Insights For Success

Strategy, Innovation, Leadership and Security

Improve your internet security right now, easily and for free

GeneralEdward Kiledjian

Quad9 is a new DNS service launched by a non-profit consortium (founding members are IBM Security, Packet Clearing House & Global Cyber Alliance). The promise of the Quad9 DNS service is good security using the knowledge of some of the world's leading security research firms, by merely changing your default DNS server and ALL for free. 

The service is (not so creatively) called Quad9 because the DNS address is 9.9.9.9

Is the Quad9 service fast?


I used the free DNS Benchmark tool by Steve Gibson with connections from Canada, the USA, the UK and Switzerland. I performed ten tests from each region, and in every test, the Quad9 service was in the top 3 fastest DNS services available. In most cases coming in first. 

Quad9 is lightning fast because they use anycast routing which automatically finds and uses the nearest DNS server to the user. 

At launch, the service is powered by 70 servers in 40 countries, but the intention (in 2018) is to grow the fleet to 160 servers.

So how does it improve my security?

So why should you switch from your existing DNS service to the free Quad9 DNS service? Quad9 is a security and privacy enhancing DNS service that delivers much more security than any other DNS service currently available to consumers (more than your ISP, OpenDNS, etc.)

Quad9 says " Quad9 blocks against known malicious domains, preventing your computers and IoT devices from connecting malware or phishing sites." The threat intelligence is provided by the IBM X-Force but also includes 18 additional threat feeds from partners. Typically companies would pay tens of thousands for this level of protection and they are offering it for free.

You can configure your home router to use Quad9 and all device inside your house would be automatically protected (including that cheap easy to hack $29 webcam you bought from a shady online reseller). 

If a device (using Quad9) tries to contact a "bad" site, they will get back an NX domain error code (aka not found). This is how they prevent devices from being directed to dangerous sites.

Remember that a known good site could have been compromised and therefore could attempt to pull content from a shady site. Quad9 will prevent this from happening. 

Quad9 will continue adding features to further improve your security.

What about false positives?


They maintain a list of the 1,000,000 most used sites on the internet as a whitelist. This means that they cannot (mistakenly) blacklist an important site and make it unavailable. 

It looks like a well designed and well thought out platform.

What about my privacy?

The first thing you should realise is that most home connection use the DNS services of their ISP, and I consider most ISPs as the least trustworthy operators in your computing chain. Most are willing to sell your data cheaply to anyone willing to buy it.

Quad9's privacy statement is clear "No personally identifiable information is collected by the system. IP addresses of end-users are not stored on disk or distributed outside of the equipment answering the query in the local data center. Quad 9 is a nonprofit organization dedicated only to the operation of DNS services. There are no other secondary revenue streams for personally identifiable data; and the core charter of the organization is to provide secure, fast, private DNS."

Conclusion

I switched to Quad9, and it has been everything they promised. I recommend everyone reading this switch and try it out. It is one more layer of protection, and this one is easy & free.

OnePlus 5T: The good and the bad

Review, GeneralEdward Kiledjian

There are hundreds of reviews on the internet explaining the specifications and showing performance tests. I won't rehash any of that information. Instead, I will provide my personal opinion on the phone. My opinion is based on a short usage window thanks to a friend that lent me the device.

This will be a short, easy to read  review that can help you make a purchasing decision (if you are on the fence).

The OnePlus 5T Screen

The OnePlus 5T moved to an 18:9 (tall and narrow display). I like this format of a screen. It gives you a tone of real estate when browsing the web yet remains easy to hold. Many have complained that it is "only" a 1080p panel but to be honest, that isn't an issue (as long as you are not using it for Virtual Reality). In most cases, at arms length, the display is clean, rendering is sharp and the colours pop. 

By using a 1080p (instead of QuadHD like the Samsung Galaxy Note8/S8, LG V30, Pixel2 XL), this screen is very battery efficient. 

Additionally, the viewing angles are excellent and there is no tinting or colour shifting when looking at it from an angle. 

For those new to the OnePlus game, I also want to note that the OnePlus 5T ships with a screen protector already applied. 

The OnePlus 5T Design

Remember that this is an iterative change (going from the OnePlus 5 to the OnePlus 5T). The design isn't revolutionary even when compared to the iPhone 8 or the Oppo R11. The truth is that it doesn't have to be revolutionary. It is a rectangular slab of glass and metal and is easy to hold, relatively light and durable. 

The curved back makes it easier and more comfortable to hold. 

The device feels premium in the hand. It feels like a $1000 flagship phone: solid and well built. Nothing creeks or crack. 

It comes in one colour: black. 

The OnePlus 5T camera

The camera on the smartphone has become one of the most important factors in my personal purchasing decision. In good light, the OnePlus 5T (like its older brother the OnePlus 5) takes fantastic pictures. In good light, pictures taken with the main camera a sharp, crisp with vibrant eye-pleasing colours. 

The OnePlus 5T got rid of the telephoto lens and replaced it with a higher megapixel sensor (same aperture) supposedly to take better pictures in low light conditions. This is were I found the OnePlus 5T sorely lacking. Low light pictures were soft and grainy (compared to an iPhone 8 or Note 8). I think OnePlus should have gone the LG V30 route and made the second sensor an ultra-wide one). I really think that is the route they will take next year with the OnePlus 6. 

OnePlus has said they will release software updates to improve the camera performance in low light but there is a hardware limitation. Going for a lower megapixel sensor with bigger pixels would have yielded better results.

The OnePlus 5T uses Electronic image stabilization instead of Optical Image Stabilization (which is mechanical). In my video tests, the EIS performed relatively well in most lighting conditions but I still find OIS better. EIS requires the video size to be cut a bit. 

Coming back to reality, the picture and video quality in regular everyday use will be great especially when you consider this is a $500 phone. 

OnePlus 5T Fingerprint reader

The bigger screen means OnePlus had to relocate the fingerprint sensor to the back. It is well located in a spot where your fingers will naturally go (unlike the horribly placed sensor on the Samsung Galaxy S8/S8 Plus/Note 8). The sensor on the back is super fast (faster than my Samsung Note 8).

The fingerprint scanner also supports gestures (e.g. swiping down to open the notification shade). 

They have also implemented a basic face unlocking feature which uses 100+ features to "authenticate" you and unlock the phone. It is crazy fast. I cannot explain how fast it is (think instant). 

The OnePlus 5T face unlock feature is not as secure as the fingerprint scanner or FaceID on the iPhone X. IT is good enought for everyday use for most people. You can enable (and should) the face unlock and  fingerprint scanning features. Face unlock uses a picture of your face (no Infrared blaster or reader) so it will not work in dark situations.

OnePlus 5T's Oxygen OS

Until I moved to a Note 8, all of my Android devices have been stock or near Stock (original Motorola, Nexus, Pixel 1 devices). Oxygen OS is not stock but it is as close to stock as you are going to get. 

Oxygen OS feels like using Android on a  Pixel 2 XL with some small improvement modifications. This near stock version means the experience is buttery smooth, no noticeable lags and it even helps with battery life. 

Things they have kept

Cool features I have liked from the OnePlus 5 they kept in the OnePlus 5T include:

  • Dash charging. Dash charging moves the charge control circuitry to the charger (instead of the phone) thus keeping the phone cooler and allowing for faster more efficient charging. In my testing, Dash charging has turned out to be the fastest charging available on any android phone but does require proprietary chargers and cables. 
  • Headphone jack: Without jumping into the headphone jack controversy, jacks are better. I love Bluetooth headphones but there are times when wired is better and cheaper. I love that they decided to keep it. 

Conclusion

Unless photography or virtual reality are your main smartphone decision drivers, this is now the phone to beat. As I write this, my top 3 Android smartphones for 2017 (in order) are:

  1. Samsung Note 8
  2. Google Pixel 2 XL (because of all the issues the phone still has otherwise would have been my #1)
  3. OnePlus 5T

Note that the OnePlus is a top contender in performance at a mid-level price. If you need a casual photo shooter and don't use VR (GearVR or Google Daydream), then the OnePlus 5T is THE number 1 phone of 2017.

How to protect your Bitcoin from theft

GeneralEdward Kiledjian

Bitcoin is all the rage, and everyone is talking about it.  Any discussion or write up about Bitcoin usually starts with the fact that is it a decentralized digital currency. Decentralized means that no government or company controls it and it also means each participant is on his/her own when it comes to protecting their Bitcoin investment.

With US fiat currency saved in a bank, you have a high level of confidence that the money will be there in a day, week, month or a year. If the unthinkable happens and the bank is hacked,  most bank deposits are federally insured, and the government will make you whole.

Bitcoin does not have any insurance or governmental oversight. Any Bitcoin left on an exchange is only as secure as that exchange's platform.

In Bitcoin, your ownership is confirmed using a super secret private key. When you store coins on an exchange, they hold the private keys for these coins. Any hacker that manages to obtain these private keys can, therefore, control your (now their) coins and move them into a new account they control. Once your coins are gone, there is no way to recover them.

How to secure your Bitcoin


The first rule is: do not leave your Bitcoins on an exchange. Most theft happens from exchanges because hackers know that compromising one exchange can yield millions in gains.

Some Exchanges (e.g., Coinbase) offer offline cold storage options. These are more secure than their traditional active accounts (since they double check transaction requests and have long waiting periods), but if someone steals the private keys due to infrastructure insecurity,  they would be able to access your coins.

The second rule: control your private keys. When managing your private keys, computer security becomes critically important. I have written dozens of articles about it, so I won't take a deep dive here, but you'll have to spend some time thinking about it.  

In TL;DR form: I recommend that you chose the safest and most robust computing environment when processing your private keys or performing Bitcoin transactions (purchase, sale or transfer). For most individuals, I recommend using a name brand Chromebook. A Chromebook a purpose-built device running Google Chrome on a very secure Linux operating system. Google continuously updates Chromebooks. Chromebooks offer a small attack surface and are less susceptible to compromise than a Windows or MacOS device.

Now that you have a secure platform to complete your transactions, the next question is: Where do I store my private keys?  

You should keep a small amount of Bitcoin in a reputable smartphone app, where you can access it quickly if you feel like spending it.  I like the Jaxx wallet (it is simple, well written and cross-platform).

You should store most of your bitcoin in a purpose-built offline (not on your computer or connected to the internet) hardware device. My device of choice is the Trezor wallet, but there are other excellent options (e.g., Ledger). These devices generate and protect your private keys. By keeping your private keys offline, they are immune to infections on your computer or constant hacking attempts. A Chrome extension powers the Trezor wallet, therefore it works beautifully on a Chromebook.

Image courtesy of Trezor

When setting up these hardware wallets, you generate a special recovery sentence (typically consists of 20 unrelated words). You should write this down on paper and store it somewhere safe. Never save this online, since anyone with access to this code could recover your private keys and steal your money. In the unlikely event that your hardware wallet dies, you can order a replacement and restore your private keys (during initialization) by entering your unique secret recovery sentence.

As cryptocurrency matures and becomes more widespread, I believe people will have to take a more active role in protecting their own money.  It's probably a good idea to dip your toe now and start learning the ins and outs of crypto currency.

My history with mobile gadgets

GeneralEdward Kiledjian

I've been involved in technology for a long time and bought my first real personal digital assistant (PDA) in 1997. It was an Apple Computers MessagePad (Newton) 130, and it was a thing of beauty. It had handwriting recognition, an external keyboard attachment and fueled my geek dreams about what wondrous technologies the future would bring.

Along the way, I owned hundreds of devices including Palm pilots, Treos, Handspring devices, Nokias and almost every other portable gadget in between.

As you can imagine, I also bought the first iPhone and almost every one since (in the last ten years). Every time I watched an Apple keynote, I was like a kid in a candy store. I starred at the presentation anxiously waiting to see what amazing new technologies Apple would bring into my life. Apple didn't invent most of that tech, but it usually made it usable and practical.

Then Steve passed away, and many were worried whether Apple had lost its mojo. Fans defended the Cupertino giant, but we started to see some cracks forming in its otherwise perfect and shining armor. Tech reviewers what would never have dared to challenge the superiority of the big Apple began to ask difficult questions.

For the past five years, I have been carrying both Android and IOS smartphones, but the iPhone has always been my primary daily driver. September 2017, was time for me to upgrade my "primary driver" from an iPhone  6s Plus + an iPhone 7 (yes I have both). I watched the keynote and was dumbfounded by the iPhone X. It was a beautiful piece of kit but had a screen smaller than the plus models and a price tag of $1500CAD. The camera wasn't materially better than the one in the iPhone 8 Plus. The only new "thing" it brought to the table was the FaceID sensor, an OLED screen, and smaller bezels.  

Apple technology innovation

Surely I had missed something. A ~$400 price increase had to bring something new and revolutionary? But it didn't. Having been a gadget geek for the last 25+ years, I knew perfectly well that previous devices  contained technology Apple commercialized many years later:

  • wireless charging (HTC Droid DNA in 2012 - Apple in 2017)
  • dual rear cameras (HTC One M8 in April 2014 - Apple 2016)
  • OLED screen (Nokia N85 in October 2008 - Apple in 2017)
  • Fingerprint scanner ( Motorola ATRIX 4G in March 2011 - Apple 2013)

Apple made many of these technologies better but by the time it included it, Android devices at half the price of an iPhone had them built in.

Apple has been a significant force pushing smartphone manufacturers to make safer, more secure devices and operating systems. This has been a clear win for consumers. Good healthy competition is good for the marketplace.

Is the iPhone more secure than an Android device?

Technologically yes. Apple's IOS is designed with strict application controls to protect user information. Its hardware (e,g, the secure enclave) is a thing of beauty and incredibly well designed to protect your biometric and financial information.

In the real world, for the average consumer that is not being targeted by skilled blackhat hackers or nation-state threat actors, both can be made equally safe with minimal handling precautions.

Not in my walled garden

A couple of months ago, Apple made headlines when it blocked all VPN apps from its China app store. This decision was made to comply with local laws, and Apple had no choice. The problem arises when you realize that Apple doesn't have a mechanism for users to sideload apps onto its devices.

Sideloading apps is a risk because it could be an attack vector, but shouldn't the user be able to accept the risk and perform their desired action on an $800-1000 device?

This had a chilling effect on some activists in China, but the same model of application category control could be applied to anything else in any other country (e.g., a country can outlaw social media or dating apps, etc.).

Time to switch?

Apple's latest financial results show that the company is doing smashingly well. They are selling record numbers of mobile devices, and their cash horde is only getting larger. Any talk about its demise is greatly exaggerated.

There is, however, a growing number of users, who were once ardent fans gobbling up all Apple branded tech, as fast as the company could release them, that are now looking at alternatives. I am amongst this group. My decision to switch isn't based on the cost of the device,  but on the more advanced Artifical intelligence features like the built-in assistant.


Android Auto versus Apple CarPlay

My latest car can support both platforms, but anyone that has used Apple Maps will tell you, it sucks. I can't tell you how many times it has navigated me into a major traffic jam or has taken me 20 minutes in the wrong direction. Apple doesn't like competition and would rather offer a sub-par experience to its users and maintain control.

On Android Auto, I can use other mapping apps, but on the iPhone, you can only use Apple Maps.

On Android Auto, you can choose which music app is your default and voice control it. On Apple, you can only voice control Apple Music.

And this is an example of the user-hostile behavior exhibited by Apple. Not only does it block competition, forcing you into inferior apps, but it isn't even improving the core interaction mechanisms of Car Play: the visual interface and SIRI.

SIRI the terrible


Most iPhone users from teenagers to CEOs use Siri a couple of times at first, then give up. I had hoped that Apple would update Siri's capabilities with IOS 11 (particularly with the expected December release of the Siri powered home speaker system, the HomePod). Surely Apple would impress us with massive gains in understanding and capabilities. Nope. Nothing.

While the Amazon Echo and Google Assistant improve every month, Apple hasn't developed Siri in years. It feels like Amazon and Google are working in internet time while Apple is working ... To be honest, I don't even think they are working on Siri. I say that facetious. I know they are working on Siri, but until users benefit from that work, it is useless.

The big data problem

I work in security and understand that absolute security is the enemy of usability. An absolutely secure system is not usable.
In the enterprise space, we are continually struggling to find the right balance between security and usability.

It feels Apple has taken a more security-focused approach and is willing to sacrifice modern functionality.

Any modern deep learning expert (aka neural networking that powers smart assistants) will tell you that the key to success is having vast amounts of ingestible data. Apple doesn't have this type of data because of it is privileging user privacy, whereas Google and Amazon do. Where Apple's image search can show you a dog, Google's can find the chihuahua on a beach eating a hotdog.

Siri is a parlour trick you get tired of after a day or two. Google Assistant will become a real time saver and thus will become something you will likely come back to over and over.

The latest and greatest thinking in machine learning from Geoffrey Hinton may eventually be beneficial for Apple. It is called Capsule Theory and is a new way of developing machine learning models that require much less data, but this is still early day research.

Conclusion

As I search for my next daily driver, I am testing a handful of new Android smartphones that I will review shortly on my blog. First-up will be a review of the Samsung Note 8. I won't be discussing the specifications but looking at it from the viewpoint of an iPhone user considering the switch.

I am hoping to also get my hands on a Mate 10 Pro, Pixel 2 XL and the ONePlus 5T.

Essential now has an Android 8 Oreo beta porogram

GeneralEdward Kiledjian

Android 8 Oreo is the next thing for Android devices and everybody is working hard to bring it to their phones. Now Essential has implemented a special Oreo beta program for owners of its beautiful Essential Phone. Where Samsung allows you to install the Oreo beta (on the S8 and S8 Plus) via OTA update, Essential will force you to use ADB.

Essential does provide clear instructions but this can be seen as a natural filter that disqualifies anyone that doesn't really understand how Android works or understand what a beta is.

You will find, using the above link, a build for NM181C (for Sprint and Telus) and NMJ32F (for the other carriers)

Warning !

Remember this is a beta and you will experience issues and bugs. Known bugs already include: high battery drain, Android Auto issues and app instability.