Dyson Pure Cool Fan Review – Is it worth the premium?

When you hear of the brand Dyson, the first thing you would associate them with is the vacuum cleaner. It is not surprising as the company was founded by James Dyson with the cyclone vacuum as the first product. Since then, the company has diversified their product lines to include other types of home appliances such as hair dryers, air purifiers, fans, heaters and lightings.

And as a result of their sleek marketing, they could be perceived as the company that makes premium and high quality appliances.

I will admit, it was that perception that got me yearning for a Dyson fan when I first saw it several years ago.

And after several years of waiting, and having gone through a period of hypersensitivity to gaseous compounds from cigarette smoke and haze, I got myself the Dyson Pure Cool Advanced (TP04-White/Sliver) model and it cost me about ~$700 after some sort of discount.

I have been using it for several months now and that has allowed me to get over the initial emotional high of a new toy, which enables me to give a more objective review.

The Pros

Clean the air

The Dyson Pure Cool is first and foremost an air filter and then a fan.

Air is sucked in by the fan located at the base of the machine. There are two types of filter installed, and when combined are designed to capture up to 99.5% of pollutants in the air.

The glass HEPA filter is able to capture most pollutants, allergens, dust and viruses as small as 0.3 microns. The second filter is the activated carbon filter that can capture other smaller particles and gaseous vapours.

As of this writing, the COVID-19 pandemic is still ongoing and this double-filter system ensures the air you breathe in is clean and safe.

Air quality monitoring

It comes with a suite of sensors that detect air pollution ranging from PM10 to NO2 and will display these information in the form of graphs.

The graphs will start from green and will turn yellow if the air starts to contain certain pollutants. Red and purple graphs will follow when the pollution becomes worse.

It is especially useful in Singapore where we have haze seasons due to burning of the forest in Indonesia. Or when you live in HDB apartments where you are so close to other people who pollute the air with their cigarettes and those toxins enter your living area due to wind. You can use the Dyson air quality monitoring to help you determine if you need to take additional steps to protect your health such as putting on a mask or closing the windows.

Easy to maintain

Unlike the traditional fans, the fan blades are kept hidden within the base of the machine with the filters to keep out dust and dirt. Other than changing out the filters once every year or so, the machine needs only a simple wipeout with a lightly damp cloth.

Compact size and lightweight

Most standing fans are rather heavy and most can be difficult to transport around the house due to their size, especially due to the large fan blades and protective cage.

The Dyson Pure Cool stands at about 1.06 meters tall with a max diameter of 22.3 cm, which makes it much smaller than most standing fans. It also weighs about 5kg and that makes it light enough to carry with one hand.

During the time I had it, I have moved the machine around my room just so that I could get a decent air flow depending on where I am. And this ultimately lead us to the cons of the machine.

The Cons

Very noisy with weak air flow

At its core, it uses a motor to suck in and propel air. At lower speed, the motor is relatively quiet but it comes at a cost of low wind speed.

With the motor speed set to 5 or 6, the air projected out by the so call air multiplier technology is perceived to be weaker than a simple $20 desk fan.

As you raise the motor speed up to 8, 9 or even 10, there is a distinct whining sound that you typically hear with vacuum cleaners. Even then, the amount of air movement you get is less than a ~$30 standing fan with fan speed set at 1.

Does not cool you

The machine does not actually live up to its name Pure Cool.

It has tiny silts along the central tube that allow air to flow out after it has been pushed through the internal tunnel. To increase the airflow, a technology called air multiplier is used, which is nothing more than a fancy name that take advantage of inducement and entrainment to move a higher volume of air than it actually takes in through the machine’s base.

With the air multiplier, air moves like a steady stream but the airflow is weak. Really weak when compared to traditional standing fans. The stream of air is not fast enough and spread wide enough to create a situation where you can get indirect air flow from air molecules bouncing off surfaces.

My non-scientific test involved setting the fan speed to 8 and see how far I can go before I stop feeling the airflow. And the result is about 2.5 metres.

Also, due to its inability to move large volume of air with sufficient speed, it is unable to remove heat from a room faster than the heat can accumulate. And it is a problem especially in a country as warm and humid as Singapore. The room is so much warmer than it should have been when compared to using a traditional standing fan. Without a strong air flow, it is not able to induce faster sweat evaporation in such a weather, which makes you feel even hotter than usual.

The feeling of cheap build

When you buy a product such as a fan or an air filter, you would expect that the material used to construct the product would be of a higher quality. Yet, most of the device is made out of plastic that does not really make it feel like a premium product.

What are you actually paying for?

In my opinion, the price tag you pay for the machine is to cover the following cost:

  1. The engineering hours that goes into the sensors and software needed to run the machine
  2. The motors, asymmetrical fan blades and the R&D of the filters
  3. Whatever tests Dyson need to conduct to claim their product can filter out 99.5% of the pollutants in the air
  4. Manufacturing

Other than the above, I do not see how they could justify the price tag, which is as much as an 128GB iPhone SE (2020).

Conclusion

If you are living in a country as hot and humid as Singapore, I would not recommend the Dyson fan unless the company figure out a way to deliver high airflow needed to encourage heat dispersal within a room and sweat evaporation from the body.

If you need something that does not consume a lot of electricity like the air-conditioning but can still cool you down in this country, I would recommend you buy a standing fan from companies like Mistral or Sona.

But if you are looking for an air filter that doubles up as a fan and you plan to use it in an air-conditioned room with temperature around 25 degrees celsius, then Dyson Pure Cool is a product that you can consider. You can use the fan as a method to even out the cool air in a room so that there are no warm spots.

And if you are looking for just an air filter, there are other cheaper alternatives that can do the job just as well.

Bugs in WordPress page builder plugin leave 1 million sites vulnerable to full takeover

Are you using WordPress? If you are and have installed SiteOrigin’s Page Builder plugin, your site could be vulnerable to full takeover by hackers.

To the uninitiated, Page Builder is a WordPress plugin created by SiteOrigin that is used to build websites using drag-and-drop functionality. It currently has a million active installations.

Researchers at Wordfence found two security bugs in the plugin that can lead to cross-site request forgery (CSRF) and reflected cross-site scripting (XSS). These two bugs allow attackers to forge requests on behalf of a site administrator and execute malicious code in the administrator’s browser.

The bugs have been assigned with a severity rating of 8.8 out of 10 by the researchers, but no CVEs have yet been assigned.

The details of the flaws

The two flaws can be used by attackers to redirect a site’s administrator, create a new administrative user account or inject a backdoor on a site. The details of the flaws could be found in the link provided above.

The first flaw affect the built-in live editor within the plugin.

For the plugin to show the modifications done in the live editor in real time, it registers the is_live_editor() function to check if a user is in the live editor. If the user is in the live editor, the siteorigin_panels_live_editor parameter will be set to “true” and register that a user is accessing the live editor. The plugin will then attempt to include the live editor file which renders all of the content. Then, the “live-editor-preview.php” rendering file updates the page preview with changes made in real time.

This is all good but the problem lies in the lack of nonce protection. It is a method that could be used to verify that an attempt to render content in the live editor came from a legitimate source.

According to the researchers, some of the available WordPress widgets, such as the ‘Custom HTML’ widget, could be used to inject malicious Javascript into a rendered live page.

The second flaw is also a CRSF to XSS issue and it lies with the action_builder_content function of the plugin.

The purpose of the function was to transmit submitted content as panels_data from the live editor to the WordPress editor in order to update or publish the post using the content created from the live editor. Although the function did have a user permission check, there was no nonce protection to verify the request source, causing a CSRF flaw.

The researchers found that the “Text” widget could be used to inject malicious Javascript due to the ability to edit content in a “text” mode rather than a “visual” mode. With this, potentially malicious Javascript could be allowed to be sent unfiltered.

What should you do?

The flaws affect SiteOrigin’s Page Builder version 2.10.15 and below. In order to avoid full site takeover, admins should upgrade the plugin to version 2.10.16.

And it should be noted that an attacker needs to trick a site administrator into executing an action like click on a link or an attachment for the attack to succeed. Therefore, it is advisable not to click on any link or open any attachments that you are unsure of.

Official government COVID-19 apps comes with security threats

COVID-19 is one of the worst public health crisis ever faced by humans since the 1918 flu pandemic.

Governments around the world launched their own version of mobile apps to help their citizens track symptoms and virus infections. However, security researchers at ZeroFOX Alpha Team uncovered various privacy concerns and security vulnerabilities —including backdoors with these apps.

The Iranian government released an Android app called AC19 on the Iranian app store known as CafeBazaar. The app claimed that it can detect whether or not people are infected by the virus and was released by the Ministry of Health. It was to take advantage of the confusion and fear gripping many parts of Iran about COVID-19 to boost Tehran surveillance capabilities.

When Iranian users downloaded the app, they are prompted to verify their phone number despite the fact that the government has access to all phone numbers via its control of the country’s cell providers. Once users provided their phone number, they are prompted to give the app permission to send precise location data to the government servers.

In addition, there is a copycat app called CoronaApp created by threat actors that is available for direct download by Iranian citizens rather than via the Google Play Store. As a result, the app is not subjected to the normal vetting process that might protect these users from malicious intentions. However, many citizens in Iran cannot access the official Google Play store due to sanctions, so they are more likely to download the unvetted apps.

Once installed, the CoronaApp does request for permission to access the user’s location, camera, internet data and system information, and to write to external storage. It is this particular combination of permissions requested that demonstrates the developer intent to access sensitive user information.

Separately, the Colombian government released mobile app called CoronaApp-Colombia on Google Play store to help people track potential COVID-19 symptoms in March 2020. However, ZeroFOX researchers discovered that the app included vulnerabilities relating to how it communicates over HTTP, affecting the privacy of more than 100,000 users.

As of March 25, the app with version number 1.2.9 communicates insecurely with the API server throughout the app workflow. Specifically, it uses HTTP instead of HTTPS or other more secure protocol for server communications. By making these insecure server calls to relay users’ personal data, CoronApp-Columbia could put sensitive user health and personal information at risk of being compromised.

But there is a shred of good news. The Columbian CERT fixed the vulnerabilities three days later after ZeroFOX Alpha Team submitted the vulnerability, listed as CVE-2018-11504 on MITRE, to them on March 26.

Last but not least, the Italian government created region-specific apps for tracking coronavirus symptoms as the country is one of the places that the COVID-19 pandemic has hit the worst.

As a result of the greater number of government-sanctioned apps, users are less certain of which COVID-19 mobile apps are legitimate.

Threat actors are taking advantage of this confusion, and inconsistency in the apps releases and availability to launch malicious copycats that contains backdoors.

ZeroFox Alpha Team found 12 android application packages related to the attack campaign. 11 of these packages were found to use various methods of obfuscation.

The first app analysed by Alpha Team was discovered to use a signing certificate where the signer was “Raven” with a location in Baltimore, likely a reference to the Baltimore Ravens NFL team. Furthermore, every other app analysed by the team used these signing certificate and issuer details.

The backdoor is activated when the Android app receives a BOOT_COMPLETED event when the boots, or when the app is opened.

The researchers advised governments with COVID-19 related apps or those thinking about releasing new ones to ensure the consistency in where the apps can be downloaded as well as in their appearance to help avoid the spread of malicious doppelgängers. Exercising due diligence during the development process will help secure the app and avoid putting citizens at further privacy risks.

Are you using Zoom? Your personal data is being leaked and you could be vulnerable to being hacked

Zoom is dealing with one hot potato after one another. They recently got out of a situation where its iOS app was found to be sharing data with Facebook secretly by updating the iOS app.

Now, they are dealing with another problem due to how the software’s Company Directory feature works.

Zoom groups users who signed up using the same company email domain together to make searches and calls easier with colleagues. So when users signs up with their private email address to join Zoom, they have had thousands of strangers added to their contact list as they were perceived to be working under the same organisation. With this, you can get insight to all subscribed users of that provider, which include their full name, physical address, profile picture and status.

However, there is a little bit of good news. Users of standard email providers such as Gmail, Hotmail and Yahoo are not affected as Zoom blacklisted them. Furthermore, the company officially requires users to submit a request for their non-standard domains to be blacklisted.

But that is not the end of bad news for the company.

It is also found that Zoom also converts any URLs into hyperlinks. This could then be used maliciously where cybercriminals could send you a Universal Naming Convention (UNC) path instead of a web link.

UNC paths are typically used for networking and file sharing. An unsuspecting user could click on the link sent via Zoom, which will then make Windows try to connect to the remote host using Server Message Block (SMB) network file-sharing protocol. By default, Windows will send the user’s login name and their NTLM password hash to this host. The NTLM password hash could easily be cracked and put your computer at risk from hacking.

What is Object-Oriented Programming?

Object-oriented programming (OOP) is a programming paradigm that organise a piece of software based on the concept of objects or data rather than by function and logic.

In OOP, software is designed by using data modelling to identify the various objects that makes up the system and how these objects interact with each other. These objects can range from physical entities such as a human being that is described by a set of attributes/properties like name, height and age to small computer programs such as widgets.

Once an object is identified, an extensible program-code template will then be created to generalise the object. This template will contain properties or attributes that the object can use to store data. In addition, it also contain functions or methods that define the logic sequences or statements to manipulate these data.

Features of OOP language

An OOP language usually come with support for code extensibility in the form of classes or prototypes and code reuse through inheritance. This kind of support ultimately give rise to two styles of OOP—one is class-based programming and the other is prototype-based programming.

Class-based programming languages support two main concepts: classes and objects.

A class is a program-code template that defines the data format and available procedures for that class. On the other hand, an object is an instance of the class, or in other words, an object is the realisation of a class.

Prototype-based programming languages on the other hand has no concept of classes. Objects are the primary entities. Generalised objects are typically used in these type of languages where the objects can subsequently be cloned and extended to form the foundation of future objects.

These languages also share certain features that are found in other programming languages that adhere to other types of programming paradigm such as procedural programming or functional programming. The two most common features are variables and procedures.

A variable is used to store information formatted based on a small number of data type like integer and alphanumeric characters that are built-in most languages.

A procedure, also known as function, methods, routines or subroutines, is simply a construct in code that takes some inputs, manipulate data and/or generate output. In addition, other programming constructs like loops and conditionals are also included in any OO language.

Furthermore, there are also four common mechanisms or features, if you will, that OOP language have that set them apart from other type of programming languages. These four mechanisms are Abstraction, Encapsulation, Inheritance and Polymorphism.

Abstraction

Abstract means an idea or concept that is not tied to an instance or realisation. In OOP, an abstract class or interface allows programmers to express the intent of the class instead of the actual implementation. In a way, this hides the inner working of a class from other calling classes that do not need to know in order to use it.

For example, a driver only need to know how to drive a car but does not need to know in detail of how the engine and gearbox works. In this context, the car has abstracted away the inner workings from the driver.

In an example below, we have a Vehicle class that is abstract that has implemented some logic for its move method. Another class called SedanCar is a non-abstract class but extends from Vehicle, which is a concept related to Inheritance (please see below). Then a driver gets a SedanCar by instantiating it and decides to drive it. The drive method calls the move function on the instantiated vehicle without ever needing to know what are the operations or steps needed to be executed to move the vehicle.

public abstract class Vehicle
{
        public void move(){
                //Logic to engage the engine
                //Logic to spin the axle
                //Logic to spin the wheel
        }
}

public class SedanCar extends Vehicle
{

}

public class Driver{

        Vehicle vehicle;
        
        public void getASedanCar()
        {
                vehicle = new SedanCar();
        }
        

        public void drive()
        {
            vehicle.move();
        }
}


Encapsulation

Encapsulation is related to abstraction in the sense that it hides the inner working. The difference lies in that encapsulation hides the data implementation of a class from other classes— data are made private or have restricted visibility from the outside. Through this mechanism, only the host class can change its internal data while other classes has to do it via either the provided public accessors or methods that perform actions that ultimately effect a change in the data.

Below is an example of a Person class written in Java. Similar to an actual person, the person class contains both name and age properties that are private to it. Once the class is instantiated as an object, no other objects can access the properties or make changes to it.

As described earlier, these other objects have to do it via the provided accessor methods (functions) get either the name or age and use the setter methods to set the name and age of the person object.

public class Person
{
    private String name;
    private int age;

    public void setAge(int age)
    {
        this.age = age;
    }

    public int getAge()
    {
        return age;
    }

    public void setName(String name)
    {
        this.name = name;
    }

    public String getName()
    {
        return name;
    }
}

Inheritance

Inheritance in OOP is a mechanism that allows a class or object to be based upon another class or object and retain similar implementations. In a sense, it is similar in biology where the makeup of an organism such as a human being is based on the sum of their parents’ genes. These genes determine how they and their body react and behave in different circumstances, how they look and whether they will ultimately develop medical conditions such as diabetes, high blood pressure and heart failure.

With inheritance, original codes implemented in the parent class can be reused and help shorten the amount of codes needed. Furthermore, if there is any changes to be made to the original code, the programmer/developer only need to change the one in the parent class and all child classes will get the updated implementation.

Polymorphism

Polymorphism refers to the ability of an object to take on many forms. There are two types of polymorphism in practice and are generally applied to methods and functions instead of classes.

The first type of polymorphism is compile time polymorphism. It also goes by another term called overloading. This means that there can be multiple methods with the same name but different type of parameters.

An example of compile time polymorphism is as follows where there are two methods named move. One of the move method takes no parameter as input and the other takes an object as an input.

public class Vehicle
{
    public void move(){
    }
    
    public void move(Object object){
        }
}

The second type of polymorphism is run-time polymorphism. It also goes by another term called overriding. With this type of polymorphism, there is only one move method but different classes will implement it differently based on the context.

Below is an example where there are three classes that implements the same move method. Since both Sedan and Bus extends from Vehicle, when either of them gets instantiated and their versions of the move method gets called, then the respective move method will be executed instead of the one in Vehicle.

public class Vehicle
{
    public void move()
    {
            //some code here
    }
}

public class Sedan extends Vehicle
{
    public void move()
    {
        //some code here
    }
}

public class Bus extends Vehicle
{
    public void move()
    {
            //some code here
    }
}

Apple updates Mac mini with double the storage

The Apple Mac mini (2018) sees a nice update today (Mar 18,2020) in the form of increased storage capacity for the standard configurations that you can buy from Apple store.

The S$1,139 model sees a storage increase of 128GB to 256GB for its SSD drive from the original 128GB while the $1,579 model sees an increase of 256GB to 512GB from the original 256GB.

These Mac minis are made from 100% recycle aluminium and are available from Apple now.