High Tech House Calls Summer eNewsletter by Carl Thorne on Scribd
Sunday, July 15, 2018
Sunday, July 8, 2018
Which Smart Lock Should You Buy? by Craig Lloyd
There are a handful of smart locks to choose from, but not all are
created equal. Here’s what you should know about the different kinds of
smart locks and which ones you should consider buying.Full Replacements vs. Conversion Kits
The main thing you’ll need to decide when buying a smart lock is whether you want a full replacement smart lock or just a conversion kit. The former replaces your entire deadbolt, while the latter just replaces the interior thumb turn portion, leaving your existing deadbolt mechanism and exterior portion alone.
This is really just a matter of preference, but you do get different features with one or the other. For example, most full replacements give you a nice keypad or some unique way to unlock your door from the outside (like touching the lock to unlock your door with the Kwikset Kevo), but conversion kits leave the exterior portion of your deadbolt the same. So from the outside, you still have your existing deadbolt, but you have the added benefit of being able to unlock it with your phone and such.
RELATED: Are Smart Locks Secure?
Conversion kits are usually cheaper as well, since all they include is a thumb turn mechanism with the circuitry needed to provide the smart features and the mechanics to operate the lock. Whereas, full replacements include a completely new deadbolt mechanism, which raises the cost.
You’ll have fewer choices when it come to conversion kits, though, as most smart locks on the market are full replacements, but the few options you do have are decent—the August Smart Lock is a popular option, as is the Kevo Convert from Kwikset.
Wireless Connection Type
Most smart locks either connect to your network using Z-Wave or ZigBee via a smarthome hub, or using Wi-Fi via the smart lock’s companion hub that you can buy separately.
Again, there are pros and cons to each option here. The two conversion smart locks discussed above connect directly to your phone via Bluetooth out of the box, which means your phone has to be nearby in order to control the lock “remotely”—you’ll need to get the respective hubs (August and Kwikset each offer their own) in order to add in remote control over the internet. The same goes for locks like the flagship Kevo and the Schlage Sense. Otherwise, you can only control and manage the lock when your phone is within Bluetooth range.
A large portion of smart locks use Z-Wave, though. It’s a reliable standard that has good range and draws very little power, making it great for applications like this. The only downside is that you need some kind of smarthome hub, like SmartThings or Wink, in order to control and manage the lock from your phone at all. Otherwise, it acts just like a regular lock.
RELATED: What Are “ZigBee” and “Z-Wave” Smarthome Products?
The good news is that you have a lot of options to choose from if you decide to go with Z-Wave. Schlage makes the Connect model in several forms, as does Kwikset with their SmartCode lineup. Yale also has the Assure smart lock, which also comes in a ZigBee flavor.
Keypad or No Keypad?
Smart locks (or any lock, for that matter) fall under two categories: those that have a keypad, and those that do not.
If you plan on using a smart lock to its fullest potential, you technically don’t need a keypad, as you’ll use your phone’s proximity instead to determine when your door should lock and unlock. Thus, you’ll never even have to touch your smart lock in the first place.
RELATED: Six Things to Consider Before Installing a Smart Lock
However, if you still want to stick with manual unlocking from time to time, or maybe you just want to quickly create and share a key code with a friend without having them download the proper app first, a keypad can be a great supplement to a smart lock. And luckily, you don’t really have to pay extra for that kind of feature.
The previously-mentioned Schlage Connect is a good Z-Wave smart lock that comes with a nice keypad. Kwikset’s SmartCode line all come with keypads of varying designs. The August Smart Lock—while just a conversion kit—can also be used with a keypad that’s sold separately as an accessory of sorts, and if you’re a Nest user, they have their own smart lock made by Yale that has a keypad and integrates nicely with all of your Nest products.
So Which Smart Lock Should You Buy?
There’s really no one single smart lock that stands above everything else, as it really comes down to what you want out of a smart lock. However, here are some recommendations based on certain common scenarios.- If you want a keypad: Schlage Connect or the Kwikset SmartCode 916, both require a smarthome hub for remote control.
- If you use Nest products: The Nest x Yale Lock is the one you want because it can work alongside the Nest Secure. However, it requires the Nest Connect or the Nest Secure alarm system.
- If you want automatic or easy unlocking: The August Smart Lock can automatically unlock your door when you’re in proximity. The Kwikset Kevo is also great, but you have to simply touch the lock to unlock it first.
- If you just want the cheapest smart lock: A conversion kit is your best bet. The August Smart Lock and the Kwikset Kevo Convert are both under $150.
Thursday, July 5, 2018
Look Out: Browser Crashing Tech Support Pop-ups Are Back by Justin Pot
Those pop-ups that slow down PCs and tell you to call “Microsoft” at a sketchy 1-800 number are back, thanks to an newly exploited browser bug.
Chrome and Firefox users are both reportedly vulnerable to the attack, which disguises itself as a legitimate error message. The bug exploited here was thought to be patched, but scammers seem to have found an new way to trigger the bug.
Dan Goodin, writing for Ars Technica, outlines how it works:
The scam technique, which came to light in February, works by abusing the programming interface known as the window.navigator.msSaveOrOpenBlob. By combining the API with other functions, the scammers force the browser to save a file to disk, over and over, at intervals so fast it’s impossible for normal users to see what’s happening. Within five to 10 seconds, the browser becomes completely unresponsive.
So your computer is completely crashed, and there’s a phone number on the screen that promises to fix it. If you’re the sort of person who reads articles like this you probably know not to call the number, but a decent percentage of people don’t.
Which is why you should tell your friends and family to never call tech support numbers that randomly pop up on your screen. You could even tell them to call you instead, if you’re feeling generous.
Google and Mozilla are both working on patches for this bug, after which the cat and mouse game will probably continue. Arm the people you know with knowledge.
Apple’s Safari has dropped the ball on security by Rob Pegoraro
News this week from Twitter (TWTR) about a helpful security option left out a five-word warning: “Safari users need not apply.”
That’s because—not for the first time—that Apple (AAPL) browser has yet to support a security advance. Even as Safari has excelled at protecting privacy on the web, it’s trailed competitors Google (GOOG, GOOGL), Microsoft (MSFT) and Mozilla in defending against other online menaces.
That’s left people with an uncomfortable choice: First-rate security or first-rate privacy in a browser, but not both.
On the one hand, Safari keeps advertisers from following you around but makes it harder to secure your accounts. Meanwhile, Google’s Chrome provides strongest the armor against online attackers but does too much to indulge the creepier instincts of online marketers. You shouldn’t be happy about that.
A key to account security
Apple’s security lag is most obvious in the feature Twitter added: universal two-factor authentication, in which you verify a login by plugging a cryptographically-signed USB key into your computer.
“U2F” protects against somebody stealing your password and neatly solves major problems with phone-based two-step verification, the most common sort.
Confirming a login with a one-time code sent via text message to your phone won’t work without a cellular signal, such as on most planes. It can also be defeated if an attackerconvinces a customer-service rep at your wireless carrier to transfer your number to another device.
Having a smartphone app like Google’s Authenticator calculate confirmation codes eliminates the cellular-connectivity and account-takeover risks. But reconfiguring this app every time you switch devices is—as Google security product manager Stephan Somogyi told me last July—“a complete, total and unmitigated pain.”
Chrome has supported U2F since 2014. This spring, Microsoft and Mozilla said they would support a successor standard, WebAuthn, in their Edge and Firefox browsers. In May Firefox did just that—although Google accounts still rely on the older U2F standard that won’t work in Firefox until you enable a hidden option.
Apple, however, has remained opaque on this point. It does have employees participating in the WebAuthn development process, but the possible-features list of Safari’s WebKit open-source foundation only shows this option as “Under Consideration.” Apple pointed to those two details but did not clarify its intentions. Not for the first time, its instinctive secrecy does it no favors.
The history here suggests no rush to adopt WebAuthn. Joseph Lorenzo Hall, chief technologist with the Center for Democracy & Technology, observed in email that “Apple is frequently late to do standards”—though he expects the company to welcome this one eventually.
Enlightening users about encryption
Safari has also trailed its competitors in web encryption, which stops your internet provider and any third parties online from recording passwords you type or tracking your browsing history beyond the domain names of sites you visit.
For instance, Chrome began warning of unencrypted fields for passwords and credit-card numbers at the start of 2017. Apple didn’t add its own alert for such sensitive data input—a “Not Secure” label in prominent red type—until the end of March.
And while Chrome already adds an “i” logo icon to the address of unencrypted sites, which when clicked warns that they’re not secure, Safari offers no such heads-up that a site won’t stop third-party eavesdropping. July’s update to Chrome should make this advisory more obvious with a “Not secure” label atop every unencrypted page.
These warnings matter because most people don’t recognize traditional browser hints about site security. Last March, the Pew Research Center released a survey finding thatonly a third of Americans knew that an “https” prefix in a site address meant it used encryption.
A similar pattern prevailed after security researchers confirmed that a widely used encryption algorithm called SHA-1 could be readily defeated. Chrome was the first major browser to label pages using SHA-1 encryption “not secure,” starting in 2015; by early 2016, it began blocking those pages.
Firefox followed suit in February of 2017, Edge in May—but Apple did not take the same step until October of that year. Fortunately, most SHA-1 holdouts had upgraded their encryption by then, in part because of Google’s public shaming.
Amazon Prime Day 2018: Everything you need to know about Amazon's shopping extra By Ian Paul and Alaina Yeevaganza
Prime Day, Amazon’s summer shopping event, is back for its fourth appearance. On Monday, July 16, Amazon will offer deals for thirty-six hours on over a million products on its sites around the world. Bargain hunters can track all the action starting at noon Pacific time via the company’s Prime Day landing page.
If you still haven't checked out Prime Day, it may sound like an overhyped "Black Friday in July" sale. But while the company did fall flat in its first year with a crop of lackluster deals, the last two years featured a selection of genuinely good tech bargains.
For 2018, Amazon appears to be kicking up its efforts even further and tempting shoppers with more deals, better deals, and greater supplies of the best deals—new for this year are deals at Whole Foods and a new initiative called "Prime Day Launches." Here’s what you need to know about Prime Day and how to prepare.
Note: To take advantage of Prime Day sales, you must be a member of Amazon Prime. This service is Amazon’s $120-a-year club that offers free two-day shipping on orders, as well as a litany of frills like free premium video and music streaming, free online photo storage, a Kindle lending library, and various promotional offers. New Prime members get a free 30-day trial, which means you can sign up, get the Prime deals, and then dump the membership before the $120 fee kicks in.
Prime Day: A brief history
The first Prime Day wasn’t that great. Amazon introduced it in 2015 to celebrate the company’s 20th anniversary—and of course increase the number of Prime members. As for the sales, there were a few decent deals, but critics and shoppers largely agreed the day was a bust compared to the holidays.
Amazon
In 2016, the deals got better, but smart shoppers still had to do some legwork to separate the good buys from the bad. Prime Day 2016 was also hit with technical issues surrounding Amazon’s checkout system. There was also some stiff competition for Lightning Deals, with many of them selling out crazy fast.
(For the uninitiated, Lightning Deals generally offer some of the best sale prices on Amazon. They feature limited stock available at a low price for a short time, which makes the demand for them that much higher.)
For its third outing in 2017, Amazon promised Prime Day would offer better deals and higher inventories yet again, plus a focus on new items—the two previous Prime Days were heavy on open-box items. But for the tech-obsessed, the deals on devices, components, and gadgets weren't as expansive as we'd hoped.
What to expect from Prime Day 2018
Similar to 2017, we expect Amazon to launch a series of sales leading up to Prime Day as an appetizer for the main deals smorgasbord. If the inaugural deals announced are any indication, these early bargains may span a much wider variety of categories and products than last year's daily themes (e.g., Amazon Music, Everyday Essentials, Amazon Reading). Sneak peeks of select products that will receive Prime Day discounts will be available from July 9 through July 15 in the Amazon app.
The initial batch of deals starting on July 3rd are:
- One free PC game per day through Twitch Prime (games announced between July 2 and July 18; claim period for each varies).
- $10 credit toward eBooks, print books, and Audible for members who buy their first Kindle book
- $0.99 for a four-month trial of Amazon Music (new subscribers only)
- $0.99 for a three-month trial of Kindle Unlimited (new subscribers)
- $2.99 for three months of Amazon FreeTime (new subscribers only)
- $4.95 per month Audible subscription for the first three months for eligible Prime members
- $30 off your first AmazonFresh order (minimum $100 order) when using code 30FRESH at checkout
- $100 off the Echo Show
- Up to 25% off furniture and décor from Rivet and Stone & Beam
- Up to 20% off AmazonBasics items
- 30% off "everyday essentials" from Presto!, Mama Bear, Solimo, and more
- Up to 50 percent off popular movies and TV shows on digital, DVD, and Blu-Ray
The official start time is 12 noon p.m. Pacific / 9:00 p.m. Eastern on Monday, July 16. Unlike 2017, owners of Alexa-enabled device won't get early access to deals, but they will be able to still Alexa for information on "the best Prime Day deals" and the status of Prime Day orders.
After the 12 p.m. Pacific start time, Prime Day continues for another thirty-six hours until closing time at 11:59 p.m. Pacific on Tuesday, July 17. (Last year, the event lasted for 30 hours.) For the east coast that means the deals stop at 2:59 a.m. on Wednesday, July 18.
New for this year
Fresh initiatives for this year include Smile boxes, which are available in select cities (New York City, Los Angeles, London, Tokyo and Milan). Amazon describes these as "unforgettable event[s]" that are a nod to "the unparalleled benefits that come with a Prime membership including music, video, gaming and more."
Amazon is also premiering Prime Day Launches, which the company describes as "exclusive new items, content and special-edition products available just for Prime members for a limited time." Teased items include the Delta Trinsic Touch2O, the first Alexa-enabled kitchen faucet; and the Moto G6 64GB, an exclusive version of the phone with 4GB RAM and 64GB storage.
Finally, shoppers at Whole Foods Market stores can enjoy an additional 10% off hundreds of sale items; "deep discounts on select popular products"; and a hefty 10% back for Amazon Prime Rewards Visa card members between July 14 through 17, on up to a total of $400 in purchases. For their part, Amazon Prime Credit Card and Amazon Prime Store Card members get 5% back on all Prime Day purchases placed on either card.
Prime Day Tips
Let us guide you to the best deals
If you want to avoid doing any legwork, we’ll be posting our own curated lists of the best deals on electronics and tech. Just check back here or the PCWorld homepage for the links on July 16. Easy-peasy.
Do your research
If you plan to strike it out on your own, it pays to do your research. Like any retailer, Amazon mixes true deals with “sales” that are really just regular prices (or close to it) with a deal tag. To avoid that pitfall, look up historical prices before buying.
The number one site you need to bookmark (besides Amazon) is CamelCamelCamel.com. This is an Amazon price-tracking site with historical charts and a brief summary of recent price changes.
Let’s say you saw a deal on a G.Skill Ripjaws KM780 mechanical keyboardwith Cherry MX Brown switches. You’d type KM780 into CamelCamelCamel and find the historic pricing of that product (pictured above).
CamelCamelCamel says the best pricing on this keyboard was $90 last November, and that the highest was $170 in late 2015. With that information and the larger pricing chart, you have the tools to decide whether or not that keyboard is worth the current sale price.
If the sale price were $85, for example, that would be a good deal—you'd be getting the lowest price ever. A $90 price tag would also still be a pretty good deal, since it'd still hit the current lowest-ever mark. However, the graph also shows that for most of June, the price hovered at $97, which means neither discount would be cause for extreme urgency in purchasing.
However, if the sale price were $60, we would advise snapping up that keyboard as soon as you could.
Plan ahead for Lightning Deals
Historical price tracking is great, but what about those all important Lightning Deals? That’s where you’ll find most of the very best Prime Day prices, and the more popular ones sell out fast—like hot-concert-tickets fast.
With little time to buy, forget about historical price-checking in the moment. One thing you can do is look ahead, as Amazon often teases its lightning deals in advance. If you visit the Prime Day webpage, for example, you may see a carousel of Lightning Deals. Keep scrolling through those deals, and you’ll soon hit products that are on deck but haven’t yet started as deals.
If you find something in those upcoming Lightning Deals you’d like to buy, that’s the time to do historical price-checking. Then when the product goes on sale, you’ll know right away if Amazon’s limited-time price is worth it.
Get alerts for specific Lightning Deals
Speaking of which, you don’t have to wait around or keep an eye on the clock to know when your deals are going live. The Amazon app for Android and iOS lets you build a deals watch list and then get notifications when your deals are active.
Once you’ve installed the Amazon app and signed in, go to Settings > Notifications > Your Watched & Waitlisted Deals. Activate the slider in that section. You can now add an upcoming item to your watch list—go to the deals page in the app, find the upcoming deals you’re interested in, and tap Watch this deal.
If it’s too good to be true, it might be a knockoff
Remember that it’s not only Amazon that offers sales on Amazon on Prime Day. Third-party Amazon marketplace sellers are also eligible to sell items at low prices. Many of these sellers are great, but sometimes there are less-than-honest brokers out there pushing fake or low-quality products, as The Guardian reported in April.
Before you buy—even with Lightning Deals—take a second to check that the seller and the product appear legitimate. We advise consumers to only buy products that come from, or are fulfilled by, Amazon. That won't protect you from counterfeits, but if anything goes wrong, you're 100-percent covered by Amazon’s excellent customer service. With independent third-party marketplace sellers, you have to deal with them directly and can appeal to Amazon only if that effort fails.
Look beyond Amazon
Check out the rest of the Internet on Prime Day. With Amazon building so much hype, other retailers offer their own sales to compete. It’s a long shot to find the exact same deals elsewhere, but it’s always worth checking online shops like Newegg, Staples, and Best Buy for a close match.
Amazon’s a great place to find deals, but not every deal is what it seems. With a little preparation and a good dose of research you can find the truly great deals on Prime Day.
