[TokyoGringo] Fun Japan Fact – all cell phones’ cameras have a shutter sound

I tried to get service for my US iPhone 6S+ here in Tokyo. The delightful woman helping me warned me, “You know, if you swap this out you will get a Japan phone with the shutter sound. Are you sure?”

Oh. No. Not sure, and not by a long shot.

I recalled my first US trip with my JP colleagues where their shutter sound constantly disrupted slide presentation after slide presentation. I volunteered my phone for hundreds of silent slide pictures of decks later offered for download.

When I returned to Japan I found the sound ever present. I assumed the shutter sound a cultural choice, what with the Japanese camera stereotype and all. I filled it away as an annoyance like on-line banking and moved on.

I embrace my education. As I stated regularly on the PVC Security podcast, there is a certain freedom in knowing you will screw up at least ten times per day.

It also means I will try to get all my future mobile phones in the US (assuming the shutter sound is my major concern).

What Users Should Require in Software-as-a-Service (SaaS)

We, the users, should stop thinking about software as a thing to own. The direction is toward a service model for better and worse.

What should a keen-eyed shopper value?

  • No data lock-in – the user should own their data and be able to export it at any time through the native user interface without having to jump through hoops (except for encrypted data – see below). The export should be in a common format like plain text, XML, CSV, etc. and not a proprietary format.
  • Direct support – a web interface, email address, and chat at a minimum is required. Any service only offering support through an app store is a major red flag.
  • Multi-platform – unless you only live in Apple’s or Google’s ecosystem any SaaS must at least support your top two platforms. If you are GNU/Linux or Windows on your desktop, this is a must-have for your mobile devices.
  • Multi-cloud – unless you only live in Apple’s ecosystem any SaaS must support Dropbox as a second option at a minimum. iCloud is limited to macOS, iOS, and Windows but the Windows support is abysmal IMHO.
  • Mobile support – must handle landscape and portrait layouts and support tablet sizes. I am surprised at the software that still does not do this basic task.
  • Encryption – must support industry standard best encryption options. If a SaaS offers its own custom encryption RUN AWAY! Exporting encrypted data should offer unencrypted and GPG-passphrase-encrypted options though few do today.
  • Active development – this is easiest to verify if they have a public GitHub or similar repository. App stores will also show when the last update hit. Careful reviews of app store ratings can help figure out the historical time line. Check in Reddit and StackExchange and other public forums.
  • Native (non app store) desktop releases – on the desktop the ability to get the software outside of the Apple or Microsoft or Google app stores is a plus. Even if you prefer the app store version – and most users should for the added security – the developer’s willingness to offer a direct-to-the-customer version of their software with a license is a good sign. Also, any revenue the developer gets from these direct sales is 100%. Apple app store versions costs the developer 30% or so.
  • In App Purchases – not bad in and of themselves, a developer should not “nickel and dime” customers with small features. There should be an option for some kind of a premium bundle which offers all add-ons for a reasonable 1 time fee.
  • Data sync – this is a tough one. Most SaaS developers will come up with their own sync solution after changes to DropBox made it more difficult for developers. iCloud on iOS & macOS works in the Apple ecosystem. OneDrive might eventually for Microsoft and some Android stuff, and Google Drive for the Google stuff. I think so long as the sync adheres to the above you are good.
  • Local storage – some apps like 1Password and TextExpander offered local repository options but deprecated them for IMHO less than compelling reasons related to sync and cloud. Users should have the option to store sensitive data locally and forgo sync & cloud for that data.
  • Feature & scope creep – watch out for Saas that suddenly introduce changes for enterprises and large groups while removing or reducing functionality for individual users in order to accommodate the expansion.

What else should users look for in a SaaS product?

Subcription Victims

Ulysses, the popular macOS and iOS text editor, went to a subscription model. LastPass recently upped their monthly subscription price to $2/month, a 100% increase (among other things). 1Password, TextExpander, and a host of others have done the same.

I’m no fan of the subscription model for software – I think developers overvalue their efforts in many cases. I also understand that the other popular revenue models also suck. Apple does not make this any easier for developers or users.

I do not have an easy answer as I am not a developer. As a user, I am taking responsibility for the cost/value proposition each service (which software is becoming) offers to me. Part of the calculus is how much time and effort and enjoyment (or lack thereof) I will get leveraging another option.

Others take the victim approach to these announcements. In many cases I understand why. There is an increasing trend for revenue model changes happening without notice. Some companies do a poor job on their first stab taking care of existing customers. Others overcompensate for their existing users, alienating new users who think they are getting ripped off because they didn’t buy version 1 back in 2008 (or whenever).

David Sparks made the comment that “What [users] shouldn’t do is trash the app in review because you’re not happy with the business model.” I disagree. A developer’s or company’s behavior is relevant to the app review process as it exists today, especially in the Apple ecosystem. Many application developers act on negative comments in these reviews.

Now, were Apple and Google and Microsoft and other app store overlords to open up the app review process to categories such as technical, ownership, support, etc., my disagreement with Mr. Sparks would fall away. A more nuanced approach to feedback is needed in general. That is another post for another day.

I do agree with the fundamental fallacy of relying on negative app reviews for change. As a user, I recommend applying at least part of your righteous indignant energy toward something more positive for you.

I was in a 7 day cooling off period before jumping on the Ulysses bandwagon when the switch occurred. The initial cost for macOS and iOS before the change was a hurdle. In the new model, I can test it for two months for about $10 (as pointed out by Dr. Drang) before committing.

Fundamentally, anything only in the Apple ecosystem is a hard sell for me. I use and like using Windows 10, flaws and all, on my Surface Pro 4. I use my Nexus 6p running Android N almost as much as my iOS devices. If the application or service cannot run on at least one of those platforms, I have no need for it right now. 1Password and TextExpander are cross-platform, by the way, as are LastPass and iaWriter – two apps I am leaving.

By the way, I am doubling down on Emacs and org-mode. I picked them back up recently to help solve a few work related workflow issues. I get infinitely more flexibility with it and it is cross platform on everything but iOS. I learned I can capture and edit org-mode with Drafts.

And I like using/configuring/tweaking Emacs. Bonus.

[2017] Emergency Preparedness

I am a big fan of planning for “the Big Dark”, where the power is out for more than 3 days. Analog systems, like printed and hand-written records, will be more useful. 

Remember: Emergency preparedness isn’t only for you. it is also so others can contact you when something bad happens to them.

There are drawbacks, mostly around family dynamics this article assumes are moot when emergencies happen.

Note: These are my recommendations. Your mileage may vary. I look forward to constructive input on how best to prepare in the digital age.

Keep an off-line list of emergency info & numbers with you

There was a time where people either knew important numbers and information or carried a address book – a printed out, dead tree address book – and a much of change to use a pay phone (remember those?) to call people. We need to embrace at least a subset of that.

Your health insurance information should be in here. Insurance providers, policy information, doctors information, and maybe prescriptions information should be included.

In certain countries you may need your ID number as well (though US residents should NOT carry their Social Security card or number).

How about this: keep the numbers of your family and close friends in case your phone dies. I could not call anyone except my children if my phone failed, and they don’t often answer their phones – especially from an unknown caller.

As I’m living in a foreign country I carry a card or two that I can use to get me home. In case you’re traveling, disoriented, or inebriated having a card or two to help you get home can be a life saver.

Carry a bit of cash with you, too, in your wallet.

Keep an off-line list of emergency info & numbers at home

This should be a superset of what you carry with you. Your actual cards and birth certificates and stuff (if they are not in a safe deposit box already) should be in a ready-to-carry locked fireproof box in case of emergency. Bank account information, other financial records, and whatever else needed to rebuild after a disaster should be in here.

Throw some currency in the box, too. While it is in there it isn’t working for you, gaining interest or buying food. But if the power goes out no credit or debit card will help. Having cash will help.

[iOS] Enable Emergency Bypass in iOS 10:

I’ve used the Do Not Disturb feature in iOS since it was introduced. This feature allows you to set “quiet times” when your device won’t alert you with notifications, including phone calls and text messages. It can be activated manually or set to activate at recurring times. I have my set to activate from 10:00 p.m. – 6:00 a.m. each day, mainly to avoid “wrong number” calls at all hours of the night.

You have always been able to set a specific group of people you want to exclude from the Do Not Disturb settings. This can be a group you designate in your Contacts or your iPhone’s Favorites list. For years I’ve created a contacts group called “VIP” that I had excluded from Do Not Disturb that included family and a few close friends and other important numbers. While this is handy, it may not cover everyone you want to be able to reach you in the event of an urgent matter. With iOS 10, you have more granular control and can now set contacts on an individual basis to bypass the Do Not Disturb Settings.

To activate the feature select the contact card you want to exclude, edit the contact and select ringtone. At the top of the ringtone menu you’ll now see a toggle for “Emergency Bypass”.

… This is a segment of an article that first appeared in the November Issue of ScreencastsOnline Monthly Magazine. ScreenCastsOnline monthly magazine is packed with hints, tips, articles and links to streamable versions of ScreenCastsOnline tutorials and delivered monthly on the iPad. You can find out more at https://www.screencastsonline.com/membership_benefits/

(Via KatieFloyd.me)

I am not sure if Android offers a similar feature.

[Android] Use Google’s Trusted Contacts App

Trusted Contacts runs on top of a pretty simple concept, with the tap of a button an approved list of people can request your location from wherever they may be. Users will need to manually approve who can request their location, and once a request is sent, the user will have 5 minutes to approve or decline the request before the app automatically approves and sends it.

This app takes things up a notch as well by adding offline support, in a sense. If a user heads outside of active cell service and internet access, the app will report the last known location for that user 5 minutes after a request is sent. Contacts can also “walk each other home,” virtually. This essentially enables one user to keep track of another user’s location as a live feed.

… Before you can share your location, though, you first have to go through the process of adding contacts to the application…

How to add contacts:

  1. Open the Trusted Contacts application
  2. If this is the first time setting up the application, Trusted Contacts will walk you through adding contacts
  3. To set up new contacts, either tap on the Add contacts button found at the bottom of the home screen or open the menu by selecting the Menu button in the upper left-hand side of the screen and tap on the Add contacts option
  4. Here you can search through the contacts on your device and select Add next to the individual to send them an invitation to be a trusted contact

(Via 9to5google.com)

i am not sure if iOS offers a similar feature.

Set up lock screen emergency information

This is a old tip but still useful.

Basically take a picture of contact information and make it your device’s lock screen. Tailor the content to provide what is needed without going overboard. Imagine you are passed out on the sidewalk and the only thing people can get to is your phone’s lock screen. What is the critical information you can provide on there that doesn’t open you up to identity theft?

I find this more useful than the login banner message most devices support. One doesn’t have to wait for the message to scroll, where almost all users put the contact email or phone number.

What else?

What other things, simple and inexpensive and effective, that folks should do?

Letting Go to Go Forward

I’ve always been a self starter. Give me a knotty problem to untie and I’ll dive in. Give me a multitasking tool and I’ll bend it to my will.

I can’t do this any more.

I missed important information while I was tied up troubleshooting access, delayed further by the fact the text was 95% Japanese. Previous tweaks to glean a marginal improvement in process caused problems when I needed to switch accounts and contexts.

Tinkering won’t do. I need to either bullet-proof-ish my work or get an assistant. Or both.

Kit & Caboodle: The Series & The List

Want to know what I’m carrying in my consulting bag?

Continue reading “Kit & Caboodle: The Series & The List”

Let’s Encrypt is actually encrypting the whole Web

Let’s Encrypt is actually encrypting the whole Web:

free-ssl-certificate

Let’s Encrypt (previously) a joint EFF-Mozilla-Linux Foundation project that lets anyone easily create an SSL certificate for free in minutes and install and configure it so that visitors to their Websites will be shielded from surveillance, came out of beta this week, and it’s already making a huge difference. (more…)

(Via Boing Boing)

Need I say more than I’m a fan & a user? 

Your Elders’ InfoSec on 60 Minutes Sun 17.04.2016

It looks like the Columbia Broadcasting System‘s 60 Minutes program will cover wireless hacking this Sunday, 17 April 2016 at 19:00 EDT.

You may need to retcon what they see on 60 Minutes with what they’ve seen over and over again on NCIS and CSI. If you’re lucky, your family also watches Elementary and The Good Wife, CBS shows that keep most of their technobabble close to reality.

En Route to Tokyo Observations, Part II

More musings from my trip:

  • I lost a great post to WordPress web interface requiring a random re-authentication.  I need to reconfigure Emacs org-mode to get it working with the new VPS.
  • There’s a bug in Delta’s InFlight Entertainment (IFE) system I often trigger. I turn the display off during boarding since all it does is flash advertising. The IFE kicks in for the safety video, and then shuts off as it was before departure. Unfortunately, that means the IFE no longer works unless I can talk the cabin crew into a reboot, which I doubt I’d do. I miss the travel map & stats.
  • Speaking of the IFE safety video, Delta’s quality seems to drop with each iteration. This “best of, award show” version is not just bad but a clip show at that.
  • At least Richard Anderson STOPPED YELLING AT US IN HIS MONOTONE SOUTHERN ACCENT. Now a days, Mr. Anderson talks to us at a normal volume & even throws in some inflection. Nice!
  • On a big international flight light mine (MSP – NRT), don’t follow the first cattle call to the gate. Almost always they open up another lane on the other side of the desk. Get there.
  • I hate neck pillows. More specifically, I hate that people have those giant half fuzzy inner-tubes around their necks. Throw in a pair of over-the-ear headphones and eye shades also around the neck and you hit the trifecta!
  • I LOVE Internet over the ocean! Well done, GoGo!
  • There’s a woman sitting behind me who is loving the show she’s watching. I hear her laughing every 5 minutes or so.

En Route to Tokyo Observations, Part I

Random musings and reflections and notes from my current trip to Tokyo:

  • The Hilton Tokyo Shinjuku doesn’t answer their phone. I tried calling three times to inform them of my delayed arrival. I called the Hilton Diamond Help Desk and even they couldn’t confirm the information was understood once they managed to communicate with the hotel. Apparently this location has a reputation.
  • Delta still doesn’t know how to board planes. Our flight took 40% longer to board than it should have (by my estimation). Boarding was like elderly man’s urination stream, dribbles and drabs.
  • Airbus might want to have airlines mount signs at the entry informing passengers where the row numbers are.
  • I do love the overhead bins on the Airbus A320(OW), the “turn your bag on its side” kind.
  • It’s funny that the cabin crew had to explain how the “space ship” style overhead controls work, and funny how they did it.
  • The woman sitting next to me is 5’0″ or so, yet she has an iPhone 6s Plus. She uses it like a tablet and it works well for her. I’m oddly impressed.
  • The Hootoo travel router ROCKS.