificate problems leading to some browsers showing the site as a scam. Some Twitter users have entered bogus data… and, this checking tool seems to have stated this bogus data was included in the breach. The question is, does that tool even work or is it merely security theater? Yet another black eye in among many for Equifax’s handling of this data breach. To wit…

and then this tweet…

To sign up for Equifax’s TrustID premium service, you have to enter even more personally identifying data into a form of a company that has clearly demonstrated they cannot be trusted with your data. Why would anyone do this? Seriously, signing up for a service with a company who just lost a bunch of information? No, I think not. Instead, Equifax should be required to pay victims for a monitoring service with either TransUnion or Experian (where breaches have not occurred.. yet).

On top of entering even more personal information, the service requires you waive your right to lawsuits against Equifax and, instead, requires binding arbitration. Yet another reason not to sign up.

It’s not as if their credit monitoring service is really going to do you a whole lot of good here. If you really do want a credit monitoring service, I’d suggest setting it up with Experian or TransUnion instead. Then, figure out a way to get Equifax to pay you back for that service.

Can’t I reissue credit card numbers?

While you can do this, it won’t protect you fully. The level of what the thieves can potentially do with your data from Equifax goes much deeper than that. Yes, changing the numbers will help protect your existing cards from access. However, it won’t stop thieves from opening up new accounts in your name (and this is one of the biggest problems). This is why you also need to set up a credit freeze.

Because the thieves can now officially pretend to be you, they can do such things as:

  • Pretend to be you on the phone
  • Call in and request new pin codes based on key identifying information (address, SS#, phone number, etc)
  • With your old address, they can then transfer your bills to a new address
  • They can reissue credit card numbers to that new address

You’re probably thinking, “What about the security measure my bank uses? Won’t that protect me?” That depends entirely upon how convincing the thief can be over the phone. If they can answer all of your identity information and find a representative who can bypass some of the banks security steps, they can get a foot into the door. That’s all it takes for them to basically take over your credit accounts… which is one step away from potentially hijacking your bank accounts. A foot in the door is enough in many institutions to get the ball rolling towards full hijacking.

How do I protect myself?

If your data was involved in the breach (unfortunately, the tool that Equifax provides is sketchy at best), the three bare minimum things you should do are

  1. Contact one of the three credit bureaus and ask for a free 90 day fraud watch
  2. Contact all three and ask for a credit freeze on your records at each credit reporting agency
  3. Set up credit monitoring at TransUnion or Experian

The 90 day fraud watch means they will need to let you know when someone tries to do anything with your credit report. However, this watch is only good for 90 days and then expires. The good thing about requesting this watch is that you only have to do it at one bureau. All three will receive this watch request from your contact with one of them. The bad thing is, 90 days is not nearly long enough to monitor your credit. In fact, the thieves will expect the 90 day fraud watches, wait them out, then go after it hard and heavy after these begin expiring.

A freeze, on the other hand, lasts until you unfreeze. A freeze puts a pin code on your credit record and that pin is require each time a company needs to pull a copy of your credit report. This will last far, far longer than a 90 day watch and serves to stop the thieves in their tracks. To freeze your records, you will need to contact all three separately and perhaps pay a fee of $5-10 depending on where you live.

Setting up credit monitoring means you can be alerted to whenever anything changes on your credit report. But, credit monitoring won’t stop the changes from occurring. Meaning, you’ll be alerted if a new card is opened, but the monitoring service isn’t a preventative measure.

You can contact each bureau as follows to set up any of the above services, including a credit freeze (links below):

  1. Equifax or call 1-800-349-9960
  2. TransUnion or call 1-888-909-8872
  3. Experian or call 1‑888‑397‑3742

Neither a fraud watch nor a credit freeze will impact your credit score. A freeze simply prevents any business from pulling your credit report without having your pin code. Companies for which you already do financial business or have loans established can still pull reports as needed. However, any new loans will be required to have your security pin code.  You can learn all about the details of a credit freeze at this FTC.gov web site.

Unfortunately, because the breach may have been more extensive than it appears, a thief can now contact the credit bureaus over the phone, pretend to be you and have any pin codes removed and/or reissued. Then, gain control over your credit records. This is why this breach is so treacherous for consumers. You need to be on your guard, vigilant and manually monitor your credit report for at least the next 12 months regularly. This is the part no big box media site is reporting. Yes, this is a very treacherous landslide indeed that is at work. Even if you do all of the protections I mention above, thieves can still subvert your financial records for personal gain by knowing your key personally identifying information.

How do I stop the thieves?

This is the fundamental problem. You can’t, at least not easily. To truly protect yourself, the scope of changes would include all of the following:

  1. Get a new social security number
  2. Reissue all of your credit card and debit card numbers
  3. Open new bank accounts, transfer your money into the new accounts
  4. Close the old bank accounts
  5. Reissue new checks
  6. Change your telephone number
  7. Move into a new address (or obtain a P.O. Box and send your bills there)
  8. Legally change your name
  9. Change all of your passwords
  10. Change all of your email addresses
  11. Set up multifactor authentication to every financial app / site you log into that supports this feature.

Unfortunately, even doing all of the above would still mean the credit bureaus will update your credit report with all of this new data, but your prior history would remain on the report… possibly up to and including all of the old account, name and address information. It is very, very difficult to expunge anything from a credit report.

In addition to the above, I’d also suggest closing any credit lines you don’t regularly use. If it’s not there, it can’t be exploited. None of this is a magic bullet. You just have to wait it and shut the thieves down as things materialize. Being diligent in watching your credit report is the only way to ensure you nip things in the bud early.

Tidal Waves and Repercussions

It is yet unknown the extent of their breach or the extent to which each consumer may have to go to protect themselves from this deep gash in the financial industry. Not only does this gash now undermine each account holder’s personal financial well being, it undermines the credibility of the very industry holding up the world’s economy. This is some serious shit here.

If half of the US’s residents are now available to identity thieves, those organizations who help protect the small amounts of identity theft throughout a normal year cannot possibly withstand a financial tidal wave of identity theft paybacks which could seriously bankrupt many credit organizations. In fact, if this tidal wave is as big as I suspect it could become, we’re in for some seriously rough financial waters over the next 6-12 months. By the time the holidays roll around, it could be so bad, consumers cannot even buy the goods needed to support the holiday season. Meaning, this could become such a disruptive event in the US’s financial history, many businesses could tank as a side outcome of consumers not being able to properly spend money during the most critical season of the year.

This has the potential to become one of the most catastrophic financial events in US history. It could potentially become even more disruptive than the 1939 stock market crash. Yes, it has that much potential.

Since I have no reason to believe that Equifax has been totally honest about how much data has actually been lost, this is the reason for this level of alarm. I’d be totally happy if the amount of data lost was limited to what they have stated, but the reality is, nothing is ever as it seems. There’s always something deeper going on and we won’t find that out for months… possibly at the point where the economy is hit hard.

Equifax Aftermath

Because the US is so pro-business, Equifax will likely get a slap on the wrist and a warning. Instead, this company should be required to close its doors. If it is not providing adequate data security measures to protect its systems, then it needs to shut its doors and let other more capable folks handle this business. This sector is far too critical of a service and that data too risky if lost to allow flippant companies like Equifax to continue to exist in that market.

Tagged with: , , , ,

Rant Time: Apple iPhone, MS Exchange and Security Policies

Posted in Apple, best practices, botch by commorancy on August 7, 2017

If you’re like me, you like to use your phone device as your catch all email reader, including for your company email. Many corporate email solutions choose MS Exchange and/or Office 365 for their mail services. This article is here to inform you exactly what can happen to your iPhone when connecting to Exchange to access your corporate email. Apple has slipped this feature set in under the radar and, worse, doesn’t inform the users or request consent. Let’s explore.

Overreaching Policies and Exchange

I’ve never been one to think that Apple isn’t transparent about its technologies, but in this case, I think I have to make an exception. Apple slipped this technology change in without so much as an eye-blink. What is this change, you’re now wondering? Well, I’ll tell you.

If you connect your iOS device (iPhone, iPad, iPod Touch, etc) to an Active Sync Exchange mail server, the systems administrator operating that Exchange server can muck about with settings on your entire device. What mucking about can they do? We’ll, here’s a short list:

  • They can wipe your entire device through a single exchange server request
  • They can change system settings on your device to prevent using certain functions on iOS, such as disabling the ability to turn off passcodes or modifying other settings on your operating system, possibly even up to disabling iCloud entirely.
  • They can deny connection to the service if your device is set with an insecure setup or jailbroken
  • There are many other security policies they can apply to your device without your knowledge or consent.

Now, I can hear the Exchange Admins all over the world groaning right now. Well, the jig is up. You’ve had your fun for far too long. Unless the company is paying not only for the device, but for the service on the device, these changes are WAY WAY overreaching for the simple act of reading email. The only thing Exchange should be able to do is wipe the mail data left over from that Exchange server. You should not be able to set or change security settings on the entire device. Additionally, users should be able to grant or deny such overreaching settings coming from Exchange. Operating systems have had this feature for years… requesting the root password to make such sweeping changes. This same should be available on the iPhone (or any mobile device).

Mail Service Connectors modifying OS settings?

This was my question… why is this possible?

That the Exchange Service can make these global operating system changes to an iPhone is a way overreaching and abusive use of mail services. Mail applications (or any app for that matter) should NEVER be able to muck about with operating system settings at that level any more than a browser can. This is not only a security risk in itself, it leaves iOS devices open to security vulnerabilities because the mail app could become compromised and used to nefariously mess up iOS. Worse, if there are two or more Exchange Server connections to the mail app, which one rules when policies are applied? They both can’t apply differing security settings and expect them both to work properly.

Of course, the biggest problem is wiping your device. There should be no possible way a mail application should be capable of instantiating a wipe command ever. This is an amazing intentionally introduced vulnerability that I’m surprised to find exists in this day and age. Mail applications should never have this level of access to any device. In fact, the only allowed wiping should be done by the user of the device through a service such as Find My iPhone behind the user’s iCloud login and password and in no other place. I’m sorry… if corporate admins want to be able to wipe lost devices, they should do it through another method… not through the Exchange mail service protocol. Mail services should be for mail services, not for pushing extraneous other functions. This was never the purpose of a mail server and this should never be possible through a mail server connection. It should also not be possible without the user’s prior knowledge or consent.

Devices and Settings

Apple needs to quickly obsolete and remove this capability from the mail app. This was an unnecessarily overreaching decision that has no place on iOS. If corporate admins wish to apply corporate policy to devices, then whatever protocol makes this change needs to inform the user of each and every policy change that will be applied to the device and let the iPhone user make the choice of whether or not to accept those policies changes. If the corporate admins want to make global policy changes to iOS, it should be through an entirely different application and system.

Perhaps Apple needs to roll out a separate application and service that allows corporate admins to make these sweeping changes to iOS. Changes that will inform the user, that the user can track through this new app and that the user can opt out of if they wish. Right now, the only way to remove the applied global settings is to remove the Exchange connector from iOS. Even then, some of the applied settings may remain set and may require a wipe and restore to clear.

Unfortunately today, Exchange can silently push policies to your device up to and including wiping your device. When I say, “wipe the device”, I mean wipe it entirely. Yes, that means data and settings lost in an unrecoverable way. The data lost does include your photos, notes and any other personal information. This means that by connecting Exchange to the built-in Mail app, you’ve given your corporate admins control over your device simply for the convenience of reading email.

How can I protect my iPhone?

Don’t use any Exchange servers with the built-in Mail app on iOS. Instead, if you need access to Exchange email, install the Outlook app which is available on the app store. The Outlook app does not have access to modify any system settings and cannot wipe your entire phone, just as it should be. However, the Exchange server can wipe email data from inside Outlook. I’m perfectly fine with that. As long as Exchange’s modifications remain contained inside the Outlook app alone, that’s perfectly acceptable.

No mail server connection should ever be able to modify an iPhone’s global system settings in such a blatant and sweeping way. Apple, you need to fix this issue pronto. If you want to allow policy changes over the entire phone, then design and build a policy application with an API. Then, like Facebook apps, request the user to approve access to this API for any application that needs to use it and require connection to the iCloud login and password to activate it. Also, allow the user to revoke access to the API and undo all policy changes at any time. Once connected, offer an app with a UI to allow the iPhone user to see what settings are being altered on the phone. Also through this app, allow the iPhone owner to make changes (when possible) to these policy grants on the device. If those changes are incompatible with a specific service’s policies, then notify the user that that service will be removed from the device if changes are made.

Few companies pay for phones today and instead leech off of employees who pay for their own phones and services. If the company is paying for the phone and service, then they can do whatever they want with it. If I’m paying for the phone and monthly service, then it’s my decision over what happens on the device. Granting access to email should never let any mail service take control over my device in such a vulnerable way, especially when I never consented to that give that level of access.

Rant Time: Don’t ever wipe your network settings in iOS

Posted in Apple, best practices, botch by commorancy on July 15, 2017

I’ve been recently trying to solve a problem with T-Mobile which ended up a bust because of the absolute sheer uselessness of T-Mobile staff about the iPhone and Apple Watch features. I will write a separate rant about that entire disaster, but let me lead with this rant that’s a little more critical. Let’s explore.

Apple’s iCloud

What is this thing? It’s a way to store settings and various data in Apple’s network cloud storage. This seems like a great idea until you realize what Apple keeps ganging up into this storage area. Then, you might actually think twice about using this feature.

While you might realize that Apple iCloud service will backup your photos and other data stored on your iPhone, it also stores other things you might not realize, like your WiFi network passwords, your Safari logins and passwords and various other sensitive data. What that means is that if Apple’s iCloud is ever compromised, your passwords could be completely captured by a hacker. Depending on whether Apple has stored this data encrypted strongly or not (probably not), you may end up having to change every password you have ever typed and stored on your iPhone.

Now, while that is a security problem, that’s not the problem that this article is intended to address. Let’s continue.

Apple Geniuses Are Anything But

I was recently talking to an AppleCare staffer who, when trying to solve my T-Mobile problem, requested that I wipe my network settings on my iPhone. I explicitly asked this staffer if it would also wipe my iCloud passwords. She, of anyone on this planet, should have known the answer to this question working for Apple. Unfortunately, I have very quickly learned that Apple is now hiring the lowest grunts of the grunts who simply don’t give a shit nor do they even understand the technology they are hawking. Apple, train your staff. Which leads to …

Never, Ever EVER wipe your network settings on any iOS iCloud device

No matter how much anyone begs or pleads you to do this, tell them, “NO”. And, if anyone ever tries to do this to one of your devices sharing a single iCloud login, you need to grab the device back from them PRONTO and stop them.

The answer to my question I asked Apple is that wiping network settings on your phone does, in fact, indeed wipe all of your network settings in iCloud! Why is this important? If you have multiple devices sharing your iCloud ID and settings, after wiping a single device, all of your WiFi passwords are also wiped for ALL other iCloud devices. This means that every single iCloud device suddenly and explicitly drops its WiFi connection.

This also means you will need to go back to each device and manually re-type your WiFi password into each and every device. This is the only way for the device to log back into iCloud and relearn all of its knowledge of all newly recreated settings.

This is an absolute PAIN IN THE ASS, Apple! So, if anyone ever asks you to wipe your network settings on your iPhone or iPad participating in iCloud, don’t do it! Note that even signing out of iCloud and wiping may cause the same problem once you log it back in. So, I wouldn’t even try this knowing Apple’s crappy network designs. Simply tell the person asking, “Not only no, but hell no” and have them figure out another way to resolve whatever the problem is.

So, there you have it.

Rant Time: Xbox One and PS4 automatic downloads

Posted in botch, business, microsoft, Sony by commorancy on June 17, 2017

So, I have reasonably fast internet service. It’s not the top speed I can get, but it’s fast enough for most general purposes. I’ve clocked it on wireless at about 18-20 Mbps down and 6 Mbps up. If I connect a device wired, it will be somewhat faster. With wireless, it’s not the fastest, but it’s definitely sufficient. The wireless is obviously for convenience, but it works well the majority of the time. However, when the PS4 or Xbox One get going with their automatic downloads, it absolutely kills my network connectivity. And so starts my somewhat shorter than usual rant. Let’s explore.

Automatic Downloads

I always turn off automatic downloads whenever possible, no exception. When there is no ability to shut off automatic updates, then I unplug the device. There’s no need to have devices automatically downloading at the most inopportune times. In fact, several months back I explicitly disabled automatic update downloads on my Xbox One. Yet, just yesterday I find my Xbox One automatically downloading again. I’ve finally had enough of rogue network devices and out of sheer frustration, I’ve finally just unplugged it. I also unplugged my PS4 for the same reason. No more rogue network devices. If these systems cannot respect my wishes when I explicitly turn off automatic downloading, then they’re going to remain unplugged until I decide to use them. Worse, these devices would also decide to randomly begin downloading updates at random times (usually in the middle of the night, but it could be any time).

The primary problem is, neither the Xbox One nor does the PS4 limit its download speeds. In fact, both try to download as much as possible, as fast as possible. If both of them get going at the same time, it’s a disaster on my network. Even just one of them downloading is enough to cause problems. If I try to ask Siri or Alexa a question, I get no response or I get the Echo’s dreaded Red Ring (no connectivity).

Rant

At least Apple respects disabling automatic downloads on its devices. These devices dutifully wait until you click update before beginning any downloads. Unfortunately, Microsoft does not honor its no auto updates setting. Instead, it just overrides that setting and dutifully starts downloading whatever it wants whenever it wants. I just can’t have rogue devices like that on my network. Rogue devices need to go away and Microsoft needs to understand that making rogue devices needs to stop. If your software can’t respect the owner’s wish not to download automatic updates, then you really don’t deserve a place in the home.

I haven’t yet determined if the PS4 overrides my no download wishes, but I recall that it, at times, the PS4 will also do this for system updates. Updates which, again, should not automatically update unless I explicitly ask it to update.

Just say no to rogue network devices like the Xbox One. For now, the Xbox One and the PS4 will remain unplugged until I decide I need to use them. Though, in the last few months, there really has been a substantial lack of game titles on both platforms. I’m really finding that the spring and summer to be a dead season with new game titles. Instead of overloading us with too many fall titles which we can’t play that fast, why not spread them out throughout the year and let us have adequate time to play each? This, however, is a whole separate rant topic in itself.

%d bloggers like this: