Sunday, November 26, 2017

Neutrons

Every now and then my propeller beanie comes out.


Here I go again.

Last year during the week between Christmas and New Years, I had my annual lunch with two of my geekiest friends.

That was a time to be remembered.

I've already discussed one of the topics we covered.

One of the lunch mates is a long time employee of a global logistics firm that has multiple data centers, one at a high altitude, i.e. more than a mile high.

Somehow he got off onto failure rates related to altitude. He attributed these failures to neutrons.

I kid you not.

He had noticed that some equipment seemed to fail more often at the mile high data center. The vendors of the failing equipment didn't buy the idea of neutron density at altitude causing the failures.

The logistics company did a tightly controlled experiment at Memphis and at the mile high data center.

The results were convincing. Certain equipment from certain vendors failed way more often at the mile high data center.

While you may say "That doesn't apply to me. My data center is not a mile high."

Don't speak too fast.

When I worked for this global logistics firm we used to say that the problems we were encountering were going to be everybody else's problem in 5 years.

The same goes with neutrons.

Here's why: Ice Lake.

Read this from AnandTech.

A 10nm processor is coming your way and soon.

I won't miss this year's lunch for anything.

Here's a reading list on neutrons.

Cosmic rays creating energetic neutrons and protons

Cisco Blamed A Router Bug On 'Cosmic Radiation'
We did send a system to a POP in Denver (altitude 5000+ ft) and saw on this system a statistically significant increase in recoverable memory ECC errors.
When the affected board was returned to San Jose and retested (basically sea level) the errors could not be reproduced.
So we returned the hardware back to the Denver POP, and the recoverable ECC errors returned. No amount of swapping memory DIMMs (various vendors) made a difference.
Problem background
...research has shown that the majority of one-off soft errors in DRAM chips occur as a result of background radiation, chiefly neutrons from cosmic ray secondaries, which may change the contents of one or more memory cells or interfere with the circuitry used to read or write to them.[2] Hence, the error rates increase rapidly with rising altitude; for example, compared to the sea level, the rate of neutron flux is 3.5 times higher at 1.5 km and 300 times higher at 10–12 km (the cruising altitude of commercial airplanes)
How Cosmic Rays Cause Computer Downtime
Neutron intensity increases dramatically with altitude.

Sunday, November 19, 2017

PayPal Reminders

With the holiday season right upon us it seems time to share some PayPal reminders:

Am I the Last Person? - When you use PayPal on another site, it DOESN'T log you out.

PayPal Preapproved Payments - Many merchants send their request to PayPal asking for you to PREAPPROVE any payments to them that they want to make.

While these posts are from some time ago I confirmed today that they are still valid.

Sunday, November 12, 2017

Chip and PIN Cards

So do you have one of the new "Chip and PIN" cards? They are also known as "EMV" for Europay/MasterCard/Visa.

Instead of swiping you're supposed to "dip" them. Currently not all merchants have implemented the "dip" technology. There are fiscal liability implications related to that don't affect the consumer so I won't cover that here.

What I will try to explain is the part of the new EMV cards that is known as the Card Verification Method (CVM).

I have a USAA Visa card. In preparation for a trip to Ireland a couple of years ago I called USAA and asked for an EMV card which they supplied. When I received it I followed up with USAA and set a PIN for the chip.

I successfully used the USAA EMV card during my trip to Ireland. At most merchants I was asked to sign a receipt. This seemed to confuse most merchants but it never impacted the success of the transaction. No merchants' terminals challenged me for a PIN.

Subsequently US merchants have been replacing their credit card terminals with the new "dip" capable ones. These don't challenge me for a PIN and not always even for a signature.

This got more interesting recently at a self-service gas station in Quebec City, Canada.

The card reader on the pump was chip-enabled. It fussed at me in French for inserting and withdrawing my card like I would do in the US. Finally I understood enough French to leave the card in. Then it asked me how much to pre-authorize on the card. In the US this is just done silently. I wasn't ready to perform a quick calculation in a foreign currency so I just chose the largest amount 125$. Then it asked me for the PIN of the chip not the stripe. Thankfully I had activated a PIN on the chip in preparation for my trip to Ireland. It churned for a second and told me to remove the card and begin pumping.

That transaction got me interested in what the process was to determine whether an EMV card transaction will require a PIN or signature or nothing.

At a summary level, each EMV card has a prioritized list of verification methods (CVMs) that may vary with the value of the transaction. This list is processed by the terminal searching for a matching CVM from the card.

SpottersWiki has a database of EMV cards and associated CVM methods. When I searched it for my USAA Visa card it reported the CVM methods were:
1: Signature (paper)
2: Enciphered PIN verified online
3: Enciphered PIN verified by ICC (aka offline PIN)
4: Plaintext PIN verified by ICC (aka offline PIN)
5: No CVM required
There is another database here but it isn't being updated.

The kicker here is that gas pump in Quebec City obviously couldn't accept a signature as verification and therefore required a PIN. It is not clear to me that the chip PIN is necessarily the same as the magnetic stripe PIN. I suggest you contact your card issuer to make sure.

This process is due to be implemented in US gas pumps by October 2020.

A more in depth explanation is here.
Although EMV is often referred to as “Chip and PIN”, in fact EMV supports several different methods of verifying the identity of the cardholder, known as Cardholder Verification Methods (CVM). Every card contains a list of the CVM that it supports, and when they need to be applied (e.g. Use online PIN if the transaction is an ATM cash withdrawal, else use signature).
Whenever an EMV transaction is performed, the terminal’s EMV Level 2 Kernel processes the CVM list in order, until it finds a CVM that it supports and can process. In the event that no supported CVM is found or an error occurs during CVM processing (e.g. the PIN-Pad was malfunctioning), the EMV kernel will flag this in the Terminal Verification Results, which may cause the transaction to be declined or sent online for authorisation by the card issuer.
The CVM that EMV currently supports are Online PIN (required in certain countries for all transactions, and also for all ATM cash withdrawals), Offline PIN verified by the chip card (required in certain countries for all payment transactions), signature (for attended payment terminals in some countries), or a combination of both PIN and signature if additional verification is required.
Also, in some environments it is permissible to use no CVM for low-value transactions or for terminals that do not support any of the CVM on the cards.

Sunday, November 05, 2017

Windows Defender Doesn't Suck

While I realize that's a left-handed compliment there's some meat behind it.

I've mentioned Windows Defender a couple of times recently non-disparagingly. I still believe the best protection for your Windows system is discretion. Just don't go to stupid places.

However it still makes me feel better to have some kind of anti-virus tool lurking in the background just in case somebody tricks me.

The AV-TEST Institute runs a couple of anti-virus bake-offs each year. The most recent results are here.

Tom's Guide has a good summary of the AV-TEST comparison. I love their recap.
Microsoft’s [Windows Defender] Protection score was 5.5 out of 6. For a program that was bottom-of-the-barrel just last year - and comes free with Windows - that’s not bad at all.