Thursday, July 6, 2017

Practical Product Review: Magellan Roadmate 5625

Magellan's Roadmate 5625 was on a Black Friday special.   I picked it up as an "upgrade" from our TomTom XL that was about 5 years old.   I did a bit of research on it ahead of time, and it looked like it should do the job nicely. We should be able to set a route to it, with some waypoints, and the Magellan name was reputable.

It worked OK for some local area stuff.   but it didn't get its first real test until this past month, June.   How would it perform on a trip to some of our nation's national parks, in the Southwest?

I did not rely on this device, blindly.  In fact, I brought along maps for each state we were going to be in, as well as printouts of stop-to-stop directions for most of our anticipated stops.

Part of the GPS role was intended for fine-tuning along the way.   You know, looking for a gas station or such that wasn't part of the printout.

How did this unit perform?   It did just fine on the first couple days.   Understandable it didn't catch some of the businesses that changed hands (Ramada became a Super 8, Shell became something else...)  But there were some glaring mistakes that came up

I understand that maybe within the parks, all the points of interest may not be found.   Visitor Centers were generally available POI (point of interest), but campsites and some vistas were not.  Fortunately, we had the tools to get where we needed to go when our device was unable to help - or steered us wrong.

Here are just a couple of the failings of the Roadmate:
  • In Las Vegas, NV, the Exxon station we were guided to was actually someone's house in a residential courtyard.   Not a business that may have formerly been a gas station, but a house.
  • In Rachel NV, the Little A'Le'Inn is not only not shown as a POI, but the street address is outside the permitted range of the device.   Fortunately, it's visible from NV-375
  • In Tombstone, AZ, it shows "east" instead of "west" on Allen St for some of the tourist sites.   
  • In Glenwood Springs, CO, it has an incorrect address for the cemetery trail.
  • Near Devils Tower, WY, it tries to throw you into a loop, instead of the actual path on US 14 to Devils Tower National Monument.
This on top of some other items that were either non-searchable, or had bad or invalid directions (suggestions to turn off interstate highways, exits that were not present, etc)

I spoke, at great length, with a representative at Magellan.   I am not left with a feeling of satisfaction with the product from this.    One of his lines was that the device was right 95% of the the time....  This is not a comfort, considering how significantly wrong the 5% of the times were.   Again, fortunately, I did my homework ahead of time, and we were able to adapt when our GPS proved itself an accessory for the car battery more than a directional aid.  

I  discussed my situation with the Magellan representative.   In discussing resolution, I am really not satisfied.   some things may get updated in the next map update.  Great... that helps us last month.   I didn't even get a token apology from my discussion.

If I were to give a review of this product, I would have to say it was poor to minimally adequate.   It's not the ratio of right to wrong/missing, but the quality of such.   I can understand some errors/lapses, but not some of the things we experienced.   This device seems OK for some local area navigation.  I don't put stock in it for a significant road trip though.   I don't recommend it to others.   I believe we'll be testing the market for other options as well, just based on our experience with the device - and the company.

Hacked or Hocked Email Database

In general, I prefer when I can call out a business for something good.  Unfortunately, sometimes the opposite is true.   I prefer to give the criticism directly, and not "in public"; but sometimes there's a level of apathy or incompetence that trumps keeping quiet.

Enter company Instant Checkmate.   This outfit claims to be a reputable public records database, and background search company.   Under normal circumstances, I would have linked to their company; but here I do not believe that I want to drive any business their direction.

My interaction with this company began a couple of years ago.   I was working with a client, who was considering making use of their services (through my company), but changed his mind near before any financial transactions had taken place.   For the purpose of this interaction, I had created a unique email address, provided only to this company.   For a couple of days, that email address did receive a couple of "Are you still interested?" emails, which were ignored, and they eventually faded from memory.

in recent weeks, however, that email address has begun receiving mail again. Though none of it is for the company.  Now it's for fake viagra (I'm not capitalizing the scam product), assorted diet pill scams, counterfeit goods, and an assortment of other spammy things designed to make some scumbag money - from your pocket.

Now for the fun part of this:
Had this been just a generic email address, it could be chalked up to "general spam of unknown origin".   At some point a lot of addresses end up on some kind of spam list, and get sold and resold, and you get the garbage that fills spam filters. 

The fun thing about running a domain, though, is the ability to assign unique addresses.   I have done that.   To a degree the intention is for organizational purposes.   However, it has another benefit of identifying which companies are selling addresses - or have been hacked.  In fact, because of this, I was in touch with a couple of prominent companies which made headlines for their database hacks a few years back, prior to making the headlines.

Back to Instant Checkmate:
Rarely have I encountered the level of apathy and incompetence that I have met with this company's staff.   To be fair, I understand that your basic call center representative is hired with a particular script from which to read.   Deviations from this, especially complicated ones, can short-circuit them.  Some things should trigger escalation, though. 

When trying to address this issue, the call center reps - and even the "supervisor" I spoke with seemed clueless.   It was very clear that this was something off the script, and that none of them had the slightest clue about.   It also seemed that either they didn't care - or that this company does not have any provision for this contingency.    All attempts at contact get routed to the same unhelpful call center staff.

Further, this company has fallen to "you must have given the email address out to someone else."  No, it was uniquely created for their company.  They've also tried "Maybe I used it to sign in from a compromised machine".  No, It was on a secure machine, and only generated on their site.   The two remaining options are - They sold the email list (they claim they don't), and their database was compromised.  

I did have one "supervisor" claim that it may be their "marketing partners".   If this is true, then I have complete and utter contempt for a company that uses "marketing partners" that use a series of short-term domains registered with false contact information, , and spam-"advertise" through fake email addresses.  Frankly, if your "marketing partner" is using a fake Fed Ex email message to send you to a fake pharmacy that promises "Free v****a with every order" and "No prescription needed"; then you deserve to be called out and go out of business.

Fortunately, for me, I've killed the email address they had.   All they had was an email address, which they sold or had compromised.  However, others may have had financial information compromised. 

Professionally, I would advise against any dealings with this outfit.   They seem to have no capacity to deal with anything beyond basic call center script.   They also refuse to take ownership where there is a fault and resolve the issue.   There are better, more reputable and more competent choices out there.


Friday, September 16, 2016

The iPhone 7 - An observation

Par for the course, Apple has released its annual device update, the iPhone 7.  There are/will be the fanboys that lined up or reserved the latest thing from Apple - and the detractors.   

I may be viewed as the latter.   I've never owned an iDevice.  I've had phones, mp3 players, laptops, and tablet PC's before Apple put an "i" in front of them and gave them a steep price tag.  Personally, I've found features or customization elsewhere that was more suited to my tastes, needs, preference and budget.   However I respect other folks choice in choosing.  I realize that for some, the safe-space of Apple's proprietary environment is perfect for some folks.  I know that Apple, Samsung, LG, HTC and others all make good, reliable products that people will enjoy.   (For those laughing about my mention of Samsung and the issues with the Note 7; all these companies have had some PR nightmares)

My observation on the iPhone 7 is on their recent structural change.  Much like everyone else: there are improvements to screen, battery, processor, etc.   It still comes in in the stock configurations, etc.   The intriguing thing that their spin doctors are working over is their decision to omit the 3.5mm jack.

In layman's terms, the 3.5mm jack is the headphone (or mini) jack most devices have.  Apple's spin on this is that the port is obsolete, and that it is a push toward wireless.  They give the courtesy of providing a (proprietary) lightning to mini adapter in with the iPhone 7 to allow users to use their headphones through the device's one port.

I've read some critiques on this.  I've also read the critiques of the critiques.    I understand the notion of freeing up a little internal real estate inside the devices, but overall I'm left to scratch my head at the decision making.  A few observations:

  • You cannot simultaneously charge the device and use standard headphones/earpieces. I'm sure aftermarket folks will create some sort of splitter, or maybe Apple will re-think it like their antenna gaffe.
  • Regarding the first point, as Apple has yet to implement wireless charging, this doubles down on the lightning port's usage
  • Adding an additional connector (lightning to mini) creates an added point of signal/quality loss.   Whether or not one is an audiophile, this is just physics at play.  
  • This creates an additional potential point of failure. A standard device has the jack, plug, cord and speakers as potential fault points.   This adds another jack, plug and cable to the mix.
  • This increases replacement cost.   One adapter may be included.  However, with loss, or breakage, the $9 (direct from Apple) tag adds on to the cost of replacement headphones
  • Regarding the "push" toward wireless; this puts an additional purchase on the end user, with the Apple wireless buds tacking on $160 more.   
  • Wireless opens up some issues with regard to signal loss and congestion.  
  • Wireless also opens up some security issues
I understand that the number of audiophiles is fairly low, though some folks will probably even still claim "quality differences".   Most users will be starting with "lossy" media files anyway (mp3, AAC, etc), or streaming sources. 

I have a harder time with the inability to multitask the Lightning port.   This may be more or less of an inconvenience for different people.  

I see the liabilities and limitations of wireless as being significant and unaddressed.   Apple has created what is seen to be a "safe space" for users.   There is the incorrect assumption that the devices are immune to viruses.   There is also the social engineering (some mistakenly refer to as "hacking") which has compromised many. 

Being fair, a lot of users (on all platforms) are technologically ignorant to some degree.   Things like leaving the default router password, an unsecured hot spot, low level security, blind trust, etc can put a device and more at risk.   Honestly, these are things that many users don't give consideration.  

Wireless congestion will be an interesting thing to observe.   I can see that and interference being an inconvenience, though more dependent upon surroundings.


I'm scratching my head on Apple's move.   For me, it really doesn't affect any of my decision making.   To a degree it affects some of my recommendations.  I don't think this will become an industry-wide move.   I think it may further divide fans of each camp,


Tuesday, May 24, 2016

Remember: If It Looks Too Good To Be True...

I went clear-cutting one of my less monitored email accounts today.   Some 1900 messages were thre, Maybe 1400 were legitimate messages from the past year and a half.  I deleted those, leaving the rest.   Perhaps about 25-30 that needed to be kept - the rest got the spam flag first.    Amongst the Nigerian princes fake lotteries, and other miscellaneous nonsense I sawone that sent me about 15spam-mails.   This got my curiosity to have a look.  In general, the odds of a spammer using the same name and /or email address multiple times is slim.


Here's the contents:
Thank you for opening my email sent last week.   Since the last email I sent my lending requirements have loosened.   We are willing to loan to small businesses with no personal guarantee or Fico score requirements. We base our approvals on the Financial stability of your company.  For example last week I funded a Georgia based Software Company  $20,000 with a $99.00 daily payment Monday - Friday for 10 months.  This particular company was using my capital to secure SEO marketing and google clicks and two contract employees. As you know in order to crush the competition and stay alive you need to market and have the manpower.  Why not use my money to crush the competition. They always say in order to make money you must spend it.
My Program Highlights are


Funding in 24 Hours 
Submit Only a one page Application and Three  Months of your last business Bank Statements
Loans Available to $500,000
Loans not based on Individual FICO Scores

 My funding comes with no restrictions and  it is wired directly to your bank account for your discretion. Also this deal was funded with 24 hours of all of the conditions being met.

The Application requirements are light. 
1. Signed and completed application. (This application is attached to this email)
2. One month of your current business bank statements. 
*If you are accepting credit cards I will also need a copy of your last months credit card processing statement
Once I get this I will package and present your deal to our partner banks as well as our private investors.  I will have an approval and term sheet for you within 2 hours of receiving all of your information.  Funding will be within 4 hours after all of the information on your application is verified and funding conditions are met..  You can fax me these documents to my secure e-fax at (866) 656-8477. You can reach me anytime at my desk or at 877.237.7703 or call me after hours on my cell phone (323) 216-0555 so that we can discuss some of the programs available to your business. I'm up and going every day at 5 am PST.
CLICK HERE TO APPLY NOW

Thanks and have a blessed day,

Stef Marrero

Business Development

999 Corporate Drive 
Ladera Ranch, CA 92694
p. 877-237-7703 x 101
f. 866-656-8477
d. 949-525-4727
w. www.talegacapital.com


Of course there's also the normal BS about how this was not unolicited or whatever to try to make you believe you signed up for it.   Apparently Mr (Stefan) Marerro  is mixing Florida and California information here (domain registry info).  

What tells me it's bogus?
  • I have never heard of this individual, nor his company.  
  • I have not actively nor passively sought out any type of funding from him
  • Nor from an outfit that may share information with shady bottomfeeders/scammers.   
  • It was not addressed by name or business.   
  • It operates on false pretenses of previous/established relationship
  • It makes unrealistic claims regarding available monies
  • The requirements seem to be "too easy", especially in today's economy.
  • It arrived to an account not associated with my business

 There's a chance that there's something non-illegal about Mr Spammer's offer.  But, it's likely something that will come with more pain than gain.   The best advice to remember is that messages that come in unsolicited (even/especially if they claim otherwise) that make an offer that seems "too good to be true"; are.   Flag it, bin it, and don't be taken for a ride by something like this.

Thursday, May 12, 2016

App Review, Followup - Color ID

A bit ago, I checked out an app called Color ID.   I posted an initial review of this app, and decided to follow up on it.

Several things have remained constant in the intervening time.   I am still using the Samsung Galaxy S6 for the app.   I still have no iProducts to compare the iTunes store version.   And, I have had no change in my color vision.  I have had a bit of time to try this app out in several conditions.


This app could probably be considered "abandonware".   The developers have not been supporting, or updating it.   So, it is as-is, and will likely remain so for as long as it is around.    There is no support for it.  

How have I found the functionality?
The app uses the camera and speaker.   It has no zoom feature, but a round centering section for it to recognize.   The default isfor the voice to be on, and to check colors every couple seconds.   This can be turned off, so that you can identify color as desired.   In the options, it offers "simple colors" "exotic colors" and "Ral colors".  Simple offers things like "Dark purplish green", "Grey brown" and such.   While not having seen them, they make sense from the "basic crayon box".  They also give the numeric code that it perceives (Brownish black #0a0e0f).  Exotic colors, I believe, gives a lot of new names to the individual shades (Dune, Woodsmoke, Rangoon) though still gives a numeric (Shark #232627).  I'm not overly sure what "Ral colors" means, but seems to give a mix of unusual names, and modified basics (Jet black, concrete grey, sepia brown ) and gives numerics (Tarpaulin Grey #4d4943).

I've found the app to be a bit helpful, but, not as much as initially hoped.   I've found that slight variations in placement of camera, or minor differences in lighting, can result in the identified color.   Sometimes these minor movements (a fraction of an inch in camera placement) can switch between grey, purple, blue and green.   The nature of lighting has an affect on this, as well.   CFL bulbs, fluorescents, sunlight, incandescents, an LED monitor nearby... All of these change the minor perceptions of what the camera sees.

It's nice, and sometimes helpful.  However, it can't be relied on.   While I can be easily fooled between blue and green, I realize there is a world of differences on the spectrum of them.   It's a handy tool, but it's not something that I can count on absolutely.

Party Line Is Open

The phone lines are open: Call 1-855-326-5442, while it's still working. Some possible answers will be "Google Technical Support", "Windows Technical Support", "Yahoo Technical Support", "Technical Support", and "Computer Scammers R Us". 
 
OK, so maybe they didn't answer the phone the last way... but I called them out on it. Until such time as Level 3 Communications can be bothered to disconnect their phone service, I declare the Party Line open. 
 
These are not legitimate call center employees.   They are criminal scammers.   The same contact number claims to represent many competing corporations, simultaneously.  

Examples of deception and fraud include:
  • Microsoft (or Google, Yahoo, etc) will NEVER call you to tell you there is a problem with your computer!!! (While Microsoft will offer phone support, it requires you, the user, to contact them for assistance.   They do not have your name and number.  Yahoo no longer offers phone support - or seemingly any support.)
  • Claiming that the CLSID number is your "Windows license".  (This number, 888dca60-fc0a-11cf-8f0f-00c04fd7d062 is the same on all copies, it is not unique)
  • Claiming that the "netstat" command "shows hackers in your system" (The netstat command, by itself, shows a list of remote connections to your computer - which includes currently visited websites, it does not necessarily indicate hackers' presence)
  • Claiming that the warnings and errors in Event Viewer indicate hackers, viruses or infections (These errors are normal, and do not indicate such things as the scammers attempt to claim)
  • Being very pushy to engage in a remote session with your computer.   (Yes, on occasion legitimate companies will ask for remote access.  This is strictly voluntary, and the level of insistence is low.)
  • Use of profanity, including "The F Word" (These are termination-worthy offenses, with a generally zero-tolerance policy toward even lesser oaths, let alone "the queen mother of all profanities". )
So far these scammers have provided me a bit of entertainment in dragging them out through imaginary "problems".   I figure if Level 3 is going to leave this number up - deeming it not a violation of AUP; then Others may as well have some fun with it, as well.


Keep in mind that these are criminal scumbags, not legitimate business people.   Have fun with them.  String them along.  Waste their time.  Do not, however, let them gain remote access to your computer.   The more their time is wasted, the less it can be used to victimize innocent people, and harm their machines - or steal their money.

Thursday, May 5, 2016

Hillary's Server - Not A Political Post

The Clinton Server
(Not A Political Posting)


I've never really wanted to delve into politics here.   I find that mixing business and politics ends up being bad for business.   The "Clinton Email Server" has been newsworthy for some time.  I, like many, have personal opinions on this matter.  I do not intend to get into those here.   This is about technology, not politics.   Below, the discussion will be about whether or not an extradited hacker's claims of having accessed Mrs Clinton's server are plausible.  Please read this with an open mind, regardless of your opinion on Mrs Clinton.

The "quick and dirty" (or TL;DR) version to set things up:  Barack Obama was elected in 2008.   Upon taking office, he appointed Hillary Clinton as Secretary of State.   Mrs Clinton used a home-based mail server for her State Department correspondences.  Following the 2012 election, Mrs Clinton stepped down from the position of Secretary of State.   In 2013, information about her private mail server surfaced, and since then has become a political topic of assorted controversies.

One of the questions about this server was "How secure was it?"   Staff claim that no one got in.   However, a Romanian hacker, Marcel Lehel Lazar (using name Guccifer) claims otherwise.    In this piece, and this link, Guccifer talks to journalists following his extradition to the US.  He claims that he accessed the server, and gives some detail on "how".    A valid question, though is "Does this man's story hold water?"

The Clinton camp was quick to call "bull" on Lazar's story:
In response to Lazar’s claims, the Clinton campaign issued a statement  Wednesday night saying, "There is absolutely no basis to believe the claims made by this criminal from his prison cell. In addition to the fact he offers no proof to support his claims, his descriptions of Secretary Clinton's server are inaccurate. It is unfathomable that he would have gained access to her emails and not leaked them the way he did to his other victims.”
Perhaps to the non-user to average computer user, this makes sense.   It seems logical.   Unfortunately, to the more trained eye, Lazar gave quite a bit of information in his interviews and statements.

His access to the Clinton server started, according to him, with Clinton confident Sidney Blumenthal.   Mr Blumenthal still used an AOL email account.   With sufficient research, Lazar found details to gain access to Blumenthal's account.   We are about eight years removed from a somewhat similar incident involving participants in the Presidential Election, when Vice-President candidate Sarah Palin's email account was hacked, and leaked.  While Lazar did not get into specifics, his vague description matches the specifics in the Palin hack.  


For the average email user, looking at the inbox shows a sender, subject, time and date, and maybe other people that are on the cc list.   There's a lot more to it than that.  Depending on the mail provider/client one uses, the means of viewing the source information varies.   In this email source, there is a lot of useful information to the more-trained eye.   In order to arrive, mail must be addressed. (username @[instructs computer that domain follows] domain.extension)  When you send mail, it goes from your device to your mail provider, to their mail provider, to their device (and significant routing points along the way). 

As Lazar pointed out, each endpoint has a unique IP address.   For some (home users' computers, Yahoo, Gmail, etc), the address may change with time.   For others (large businesses, schools, hosted domains) a permanent, or static, IP is used.  Lazar is correct that there are a multitude of tools available to examine these IP addresses.  

It seems that Lazar looked a little deeply at some of the contacts with Blumenthal, and looked at where they lived on the Internet.  As I read the description, I thought "This sounds vague".  I was easily able to fill in the details, though, which were likely left out, so as not to provide a "how to" guide.  I can see "Clintonemail" being intriguing, especially not behind a .gov server.  I can see what he describes as being "one of the first things to try".  

To address the Clinton group's assertion that the contents would have been leaked, motive should be considered.    In the Palin case, the perpetrator was American, a Democrat, and she was an opposition candidate in a national election.   There was (perceived) political gain in the September 2008 leak.   By not leaking (at the time), this allows for more exploration, and more gathering.   Continuing to read Blumenthal's email source, he could potentially discover many more servers of interest.   These, in turn, could lead to other "productive" finds.   Burning his source right away eliminates the potential of future discovery.

To be fair, the fact that he makes these claims, and knows the process does not necessarily mean that he was in the Clinton server.    He tells a compelling tale, and it is extremely plausible.  However, he would need to provide some pretty good proof that he was in to convince the jury. 

The Clinton assertion that the server was secure, and no one got in; may be true.  However, it is just as likely to be optimistic belief that has yet to be disproved; or a political mistruth to protect the image of one of three remaining major presidential hopefuls.  

Ultimately, Lazar makes a very convincing and plausible argument.  To be fair,anyone who has a strong functional knowledge of IP addresses and port scanning could likely say the same - with or without having accessed a particular machine.   In the end, the answer will be determined by whether or not Lazar can back up his claims.