Archive for the Commentary Category

Here’s The Top STEM Toys for National Engineers Week

Posted in Commentary on February 18, 2018 by itnerd

According to the US Bureau of Labor Statistics, women represent 50.6% of the US population yet make up only 11.7% of all engineers. Introduce a Girl to Engineering Day on February 22, 2018 (part of the larger observance of National Engineers Week) is all about changing that forever! Following are a few of the latest and greatest STEM toys from Learning Resources, perfect not just for girls, but for ensuring all kids are given a proper early introduction to STEM.

Botley the Coding Robot

vcsPRAsset_3171683_68766_a7012606-3b93-485f-b444-2abbbf2d5e5b_0.png

Botley the Coding Robot is ready to use right out of the box and introduces children as young as five to the world of coding in a fun and straightforward way—all without the use of a smartphone or tablet. Advanced features will grow with kids offering challenges for many years to come.

Age range: 5 years+

MSRP: $79.99

Available online: Amazon.com

Gears! Gears! Gears! Build and Bloom Flower Garden Building Set

vcsPRAsset_3171683_68768_de148237-dc60-4619-80f9-190e64d2f99b_0.jpg

Mix, match and create a beautiful, spinning flower garden with engineering at its heart! All 117 parts are interchangeable, allowing for endless combinations and designs. Develops problem solving, cause and effect, and critical thinking skills along with sequential thought and spatial relationships.

Age range: 4 years+

MSRP: $39.99

Available online: Amazon.com

City Engineering & Design Building Set

vcsPRAsset_3171683_68769_5513d004-cdf6-4405-a820-b2dec14c5d9c_0.jpg

Encourage an early love of STEM learning with this one-of-a-kind building set. Young engineers can create their own skyscrapers, cranes, bridges and more with 89 easy-to-assemble pieces. Use the included activity cards to complete design challenges or create a city. It’s a unique way to challenge logic, problem solve, and develop engineering skills.

Age range: 5 years+

MSRP: $24.99

Available online: Amazon.com

Advertisements

A Final Update About The Nonda Zus Smart Tire Monitor

Posted in Commentary with tags on February 18, 2018 by itnerd

Frequent readers of this blog will know that I pulled the recommendation of the Zus Smart Tire Monitor by Nonda recently because of a pretty stunning design flaw which is it is prone to galvanic corrosion. I wanted to give an final update on this now that I have received a replacement unit from the company.

First of all, the replacement unit sat in my den for about a week while my wife and I debated whether we should put it back on the car or not. In the end, we decided to put it back on the car because having some sort of tire pressure monitoring system on it is better than none. But we would take the advice of the company and use dielectric grease on each of the valve stems to ensure that galvanic corrosion would not be an issue.

Now for a quick science lesson. Galvanic corrosion is a type of corrosion that Wikipedia defines as follows:

Galvanic corrosion (also called bimetallic corrosion) is an electrochemical process in which one metal corrodes preferentially when it is in electrical contact with another, in the presence of an electrolyte.

In this case, the valve stems and the sensors which are both made of metal (brass in the case of the valve stems, and some type of alloy in the case of the sensors) fuse together when in the presence of salt water (road salt is used to keep the roads free of ice and that becomes salt water when the temperature is high enough) which would qualify as an electrolyte. That keeps you from being able to remove the sensors to add air to your tires. That’s a pretty stunning design flaw as you would think that Nonda would have factored that into the design of the product. But clearly they didn’t which is why we’re here talking about this. Now what dielectric grease does is act as an insulator from the salt water and the two types of metal present to stop this from happening. So, what one has do at least once a month, if not every time the sensors are removed to add air to the tires is coat the threads of the valve stem with dielectric grease before screwing the sensors back on.

Top Tip: The guys at Tires23 suggest that you should do this as a mater of course to ensure that you are able to remove pressure sensors like the ones that Nonda supplies, or the regular rubber valve covers that are on your average car.

In my case, I went one step further. I cleaned the valve stems of each tire with alcohol to ensure that there was nothing “bad” on them that could cause an issue. Then applied the dielectric grease before installing the sensors on each valve. So for now, the Smart Tire Monitor is back on the car. I say for now because I am researching it’s replacement. As soon as I find something that I feel comfortable putting on the car, the Smart Tire Monitor will be replaced straightaway. And that’s a shame because I think Nonda has the right idea here by having a system that constantly analyzes your tire pressure to warn you of impending danger which is a step above what even factory tire pressure monitoring systems do. But the fact that they clearly didn’t take into account galvanic corrosion into the design of the product is an #EpicFail. Now Nonda did say in Tweets and other communication with me that they’re looking at addressing this. For example:

So, my challenge to them is this: I am holding them to what they said above. I would love to know how this will be addressed as I suspect that this is going to continue to be a problem for anyone who buys this as the replacement unit that I received from Nonda seems no different than the original one. Furthermore, if they actually redesign the product to resist galvanic corrosion, I am willing to do another review on it to see if they have truly addressed it. Until that happens, I will still continue to not recommend this product to my readers.

Public Mobile Was Going To Jack The Rates On Their 4GB Data Plan Until The Blowback Forced A Hasty Retreat

Posted in Commentary with tags on February 18, 2018 by itnerd

Two days ago, Telus-owned Public Mobile notified customers via text message their $40/4GB plan ($120 for 12GB over 90 days) was going to increase in price by 25%, jumping by $10 per month, to a total of $150 over 90 days.

The blowback on this was swift. The Public Mobile Community Forums have a massive thread about the price increase. Not only that, suggestions were made that customers should file a complaint with the CCTS about the 25% price hike. But the outrage didn’t end there. If you don’t want this price increase, Public Mobile says you can jump on a $40/4GB ‘promo’ with sister brand Koodo, available until March 15th, 2018. This plan includes unlimited Canada-wide calling instead of provincial minutes, and includes a one-time $100 bill credit.

So what was clearly going on here was that Telus wanted more postpaid customers on its books than prepaid customers. I must admit that this is a very cynical way of going about that, and it’s something that I would not have expected from Telus.

But as of yesterday, it seems that this plan is off the table as according to a blog post, they’re walking this back and everything is back to the way it was. Now one can assume that all the negative press caused this to be walked back. But you have to wonder why even go there in the first place? Despite this change of heart, some customers of Public Mobile are going to start looking to other carriers as this was a very negative experience for them. If I were Telus who owns Public Mobile, I’d think of a way to make nice to their customer base. And if I were them, I’d do that really fast.

A Nasty Bug Is Discovered In macOS High Sierra Related To APFS Disk Images

Posted in Commentary with tags on February 16, 2018 by itnerd

The quality issues with Apple software keep popping up. Last night I became aware of a new one that while it would be a bit of an edge case, is still pretty serious. Mike Bombich of Bombich Software who make the popular Carbon Copy Cloner backup software discovered a pretty bad bug when it comes to disk images formatted for Apple’s shiny new APFS file system. Before I get to the bug, let me explain what disk images are.

In short, disk images are basically files that behave like hard disks. You can store thousands of files in them and mount and unmount them like hard disks. In other words, it’s a pretty cool way to back up stuff as it’s a pretty easy concept to understand for most users. Disk images on the Mac platform have been around forever and even Apple uses them with its Time Machine backup application. Thus, you might have used a disk image and not even been aware of it.

Now here’s the bug as described by Bombich:

Earlier this week I noticed that an APFS-formatted sparsebundle disk image volume showed ample free space, despite that the underlying disk was completely full. Curious, I copied a video file to the disk image volume to see what would happen. The whole file copied without error! I opened the file, verified that the video played back start to finish, checksummed the file – as far as I could tell, the file was intact and whole on the disk image. When I unmounted and remounted the disk image, however, the video was corrupted. If you’ve ever lost data, you know the kick-in-the-gut feeling that would have ensued. Thankfully, I was just running some tests and the file that disappeared was just test data. Taking a closer look, I discovered two bugs in macOS’s “diskimages-helper” service that lead to this result.

Well, that’s a #fail and a pretty bad one. He then tested on disk images formatted for HFS+ which is Apple’s previous file system and didn’t get this result. Thus he believes that this was an oversight rather than a regression (a regression is something that started out working fine and then broke at some point). More on that in a moment. But because this was a serious enough bug, he took the step of putting out an update to Carbon Copy Cloner that stops users from using APFS formatted disk images as well as filing a bug report with Apple. He also recommends that nobody on planet Earth use APFS formatted disk images until this issue is addressed.

This is clearly a QA fail as I would expect that a test case would have been built around testing an APFS formatted disk image to see if it had the same functionality of an HFS+ disk image. Clearly that didn’t happen here and it underlines the issues that Apple clearly has with the quality of their software. Now earlier this week I tweeted out a story from Bloomberg about a how Apple will address these systemic issues:

Hopefully that yields results as the current state of affairs is not that good.

Thousands Of FedEx Customers Had Their Data Exposed On A Wide Open Server

Posted in Commentary with tags on February 16, 2018 by itnerd

You have to wonder when will companies learn that securing customer data isn’t optional. I say that because Kromtech Security Center which is the parent company of MacKeeper Security has found that thousands of FedEx customers have had their private information exposed after one of the courier’s Amazon S3 servers was left open without a password. FedEx got the server as part of buying a company called Bongo International a few years ago. Now here’s the really bad part, after Kromtech reached out to FedEx to tell them about the security screw up, the server was then yanked from pubic view. Which implies that they had no clue that this server was sitting out there wide open for anyone to find.

So, what data are we talking about here? Nothing significant really. Just passport information, driver’s licenses and other high profile security info that would allow any miscreant to steal your identity. And the data comes from customers around the world.

Ouch.

Bob Diachenko, head of communications, Kromtech Security Center had this to say:

“Technically, anybody who used Bongo International services back in 2009-2012 is at risk of having his/her documents scanned and available online for so many years. Seems like bucket has been available for public access for many years in a row. Applications are dated within 2009-2012 range, and it is unknown whether FedEx was aware of that “heritage” when it bought Bongo International back in 2014″

For it’s part, FedEx had this to say:

“After a preliminary investigation, we can confirm that some archived Bongo International account information located on a server hosted by a third-party, public cloud provider is secure. The data was part of a service that was discontinued after our acquisition of Bongo. We have found no indication that any information has been misappropriated and will continue our investigation.”

Seeing as this S3 server was available for who knows how long, nobody knows if data was swiped. If I were FedEx, I’d assume that data was swiped by the forces of evil and then start reaching out to those who had info on this server and give them the heads up. Because these days you can’t be too careful.

New Bug Affecting iOS, macOS, & watchOS Crashes iPhones With A Single Character

Posted in Commentary with tags on February 16, 2018 by itnerd

Apple’s software quality continues to be a bit of a gong show. Case in point is a new bug affecting the currently available versions of watchOS, tvOS, iOS and macOS has been discovered that will crash your iPhone and not allow you to access a range of messaging and e-mail apps, including Apple’s Messages, WhatsApp, and Gmail, among others. According to a report from The Verge the bug happens when a particular Indian language (Telugu) character is received, or even just pasted into a text area.

Here’s the bug in action:

The good news is that according to The Verge a fix is coming to address the bug in the form of some sort of minor update. That implies that it could be pushed out at any time. The other option is for Apple to push out the versions of those operating systems that are currently under beta. I say that because all existing beta versions of iOS, macOS, tvOS and watchOS are unaffected by this bug. But based on what I am reading, it is likely that Apple will push out a quick fix.

Regardless of what Apple does to fix this, the fact that this bug even exists underscores the issues that Apple has with its software quality, and that fixing that problem is clearly a huge challenge for them.

That Skype Bug That Microsoft Wasn’t Going To Fixed Is Actually Already Fixed

Posted in Commentary with tags on February 16, 2018 by itnerd

You might recall that I posted a story about a Skype bug that could lead to you getting pwned by hackers, and that Microsoft wasn’t gong to fix it. Well, it’s actually been fixed.

Confused? Yeah. So was I. Hang with me and I’ll explain.

According to Skype program manager Ellen Kilbourne via a support forum post, the vulnerability is present in Skype for Windows versions 7.40 and lower. Last October, Microsoft released version 8 without the flaw. Thus the fix is to upgrade to the latest version.

So, how did we end up with this becoming an issue?

The issue was discovered by German researcher Stefan Kanthak. In the paper where he disclosed this bug, he says this:

“The engineers provided me with an update on this case. They’ve reviewed the code and were able to reproduce the issue, but have determined that the fix will be implemented in a newer version of the product rather than a security update. The team is planning on shipping a newer version of the client, and this current version will slowly be deprecated. The installer would need a large code revision to prevent DLL injection, but all resources have been put toward development of the new client.”

Clearly version 8 was the new client that Microsoft was speaking of. Thus I have to assume that either he believed that Microsoft wasn’t going to do anything, or he mistook what Microsoft said. And as a result he waited three months and disclosed something that had already been fixed. In other words, it was an honest mistake.

And with that, you can go back to using Skype without worrying that you’re going to get pwned.