Sunday, December 10, 2017

Air Transfer

As I mentioned in my Back and Forth post I'm using an iOS app Air Transfer to copy photos from the iPhone to my Windows laptop.

Here's my workflow.

I launch Air Transfer.


On my laptop I browse to the URL that Air Transfer presents. It pretty much never changes.


On my laptop I click on the link to take me to the Camera Roll.


I select the photos that I want to transfer to my laptop. The free version of Air Transfer lets you select 10 photos at a time. The upgrade to the Pro version is $1.99.


I click on the Download link.


Air Transfer then creates a zip file and downloads it to my laptop.

When the download is complete I go back to the iPhone, double-click the home button and swipe away Air Transfer.

Then I launch Apple's Photo app and delete everything on the Camera Roll.

Done.

Why don't I use Google Photos? Actually I do. But Google Photos recompresses the photos so I don't use this copy for archive. I use the Google Photos copies for casual sharing.

Why don't I use Dropbox? Actually I do. But not for photo transfers. Dropbox renames the files. I prefer to maintain the original file name.

For a thorough comparison of Google Photos and Dropbox revisit my Dropbox vs Bluetooth vs Google Photos post. Think of Air Transfer as the iPhone equivalent of using Bluetooth on Android.

Here is one of the screen captures from the app store:


Here's what mine looks like:


Because there is no slider for WiFi Transfer you must swipe away the app. I asked the developer about his. He replied quickly.
I am currently overhauling the internals of the App.
The on/off switch was temporarily eliminated in current version.
To disconnect Air Transfer, you can either shutdown the WiFi of iOS or terminate Air Transfer.
The on/off function will be available in later updates.
A similar app is File Hub. It has a lot broader set of capabilities than Air Transfer but includes a Wi-Fi transfer service. I didn't stick with File Hub as it requires a web password on each execution. If you're using a public Wi-Fi this is absolutely necessary but on my home Wi-Fi this was just a nuisance.


Sunday, December 03, 2017

Contactless Payments

One day on my deals feed was this gadget:
The post said "We can all afford to be paranoid at this price."

Should we really be paranoid?

So I went to wikipedia.
The examples and perspective in this article may not represent a worldwide view of the subject. 
Contactless payment systems are credit cards and debit cards, key fobs, smart cards or other devices, including smartphones and other mobile devices, ...
Mobil was one of the most notable early adopters of this technology, and offered their "Speedpass" contactless payment system for participating Mobil gas stations as early as 1997.  

What does that really mean for you and me?

Not much.

Remember that opening statement from wikipedia: "The examples and perspective in this article may not represent a worldwide view of the subject."

Here are some valid concerns but it's from the UK.

Here is a North American-centric view of contactless payment systems.

"Nothing to see here, move along".

But remember that wikipedia also said: "...including smartphones and other mobile devices."

But smartphones and other mobile devices won't fit in the little case.

Not to worry.

Although these are "contactless" they are based on NFC. Although NFC is contactless there is always another layer of security, e.g. TouchID for Apple Pay.



Sunday, November 26, 2017

Neutrons

Every now and then my propeller beanie comes out.


Here I go again.

Last year during the week between Christmas and New Years, I had my annual lunch with two of my geekiest friends.

That was a time to be remembered.

I've already discussed one of the topics we covered.

One of the lunch mates is a long time employee of a global logistics firm that has multiple data centers, one at a high altitude, i.e. more than a mile high.

Somehow he got off onto failure rates related to altitude. He attributed these failures to neutrons.

I kid you not.

He had noticed that some equipment seemed to fail more often at the mile high data center. The vendors of the failing equipment didn't buy the idea of neutron density at altitude causing the failures.

The logistics company did a tightly controlled experiment at Memphis and at the mile high data center.

The results were convincing. Certain equipment from certain vendors failed way more often at the mile high data center.

While you may say "That doesn't apply to me. My data center is not a mile high."

Don't speak too fast.

When I worked for this global logistics firm we used to say that the problems we were encountering were going to be everybody else's problem in 5 years.

The same goes with neutrons.

Here's why: Ice Lake.

Read this from AnandTech.

A 10nm processor is coming your way and soon.

I won't miss this year's lunch for anything.

Here's a reading list on neutrons.

Cosmic rays creating energetic neutrons and protons

Cisco Blamed A Router Bug On 'Cosmic Radiation'
We did send a system to a POP in Denver (altitude 5000+ ft) and saw on this system a statistically significant increase in recoverable memory ECC errors.
When the affected board was returned to San Jose and retested (basically sea level) the errors could not be reproduced.
So we returned the hardware back to the Denver POP, and the recoverable ECC errors returned. No amount of swapping memory DIMMs (various vendors) made a difference.
Problem background
...research has shown that the majority of one-off soft errors in DRAM chips occur as a result of background radiation, chiefly neutrons from cosmic ray secondaries, which may change the contents of one or more memory cells or interfere with the circuitry used to read or write to them.[2] Hence, the error rates increase rapidly with rising altitude; for example, compared to the sea level, the rate of neutron flux is 3.5 times higher at 1.5 km and 300 times higher at 10–12 km (the cruising altitude of commercial airplanes)
How Cosmic Rays Cause Computer Downtime
Neutron intensity increases dramatically with altitude.

Sunday, November 19, 2017

PayPal Reminders

With the holiday season right upon us it seems time to share some PayPal reminders:

Am I the Last Person? - When you use PayPal on another site, it DOESN'T log you out.

PayPal Preapproved Payments - Many merchants send their request to PayPal asking for you to PREAPPROVE any payments to them that they want to make.

While these posts are from some time ago I confirmed today that they are still valid.

Sunday, November 12, 2017

Chip and PIN Cards

So do you have one of the new "Chip and PIN" cards? They are also known as "EMV" for Europay/MasterCard/Visa.

Instead of swiping you're supposed to "dip" them. Currently not all merchants have implemented the "dip" technology. There are fiscal liability implications related to that don't affect the consumer so I won't cover that here.

What I will try to explain is the part of the new EMV cards that is known as the Card Verification Method (CVM).

I have a USAA Visa card. In preparation for a trip to Ireland a couple of years ago I called USAA and asked for an EMV card which they supplied. When I received it I followed up with USAA and set a PIN for the chip.

I successfully used the USAA EMV card during my trip to Ireland. At most merchants I was asked to sign a receipt. This seemed to confuse most merchants but it never impacted the success of the transaction. No merchants' terminals challenged me for a PIN.

Subsequently US merchants have been replacing their credit card terminals with the new "dip" capable ones. These don't challenge me for a PIN and not always even for a signature.

This got more interesting recently at a self-service gas station in Quebec City, Canada.

The card reader on the pump was chip-enabled. It fussed at me in French for inserting and withdrawing my card like I would do in the US. Finally I understood enough French to leave the card in. Then it asked me how much to pre-authorize on the card. In the US this is just done silently. I wasn't ready to perform a quick calculation in a foreign currency so I just chose the largest amount 125$. Then it asked me for the PIN of the chip not the stripe. Thankfully I had activated a PIN on the chip in preparation for my trip to Ireland. It churned for a second and told me to remove the card and begin pumping.

That transaction got me interested in what the process was to determine whether an EMV card transaction will require a PIN or signature or nothing.

At a summary level, each EMV card has a prioritized list of verification methods (CVMs) that may vary with the value of the transaction. This list is processed by the terminal searching for a matching CVM from the card.

SpottersWiki has a database of EMV cards and associated CVM methods. When I searched it for my USAA Visa card it reported the CVM methods were:
1: Signature (paper)
2: Enciphered PIN verified online
3: Enciphered PIN verified by ICC (aka offline PIN)
4: Plaintext PIN verified by ICC (aka offline PIN)
5: No CVM required
There is another database here but it isn't being updated.

The kicker here is that gas pump in Quebec City obviously couldn't accept a signature as verification and therefore required a PIN. It is not clear to me that the chip PIN is necessarily the same as the magnetic stripe PIN. I suggest you contact your card issuer to make sure.

This process is due to be implemented in US gas pumps by October 2020.

A more in depth explanation is here.
Although EMV is often referred to as “Chip and PIN”, in fact EMV supports several different methods of verifying the identity of the cardholder, known as Cardholder Verification Methods (CVM). Every card contains a list of the CVM that it supports, and when they need to be applied (e.g. Use online PIN if the transaction is an ATM cash withdrawal, else use signature).
Whenever an EMV transaction is performed, the terminal’s EMV Level 2 Kernel processes the CVM list in order, until it finds a CVM that it supports and can process. In the event that no supported CVM is found or an error occurs during CVM processing (e.g. the PIN-Pad was malfunctioning), the EMV kernel will flag this in the Terminal Verification Results, which may cause the transaction to be declined or sent online for authorisation by the card issuer.
The CVM that EMV currently supports are Online PIN (required in certain countries for all transactions, and also for all ATM cash withdrawals), Offline PIN verified by the chip card (required in certain countries for all payment transactions), signature (for attended payment terminals in some countries), or a combination of both PIN and signature if additional verification is required.
Also, in some environments it is permissible to use no CVM for low-value transactions or for terminals that do not support any of the CVM on the cards.

Sunday, November 05, 2017

Windows Defender Doesn't Suck

While I realize that's a left-handed compliment there's some meat behind it.

I've mentioned Windows Defender a couple of times recently non-disparagingly. I still believe the best protection for your Windows system is discretion. Just don't go to stupid places.

However it still makes me feel better to have some kind of anti-virus tool lurking in the background just in case somebody tricks me.

The AV-TEST Institute runs a couple of anti-virus bake-offs each year. The most recent results are here.

Tom's Guide has a good summary of the AV-TEST comparison. I love their recap.
Microsoft’s [Windows Defender] Protection score was 5.5 out of 6. For a program that was bottom-of-the-barrel just last year - and comes free with Windows - that’s not bad at all.

Sunday, October 29, 2017

Controlled Folder Access

Windows 10 Fall Creators Update (aka 1709) was released October 17, 2017.
Windows 10 Fall Creators Update includes a number of new features, including a replacement for OneDrive Placeholders, support for Windows Mixed Reality, the ability to more seamlessly connect to Windows PCs from iOS and Android phones and an improved Photos app experience.
ZDNet
I've installed it on a couple of laptops with no issues. I haven't seen any problems with it nor really any new features.

Except...

Windows 1709 has a new Windows Defender capability called "Controlled Folder Access".
A below-the-radar security feature in the Windows 10 Fall Creators Update ... can stop ransomware and other file-scrambling nasties dead.
The controlled folder access mechanism within Windows Defender prevents suspicious applications from changing the contents of selected protected folders.
The Register
To turn it on, click on the Windows key and type "Windows Defender Security Center". Click it and then click on "Virus & threat protection".


Then click on "Virus & threat protection settings".


You're getting warm.

Under "Controlled folder access", slide it to "On" and click on "Protected folders".


You can also add programs to the whitelist.


Here are the folders protected by default:


Add any that Windows didn't choose.

The best write-up I've found is here.

Here's what it looks like in action: