Eero makes big promises, but where’s the skepticism?

OrlyI’ve been through my share of really crappy routers and WiFi before finally settling into equipment that works properly. I can’t even imagine the frustration an average consumer must feel at having routers that don’t perform well, need constant rebooting, and have complicated update processes. It makes sense that a company like Eero would seek to solve some of the headaches associated with crappy routers, but I’m having a hard time seeing what advantages they offer. In fact, it’s looking like a classic case of overselling a product before it’s even ready.

The biggest red flags popping up to me are the “easy” bits. You can configure the routers with your phones, they handle mesh networking without any consumer knowledge, and automatically download updates. Right off the bat, using Bluetooth for configuration seems pretty sketchy. For any half-decent authentication to work, you have to be able to exert some level of access control. This is at odds with the “plug and play” sales pitch from the product.

Automatic updates are also problematic. Forced firmware means you don’t get to choose to not apply a buggy patch, and it also creates an attack vector for someone who can compromise the update process. It also implies that, unlike other products, third party firmware will be a non-starter, a great option for people with technical know-how once a router is no longer getting updates from the manufacturer. I’ve even used it with my in-laws to kick an old Linksys router into high gear (and triple the range).

Even the range claims don’t jive with me. Each device is supposed to cover about 1000 square feet. Funny, but my D-Link R7000 is currently covering a 2200 sf home, a 0.30 acre lot, and several empty lots away for the same price. A repeater may make for a stronger localized signal in specific applications, but it also crowds the airwaves with even more signals from more devices, something that actively reduces performance. Mesh network also tend to introduce additional latency, something that has plagued Sprint’s cell network for years.

The pricing also gives me pause. The first device is $200 and a three-pack is $500. That D-Link I mentioned runs around $200 while offering much more coverage and is pretty darn easy to use. And that three-pack? You could buy a Ubiquiti EdgeRouter Lite and UniFi AC for $140 less and cover almost 17 times the area, 50K square feet. (In case your math is rusty, that’s something like 1.2 acres.) If the price were in line with the $100 crap they usually sell at Wal-mart, the story would be different, but this is almost Apple-like.

This is the problem I’m seeing: there’s a lot of brand being sold, but not a lot of value. For the cost of one of their devices, you can get a top-shelf consumer router that’s likely to be more secure, just as easy to use, and from a brand with history, not a no-name startup. For their three-pack, you could get the high-end Ubiquiti equipment, pay someone to professionally install and configure it, and still have money leftover to take the family out to dinner at Chili’s.

What’s really chapped my hide is that nobody in tech journalism is bothering to run through these scenarios and give it the healthy dose of skepticism it deserves. This is becoming an unfortunately common scenario these days, to print claims verbatim without running them through the fact checking wringer. It’s even worse when only those claims that butt up against a journalist’s existing biases. If you don’t have an immediate “BS” reaction to PR flacks, maybe journalism isn’t the job for you.

Posted in Geek | Tagged , , , | Leave a comment

Why blame your phone manufacturer when Google will do?

There’s been a bunch of buzz lately about a vulnerability in versions of Android prior to 4.4 (KitKat). Google has advised that it doesn’t plan to issue any fixes for these older versions. Unsurprisingly, this has invited a lot of clickbait-hungry tech “journalists” to start screaming that Google is to blame for leaving 60% of Android devices with a critical unpatched flaw. That kind of blame-shifting, however, is stupid, wrong, and grossly irresponsible.

First off, there’s a fix available for the issue. Any phone upgraded to 4.4 (KitKat) or 5.0 (Lollipop) is safe. Given that there are now two successive releases with the flaw patched, what sense would it make to retroactively go back and patch a much older version? Google has already pointed out that because Android is open source, anyone could submit a patch to the code to address it.

But they also point out something far more important. If a patch were accepted, the best Google can do is notify the phone manufacturers that it exists. Google can’t forcibly update the phone with the patch. They can’t make a manufacturer who decided to write off a specific model go back and release the update. Ultimately, Google has little power over this. Even if a patch for older versions of Android was released, why would you want that instead of an update to a newer version like KitKat or Lollipop?

While the Blame Google Express is barrelling down the tracks, it continues to let HTC, Samsung, LG, Sony, Motorola, and many other manufacturers off the hook for releasing devices that they know won’t be updated for more than a year or two, tops. Google isn’t putting you at risk; manufacturers who figure that they’ve already got theirs are. If a journalist’s job is to inform and explain, they’re apparently taking the day off on this one.

Posted in Geek | Tagged , , , | Leave a comment

Are you an unwitting stalking accomplice?

Stalker CatAt least once a week, someone on Twitter or Facebook will share a picture describing a missing person (usually a child) with one or more phone numbers to call. Our immediate reaction is to share it far and wide to help locate someone else’s missing loved ones. Unfortunately, there’s a lot of bad guy out there who are all too happy to capitalize on that impulse to help them stalk non-custodial children, ex-spouses, and others who have chosen to break contact. Here’s what you need to look for before clicking Share.

More often than not, the pictures will not be shared by law enforcement agencies. That’s a hint that the report may not be legitimate. If the image was not retweeted or originally shared by a local police agency or media group (TV, newspaper, radio), odds are good that it’s not the real deal. You can also check active AMBER Alerts and official state missing persons reports to see if this individual is listed there.

Most of these images include phone numbers. Some quick Google searches will often tell you if the phone number belongs to law enforcement or a private party. Almost all of the time, they are numbers registered to wireless providers, usually pre-paid ones with a blanket of anonymity. This is a giant red flag that something’s up. You should only ever call law enforcement to report a missing person sighting and never a private party.

The stalkers know they can prey upon our impulses to help out. In fact, they depend on it. Let’s make sure we’re all being smart about what we share and not trusting whatever we see on the Internet.

Posted in Geek | Tagged , , | Leave a comment

Is Tor Permanently Broken?

Tor-logo-2011-flat.svgFederal law enforcement seems to have decided that anonymizing networks are public enemy number one. They’ve racked up some impressive wins in taking down drug-trading market Silk Road, notorious child pornography site Lolita City, and now have managed to bring down Doxbin, a site famous for disclosing sensitive personal information. The world is a better place without those sites, but the ways in which the feds have gone about taking them down makes me think we’re paying too great a price for those wins. Is it possible that they have almost single-handedly destroyed the last great anonymizing tool of the Internet?

Tor was designed as a system of proxies to mask the true source of any request for data. It also encrypts all data in transit in order to prevent any eavesdropping along the way. The design depends on lots of different nodes owned by different parties in order to maintain that anonymity. If anyone gained control of a majority of the nodes, they would be in a position to de-anonymize every user. Even with a large number of nodes, it would still be possible to unmask targeted users with enough persistence.

Now ask yourself one question: who has the resources and determination to attempt to wrest control of enough network nodes to destroy its anonymizing potential?

As we can see above, that can accomplish some good things. Unfortunately, it also means that anyone who gets on the bad side of the US government without breaking any laws now can’t depend on the most important anonymizing tool available today. Evidence exists that this may already be the case, but the feds have kept very quiet about that capability. It’s also not inconceivable that another state actor may attempt to gain access to that de-anonymizing capability without having to build the infrastructure themselves. That puts reporters, whistleblowers, and human rights activists in sometimes mortal danger.

You have to ask yourself if catching the occasional drug runner, child porn collector, or hitman is worth putting millions of lives at risk in totalitarian countries. I hope you’ll agree with me that it is not, especially since those bad guys have been caught without putting the good guys at risk.

Posted in Geek | Tagged , , | Leave a comment

Barefoot Children

Dirty SneakersToday was my morning to get Liam ready for school. He came in and woke us up before the alarm went off (which almost never happens) and was well before there was any hint of daylight. This left us with a lot of time this morning for him to actually eat his breakfast before we had to leave (which almost never happens), so I was scrambling to make a quick sandwich before we had to bolt to the bus stop. The new bus stop is a lot further than walking distance for a kindergartener (about a mile), so we drive him there.

So imagine my shock and surprise when we arrived at the bus stop and I open the car door to realize that I had entirely forgotten to put on his shoes. And, naturally, he hadn’t thought to say a word about it as I put on his coat and loaded him in the car. After briefly contemplating sending him to school with no shoes (parent of the year material, I know), I drove back home resigned to driving Liam to school.

Except when I got home, I couldn’t for the life of me find his shoes. I checked every room in the house, even in our bedroom. I woke up Shauna so she could help me search for them. Then I had the thought to check the backyard.

And yes, they were in the backyard. In the dirt. And filled with dirt. Apparently Liam had taken his shoes off in the one part of the yard that isn’t grass and used them as improvised shovels.

And yes, I took him to school in dirty shoes. Want to make something of it?

Posted in Liam | Tagged , | Leave a comment

Let’s have a chat about gaming

broken controllerSome of you gamers are really ruining it for the rest of us. You’ve threatened a game developer into fleeing her home for no discernable reason, you’ve overreacted to a clear breach of journalistic ethics with rape threats, and now you’ve caused a YouTube personality to cancel a talk at a university by threatening to shoot a whole bunch of unrelated people. Unfortunately, most of you don’t even realize that you’ve gone entirely off the rails with crazy, and you’re only enabling the worst elements of “the other side”.

Background on Anita Sarkeesian and Zoe Quinn

For those who are unaware of what’s going on, allow me to provide some background. Anita Sarkeesian is a feminist who runs a YouTube series on how women are portrayed in video games. She often makes good points, though she does have a tendency to occasionally overreach and elicit an eyeroll or two. This series has drawn out a bunch of self-described “social justice warriors” (or SJWs) who have made it their mission to prove beyond any shadow of a doubt that every single “gamer” (which is as ill-defined as you imagine it is) is exposed as a racist, misogynist, bigot, and all-around nogoodnik. Unsurprisingly, this hasn’t sat well with the vast majority of gamers (like me) who are none of these things, but you know as well as I do that political movements love their broad brushes over dealing in nuance.

Continue reading

Posted in Geek | Tagged , , , , , , | 1 Comment

There’s no such thing as safe sext

from Flickr user Jhaymesisviphotography

from Flickr user Jhaymesisviphotography

Put down your pitchforks, your social justice warrior shrieking about “slut-shaming”, and your righteous indignation about, well, everything. It’s time to have a much-needed expounding upon my call to take more responsibility for the security of your personal data. The impetus is this article from the Salt Lake Tribune showing some very disturbing security practices amongst teenagers.

Teens taking dumb risks is nothing new. They’ve been doing it since, well, forever. Often, though, most of those mistakes wouldn’t end up being a permanent record. Now we have the Internet which will forget nothing about you. And yes, that includes those racy pictures that that one special person pinky swore to never, EVER show another living soul.

Continue reading

Posted in Geek | Tagged , , , , | Leave a comment

Notes on Duck Eggs

We’ve been fortunate enough since moving to Cedar City to come upon a near unlimited supply of duck eggs. In exchange for about 1.5 gallons of fruit and veggie scraps, we get about a dozen eggs per week for our fridge. While these can be somewhat interchangeable with chicken eggs (they’re much larger), the increased fat and protein content creates some unique cooking advantages and challenges.

Scrambled: These form curds very slowly, even under high heat. This is perfect for making light and fluffy scrambled eggs that aren’t completely dried out. Note that scrambling takes a lot more effort since the yolks do not break apart as easily.

Omelet: What makes for good scrambled eggs makes for lackluster omelets. Even with an extended cooking period, the eggs don’t solidify enough to hold together and you end up with a VERY crumbly mess.

Fried: The whites cook relatively quickly, but the yolks take a longer time. This makes over easy and over medium eggs a lot easier to accomplish without using really low heat or watching them like a hawk. The hard-to-break folks mean you won’t end up making accidental scrambled eggs.

Poached: Since the whites cook very quickly, you don’t need to worry about adding vinegar or having those unattractive stringy bits of cooked white everywhere. The slow-to-cook yolks mean they won’t overcook.

We haven’t yet done any baking attempts with them to see how they perform. I’m also going to guess that because of the wide delta between when the whites are done and when the yolks are done, any kind of boiled egg is going to be iffy.

Got any suggestions on how to use duck eggs? Sound off in the comments.

Posted in Food | Tagged | Leave a comment

Prepaid Showdown: T-Mobile vs Cricket

Cricket Wireless LogoOnce we got relocated to Cedar City, we found a major problem: T-Mobile’s service makes Sprint look good. I suppose this is to be expected. Despite great performance in SLC, Las Vegas, Sacramento, and Boston, getting any kind of usable T-Mobile data connection in a rural area (such as CA-99, I-80, and Lake Tahoe) was almost impossible. Even switching to a T-Mobile plan that included roaming didn’t help. In an effort to get some kind of usable cell service, we had to give Cricket a shot.

The performance difference has been quite notable. I was often getting only 2G EDGE or 3G HSPA+ signals from T-Mobile, but the towers were so saturated that using data was almost impossible. Cricket piggybacks onto AT&T’s network and delivers 4G LTE across almost all of Cedar City and into parts of Enoch. More importantly, the connection has been consistently more reliable out here. We also got service at the house we’re looking to buy whereas T-Mobile had no signal. Both carriers will drop down to 2G speeds when the 4G data is used up, so we don’t have to worry about losing data access entirely in a heavy month.

That said, there’s a tradeoff. In SLC, Cricket actually performs notably worse than T-Mobile. It’s still usable, but the LTE coverage and the speeds are nowhere near as good. I did testing across Sandy, Draper, South Jordan, and Murray in areas where T-Mobile hadn’t given me any trouble. Given that we’re unlikely to spend a lot of time in a major metro area, this isn’t a big deal, especially since the connections still work. We’re also unable to stick with the cheap $30 plan that T-Mobile offers, instead having to jump to $45 and get less data (3GB instead of 5GB). Since we’ll be spending most of our time on WiFi anyway, that’s not as big of a deal. Cricket even includes an app that automatically connects you to available WiFi hotspots that they have partnerships with.

This experience has only strengthened my resolve to stay with prepaid carriers over postpaid. Had we been in a contract with T-Mobile, we would have had to spend two years hoping that the data connections would finally improve to a point where we could use our phones. If they do get their act together and improve service in Cedar City, we can always switch back. If Cricket ever starts acting up, I’m free to try out any other prepaid carriers. And even with having to go to a higher cost plan, we’re still saving a small fortune off of traditional postpaid plans where they subsidize your phone.

If you’re still postpaid, why haven’t you switched yet?

Posted in Geek | Tagged , , , , , | 2 Comments

Google just did an end-run around your mobile phone company

Google-Hangouts-logoI’ve been a user and fan of Google Voice since it was still GrandCentral. From its humble beginnings of a “phone number for life” to ring your other phones to full desktop calling and texting, it’s been an indispensable product for my daily use. Two days ago, Google finally merged the functions of Voice into Hangouts, its messaging product. What they’ve done is something more disruptive to the mobile phone industry than anything any other company has done in recent memory.

Consider this: if you use the calling and texting features of Hangouts, all of your calls and texts are free to everyone in the US and Canada. If you do international calling, they have rates as low as a penny per minute to many major cities. Just like that, Google has completely destroyed the idea of paying for either minutes or texts. This may explain why so many carriers have been restricting data plans.

But Google isn’t just giving you a way to run out your cap. They’ve also effectively equipped every single Android phone with WiFi calling and texting without any carrier-specific modifications. If you live in an area where the service is good, you can grab T-Mobile’s $30 prepaid plan and use only Hangouts for calling and texting. Even when the 4G allotment runs out, they still give you unlimited 2G/3G data after that. Cell service has never been cheaper.

While everyone salivates over the idea of larger iPhones, a smartwatch with no well-defined purpose, and payments with your phone that don’t eliminate the pain point of carrying a card, Google has basically forced mobile operators into a situation where their cash cows, calling and texting, have been killed in a back alley. Now they’re all dumb pipe operators, just giving you a chunk of wireless data to use as you see fit. You could even use a WiFi-only device with no cell plan at all and do most of what a cell phone can where you have coverage. That level of disruption is far larger than anything coming from Cupertino’s Reality Distortion Field™.

Posted in Geek | Tagged , , , | 3 Comments