November 25 2016 update at the end of the article. TL;DR the service is still vulnerable.

Since I traveled a lot in the past, I am always looking for new tech to make travel simpler,. easier or more enjoyable. Since smartphones are indispensable travel tools, I was very excited when SkyRoam was released and wrote several articles about it. 

But as a security guy, there is a hidden danger that I wanted to share with my audience. The danger is present even before you take your first trip and is related to how to you add day-passes to your account.

When you visit their portal, you are greeted with this login page

Notice that the page you are on is not encrypted

This means that anyone can easily intercept your username/password as you type it in. 

The page does not even temporarily switch to encrypted during the login. Everything stays plain text. This  is completely unacceptable on a modern web where WIFI attacks are easy and fast. Certificates to encrypt the connection are cheap and readily available (even free with services like LetsEncrypt) . So companies have no excuse not to encrypt the connection: its either incompetence or a complete disregard for the security of their users (in my opinion). 

I recommend you go in and delete your default payment info on file. To  do this, click on the Account tab and then choose payment options and delete it.

I have daypasses which I will consume but wont add any more due to their lax stance regarding security, particularly the security of my credit card and login information. Even the credit card entry page is not protected.

This is pretty bad and I'm not sure how Visa and Mastercard aren't intervening. To be transparent, I have tweeted this issue multiple times over the last 3 months. When I didn't receive a response, I called their helpdesk 3 weeks ago and told the agent to open a ticket. When I did not receive a confirmation email (about a ticket being opened), I opened another ticket myself with a screenshot and clear description a week ago. I never received a response and the issue was never fixed.

Look for alternatives

I am anxiously waiting for the arrival of the GeeFi global hotspot which is expected to provide LTE service for $9.99 with unlimited bandwidth. Based on everything I have read, I am relatively sure GeeFi will take better security precautions and will be a better custodian for my confidential information. 

November 25 2016 UPDATE

Some people messaged me that the site was protected so let me check

The login page is still unencrypted

Main account page still unencryped

When you visit the page to add a credit card, they show a lock logo while its loading 

but that entire page is unencrypted

Even though someone from SkyRoam promised the issue would be resolved (9 days ago), it is still unprotected and I therefore I would still urge caution.

Public Mobile is a low-cost limited network Canadian mobile service provider. It has recently announced in its forums that it will be adding a new US Roaming add-on (option) through new deals struck with T-Mobile and AT&T.

The carrier has said this is in response to comments made in its forums and will come in 10-day chunks of phone only, text only, data only or a combo plan. 

Limited data is available but we expect the options to look like this:

1. unlimited USA talk $CAD8
2. unlimited text $CAD8
3. 1GB of data for $CAD20

Let's compare the data rate to the pay per use rate of $US0.10 per MB. 1GB = 1000MB = $US100. Obviously the Public Mobile rate is cheaper. You can also buy the KnowRoaming unlimited data plan for $US7.99 per day which would cost $US79.99 for 10 days of unlimited data.

Let's compare it to Roam Mobility. A 1GB data only plan good for 30 days costs $CAD21.95 which is competitive. You can get their unlimited talk+text+data plan for only $4.95 / day ($CAD49.50 for 10 days of everything unlimited). If you add the 10 days of talk, text and 1GB of Data from PublicMobile, you get $36. 

Looking at above, my recommendation is to go with Roam Mobility. For $14 more, you get unlimited data for 10 days which will likely be more attractive to most users.

When a new undisclosed (0 day) vulnerability is used to hack a target's device, the media jumps all over it and create a small panic. Government intelligence and organized crime are always looking for new creative ways to break into target devices and are willing to pay top dollar for new unknown hacks. Vulnerability brokers (companies that are willing to sell 0-day vulnerabilities) are paying to dollar for these rare and very in demand weaknesses. Zerodium is now paying $1.5M for a good complete IOS attack.

Although these are troubling, the truth is the majority of attacks (and malware/virus') still exploit time tested and patchable vulnerabilities. This is why keeping your computer, smartphone and tablet operating system/apps updated is so important.  This is one of the reasons Microsoft switched to an automatic forced update model with Windows 10.

Apple's products are opaque and I do not believe in security through obscurity. I wish they allowed for more scrutiny of their mobile products but when something is discovered, they release updates very quickly and make it immediately available to all supported devices worldwide regardless of the carrier it was acquired through. 

This is one of the chief complaints against Android. Most Android devices are never updated once they ship and the ones that do receive updated typically get them slowly and infrequently. Check out the Android Platform distribution statistics:  

Even top tier manufacturers like Samsung (Note 7 issue notwithstanding) only update their most recent flagship products and that is if your carrier decides to allow it. 

Right now, as I write this, I have an Apple iPhone 6s Plus and and Google Nexus 6P sitting next to me. I  love android and find many of the features in the most recent Nougat release better than comparable Apple features. Don't call me an Apple fanboy or Google hater. The moral of the story is you shouldn't buy any Android phone where the manufacturer has not committed to delivering (quickly) the OS updates and the monthly security releases. 

Buy an unlocked Nexus or Pixel product directly from Google to make sure you receive all of the updates quickly. 

Questions

Q A question I will likely receive is what about [insert brand / model here]?

A I expect emails asking me about the OnePlus 3, ZTE Axon 7, HTC 10, LG V20, Motorola Moto Z, etc. None of these manufacturers have committed to providing the OS and security updates quickly. The answer therefore is no. I love the price / quality proposition of the ZTE Axon 7 and the OnePlus 3 but without a commitment to updates, its a no go for me.

Q. Aren't iPhones more secure?

A iPhone's are slightly more secure because of the way the operating system is designed and applications are sandboxed. This doesn't mean it is unbreakable and the attempted hack of Saudi human rights activist Mansoor proves it( Read this article by CitizenLab) 

Both platforms can be used safely if you ensure you don't break their built in security (rooting on Android and Jailbreaking on iPhone) and you ensure you only download "real" apps from the official app stores. 

A. What else can I do?

Q In addition to using the "right" device, it is important to think about your privacy and security. Use the right apps for the right job.

• Use encrypted communications apps like Signal. Signal's encryption has been reviewed by leading cryptographers and has been given a big thumbs up.
• When browsing the web, use Tor to protect your identity (easier on Android) with a browser like OrFox. You can even configure Facebook and Twitter (on Android) to use Tor via OrBot.
• Every picture taken with a smartphone contains "hidden" information called Exif information. This is information like the type of camera used, the settings used to take the picture, etc. It also contains the GPS coordinates of where the picture was taken. If you send this to someone, they can extract this information and use it to pinpoint the location the picture was taken. Send it to a social media site and they will start building a travel pattern of you. Make sure you remove EXIF information, using an app, before posting. There are tones of apps, just search the app store.
• Uninstall apps you no longer use. Remember that apps are sometimes sold and the new buyer may push out an update that adds unwanted features "like tracking or recording". If you no longer use an app, get rid of it.

Ive written about TOR a few times but  I regularly receive emails from "newbies" asking me to describe what it is in general terms. That's what this article is about. To get things kicked off, let me share an important quote from everyone's favorite whistle blower, Edward Snowden:

In an effort to grab reader/viewer attention, every-time the media mentions Tor, it is usually done in the context of a report about the "evil" & "bad"  dark-web. The truth is Tor was created by the US State Department to help global activists communicate freely while in repressive locales. 

It takes all of the data leaving your computer (or coming back), creates bundle, encrypts each one multiple times to hard code the path it will take through the TOR network until it reaches its destination. Each node that receives a bundle destined for it, will unencrypt its layer of the bundle which tells it where to send the bundle next. This layered approach is why it is called The Onion Router. Each node only knows where it will send it to next, the receiving node only knows the previous node it came from,  which makes eavesdropping or de-anonymizing TOR much more complicated. 

Tor Hidden Services are what the media calls the Dark Web. Think of a Tor Hidden Services as a website on the Tor network. When using one of these sites, the request never leaves the TOR network (never touches the normal world wide web) so it is considered even more secure. 

Many popular sites, understanding the need and desire for a more private web browsing experience have started creating Tor hidden services for their popular websites (The Intercept, The Guardian, ProPublica, WikiLeaks, Facebook, etc)

Tor does make your browsing experience a little more complicated. First you will notice a drop is performance (i.e. pages load noticeably slower). This slowdown is a side effect of all of the encryption/decryption and the number of hops a packages is forced through to protect your identity. Some sites mark all TOR traffic is potentially malicious and constantly challenge users to "prove their are human" using CATPCHA or a very small group of sites block inbound TOR traffic completely. 

The easiest way to try TOR on a computer is to download the TOR browser bundle directly from the TOR project website. It is a customized version of the Firefox browser that is designed not to leak data and is configured to use Tor correctly.

If you are on an Android device, then I recommend you use to create the TOR tunnel then use their customized TOR browser called OrFox . 

I realize most people care more about ease of use (instead of privacy). I tried Anonabox hoping it would be a good hardware TOR solution but that didn't turn out too well. I am now waiting for the Invizbox and will review it when it finally ships (another delayed project).

I believe privacy is important. If you have questions, feel free to post it in the comments section or send me a note.

Related:

• Russian government offer $111,000 to de-anonymise TOR
• Why use Facebook over the TOR secure network
• Anonabox Pro Review
• What is the dark web

Since Apple has decided to keep Apple Messages (iMessage) locked up to its platform, users the world over have chosen Whatsapp as the most common cross platform instant messaging platform. It allows you to send files and pictures. IT allows you to make Voice Over IP calls and is just an overall well designed easy to use tool.

 Whatsapp requires a data connection (3G/LTE) to work. This means using Whatsapp while travelling requires you to buy a local SIM Card (when you travel) or buy an expensive data pack from your home carrier. Until now.

I first wrote about KnowRoaming in 2013 and explained how it can save money when travelling by switching you to a cheaper local plan travelling simply by using the company's intelligent SIM sticker.

Today KnowRoaming announced that their customers will be able to use WhatsApp for free when travelling. You don't even need to buy a data plan and no data charges are levied. As long as you have an active account with some money in it and switch to their service when you travel (which is automatic when you travel), you get free Whatsapp in any country they work in (100+ countries).

This offer is available to on any of their services (Global SIM Card, Global SIM Sticker and Global Hotspot). I use the Global Sticker Option, anytime I land in a new country, their app detects it and switches me to their service.

As the weather cools down and we prepare for Winter, one of the most important pieces of survival or emergency gear is related to body temperature. Whether you are a prepper or someone that spends a lot of time in a car, you should plan to have backup mechanism to keep warm in the event the unthinkable happens.

Deployed soldiers have been modifying poncho liners for years during deployments. These modifications involve cutting holes, adding zippers and padding, etc. Lots of companies have created slightly modified poncho liners but what Hill People Gear has done with their Mountain Serape is awesome turning it into a multi-function product.

What can the Hill People Gear Mountain Serape do?

It is a:

• poncho liner
• great coat
• blanket 
• sleeping bag

It is all of these things without being gimmicky. HPG didn't just add uses on the packaging as an afterthought, the design is carefully planned and masterfully executed. It is as useful in the bush as it is in the urban jungle.

Looking at the Hill People Gear website, one thing I noticed is that it regularly goes out of stock. If you are interested, get one when available. 

Comparing the Mountain Serape to a Poncho Liner

The Hill People Gear Mountain Serape is much warmer than a traditional poncho liner. To achieve this level of warmth, they use 2.4 ounces of Primaloft Fusion insulation. Primaloft is a USA made modern insulator that is also used in the military's winter gear. It is fantastic for survival equipment because it is light yet very warm.

I first learned about the Hill People Gear Mountain Serape during wilderness survival training. One of our instructors slept in a hammock and used the HPG Mountain Serape as versatile multipurpose tool. It was used as a jacket at night to keep warm and was used as his 3 season sleeping bag. When wilderness camping, every piece of kit must be multipurpose, small, light and useful.

In cold weather camping, you can use this as an additive layer to another sleep system. Think of it as a sleeping bag that adds about 40 degree Fahrenheit. The HPG Mountain Serape is a light 2 pounds making it easy to carry (considering its size). 

Folded or rolled, it will consume a lot of space which isn't practical. Put it in a good stuff sack and it can be compressed down to the size of a large bottle of soda (2L) which is much easier to carry. 

Using it

As a poncho, it is large enough to wear over a pack. As a blanket, it can easily cover 2 "normal sized" adults. As a sleeping bag it fits ones adult comfortable allowing enough room to move around and not feel constrained. 

The external shell is soft enough to use as a "around the house blanket" yet robust enough to survive in the wild. If you don't pay attention and abuse your gear, you may rip it so be careful.

HPG says the Mountain Serape is water resistant but not waterproof. It is not meant to replace rain gear but will be fine during light misting. It is also perfectly good to use in winter with snow.  If you do want to use it during rain, a good companion add on would be the O.P.S.E.C. Poncho from Survival Solutions. 

Although Hill People Gear has kept the design of the Mountain Serape fairly consistent, I was told by a contact that they have improved minor features like stitching to make it better and more durable ( I tested the newer version which was lent to me by a friend).

When switching from Poncho to Great Coat, you will be happy about how warm it keeps you. Ponchos are easy to put on but not practical when you are working. When working around the campsite, home or survival situation, use the Great Coat mode. It allows you to move your arms freely. In Great Coat mode, you can even wear a pack over the Mountain Serape. 
 

Alternatives

Anytime I write about a product, I receive questions from readers about a "comparable" product on AliExpress for 1/4 the price. While some AliExpress products are good deals and worth getting, but not the Serapes. The Chinese Serapes and made with cheap stitching, cheap insulation and non breathable shell fabric.

Many have said they loved the feature set but find the price expensive. And I can't disagree but the price is competitive to other high quality, low volume survival products. 

Conclusion

The Hill people gear Mountain Serape is unique piece of kit that everyone should get and keep in your gobag, car or camping kit. 

Anyone preparing for disaster / emergency knows that in addition to having easy to prepare food on hand, fire is an indispensable tool. Fire allows you to disinfect a tool, boil water (to sanitize it) or prepare different types of food. Fire is critical but difficult to make without preparation during an emergency. This is where Stove In A Can comes in.

What is Stove In A Can?

The Stove In a Can is a simple self contained stove with everything you need from the support frame, fuel and even matches. It is a self contained cooking solution. 

In the can, you get:

• The can which becomes the stove frame
• 4 fuel pucks (lasting 1 hour each)
• The cooking ring
• The fuel ring
• Matches

Use

Simplicity and speed is critical during an emergency and the Stove In A Can doesn't fail to satisfy. It can be lit and used in under a minute and is relatively fool proof.

The good

• It is self contained and everything you need is included
• Soot is contained inside the can which makes storage and carry much better
• The fuel cells are waterproof
• The fuel is solid so you are not worried about spilling or overfilling
• The fuel is reusable. Once your water is boiled or food is cooked, you can put out the fire with the lid and reuse it
• The fuel does not expire so you don't have to worry about rotating it

The bad

• The fuel doesn't burn clean and leaves soot on anything you use
• The included matches are relatively cheap and I recommend you replace them with better waterproof strike anywhere survival matches

Where can I buy A Stove In A Can?

Amazon sells it for $22 + shipping. You can also get additional fuel cartridges there. 

Everyone knows what Facebook is and that it is built on the concept of connecting people together to create virtual communities. What people often don't realize is how much data these sites have about you.

A good example was exposed by Huffington Post in an article entitled "Facebook Can Predict With Scary Accuracy If Your Relationship Will Last".

If you doubt the power of data mining, read this Forbes article entitled "How Target Figured Out A Teen Girl Was Pregnant Before Her Father Did"

The security aspects of Facebook

Social Networking sites (like Facebook) thrive when user bases grow and user bases grow when there are strong repeated interactions among its members. These sites are sneaky and try to collect a treasure trove of data from you (directly or indirectly) without the user realizing it. As a user, you need to make a conscious decision about what you tell them and what you share on the site. 

• Understand that you are not anonymous
• Understand that anything you post cannot be truly deleted and may be shared and reshared without your knowledge or consent
• Some organizations have privileged access to Facebook information which may come back to haunt you in the future (employment, travel, etc)

Regardless of how rosy you believe the world is, there are unfortunately a handful of bad people that use these sites to collect information about you with the intent to trick, deceive or do other bad things. 

Predators could pretend to be someone else and use these sites to build cyber relationships to encourage you to meet them in person (could be dangerous). A bad actor could use information found on these sites to perform social engineering on you or to someone you know. Someone could user information about your location, hobbies, likes and dislikes to befriend people in your network and then use these relationships to coerce you.

What does Facebook know

Facebook knows more about you than you realize and remember that it doesn't expose everything. A small glimpse of what it knows can be seen in your personal ad preferences (click here).

Expand the sections and see some of the information Facebook has about you and actively uses to target ads. 

Facebook self defense 

Regardless of how many dangers these sites present, they are a fantastic way to stay in touch with friends and loved ones. It is this characteristic that keeps people coming back. So what can you do to protect yourself? It's time to develop Facebook-Foo:

1. It's public - Regardless of the restrictions you place on your post, assume it is public. A friend can take a snapshot and repost it on Reddit. Even on snapchat, I could use a second device to take a picture of the screen and post the content without you knowing. Remember that anything you post can be public and you'll be much better off.
2. Don't make it personal - Limit personal information as much as possible. Think before you post. Looking at your feed, people shouldn't be able to determine patterns (which coffee shop you visit every morning) or personal information (picture of your kids daycare). Remember that you want to protect your information from "friends" and also the social network itself. Every smartphone picture you post contains GPS location data. This data may not be shared by the site but is definitely used by the site to build a more complete profile about you.
3. Stranger Danger - We tell kids to be weary of strangers but we neglect this good information when working online. Remember that anything can be fake online. In social engineering, we commonly copy the profile information of people and use it to make connections to targets. We steal information from LinkedIn, Facebook and any other sources to improve the chance you will connect with us. 
4. Check your settings - I recommend you periodically check your Facebook profile settings and the permissions you have granted apps to connect to your facebook profile. Most connected apps are fine but a nefarious one may use this authorization to steal your info and use it against you. I wrote an article in 2012 about a service that helps check your site permissions. The service may have changed but it is a good idea to perform this check every quarter.
5. Be a skeptic - I see dozens of spammy fake posts every day on Facebook shared by friends. People share content without looking into the validity of the articles so be weary. An ounce of prevention is worth a pound of cure. Use fact checking sites like Snopes to validate claims before posting or sharing content.
6. Use strong passwords - I recommend you use strong unique passwords for every site you register on. I wrote this 2013 article about how to use WolframAlpha to generate strong passwords and I still use this technique today. Generate strong unique passwords and keep it in a password manager like OnePassword or LastPass (which is almost free now).
7. Keep your computer safe - For most users, I have started recommending the use of a Google Chromebook as their internet browsing device (or a smartphone or tablet). These devices are much more resilient to attacks and provide protection even if the user is less than diligent. IF you use a traditional computer (PC or Mac), make sure you keep your software updated, use a good antivirus and never run unknown third party software.If you receive a file and want to double check it before running it, use a site like VirusTotal to give yourself some peace of mind.
8. Keep children safe - Talk to children about the dangers of social sites early and help them navigate this maze. They need to understand that anything they post will be with them for the rest of their lives. The internet does not have a delete key.

Related:

• What is Facebook doing with my data?  (BBC)
• 98 personal data points that Facebook uses to target ads to you (Washington Post)
• Facebook Is Expanding the Way It Tracks You and Your Data (The Atlantic)

We learned a couple of month's ago that Mark Zuckerberg covers his webcam with black tape (via a NY Times article) . 

Then FBI director James Comey made the same recommendation:

"There's some sensible things you should be doing, and that's one of them," Director James Comey said during a conference at the Center for Strategic and International Studies."

The truth is bad actors can easily hack into a laptop equipped with a camera without the user knowing it.  Travellers are at an even higher risk because airports and hotels are used by intelligence agencies around the world to collect information (especially when you use a WIFI hotspot without first setting up a VPN - read this article).

Instead of using black tape which could leave residue, I bought a re-usable webcam cover from amazon for $3. 

If you are lucky enough to travel business class then you know how how wonderful free airport WIFI is. It is a chance to download content and update social media before your flight. What if you are not travelling business? You can spend between $9.99 - $59.99 for a daypass.

Anil Polat, traveller and Computer engineer, created a simple website and smartphone app that shows an interactive map with passwords for hundreds of different airport lounges around the world.

You click on an airport and are presented with the important information (WIFI password, location to use it, etc)

This is crowdsourced so feel free to send him any passwords you come by.

You can also download the mobile phone versions:

• For IOS
• For Android

Link : FoxNomad.com

The right gear makes travelling so much better.In 2014, I wrote an article about (my then) favourite foldable water bottle. At the time, it was the best foldable (small form factor) bottle money could buy but recently I discovered a new collapsible water bottle that puts the Vapur to shame. 

Why?

With tighter and tighter airport security screenings, bringing your own water became a taboo. Most people just fork over the $5-7 a bottle and buy it at the airport convenience store but no more. 

What is it?

The Nomader Collapsible water bottle is small, lightweight and easy to carry. Once you pass through all the security checkpoints, you unfold it, fill it and relish the thought that you just saved $5.

The Nomader is a leakproof bottle made of food grade silicone (BPA free) that holds 22 ounces. When fully extended and filled, it feels as close to a solid bottle as a collapsible bottle can.  The Vapur became giggly and you often ended up splashing water on yourself. This was a major complaint I had with the Vapur. 

The other issue with the Vapur is that after 12 months of use, my bottle sometimes leaked water from the top cap. Not so with the Nomader.

Water Filter

If you follow my blog, you have undoubtedly read my undying love for the Grayl water filter and purifier. If not, you should immediately read my post about it here, You can carry both (if going to an area with clean water concerns), and fill the Nomader once you filter the water with The Grayl. These 2 make a wonderful combo for travel.

There are no secrets to success. It is the result of preparation, hard work, and learning from failure. #quote #business #leadership

We had lower than normal SPAM numbers for the last couple of quarters but the evil scourge of the internet is back with a vengeance. Company CISOs and personal users probably noticed a rise recently of emails containing variants of the locky ransomware (encrypting) malware.

The number of SPAM emails containing malware reached an all time high, according to Proofpoints Q3 2016 report. 

Proofpoint said Locky was found in 96.8% of all malicious SPAM attachments. The vast majority contained a ZIP file containing a JavaScript file. We also saw Office documents containing malicious scripts, HTA files and WSF files.

Definitions:

• HTA : HTML Application
• WSF: Windows Scripting File

Other "fun" things found in these malware bundles included:

• Pony Infostealer
• Vawtrack banking Trojan
• Tordal malware dropper
• Panda Banker banking Trojan
• CryptFile2
• MarsJoke
• Cerber

It's not all bad.... exploit kit activity is down 93% compares to the start of 2016. 

The US FAA has officially barred all Note 7s from flying on any US airline and Samsung has started an airport exchange program. CNET is reporting that:

"After setting up exchange booths in South Korea's Incheon airport , Samsung is now spreading the initiative across the world, announcing trade-in booths in airports across Australia. The customer service booths will allow passengers to switch out their recalled Galaxy Note 7 (along with the data on it) to another Samsung device.

The booths will be open 6 a.m. to 8 p.m. local time at "high-traffic" terminals:

• Sydney Airport (Kingsford Smith)
• Melbourne Airport (Tullamarine)
• Brisbane Airport
• Adelaide Airport
• Perth Airport
• Gold Coast Airport
• Canberra Airport (open 6 a.m. to 6 p.m.)"

ABC 7 News is reporting that exchange booths have been seen in San Francisco airport.  This airport exchange is a good idea as some of their customers may not be aware of the FAA prohibition.

Photo by Sergio Quintana

While everyone is waiting for the new Google branded Pixel to finally launch, a reddit user in Australia claims to have received his Pixel from Telstra early. 

And this doesn't seem to be an isolated case. There are a handful of Reddit threads talking about users receiving their units and backing up the claims with pictures.  Going through the information, we gleam the following :

Google Assistant welcomes you when you open the box 

Google's free unlimited full resolution storage option is automatic and available as soon as you sign in to the device. The app/service detects all Pixel images and videos. I am wondering if we will be able to game the system by playing with EXIF information.

Also and Duo are pre-loaded and the default apps. 

29.75GB of storage is available (out of the 32GB shown in this model).

The LED notification light is near the earpiece.

On a funnier note, people claiming to be Telstra employees commented on some posts and one said he bought his Pixel from Google because it offered a better warranty.

Chromebooks are a divisive discussion. Some people love them while others consider them wasteful spending. I see more and more people embracing them and the truth is Chromebooks are a fantastic solution for the general public. They offer zero-maintenance use and no worries about malware or virus'.

Samsung, the electronic giant known for its fire creating Note7 line, is about to release a new Chromebook pro. So say the writers at ChromeUnboxed . No one is expecting this device so it's interesting how they kept it so secret.

The Samsung Chromebook Pro (codenamed Kevin) is impressive. At $499, it will be a mid priced device equipped with a 12.3" touchscreen display supported by a 360 degree hinge. It will be powered by a hexacore processor at 2GB and come with 32GB of internal storage and 4GB of RAM. So far so good. 

Looks like this Chromebook Pro will come in a beautiful aluminium body and include a stylus. Yes folks a stylus. A stylus doesn't make sense for a traditional chromebook but when you consider that Google is bringing the Android Google Play store to the Chromebook, you start the to see uses.

Adorama lists this unannounced unit.

B&H had it listed but no more. The expectation is that it will launch sometime in October, in time for black Friday sales. 

Over the last 25 years, I have logged close to 1 million air miles and I have traveled to all four corners of the world. Much of my time has been spent in locations where water quality is questionable and improper handling can make you very very very very very sick. 

My traditional solution has been to use a particulate filtering system (like the Sawyer Mini water filter) and then sterilizing the product using a Steripen UV Sterilizer. In locations were I wanted to be doubly sure or my Steripen ran out of batteries, I also used Aquamira water purification tablets. 

Welcome The Grayl water purifier

July 2016, I discovered and tested my stainless steel The Grayl water purifier & filter. I wrote a review about it here.  Since discovering it, it has been part of my Everyday Carry Kit (EDC kit) and is always with me (normally with the tap water filter). 

It met every single one of my requirements. It is self contained, easy to use and doesn't require batteries. I asked a university researcher friend to test 2 water samples (one from a pond and pond water filtered through the Grayl Water Purifier with the travel filter) and his conclusion was that the purified water coming from The grayl was clean and drinkable without any concerns. 

He then compared it to the pond water filtered through the Sawyer mini then sanitized with the Steripen and found them of equivalent quality and safety (giving a slight edge to The Grayl).

So for all intents and purposes, this one simple to carry item did everything I needed it to do. But it had one negative, it was heavy. It was smaller (in volume) to the Steripen+Sawyer mini but weighed more. Weight is critically important when travelling.

Discover The Grayl Ultralight lightweight water purifier & filter

The Grayl reached out to me after my last review and asked if I wanted to test their Ultralight. I already loved my stainless steel Legend and didn't know why they would move to plastic. Isn't plastic bad? 

Plastic is more porous thus has more surface area that can eventually get mouldy. It has more surface area that can capture smells. The Grayl has a nice trick up its sleeve. Unlike other water containers, when you completely disassemble any The Grayl water filter, you have a center tube (the clean water container) open on both sides therefore cleaning it is super simple.

I tried The Grayl Ultralight and I became a believer. I went from 588 grams to 309 grams. It may not sound like a major difference but is important when you are carefully planning every gram (whether for travel, hiking or as part of a survival kit).

The Legend also has a sealable mouth hole that sometimes restricts water flow too much, whereas the Ultralight has a large twist off top. 

Beyond the pond

Everyone I show this too ends up buying one. 2 friends recently went on a 1 month Asian business trip, touching countries such as India, Vietnam, Malaysia, Philippines, Indonesia, Hong Kong, China and a couple more.

They used the travel filter and didn't get sick once. They didn't have to drink from disposable water bottles and they didn't have to pay for exorbitant hotel water (between $US5-12 a bottle).

There are certain unscrupulous vendors that will replace the clean water in a single-use water bottle with dirty tap water (keeping the clean water for themselves). They do this by making a small hole in the bottom of the bottle (the injection moulding point) and then once they refill it with tap water. They seal the bottom hole with glue the bottom. When you buy this tainted product, you crack open the cap and assume it is clean, fresh, safe water when it isn't. Filtering your own water means you aren't dependent on anyone else. 

Recommendation

Whether you are a traveler, a camping enthusiast or a prepper (preparing for a disaster), this is something that you need in your kit. The Grayl Ultralight is now part of my Everyday Carry Kit. I don't leave home without it and I actually bought a couple as gifts.

This has become one of my most recommended items (travel and EDC). 

In Canada, you can buy :

• Ultralight for $64.99 at Altitude Sport comes with the travel filter here
• hybrid (stainless steel cup and plastic outer shell) from MEC for $58 here, comes with the tap filter

In the USA, you should buy it directly from The Grayl $59 here. 

Having traveled over 700,000 miles in the last 20 years, I realize the importance of sleeping on a plane. Over the years, I developed tips and tricks on how to sleep better when flying.

1 - Wear an Eye Mask

Proper sleep requires a nice dark environment but your 200 close friends may not agree. Bring your own Eye Mask and bring something soft, plush and comfortable. If your airline does provide one, it will be cheap and extremely uncomfortable.

2- Earplugs 

Most of us need a quiet and peaceful environment to sleep and you know know that talkative couple will be right behind your seat. 

3 - Noise Cancellation headphones

Sometimes earplugs just aren't enough (think crying baby). Noise cancellation headphones are a great way to drown out noise earplugs can't remove. When trying to sleep, play some soft soothing music or some guided meditation tracks.

4 - Wear Comfortable Clothes

This may seem obvious but many people forget this basic rule. Planes have temperature swings and you have to be ready to go from cold to hot and back. Dress in layers. Make sure your clothes are comfortable.

Many executives I have traveled with go on board with a suit but change into sweatpants or pajamas for those long transatlantic/transpacific flights.  

5 - Wear your seat-belt

If you don't want to be woken up or bothered, always wear your seat-belt and make sure it is visible. Remember that flight attendants have a duty to perform safety checks and they will wake you if they cannot easily determine if your belt is attached. 

6 - Bring your own food and drink

Sure airlines provide crappy food (unless you are flying business or first class). My recommendation is to bring your own food (which would likely be healthier and better tasting). In addition to the health benefits, this frees you from the flight attendance service schedule.

You notify the crew that you do not want to be woken up and then doze off. When you wake up, you have your own meal waiting for you.

7 - Get a window seat

For short flights, I want an aisle seat (in case I want something from the overhead compartment).For longer flights, I want a window seat. This gives you something to lean on when trying to sleep and makes sure you won't be woken up by a seat mate with a peeing problem. 

North American banks allow customers to use 6-8 digit debit card PINs which is good security but not if you travel. Many international banks only support 4 digit PINs at their ATMs, 

You can read the BoA traveler tip page here.