Review, Teardown: Xiaomi (Mi) NDY-02-AD Gold 10400mAh Power Bank

This post comes to you thanks to a generous reader from Germany (thanks Tobias!), who decided to contribute a power bank for testing. Unfortunately, the reader didn’t tell me what it was before it was dispatched, and it turns out to be another Xiaomi (Mi) 10400mAh.

In my last review of the Xiaomi, I reviewed the silver coloured edition which is the most popular one. However, the Xiaomi also comes in a range of other colours at a slightly higher cost – this one is a golden one.

While the colour of a product shouldn’t affect its performance, I decided it was worthwhile testing this unit for several reasons. There can be subtle build differences and revisions in products which can affect performance, and there might be quality control issues worth highlighting that only manifest themselves after analyzing several units. Statistically, having just one sample isn’t particularly significant – so lets see if Xiaomi can repeat their stellar performance again.


DSC_8199 DSC_8201

This power bank arrived in a matte cardboard box, identical to that of the silver one. A notable difference with the silver one is the use of the URL, which indicates this is probably an older unit. Newer units are marked with instead. This one also had a stock tracking barcode label which appears to be for the distributor/reseller’s use.


The side of the box has a serial number (top) and UPC barcode (bottom) along with the model number.


The other side is adorned with specifications, and the official verification seal. I did scratch off the silver coat and verify the numbers underneath at, where it correctly verified as genuine, as the first time the code had been entered.


Included is the power bank, a Chinese manual and a USB micro B cable. The micro B cable had no Xiaomi logo, and had all wires connected for both data transfer and charging, which is another indicator of genuine status. The finish of the golden power bank is to a high standard, identical to that of the silver one. The front is adorned with the Mi logo, the rear features the URL.

DSC_8202 DSC_8203

The ports are buff coloured, and a Mi logo is seen inside the USB-A connector indicating, again, its genuine status. The specifications are printed in light grey on the other side of the power bank, and the indicator LEDs are small. All good signs!


According to my not-so-trusty scales, this unit weighs 260gm, which is a little more than the 252gm of my silver unit, but might come down to slight changes internally and some added weight because of the finish.


Breaking apart the power bank, an identical form of construction is seen.


Internally, the circuitry is laid out identically to that of the previous power bank. Some slight exceptions are seen in the PCB silkscreening, which indicate this PCB was manufactured by a different company, to the same design specifications. From the date code, this PCB was made in Week 12, 2014 which is 6 weeks prior to the PCB in my silver power bank.


The same sort of LG cells are visible inside, but the printing on the cells are all “wavy”. I’m not sure why this is the case, but the cells themselves appear to be genuine.


The marking anomaly affects all the cells within this power bank.


On the other side of the PCB, we can see everything is identically populated to that of the silver unit, down to the same unpopulated capacitor spot. The Abov microcontroller is dated Week 9, 2014, which is 5 weeks earlier than the one used in the silver bank.


In terms of construction, some slight improvements can be made with the mylar insulation on the tabbing – there’s a slight gouge on the negative link, and the spot welding seems a little less consistent than in the other unit, but it’s still a good effort in general.

Performance Testing

The same methodology used in the previous review is carried forward, with the main interest in verifying the capacity of the power bank and calculating efficiency.

Load (mA) Run Capacity (mAh)
500 1 9747.957136
500 2 9761.970879
500 3 9764.186531
500 4 9762.0129
500 5 9742.946146
Mean 9755.814718
Range 21.24038552
StDev 9.666239966
Load (mA) Run Capacity (mAh)
1000 1 9276.94628
1000 2 9466.482107
1000 3 9469.5623
1000 4 9475.603401
1000 5 9471.726582
Mean 9432.064134
Range 198.6571208
StDev 86.77706413
Load (mA) Run Capacity (mAh)
2000 1 8761.804708
2000 2 8760.62915
2000 3 8768.616895
2000 4 8735.541467
2000 5 8693.808093
Mean 8744.080063
Range 74.80880164
StDev 30.78258426

At 500mA, the usable capacity is 9756mAh, at 1000mA, the usable capacity is 9432mAh and at 2000mA, the usable capacity is 8744mAh. The recorded value of usable capacity at 1000mA may be slightly reduced because of the first run showing a ~200mA disadvantage possibly due to inconsistent charging (early termination). However, again, a very consistent charge termination was achieved for all other runs except the first.

Calculated efficiency figures are 93.8%, 90.7% and 86.4% at 500mA, 1A and 2A respectively, using 3.7V as the basis. Using 3.6V, the efficiency improves to 96.4%, 93.2% and 86.4% respectively.

Compared to the silver power bank, the resulting capacity figures are all within 50mAh! Likewise, the efficiency figures are virtually identical and the minimum capacity and maximum efficiency claims are all met.


The voltage profiles are slightly different but exhibit the same level of stability over the long term and are all well within the USB voltage specification requirements.

xmgold-500ma-5ms xmgold-500ma-500us

The rather Xiaomi specific “two-step” ripple is also present. At 500mA, the values are 84.16mV peak-to-peak at 5mS/div, and 91.56mV peak-to-peak at 500uS/div which is a commendable result, below 150mV of wall chargers. This is slightly less than the silver unit, but within expected sample-to-sample variation.

xmgold-1a-5ms xmgold-1a-500us

At 1A load, the values are 87.5mV and 90.11mV respectively which is higher than the silver unit, but consistent with prior readings. It’s a good result, in fact, the silver bank’s result is a little suspiciously low.

xmgold-2a-5ms xmgold-2a-500us

Increasing the load to 2A pushes the values to 108mV and 95.15mV respectively, which is almost indistinguishable from the silver power bank, and an exceptionally good value seeing as the ripple output is almost independent of the output current.


In a result I didn’t quite expect, the Xiaomi Silver and this Xiaomi Gold perform almost indistinguishably on capacity (within 50mAh), and ripple performance. This is good news, as it indicates that the quality control is probably quite good, and quality LG cells are consistent for capacity. Each of them has their slight construction quirks, but nothing too major.

I’d have to say this is another good score for Xiaomi. I am very happy with its performance.

Posted in Electronics, Power Bank | Tagged , , , , , , , | Leave a comment

Visited: Floriade 2014

This week, I had the opportunity to go on a short day road-trip to Canberra, and on the way, we stopped off at the Big Merino. After that, I spent some time admiring the month-long Floriade display, in its final week. It’s normally best to visit Floriade in the earlier weeks, as the freshly produced floral displays tend to be better presented. Visiting later risks seeing the flowers at the end of their run, although crowds seem to be drastically reduced.

This post is mainly going to be a photo-gallery style posting, as there’s really not much commentary to go with it. I did spend quite a lot of time trying to chase some bees and insects, but being late in the day made it rather challenging. I know my photographic composition is probably, a one-out-of-ten at best with boring framing, but I do love the colours and textures of the flowers. Enjoy.

Posted in Photography | Tagged , , | 1 Comment

Random: Site Stuff, LG D686 Fail, Shellshock, Transport Stuff, etc.

It’s been a few weeks since my last random post, and many things have happened in the tech world. Unfortunately, because of the amount of work that I’ve had to do, I haven’t been able to take a break to get these thoughts off my mind – but that wasn’t the only hindrance this time around.

Website Performance Enhancement

In the past few site updates, I was on a quest to improve the website performance for visitors. In order to do that, I have leveraged CloudFlare, despite my initial insistence to avoid it. Furthermore, I decided to go with some caching in the form of WP Super Cache, improving the performance of the site by reducing the need to dynamically generate pages on each user visit.

Initially, a few interesting issues were discovered – Rocket Loader and Jetpack Comments don’t play well causing a duplicate post warning because of the timing of the posting and reloading the page, so I had to disable Rocket Loader. Change of the Permalink structure somehow resulted in pingbacks working again, which was rather nice.

Then, I discovered that the preload feature in Super Cache doesn’t work quite as expected, and old super-cache files weren’t being properly purged, resulting in stale sidebars. I noticed this early on, and have since forced the purge of the files on every new post which seems to make it achieve what I want it to.


From looking at the Pingdom Tools website response time checker, it seems that it worked quite well. The super cache has a big effect on the response time of the server, as using rewrite rules avoids needing to invoke PHP, and does allow for the site to continue despite a temporary loss of database access. That’s a great thing.

cloudflare-requestsThe impact of CloudFlare is a little harder to quantify – from my point of view, it definitely helps in terms of serving static assets. From their analytics data, they’re handling about 30-40% of the requests and saving me about 10-20% bandwidth – it might not seem much but it’s still something considering it’s free.

But one thing is that CloudFlare seems to have done wonders to the problem of comment spam. Even with the security settings set to ‘essentially off’, the level of comment spam dropped from manageable to virtually non-existent.

But even then, it could still be better. In what would be considered a basic move by some professionals, I’ve decided to share the loading of static assets from two alias subdomains ( and This improves load performance by overcoming browser-based limitations in the number of ports opened simultaneously to a given server.


Again, quantifying the performance improvement is a little hard, but according to my checks with Pingdom Tools and seem to show much improved load times, when CloudFlare doesn’t have a stall. In some cases, we’re down to 7 seconds for a whole load, whereas getting sub 20-seconds used to be a trouble.

Unfortunately, when it comes to real user analytics like the one above, there are still long load times experienced by some probably due to their slow connections. That’s not an indication of something wrong with my site, per-se, but I do realize that it is very dial-up unfriendly.

And then … I’m Under Attack

I noticed, despite all this optimization work, it seems the site was still performing slow for un-cached users – i.e. recent commenters, and myself. Eventually, it was slow enough to the point where I’m having difficulty even writing posts. I wondered what was happening, but I was completely in the dark until Thursday 9th October as statistics are only generated every 24 hours at my web host and at CloudFlare for free users.


Looking at the statistics from CloudFlare shows that I was under attack, to the tune of 40,000 hits in under 12 hours from malicious sources. From cross-checking with my AWstats package at the web host shows that almost certainly, they were all targeted at wp-login.php. Someone wants in – this is a brute force attack. Yikes.

I find it unlikely that my password would be guessed, but I have tried to improve my security. I tried implementing some .htaccess/.htpasswd protections, but for some reason, it didn’t work. I’ve got an anti-brute-force protection plug-in at the moment, but it’s not the best protection.

As a result, I’ve had to increase my CloudFlare security level up to Medium. Initially, I had it at essentially off, because I’ve experienced the CloudFlare CAPTCHA system myself and know of the frustration it poses to end users. I wanted to be kind to visitors, on the expectation that visitors would be “good actors”, but that assumption obviously doesn’t hold true. Unfortunately, this may very occasionally inconvenience some legitimate visitors behind proxies, but it’s a necessary measure to protect the integrity of my website.

Ziphosting MySQL Server Collapsing

Coincidentally, it seems, Ziphosting’s MySQL server is having trouble. Queries are running excruciatingly slow to the point where using the WordPress Export tool to backup fails with a timeout, as does trying to export the database using PHPmyadmin. This only exacerbates the problem, because attempted logins consume database query resources, as does certain types of visitors. In essence, a rapid brute-force attack can serve as a damaging denial-of-service attack.

I did contact Ziphosting, who have acknowledged issues with their MySQL server and are fixing it – at the moment it seems to have stabilized somewhat.

Why would they bother?

Unfortunately, I don’t have the resources or time to try and follow up why this is all happening, but one can only assume one of several possibilities:

  • Someone’s not happy about what I’ve said about their products, and they want to take me out so that others can’t benefit from my opinions.
  • Maybe they would feel good about themselves in hacking and defacing my own private website just for kicks.
  • Someone might have found a brute force tool and saw me as an easy target.
  • Maybe they’re looking out for some computing resources to exploit for their own needs.
  • Maybe they want to get into the data I have and steal it outright.

Whatever it is, it’s a bit of a nuisance. Thank god that I’ve employed CloudFlare to front my site because I’m pretty sure that my main hosting provider isn’t going to survive even more bashing if CloudFlare didn’t shield me from the even more malicious actors.

But there’s another possibility that scares me even more – there’s probably someone out there stealing my content, refactoring it, reposting it on their own sites and trying to take me out so that they can boost their own search engine rankings above mine in order to collect the revenue from the hard work that I have done. It seems to be a very possible scenario, based on an analysis of the referrers that have hit my webpage over the past week. I won’t elaborate any further on this, but I suppose I have succeeded in my mission to disseminate information.

Where to from here?

I’ve tried my best to look out for the health of the website by keeping an eye on everything I can, given the amount of time I have. So far, there seems there’s no evidence of intrusion which is good. However, I have been seriously contemplating the change of hosting providers, but I’ve done some reading up on the more popular low-cost options and virtually every single one of them has numerous disaster stories on record. Given the work required, and the risk, I think it might be best to stay with Ziphosting for another year – there isn’t much to be gained from what I can see.

Site Updates

Since the last update, I’ve managed to update the Socket 370 listing in the CPU Corner with a pair more CPUs. In fact, I’ve just received a few more specimens, so I’ll have to get around to putting those up too. I’ve also refreshed my “the SIMMS” post with a pair more 30-pin SIMMs.

One of the most major updates relates to the fact that I’ve been contacted by numerous companies at numerous stages to review their products. It’s something I love to do, but it’s something that I do out of my own passion and is a work that I am proud of. As a result, in order to protect myself and the readers, there is now a publicly visible set of rules, and an open invitation for companies, groups and individuals to contact me with any review opportunities provided they accept all the conditions posed.

LG D686 G Pro Lite Dual Annoyances

I’ve been the owner of an LG D686 for a while now, and it’s never really impressed me enough to deserve its own review. It was stranded with Android 4.1.2 for a very long time, but lately, an update to 4.4.2 was made available over-the-air and I decided to jump for it.

I did the over the air update with no issues, although when I first did it, it unrooted the phone as expected, but then there wasn’t a working method to root the phone. This is probably also due to the locked LG Bootloader which hasn’t been defeated yet.

Soon, I discovered something really broken about the 4.4.2 build - my tethering stopped working altogether. With working mobile data on the phone, and the Portable Hotspot feature configured in any encryption/SSID/channel setting, it was possible to join Wi-Fi clients to the hotspot, and get a DHCP IP, and ping the gateway (i.e. the phone) but no traffic would be routed through the phone altogether. No DNS resolves would be made either, despite the mobile data working just fine on the phone – and changing the APN type from blank, to default, to default, suppl, mms, dun etc didn’t help either.

I decided it might have been an issue with the OTA, so I decided to try and do an update via the LG mobile software on the desktop. It reported that I had the most recent version of ROM and wouldn’t offer me any choice to upgrade. I decided to do a factory reset on the phone itself, and spent an hour or so restoring all of my original applications from the Play store.

Unfortunately, after the re-install, the system behaved exactly as it did before. Tethering seemed terminally broken. I couldn’t find anything online about this, so maybe this is related to Lycamobile data which requires roaming to be active. Prior to the update, the phone tethered just fine, but there is no way to revert the version of the OS. Unfortunately, that limits the usability of the phone for me, but there’s nothing much I can do as a user.

I even decided to buy paid tethering apps to see whether their various configuration tweaks and different tethering methods could bring me joy. After about 30 minutes of tinkering, I still couldn’t get any further.

At least, I did find a workable method to root the 4.4.2 version ROM, but that didn’t aid in my quest for working tethering either.


A big news was the public disclosure of a vulnerability in the way the bash shell handles environmental variables, dubbed by the media as Shellshock. It’s a pet hate of mine – the mainstream media likes to make puns, but which leave users none the wiser as to what it means. The other thing is that media likes to hype up things – and being a vulnerability that affects bash which mostly is used in Linux distributions, commonly considered to be “secure” only entices the media to make it out to be a bigger deal than Heartbleed.

The vulnerability itself seems to stem from how bash handles environmental variables passed to it at invocation. Certain formatted environmental variables will be evaluated in such a way that it is, in essence, executed. This, in itself, is the vulnerability which isn’t a big deal until it’s combined with server software which plugs in with bash.

In web servers with cgi configured with bash as an interpreter, by crafting a specific request with such a string in the HTTP request, commands can be executed on the server as the web-server user. This is possible because the request parameters are passed to bash as environmental variables. It is also said that certain DNS/DHCP servers may be vulnerable to specifically crafted requests for similar reasons.

This means that:

  • Not all Linux users are affected – those that don’t have bash installed won’t be affected.
  • Windows and Mac OSX can be affected – if they have bash installed (e.g. Cygwin in Windows).
  • It probably doesn’t matter even if you do have bash installed if you don’t do any serving or have any avenues where environmental variables can be passed to bash from the side.
  • Even if you run bash, if you don’t have such servers, the only way to get in is to get on the shell itself. By the time you’ve gotten there, you’ve practically got direct control of the system anyway.

For these reasons, it’s really not as big of a deal as it first seems, but it’s still a good idea to patch the vulnerability anyway. There are actually several security bulletins which are related to shellshock, as some initial patches were incomplete in their implementations meaning that there are still exploitable holes (albeit, slightly more difficult). This means it would be wise to update any Raspberry Pis you have running as well.

Rebuilding my Chrubuntu

I’ve been running Chrubuntu on my Samsung ARM Chromebook for a while now, and I’ve generally been satisfied despite the quirks. Lately, because of the need to maintain currency, I decided to embark on a dist-upgrade, only to find that it didn’t work as expected and it never really booted again.

As a result, I had to restore Chrome OS to it with the imaging tool (which now, requires the installation of Google Chrome – how sneaky).

Afterwards, I was able to re-install different flavours of chrubuntu using instructions posted here. There are a few small errors in the instructions with step numbers, but you can probably work it out.

Unfortunately, having gone through it all, I found that Ubuntu 14.10 wouldn’t get to the desktop, and there were strange issues with the network manager under Kubuntu. I tried lubuntu, which did work, although not particularly well, so I settled for xubuntu. One major issue was the problem of setting screen brightness, of which this xdotool set of instructions proved handy. I couldn’t seem to get xbacklight working.

So after quite a lot of back and forth, I’ve managed to get everything set up the way I like it again – and I actually don’t mind Xfce at all – it’s quite a nice desktop environment.

Apple News

News of the iPhone #bendgate/#bendghazi continued to roll around causing embarrassment for Apple, with some devious kids visiting stores and bending display models and “informal” tests showing that the phone was on the weaker end of the spectrum. Other people remain steadfastly adamant that the phone is not bendable and tried to prove it with their own video. It seems like every new release continues to inflame the discussion with fanboys taking “immovable” positions.

iOS 8.0.2 update was released, which is probably an improved patch over the 8.0.1 release which caused people to have their cellular and Wi-Fi connectivity disabled for reasons unknown. I managed to apply this update without any significant issue, but it seems like another update is on the way (8.1) soon that closes a loophole that some have been using to load emulators.

It seems new iPads are on the way, but delayed. I’m not sure where the whole idea that 12″ tablets are a good idea, but I suppose it would better approximate the size of an A4 sheet of paper. But it would not be as portable. I wonder how well this would sell.

It has come to light that Mac OSX is affected by the shellshock vulnerability – users should take the time to patch their system if they use bash. The update can be downloaded from Apple directly.

Internet Surveillance in Australia

It seems possible that an internet surveillance bill is to be passed in Australia, despite some protest, potentially marking a significant time in the history of the internet when we went against the grain.

Again, it seems that the majority of the Australian ISPs have stood idly by, as well as most people, expecting the data retention bill to make it into law unopposed. As with some prior internet-related precedents, iiNet seem to have taken it upon themselves to call this scheme out for what it is – an impractical mass-surveillance system that will cost everyone.

I have to give iiNet a round of applause, for taking its job as an ISP for the people/customers seriously. It staggers me that if the government decides to do something, that they can just make anything turn into law and then see all the companies go into blind compliance mode “because they told us so.”

Once such equipment is in place, it would make surveillance trivial, and it can easily be imagined how such systems can be misused. Especially in the post-Snowden era, it’s clear that governments place citizens under the illusion of knowledge by presenting a sanitized, redacted and twisted reality while actually doing something else.

More importantly is to question how effective such a scheme could be. Any cybercriminal worth their weight already understands the basics of using encryption and hidden networks/proxies to do their communication with. These systems are difficult to break, and it’s not inconceivable that the governments do not possess enough equipment to break them. For the real hardened criminals, such retention efforts would prove meaningless. Instead, it is more likely to catch the plain text communication by innocents and probably the casual explorer.

I remain unconvinced that it’s what we need, and I think such measures will spoil the internet. Overseas in the USA, where net neutrality and the definition of broadband is currently being debated, the future of the internet (in terms of its freedoms) is really at risk. Even our civil rights seem to be under threat, with secret searches by the AFP to be allowed.

Windows 10 Technical Preview

Microsoft announced the release of Windows 10 in the near future. While everyone had expected it to be called Windows 9, the jump to 10 has led many to speculate on the reason for it. Some believe it is related to faulty version checking code in software that checks for a begins.with(Windows 9) with some level of evidence (although weak) to back this up. Instead, they should have been checking for the version number (i.e. 4.00 for 95, 4.10 for 98).

That aside, the new OS is said to blend elements of Windows 7 and Windows 8 together, with the upgrade being freely delivered to Windows 8 owners, with Windows 7 owners getting a significant discount.

For intrepid users, there is already a technical preview available, both as a bootstrap install over an existing Windows installation, and as a standalone ISO as well. Access is easily granted based upon a name/e-mail sign up.

But be warned. They promised to make it better than previous releases by monitoring what you do with the technical preview much more closely. This includes everything from the files on your drive, to the keystrokes you enter. This has led to many people, myself included, to be wary of the whole thing. How can you fully evaluate an OS if you’re afraid of entering your passwords in the case they might be captured? Try it at your own risk!

Transport Stuff

I haven’t really been going out much of late, so there isn’t as much transport stuff to report as before.

At the toilets at Central station, I’ve noted that the initial generation Dyson Airblade hand driers with the yellow inserts are being replaced with newer Dyson Airblade dB models with blue inserts. These ones are supposed to be quieter … here’s a picture of a white one taken at a shopping centre:


Another thing I noticed while wandering around at Central, is the information board on the escalators from the country concourse to the suburban concourse. This used to be a large board filled with colourful platform numbers and lines. Instead, it seems to have been replastered as a plain but clear sign.


I also managed to get to Redfern where I saw their new LED lights up close. It looks to be a Canadian made luminaire, with a very interesting design. The black cable carries the power (current limited) and the whole set of LEDs appear to be series wired on a metal core circuit board. A quick-release latch secures this LED board to the luminaire, allowing for heat sinking and quick changes of the LED modules. How innovative!


I did talk about tactile tile replacements – unfortunately, in some places, such tiles can’t be installed … so they paint it. It doesn’t fool me!


I also spent a day riding around the rail network, playing with capturing magnetic induction loop audio announcements when I passed Glenfield and saw, with my own eyes, the progress being made on the South-West Rail Link.


I can see that the necessary overpasses, and track has already been laid mostly, with the overhead wires still being sorted. It’s quite impressive. Having witnessed how long it typically takes a rail project to actually happen, I didn’t believe it when the maps said “under construction”. Apparently this one isn’t a lie – and I hope to have a chance to ride on it as soon as it opens. I wonder whether it will see the patronage required to see it stay alive, or whether it will see the same fate as some previous branch lines (e.g. Royal National Park) and eventually get shuttered.

I managed to pass a few DTRS sites along the way, although shutter lag did stop me from taking a picture of many of them. In order, it’s Casula, Cabramatta and Farfield.

20141002_094442 20141002_104453 20141002_104905

I managed to pass a local bus shelter, which now proudly advertises that it is Opal ready:


I’ve noticed that bins at stations are being replaced. The old round metal bins are being taken out …


… and are being replaced with metal bins which are square, built around wheely bins.


While at Chester Hill station, I also noticed an interesting solution to their insulated fence panel being next to a painted metal pole – insulate that with perspex.


Such a system is needed for safety, especially in continuous metal fencing where there might be a potential for wires to fall onto the fence and make it live. The insulated panel is the only “safe” access panel to go through in that case.

While waiting for a train, I managed to get treated to a steel-hauling train on the SSFL track.

I was also at Lumeah station where I saw one of the passenger information displays have a loss of horizontal sync which seems rather strange. In the case of digital connections, it’s really not normal …


I was reading Wikipedia the other day, when I came across the fact that the V-set based DTRS test sets actually have a designation as a Y-set.

We Will Get 700Mhz 4G LTE

Great news came this week in the form that Telstra and Optus will be launching their own 700Mhz networks with the “digital dividend” spectrum. This will bring better indoor coverage to compatible handsets and help spread the bandwidth load across different bands to improve user experience. There was a lot of talk that 700Mhz might be given to public safety services for their networks, and that we would never get to use it, but it seems that is no longer the case.

I wonder whether this means older US 700Mhz band-only 4G devices, such as “the new iPad (3rd Gen)” would operate correctly on this new network, termed 4GX by Telstra, or whether there are some intricacies with the way the frequency allocations are made that will mean we need specific 700+1800Mhz band equipment for us.

Other Stuff

  • Belkin routers suffered outages when went dead for a while. I think this is a big silly problem which should have never existed and is part of the sillyness that device manufacturers think they’re smarter than you and try to “detect” whether you have a connection to the internet. Should they fail to provide the service, the routers do not fail gracefully, instead breaking DNS requests altogether. A router like this isn’t one which is designed properly – if the company goes down, if the path to the heartbeat server fails, if the company folds, then it’s going to break it. Worse still is whether this service also forms an unintended tracking service to work out whether the routers are up, what versions of firmware are being run etc.
  • I have noticed that in Chrome and Chrome Mobile, the address bar has been replaced by a search/address bar. On thinking about it the other day, it occurred to me that most users would be logged into Chrome, meaning that Google can tie the searches to the user profile. Worst of all, entering web addresses are likely to be submitted as a search to Google anyway, as part of the search suggestions feature, meaning Google actually has a way of determining what websites and links you visit even if you have ad-blockers and tracker-blockers, as it’s masquerading as the search functionality. Worse still, this may be another form of information leakage issue for certain types of privileged URLs. Unfortunately, if SSL is being used, there’s no easy way to tell what information is being transmitted, and if it is implemented properly, it should be impossible. Just as SSL can secure us against everyone else, it can secure the applications against their users!
  • Adobe Digital Editions reader seem to be violating their user’s trust by sending information back to Adobe about your reading habits, unencrypted. I think big data is misleading companies into a hole of collecting data just in case we can make use of it and because it lends them some sort of competitive advantage even over the weakest of correlations. Unfortunately, the reality is more likely that it’s wasteful and dangerous. Part of the reason it was discovered was that it transmitted it unencrypted. Imagine what might happen if everything was secured properly with SSL – application developers may be doing something very sinister without our permission or knowledge and we wouldn’t have a way to prove it.
  • In terms of misbehaving apps – it seems third party Snapchat apps may be responsible for “The Snappening”. It seems that in terms of malware, more and more malware masquerades as legitimate applications only to become malicious in the future after users have grown accustomed to it and feel that it is a “safe” application.
  • I’ve long lamented the issue of social networking becoming increasingly about advertising, tracking, and noise rather than real “social” interaction. It seems that Ello have picked up on this, and are running a minimalist ad-free social network. At the moment, it is beta and invite-only. Especially worrying is the knowledge that new teens seem to be getting tired of Facebook altogether.
  • Another thing I’ve been skeptical of is “low quality” mobile gaming based on freemium models. We’ve seen the slow decline of Zynga and King Digital, but to add to that is the studio famous for Angry Birds – that of Rovio. It seems this is the way of the viral marketing schemes – quick rise to fame, and quick decay.
  • Bad news for shops in the US with another big name retailer, K-Mart, joining the ranks of Target, PF Chang, Dairy Queen, Goodwill, UPS, Supervalu, Albertson’s, JP Morgan Chase, AT&T and Home Depot in being breached and having credit card data stolen. It seems rather crazy to think how specialized the breaches were, in attacking point-of-sales systems, but that they seem to be so widespread as of late. Maybe POS systems need to be better designed and hardened, rather than relying on security through obscurity.
  • Intel CPUs stuff up at math, this time, with the fsin instruction. But since fsin isn’t that often used, and it only occurs at certain large values, it may not really be that important in reality.
  • Yahoo Mail managed to get on my nerves this week by flashing me this notice – I’ve got a lot of tablets and computers!maillock
  • At one point, it even stuffed up and started spitting me out a HTTP 0.9 response header with SPDY mixed in with it?                                                                                         yahoo mail fail


Sorry for another longwinded random post, which mainly focused on the site itself, but I’m learning every day and I’m doing my best to stay afloat. I just hope that everything returns to normal soon enough and apologize in advance for any disruptions to service. It’s a strange world we live in – it seems cyber-security issues are becoming more and more of a problem, and balancing that with our expected rights and privacy seems to be a continuing issue. Until next time …

Posted in Computing, Opinion, Telecommunications, Travel, Uncategorized | Tagged , , , , , , | 2 Comments