Quick & Dirty TeamCity (from zero to CI in no time)

IMG_20150711_145030Attending CodeStock 2015, I attended the session “Quick & Dirty TeamCity (from zero to CI (continuous integration) in no time)”.  Below are my notes while in the session.

The session was presented by Joel Marshall @joelmdev.  Thanks for the excellent presentation Joel!

In short, this is using TeamCity (a product with a web front end that lets your developers deploy their apps and giving you the ability to control the building of their product, in addition to automatically running their unit tests and stopping the build (or the ability for another product to deploy) if any of the unit tests fail).  TeamCity can also monitor your source control provider to automatically detect new commits and build them.

IMG_20150711_153314

  • Why TeamCity?
    • Free version supports up to 20 build configurations.
  • Installed build agent and server.
  • Set port to 8080 on dev machine so it doesn’t interfere with local IIS.
  • Edit your firewall to make a rule to open port 8080 if you want others to connect (if you’re setting up on your dev box.  If you’re setting up on a real web server, you’ll be using port 80 and won’t need to open any ports).
  • He set it up to monitor a BitBucket Git repo.
  • He then set up a build configuration and had it retrieve and build source from his Git repo on BitBucket.
  • There are all sorts of things that can happen during build and  you can configure it to take different actions on the results of each build step.
  • Miraculously, Joel successfully configured everything and got it all working.  He said he was more surprised than we were that he got it all working during the live demo.

My Comments on TeamCity (unrelated to the session)

I’ve been using TeamCity for about three and a half years (as a user, not an administrator) with 2 different companies.  I highly recommend this, in addition to using OctoDeploy (also with both companies for the same time period… OctoDeploy can receive builds from TeamCity and deploy them to different environments).

Why TeamCity?

In a company environment with multiple developers, you really don’t want your developers just handing you compiled code, asking  you to deploy it.  You should be publishing compiled code created from source code you have and from YOU building it.

TeamCity builds a deployable product from source code it gets from your source control repository.  The builds are version tagged and connected to the version it came from in Source Control.

If there are any problems with the build or running of unit tests, it will log it and provide you and the developers information on the errors.

You can configure multiple builds for the same product.  For example, you can have one build configuration for a testing environment, another for a QA environment, and another for a production environment.  As you know, all environments usually connect to different databases and web service servers, etc…   TeamCity gives you tools to change the config files from the source to make it work properly with the environment it’s working with.  In Visual Studio, developers can create web.config transforms that provide dev, QA, test, & Prod version (or as many as you like) of their web.config files and TeamCity can automatically recognize them and use the appropriate ones.

Once the product is built successfully, you can use another product to deploy the built code to the proper servers.  OctoDeploy works great with TeamCity and can auto-detect builds from TeamCity and automatically deploy them, or hold them, waiting for permission to deploy to certain environments.

Every production shop should be using tools similar to these, if not these.  It saves so much time and effort and provides an audit trail of what was published and ability to easily roll back bad deployments.  It makes building and deploying a real “thing” as opposed to just some random developer making changes to a production server with no accountability.  As a developer, myself, I want this, so I can’t be blamed for taking down a production server.  I do NOT want access to the production servers.

In addition to all of the advantages above, if you have weird stuff you have to do with any particular build/deployment process, you can automate just about all of it.

My Love/Hate Relationship with Amazon.com and a serious flaw in their service

I love Amazon.com.  I love their selection.  I love their prices.  I love their return policies.  I love my Prime membership.  I love their delivery options and prices and speed.

But, Amazon.com has a nasty, horrible flaw.   And it’s horrible on multiple levels.  Let me explain the flaw and then how it’s exacerbated by them:

The Technical Flaw

For the past week or so, I’ve been having trouble logging into my Amazon.com account.   It started with an e-mail message I got that looks exactly like a phishing email message… you know the kind… That warns you that someone might have been messing with your account so they had to lock your account and that you need to click this link in the email to log in to “verify” you account?

Yeah, that’s what I got.  But all the links in the e-mail went to the actual Amazon.com site, which was unusual, because everything else about the e-mail threw up ALL the red flags of a phishing scam, so I simply ignored it.  But, no less than a day later, I started having trouble logging in.  I KNOW my login credentials I was using were correct because they’re stored in LastPass and LastPass is the one that enters them into the form.  Also, the Amazon app on my phone suddenly couldn’t log in either.

So, I went through the “I forgot my password” routine, had some e-mail sent to me with a link to change my password.  I changed it, but I STILL couldn’t log in.  I changed it again and I STILL couldn’t log in.  I changed it again and I STILL couldn’t log in.  I tried the latest, newest PW on my phone and I STILL couldn’t log in.  I tried it from Chrome, from FireFox, from the app on the phone, from Chrome Beta on the phone… all with the same failure.

I called tech support and after an hour and 14 minutes, talking to 2 agents, I was able to confirm (well, I was able to prove to them) that the problem was indeed on their end.

The problem is the CAPTCHA image they’re displaying in my browser for me to read and type in the letters is a DIFFERENT captcha than what their server thinks it sent me.  For example, if the image they send has the text VRB7TC in it, their server THINKS it sent me an image with KFB98RX in it, so when I type the right text, it still thinks it’s wrong.  But, somewhere between 2 to 7 tries, it eventually gets it right.  But if I log out and back in again, I go through the same nightmare.

How do I know it’s a CAPTCHA problem on their end?

Two reasons:

  1. While on tech support, the agent read to me the CAPTCHA text that their server said it sent me.  It was NOTHING like the captcha text on my screen.
  2. The agent finally admitted this is a problem they know about.

They actually willfully make this problem worse

  1. They wasted my time and they wasted two of their agents time by willfully lying to me, giving me the following lies:
    1. It’s my fault for logging in and out so often, causing my account to get locked out (BTW, it was never locked out)
    2. I need to upgrade my browser (I have the latest version of Chrome and FireFox on Linux and Chrome Beta on Android AND their own app on Android (also latest version) failed too).
    3. Told me I need to clear my cache.
    4. Told me it’s because of cookies that I need to delete.
    5. Telling me (I’m a web developer, just so you know) that even though I’m typing in the right password, my browser is sending the wrong one.  (This gets 7 out of 4 Pinocchios… Yes, you read that right).  Yes, I educated them on how this works.
  2. Not admitting early on that this is a known problem.

It gets worse!

After I berated the second level agent that all of his excuses were bullshit and explained in precise detail WHY they were, he finally admitted that this is a KNOWN PROBLEM!  This is AFTER he said he opened a ticket for me.

A KNOWN PROBLEM???  WTF didn’t he tell me that at 1 minute into the call?  Why drag me along for over an hour?

I asked when I should expect it to work for me.  He responded with gibberish and no answer.

I asked again, “When will this be fixed for me”.  He reordered the words of his gibberish with no answer.

I asked a third time, “But when will this be fixed for me?”.  Again, gibberish.

I asked a fourth time, “When will this get fixed for me?”.  This time he said, “Soon.  They’re actively working on it”.

My next obvious question was, “WHEN?”.  Him:  “Soon”.

Me:  “How long have you known about this problem?”

Him:  “Well, it was caused by security updates in your browser”.

Me:  “How long have you known about this problem?”

Him:  “It’s when the browsers made a security change that caused this to start happenning.”

Me:  “How long ago did this start?  I’m concerned that you’re not giving this the attention it needs.”

Him:  “We found out about it in October 2014”

Me:  “WHAT?!?!?!  You’ve known about this for SIX MONTHS?!?!?!?  And it’s STILL not fixed?  This is UNNACCEPTABLE for a company as big as Amazon.  This is CRITICAL and you should have had programmers working on it as a priority one and should have had it fixed on DAY ONE!  This is the CORE of your business!  If we can’t log in, we can’t buy anything!”

The call ended politely and he acknowledged that it was not a good situation, but I was left with ZERO resolution.  Nothing changed.  It’s still broken, and they’re not really going to do anything about it.

THAT’S what’s so insane and inexcusable about it.

Before you shout, “BUT IT WORKS JUST FINE FOR ME!”, let’s make perfectly clear, this is not a global problem.  It happens on some accounts.  Unfortunately, mine is one of them, and they have no idea why and don’t appear to be doing anything about it.

The Silver Lining and tiny shred of hope

The agent told me they are beta testing 2 factor authentication (though the agent didn’t know that’s what it’s called and kept calling it “a way for you to enter a code when logging in”.  After interrogating him, I was able to determine it is actually 2-factor authentication.

He showed me where, on the website, to activate it, but sadly, it was not available to me.  I asked him to add me to the beta.  He said he can’t and that it is just rolling out to random people over a period of time.

If you’re interested, this is where you can find it:

  1. Go to your Account page.
  2. Scroll down to Settings.
  3. Underneath “Forgot your password” and above “1-Click Settings”, there will be a new item.  I don’t know the text, but it will be something like “2 factor authentication”.

 

Amazon 2 factor

If you don’t see it, that means you haven’t been given the roll out of the newer version of their website, and no, you cannot call up and ask to be put on it.  Trust me, I tried.  They can’t do it.

I find it amazing that Amazon could let such a serious flaw go on for half a year (so far).  This is the kind of bug you give top priority to and put programmers on it until it is completely resolved.

See these images?

image

You’ll find actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

Check back later for updates too!

Stick it to the NSA: How to Encrypt your WebMail

If you access your email from your desktop web browser, then follow these instructions to get email encryption working.  This is an initial draft.  I’ll expand some of the steps very soon.

  1. Install the Google Chrome  or Firefox browser if you haven’t already and install the extension named “Mailvelope” from https://www.mailvelope.com
  2. Once installed, there’ll be a new lock icon on the top right of your browser.  Click it and a menu opens.  Choose “options”.
  3. If you haven’t, at some time in the past, already created a private and public key pair, you’ll need to do that now.  If you don’t know what I’m talking about, you haven’t and you’ll need to do it now.  Click “Generate Key”.
  4. Once generated, it’s critical that you back up your private key, encrypted, to a place that no one can get it and that will last longer than your current hard drive and PC.  If you lose it, you’ll NEVER be able to read ANYTHING you’ve encrypted with your keys!  Install LastPass.com, create a secret note, and put your private key in there for long term, encrypted, safe storage.  Mark the note as “must reprompt for password”.  NEVER, EVER give anyone your private key.  NEVER send it unencrypted over the internet.  NEVER email it in an unencrypted e-mail message!  NEVER send it unencrypted over a wireless network, especially an open or public one.
  5. No one can send you encrypted e-mail unless they have your PUBLIC key.  Publish your PUBLIC key to a key server.  DO NOT PUBLISH YOUR PRIVATE KEY!!!!!!!! EVER!!!

Now, when you use GMail or most any of the other popular, free e-mail services in a  desktop browser, you can send and receive encrypted e-mail.  NOTE!  Just because you have the ability to send and receive encrypted e-mail does NOT mean that all your e-mail will be encrypted.  You MUST understand the following:

  1. Nothing you did here encrypted any of your old email.
  2. New email that comes in will usually be in clear text (NOT encrypted).
  3. When you start a new email message, Mailvelope will recognize this and provide you an icon, overlayed in your new email window.  Click it to write your email, then click “encrypt” to encrypt the email.
  4. You CANNOT send encrypted email to people that aren’t already set up, like you are, to send and receive encrypted email.
  5. You can’t send encrypted e-mail to anyone from whom you’ve not acquired their public key.
  6. You acquire public keys by searching on a key server.  MIT’s key server is here:. https://pgp.mit.edu
  7. Use the Mailvelope menu to import the public key of each individual with whom you wish to send encrypted email to.  You’ll find that most people have NOT registered a public key, so  you cannot participate in encrypted email with them.
  8. Once you encrypt and send an email message, you won’t be able to read it from your sent box.  It’ll be there, but encrypted with THEIR public key.  Only THEIR private key can decrypt it.  So, send it to both them AND yourself, THEN you can read it.
  9. Encrypted email is unreadable even by Google’s servers, which means you CANNOT use the Google email search feature for words in encrypted mail.
  10. ONLY the BODY of the email is encrypted, not the subject line, not the TO address, not your FROM address, not any part of the headers.

Things to note about HOW the keys work:

  1. When you generate keys, you only do it once, unless you have multiple email addresses.  In which case, generate a key pair for each of your email addresses you wish to send and receive encrypted email for.
  2. Keys are  created in pairs:  One is public.  The other is private.
  3. Feel free to give away your public key to ANYONE, ANYWHERE, ANYTIME.  Shout it from the mountain tops.
  4. Protect your private key with your life.  Well, don’t die for it, but it’s critical you protect it!  If anyone EVER acquires it, they can read EVERYTHING you’ve ever encrypted with your public key!
  5. Your public and private keys are intimately, mathematically connected.  Anything encrypted with your public key can ONLY be decrypted with your private key and  vice versa.
  6. Nothing is safe if you encrypt it with your private key, because everyone has your public key and can easily decrypt it.  A side benefit is you can do this to prove YOU are the one that created the message.  This is called “digitally signing” your document.
  7. If you want to encrypt something that ONLY YOU can decrypt, encrypt it with your PUBLIC key.  Decrypt it with your PRIVATE key.

Subversion 403 forbidden error

Are you getting a “403 forbidden” error when trying to create a folder or check code into subversion, but you can browse the repo?

[GARD]

There are many causes for this, but one of them that’s very difficult to find is caused by the casing of the URL.  When you check out from subversion, you can use any casing.  When you check IN, you’d better be using the ExAcT casing.  And don’t think that just because you’re using a GUI like TortoiseSVN that it does it for you.  IT DOES NOT!

See these images?

image

You’ll find an actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

Check back later for updates too!

DynDNS.org e-mail database compromised

The compromise of the DynDNS.org e-mail database is not “news” on this day, though it may be news to YOU.  The point of this post is not to broadcast news, but to demonstrate:

  1. Why you should protect your E-Mail address.
  2. How to protect your E-Mail address.
  3. How people have a responsibility with the E-Mail addresses people have entrusted with them.

[GARD]

1. Why you should protect your E-Mail address

What do I mean by “protect” your e-mail address?  After all, you HAVE to give it to people in order for them to send you e-mail, right?  Well, kind of, but you don’t have to give everyone the SAME e-mail address.  I’ll explain shortly, but first, here’s what happens when you don’t protect your e-mail address.

You get spam

If you give out the same e-mail address to everyone (and again, I’ll show you how to not do that shortly), then at some point, someone you gave it to is going to spam you or sell it to a spammer or their user database will get compromised and your address will be stolen and sold to spammers.

You get phishing attacks

Once spammers have your e-mail address, they’ll send you fake e-mail messages trying to trick you into signing into a fake bank website or some other fake site that replicates a business you probably have an account with, then will STEAL your REAL money.

Look at what happenned to ME when a spammer somehow compromised DynDNS.org’s email database and got MY e-mail address:

DynDnsHacked

 

There are no toll roads where I live and I don’t have an account with E-Zpass (I’ve never even heard of it), so I knew immediately that this was a phishing scam, even without Google’s warning.  Also, the English is poorly written.  But, if I weren’t as alert and if Google hadn’t flagged it, AND if I were an E-ZPass customer, it’s possible I’d have been tricked, and I’m sure many other people are tricked frequently.

 

You can’t trace who leaked your address

If you give the same e-mail address to EVERYONE, then you will receive spam on that address and have no way to determine who leaked it.  In my example above with the fake “E-ZPass” phishing scam email, I know EXACTLY who’s responsible for leaking it.  It was DynDNS.org.  How do I know?  Because that phishing email was sent to an email address alias that has only EVER been given to dyndns.org and is NOT one that would have been guessed.  Here’s DynDNS’s response.  They are STILL ultimately responsible.

2. How to protect your E-Mail address

I promised above I’d tell you how.  Here it is:

  1. HOW TO STOP SPAM: BASIC TIPS
  2. HOW TO STOP SPAM: ADVANCED TIPS
  3. HOW TO STOP SPAM: EXPERT TIPS

In short, you use a different email address for EVERY website you sign up with (and that’s VERY easy to do!!!!).  View my links for instructions on how to do that.  It’s actually quite easy, but I go into detail on 3 different levels (basic – for beginners).

Once you do this, if you ever get spam, you can look at the TO address and that will reveal which website you gave that address to, which reveals who’s responsible for either spamming you, selling your address to spammers, or having compromised the protection of your e-mail address.  Then you can block that address so you don’t have to deal with the spam anymore.

In DynDNS’s case, they claim it was their e-mail marketing company that accidentally leaked the addresses.  Doesn’t matter though.  DynDNS should never have entrusted that third party or should have researched their security measures.  DynDNS is fully responsible since they’re the ones that collected the addresses.

3. How people have a responsibility with the E-Mail addresses people have entrusted with them

If you’re on the receiving end of people signing up to your website or newsletters or services of any kind, you have a moral/ethical responsibility to protect those e-mail addresses.  In DynDNS’s case, they failed.  Even though they’re claiming it was their partner marketing company that failed, the responsibility still lies on DynDNS’s shoulders.  It is YOUR (you, the custodian of other people’s addresses) responsibility to ensure the security of them.  If you share that e-mail address with others, you MUST inform your users BEFORE they give you their e-mail address as AS PART of the process of receiving their e-mail address.  It is also your responsibility to ensure the integrity of the security of the partner with whom you give those e-mail addresses.  In short, you really should NEVER give those addresses to partners.  If you need to send out mass mailings to your customers who have entrusted you with their e-mail address, you must honor that trust and have your own, in-house e-mail marketing.

YOU are the gate-keeper of those addresses and if it falls into the wrong hands, even because of lax security by a third party, it’s STILL 100% your fault.  You shouldn’t have given that trusted data to someone else OR you should have fully researched their security measures.

[GARD]

If you ever discover a breach, either internally or externally, it is your responsibility to inform all of your users as soon as you find out.

BEST ANDROID APPS TO START OFF 2014 (PHONE/COMMUNICATION APPS)

This article is one of a series of articles about the best Android apps available as of the beginning of 2014.  Click here for the main article that includes links to this article and links to all the other categories of “The Best Of” apps for beginning 2014.  Let’s get started with the Phone/Communication category, which lists the best phone and communication apps available at the beginning of 2014.  For last year’s list, click here:

Groove IP and Talk-A-Tone (Free VOIP)

imageimage

If you have a Google Voice Account (and if you don’t… WHY NOT???), you can install Groove IP (free version or paid version $4.99) or Talk-A-Tone to make and receive calls over your data plan with your Google voice number.  As far as your mobile carrier is concerned, no call took place, so NO MINUTES ARE USED!

Groove IP is one of the few apps I’ve actually purchased.

I don’t know how many times I’ve explained this to people… they just DO NOT get it, so hopefully you WILL (pay attention!):  The official Google Voice app DOES NOT MAKE VOIP CALLS!!!!  The official Google Voice app does everything EXCEPT make VOIP calls.  Yes, you CAN change your GV settings to forward calls placed to your GV# to your real cell phone number, but when you answer, you’re USING MINUTES because you’re actually using your mobile carrier’s phone connection.  But if you use Groove IP or Talk-A-Tone, you can send and receive calls ON DATA ONLY.  As far as your mobile carrier is concerned, nothing is happening except “stuff on the internet”.  I’m hoping you can see the difference.  Making “real” phone calls with your carrier USES YOUR MINUTES.  Using Groove IP or Talk-A-Tone, you have UNLIMITED minutes.  (note: it DOES use your data, so if you have a data cap, be mindful of that).

[GARD]

So, eat my shorts Verizon, Sprint, T-Mobile, and everyone else!

Sadly, Google is turning off 3rd party APIs for VOIP in May, so these apps will ONLY work until then.  Then it’s lights out. Sad smile  ALL 3rd party VOIP apps that use Google Voice will cease to function.  This is a huge downer for me as my home phone is actually a 100% free Google Voice phone.

Both Groove IP and Talk-A-Tone have both free and paid versions.  The free versions work only on your Wi-Fi connection.  The paid versions will use your mobile data connection too.  But, if you do pay for them, remember, they stop working in May 2014.

Red Phone (Encrypted Phone Calls)

image

New in my list this year:  With Red Phone installed, your cell number is registered with them.  Then, when anyone else with Red Phone calls you, Red Phone notifies them that you have it to and they can place a secure call with you.  This bypasses making a real phone call and instead makes a VOIP call and it’s encrypted.  This not only encrypts your call, but it does NOT use minutes from your cell phone provider because you’re not really making a “real” phone call.  As far as your carrier is concerned, it’s just “stuff on the internet”.

Eat my shorts, NSA!

TextSecure (Encrypted Text SMS)

image

New in my list this year:  Make by the same people that gave us Red Phone, is TextSecure.  this is a texting app, but with a special feature:  Anyone you text that’s also using it will receive your text messages securely.  Both of your messages are encrypted locally, before sent out.  Just like RedPhone, when you install TextSecure, it registers your phone number with their servers so that your contacts who also use it will automatically detect that you have it and will encrypt your text messages.  You can use this app as your standard SMS app too.  If you text someone that does NOT have TextSecure, it just sends the text messages in the normal way any other SMS app does.  If your text messages ARE encrypted, it’ll show a lock icon by them so you always know whether you have a secure or unsecure connection.

Eat my shorts, again, NSA!

Chomp (SMS)

image

New in my list this year:  Chomp SMS is my favorite SMS app (aside from the encryption provided by TextSecure.  You have a LOT of customizations of the look and feel of your text messages.

Of course, if you want encrypted messaging, this is not the app for you.  But if you want a great looking messaging app, this is one of the best.  You can even make it look like the bubbly iOS texting app, if you like.

One thing to note about encrypted messages:  If you are running CyanogenMod 11 (if you’re not sure, then you most certainly are NOT), it has TextSecure’s encrypted technology built directly INTO the Operating System so ALL your SMS apps can send and receive encrypted messages!  So, since I am running CM11, I continue to use Chomp SMS and I also get the benefit of encrypted messages without the need of the stand-alone TextSecure app.  Yes, I have the best of both worlds!

Yes, it’s supports EMOJI and themes as well.

Thanks CyanogenMod!

Google Hangouts

image

New in my list this year:  Google Hangouts is Google’s latest offering for messaging.  They are integrating all of their various messaging apps into one.  This app does SMS, Google Chat, some of Google Voice, and Video and Audio chatting all in ONE app.  If you like the Google card like interfaces (I personally do NOT for this type of app), then you’ll love this.  It can even be your default SMS app.  This is almost an all-in-one messaging app.

Google Voice

image

Staying on the list this year:  Not to be confused with the Google Voice SERVICE, this is the Google Voice Android App.  Yes, it sounds like I’m splitting hairs, but the Google Voice SERVICE is much bigger than this lonely, single, Android App.  Of course, this app gives you a user interface into the Google Voice service.  This app does SMS (only via your Google Voice #, not your real cell #) and provides you a great UI for your Google Voice voice messages.  BTW, you can make Google Voice your REAL voice-mail provider for your REAL cell phone number, instead of your cell phone providers very limited voicemail service.  If you use GV as your standard VM provider, then you get everything you had before PLUS you can get your v-mail sent to you in e-mail.  You get automatic voice to text transcriptions (which are searchable!), can access your v-mail from any web browser, from the GV app, from your e-mail.  You can play them on your phone or in a web browser.  You can SEE them as if they’re e-mail with a GMail like UI.  Once you try it, I promise you, you’ll NEVER go back to that crappy old v-mail service your cell provider has for you, wasting all that time listening to messages with just your audio and phone pad interface.

[GARD]

Note that if you have CyanogenMod 11 or higher (again, if you’re not sure, then you definitely do NOT), then you have Google Voice support DIRECTLY in your phone’s operating system.  You PHONE can use the free, unlimited texting service from your Google Voice number.  ANY SMS app on your CM11 phone can use your Google Voice # for sending and receiving SMS messages.  If you do NOT have CM11 (or Sprint), then Google’s free SMS via your Google Voice number has utility ONLY in the Google Voice app.

But, with your Google Voice service and this app (or any SMS app on a Sprint phone or a CM11 phone), you can cancel your expensive texting plan and use ONLY your Google Voice service.  It’s free and it’s unlimited.

Oh!  And calls to your GV# can be filtered for telemarketing spam.  So can SMS messages.  It’s an optional (and free) feature.  Of course, you want this feature turned on!

See my 2013 “Best Android Apps to Start off 2013 (Phone/Communication Apps)” for a more, in-depth description of this service.

Eat my shorts, Verizon, T-Mobile, Sprint, Virgin, etc…

Mr. Number (Spam Blocking)

image

Still on my list this year:  This is an oldie, but a goodie.  Install Mr. Number and it will instantly lookup any incoming call and compare the caller ID information to a known list of telemarketers.  It will actually WARN you with a popup notification that the caller is a suspected spammer.  At which point you can choose to answer, hang-up, or block it.  If you block it, it gets added to your block list and you’ll never receive a call from them again.  If you get a call from a telemarketer that Mr. Number didn’t recognize, you can then tell Mr. Number that this number is a telemarketer and block it.  The great thing about that is it registers that number with the Mr. Number servers as a spammer so OTHER users get notified too.

This service is a crowd sourced service.  All of you are helping each other out.  You can even leave a description of the telemarketing call.  Even iOS users have a version of this app, so they too are contributing to the crowd sourced information.

Eat my shorts, telemarketers!

YP Mobile

image

Same as last year:  YP Mobile (available here in the Google Play store) provides your basic yellow pages phone book, plus the familiar stuff you find in other “local services” apps for finding restaurants, gas prices, etc…  Not much more to say about it.  This app is no more or less special than others of its type, but I’m including it as one in that type of category.  Others are Yahoo!, Yelp, and Where.

[GARD]

Personally, I find Google Maps a superior tool for finding local businesses and their phone numbers as it shows a map of your results, so you can see, visually, immediately, what’s close by, then just tap whichever one you want on the map to get the details and phone numbers.

Google Maps

imageNew on my list this year:  Why Google Maps in a list of PHONE apps?  Because, I’ve found this is the most convenient way to find local numbers by business name OR by category (such as “Pizza”).  The search results are pins on a map, showing me WHERE these places are, which is almost always important to me for local places.  Touching a pin shows you that company’s contact information, INCLUDING their phone number, which you can tap and call immediately.  It is UBER useful!  I actually use Google Maps more than anything else for finding phone numbers.  To be honest, I don’t even have YP Mobile installed anymore.  I do want to leave it on my list, because it is useful and I just can’t bring myself to not recommending it, even though I honestly do NOT use it myself, anymore.  Google Maps is just awesome for finding local (and even non-local) businesses.

Dropped from this year’s list

imageNot all apps from last year made this year’s list.  Among them is Call Master.  Now, this is actually a GREAT app and works even better than Mr. Number, but it has one terminal flaw:  It sometimes pops up a nag screen in front of an incoming call, making it impossible to answer the phone.  I’ve missed a couple of very important phone calls.  For that reason, I’ve removed it from this year’s list.  BUT, if you’re wanting to pay for the full version, I’m sure this nag screen problem would go away.

What was better about it than Mr. Number was that it embeds itself DEEP into the OS so it would actually PREVENT the telemarketing call from making its way into the phone’s notification system.  The phone won’t ring.  You’ll have no call log.  Not even Mr. Number will be aware of it.  With Mr. Number, when a blocked caller calls, you hear a short ring before Mr. Number shuts them down.

You Chime In

What are some of YOUR favorite apps in this category?  Let us know in the comments below.

Conclusion

This completes my list of “Best” phone-specific apps available to start off 2014.  There are, of course, other communication types of apps and this is, by no means, a comprehensive list.  These are the apps in this category that I use on a daily basis and install on a new phone or tablet as soon as I get it.

See these images?

imageimage

You’ll find an actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

Check back later for updates too!

Best Android Apps to start Off 2014

Here are my “Best of” Android apps to start off with in 2014.

I’ll list them by category and explain the purpose of each one and why I’m choosing it.  Each category will be a separate post because, as you can see of the length of the list, it would be quite long if it were all in one post.  Each bulleted category below is a LINK to the article about the apps in that category.  The list of categories below will only have hotlinks to articles for which I’ve completed.  Note that when I did this for 2013, I did NOT get a chance to make articles for all of these.  I will attempt it again this year.

Keep checking back as I post more articles… one for each category below

•    Phone/Communication Apps
•    Finance
•    Shopping (Everything here is FREE)
•    Imaging
•    Utilities
•    Audio
•    Games
•    Calculators
•    File Management
•    Security
•    Geo Location
•    Launchers
•    Productivity
•    Social
•    News & Reference
•    Time (Clocks/Alarms/Calendars, etc…)
•    Networking
•    Weather

See these images?

imageimage

You’ll find an actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

Check back later for updates too!

Sick of the NSA Spying on you?

imageSetting aside the tin foil hat and paranoia jokes, no one likes being tracked or their private text messages being scraped up by the U.S. government’s massive computers, nor their phone metadata being logged, nor even the possibility of someone being able to listen in or record your phone calls (the NSA denies they listen to calls, but others with even FEWER ethics CAN).

 

Here’s what you can do to protect yourself on your Android SmartPhone

  • Encrypt your text messages.  There are 2 good options:

Install the TextSecure app.  This app will automatically detect which of your contacts also has this app installed and will automatically encrypt your SMS text messages with those individuals.  TextSecure is available on iOS too!  This means you can have encrypted texting sessions with both iOS and Android users!

Root your phone and install CyanogenMod 11 (or higher).  CM 11 has built-in support for TextSecure encryption, coded directly INTO the Operating System.  This means, you don’t have to install the TextSecure app.  Automatically, ALL SMS apps on your phone suddenly support TextSecure encryption.  But, you have to turn it on.  The feature is called “WhisperPush”.  Simply find the WhisperPush app on your phone, run it, and follow the instructions.  It’s the simplest setup you’ll ever experience.

  • Encrypt your voice phone calls (yes, you can do that)

This used to be stuff of only fiction in spy movies, but it’s a reality today and YOU can do it within minutes of reading this article.  First, install the app RedPhone from the Google Play Store.  This app is made by the same people that make TextSecure.  Both you and the person you’re calling (or receiving a call from) have to be using this in order to have a secure, encrypted phone call.  When you install the app, the first time you run it, it’ll ask you to register your phone number.  Now, anyone else with the app, when they call you’re number, the app knows you have it and will offer the caller the option to make the phone call encrypted.  Note that this uses your DATA connection and NOT your phone connection.  You’re not actually making an actual phone call.  It’s more of an internet audio chat.  But you don’t need to know that other than if you have a data cap, this will use your data.  As far as you and the other caller are concerned, for all practical purposes, it’s a phone call.  But your carrier will have no record of it AND anyone trying to listen in will only see a stream of random bytes streaming.  It’s totally encrypted… just like in the spy movies! Smile

  • Encrypt your E-Mail

This is a bit more difficult.  I’ll provide another article on how to do this.  The short version is you need to install djigzo from the Google Play store to manage your keys.  Then you’ll need an e-mail client that can use those keys to encrypt and decrypt your e-mail.  K-9 Mail is supposedly one of those apps.  For the record, I’ve NEVER gotten this to work.

  • Encrypt your phone

Android can encrypt your entire phone.  Don’t confuse yourself.  This does NOT encrypt ANY internet traffic to or from your phone.  It encrypts the files on the phone itself.

Go to Seetings –> Security –> Encrypt Phone

Warning!  This can take an hour or so!  Make sure your phone is plugged in AND has at least an 80% charge.  You do NOT want this failing in the middle of  it.  It will also require you to set a lock screen PIN or password, if you don’t already have one.  Once you do this, you CANNOT flash anymore ROMs on your phone (if you’re rooted).  So, make sure you’re good to go with the ROM you have.

  • Add a PIN or password to your phone

This one is obvious.  You need to set a PIN or a Password on your lock screen, otherwise, anyone can use your phone and see your data.

  • Add extra PIN for individual apps

Install the app AppLock from the Google Play store.  Open it up and set your settings.  You’ll set a PIN and you’ll select the apps you want to have an extra layer of protection.  Hint:  DO NOT use the SAME PIN here that you’re using for your phone lock screen.

This app will pop up a PIN prompt whenever someone tries to open one of your extra protected apps.  For example, you may want to enable your backing apps and credit card apps via AppLock so that you have to know that extra PIN in order to lauch them.  This way, if you let someone borrow your phone, they can’t go snooping into your financial data.

  • Hide apps and/or files on your phone

Maybe you have some apps that you don’t want other people to know or use.  Go to the Google Play store and download an app called Hide It Pro.  When you install it, it’ll show up on your phone as “Audio Manager”.  It’s deliberately deceptive.  The purpose of this app is to hide apps and/or files on your phone.  You protect them with a password of your choosing.  If someone’s snooping around on your phone, all they’ll see for this app is a music icon with a label, “Audio Manager”.  And if they launch it, it’ll even have working audio controls.  Those controls are totally for faking out people snooping on your phone.  Long press on the app title at the top of the screen (inside the app) and you’ll be prompted for a password, which then takes you into the real app where you can select apps and files to hide.  They won’t even show up anywhere on the phone with the regular phone interface.

  • Hide your browsing and internet traffic

Your ISP can see all the sites you go to, and so can the NSA, and so can anyone else snooping on your wireless connection (or even your wired connection).  And websites know what IP address you’re using, which means they can ask the ISP that own’s that IP address who is using it, and they’ll give them your name, address, and phone number.  What you need is something that bounces your web page requests to random computers all over the world.  Yes, this is exactly what you see “hackers” doing in hi-tech spy movies and YOU can do it too… VERY EASILY.  Install the app Orbot on your phone.  Follow the directions.   It’s super simple.  If your phone is rooted, it can obfuscate ALL of your internet traffic.  If your phone is NOT rooted, it can work with a few apps on your phone (web browser and e-mail, in particular) and bounce all your traffic from those supported apps all around the world.  It’ll slow down your connection a little, but it’ll also protect you against nosy, 3 letter acronyms including ISPs.

Click here to follow me on Google+.

Follow me on Twitter @CSharpner.

See these images?

imageimage

You’ll find an actual working versions of them at the top and bottom of this article. Please click the appropriate buttons in it to let your friends know about this article.

Check back later for updates too!

Total abuse of license agreements

Have you noticed how license agreements have been getting longer and longer? I actually read them and frequently refuse to install some software (like Facebook) because they have ridiculous or draconian statements in them.  But occasionally, the agreements are just too freaking long to bother with, like the XBox Zune agreement.  And now, Samsumg wins the prize for ridiculously  long agreement.  How long is it?

FOURTY ONE PRINTED PAGES!!!

image