Random Thoughts – Randosity!

Skyrim: Empire vs Stormcloaks

Posted in video gaming by commorancy on January 16, 2018

I’ve recently been playing Skyrim again and have decided to finally finish the civil war storyline. I’d never really completed it when I first played because 1) I knew how it would turn out and 2) it wasn’t something I was terribly interested in completing. I decided to complete this and I have some thoughts. Let’s explore.

Game Choices

When playing the civil war storyline, you must choose a side. You can side with the Empire or with the Stormcloaks. In my case, I decided to side with the Stormcloaks and for one very good reason. The Empire has money, yes, which is why the rich Solitude folks like the Empire. It keeps their money flowing and their rich lifestyles intact. However, the Empire is far too complacent of a protection arm for long term use. The Empire will eventually fall… and fall it must. And, fall it does when the Nightmother has the Dark Brotherhood kill the Emperor.

I chose the Stormcloaks, not because they were the underdog, but because it made more sense for Skyrim. After the Dark Brotherhood quest line has the Dragonborn kill the Emperor, the Empire would be over and done with… at least for quite some time until a new Emperor was chosen. Skyrim needs a leader now, not later. The Imperial troops would then be far less cohesive after the death of the Emperor.

The game didn’t show this of the Empire, but it would be true. It would also make the Empire’s troops distracted and far less effective. This is part of the reason that the Stormcloaks could easily best them in battle.

Ulfric Stormcloak

The game claims Ulfric to be a war criminal, but that is only from the perspective of the Empire. He was vilified for the ‘shout’ that claims to have killed the High King. In fact, Ulfric admits that that was a tall tale. While the shout did temporarily incapacitate the High King, Ulfric’s sword is what did him in. With that said, we didn’t get to see the battle that led to this death, so we really can’t adequately judge if the King’s death was justified or not. We’re only told it wasn’t justified by the game. In fact, because the Daedric Princes are so petty and quarrelsome, I wouldn’t put it past one of those Daedric Princes to have had a hand in causing Ulfric to perform this deed for some reason. It might have even been Sheogorath who thrives on random madness.

In reality, Ulfric was likely a victim of circumstance. I believe he was either manipulated or he did what he thought was right and just at the time. However, it’s really all water under the bridge by the time we play Skyrim since both the Dragonborn and Ulfric are being carted off to their deaths by Imperial troops. I discounted much of the arguments against Ulfric primarily because the Empire almost beheaded the Dragonborn without explanation. I have no sympathy for the Empire at that point in the game. It’s a good thing that Alduin came along to shake it all up at that very moment.

The Thalmor (Aldmeri Dominion)

Many people believe that no matter who is in charge over Skyrim (or indeed Tamriel) that the Thalmor always stand to benefit from it. It seems that the Thalmor are interested in taking over all of Tamriel, including provinces such as Cyrodiil, Hammerfell, Valenwood, High Rock. Morrowind and, yes, even Skyrim. The White-Gold Concordat gave a huge portion of Hammerfell over to the Thalmor as a big concession. Hammerfell heavily rebelled against that and this province eventually became independent and outside of Imperial control. The Thalmor struck the White-Gold Concordat as a way to keep their hand in the operations of Tamriel and put their thumb on Talos worshipers. They side with whomever is currently in power and keep tabs on how it is going so they can strike at any weakness. Apparently, the Thalmor also have a fairly large army contingent… enough to overwhelm the Emperor’s legion so as force the Emperor’s hand (the same Emperor who is killed in the Dark Brotherhood quest in Skyrim) to sign the White-Gold Concordat.

I’m not a big fan of the Thalmor. While the Empire has tolerated the Thalmor and given the Thalmor access to the Empire, Ulfric has absolutely no love for the Thalmor, instead choosing to kick them out. I’m all for that. The Thalmor are nosy busybodies that need to stay the hell out of Tamriel. The Thalmor need to go find their own piece of land and go run that instead of bothering the people of Tamriel with their heavy handed military tactics.

If I had to make a guess, the Thalmor were probably the instigators of the Stormcloak rebellion in the first place. Strife means they can step in and take over the land when the troops are sufficiently weak enough. The Thalmor seem to thrive on strife and wants the people of Skyrim to break the agreements struck in the White-Gold Concordat. With both the Emperor and the Empire out of the way, the White-Gold Concordat is essentially null and void. The Thalmor would need to approach Ulfric with new demands and/or treaties. It also means that the Thalmor could likely come in and decimate Ulfric’s remaining troops. This is probably the biggest single thing that Ulfric has underestimated about the Thalmor, even with the Dragonborn on his side. However, I’m quite sure the Thalmor wouldn’t attack Ulfric without a warning and some posturing before deploying troops. Though, the Thalmor would definitely offer a warning shot to ensure that Ulfric understands the gravity of the situation.

Overall

When playing the civil war story, I sided with the Stormcloaks because I preferred where the story in Skyrim would head without being under Imperial control or under that unnecessary White-Gold Concordat. Skyrim, like Hammerfell, needs to become its own independent nation state for the Nords (and others) rather than continuing to be part of Tamriel. Once Skyrim is independent, the Thalmor would have to bargain with Ulfric, go away or kill everyone to lay claim to the land. Let the Thalmor go back to Cyrodiil and hang out over there… or at least some place other than in Skyrim.

Let’s hope that The Elder Scrolls VI will pick up where Skyrim left off. It would be great if we could see how it all turns out under the Stormcloak rule. Of course, The Elder Scrolls VI won’t use the Dragonborn and will explain off that character’s death in some cheesy way so they can pick up the ES:VI story with a brand new hero character like they do with each new game.

Tagged with: , , , ,

Can Bitcoin’s bubble burst the economy?

Posted in best practices, economy by commorancy on January 10, 2018

Yes! Let’s explore.

Housing Bubble

Back in 2007, what drove the home mortgage collapse was a combination of factors, but one of the biggest factors that tipped the scale was speculative home buying. That is, people who would double or triple mortgage their homes to pay for secondary homes. When the home mortgage market unraveled, all of those multiple homeowners lost everything. Not only did they lose their secondary homes, but they also lost their primary residence and they ended up bankrupted to boot. I’ve heard tales of people who had taken out 3 or even 4 different mortgages on their home to pay off secondary homes. When those ARMs came due, it all came tumbling down. I know one person who, at their height, owned up to 4 homes and ended up living out of an RV when the home mortgage collapse was over. Do you want to end up being that person?

Bitcoin and the Crypto Bubble

Behaviors don’t change. The fastest way to get a pile of cash is taking out a new mortgage on your home. Today, my belief is that what’s driving up Bitcoin and Ethereum is speculative buying from people who don’t have money to spend. People who are using credit cards and second or third mortgages to buy into these markets thinking they can make a quick buck. The real danger is, of course, when Bitcoin collapses and these folks cannot pay off those loans.

Will Bitcoin collapse? Upward rises on investment products at the unprecedented level that has come to Bitcoin is not sustainable. In fact, Bitcoin’s actual value is no where near the sky high prices that it’s currently seeing. There will be a correction. How deep that correction goes is up for debate. However, it doesn’t really matter how deep it ends up. It only needs to be deep enough to put speculators underwater on their loans forcing them to fail to repay their additional mortgage(s) they used to buy into the Bitcoin market.

It would only take a small correction to wipe out speculators using risky loan vehicles as money sources. It only takes a limited number of speculators to fail to start the dominoes falling.

Economic Danger

The red flags are here and they’re waving boldly. Yet, of course, no one is looking at them. If a Bitcoin correction begins to collapse those speculator’s second and third mortgages, it will take with it first mortgages and the home mortgage market may face yet another collapse. What tertiary triggers fail after that is unknown. Does AIG still sell derivatives? Do other insurance companies? Are there other risky investment vehicles tied to these second and third mortgages that could topple Wall Street yet again? Are there risky investments tied to Bitcoin?

We don’t know. What we do know is that Bitcoin (and the rise of the secondary crypto currencies) could easily knock over the first few dominoes after a correction and start the economic decline. The danger is here and it’s very real.

Word to Speculators

Unless you invested in Bitcoin back in 2011 or so, you’re too late for this party. If you’ve recently taken out loans (no matter the source) to fund a Bitcoin investment, you need to get out of it as rapidly as you possibly can and pay off that loan. Holding onto Bitcoin hoping for long term millions is most assuredly going to backfire on you and ruin your financial world.

My best guess is that you have about 5 months before the whole thing topples. Yes, it could take a little longer or it could be sooner. What starts that topple is anyone’s guess, but it will happen. Having Bitcoin go from $1700 to $17000 to $21000 in less than a year is insane. Anyone in their right mind knows that investments don’t grow that fast. Something nasty is afoot. Do you want to find out the hard way? If so, invest more, but don’t say I didn’t warn you when your world collapses.

Economy and Investment Ties

Unfortunately, economic markets are tied together in very loose, but established ways. When a collapse of any single investment vehicle begins, it takes with it all kinds of other unrelated investments and markets. This means that even your IRA which is investing in vehicles unrelated to Bitcoin will take a hit when Bitcoin collapses. Why? because institutional investors who’ve just lost a pile of cash on Bitcoin will sell out of their holdings in their other investments (which your IRA may be investing in) to make up for their Bitcoin losses and/or to pay off speculative loans they lost money on. This will drive down those unrelated markets and cause IRAs and other similar investment accounts to lose significant value.

If we could see into the future, it would be easy to tell you when to sell out of your holdings in your IRA and wait for the wrath to end. Unfortunately, there is no such crystal ball available. You will need to use your best judgement when you feel is the best time. No one can predict that for you.

There is simply no way to know just how deep this cut will go when the correction occurs. It all very much depends on where the money is coming from that’s driving up Bitcoin (and other crypto). Right now, that information is not transparent at all. But, it is nearly guaranteed that some of the money is coming from Wall Street institutional investors, investment funds and possibly even banks and insurance companies. And… this is the biggest danger to unrelated investment vehicles.

Even if you don’t have a single dime invested in Bitcoin, that won’t necessarily protect your finances and investments from exposure to a crypto bubble burst.

How do I protect my finances?

The short answer is, it’s not easy. Because the markets are so closely tied and there’s so much institutional investing made all over, you can’t know who’s exposed to Bitcoin. The only real way to protect your financial future is to sell out of the markets and wait it out. But, no one can tell you when is the best time to sell. You just need to watch Bitcoin and other cryptocurrencies closely and then wait to see what happens. However, by the time you realize that it’s time to sell, it may be too late. Earlier, in these cases, is always safer. However, too early also means you may lose gains you could have realized if you left your investments in place. So, it’s ultimately your call when to choose the best time to protect your financial future.

Movie Review — Star Wars: The Last Jedi

Posted in entertainment, movies by commorancy on January 7, 2018

[Alert: This review may contain spoilers. Though, I have done my best to not to reveal critical plot points and only discuss the technical merits of the film as a whole, you should decide for yourself what is a spoiler. If you are interested in seeing this movie, you should stop reading now, bookmark this review and read it after.]

The Last Jedi is a very long film. Clocking in at 152 minutes, it seems like a marathon. After trailers, your time spent can easily exceed 3 hours sitting inside of a theater. Giving up 3 hours of your life for a mediocre Disney romp is a very tough indeed. Movies with run times close to 3 hours also need an intermission. Let’s explore.

The Force Awakens

I want to like The Last Jedi. I really do. This film begins pretty much where The Force Awakens leaves off. If you’re interested, please check out both my The Force Awakens review and my The Force Awakens Analysis from 2015. If you haven’t seen The Force Awakens recently or at all, see it first. I will also state that my review of The Force Awakens is generally positive touting the look and feel. That look and feel is still retained in The Last Jedi, but I also expected The Last Jedi to have grown and matured this story. Unfortunately, it hasn’t matured nearly enough. With that said, The Last Jedi features lots of battles both in ship and out of ship with blasters and with lightsabers, but no battles of consequence. This film typifies what’s wrong with Hollywood writers. They have no vision. This problem is no more evident than in the many stories that unfold in this romp. There are certainly lots of plot contrivances and save-the-day tropes, but nothing new or notable to see (or say) here. It doesn’t expand on the Star Wars universe in any new or compelling way. It just uses the universe and abuses all of its existing George Lucas tropes, but never feels fresh, new or exciting. It doesn’t even feel like the writers truly understand or ‘get’ this universe or its inhabitants. It almost feels like professionally made fan fiction.

Middle Film Dilemma

Of course, this is a middle film. So, it can’t exactly resolve what was started, but it does its level best to make a dent in what will close out this trilogy. Unfortunately, this film is far too ambitious, trying to interweave too many side stories and not telling any one of them particularly well. There’s the Poe-as-a-rebelious-officer thread. There’s the Finn vs Nobody-Mechanic love interest thread that appears out of nowhere. There’s the Luke vs Rey thread. There’s the Leia vs Poe thread. There’s the Snoke vs Kylo vs Rey thread. There’s the topsy-turvy Rey and Kylo force connection thread. There’s the Millenium Falcon thread. There’s the useless Moz Kanata thread. There’s the new general who appears out of nowhere and gets killed thread. There’s the Phasma vs Finn thread. There’s the Luke vs Kylo thread. There are even more threads than that. There are far, far too many different story threads all competing for precious screen time.

For a middle film, the primary story arc should have been front and center. The rest of the story arcs should have been side stories for character development purposes. You know, stories to flesh out a character’s backstory, likes and dislikes, ruthlessness, charisma, scoundrelness, etc. These are why there are side stories. We need to get to know the characters while the main story is unfolding. And this is the problem with this new trilogy.

We still don’t know anything about Rey or Poe or Finn. Yes, we know Rey was a scavenger based on The Force Awakens, but there is no information immediately before that? Was she a scavenger her whole life? Clearly, she knows how to handle herself with that staff. So, that means she’s seen combat before. What other adventures has she had? What about Poe? He’s been in the Resistance for quite some time. He’s got stories. Where are those? And Finn, he was in the First Order. He’s definitely got stories. His field trip to Jakku in The Force Awakens can’t have been his first time out with The First Order. Yet, it’s like these characters began their existence at the start of The Force Awakens. We still don’t know anything about them even after The Last Jedi ends. Come on writers, give us stories that develop the characters.

Hack Writers

This story needs to be simplified, reduced, rewritten and refocused. The Last Jedi is all over the place and, at the same time forces the writers to cut too many story corners to make ends meet. It also sacrifices character development for unnecessary action scenes and CGI. It’s the typical Hollywood blockbuster writing team that cares less about making sense and more about writing too many threads and then cheating to close those threads because they’ve simply run out of time. It is, for example, killing off much loved characters like Luke, not in glorious battle, but alone on a remote planet using some extraordinary force power he has never once exhibited before. It is tying Kylo to Rey with some kind of force sensitive connection that allows them to communicate over vast distances, which isn’t explained and wasn’t even hinted at in The Force Awakens (the hallmark of bad writers). It’s Poe and Rey and Finn all running off on their own missions, not working together. It’s Finn and Nobody-Mechanic off on a mission to save the fleet with no backing and who are destined to fail (and they do) because of a cheap mole trope.

I’m torn. I want new original story ideas, but not like this. On the other hand, I’m almost now wanting to see copycat stories from the original trilogy because at least copying those formulas might actually work better than this disjointed romp of a movie. Let’s hope that whomever they get to write the last installment can get their head out of their ass and actually produce a cohesive focused ending that makes more sense than these too many unnecessary and unfocused dead end threads in The Last Jedi.

Cliché Story

The story starts off with a rag tag fleet of rebels on the run in space trying to find a new base. Unfortunately, the long of the short of it is, the fleet can’t get a break. Every time they think they are ahead of the game with the First Order, somehow they are found. In the opening of the film, the First Order fleet begins beating the crap out of the Resistance fleet and destroying their ships one at a time. Poe in an extraordinarily brave and stupid move, decides to order the last few bombers of the Resistance to attack a Dreadnought (a glorified battle cruiser). After that ship is destroyed and everyone celebrates for an instant, Leia looks at the amount of ships that were destroyed to make that sacrifice and figuratively face palms. Then they hyperspace jump.

Suffice it to say, this face palm sets the tone of the entire film to come. The scene switches to the planet Luke is on and we continue the story just as The Force Awakens left it. Rey does a whole bunch of nothing with Luke. At this point we’re back with the fleet. We continue with more yelling, screaming, blowing up ships and posturing from both the First Order and from the Resistance. This cat and mouse game continues throughout the entire run of the film until the Resistance thinks they’ve gotten a break on an old fortified rebel base planet. But, that’s just a pipe dream because the First Order, yet again, comes knocking. At this point, the First Order deploys a logic probe (oops, this isn’t Tron)… er, I mean an energy weapon that knocks down the base’s big metal door.

By this time Rey and Kylo are friends and Snoke, well, let’s just say he’s having a divided moment. Back on the new rebel base, Luke chimes in with his new improved ‘magical power’ and begins to taunt Kylo (after Rey runs off) into doing stupid things based on emotion. Rey is nowhere to be found as yet and Finn has decided to ram his speeder into the energy cannon when Nobody-Mechanic knocks him out of the sky for a love-story-then-pass-out trope.

The whole thing comes to a close while Kylo is occupied and the Resistance makes their way to some place safer.

I’m leaving a lot of stuff out.. It’s almost 3 hours. Overall, the contrived storytelling of the rag tag fleet barely making it to the next step each time is an old twice told trope. It’s already been done in Battlestar Galactica, but so much better. There are so many ways this story could have unfolded, but this is not how I would have written it. The fun of Luke, Leia and Han is that they worked together most of the time… only splitting up occasionally. Finn, Rey and Poe are almost never together in a scene. If you’re going to write for a triangle of characters, at least put them together at some point for a together adventure.

The final scene is of a foretelling. It’s of a child holding a broom like a lightsaber. Let’s just hope that by the time this child makes it into the final film that he isn’t still a child. No child actors in the final act, please.

Star Wars Droids in the Story

One thing that has been totally lost on Disney’s Star Wars writers is that the Star Wars story is, more or less, told from the point of view of the droids (R2D2 and C3PO). Meaning, the droids are in almost every scene because they are both helping the heroes and recounting it from their droidy perspective. Since Disney began their version of Star Wars, that idea has been almost completely lost. I say almost because The Force Awakens and to a far lesser extent, The Last Jedi, tried to keep this idea alive with BB-8. However, in both The Force Awakens and The Last Jedi, there are long stretches of story where there were no droids present at all. When BB-8 is included as a main character or even a plot element, the scene works well. When not, the scene is dry and boring. For example, in The Last Jedi, it’s funny when we finally get to see BB-8 driving an AT-ST walker. Unfortunately, it’s just a token gesture from the writers. They don’t keep it going. The reason it’s important to include the droids in the scenes is that they 1) make for excellent comic relief, 2) they help the heroes get things done with computers and 3) they are the perfect storytellers for such a romp. Unfortunately, BB-8 really had no substantial role in The Last Jedi other than being used as a trope to tie up loose ends. The original Star Wars trilogy showed us just how important droids are to the success of not only the missions, but to the film’s success.

Story Misnaming

This is the second film of, I am assuming, a trilogy. The Force Awakens was the first. However, even at the end of The Force Awakens, we still didn’t know who that awakening referred to. Was it Rey? Was it Finn? Was it Poe? Was it someone else?

At the end of The Last Jedi, we exit the theater asking the same exact question of both this title and of The Force Awakens. Who is The Last Jedi? Who really awakened? In fact, the film postulates the question that there is no such concept as a ‘last Jedi’. Luke explains that even if every last Jedi falls, another will rise on their own because the Force so wills it. I would assume this to also mean that there will be at least one Sith because the Force wishes to remain in balance. This means that there can be no last Jedi ever. So, why call this film that? Why call the first film The Force Awakens? If the writers cannot definitively answer the question posed by the title of the film, why produce a film with that title? If the ending of this film is foretelling of the rise of a new Jedi (and/or Sith), then a more apt title for this film should have been The Rise of the New Jedi or The Balance of the Force or The One Jedi.

A New Hope clearly refers to Luke. The Empire Strikes Back is as clear a title for that movie as there ever could be. You clearly understand exactly what the title means by the time you finish the film. Return of the Jedi is, likewise, the perfect title because you know exactly who is returning 15 minutes into the film. There is no question about why these films are named the way they are or what the titles mean. Even the prequel film names worked properly in this way with The Phantom Menace, Attack of the Clones and Revenge of the Sith. Leaving the theater after the prequels, there is absolutely no question as to why each film was given its respective title.

These Disney Star Wars films, on the other hand, are entirely misnamed. You leave the theater not knowing what the title means or who it refers to. If your writers can’t answer the question that the title poses within that film’s story, then the writers have failed or the title has. This series definitely needs to choose better titles.

Overall

This film is overproduced and the story is clumsily heavy-handed. The film is way too long and unfocused. The Last Jedi is definitely not any better than The Force Awakens. I give this film 2.5 stars out of 5 or in RottenTomatoes grading: 50%. The film is way too long, way too disjointed and it doesn’t congeal into a cohesive whole by the end. I realize this is a middle film and will be somewhat of a cliffhanger, but still, the way that The Empire Strikes Back was handled as a middle film was classic. This film, on the other hand, is entirely mishandled. Though, in some ways it is marginally better than The Force Awakens and in other ways it dearly sucks. The one thing I will say is that the 3D version of The Last Jedi is well done visually, but it doesn’t make the story any more palatable.

Tagged with: ,

Home Automation: The good, bad and ugly

Posted in Apple, botch, business, Philips Hue, wink by commorancy on December 17, 2017

You’ve just picked up an Amazon Echo with a Hue Starter Kit and you have decided to take plunge into controlling small devices in your home via Alexa. Well, here is what I’ve learned so far about this process. Take note, it’s not always easy to set this up. Keep in mind that I haven’t explored every system or every device. This article documents only my experiences with those devices I’ve tried. Let’s explore.

Smart Home Hubs

The first thing you need to understand is that many home automation systems still require a centralized hub to control the accessories (i.e., lights, switches, dimmers, and plugs). Systems like Wink and Hue are good in that a hub aggregates all of the accessories under a single logical device, these devices also have their own pitfalls. Some lights and plugs are WiFi only and do not require a hub, leading to even more consumer confusion, more apps and more logins and passwords.

As an example, Hue’s bridge (hub) comes in several versions (I’ll explain the reasons for this shortly). If the you stay within the Philips universe of devices, then you’ll be good. However, the moment you step outside of the Philips universe, just like with Apple’s products, compatibility takes a significant dive. It’s the same situation for Wink. As long as you wholly subscribe to the devices that are compatible with a Wink hub, you’ll be perfectly fine. If you choose to add in a bulb that isn’t compatible, your days will become far less happy. Worse, if you want to intermix devices from the Philips universe with the Wink universe, you’re asking for a world of hurt.

Intermixing Devices

So you’re probably asking, “why would I want to intermix devices?” It’s very simple. Cost. While the Hue color bulbs are spectacular for producing vivid colors, they aren’t so great for their brightness levels and they are substantially pricey. If you want to get a bulb that supplies higher than 50-60 watts of effective illumination, you have to jump out of the Philips universe. I don’t know why Philips is dragging their feet on 75 and 100 watt Hue bulbs, but they are and its frustrating.  That means you might end up over at GE or Cree or even looking at LIFX bulb.

Costs, Value and Brightness

Hue bulbs are also incredibly pricey. At around $60 per color bulb, changing every bulb in your home is likely going to cost hundreds or perhaps thousands of dollars. Even the ambient white colored Hue bulbs at $30 are still quite pricey because they can range their colors between cold and warm white. If you simply want a bulb you can turn on and off and dim, there are far cheaper options… like the Cree Connected (~$15) and the GE Link (~$20). These are quite a bit less costly than the Hue white ambience bulbs. However, Hue also makes a 4 pack of white dimmable bulbs that cost around $13 per bulb (note that this may be holiday pricing). However, these bulbs are simple on, off and dim only. They do not vary the color hue of the bulb. The color they are is basic warm white… same for the Cree and GE Link. You also have to buy these Hue white bulbs in a 4-pack to get this lower pricing. Otherwise, each Hue bulb will cost around $17 separately. This 4-pack is your best deal for low cost hue bulbs. However, they are also not that bright.

At the time when I purchased into the Cree and GE Link, Philips still didn’t make these less costly bulbs. These are relatively new additions to Hue’s line and likely came about because of the Cree and GE Link bulbs.

What that means is that I’m not about to abandon the two bulbs I bought just to go buy four replacement Hue bulbs. The GE Link bulb is also quite bright, brighter than the Hue bulbs even though it is supposedly a 60 watt equivalent. Clearly, some bulbs are brighter than others even when rated similarly. This is why it’s important to look at the bulb illuminated to see if you like the color temperature and the brightness.

Clearly, we want good quality long lasting and bright lights. Specifically, lights that are bright enough for the given fixture and room. You may only need a 40 watt bulb in some instances, but in others you might want a 150 watt bulb. Sad to say, there aren’t many 150 watt LED equivalent bulbs on the market. Even of you find one, it’s not likely to be a connected bulb (see WiFi plugs below). The brightest bulbs seem incompatible with being connected. I don’t know why that is, but few lighting manufacturers want to produce both a connected bulb and a bulb that’s brighter than 60 watts. 60 watts is incredibly dim by itself. You’d need at least 4-7 of them in a fixture to sufficiently illuminate a living room.

Why there aren’t any 100 watt bulbs to date? I have no idea. Philips, GE and Sylvania need to get right onto solving that problem.. and soon.

Compatibility

If you’re willing to stay within a single manufacturer’s universe of apps, plugs, switches and bulbs, then you won’t run into many compatibility issues. If you want to actually do something useful, like use the Amazon Echo or IFTTT or Google Home or any other third party product, that’s when you run into problems.

Amazon’s Echo is probably the single most compatible home automation platform out there. However, that said, I’d consider Amazon’s Echo to only be about 80% compatible with most products. There are still a lot of products that cannot be controlled by Alexa, even though they have apps. IFTTT fares far worse at about 50% compatible. Apple’s Homekit is about 30% compatible with most systems. Though, if you’re willing to stay in the Philips universe, Apple’s Homekit jumps up into the high 90% range for compatibility. On the other hand, Apple’s Homekit has very little compatibility with Wink. Supposedly the Wink hub 2 is compatible with Homekit, but apparently that hub barely even works.

To get a fully functional Wink system, you have to use the Wink hub version 1 which isn’t compatible with Homekit. You’re probably asking, what is Apple Homekit? Homekit is Apple’s built-in small device automation system which is compatible with Siri. If you want task Siri to turn on, off or dim your lights, that assistant uses Homekit to get the work done. If Homekit can’t see your lights or accessories, it can’t control them.

There are many devices that Alexa can see and manage that Apple’s Homekit can’t. Apple has just floundered around doing nothing to improve compatibility to other home automation and lighting systems. This means that clicking the home icon to control your lights may or may not work on iOS… and more likely not to work than work.

Multiple Hub Versions

Hue’s system comes in several different hub versions. So does Wink. So does Zigbee and WeMo and many other device makers. These upgraded hubs add new features, such as compatibility with Apple’s Homekit or Google’s system. Keep in mind that even if a hub says it’s Homekit compatible, that doesn’t mean it’s fully compatible. It may only offer iOS the most bare bones minimums such as lights on and off, dimming and possibly color changing. Hue, for example, still prefers you to singly control all of their lights through the Hue app rather than through Apple’s Homekit compatible controls. Hue adds such extra features as light scheduling, vacation randomization and proximity fencing. Proximity fencing allows you to program the hub to turn lights on when near or off when out of range. These types of services are not visible through Homekit.

Fractured System

So what have I learned then?

  1. Philips Hue system is great so long as you don’t stray outside of it. Philips own bulbs work perfectly. Philips Hue can also see and control Hue compatible, but primarily Wink bulbs. Hue will not update firmware on any devices other than Hue devices. This is not optimal or in any way secure especially since you can only pair a device to one hub at a time.
  2. Wink will update fully Wink compatible bulbs, but won’t update firmware on Hue bulbs. Upgrades for Hue happens through Hue’s system.
  3. It is possible to run two hubs controlling different devices, but Wink’s hub won’t talk to Hue and Hue’s hub won’t talk to Wink.
  4. To bridge these two systems, you’ll need something like Alexa that can aggregate unlike device networks into a homogeneous whole.
  5. Alexa can’t aggregate bulbs and devices that aren’t Alexa compatible. So, you always have to read the box to make sure. Even then, you’ll likely need a skill to make it Alexa compatible.
  6. With Alexa’s skills, you can have Alexa log in to manage any device that offers a skill. You can then aggregate these devices under Alexa groups to control unlike systems.
  7. Homekit is the least compatible home control system out there. Don’t rely on Siri to control your devices unless you are meticulous in ensuring all of your devices are 100% Homekit compatible. This is likely to be costly because Apple is only willing to integrate with companies willing to pay money for this. That automatically means that only those companies making significant bank will be willing to pay off Apple to that end.
  8. Hue’s motion control sensor triples as a light and temperature sensor. Oddly enough, the only way to see the light and temperature pieces is through Homekit. Philips Hue app won’t show these sensors. This means you have to try and piecemeal together a system from pieces here, there and everywhere.
  9. Alexa still cannot directly set the color of Hue’s color bulbs. This must be done via a predefined IFTTT applet.
  10. Homekit can set the color of Hue’s color bulbs directly via Siri, but is limited in many other ways… specifically in the exact wording of how to get Siri to control the devices.
  11. Updating firmware on devices requires the correct app or hub. For example, Hue will update Hue devices, but not third party devices. If you want to update your third party devices, you need the right app or hub. Leading to….
  12. A device can only participate in any one hub system at any one time. Because I wanted the latest firmware on my GE and Cree bulbs, I had to buy a Wink hub and pair them with that. That also means I can’t use my Hue motion sensor to turn off one of the lights in a bedroom any longer. Now I have to buy a D-Link sensor and use that… adding to the cost and more hassles.

I find these systems fractured and annoying. There is no standard at all. Philips does what they do. Wink does similar, but is not compatible with Philips unless you buy into the Hub 2 (which is apparently junk). Sylvania is doing their own thing. Many bulb manufactures are now choosing WiFi for their bulbs to avoid even needing a hub. This means many competing standards in the lighting control area.

Until Philips or other lighting manufacturers put together a consortium to better the home automation world, home consumers will suffer with many competing and incompatible standards.

Electric Outlets

Recently I have gotten into controlling some devices using small connected outlets. Obviously, the devices to be controlled are dumb devices like plain old lamps or holiday lighting. They can’t be dimmed or change their colors, but they can be turned on or off. Once setup for control, I can enable scheduling to turn them individually on or off at specific times. However, what I’ve found here is just as fractured and confusing as the lighting systems. These plugs don’t require hubs. They are straight up WiFi devices.

I’ve so far bought the following:

  1. A WeMo branded outlet
  2. Three Conico / Jinvoo controlled outlets
  3. One TP-Link controlled outlet

Each of these devices has their own app and requires its own username and password. WeMo’s outlet uses the WeMo app, Conico uses the Jinvoo Smart app and TP-Link uses the Kasa app. Three apps and three logins for similar kinds of smart plugs. Yet more garbage on my phone and more passwords to remember.

However, because each of these apps have Alexa skills, I can set Alexa up to control all of them via a single device group. I have two of them controlling my Holiday lighting strands. I have a third as a bathroom night light and fourth and fifth not yet allocated, but likely will control more holiday lighting. I can put individual schedules on each of these plugs and I can voice control them via Alexa individually.

Unfortunately, to set up schedules, I have to do this in the phone app. This setup cannot be done in any single place. This is why this fracturing of devices is so bad.

IFTTT

What is this? This acronym stands for ‘IF This Then That’. It’s a small simple type of programming language. For example, if I say, “Alexa, trigger blue bedroom”, Alexa will send the command to IFTTT.com that will then interpret the command and perform the programmed action. The action could be turn off a light, send an email, send me a text or any of a wide array of actions. It’s a 1 to 1 action. Something happens, something is triggered.

How is this a problem here? I talked about the motion sensor above. This Hue sensor is captive to the Hue world. IFTTT has no way to capture any of the Hue sensor data and act upon it. Hue’s developers have not exposed any of this data to IFTTT for triggering alternative actions. For example, I’d like to turn on some lights if the motion sensor is tripped. While I can do that from within the Hue universe of devices, I can’t turn on both Hue and Wink lights from that motion sensor. Worse, the only thing I can do with the Hue motion sensor is turn on a device. I can’t send an SMS or email or anything else like that. Even though IFTTT can control both my Wink and Hue bridge devices, there is no action to read from the Hue motion sensor.

Instead, I had to opt into buying a D-Link WiFi motion sensor that is IFTTT compatible. This means I can then capture the motion event, send it to IFTTT to trigger an action of turning on a Wink and Hue bulb. It is not possible to do this with the Hue motion sensor. At least, that’s the theory. I haven’t yet received the D-Link sensor, but based on its description, it should be possible.

Overall, the world of home automation of small devices is fractured and confusing. There are many competing standards that don’t help the consumer in any way. In fact, this situation is made worse because device manufacturers intentionally hobble their own systems to prevent use of third party devices. This leaves home consumers to fend for themselves while trying to find a way to get their home system working. While I can understand the profit motivation in creating a captive ecosystem, it doesn’t in any way make it easier for a consumer. Until there’s a standard that all manufacturers agree to follow, we’re going to continue to see device after device using its own standard and supplying its own app to control that device.

If you’re going to invest in a smart home system, I’d suggest staying within a specific manufacturer’s ecosystem if at all possible. However, smart outlets may not be available under all systems. I don’t believe that Philips yet ships any smart plugs that are compatible with Hue. Wanting to add controls for plugs or other devices might mean the need for outside devices. However, even then I’d suggest sticking with a single manufacturer. Even if you use Hue and WeMo, that’s better than buying plugs from all over the place and trying to integrate 5 or more systems together. You may have to pay a premium to keep the number of systems down, but it will help keep the confusion to a minimum.

Why you should NOT use Disqus on your site!

Posted in botch, business, california by commorancy on October 26, 2017

What is Disqus (pronounced discuss)? This is a service that purports to offer an embedded comment / discussion service to your blog or website. Seems like a good feature, but let’s explore why this service shouldn’t be used.

Discussion Forums

Any good blog site or article site should offer a way to allow for comments. However, I find far too many sites that don’t offer comments at all. This is not the focus of this article, but it is one of my pet peeves. Should you choose to add a discussion or comment service, you should not consider using Disqus at all. Why?

Every good discussion package should offer a way to moderate posts and see every post that’s been submitted to your article. I believe that while Disqus does offer moderation, it also has a built-in spam detection package that hides posts from you that have been detected as spam. The problem with using Disqus, is that not only is their spam detection heinously faulty by filtering out many valid posts as false positives, Disqus does nothing about it. This means that as a site owner, you could be losing many, many valuable and valid comments to Disqus’s spam detection system.

As a site owner, you won’t even get to see those detected posts to know they were even there. They are simply hidden in the user’s profile on Disqus who posted their comment. Secondarily, the person leaving the comment can do nothing to get their comment unspammed. Once it’s detected by Disqus’s spam filter, that comment is lost for all eternity. Disqus not only does not monitor these failures nor do they don’t do anything about them.

If a user clicks on the This is not spam button, nothing happens. The post is not reposted. No one at Disqus looks at the comment. No one approves it. So, the comment remains in perpetual limbo solely on the user’s Disqus profile.

Disqus as a Discussion Service

As a site owner contemplating embedding Disqus as a comment platform for your site, you will want to know that the comments that your readers post will appear timely and fully. This is guaranteed not to happen with Disqus. You don’t want to use a half-baked discussion system thinking you’re actually getting to see all comments on your posts. With Disqus, I’d guess at least 50% of all comments left on an article are lost to Disqus’s extremely stupid spam filtering system. That number might even be higher than that. If you actually want to see all participation on your posts, you should find another system to enable comments on your articles. DO NOT rely on the Disqus platform as they WILL lose valuable comments from your readers… comments that you will never see.

If you really value your reader’s feedback, do yourself a favor and DO NOT USE Disqus as a platform. Until this company actually gives a damn about your users and actually gives you the tools to manage every user response (spam filtered or not), you should find another service to add discussion feedback to your articles that you post.

Better, lead your users to a Facebook page or other social media site where open discussions are, in fact, permitted without the draconian spam engine that Disqus currently uses to hide valid and valuable comments from you.

Tagged with: , ,

Beware of Silicon Valley Clean Energy and energy slamming

Posted in botch, business, california by commorancy on September 19, 2017

If you live in California, you need to read this. This situation has scam written ALL OVER IT. Let’s explore.

State / City Mandated ‘Clean Energy’

Apparently, as a result of city voting, some cities (such as Cupertino) have decided to force residents in that city to change their power generation provider to a third party instead of PG&E. In my case, it ends up being the scam outfit Silicon Valley Clean Energy. Why are they a scam? Here’s what happened.

First, they enrolled my electrical generation service under SVCE’s generation service without my permission. Then, SVCE waited over 60 days to notify me of my enrollment into their power generation service. Because they offered opting out at less than 60 days for free, this means I am not only being assessed a $5 exit fee from SVCE and I am now being put under PG&E’s transitional rates (which are likely to be higher than normal PG&E for at least 6 months). Oh, it gets even better.

Second, because I was force exited from PG&E’s generation services, PG&E gets to assess a Power charge indifference adjustment (PCIA) charge (effectively it is an exit charge for leaving PG&E’s power generation services). This charge on my last bill was $25.60. If you add this charge together with SVCE’s power generation charges, the total generation fee becomes identical to PG&E’s generation charges. If you spread this fee out over 12 months, SVCE’s charges aren’t as low as they seem. Also, this PCIA seems to be assessed once a year (or as frequently as the CPUC allows PG&E to assess it). Basically, this is a charge that PG&E gets to assess to cover generation fees they lost because you moved to a competitor. And, they get to do it each year.

Third, SVCE’s crap web site would not accept my opt-out request. Their opt-out form is entirely broken. I ended up calling their phone and opt-ing out there. Unfortunately, I have no idea if they really got my opt-out request because this fly-by-night outfit only has 9-5 call-center business hours. So, I have to wait until the following day and contact them.

Fourth, I was only notified of my ‘enrollment’ in this service because of a cheap card sent to me in the mail over 60 days after my enrollment.

Fifth, they make a lot of bold claims about using wind and solar energy for generation, but do not back up those claims anywhere. They could simply be buying PG&E generated power and reselling it.

Charges and electric slamming

Not only does PG&E get to assess random charges as a result of the customer is now using a third party power generation company, the power generation company gets to assess random exit charges for leaving their service when I never voluntarily joined it in the first place.

This entire situation smells of CLASS ACTION LAWSUIT. So far, I will have been assessed around $35 in fees plus an unknown amount for rates (up to 6 months) simply because SVCE grabbed my service without notifying me timely. This is the exact thing that long distance phone companies were doing in the 90’s. It is called slamming. This scam type is just another form of state / city endorsed slamming, now with the electric service.

The Feds need to jump on board and stop this slamming activity quick and force the same payback charges on the company who slammed the customer. Here’s what long distance providers were forced to do if they slammed someone onto their service and the end user paid the bill:

If you have been slammed, but discover it after you HAVE paid the bill of the slamming company, the slamming company must pay your authorized company 150 percent of the charges you paid the slamming company. Out of this amount, your authorized company will reimburse you 50 percent of the charges you paid the slamming company. Or, you can ask your authorized company to recalculate and resend your bill using its rates instead of the slamming company’s rates.

Electric generation companies need to be held accountable for slamming in the same way as long distance providers. Companies like SVCE riding on the coattails of city votes shouldn’t get a pass to switch services without permission. Slamming is slamming whether it’s for telephone service or power generation. No matter what it is, it’s a rip off unless the change is by consumer permission. If there are fees involved, the customer MUST authorize the change in advance. Otherwise, it is slamming.

Is the iPhone X Innovative?

Posted in Apple, botch, california by commorancy on September 17, 2017

Clearly, Apple thinks so. I’m also quite sure some avid Apple fanboys think so. Let’s explore what innovation is and what it isn’t and compare that to the iPhone X. Let’s explore.

What is innovation?

Innovation effectively means offering something that hasn’t been seen before, either on other devices or, in fact, at all. I’ll give an example of this. If I create a transporter that can rearrange matter into energy and safely transmit it from point A to B and reassmble it into a whole, that’s innovation. Why? Because even though the concept has existed in the Star Trek universe, it has never existed in the real world. This is true innovation and would ultimately change transportation fundamentally as we know it. Though I won’t get into the exact ramifications of such an invention, suffice it to say this technology would be a world game changer. This example is just to show the difference between true innovation and pseudo innovation. Innovation should be a world game changer to be true innovation.

So then, what is pseudo innovation? This type of innovation, also known as incremental innovation, is to take an existing device and extend it with a natural progression that people expect or, perhaps, have even asked for or because other devices on the market have already added it. As an example, this would be taking a traditional blender and exchanging the blender bowl with a small single service container that can double as a cup. This is a natural progression from an existing blender to a more useful and functional device. This is the kind of change that doesn’t change the world, but solves a small problem for much smaller subset of people.

iPhone X Design

Let’s dissect this design from top to bottom to better understand it better and understand why the iPhone X is not in any way truly innovative and only presents pseudo innovation.

  • OLED display While this is new to the iPhone, it is in no way new to mobile devices. Samsung has been shipping tablets and phones with AMOLED displays for years now. In fact, I’ve personally owned the Samsung Galaxy Tab S for at least 4 years that has a Super AMOLED display. This display has been amazing and remains that way to this day. Apple is substantially late to this party for the iPhone. While it’s new to Apple’s devices, OLED is not in any way a new technology created by Apple. Worse, Apple hobbled their OLED display with the unusual design of that large black brow at the top. I still have no explanation for covering 10% of the display with an unsightly black bar. Worse, when videos play or other active content is viewed, 1/10 of that content is now being obscured by that black bar unless you change the settings. Such a questionable addition to an expensive phone.
  • Removal of Touch ID This is actually negative innovation. Removal of useful features from a device serves only to leave more questions than answers. Touch ID is a relatively new addition to the iPhone. That Apple shipped the iPhone X without it is entirely unexpected. Apple should have postponed the release until they got this right. Touch ID is an intrinsic, non-intrusive technology that works in all conditions, secures the device using biometrics and offers a much safer alternative to login IDs and typing passwords (something entirely cumbersome on small phone devices).
  • Addition of Face ID — Face recognition on a phone, while new to the iPhone isn’t a new technology, nor was it created by Apple. Cameras have been capable of recognizing faces when taking photos, but it does not necessarily take the step to identify the person. Apple takes it to the identification level with Face ID. In fact, it takes it to the next step to use it to identify the owner of the phone. However, this is an untested new technology when used on a phone. While computers with hefty internet connections have been capable of performing this type of fast facial recognition, a phone will require a cloud service to provide such an identification. This means that your facial information will need to transmit to a cloud service and attempt to determine that you are you. It also means that this picture information may be stored on Apple’s servers for this purpose. It also means there’s a huge privacy concern here if Face ID captures something it shouldn’t have. Touch ID is never susceptible to this privacy intrusion problem.
  • Wireless ChargingAgain, Samsung devices have had wireless inductive charging for years. This addition, while new to Apple’s phones, is not in any way innovation. Wireless charging has previously existed on other non-Apple devices and, again, has not been created by Apple. Apple has embraced the Qi wireless charging standard up to a point. However, Apple has denied iPhone devices from using Qi fast charging, instead choosing to offer up Apple’s own standard sometime in 2018.
  • Fast Charging — This allows the phone to charge the battery perhaps 5x faster than the iPhone currently charges today. This is separate from Wireless Charging, but Wireless Charging can take advantage of it.
  • Edge to Edge DisplayWhile Apple’s implementation of this screen seems edge to edge, it really isn’t. There is a small bezel around the display due to the way the case is designed. While it is probably the most edge to edge display we’ve seen in a phone to date, it isn’t the first. Samsung’s Galaxy Note 8 offered at least side to side edge to edge display and a reasonably small top and bottom bezel. Suffice it to say that what Apple has done is merely semantics. Now, if Apple hadn’t added that questionable brow covering 10% of the display, it might have been a small achievement.
  • Faster CPU, more RAM, faster overall performance — To be expected in any new release, though it will be outdated quickly

In fact, none of what has been included on the iPhone X is in any way newly created ideas by Apple. Apple is firmly playing catchup with the Joneses (or in this case, Samsung). Samsung has already produced phones with every single one of the technological advances that Apple has put into the iPhone X.

Fanboys might claim that the iPhone X is all new. No, it’s all nuances. Apple is simply catching up with existing technologies and ideas to improve their new phones (and I use the word improve loosely). There is nothing actually innovative about the iPhone X. In fact, from a design perspective, it’s probably one of the ugliest phones Apple has yet produced. The brow seals that fate. If there were such Razzie awards for design, Apple would win it for 2017.

iPhone 8

This is one of those things that always irks me about Apple. That they’re releasing the iPhone 8 at all is a bit of a mystery. If you’re introducing a new phone, why keep this line of phones at all? Bet the bank on the new model or don’t do it. This is what Apple has always done in the past. That Apple is now hedging its bets on two different models seems a bit out of ordinary for a company that has typically bet the bank on new ideas. I guess Apple is getting conservative in its old age.

Other than wireless and fast charging introduced into the iPhone X, nothing else has trickled its way into the iPhone 8. Effectively, the iPhone 8 is simply a faster iPhone 7 with Qi wireless and fast charging support.

Let’s talk about wireless and fast charging a little here. While the iPhone 8 is capable of both wireless and fast charging, it won’t come with it out of the box. In fact, Apple’s fast wireless charging pads won’t be released until sometime (probably late spring) 2018. While there are other Qi Wireless chargers you can buy now, these chargers won’t fast charge. Worse, the iPhone 8 still ships with the standard Lightning USB cable and standard speed charger. If you want fast charging, you’re going to need to invest in the extra accessories (cables and chargers) to get that faster charging performance. Until Apple releases its wireless charging pad, you can’t even get wireless and fast charging together. In addition to your phone’s cost, expect to dump an extra $100-200 on these accessories (several times if you want something now and then again when Apple releases its accessories).

Mac Computers

Just to reiterate the point of lack of innovation, I’ll bring up one more point. The MacBook and Mac line of computers has been so stagnant and so far behind the times, I’m not even sure Apple can catch up at this point. While every other non-Apple notebook on the market (even the cheapest, smallest model) now includes a touch display, Apple continues to ship its Mac computers without touch surfaces in defiance of that trend. There’s a point where you have to realize that touch surfaces actually are a necessity to computing. The ironic thing is, we have Apple to blame for this dependency by Apple introducing the original iPad.

Yet, Apple’s stubborn stance on introducing touch displays on the Mac has actually become a sore point with these devices. Apple, lose your stubbornness and finally release touch friendly MacBook computers at the very least. Though, I’d like to see touch screens on every Mac computer. You’ve had Spotlight on the MacOS X for years now (the first step towards touch displays), yet here we are with one computer that has a Touch Bar. The Touch Bar is such a non-innovation as to be a step backwards.

Let’s just get rid of the worthless Touch Bar and finally introduce Macs with touch displays, which is what we want anyway. Since we’re playing catchup, let’s finally catch the Mac line up to every other non-Apple notebook.

Apple’s Worms

It’s clear, Apple has lost its innovative ways. Apple is now relying entirely upon existing technologies and ideas, firmly throwing together half-assed ideas and calling them complete. The iPhone X idea should have been tossed before it ever saw the light of day. Had Jobs been alive to see it, the iPhone X idea would have been tossed out the window in lieu of a new idea.

Additionally, Apple’s technology ideas across its product lines are entirely fractured:

  • The iPhone ships with Lightning connectors, but no other non-mobile computing device in Apple’s line up supports Lightning
  • The iPhone has removed the 3.5mm headphone jack for no other reason than, “just because”
  • New Macs now ship with USB-C, yet none of Apple’s mobile devices support this standard
  • USB-C Macs require dongles because none of Apple’s accessories support USB-C (other than the converter dongles)
  • The Apple Watch has no direct integration with the Mac. It only integrates with a single iPhone.
  • Apple ships Lightning headphones and those can only be used with the iPhone line, not Macs
  • Macs still fail to support touch displays
  • Macs still ship with 3.5mm headphone jacks
  • Apple’s magsafe adapters were amazingly innovative to supply power to the system, yet have been tossed out in lieu of the inferior USB-C connector
  • The iPhone and Mac are only half-assed integrated with each another. The best we get is USB connections and Airdrop. The Universal clipboard only works about half the time and even then it’s not always useful depending on copied content. The single app that works quite well is iMessage. In fact, the entire reason this integration works at all is because of iCloud.

Innovation is about putting together ideas that we’ve never before seen and that take risks. It’s about offering risky ideas in creating devices that offer the potential of changing the game entirely. There’s absolutely nothing about the iPhone X that’s a game changer. Yes, I do want an iPhone with an OLED display because I want the super high contrast ratio and vibrant colors. If that had been available on the iPhone 8, I’d probably have upgraded. For now, there’s no reason to upgrade from any of Apple’s most recent products. Wireless charging just isn’t enough. A hobbled OLED display is just not worth it.

Tagged with: , ,

How to protect yourself from the Equifax breach

Posted in botch, business, security by commorancy on September 11, 2017

Every once in a while, I decide to venture into the personal financial security territory. This time, it’s for good reason. Unfortunately, here’s a topic that is fraught with peril all along the way. It also doesn’t help when financial linchpins in the industry lose incredibly sensitive data, and by extension, credibility. Let’s explore.

Target, Home Depot and Retailer Breaches

In the last few years, we’ve seen a number of data breaches including the likes of Target and Home Depot. While these breaches are severe problems for the companies, they’re less problematic for the consumer in terms of what to do. As a consumer, you have built-in protections against credit card fraud. If a thief absconds with your number, your liability is usually limited to around $50, but that also depends on the card… so read your fine print.

With the $50 you might have to pay, the inconvenience to you is asking your credit card company to issue you a new card number. This request will immediately invalidate your current card number and then you have to play the snail mail waiting game for a new card to arrive. That’s pretty much the extent of the damage with retailer like Target or Home Depot.

No one wants to go through this, but it’s at least manageable in time… and you can get back on with your life. For breaches like Equifax, this is a whole different ball game, let’s even say, a game changer. Breaching Equifax is so much more than a simple credit card inconvenience.

Credit Reporting Agencies and Breaches

With Equifax breached, this is really where the government needs to step in with some oversight and regulations. What your social security number is the the government, your credit reporting file is to your personal financial health. This breach is a dangerous game… and worse, Equifax is basically taking it lightly, like it’s no big deal. This is such a big deal, you will absolutely need to take steps to make sure your data is secure (and even then, that only goes so far).

First, I’ll discuss what this breach means to you and how it might affect you. Second, I’ll discuss what you can do to protect yourself. Let’s start with some basic information.

There are 3 primary credit reporting agencies (aka credit bureaus):

  1. TransUnion
  2. Experian
  3. Equifax

Unless you’ve never had a credit card, you probably understand what these businesses do. I’ll explain for the uninitiated. These agencies collect and report on any outstanding credit card or revolving lines of credit you currently have. If you have a mortgage, these entities know about it. If you have a credit card (or many), they know. They also know lots of other data (i.e., previous and current address), what loans you’ve had in the past, what bank accounts you have, what balances are on your outstanding lines of credit, any collections activities and the list goes on and on. It also lists your birth date, social security number and full credit card numbers and account numbers.

Based on all of your credit lines, how well you pay and so on, these companies create a FICO credit score. This score determines how low of interest rates you’ll receive on new loans. These companies are not only a bane to actually exist, but they are your lifeline if you need new credit. Even just one blemish on your record can prevent you from getting that loan you need to buy your new house or new car. Without these linchpin companies, lenders wouldn’t be able to determine if you are a good or bad credit risk. Unfortunately, with these companies, consumers are at the mercy of these companies to produce accurate data to lenders (and to protect that data from theft)… a task that Equifax failed to do.

What did Equifax lose?

Equifax lost data for 143 million record holders. While that number may seem small, the damage done to each of those 143 million record holders will eclipse the damage produced by Target and Home Depot combined. Why? Because of how these credit reporting agencies actually work.

Equifax (and pretty much all of these credit reporting agencies) have flown under the radar in what they do. If you go to a car dealer, find a car you want and fill out loan paperwork, that dealership will pull a credit report from one or more of these agencies. Your credit report will contain a score and all loans currently outstanding. It also shows how well you pay your loans, any delinquencies in the past and other financial standing metrics. This credit report will be the basis of whether you get a loan from the car dealership and what what interest rate.

Hackers had access to this data between May and July of 2017. The hack was found on July 29th, but not reported to the public until September 8th. That’s over a month that Equifax sat on this news. It’s possible that they were requested by law enforcement to hold the announcement, we just don’t really know.

What was lost?

According to the Washington Post:

Hackers had access to Social Security numbers, birth dates, addresses, driver’s license numbers, credit card numbers and other information.

According to the New York Times:

In addition to the other material, hackers were also able to retrieve names, birth dates and addresses. Credit card numbers for 209,000 consumers were stolen, while documents with personal information used in disputes for 182,000 people were also taken.

Those dispute documents being PDFs of bills, receipts and other personally identifying information. I’ve also read, but have been unable to find the corresponding article, that the hackers may not have had access directly to the credit report database itself, but only to loose documents in a specific location. However, even with that said, do you really trust Equifax at this point? I certainly don’t.

Why is this such a big deal?

Because the credit reporting agencies have played it fast and loose for far too long. They make boat loads of money off of each credit report that’s pulled. If you pay $50 as part of the loan process to pull your credit report, the dealership will keep part of that money and the rest goes to Equifax. Because many loans applications are processed every day, some credit reporting agency is making money. Making money isn’t the problem, though.

These agencies will pull a report for anyone willing to spend money. This includes people with stolen credit cards. However, that only gets thieves so far before being caught. Instead, breaking into computers at the agency allows them to not only pull credit reports for anyone who has a record, they can get access to lots of sensitive information like:

  • Social Security Numbers
  • Birth Dates
  • Addresses
  • Places of employment
  • Home Addresses
  • Credit card numbers
  • Dispute Documents
  • Etc..

Basically, the thieves may now have access to everything that makes up your identity and could steal your identity and then attempt to divert bills away from your house, create new cards, and do other things that you may not be able to see. If they managed to get access to your credit report, they can open cards out the wazoo. They can charge crap up on those cards. And, they can perform all of this without your knowledge.

Credit Monitoring

You might be thinking, I’ll set up a credit monitoring service and have the credit reporting service report when activity happens. Even that, while only somewhat effective is still subject to being breached. If the thieves have access to all of your identity information, they can request the credit reporting service to do things like, reissue passwords to a new email address and send sensitive reports to a bogus address. These thieves can even undo security setups like a credit freeze and reassign all of that information to their own address. You won’t see or even know about this unless you regularly check your credit reports.

This problem just barely peeks into the can of worms and doesn’t even open it fully. There are so many things the thieves can do with your identity, that by the time you figure it out, it could be far, far too late. So, don’t think that signing up for credit monitoring is enough.

Sloppy Security Seconds

In fact, it wasn’t seconds, it was almost 2 months before the breach was known to the public. A move that not only shows complete disregard for 143 million people’s financial security from a company who should be known for it, Equifax doubled down by creating a lead generation tool in their (ahem) free TrustID tool. Keep in mind that that TrustID tool is only (ahem) free for one year, after that you pay. Though, protecting against new account creation is only half the problem. The other half to which TrustID can’t help is protecting your existing accounts. Because credit reports contain every account and every account number you own, if your data was compromised (and with 143 million accounts worth of data lost, it’s very possible), you need to do so much more.

Even the Security Checking Tool (which was questionably put up on a brand new created domain???) seems to have been a sham and had its own share of SSL certificate problems leading to some browsers showing the site as a scam. Some Twitter users have entered bogus data… and, this checking tool seems to have stated this bogus data was included in the breach. The question is, does that tool even work or is it merely security theater? Yet another black eye in among many for Equifax’s handling of this data breach. To wit…

and then this tweet…

To sign up for Equifax’s TrustID premium service, you have to enter even more personally identifying data into a form of a company that has clearly demonstrated they cannot be trusted with your data. Why would anyone do this? Seriously, signing up for a service with a company who just lost a bunch of information? No, I think not. Instead, Equifax should be required to pay victims for a monitoring service with either TransUnion or Experian (where breaches have not occurred.. yet).

On top of entering even more personal information, the service requires you waive your right to lawsuits against Equifax and, instead, requires binding arbitration. Yet another reason not to sign up.

It’s not as if their credit monitoring service is really going to do you a whole lot of good here. If you really do want a credit monitoring service, I’d suggest setting it up with Experian or TransUnion instead. Then, figure out a way to get Equifax to pay you back for that service.

Can’t I reissue credit card numbers?

While you can do this, it won’t protect you fully. The level of what the thieves can potentially do with your data from Equifax goes much deeper than that. Yes, changing the numbers will help protect your existing cards from access. However, it won’t stop thieves from opening up new accounts in your name (and this is one of the biggest problems). This is why you also need to set up a credit freeze.

Because the thieves can now officially pretend to be you, they can do such things as:

  • Pretend to be you on the phone
  • Call in and request new pin codes based on key identifying information (address, SS#, phone number, etc)
  • With your old address, they can then transfer your bills to a new address
  • They can reissue credit card numbers to that new address

You’re probably thinking, “What about the security measure my bank uses? Won’t that protect me?” That depends entirely upon how convincing the thief can be over the phone. If they can answer all of your identity information and find a representative who can bypass some of the banks security steps, they can get a foot into the door. That’s all it takes for them to basically take over your credit accounts… which is one step away from potentially hijacking your bank accounts. A foot in the door is enough in many institutions to get the ball rolling towards full hijacking.

How do I protect myself?

If your data was involved in the breach (unfortunately, the tool that Equifax provides is sketchy at best), the three bare minimum things you should do are

  1. Contact one of the three credit bureaus and ask for a free 90 day fraud watch
  2. Contact all three and ask for a credit freeze on your records at each credit reporting agency
  3. Set up credit monitoring at TransUnion or Experian

The 90 day fraud watch means they will need to let you know when someone tries to do anything with your credit report. However, this watch is only good for 90 days and then expires. The good thing about requesting this watch is that you only have to do it at one bureau. All three will receive this watch request from your contact with one of them. The bad thing is, 90 days is not nearly long enough to monitor your credit. In fact, the thieves will expect the 90 day fraud watches, wait them out, then go after it hard and heavy after these begin expiring.

A freeze, on the other hand, lasts until you unfreeze. A freeze puts a pin code on your credit record and that pin is require each time a company needs to pull a copy of your credit report. This will last far, far longer than a 90 day watch and serves to stop the thieves in their tracks. To freeze your records, you will need to contact all three separately and perhaps pay a fee of $5-10 depending on where you live.

Setting up credit monitoring means you can be alerted to whenever anything changes on your credit report. But, credit monitoring won’t stop the changes from occurring. Meaning, you’ll be alerted if a new card is opened, but the monitoring service isn’t a preventative measure.

You can contact each bureau as follows to set up any of the above services, including a credit freeze (links below):

  1. Equifax or call 1-800-349-9960
  2. TransUnion or call 1-888-909-8872
  3. Experian or call 1‑888‑397‑3742

Neither a fraud watch nor a credit freeze will impact your credit score. A freeze simply prevents any business from pulling your credit report without having your pin code. Companies for which you already do financial business or have loans established can still pull reports as needed. However, any new loans will be required to have your security pin code.  You can learn all about the details of a credit freeze at this FTC.gov web site.

Unfortunately, because the breach may have been more extensive than it appears, a thief can now contact the credit bureaus over the phone, pretend to be you and have any pin codes removed and/or reissued. Then, gain control over your credit records. This is why this breach is so treacherous for consumers. You need to be on your guard, vigilant and manually monitor your credit report for at least the next 12 months regularly. This is the part no big box media site is reporting. Yes, this is a very treacherous landslide indeed that is at work. Even if you do all of the protections I mention above, thieves can still subvert your financial records for personal gain by knowing your key personally identifying information.

How do I stop the thieves?

This is the fundamental problem. You can’t, at least not easily. To truly protect yourself, the scope of changes would include all of the following:

  1. Get a new social security number
  2. Reissue all of your credit card and debit card numbers
  3. Open new bank accounts, transfer your money into the new accounts
  4. Close the old bank accounts
  5. Reissue new checks
  6. Change your telephone number
  7. Move into a new address (or obtain a P.O. Box and send your bills there)
  8. Legally change your name
  9. Change all of your passwords
  10. Change all of your email addresses
  11. Set up multifactor authentication to every financial app / site you log into that supports this feature.

Unfortunately, even doing all of the above would still mean the credit bureaus will update your credit report with all of this new data, but your prior history would remain on the report… possibly up to and including all of the old account, name and address information. It is very, very difficult to expunge anything from a credit report.

In addition to the above, I’d also suggest closing any credit lines you don’t regularly use. If it’s not there, it can’t be exploited. None of this is a magic bullet. You just have to wait it and shut the thieves down as things materialize. Being diligent in watching your credit report is the only way to ensure you nip things in the bud early.

Tidal Waves and Repercussions

It is yet unknown the extent of their breach or the extent to which each consumer may have to go to protect themselves from this deep gash in the financial industry. Not only does this gash now undermine each account holder’s personal financial well being, it undermines the credibility of the very industry holding up the world’s economy. This is some serious shit here.

If half of the US’s residents are now available to identity thieves, those organizations who help protect the small amounts of identity theft throughout a normal year cannot possibly withstand a financial tidal wave of identity theft paybacks which could seriously bankrupt many credit organizations. In fact, if this tidal wave is as big as I suspect it could become, we’re in for some seriously rough financial waters over the next 6-12 months. By the time the holidays roll around, it could be so bad, consumers cannot even buy the goods needed to support the holiday season. Meaning, this could become such a disruptive event in the US’s financial history, many businesses could tank as a side outcome of consumers not being able to properly spend money during the most critical season of the year.

This has the potential to become one of the most catastrophic financial events in US history. It could potentially become even more disruptive than the 1939 stock market crash. Yes, it has that much potential.

Since I have no reason to believe that Equifax has been totally honest about how much data has actually been lost, this is the reason for this level of alarm. I’d be totally happy if the amount of data lost was limited to what they have stated, but the reality is, nothing is ever as it seems. There’s always something deeper going on and we won’t find that out for months… possibly at the point where the economy is hit hard.

Equifax Aftermath

Because the US is so pro-business, Equifax will likely get a slap on the wrist and a warning. Instead, this company should be required to close its doors. If it is not providing adequate data security measures to protect its systems, then it needs to shut its doors and let other more capable folks handle this business. This sector is far too critical of a service and that data too risky if lost to allow flippant companies like Equifax to continue to exist in that market.

Tagged with: , , , ,

Console Review: Nintendo Switch

Posted in nintendo, technologies, video gaming by commorancy on August 17, 2017

Back in April, I wrote an article entitled Why I’ve Not Yet Bought A Nintendo Switch. It’s now August and I’ve decided to take the plunge and buy a Switch based on a comment I heard about The Legend of Zelda: Breath of the Wild. I hadn’t yet played this game (in part because I was disappointed with the last Zelda installment). However, someone told me that it is effectively Skyrim. That comment piqued my interest. The Elder Scrolls series is one of my two most favorite video game series, the other being Fallout 4. I’ve always liked Zelda, but didn’t want to play it on the Wii U. So, I decided it was time to give the Switch a try (assuming I could find one in stock). After turning the unit on, it became quickly obvious just how limited this tablet really is. However, I am looking forward to playing the Skyrim port on a portable. Let’s explore.

Best Buy

As luck would have it, when I arrived at Best Buy to pick up my pre-ordered copy of Agents of Mayhem for the PS4 (haven’t started playing it yet for reasons that will become obvious), I asked a floor person if they had any Nintendo Switch consoles in stock. To my surprise, they did. I picked one up on the spot, and with it a copy of The Legend of Zelda: Breath of the Wild. I also picked up a few Amiibo that I didn’t have and a Switch Pro Controller in hopes of avoiding the Joy-Con problem. I have heard the Joy-Cons can lose connectivity when operating wireless, dropping their connections mid-gaming. I had experienced this exact problem with the PS3 controller after its release and I definitely do not wish to revisit that problem on the Switch. Even the Best Buy floor representative confirmed the wireless disconnection problem with his own personal Switch.

Note, I also decided to picked up the Switch at this time because it’s still well before the holiday season when finding things in stock gets crazy impossible. I’m planning on playing Skyrim and wanted to have a Switch before Skyrim releases during the holidays (no release date as of this article). I would also like to see Bethesda port Fallout 4 over, but that’s probably a pipe dream. Let’s get right into the meat of this review.

Tablet Weight and Size

Starting with size, the one thing that I immediately noticed upon opening the box is how small this tablet actually is. My NVIDIA Shield, my iPad and my Galaxy Tab S are all actually much bigger than the Switch. Even the iPad mini is bigger than the Switch. Let’s just say that its much smaller than I had expected. In a portable, I guess that’s okay. Of course, after attaching the Joy-Cons, the tablet becomes much longer. As for setting it up, the tablet setup was easy and fast, unlike the Wii U which seemed overly complicated. The slowest part was setting up a Nintendo account (see below).

The weight of the tablet is average, not too light and not too heavy. After you attach the Joy-Cons, the weight becomes more substantial. I’ll probably leave the Joy-Cons attached most of the time because the Switch Pro Controller works spectacularly well even though it costs ~$70. Anyway, the screen is smaller than I expected, but it is still readable. However, the screen controls inside Breath of the Wild are far too small. In fact, this tabsole suffers from the same exact problem as did the PS Vita. The screen resolution is so high and the icons are drawn so small that it can be difficult to touch or read some of the text on the tablet screen. When played on a TV, this isn’t a problem. Though, the tablet screen is bigger than the PS Vita and the play area is quite nice, the tiny icon problem remains. Nintendo can fix this issue in later games, but for Breath of the Wild, it suffers a bit from the tiny icons when playing on the tablet screen.

Graphics and Game Performance

After playing Breath of the Wild for just 15 minutes, it is quite obvious. This tabsole is workhorse fully capable of producing solid frame rates on both the tablet display and through the dock on a large screen TV. In fact, the ability to switch back and forth between the tablet display and the TV display is so seamless, it just works without thought. Simply slide the tablet into the dock and it’s on the TV. Hooking the dock up to the TV was a cinch.

What accessories does the Switch support?

  • microSDXC and microSDHC cards
  • 32 GB built in tablet memory
  • card slot for games (they’re card based)
  • Amiibo support (both on the controller and on the tablet)

Interestingly, there are tablety features missing such as:

  • No cameras (rear or front)
  • No microphone
  • No stylus (interesting because the 3DS was all about the stylus)

However, the Joy-Cons have a unique slide attach system. This means that in the future such devices as microphones and cameras may become available as slide-on accessories. It is unknown if the slide-on accessories can be stacked. Hopefully, Nintendo did design the slide-on accessories to be stackable. Even if they aren’t stackable, you can still use the Joy-Cons wirelessly when other accessories are connected.

Joy-Cons

I would be remiss if I didn’t discuss these controllers. These controllers (light gray – right, blue/red – top) slide onto the left and right side of the tablet (or the left and right side of the adapter). They’re nice enough and have a good joystick feel, but overall they’re only just okay. The buttons are too small for my liking. When you take the Joy-Cons off and attempt to use them separately or attached to the Joy-Con controller adapter (pictured right), they still don’t improve much. The real improvement is in using the Switch Pro Controller (pictured below). Interestingly, in addition to the Joy-Con adapter, there are two slide-ons included for each Joy-Con that attaches a wrist strap. I guess because of the Wii and people breaking things by throwing them at the TV, Nintendo has learned its lesson. Needless to say, these two wrist strap attachments do provide the Joy-Cons with a more polished, finished look and feel when attached. Interestingly, Nintendo did not include simple rounded end closures for the sides of the tablet itself to make the tablet also look finished when the Joy-Cons are detached. The unfinished tablet side ends just hang out to collect dust and dirt.

Switch as a Tablet

In this day and age with the likes of the Samsung Galaxy Tab and Apple’s ever larger and larger iPad versions, coupled with the iOS or Android, these modern tablets are both functional as productivity and browsing devices, but they can also be used for high intensity gaming… with controllers even. Clearly, only Apple tablets support iOS. However, many many tablets support Android. In fact, Android is likely to become the operating system of choice on tablets, far and above iOS or Windows in deployments. Why? Because it’s open source, it’s designed to work with tablets, it performs well and it’s well supported. It also means that there’s a crap ton of applications already available on this platform.

Unfortunately, here is where the Nintendo Switch completely falls down. Nintendo has opted to use its own proprietary operating system to drive the Switch. This has the obvious downside of not running any existing apps or games. This means that as a Switch owner, you are entirely at the mercy of Nintendo to provide every app you could ever want. And herein likes the biggest problem.

While the games run like a champ, the Switch cannot become a useful tablet itself because it does not benefit from inheriting existing games or apps from Android. This is entirely the problem with the Switch in a nutshell. When you power the Switch on, you’ll quickly notice that there are a very very limited number of games in the Nintendo eShop. In fact, there are so few, it’s probably not worth considering the Switch as anything other than a Nintendo gaming system.

Switch as a Game Console

Unlike the Wii U that offered a dual display (the Gamepad touch screen in addition to TV screen), the Switch can only display on the TV or the tablet one screen at a time. When docked, the tablet display is covered and disabled. With the Wii U, you could use the Gamepad screen for maps or inventory or other useful drag and drop features. With the Switch, that’s not possible. That Nintendo has dropped the two screen idea entirely is a bit unusual. I did like being able to perform certain gaming tasks (i.e., rearranging the inventory) on the second screen. Yes, it was of limited use, but having the second screen for certain gaming tasks made a lot of sense.

Nintendo never learns

By now, you would have thought that Nintendo would have learned its lesson from failure of the Wii U. Yet, here we are… back in the same boat as the Wii U. This means that, yes, it’s a tablet but, no, you cannot use it for anything other than gaming. Nintendo, if you’re planning to design a device like this, you also need to understand the bigger picture. This is a tablet. As a tablet, in addition to gaming, it should be able to run standard apps that are found on both Android and iOS. Unfortunately, there is nothing available (not yet anyway). In fact, the Switch is currently missing the most basic of apps such as Netflix, Amazon, Facebook, Twitter, Instagram, a web browser or any other social networking app. While the OS may support sharing some content to some of these services, that’s as far as it goes. You cannot use the tablet as a general purpose device. Such a shame as this means that you will have to carry the Switch around with another tablet or device.

In fact, as a Nintendo device, it doesn’t yet even support Miiverse, not that that’s a big loss. It also doesn’t currently support StreetPass (and may never). That’s a bit odd for a portable gaming device produced by Nintendo. You would think that Nintendo could at least support its own social platforms out of the gate.

Nintendo Login

The bizarre choice to require a Nintendo website ID instead of the Nintendo Network ID to log into the eShop is completely unexpected. Like the Nintendo 3DS, I fully expected to type in my NNID login and password and be on my way. Nope, I had to run over and create a brand new login ID through the web site, then link it to my NNID, then use that new login and password to have the Switch login. Bizarre. Nintendo seems to make these arbitrary and haphazard changes with each new console iteration. I’m not yet even sure what benefit jumping through this hoop actually provides. Though, once you log into the Nintendo Web portal, you can link in your Facebook and Twitter accounts. So, perhaps it’s a way to link your social networks? *shrug*

The one thing that irks me is that you must type in your Nintendo Login password each time you want to enter the Nintendo eShop. Why it can’t remember your password for even a few minutes is frustrating. Better, give me the option of saving my password on the console so I don’t have to type it each time. If you want to add a security feature against accidental purchases, require a separate four (4) digit pin code which must be typed before each purchase. Typing in four (4) numbers is far easier than typing in a long password string. Figure it out Nintendo.

Nintendo Online

With the introduction of the Switch, Nintendo has created (or will create) an online service. This service, I’m guessing, is to be similar to Xbox Live or PlayStation Network. I’m assuming it will offer multiplayer gaming and other perks, but we’ll have to wait and see what it intends to provide. It doesn’t officially launch until 2018 and will sport a $19.99 a year price tag (though you can pay monthly). Whether or not that’s the final price tag remains to be seen. Considering that both PSN and Xbox Live are well more costly than that, I’d fully expect Nintendo to raise the price of this online service in short order. After all, it’s not inexpensive to build and maintain services in AWS or Google Cloud or even in your own data center.

Overall

The Switch is definitely great at gaming. However, because Nintendo has chosen for the Switch not to be a general purpose tablet or run an operating system with a boatload of existing software (i.e., Android), it will only ever be a single purpose gaming tablet. Personally, I think that’s a huge mistake on Nintendo’s part. Nintendo is gambling an awful lot on this limited tablet design. I personally believe this gamble will not pay off for Nintendo and may leave the Switch as dead as the Wii U. Thanks for thinking ahead there Nintendo. For playing Nintendo game franchises (Mario, Zelda, Pikmin, Pokemon, Splatoon, Metroid and so on), the Switch will do fine. Barring the upcoming Bethesda port of Skyrim to the Switch, I can’t foresee much in the way of non-Nintendo franchises or other blockbusters being developed or ported. In fact, Nintendo probably paid Bethesda a boatload to get Skyrim ported. However, I wouldn’t expect third party ports to continue much into the future. Nintendo will, once again, be forced to give up on that idea of wooing AAA titles to the Switch … which will ultimately limit the platform to Nintendo properties (the entire reason the Wii U failed).

The Switch will become just like the Wii U, the third most popular game console. It will sell to those parents who trust the family friendly nature of Nintendo’s games. However, for adult gaming or using this tablet as a replacement for the iPad, nope. It has a nice enough hardware design, but it just has too many shortcomings to be the end-all of tablets. Because it does not support general purpose tablet use, a parent cannot justify it as an educational tool or even a browsing tool, unlike an iPad or Samsung tablet at around the same price point. Sure, it supports Nintendo’s game franchises, but is that enough? No.

Personally, the Switch is just a little too weighty (and way too lacking of general tablet features) to carry it around all of the time. Instead, I’ll use it at home like a console when docked or use it as a portable around the house when I do laundry and such. If it had Android, could access to the Google Play store, had access to an existing library of tablet games, supported a browser and included other general purpose computing features, I could much more easily justify carrying it with me all of the time. Unfortunately, that’s not going to happen with this version of the Switch. Perhaps Nintendo can make this right with an OS update, but certain things cannot be solved in software (i.e., lack of a camera or microphone). The lack of a microphone will seriously hinder multiplayer usage.

The final takeaway is, don’t go buy a Switch expecting anything more from this tablet than playing Nintendo game franchises. For the price of the Switch as a tablet, it’s way under-designed.



Hardware Build
: 5 Stars
Hardware Features: 4 Stars (missing camera and microphone)
Software / OS: 1.5 Stars
Joy-Cons: 3 Stars
Pro Controller: 4 Stars
Overall: 3 Stars

Agree or disagree with this review? Please leave a comment below. I’d love to hear your thoughts about the Nintendo Switch.

 

Tagged with: ,

Rant Time: Apple iPhone, MS Exchange and Security Policies

Posted in Apple, best practices, botch by commorancy on August 7, 2017

If you’re like me, you like to use your phone device as your catch all email reader, including for your company email. Many corporate email solutions choose MS Exchange and/or Office 365 for their mail services. This article is here to inform you exactly what can happen to your iPhone when connecting to Exchange to access your corporate email. Apple has slipped this feature set in under the radar and, worse, doesn’t inform the users or request consent. Let’s explore.

Overreaching Policies and Exchange

I’ve never been one to think that Apple isn’t transparent about its technologies, but in this case, I think I have to make an exception. Apple slipped this technology change in without so much as an eye-blink. What is this change, you’re now wondering? Well, I’ll tell you.

If you connect your iOS device (iPhone, iPad, iPod Touch, etc) to an Active Sync Exchange mail server, the systems administrator operating that Exchange server can muck about with settings on your entire device. What mucking about can they do? We’ll, here’s a short list:

  • They can wipe your entire device through a single exchange server request
  • They can change system settings on your device to prevent using certain functions on iOS, such as disabling the ability to turn off passcodes or modifying other settings on your operating system, possibly even up to disabling iCloud entirely.
  • They can deny connection to the service if your device is set with an insecure setup or jailbroken
  • There are many other security policies they can apply to your device without your knowledge or consent.

Now, I can hear the Exchange Admins all over the world groaning right now. Well, the jig is up. You’ve had your fun for far too long. Unless the company is paying not only for the device, but for the service on the device, these changes are WAY WAY overreaching for the simple act of reading email. The only thing Exchange should be able to do is wipe the mail data left over from that Exchange server. You should not be able to set or change security settings on the entire device. Additionally, users should be able to grant or deny such overreaching settings coming from Exchange. Operating systems have had this feature for years… requesting the root password to make such sweeping changes. This same should be available on the iPhone (or any mobile device).

Mail Service Connectors modifying OS settings?

This was my question… why is this possible?

That the Exchange Service can make these global operating system changes to an iPhone is a way overreaching and abusive use of mail services. Mail applications (or any app for that matter) should NEVER be able to muck about with operating system settings at that level any more than a browser can. This is not only a security risk in itself, it leaves iOS devices open to security vulnerabilities because the mail app could become compromised and used to nefariously mess up iOS. Worse, if there are two or more Exchange Server connections to the mail app, which one rules when policies are applied? They both can’t apply differing security settings and expect them both to work properly.

Of course, the biggest problem is wiping your device. There should be no possible way a mail application should be capable of instantiating a wipe command ever. This is an amazing intentionally introduced vulnerability that I’m surprised to find exists in this day and age. Mail applications should never have this level of access to any device. In fact, the only allowed wiping should be done by the user of the device through a service such as Find My iPhone behind the user’s iCloud login and password and in no other place. I’m sorry… if corporate admins want to be able to wipe lost devices, they should do it through another method… not through the Exchange mail service protocol. Mail services should be for mail services, not for pushing extraneous other functions. This was never the purpose of a mail server and this should never be possible through a mail server connection. It should also not be possible without the user’s prior knowledge or consent.

Devices and Settings

Apple needs to quickly obsolete and remove this capability from the mail app. This was an unnecessarily overreaching decision that has no place on iOS. If corporate admins wish to apply corporate policy to devices, then whatever protocol makes this change needs to inform the user of each and every policy change that will be applied to the device and let the iPhone user make the choice of whether or not to accept those policies changes. If the corporate admins want to make global policy changes to iOS, it should be through an entirely different application and system.

Perhaps Apple needs to roll out a separate application and service that allows corporate admins to make these sweeping changes to iOS. Changes that will inform the user, that the user can track through this new app and that the user can opt out of if they wish. Right now, the only way to remove the applied global settings is to remove the Exchange connector from iOS. Even then, some of the applied settings may remain set and may require a wipe and restore to clear.

Unfortunately today, Exchange can silently push policies to your device up to and including wiping your device. When I say, “wipe the device”, I mean wipe it entirely. Yes, that means data and settings lost in an unrecoverable way. The data lost does include your photos, notes and any other personal information. This means that by connecting Exchange to the built-in Mail app, you’ve given your corporate admins control over your device simply for the convenience of reading email.

How can I protect my iPhone?

Don’t use any Exchange servers with the built-in Mail app on iOS. Instead, if you need access to Exchange email, install the Outlook app which is available on the app store. The Outlook app does not have access to modify any system settings and cannot wipe your entire phone, just as it should be. However, the Exchange server can wipe email data from inside Outlook. I’m perfectly fine with that. As long as Exchange’s modifications remain contained inside the Outlook app alone, that’s perfectly acceptable.

No mail server connection should ever be able to modify an iPhone’s global system settings in such a blatant and sweeping way. Apple, you need to fix this issue pronto. If you want to allow policy changes over the entire phone, then design and build a policy application with an API. Then, like Facebook apps, request the user to approve access to this API for any application that needs to use it and require connection to the iCloud login and password to activate it. Also, allow the user to revoke access to the API and undo all policy changes at any time. Once connected, offer an app with a UI to allow the iPhone user to see what settings are being altered on the phone. Also through this app, allow the iPhone owner to make changes (when possible) to these policy grants on the device. If those changes are incompatible with a specific service’s policies, then notify the user that that service will be removed from the device if changes are made.

Few companies pay for phones today and instead leech off of employees who pay for their own phones and services. If the company is paying for the phone and service, then they can do whatever they want with it. If I’m paying for the phone and monthly service, then it’s my decision over what happens on the device. Granting access to email should never let any mail service take control over my device in such a vulnerable way, especially when I never consented to that give that level of access.

%d bloggers like this: