Backup and encryption

This entry is part 2 of 3 in the series Security

This article was the subject of Fast Talking Podcast episode 190 and appeared in the Colorado Auctioneers Association‘s quarterly newsletter.

It was 2007. NAA Conference and Show was in San Diego. My bags were packed in my truck. I swung by the office to grab my computer and other electronics that I’d need for the week in California. As I walked out the door for my two hour drive from Manhattan, Kansas, to the Kansas City airport, I realized I’d forgotten something. I sat my computer bag on the ground next to my pickup’s passenger door and went back inside. When I returned, I got in my truck, cranked the wheel to the left and backed out, only to realize that my front tire just rolled over my laptop bag. My computer — and my mood — was crushed. I had unfinished work for upcoming auctions that I’d planned to do on the plane and I had no time before my flight to prep another computer. It made for an interesting and uncomfortable trip.

Broken hardware is one thing, but what if I’d lost the computer? What if instead of picking up pieces off the ground, I was instead unsure of where it was? Had it fallen into malicious hands? Were all the accounts that I’d logged in to now at risk of being compromised? It’s always better to know a computer is destroyed than to wonder if someone is combing through the data.

The scenario is simple — at any time, you can suddenly lose your laptop. In order to make sure that the only cost to you is the value of the hardware, it’s crucial that your computer is encrypted and backed up properly.

Encryption

Computer encryption can get very technical very quickly, but for our purposes it simply means a way of scrambling the data on the computer’s hard drive so it can’t be read by anyone who doesn’t have the password. The password to login to Windows isn’t enough, as it’s fairly trivial to bypass. The correct solution is called full disk encryption, where everything on the computer is encrypted for everyone who doesn’t have the password.

For many years, the right answer for encryption was a product called TrueCrypt. It was free software and the encryption was bulletproof. A few years ago, the TrueCrypt project closed down. Luckily it’s successor, called VeraCrypt, is also free and based on much of the same code base as TrueCrypt. Since it’s open source, third parties have been able to audit the software to make sure there aren’t backdoors or other ways for criminals or governments to bypass the encryption.

Operating systems have their own versions of encryption. Windows has BitLocker and Apple has FileVault. While I’ll always prefer a free and open source solution over one from an operating system provider, these solutions may be a good fit in some situations.

Many modern laptops also provide built-in encryption options on the hardware level. Many of these might work as well as VeraCrypt, though there’s no way to guarantee there isn’t a backdoor. Sometimes, a laptop’s password simply prevents the laptop from booting up and doesn’t actually encrypt the data. This means someone could simply remove the hard drive and put it in another computer to access your files. Make sure if you’re using a built-in password function on your laptop that it’s actually encrypting the data.

Only by using full disk encryption can you rest assured that if your computer falls into the wrong hands, all your data about your auctions, customers, clients and personal accounts won’t be at risk. Entering a password every time you boot your computer is a small price to pay for that peace of mind.

Backup

Encryption prevents the bad guys from getting your data, but what about losing your work? If you drive over your laptop with the front wheel of a diesel pickup, how do you get your files off of a hard drive that’s in pieces on the ground? In addition to the possibility of losing your computer, new viruses called ransomware actually encrypt your files and make you pay a ransom before giving you the key to decrypt them. A good backup solution can mitigate a ransomware infection by allowing you to restore the unencrypted versions of your files.

There is a frequently recited rule of backup called 3-2-1. You need three copies of your data, on two different mediums and one needs to be offsite. Simply buying an external hard drive and copying your files there is better than nothing, but it’s also grossly insufficient and inefficient. A good backup solution will run continually in the background, copying versions of your files offsite as you create them, so you don’t notice it until you need it.

In much the way that TrueCrypt was the best answer for encryption, there was also a best answer for backup called Crashplan. Crashplan allowed users to backup to friends for free. I wrote in 2012 how this was a perfect backup solution that didn’t have a monthly fee like most of the backup services. Unfortunately, a few weeks ago, Crashplan announced that it’s discontinuing its free version in October 2018. While I’ve been hunting for a replacement, it’s unlikely that anything will be as simple as Crashplan to use without a monthly fee.

There are still myriad subscription backup services. Some of the best known are Carbonite, Backblaze and Mozy, and each has a different pricing plan based on the amount of data to store and how many computers will be using the service. As you shop around for the best deal, pay attention to the cost to get your data back. In 2011, I lost 2 terabytes of data that was backed up with Mozy. Only then did I learn that they charged $.50 per gigabyte to restore the data, and I had to come up with the $1000 within 30 days before my files were deleted.

In the auction business, like any business, time is money. Some backup solution is better than nothing. In my search for a Crashplan replacement, I’ve found a lot of negative comments about Carbonite and a lot of positive comments about Backblaze, so if I were looking for a simple turn-key subscription backup service, I’d probably start with Backblaze.

Backup and encryption

In summary, disaster happens when we least expect it. We need to take steps now to ensure that when, not if, we lose a computer, it might cost us money to replace the device but it doesn’t cost us time to recreate all our work or, worse, cost us sleep worrying about who might have our data and what he or she might be doing with it.

Posted in featured, Security, services | Tagged , , , , , , , |

The MediaPad M3 is a fast, modern Android tablet

I’ve found that auctioneers are always excited about finding ways to be more efficient. Indeed, some of the best ideas I absorbed in Columbus last month revolved around doing more in less time. I’m a firm believer in the importance of the right tool for the job, and when it comes to reading news, checking email, reviewing PDFs and performing other information consumption tasks, nothing works better than a mid-sized Android tablet.

I was a huge fan of the Nexus 7. It was Google’s first tablet, released in 2012, and the first Android tablet that I felt got it right. I’d used the Acer Iconia and Toshiba Thrive and Samsung Galaxy Tab and nothing seemed to work right until the Nexus 7. It was the perfect size and ran pure Android. The second generation Nexus 7, released in 2013, was even better and with a sleeker, more modern shape.

Huawei MediaPad M3

Huawei MediaPad M3

Over the next few years, I bought the Nexus 10 and Nexus 9. Each had problems, mainly that they were quite slow and sluggish. I actually bought a second Nexus 9 when my first one broke because I needed a tablet to control my drone and my Behringer XR-18 mixer for my band. The second Nexus 9 seemed to slow down faster than the first, even after factory resets.

A few months ago, I’d finally had enough of the unreliability of the Nexus 9 and began searching for a replacement tablet. I looked at the Samsung options, but wanted something with an IPS screen and a smaller screen than the Tab S3 offered. I took a chance on the Huawei MediaPad M3 and have been quite impressed.

I’ve never used a Huawei device before, and I was a little nervous placing the order. I knew that it was a premium tablet, even though the name sounds like one of those $50 tablets you can find at your local Quick Trip. Even though I knew that Huawei makes huge numbers of device around the world, their comparatively smaller market share in the US gave me pause. I’m glad I placed the order.

The reason the Nexus 7 was such a great size was that it split the difference between a phone and a full size tablet. As phones got gradually bigger, there wasn’t much of a difference anymore between a 7″ tablet and the 6″ Nexus 6. At 8.4″, the MediaPad feels again like the perfect balance of a larger screen yet not cumbersome like a 10″ tablet. It’s really thin and difficult to hold, though, so I grabbed a kwmobile Crystal Case TPU silicone protective cover and Mr. Shield tempered glass screen protector since I knew I’d be using it on the farm. It’s easier to hold now and I can use the tablet without fear of dropping it or damaging the screen.

Huawei MediaPad M3 with Crystal Case

Huawei MediaPad M3 with Crystal Case

The MediaPad is fast, with specs on par with modern phones. It’s so nice to have a tablet that’s not frustratingly slow. While a new Nexus 9 or 10 feels fast, it doesn’t take long for it to seem slow. I’ve used the MediaPad M3 for the last couple months and it feels as fast as it was when I got it.

The screen is an IPS panel that’s bright and beautiful but not polarized like the Nexus 7 so I don’t have to take my prescription sunglasses off when using it in landscape orientation. The bezels are small enough that, even at 8.4″, the tablet is easy to grab with one hand.

Battery life has been quite sufficient. I don’t carry it everywhere I go, so it’s easy to leave on a charger when not in use.

The front facing fingerprint reader doubles as a multifunction button. Touching it functions like a back button. A long touch is like pressing the home key. Swiping horizontally brings up the recent apps display and swiping up triggers search. There’s also a setting to enable soft keys like a standard Android experience, but I noticed some random bugs so I keep them off. I also quickly became frustrated at how easy the search function is to trigger — luckily there’s an app called SwipeLaunch Disabler that disables the search triggering.

Huawei MediaPad M3

Huawei MediaPad M3

The software on the MediaPad initially sucked. A lot. It runs Huawei’s EMUI, which was every bit as bad as Samsung’s TouchWiz. A few weeks ago, the tablet upgraded to Android 7 and EMUI 5, and brought with it a new notification shade design that makes it very similar to Android devices from other manufacturers. It’s quite usable now, especially with Action Launcher and Gboard.

The MediaPad M3 isn’t without flaws. I really wish it came in a color other than “Moonlight Silver” [read:white] and that it used a USB Type-C port instead of the Micro-USB port. There’s also an issue with the Wi-Fi only working on 2.4 GHz in the US, so it won’t connect to any 5 GHz access points.

Overall, I’m really happy with the Huawei MediaPad M3. I don’t use it to take pictures and I don’t use it to type, though I did type over half of this review on the tablet before finishing up on my Chromebook. It works great with my drone and my mixer for my band and is much more pleasant to read than my phones. Fast, modern Android tablets are harder and harder to find. If you’re looking for a simple, fast Android tablet that’s easy to hold and fun to use, get the Huawei MediaPad M3.

Posted in Android, gadgets, reviews | Tagged , , , |

Your call to action is on fire, and your brand is burning

I’ve had it with marketers — even though I suppose I am one, by process of elimination. But I’m sick of emails with hail-Mary subject lines, yellow AUCTION TODAY signs and websites with all-caps, bold and flashing text saying, essentially, “BID NOW, DAMMIT!”

Maybe that’s your niche. Maybe you you decided that your company’s brand strategy is to compete on price and your slogan is “we sell things at auction at bargain-basement prices!” You’re willing to do anything you can to catch someone’s eye, even if it means using emoji in the subject of your bulk emails.

Emoji subject line

Maybe you read an article or have first-hand experience that yellow is the best color to catch someone’s eye, so all your flyers and signs are on a yellow background. You don’t care that yellow also means cheap, because your job is to do the best job for the seller you’re working for to the exclusion of all other priorities — including your and your company’s dignity.

This race to the bottom, in the long run, hurts your company’s brand. Worse yet, it hurts our industry. If our customers see that every call to action we use has the volume knob turned to 11, then they’re likely to lump our content into the same bucket as other similarly faux-important, hair-on-fire materials they receive — spam.

My friend Ryan George frequently says, “If everything is bold, nothing is.” He’s usually talking about flyer design, but the saying perfectly summarizes the challenge that we auctioneers face. Each auction deserves our best effort, so why shouldn’t we try to convey to our prospective bidders that it’s the most relevant-to-them event we’ve ever conducted?

Because they’re not stupid. They know that every auction we have can’t be our most important sale. They know that we’re in the business of finding repeat business, and they can see through our smoke and mirrors. They lose respect for a furniture store that has more than one going-out-of-business sale per year, so why do we think we can convince them that every sale we have is the opportunity of a lifetime?

We should know that the harder we try to iterate on the most eye-catching, routine-disturbing subject line or post title, the more our content looks like spam. We should know that success is built on establishing a company brand that’s respected for quality of service, not our willingness to busk or feign phony plumage.

I’m not saying we should sandbag our marketing efforts and underrepresent the items in our auctions. By the same token, I don’t want to work in an industry where everything is superlative. I believe that the best way to retain the customers we want is to treat them — and their attention — with respect.

Posted in advertising | Tagged , , |

Proper password management

This entry is part 1 of 3 in the series Security

This article was the subject of Fast Talking Podcast episode 163.

Password management can be challenging. Proper password hygiene requires a different, secure password for each service. Let’s take a look at what these two requirements mean and why they’re important.

Secure passwords

A secure password is one with enough entropy and length to resist brute force attacks. Entropy, in this context, is the amount of randomness in the password. A password that comprises words in the dictionary has a very low entropy, while a password made up of random characters has a high degree of entropy. A brute force attack uses a powerful computer to try every possible combination of characters until one works. Modern offline brute force attacks can attempt billions or trillions of combinations per second.

Entropy is important because modern password cracking processes are smarter than just starting with A and then trying AB and then ABC. They use patterns derived from the millions of leaked passwords to determine commonalities likely found in your password, and they try those first before moving on to more random combinations.

Length is important because it’s how we can easily make the brute forcing process take much longer. Each character in the alphabet can be upper and lower case, which means every letter we add forces an additional 52 possibilities. Adding numbers and special characters to the password “alphabet” can increase the character depth to 92. There’s the great Password Haystacks tool at GRC to analyze password strength and length and tell you how long a brute force attack would take on the password you give it. Don’t worry – nothing is sent through the internet…it’s all done with your browser, which is important for reasons we’ll examine later in this post.

Different passwords

We’ve all heard of the myriad password leaks from major internet businesses in the last few years. These leaks seem to be increasing  – Yahoo is usually good for a new breach announcement every few months now. When passwords are leaked from one service, every user who used the same password on a different service is suddenly vulnerable. If every password you use is unique to each service, then a password breach only impacts your account at the service that was breached.

Rotating password

Why do some security experts recommend, or in some cases demand, that we change our passwords every so often? Because if our password is one that we’ve reused on multiple sites, then the longer we use it, the better the chances that it’ll have been involved in a breach of some service somewhere and our password will be floating around in one of the databases-for-sale available to the hacking community. A frequently refreshed password mitigates this danger. But, if we make sure that each website has a different and secure password, then there’s no need to ever change it.

Here’s a bad password.

Auction123

Here’s a good password.

VSSK}5kQeJu>F3*,IIK|CWzUa6<SkPQLbxJnc/k}XlS3,nDrI`{K!b<jyAp8|=5

It’s unrealistic to think any of us can remember a good password for the hundreds of sites that we use on a regular basis. We must use a password management system.

LastPass is the right password manager

While there are many services that compete for each class of service these days, in my experience there are some absolutely right answers. CrashPlan, for example, is the right answer for file backup. TrueCrypt was the right answer for encryption when I wrote about it in 2008, now it’s TrueCrypt’s offspring VeraCrypt. Doggcatcher is the right answer for podcasts. For password management, the right answer is LastPass.

LastPass is the Cadillac of password management systems. There are several out there — 1Password, KeePass, Dashlane — but in my research and experience, none offers the combination of security, simplicity and enormous feature set found in LastPass.

You name it, and LastPass does it. Browser extensions and an excellent mobile app mean you only have to log in to LastPass and LastPass logs you in everywhere else, automatically filling in your username and password across the web and in your local apps and even Wi-Fi networks. Passwords are only the beginning, as you can store notes, SSNs, QR codes, images and credit card information completely securely. Shopping becomes much easier when LastPass populates credit card information and addresses into web forms.

It features two-factor authentication, so you can enter a one-time-use code in addition to your LastPass password for that important second layer of security. The first time you log in to a site, it pops-up an option to automatically store that credential so you never have to worry about it again. When you’re creating accounts, it generates extremely secure passwords so you don’t have the stress of having to come up with something yourself. It can also audit your security, letting you know which sites have weak passwords and offering you the ability to easily change them. For most sites, it can actually change your passwords for you to something much more secure.

You can also share passwords securely with other LastPass users, which lets us share the ability to login with employees without giving those employees the actual passwords. If an employee leaves, we simply turn off the sharing of the login with that user instead of having to actually change passwords to the different sites the employee was using.

The best part about LastPass is that all your content — passwords, SSNs, notes and even images — is encrypted on your computer before it’s transmitted to the LastPass servers. LastPass never has access to the master password since it, too, is encrypted before it leaves your computer. Even if the LastPass servers are compromised, all a hacker would have access to is the encrypted data which, assuming the master password has enough entropy and length, is useless to anyone other than you.

LastPass has  a free tier, which lets you sync any of the same type of device. If you set up your account on a desktop, you can sync with any other computer for free. If you create your account on a phone, you can sync to other mobile devices for free. To sync your phone and computer, you need to upgrade to LastPass Premium, which, at $1 per month, would be a steal at 10 times the price.

If you don’t have a password system in place, get LastPass today. If you currently use one of the other password management systems, take a hard look at LastPass and see if it might make your life even easier. If you look at LastPass and think one of the other solutions works better, I’d love to know why and how — let me know in the comments.

Posted in Apps, Security, services | Tagged , , , |

The LG V20 is Verizon’s best phone of 2016

The LG V10, released in late 2015, was a monster of a phone. It was a big device with dual cameras and screens on the front and geared for content creators. I’ve been eagerly awaiting its successor, the V20, to see how it improved on the V10. My friends at Verizon recently let me use one for a few weeks, and I was able to confirm what I suspected. My LG V20 review found it to be my favorite phone of 2016.

LG V20 hardware

LG V20 and box

The V20 is one of the largest phones available. At 5.7″, it’s the largest phone currently available from Verizon, along with the V10 and Stylo 2 V which also have 5.7″ displays. The V20’s screen is a beautiful IPS display, which I prefer to the AMOLED panels offered by other manufacturers.

The 4 GB of memory and Snapdragon 820 processor mean that the phone is among the fastest ever released. Currently, only the Google Pixel has a better processor, and I personally didn’t notice a difference in performance using them side by side.

In addition to the large primary screen, there’s a second screen that sits just above the main display. This always-on screen can be configured to show time and notifications, media controls, recent apps, quick contacts, app shortcuts or upcoming plans.

Volume rocker on left, headphone jack and USB Type-C port on bottom

The headphone jack, USB Type-C port and speaker are all on the bottom of the phone. Unfortunately, in a departure from last year’s designs of the G4 and V10, LG has moved the volume buttons to the left side of the phone. The power button with a fast and accurate fingerprint sensor is still conveniently on the back, but I found the volume buttons to be inconvenient to use when holding the phone with my right hand.

One of my favorite features of the LG V20 is the removable back that exposes a removable battery and the SD card slot. The phone comes with 64 GB of internal storage, which should be enough for most people. Support for an SD card means there’s not really a way to run out of space.

My favorite part of the V20 is removable battery and SD card slot

The sound quality of the V20 is stunning. Playback is enhanced with what LG calls the Hi-Fi Quad DAC, or digital audio converter, that provides amazing sound quality for wired connections. While I nearly always use Bluetooth, I did enjoy comparing the sound quality of the V20 to the Nexus 6 with a set of Sony MDR-7506 headphones. The V20 was not only louder, but it was cleaner and clearer with improved frequency response all over the spectrum.

In addition to the best audio playback I’ve ever heard from a phone, the V20 boasts improved recording abilities. It ships with the HD Audio Recorder app which is the best audio recording app I’ve ever seen. It can record to 24-bit FLAC at 96 kHz, and allows the user to adjust gain, add a low cut filter and control the limiter.

Software

The phone comes with LG UX 5.0+, which displays all apps on the home screens by default. A tweak to the settings will restore the app drawer to restore sanity, but it’s best to install a third-party launcher like Action Launcher 3 or the Google Now Launcher. The LG default keyboard works, but isn’t as clean as the Google Keyboard.

Always-on second screen

The best use for the second screen is for notifications. Normally, notifications on Android pop up and interfere with whatever app is in use at the time. The V20’s second screen shows these notifications, leaving the primary screen dedicated to the app that’s in use at the time.

Another nice software feature is the ability to scale the content of the screen. The beautiful 2560 x 1440 Quad HD screen can be set to show a lot of small content or a lesser amount of larger content. The default setting didn’t show enough content on the screen for my taste, and I was thankful it was easy to change to take advantage of the large, high resolution screen.

Battery and power management

Back of LG V20 features power button with fingerprint reader

The V20 is one of the only recently released phones that has a removable battery. I was slightly disappointed by the battery life on the V20. I reviewed the V20 immediately after testing the Pixel XL, which I found to have phenomenal battery life considering the size of battery it had. The V20 is okay, and certainly as good as any other Verizon phones released in 2016 with the exception of the Pixel XL, but I wasn’t able to get anywhere near a full day out of it, even when at my desk. It supports Quick Charge, so recharging it with a cable during the day didn’t take too long, but it’s still not as convenient as only having to charge a phone at night.

Disappointingly, unlike the G4 and V10, the V20 doesn’t support wireless charging with the addition of a special back cover. However, it appears ZeroLemon will be selling a battery upgrade for the V20, replacing the 3,200 mAh battery with a 10,000 mAh brick. A battery this big would mean I would only have to plug the V20 in at night, eliminating the need to recharge it to get through the day.

Camera

Saving the best for last, the V20’s cornerstone feature is the camera configuration. The back features a 16 MP camera with laser autofocus and optical image stabilization that I found to be just as good as the camera on the Pixel XL. It also has a wide-angle lens on the back, which is amazingly convenient. This was the deal-making feature on the LG G5 that caused me to immediately order one for my wife, and it’s one of several features that will cause me to pick the V20 over the Pixel XL for my next phone.

Not content with the winning camera configuration on the back, LG also uses a wide-angle camera on the front to make it easier to capture selfies of multiple people or capture more of the background environment. They’ve simply done everything right when it comes to cameras on the V20.

As you can see in the example below, the V20 easily bests the LG Stylo 2 V and the Motorola Nexus 6.

Compared to Google’s Pixel XL, the V20’s camera runs neck and neck, in my opinion.

While the video stabilization isn’t as freakishly good as that which is found on the Pixel XL, it’s still really, really good. Here’s a 4K video I took of a tractor for an auction. Make sure to bump the quality to 4K to see the high quality of the video camera on the V20.

Summary

The LG V20 ticks all the boxes. It’s like a Swiss Army knife – they threw in nearly every feature that I want in a phone.

  • Large 5.7″ IPS screen
  • Removable battery
  • Excellent primary camera
  • Additional wide-angle camera on back
  • Wide-angle front-facing camera
  • Large 64 GB built-in storage
  • SD card for external storage
  • Quick Charge 3.0
  • Power button on the back
  • Headphone jack on the bottom

The even threw in a couple of features I didn’t know that I wanted in a phone, but now that I’ve seen them, I love them.

  • Second screen
  • Hi-Fi Quad DAC audio system

There are a few features missing, though.

  • Wireless charging not supported
  • Volume buttons are on the left side
  • Google Assistant not yet available on phones other than Pixel

I’m really going to miss this phone when I mail it back to Verizon. It’s the best all-around phone I’ve ever used. If you’re a fan of large phones and want the best specs and most features anyone has ever crammed into a smart phone, the LG V20 is the perfect device.

The LG V20 is currently available for $672 from Verizon.

LG V20 picture gallery

As always, here is a selection of example pictures I took over the last couple of weeks while carrying the V20 as my primary phone.

Posted in Android, hardware, reviews | Tagged , , , , |