• Aug 16, 2020

    Searching for a new car

    Several years ago I was in the market for a new car. I really wanted a PHEV (plugin hybrid electric vehicle) as most of my driving is around town, but I'd have the flexibility to go on longer trips. At the time there weren't many choices that interested me. I test drove an Audi A3 e-tron and while it was a nice little car, it didn't have CarPlay. After Apple introduced CarPlay, I knew that I had to have it on my next vehicle as I never wanted to update the maps in the navigation again and with annual iOS updates, I knew that I'd get tweaks to the system every year which I've come to expect.

    I continued my car search and was looking for either a compact SUV or a hatchback/wagon/5 door that had OK gas mileage, some technology and of course, CarPlay. My options were quite limited and I found the 2017 Subaru Impreza. At the time, Toyota wasn't onboard with CarPlay, so I'd have to leave Toyota. On paper, it had everything I wanted (except PHEV). The price was right and I purchased one right when a local dealer got it. While the car isn't a sports car, I enjoy using the paddle shifters sometimes and the car has performed OK. It was the first model year on a new platform and has had some problems (6 recalls at the last count). The car has enough room to go camping (I've downsized our camping equipment and am strategic about what we bring) and we've used it on a few road trips. I went from a Toyota Highlander to the Impreza, so I lost a bit of room.

    As I mentioned earlier, CarPlay was a requirement for me and I've written about it before. Unfortunately, the infotainment system in the car has been the biggest disappointment for me. Early on, CarPlay wouldn't always start and required me to figure out how to reboot the system which sometimes doesn't work. There have been a number of software updates each requiring me to take it to the dealer. It has gotten better, but there are still times when the system won't boot or I have to reset it. There has even been a class action lawsuit about the system. Some people on various forums ask if others bought the car just because of the infotainment system or they are overreacting; I actually did purchase the car because of the infotainment system and would have looked elsewhere.

    Other than the infotainment system, the car has functioned adequately; my new car excitement has worn off and it is just a car. I've had an issue with low speed shifting, but the dealer says that it isn't a problem. With only a few Subaru dealers in San Diego, taking it to another one for service isn't a feasible option to get a second opinion.

    The car still serves its purpose and has pretty low mileage on it, but right before the world got turned upside down this year, I saw that Toyota was coming out with a PHEV RAV4. After reading about it, I knew that this is the car I would have purchased if it had been out a few years earlier. The waiting game began once I had my heart set on replacing my car!

    As I've written about before, dealers are charging huge markups and supply is limited on the RAV4 Prime, so I wait. I'd really like to get this vehicle before the federal tax credit runs out because it will be a lot less attractive at $7,500 (+ local incentives) more.

  • Aug 1, 2020

    Supply and Demand or …

    For a number of reasons, I've decided to get a new car. I've settled on the Toyota RAV4 Prime as it is really the vehicle I wanted 5 years ago when I was searching for a car. The car is a plugin hybrid (PHEV) which means that most of my driving will be on electric (42 miles on electric). With my newly installed solar, I won't be paying extra for the electricity (I've already paid for it and factored in this car when sizing the system).

    The problem now is that the car is in such high demand and Toyota is going to make less than 5000 this model year. While the vehicles are starting to show up according to reports on forums, dealers in Southern California have decided that a $10,000 markup is the way to go. I've read that in other regions (Southern California including San Diego is considered the LA region) such as the northwest and east coast, people are getting the cars at MSRP which is reasonable.

    Every dealer I've communicated with in San Diego and LA is adding the markup no matter the trim. That number is ubiquitous across the board. On one forum that I posted this to, someone suggested that I look at an article on the FTC's website. The article says that while dealers can charge what they want for a vehicle, they basically have to come to their pricing on their own independently of other dealers. Given that they all (of the ones I've contacted) are charging the exact same amount over MSRP, did they come to this conclusion on their own or did they come to the pricing together as a region? One salesman speculates that it is regional. However, there are some people on RAV4 forums who are talking about different markups; I'm not sure of their regions.

    Is what the dealers doing legal? I have no idea. Is it right? In my opinion, no and it goes into the feeling that many people have that car dealers are not the most honest people. Going into a dealership makes me cringe and this just reinforces it.

    I guess I'll be waiting awhile for the vehicle I want; hopefully I can get it before the federal tax credit runs out.

  • Jun 26, 2020

    Scott's Cyber Safety Primer

    Lately the topic of cyber safety has come up a few times for me. I'm the point person for CyberChip for my son's Scout troop. I help the Scouts earn the award which is required for the Scout and Star ranks; I've overseen a few Scouts complete the requirements. In addition to this, I've seen how something innocuous that has been posted years ago can come back and be devastating. Lastly, have seen how someone could easily get scammed.

    While I don't claim to be an expert on cyber security, I did have lunch with Phil Zimmerman to discuss working on he Mac port of PGP and had Phil Karn as a mentor teaching me about Linux! I've been using the Internet for over a quarter of a century and have learned a few things about "being safe".

    Using two of the points of CyberChip Internet Safety Pledge as a starting point, I'm going to elaborate on what I think is important.

    I will think before I post.

    This is a pretty important point as everything on the Internet exists forever. If you do a search on my name, you'll find posts I made years ago. Luckily, most of it is innocent. Recently I learned of someone that was terminated from a position because of a post they made many years ago. Even if you post something that you think is private, send a picture to someone or send a text, there could be a data breach or the recipient could take the message and post it, blackmail you, or in other way cause you irreparable harm.

    While your messages to others could be encrypted (like using iMessage), the other end can easily take a screenshot of whatever you wrote and use it against you.

    Unless you want something to come back on you at some point in the future, don't post it or send it electronically.

    Also, remember that when you take photos, the location of the photo is stamped (in the metadata) on the photo. If you are on vacation or traveling and post pictures with the location data on the photo, people can know that you aren't home. If you are home, people can know where you live. While there are a number of ways to find out where people live, you don't want to make it easy on them. When sharing photos, remove the location data (in iOS when you share, there is an option to remove the data) and don't post photos when you are traveling; wait until you return home.

    I will protect myself online.

    This point requires a little more effort than "thinking before you post" and relates to password security, fake websites and scammers.

    Passwords

    The common thinking on passwords is to create complex passwords that you can remember such as substituting numbers for letters and symbols for other letters. This thinking is nearly impossible to combine with the thinking that you should create a separate password for every website. The only way to reconcile this is to use a password manager such as 1Password, LastPass, or Dashlane to name a few. Each site must have a separate password and each password must be complex. Of course, you have to remember your "master" password to get into the password manager.

    You cannot write down any of your passwords with the exception that some of the password managers setup a "recovery" sheet where you write down your master key and then the sheet should be placed in a safe or a safe deposit box. It is quite unlikely that someone will go through the trouble of getting your recovery sheet.

    Websites

    When I first registered a domain many years ago through Network Solutions, it wasn't easy to do. This became a slight hurdle in people setting up scammy websites. Since then, getting a domain name and setting up a website can be done in minutes. There are tons of sites that rely on typos to major websites to redirect users to their sites. Luckily many browsers pick up on this and make it easy to get to the right site. People are taught that seeing the lock icon in a browser means that a site is secure. While that is true, you have to look at what that means. Obtaining an SSL certificate up until recently took a little extra effort and wasn't particularly cheap. With the advent of Let's Encrypt, getting an SSL certificate is now free and easy to setup. I use Let's Encrypt and securing traffic from my browser to servers is great.

    Securing traffic is only part of a secure website. You have no idea what happens behind the scenes. Years ago I worked for a company that stored credit cards in clear text in an unencrypted database along with the CVV codes. In my tenure at the company I worked to bring it into compliance with PCI DSS, but credit card numbers were still accessible to employees and they still had roundabout access to CVV codes.

    So even if a site has a lock icon, it doesn't mean that it is safe to visit the website. Securing the traffic is very different from a site being safe to visit. Even the federal government has given given bad advice on this.

    One of the safest ways to visit a website is to use a trusted search engine such as Google or DuckDuckGo and click the links from there; most popular websites should be at the top of the search results. However, before clicking a link check that it is indeed the site you want to visit.

    Scammers

    The other day I got a phone call that purported to be from Apple security saying that my Apple ID had been compromised. The call came from a Michigan number and was a recording. I pressed one and was connected to an agent. I asked for his employee ID and he responded with FUC...

    Companies will not proactively call you about security issues. If you suspect there is an issue, hang up and call the company to verify the information. Also asking for an employee ID is a good way to weed out some scammers.

    Never give out information to anyone that calls you; always call the company back if you have questions. Also never give anyone access to your computer remotely.

    AppStores/Installing Software/Malware

    If possible, always install software from an AppStore. While this doesn't guarantee that you won't get malware, it does reduce the possibility. Verify that software comes from a known source if you can't install it from an App Store.

    If you see messages that your computer is running slow or "click here" to get support, you may have malware on your computer. If this happens, immediately turn off WiFi and either contact your most tech savvy friend or family member for advice or take the computer to BestBuy's GeekSquad to remove the malware.

    Credit Cards

    Whenever you pay for something online, always use a credit card. Never use a debit card. Credit cards have better consumer protections than debit cards. Never give a credit card number to anyone that calls you! If you make a purchase over the phone, verify that the phone number you are calling belongs to the proper company. Don't just call any random number you find doing a Google search.

    Conclusion

    • Anything you post on the Internet even in private could come back to haunt you.
    • Remove location data from photos before sharing.
    • Always use a different password for every website.
    • Use a password manager.
    • The lock icon on a website doesn't mean the site is safe.
    • If you have to call a company, verify the number that you are calling is actually for the right company and not just some random number you found.
    • Install software from an App Store or a known source.
    • Never give your credit card number to someone that calls you. Always call a company back.
    • Never use a debit card on the Internet; only use credit cards.
  • Jun 6, 2020

    Always learning

    Throughout my career I have always had to learn new technologies in order to survive and thrive. New technologies include programming languages, toolkits, and operating systems. While I learned many things in college, the one idea that has been most important to me is the ability to teach myself anything that I need to know.

    In a field like technology where it is always changing, what I knew 5 years ago may no longer be relevant today. Recently I was asked about certain types of app architectures, MVC, MVVM and VIPER. At the moment I was asked, I had only used MVC and really didn't know anything about the other 2 architectures. I'm sure this made me look like I wasn't well versed in something that certain individuals may consider basic. Seeing a gap in my knowledge, I looked up information on what I didn't know, consulted with a friend (and former colleague) and decided to teach myself MVVM. Within a day I had a basic understanding of MVVM and within 2 weeks, I had completely overhauled an application to use MVVM as that architecture was easy to understand and made a lot of sense moving forward.

    In a job interview I'm sure employers are looking for what people know today and not what they can learn. Unfortunately they are potentially missing out on good, smart people. Technology will change; if people can't learn they may not be able to produce apps in a few years. However, if you know COBOL and haven't learning anything knew if 30 years, you still might be able to get a job.

    While I'm definitely not at the forefront of using and knowing technologies like I mentioned above and new ways of writing apps such as SwiftUI, I have the skills to learn just about anything and quickly. Knowing technologies is great, but being able to quickly learn new ways of writing software is possibly more valuable to me.