Edward Kiledjian

Starbucks and Duracell are partnering up for a nationwide rollout of wireless charging tables at select Starbucks locations (US only). Startbucks is providing the table and power while Duracell is providing their Powermat technology. 

The dynamic duo is expected to install over 100,000 Duracell Powermats when everything is said and done.

You will be able to buy Powermat accessories at the participating Starbucks.

You can find participating locations on the Starbucks webpage (link).

Apple bough Beats and now NT Post (link) is reporting that Google may be in talks to buy popular streaming service Songza. Apple paid approximately $500M for Beats' streaming service which is believed to have less than 250,000 subscribers. Google is reportedly offering 15M$ for Songza which has 5.5M active users.

Songza has a unique approach to music recommendations. You choose what you are doing and they recommend a custom tailors human curated playlist for that activity. This approach works really well and this is one of my main music go to services.

We don't have any indication of how much revenue it generates but it has started to offer branded playlists with the name of a company in the playlist. It has also started to insert advertising into its apps and website.

I like Songza and would be sad to see it disappear. 

There is no denying Windows Vista was a total flop. So much so that Microsoft did everything to quickly move away and erase it from our memory.  

One of the best connected Microsoft watchers, Paul Thurrot says

Paul then follows up with

Paul's comment simply aludes to the fact that Windows 8 has had horrible adoption rate (sales) and customers just hate it. Believe it or not, Vista had sold more copies in this phase of its life cycle (compared to Win8).

So what's next?

Most analysts believe the next version of windows codenamed threshold will be released spring 2015 (probably bundled with a new version of Office Touch). Microsoft will do everything to make sure consumers forget about Windows 8 so why waste your money on it? 

People magazine has an interesting (USA only) offer of 8 free popular country songs from iTunes. These are popular on the chart songs (not old has been ones).

Head over to their special promo page (link) and enter the unique promo code they generate for you in the Redeem box of your itunes client (mobile or desktop).

When I read Apple's 33 page IOS Security Paper I was blown away (link). Not because its perfect security but it is as close to perfect as it can get in a generally usable commercial product. This unprecedented look inside the Apple security hive mind answered many of my questions and reaffirmed my belief that Apple makes the most secure general use electronics around.

At WWDC, I had high hopes and Apple exceeded even my wildest expectations. First they clearly know their competition and are actively listening to their customer complains. The biggest, and most surprising revelation, was the new more open stance they are adopting with IOS 8 (translating to 4,000 new application programming interface calls (API)).

Developers will be able to write extensions to Notification center, build third-party keyboards (like Skwype or Swiftkey) and add inter-application data sharing. None of these are industry leading firsts but they are unexpected gifts Apple is bestowing on its adoring public.

But I'm not a regular user

Over the years, I have stayed with Apple smartphones (over Android and Windows Phone) not because I'm a fanboy but because it has always taken security more seriously. It has always allowed for more granular control of my device security settings which is a must with me.

This more open Apple, these new features are wonderful for users but as a security professional, I worry about the new attack vectors they will open up. Apple did say that they purposely waited to add these features (even though customers had been demanding them for some time) because they wanted to find secure ways of implementing them. They chose to start with extreme restrictions then slowly open the spigot as they found safe ways to get the job done.

One problem is the gold rush I expect to see shortly. This is where new and existing developers start writing apps and widgets for these newly opened services without paying attention to proper security controls. Many will want to be first hoping for a huge payday and couldn't care about ensuring their apps are secured. Did Apple implement enough controls to ensure this doesn't lead to new vulnerabilities?

The second problem is that Apple is launching cool new platforms for home automation control (Homekit) and healthcare (healthkit). These new additions will significantly increase the value of the information stored on your device thus motivating "more bad actors" to work harder at breaking into and stealing your information. Apple will become a bigger target and will have to react faster to security vulnerabilities and exploits. 

Additional protection in IOS 8

Apple has created a new programing language called Swift (link). Apple toutes that Swift:

If Swift works as advertised, then it will definitely make future IOS applications more secure by automatically handling many of the situations that lead to vulnerabilities. Unfortunately developers will still be able to use the older  Objective-C which doesn't provide these better automatic control which could lead to vulnerabilities.

The major SSL Vulnerability IOS devices experienced due to a programming bug (the Go to fail bug.) This issue is fresh in many researchers minds and here's hoping Apple does what it has to do to keep protecting its users.

Verdict

Ultimately I believe Apple's IOS platform is still the most secure mobile operating system available today and I hope Apple continues investing to keep it that way. These new features are clearly a response by Apple to Android's growing popularity and they have to be careful not to fall into the quick response hastily planned vulnerable new feature trap.

I am eagerly waiting for an updated security whitepaper

Sending an email is akin to mailing a postcard. Everything written in it can easily be read, copied or analyzed by any one of the email transfer points. It is this simple fact that motivates security advocates to push for email encryption. The main obstacle to mass adoption of email encryption is the complexity. It requires installation and configuration of special software. It requires the purchase or generation of you private/public keys. 

Google wants to change all of that and has released an alpha Chrome plug-in called End-to-End (link). End-to-End will provide an additional layer of security over and above what your existing email prover already makes available.  The plug-in means all of the complexities of encryption are hidden from the user which should help at-risk but less technically savvy users happy (journalists, human rights workers, whistleblowers, etc).

Google is clear that this is currently an alpha release for technically proficient users only and is not meant for general use yet. They want the community to review the open source plug-in and provide security recommendations to strengthen and improve the tool. 

I haven't reviewed the tool just yet but am really happy google is taking the first step in making email more secure and accessible. Once this plug-in is ready for general consumption, I'll let you know.

3 things we know governments will always do are:

1. Tax
2. Spend
3. Spy

The last point, fueled by the Ed Snowden leaks, seems to be keeping the media busy. Now the China-run state-owned media is calling on the Chinese government to sanction the major US technology companies who are "pawns of the US Government".

China Daily and People's Daily have called upon their leaders to "severely punish" the companies mentioned in the Edward Snowden leaks.

Most companies have openly and vehemently denied working with the NSA. One such spokesperson is Google Chief Legal Officer David Drummond

I believe the next few month will be interesting. Let's see how (and if) China takes an official position. It is important to remember that Chinese telcom equipment manufacturers were disqualified from bidding on US government contracts because of concerns about spying. Now that the Snowden leaks show the US may be intercepting Cisco equipment to implant its own hidden tools, could other countries start boycotting US telecom equipment manufacturers?

Source : Reuters

You can pickup my favourite Android phone (US only deal) for $100 off for 48 hours. This deal allows you to pickup a Kitkat powered android phone (unlocked) for about $300-400.

Today at 10am PT, Apple will finally unveil its new wares to the world at its World Wide Developer Conference (WWDC). This years keynote will be 2 hours long and rumors are swirling that we we'll see new hardware, the new Mac OS 10.10 beta, and maybe entry into a new line of business (home automation, etc).

Apple will livestream the entire keynote on its special events website you can access here (link)

We don't know the restrictions they will impose but in past years, the livestream has only worked on Safari, Mac OS, iPhone or iPad devices.

Most iPhone users watched in awe when Motorola's Moto X gained always on voice Control. You could say OK Google and then simply issue your command. Without ever touching your device. Then Google created a new launcher that allowed you to voice control, your device anytime you where in the launcher. 

It seems iPhone users were left out in the cold until now. 

Before you get too excited, it is important to remember that OK Siri is a hack for jailbroken iPhone's only. If you have any security concerns, you should not jailbreak your device. 

Installation

Once you install the hack, you have to turn on the always listening mode in the Activator settings (look for OKSiri). A little microphone icon then shows up in the status bar and the device is listening for your commands. You start any command by saying OK Siri. 

PRactically you'll have to wait a fraction of a second between saying OK SIri and issuing your command (to give the system time to react). Also once you have performed the desired action and press the home button to come back into IOS land, the OK Siri agent will need a couple of seconds to re-initialize in the background.

Motorola's MotoX was great because the phone is always listening, even when the screen is locked. OK Siri does the same which means you can issue commands even to a locked phone (which is a nice touch).

Annoyances

So it is an interesting addition but not without its problems. For an unexplained reason, the agent seems to freezes sometimes which disables the always listening functionality. If you wait a couple of minutes, it comes back all by itself.  

The speech recognition of the agent is no where near that of Google or Apple. This means you may need to repeat your command a couple of times. 

Conclusion

You can download this hack from the Big Boss Cydia repository right now for free. Ultimately I am a security nut and will NOT jailbreak my main phone because it opens up too many security vulnerabilities but if your device is already jailbroken, you can take this add-on for a spin. If you don't like it, you can just remove it.

It seems everyone is either starting or buying into a streaming music service. Not one to be left out, Buzzfeed (link) is reporting that Amazon may release its own music service with a twist.

It is believed Amazon has already signed agreements with Sony and Warner but is still in talks with Universal Music.

The rumours say that the service will be offered for free to US Amazon Prime members. For those that don't know, Prime is a service that costs $99 a year and provides:

• free 2 day shipping
• free movie streaming
• free Kindle book lending

But how will Amazon differentiate itself from the crowd? By offering music older than 6 months.. What? Wait! Hun....

It is believed that to reduce licensing costs, Amazon will only stream music older than 6 months. 

This new Amazon Prime add-on is expected to launch in June or July so you won't have to wait much longer. 

A question I receive regularly from readers is regarding the value of the Bitcasa service.

I was an early Bitcasa beta tester and have been working with their service for a long time now. I actually bought into their service when they still offered unlimited cloud storage for $99 a year. At the time, I could not believe the incredible value they were offering but like everything else in life "if something is too good to be true, it probably is".

The client

I performed a long term test on both Windows and Mac. I hate hate hate their client. It is clunky, buggy and fixes come in a very slow trickle. As an example, the ability to mirror a folder by right clicking in the Mac Finder is broken and there is no ETA to fix it. Early in the service's life, I was able to mirror external drives and that functionality went away. I have 30Mbps down and 10Mbps up connection speed and everything transfers super fast to Google Drive, Dropbox, Box, etc. Not so with Bitcasa. Even with an idle computer, it sometimes takes hours to upload 5-10 MB. 

I have the same speed issue with the mobile client (Android and IOS). I open a folder containing pictures and it takes forever for the app to download the thumbnails. Google Plus Photos and Carousel (Dropbox) on the same devices are almost instant.

The speed

The service is slow. Painfully slow and you will notice it. I'm not sure why but it just makes for a horrible client experience. Web interface is slow, mobile clients are slow and their desktop clients are slow.

Price

At $99 a year for unlimited storage, you could easily accept many of the shortcomings but the new pricing (for new customers) is $99 a year for 1TB. At that price, I say go with Google Drive's 1TB plan for $9 a month. Much faster and they will autoAwesome your images.

Verdict

I really had high hopes for Bitcasa. I thought it would be the crazy one that shook up the entire cloud storage market but instead it has turned (in my humble opinion) to be a dud. My only recommendation is look elsewhere. Options are Google Drive (good speed and pricing), Bitcasa Sync (your own sync service run from your house), or something like The Transporter (again a private sync service based on your home equipment).

Apple touts the advanced security features built into its devices and its linked cloud services. One such security feature is Activation Lock that should prevent a thief from using a stolen iPhone that is locked. 

A Dutch and Moroccan hacker group called "Team DoulCl" are reporting that they have been able to bypass Apple's Activation Lock control. 

De Telegraaf (link), a Dutch news organization, claims the group was able to buy locked iPhones and unlock them. Thieves can use this hack to resell stolen iPhones for huge profits. To be fair to Apple, I haven't personally verified this groups claims so I take everything with a grain of salt. Additionally hacks like this against Apple are rare.

2 other hacker groups AquaXetine (Dutch) (link) and Merriktechnolog (Moroccan) claim to have unlocked 30,000 devices in just a few days. 

The trick is a simple man in the middle attack where the hackers trick the locked devices that their servers are Apple's activation servers and they instruct the device to unlock. It is conceivable that this type of attack could be used to extract other information from the device (if it truly believes it is talking to Apple's iCloud infrastructure such as syncing pictures, calendar, contacts, etc. )

The hackers claim they disclosed the vulnerability to Apple security in March but the report was never followed-up by Apple. The silence is why the hackers went public. 

You can checkout the original hacker group's website at doulCi.nl (link). I scanned the website and didn't find any malware or hack attempting to compromise your browser. 

Even with the abundance of cloud storage options, I think everyone should carry a USB thumb drive (flash drive) in their Every Day Carry (EDC) kit. It is still the fastest, most efficient and most secure way to move information from point A to point B.

For every online cloud service there are 100 different types, brands and models of USB thumb drives. To save you time and money, I did all the homework and the USB thumb drive you should buy is the SanDisk Extreme USB 3.0 32GB model (link).

What you should consider when buying a USB thumb drive

In summary, there are only 5 elements to consider when reviewing USB thumb drives:

1. Performance (read / write speed)
2. Durability (this thing will be beaten constantly and you want something that will protect your valuable data
3. Carry-ability (the drive should be as light and small as possible)
4. Design (some thumb drives are so thick they'll use one USB port and block another)
5. Cost

Update your thumb drive regularly

Technology improves quickly and this truth applies to computers, tablet, smartphones and of course USB flash drives. An award winning drive from last year likely was dethroned by something faster, better and cheaper this year. 

I bring this up because many readers hold on to USB flash drives until they die but considering how much performance changes, you may want to refresh your primary everyday carry thumb drive at least once every 18 months.

The thumb drive evaluation

There are thousands of thumb drives available on Amazon, DHGate.com, Aliexpress.com, etc. In preparation for this article I read thousands of reviews, articles, test results, etc. I used all of this information to compile a list of my top 10 devices. These 10 devices had the best performance, competitive pricing, great design and tones of positive reviews. The brands that made my top 10 are the ones you would expect : Sandisk, LaCie, Patriot, Lexar, Corsair, Transcend, Mach, Kingston.

I then acquired brand new versions of each for testing and ran them through the following CrystalDiskMark (link) tests:

1. Sequential Read / Write
2. 4KB Random Read / Write
3. 512KB Random Read / Write
4. Copying small files
5. copying large files

In summary you have to be careful of the USB 3.0 moniker as some drives perform as slow as 35MB/sec and others can deliver close to 200MB/sec.  As an example the Toshiba TransMemory-EX 32 GB delivered up to 300MB/sec performance whereas the Patriot supersonic was below 40MB/sec. USB 3.0 does not mean the manufacturer has maximized performance. 

The Winner is

After many hours of testing, the best value (see 5 characteristics above) was the Sandisk Extreme USB 3.0 32 GB drive.  It performed fantastically well is every performance test. It's performance blows away the speed of any mechanical hard drive. To really maximize its throughput you need to pair it with a PC containing a good SSD.  

When you consider that you can pickup a 32GB version of this drive for around $US40, it is almost as cheap as the crappy no name brand cheap thumb drives from China. 

Although the drive is USB 3.0, it is backward compatible with USB 2.0 drives. Even if you only have USB 2.0 right now, buy this drive because your next PC (home or work) will definitely have USB 3.0.

The runner ups

The Sandisk Extreme USB 3.0 delivered about 220MB/sec performance. The next highest performer was the Mach Xtreme MX-ES , Patriot Rage XT, Kingston Datatraveller HyperX 3.0, Transcend JetFlash 790. 

If you see any of these cheaper than the SanDisk, it would still be a good deal to consider.