Edward Kiledjian

The Nexus line of Google handsets are popular because they provide a stock (vanilla) Google Android experience but more importantly they provide a beautiful kit at an unbeatable price. 

People want great handsets at affordable prices and the market is hot for these types of devices (as opposed to the $800 iPhone 5s or Samsung Galaxy S5). A new Chinese company called OnePlus has finally revealed the specs on their upcoming (Q2) flagship phone the OnePlus One (link). 

The OnePlus One will offer :

• 5.5" LTPS IPS TOL 1080p screen (very good choice)
• 2.5GHZ quad core Snapdragon 801
• 3GB of RAM
• 3,100 mAH battery
• 5MP front camera (with wide 80degree capture zone)
• 13MP f2.0 back camera (SONY EXMOR IMX214)
• 3 microphones to enhance noise reduction 
• Choice of onscreen or capacitive keys (changeable anytime)
• Multimode LTE (that should work in most countries)

All of this goodness will come in a beautiful sleek and minimalist package selling for $US299 for the white 16GB version and $US349 for the Sandstone Black 64GB one.

For the android enthusiasts, OnePlus has chosen to go with a special build of Cyanogenmod which means you get all of the features and functionalities you expect from CM (which will be Android 4.4.2 out of the box). 

The only negative is that we don't know when it will be available yet. The company said it will be sold sometime in Q2 but you'll have to get an invite to buy one. Invites will be available through special contest, promotions or sign-up links. 

I have tested lots of USB and lightning cables but most of them die a quick and horrible death from the extreme pressures of travel. Most end up broken, cracked or otherwise unusable. 

That's until I discovered the wonderful Chargekey from Nomad. 

I wrote a review about it (link) that I encourage everyone to go read. In summary it is a durable, flexible, keychain attacheable USB or lightning cable that goes everywhere with you. 

I have tested other ChargeKey clones from Amazon, DHGate, DealExtreme and AliExpress but none of them are build as solid as the original ChargeKey. For an Everyday Carry (EDC) USB or lightning cable, the ChargeKey gets a 5 out of 5 from me.

Whether you travel for pleasure or business, one of the most useful gadgeteer's toys is a power strip (power bar). I have never seen a hotel room with enough power-plugs to charge my power-hungry electronics.

Having used and tested over 20 different power strips, the one that really won my heart is the Belkin SurgePlus (10 watt) (link) power strip. 

This thing is tinny and very easy to travel with. Not only does it give you 3 full power-plugs but it also provides 2.1Amp (up to 10 watts total) USB powered plugs to charge your electronics (smartphones, GPS, tablet, eBook reader, etc).

The unit's power-plug has a built in swivel system to ensure you can plug it into even the busiest plugs.

In addition to providing additional plugs, the power strip has a 918-Joule energy rating which means it will keep your precious little gadgets safe from electrical surges or lightning strikes. 

Properly wired grounding is also critical for device protection and I have stayed in one too many hotels were the grounding wasn't properly done for all in-room plugs. The Belkin surgePlus has a built in protection light that let's you know it is working and also that the grounding is properly wired. Very useful (often forgotten) feature.

I tested each plug and everyone provided clean consistent power (primary power-source was clean also). This is important because it means Belkin used quality components. I plugged in 2 laptops and a Nexus 7 charging brick to test the USB plugs and even when the power-plugs are fully utilized, it delivers clean 2.1A (up to 10watts) of power to the USB ports.

Overall I loved this little guy. Physically the plastic casing is well moulded and sold. It will last many years with proper care. When you plug and unplug it into a wall outlet, everything just feel sold. Plugging devices into the Belkin SurgePlus is also easy and everything feel solid. You can pull a plug out without having to worry about stressing the power strip or flexing it.

The only downside comes with devices that have large brick based power-plugs. Most of my devices have either power cables, power cables connecting to a brick or very slim brick connectors. If you have large bricks that plug in themselves then you may love one of the outlets because the plugs are close to each other. I do with the plugs where further away from each other or that at least one was moved to the side for larger brick plugs. 

We hear about online attacks almost on a daily basis and the targets are usually (in the media at least) large sites like CNN, Yahoo, Amazon, etc.

Did you know that your machine could be an attacker without you even knowing it? How could this happen? Because you most likely have lax security hygiene:

• easy to guess passwords
• visit on shady websites
• load "weird" attachment 
• or more

This means your home machine could already be part of a botnet used by bad actors to target companies or organizations with whose view they don't agree with. 

What can you do?

1. If you even suspect your home PC may be infected, restore it to the original factory default and start from scratch
2. All modern PCs come with a firewall built in and turned on by default but make sure it is turned on
3. Install a "good enough" antivirus program (such as the free Microsoft Security Essentials or Avast). Then make sure it updates daily and scan's your PC completely weekly
4. Once a month, use one of the free online antivirus scanners to perform a check with another software. Good free online options include;
   1. [www.eset.com/us/online...](http://www.eset.com/us/online-scanner/)
   2. [www.f-secure.com/en/web/ho...](http://www.f-secure.com/en/web/home_global/online-scanner)
   3. [www.microsoft.com/security/...](http://www.microsoft.com/security/scanner/en-us/default.aspx)
5. Uninstall any app you don't use as these may have vulnerabilities that can be used to exploit your PC
6. Only install software from trusted sources (file-sharing, grey sites or ad-ware supported sites are a bad idea)
7. Don't open attachments from people you don't know. Don't click on links from emails.
8. Buy a real router and don't rely on the one provided by your Internet Service Provider

The Quebec Superior court has ordered Telus to reimburse customers to the tune of $2.6M in text messaging fees. This is a  result of Telus unilaterally changing terms and conditions for 172425 customers in Quebec (charging 15 cents per incoming text message).

If you are one of the affected customers, you could receive a whopping $15 but know that Telus is reviewing the decision. They could of course appeal the decision so we'll have to wait and see.

It seems password theft is in the news every week and even average computer users are starting to learn about the benefits of 2 factor authentication. 2 factor authentication increasing your account security because it add to your password (something you know) with a second factor (something you have). 

The something you have is usually either an SMS message with a one-time authentication code to your primary phone on file or a special software that generates the same kind of code. The SMS option seems convenient but is less attractive when you consider the site would have to send your secure log in code encrypted through a 3rd party carrier (which is never a good idea in my opinion). Using a software one-time code generator is a much more attractive proposition in my book.

Which major sites use 2 factor authentication?

Almost every major site uses 2 factor authentication... Some (small list) examples are:

• Facebook
• Google+
• LinkedIn
• Twitter
• Tumblr
• WordPress.com

What is Authy?

Since most people have heard of Google Authenticator, let me take a minute and introduce Authy before I jump into the comparison. Like the Google product, Authy is a  Time-based One-time Password Algorithm and adheres to RFC 6238 (link) described by the  Internet Engineering Task Force. 

In addition to being a slick well designed app, Authy allows you to manage all of your TOTP 2 factor authentication tokens with it (including Google Authenticator tokens).

And with the Bluetooth agent on Apple computers, you don't even need to touch your phone when logging into websites. The entire process is slick and beautiful.

Authy also trives for 99.9995% uptime and has built their infrastructure accordingly. You can read a great techical article on Leanstack.io (link) about this.

Authy versus Google Authenticator

There are 2 types of Authy implementations:

1. A site can use Authy as their 2-factor authentication system (front and back end)
2. A site can use the Google Authenticator back end and the customer can choose to use Authy as the token generation client app

Let's take scenario number 1 first.

Let's say you are using Google Authenticator and you lose you phone, the only course of action you have is to find your backup 2-factor codes (that you hopefully printed when you set the entire thing up) and deactivate your tokens app by app (or site by site).

If the sites use Authy as the back/front end, you can revoke a apps token very easily from their site.

The other major issue with Google Authenticator touches world travelers. There are some countries where you won't have connectivity on your mobile device for extended periods of time which could lead to a drift between your phone's time and that on the Google servers. If the drift becomes too wide, you won't be able to login anymore because the entire TOPT process uses time in the calculation algorithm. The Authy team has accounted for this possibility and has built in more refined time drift smoothing algorithms to reduce the likelihood of this occurring.

Google Authenticator is built to run on only 1 device but more tech savvy users know that you can use your authenticator seed on multiple devices. The problem is that all your devices use the same seen which means if any device is compromised ot stolen, you have to cancel and regenerate all of your tokens. Even when used in multi-device mode, Authy create unique seeds for each device (when used with sites that have implemented the Authy backend not the Google authenticator backend). Which means you can revoke the rights to one device without having to reset everything.

Let's take scenario 2 now

One thing I hate with Google authenticator is that I have to redo the entire token creation process for every 2-factor enabled site everytime I change my phone. I could save a screenshot of my seed and use that in the future (instead of going through the entire process again) but that is a HUUUUUUUGGGEEE security risk. You really don't want to store your seed unencrypted.

Authy has a account synchronnization feature that allows you to move your entire token vault to a new phone or to a second device. Security analysts know that the goal is to minimize the attack surface and therefore sometimes you may chose to only allow 2-factor authentication code generation on one device. Authy actually sets its default configuration to only work on one device to ensure multi-device support is a conscious decision by the user.

To enable Multi-Device synchronization of your tokens, they have created a model of inherited trust which means a new device can only be authorized from an already trusted device.

This means that if you buy a new device (to replace your existing one or a tablet), you can easily transfer your authentication tokens over. 

The other benefit is that everytime you start the app, you get a fresh authentication code valid for 20 seconds which means you're not waiting 1 minute for the app to refresh with a new code.

Overall the app is much nicer than Google's. It is a clean touch friendly interface that is a joy to use. I have now migrated all my Google tokens to Authy and it is the only 2-factor authentication app on my devices: smartphones and tablets.

You can download Authy for free

• Mac App: (link)

• iPhone App: (link)

• Android App: (link)

I test thousands of apps every year for Android and IOS, and after a couple of weeks, most end up being deleted. 2 weeks ago I discovered a very useful free android app I think every Android owner should download now.

The app is called Agent (link) and offers 5 very useful pre-configured functions called Agents (which you see in the above image).

The 5 functions are described as follows (by the manufacturer):

•  Drive Agent is triggered by bluetooth and motion sensing (activity detection). It can be configured to read SMS messages aloud, respond with voice, auto respond to texters and callers to let them know you’re driving (editable message) & only respond to your own hand-picked list
• Battery Agent triggers at a percentage you choose. It helps conserve battery by giving you the option to turn off bluetooth, dim your screen and reverts back to normal settings automatically when you charge your phone. Will also let you know how much battery it saved you.
• Parking Agent remembers where you parked, based off your speed or bluetooth connection. Will remember your last five parking spots
• Meeting Agent syncs with your calendar to silence/ put your phone on vibrate when you don’t want to be disturbed. It can be configured to activate for busy events only, gives you the ability to specify your working week so that it only syncs with your calendar on days and times you prefer, works with shared calendars and auto responds to selected contacts during these "busy" events.
• Sleep Agent will silence your phone automatically when you go to sleep. You can configure sleep times for different days of the week, minutes of inactivity before activating, auto response to selected callers and texters during your sleeping hours, list of contacts that can wake you & Bluetooth, autosync, wifi and mobile data deactivation.

Having played with it for a week, I think this is a beautifully useful app. It is a competitor to the MotoX only MotoAssist by Motorola.  In some ways, it is even more useful than MotoAssist and could coax some die hard MotoX users to switch to other android devices.