Insights For Success

Strategy, Innovation, Leadership and Security

iiPhone

What you need to know about the iPhoneX

GeneralEdward KiledjianComment
iphoneX1.png

Over the coming weeks and months, the media will overwhelm you with review and editorials about the new iPhoneX. Of all the products Apple announced this week, the iPhoneX was the most radical in design. 

They have eschewed the home button and most of the bezels. This newfound space has allowed them to cram a beautiful 5.8" Super Retina OLED screen (458 pixels per inch) in a device that is smaller and easier to hold than an iPhone 7Plus or iPhone 8Plus.

All of the functions requiring a home button are replaced with swipe motions. Swipe up from the bottom, and you get the home screen or app-switcher (full swipe or half swipe respectively). 
A side button (right-hand side) can be used to invoke Siri. 

The removal of the home button also means Apple had to remove the TouchID authentication sensor. The beloved TouchID has been replaced with FaceID. It promises more secure authentication.

iphoneX2.png

TouchID had a false positive rate of 1 in 50,000. Apple claims FaceID has a false positive rate of 1 in 1,000,000 (regardless of you wearing glasses, changing your hair, growing a beard, etc). All the processing is done on the device (not sent to the cloud).

During the demo, FaceID failed. We don't know why but I am sure Apple will workout most of the kinks before it is released early November. 

We can't make any recommendations until we have a chance to test the device in the real world, but many have already started asking if the extra $300 (going from the iPhone 8 to the iPhoneX) is worth it. 

Had the iPhoneX been endowed with a dramatically superior camera system (compared to the iPhone 8 Plus), I would have jumped on it, but now I'm not sure. Yes the built in cameras do have optical image stabilization and the telephoto lens is slightly brighter but that doesn't justify the difference in my view. 

Using the FaceID sensors, Apple will map your face and allow you to apply the new lighting filters (even with the front facing selfie camera). Additionally it will create a detailed face-map allowing filter apps to create more realistic and properly aligned designs (think Instagram filters). They will also use this feature to create animated emojis called animoji. 

iphoneX3.png

Conclusion

Pre orders start on October 27 and deliveries will start a week later.

The truth is, the iPhoneX is a glimpse of the future. My guess is that we will see one more generation of traditional looking phones with a home button, then everything will switch to the all screen design. 

The iPhoneX is an opportunity for Apple to figure out how to mass produce all the sensors affordably, in preparation for an eventual launch in all of its products (including iPad). 

Install IOS Update 10.3.3

GeneralEdward KiledjianComment

As mentioned in my various articles, keeping your operating system and applications updates is a critical component to good overall security. 


Apple released IOS 10.3.3 yesterday, and amongst all of the bugs it fixes, there is one nasty security vulnerability that justifies installing it now. Right now. Do it. I'll wait. Come on, we don't have all day. 

Put Apple's banal sounding description aside for a second ("A memory corruption issue was addressed with improved memory handling".) This vulnerability comes from the Broadcom BCM43xx wifi chipset (CVE-2017-9417) and allows an attacker to execute code on the targeted device with kernel privileges.

To be clear, millions of Android smartphones (e.g. HTC, LG, Nexus and most Samsung devices) are also vulnerable to the BroadPwn vulnerability. 

Google also issued the BroadPwn fix in its July patch bundle (you are receiving the security updates for your phone right?)

The Workflow IOS Automation app is now free

GeneralEdward KiledjianComment

Automation can be help with simple tasks like converting a webpage to PDF or can become a complex monster saving you hundreds of hours a year. Until the Workflow app came to IOS, true automation was an Android only benefit.

The $5 app is now permanently free because Apple acquired them

The Workflow app has been around for a couple of years and is a distant cousin (functionally) to IFTTT. It allows users to string together a series of actions, tasks, conditions and inputs and perform all kinds of useful tasks.

It can:

  • Encode media
  • Record Audio
  • Post on social media
  • Automate app functionality where a URL scheme is exposed
  • Send emails
  • Pull RSS feeds
  • much much more

What we don't know yet is what Apple will do with the team and the app. It was made free but there is always the risk Apple will kill the app and move some of the functionality to:

  • a new Apple branded app
  • into a new version of IOS
  • into a new service running on iCloud

Why I left Evernote

GeneralEdward Kiledjian2 Comments

I have been an Evernote user since September 26 2008 (8 years 5 months 8 days). Many of those years were spent as a paying premium customer, but at the end of 2016, I decided it was time to leave. I wanted to share why I am leaving and my plans to replace it.

The Evernote I loved

From the very beginning, Evernote was a wonderful company to support. It was this scrappy upstart that was committed to building a "100 year company" (link) and was incredibly committed to its customers. It believed in openness and came to market with original ideas. It was unlike anything else being offered at the time.

The original founding leaders had this crazy open-dialog podcast that gave listeners an inside look into the company. The freemium model Evernote pioneered worked like a charm. Evernote constantly moved premium features into the free tear and was constantly challenged to make newer & better features for the 5% of their paying premium customer-base. 

Every platform I tested had an Evernote client that worked relatively well and within minutes of setting up a new device, everything I had captured was there waiting for me. It was a wonderful time.

The app was lightning fast and reliable. Sync was blazing and worked every time. Text recognition (even in images and attachments) was super accurate. I was happy.

Even though I didn't need most of the premium features, I started paying a premium membership to support the company. It was my one key app. I used it as my reference folder, as my to do manager (GTD), my list making application, etc. It become an extension to my brain. 

I was an Evernote ambassador, talking about it every chance I had and bringing more and more people into the fold. Everyone that joined Evernote thanked me. Everyone loved it, even those on the free tier. It offered incredible value to everyone that took the time to use it. Search Amazon for Evernote and you get 1,145 products from Moleskin notebooks to books to help organize your life using Evernote. 

Then July 20th 2015, they announced via a blog post that Phil Libin would be leaving the company and his replacement was this polished executive named Chris O'Neill. Other executives also left (such as Max Levchin). Little did we know O'Neill had plans to dramatically change the service we had come to love and depend on.

The Bad Changes

The new Evernote price

The first major shock was the change in pricing. My beloved Premium membership almost doubled in price and the functionality of the free/plus service dropped. 

When prices increase, consumers will evaluate all possible alternatives and determine if the new price is still the best choice for him/her.

For $10 more a year, I can buy an Office 365 home subscription shareable with 5 family members. Everyone on my accounts is entitled to all of the Microsoft Office apps (Word, Excel, Powerpoint, etc), plus each user receives 1TB of online OneDrive storage and of course Microsoft made it's OneNote app free for everyone on all platforms.

As a customer of Evernote, I was asking myself if spending an extra $10 and moving to Office 365 home made sense. For most consumers, it will.

The second was the downgrade if you chose not to pay these new higher prices. You were limited to sync on only 2 devices and your free monthly upload allowance was 60MB which meant it become unusable (for free) for most users.

The junkening

Over the years, Evernote lost its way and tried to become the everything app for everyone (a swiss Army knife). It had a food memories app.

The Evernote Food app allowed you to capture memories of great food you had enjoyed in restaurants (logging pictures, location, friends with you, etc). 

It bought a screen-capture and markup tool called Skitch and after a couple of updates, killed it (moving some of its features into its already bloated core Evernote app).

It had and killed many other apps (A contact app, a meeting app, Flash cards, etc).

Over the years it's main app, the Evernote Client (Mac, Windows), became a bloated mess of slowness and crashing. They migrated from their own data center to the Google Cloud platform ( earloier this year) promising faster and better service. The blog post on February 8 2017 mentions :

Rather than pouring resources into the day-to-day maintenance of equipment and software required for running the Evernote service, we can now focus more of our time and energy into responding to customer needs.

All good sentiments but I haven't seen any benefits as a customer. Evernote is still an expensive bloated mess. 

Breaking their own rules

In 2011, Evernote published the 3 laws of data protection:

  1. Your Data is Yours
  2. Your Data is Protected
  3. Your Data is Portable

The fist rule is clear, my data is mine and the only thing Evernote was going to do to it was normal operational tasks the ensure they can deliver the services I was expecting. The new Evernote wanted to add a machine learning function for its premium users and as part of that change tried to update its Terms of Service. This change was so viciously attacked by its users that in December 2016, they were forced to roll-it back and tried to reframe the conversation.

The worry was that the changed language gave Evernote employees the right to "read" your notes as they attempted to spot check and validate their new Machine Learning tools. The reversal meant the change would now be opt-in. This never should have happened the way it did. It showed clear gap in their change management and product management processes.

The second rules stated that :

Everything you put into Evernote is private by default. We never look at it, analyze it, share it, use it to target ads, data mine it, etc.–unless you specifically ask us to do one of these things.

This seems to conflict with their unilateral attempt to change the privacy language to enable their Machine Learning feature but.... The next part of this rule is:

we take many precautions to protect your data from accidental loss and theft. Everything you put into an Evernote synchronized notebook is stored in our secure data center with multiple redundant servers, storage devices and off-site backups.

Evernote had a couple of issues with data availability but the biggest was one that affected "some Mac users" and caused attachments to get deleted (article here). 

certain sequences of events can cause an image or other attachments to be deleted from notes without warning, but text is not affected.

So far, Evernote has failed on the first 2 of their data protection laws. The third law was about data portability. The law said:

There is no data-lock in Evernote. We are committed to making it easy for you to get all of your data into, and out of, Evernote at any time.

Ask anyone that has a large collection of notes with tags and dozens of folders, there is no graceful way to export your data in a usable format. Attachments are exported with their original file names (not the note name) and all structure is lost (tags and folder are lost).

I as one of the people that asked for Evernote to make a better export feature to ensure they met their own portability commitment. I wasn't sure how it should work, but knew it needed something better.

As you added more and more notes, this feature became more important and the lack of it became a glaring issue. As much as they say you can export in HTML, the exported data is useless. 

So they failed to meet their own 3 rules of data protection. 

No Markdown Support

As a technical Evernote user, I was part of their forums, UserVoice feature request system and always answered their user surveys. A feature I have wanted for years was Markdown formatting support (which would improve note compatibility). Their standard response was always that this was not part of their road-map. I wasn't the only one clamoring for Markdown support. Their forums listed thousands of users asking for it. 

Unfortunately Evernote was clearly not interested. 

Less consumer more business 

In an interview with The Verge,  Chris mentions the wants a more balanced customer base (less consumer and more corporate. This clearly shows in the steps they have taken and ancillary services they have killed.

Consumer services have been killed (Food, Flash Cards, etc) while corporate ones have been maintained (Evernote Work Chat a slack competitor and Presentation mode a Powerpoint competitor).

Changing competitive landscape

As Evernote continues to squeeze its free tier customers and makes paid tiers more expensive, it's primary competitor, Microsoft OneNote, has gone free for everyone on every platform. Additionally Google has its Keep/Google Docs combo and Apple its's Pages/Apple Notes combo. All of its chief competitors are offering more and more functions for free.

Others like Dropbox have launched services like Dropbox paper offering their existing subscribers cool new Evernote competing features. 

When I started using Evernote, it was the defacto standard integration partner for every app or service that I used. Almost every app I had on my Windows, Mac, Android, iPhone or iPad integrated with Evernote. As Evernote alienates its customers and more competitors enter the market, this is becoming less and less true. There was a huge benefit to knowing everything you had would work with Evernote, as this slowly disappears, that advantage also disappears. 

The Best Evernote Alternative

Having tested dozens of services, there isn't a really good alternative an Evernote power user will like but you have to accept this reality and move on. Evernote has clearly shown disdain for its consumer users and so the search for an alternative is ongoing.

The closest to Evernote has been Microsoft OneNote. OneNote is now free for everyone, getting more polished and feature rich with every update and they are clearly targeting Evernote users. It will definitely take some getting use to but it is a close enough alternative that most users will be extremely satisfied.

Microsoft OneNote works on most platforms, even on an Apple watch. 

In my quest to free my notes, I will be testing Clevernote.io more on that in coming weeks. 

I have gone through the period of grief and have accepted the fact that there is no "perfect" migration tool or strategy. I will lose some functionality and context around my Evernote notes but that's the cost of admission.

We are also seeing new companies pop up and try to fill the new Evernote void. One such startup service is called Bear

Bear is a beautiful simple note taking app that reminds me of Evernote's beginnings. It only works on iPhone, iPad and Mac today but who knows what the future will hold. A Bear Pro subscription is $15. 

Conclusion

I don't think the ship has yet sailed for Evernote and they can recapture their glory days if management does the right things but I am doubtful. Many have called Evernote the "broken Unicorn" and I agree. Most companies will stick with the good and trustworthy Microsoft and won't fork over hundreds of thousands a year to Evernote.

And unless Evernote changes course quickly, it will lose its core base of users (those who have been unofficial ambassadors over the years). 

So my recommendation is start the grieving process now and looking at alternatives. 

Will your Android phone allow someone to hack you?

GeneralEdward KiledjianComment
Image by  Jared Tarbell  used under creative commons license

Image by Jared Tarbell used under creative commons license

When a new undisclosed (0 day) vulnerability is used to hack a target's device, the media jumps all over it and create a small panic. Government intelligence and organized crime are always looking for new creative ways to break into target devices and are willing to pay top dollar for new unknown hacks. Vulnerability brokers (companies that are willing to sell 0-day vulnerabilities) are paying to dollar for these rare and very in demand weaknesses. Zerodium is now paying $1.5M for a good complete IOS attack.

Although these are troubling, the truth is the majority of attacks (and malware/virus') still exploit time tested and patchable vulnerabilities. This is why keeping your computer, smartphone and tablet operating system/apps updated is so important.  This is one of the reasons Microsoft switched to an automatic forced update model with Windows 10.

Apple's products are opaque and I do not believe in security through obscurity. I wish they allowed for more scrutiny of their mobile products but when something is discovered, they release updates very quickly and make it immediately available to all supported devices worldwide regardless of the carrier it was acquired through. 

This is one of the chief complaints against Android. Most Android devices are never updated once they ship and the ones that do receive updated typically get them slowly and infrequently. Check out the Android Platform distribution statistics:  

Only 0.3% of Android devices support the latest version (Android 7.0 Nougat) 1.5 months after release. On the IOS side, 60% of devices had updated to IOS 10 a month after release.

Only 0.3% of Android devices support the latest version (Android 7.0 Nougat) 1.5 months after release. On the IOS side, 60% of devices had updated to IOS 10 a month after release.

Even top tier manufacturers like Samsung (Note 7 issue notwithstanding) only update their most recent flagship products and that is if your carrier decides to allow it. 

Right now, as I write this, I have an Apple iPhone 6s Plus and and Google Nexus 6P sitting next to me. I  love android and find many of the features in the most recent Nougat release better than comparable Apple features. Don't call me an Apple fanboy or Google hater. The moral of the story is you shouldn't buy any Android phone where the manufacturer has not committed to delivering (quickly) the OS updates and the monthly security releases

As it currently stands, the only android products I can recommend are those sold directly by Google (Nexus or Pixel).

Buy an unlocked Nexus or Pixel product directly from Google to make sure you receive all of the updates quickly. 

Questions

Q A question I will likely receive is what about [insert brand / model here]?

A I expect emails asking me about the OnePlus 3, ZTE Axon 7, HTC 10, LG V20, Motorola Moto Z, etc. None of these manufacturers have committed to providing the OS and security updates quickly. The answer therefore is no. I love the price / quality proposition of the ZTE Axon 7 and the OnePlus 3 but without a commitment to updates, its a no go for me.

Q. Aren't iPhones more secure?

A iPhone's are slightly more secure because of the way the operating system is designed and applications are sandboxed. This doesn't mean it is unbreakable and the attempted hack of Saudi human rights activist Mansoor proves it( Read this article by CitizenLab

Both platforms can be used safely if you ensure you don't break their built in security (rooting on Android and Jailbreaking on iPhone) and you ensure you only download "real" apps from the official app stores. 

A. What else can I do?

Q In addition to using the "right" device, it is important to think about your privacy and security. Use the right apps for the right job.

  • Use encrypted communications apps like Signal. Signal's encryption has been reviewed by leading cryptographers and has been given a big thumbs up.
  • When browsing the web, use Tor to protect your identity (easier on Android) with a browser like OrFox. You can even configure Facebook and Twitter (on Android) to use Tor via OrBot.
  • Every picture taken with a smartphone contains "hidden" information called Exif information. This is information like the type of camera used, the settings used to take the picture, etc. It also contains the GPS coordinates of where the picture was taken. If you send this to someone, they can extract this information and use it to pinpoint the location the picture was taken. Send it to a social media site and they will start building a travel pattern of you. Make sure you remove EXIF information, using an app, before posting. There are tones of apps, just search the app store.
  • Uninstall apps you no longer use. Remember that apps are sometimes sold and the new buyer may push out an update that adds unwanted features "like tracking or recording". If you no longer use an app, get rid of it.