Saturday, December 13, 2014

More Bell Canada Madness

As people know, I'm not Bell Canada's biggest fan.  If there's a right way and a wrong way to accomplish something, my opinion is Bell Canada normally takes the wrong way.

This past week, my elderly in-laws moved into their new home.  The day came for Bell to hook up their new phone line, and the technician left with the phone not working.  After a complaint was put in that the first guy had just one job to do and hadn't done it, a second technician came the next day to visit and he also left with the phone not working.  This repeats until we escalated complaints, got stuff in writing in emails (this was highly useful when the next technician failed to appear on the promised day) and eventually after hang-ups by incompetent operators and support staff, escalation and further escalation, we found a manager who called a technician and got him to drop everything on his list and deal with the matter immediately.

This is just to hook up a home phone.

Last night, my wife's iPhone 4 finally gave up and stopped charging.  After speaking to Bell, we find out that given it's age, she's eligible for a free replacement if she goes to a Bell store.  By "free replacement", what they meant was that it's not free as the store wanted $49.  Not a problem, the $49 will be paid.  Except the Bell Store doesn't take cash or a debit card, only a credit card.  The wife doesn't have that on her.

Now, when I say the store doesn't take cash or debit cards, what this really means is they do, because you can buy a phone case, or any other product and pay cash or debit, but not for the $49 for an iPhone.  The suggestion from Bell is to go to Shoppers Drug Mart and purchase a $50 preloaded credit card, come back and then all is well.

The icing on this idiotically bureaucratic cake is the laughable logic that the store staff member then tries to "inform" my wife with...  Apparently, this rule exists because if you pay by debit card, they won't get the money for three days.

I don't know why Bell would train their store staff to tell lies, but for anyone that doesn't understand how a debit card and a credit card works, here's a quick primer:

  • When you pay by credit card, first the issuing bank issues an authorisation on the spot.  Second, when the bank is ready to settle the payment (in this case, being a Saturday, we're looking at Monday night), the money that is forwarded to the merchant. So in Bell's case, they're getting the money three days later.
  • When you pay by debit card, first the issuing bank withdraws the money from your account on the spot.  Second, when the bank is ready to settle the payment (in this case, being a Saturday, we're looking at Monday night), that money is forwarded to the merchant. So in Bell's case, they're getting the money three days later.
Yes, if you're sharp eyed and have a brain, you'll have noticed it's actually the same delay regardless of what you used, and Bell Canada was being incredibly stupid by arbitrarily blocking one method and accepting another.

So what is the difference in payment methods?  

Quite simply that when you pay by debit, that settlement process comes straight out of your account, into a pool at the bank and then from there into the merchants, whereas with a credit card, that settlement comes out of the credit card issuers account and into the merchants, which then creates a debt on your behalf that you must repay when you get your credit card bill.

Now, if we were to be really picky about Bell's ridiculous red tape, we can accurately postulate that Bell Canada has actually enforced the worst possible payment rule out of the available options because we can challenge the items on the credit card statement easier than we can on a debit transaction or using cash. 

Obviously, my wife left the store without a working phone, so naturally Bell is now losing further money from having another phone not working on their network.


Saturday, November 22, 2014

Making Yogurt From Whey

Quite some time ago, I posted an entry on this blog about making homemade yogurt.  Given that we get through a lot of yogurt in our house, what with it being added to cooking or the twins having it for many of their desserts, it made sense for me to look into making our own.  It's now been a few years and obviously, I've had some ideas in my head that I wanted to try and experiment with.

The first was really simple:  Would microwaving the milk make any difference to the yogurt I make?  In short, the answer is it made no difference.  On the plus side, I didn't have to stir it to stop it burning the pan.  On the bad side, I had to put up with the noise of the microwave going for about 10 minutes.

The second idea was to see if the whey that I always strain off my yogurt could be used to create more yogurt?  More often than not, we just throw our whey down the sink.  We just don't use it that often, and this was something I want to change.  

I see whey as another one of those subjects where if you go back 100 years, everyone had common knowledge of what it is, where it comes from and what it's good for.  The problem, as I quickly found out is that just like straight razors where the knowledge died out in the general population since the introduction of disposable blades (most people wouldn't know a "strop" from a "fools pass"), the same can be said of whey since the invention of the refrigerator.

If you've never seen whey before, here is a pint glass filled with the stuff:

Whey
To bring you up to speed, this liquid is one of the major portions of milk.  You pretty much have three big things in milk:  Fat, Casein and Whey.  The fat is often removed out of milk for health reasons (skimmed, semi-skimmed, etc), leaving casein (the calcium, proteins, carbs and phosphorous) and then there's the whey.  

In the case of yogurt making, you can take none of it out (runny yogurt), some of it out (normal yogurt) or lots of it out (greek style yogurt), but then you have the problem of what to do with it next?

In Australia they call whey "Milk Permeate", and because whey has so much good stuff in it like probiotics (the good bacteria for your gut), vitamins and proteins, the Australians actually hold on to it, then add it back into the milk at certain times of the year to keep it consistent throughout the year.  This is known as "Milk Standardization".  Of course, a few companies were then accused of adding in too much, causing the watering down of milk.

Scams will always appear where food can be adulterated.  
The whole yogurt industry to me seems like a scam, too, that plays on the ignorance of the masses though, as you're about to see.  When I make my yogurt, it costs about 1/3rd the price of store yogurt, is fresher, and has no additives.

So, as you can probably guess by now, given I remove a lot of whey, I'd been wondering for some time if I could just add some whey from one of my previous yogurt batches to some milk and get yogurt from that too.  

It turned out that, yes, you can make yogurt from whey, as equally well as from the previous yogurt. For me this is good news as we sometimes accidentally eat all the yogurt and have to go and buy some Activia or similar brand to get things going again.

Now here's where I start to get a bit annoyed.  To make yogurt, you need to ferment milk with the lactobacilli (the milk bacteria we hear now as "probiotics" or "live cultures"), then it's all taken out (probably to stop people making more yogurt from it).  Then sometime in the past ten years, someone marketing person thought "hey, lets leave some bacteria in and charge a premium for it and create an ad campaign where you have to eat it for 7 days straight to see if your digestive system improves", and now we have yogurt that you can make more yogurt with again... except everyone has forgotten about that as the knowledge has died out.

So, how did I do it?  Simple:

  • Heat a litre of milk to 180F.
  • Let it cool it to 120F.
  • Pour in about 1/4 cup of whey from a previous yogurt batch.
  • Leave it somewhere warm for 10 hours for the cultures to multiply and chew through the lactose. (I just pop mine in the oven and leave it overnight with just the light on to keep things "warm").

That gives me about $4 of yogurt for about $1.25.

Now, going back to that "milk standardization" procedure... Have you ever wondered where the recent proliferation of "Yogurt Drinks" came from?  

As a refresher, I'm talking about this expensive stuff.  You may have noticed that this is also probiotic, and by now starting to be suspicious about how these types of drinks suddenly sprang up?  Well, you too can make them:  

Yogurt Drink = 1 Part Yogurt + 1 Part Whey.

That's it.  That's all they did - take that whey that previously was thrown out, and add it to normal yogurt (then, obviously charge a premium for it).  

The final point I want to make is about this "L. Casei Danone" trademark and advertising (they all do this, I'm just using Danone as an example).

L. Casei refers to "Lactobacilli" (so, lactose chewing bacteria) and the "Casei" refers to "Casein", which is the milk protein.   The interesting thing is the "DN-114001"...  this is the normal yogurt bacteria and is a marketing stunt like selling an empty bottle with "Breathable Gas Danone" (Air) in it.

Now you see why I just think the whole yogurt thing just plays on people's ignorance. 


Saturday, November 15, 2014

Industry Standards

As you might guess, I spend a lot of time looking at specifications and requirements.  A phrase I see very frequently in these is "industry standards" - usually attached to requirements in sentences like "We would like security to meet industry standards" or "this widget needs to behave according to whatever the industry standards are".

There's something that bothers me about this:  People often think that Industry Standards are a good thing or that Industry Standards mean high quality.  I think this is actually a bad thing, and here's why... When we think of industry names that we can set the quality bar by, we think of the likes of big banks, big retail names and so on.  For instance, Home Depot, JP Morgan Chase, Ebay, Yahoo!, Sony, Apple, Dun & Bradstreet, TK Maxx, etc.

The astute readers will realise that I've just rattled off a quick list of organisations that have all suffered major data breaches.  To see a truly terrifying list, have a look at something like this...

Is that what people aspire to when they say they want something to be following "industry standards"?  If anything, "industry standards" are a minimum level of effort that has been proven to likely to leave millions of people as victims of data breaches, privacy scandals or worse.

That's not a good thing to aspire to.

Monday, October 6, 2014

Personal Change

People have a habit of pigeon-holing others.  When you meet someone, they will quantify and classify you.  Sometimes it's good as you're pigeon-holed as:

  • A good person.
  • Fun
  • Intelligent
Other times, you may find yourself being pigeon-holed by others as:
  • Boring
  • Too loud
  • Unprofessional
This pigeon-holing is usually done very early on, and once a box has been put around you, it takes a lot of effort to get people to change their perception of it.  This then leads to a blurring that can be equally hard to shake - for instance if a good, reliable, person makes a monumental mistake once, people will forever think "He's a good guy, and usually reliable, but..."  Sometimes, however, new classifications override older ones to the point that people totally forget the previous classification.  This happened to me in my last job where having programmed Windows for 20 years, just 5 years of iOS programming got me pigeon-holed as "the Apple guy" and so 80% of my previous skills went unused.

Another problem with boxes is that some people, myself included, have a habit of learning new things and self improving. Unhappy with just remaining static, we accumulate new skills and new knowledge that goes equally unused.  Like all years in my life, in the past year I've added multiple new strings to my bow, including learning two musical instruments, improving my electronics knowledge, improving my knowledge of physics, banking processes, perfecting how to bake biscuits (the American kind, that is), cook rice properly, and taken on the new programming language, Swift.  Some of this is applicable to my work as a programmer - knowing how banks work, or knowing how electronics work, or a new language makes a programmer like me become more desirable.  

This means you end up being in the wrong box.  If the box remains unchanged despite these changes, then something is going to break to make you get into a more suitable box.

The two things that can break are:
  1. You stop learning new things and you stagnate because it's not applicable to your job, or your employer doesn't reward self-improvement.
  2. Your current employment stops and you find somewhere that will reward your new found skills.
When personal change means you no longer fit the box that you were comfortable being in, changes and decisions normally follow to correct this.  Being aware of the boxes you operate in and how you influence them is likely the most important thing you can be aware of about yourself.


Wednesday, September 10, 2014

Apple Watch Haters

It doesn't take a genius to work out now that there's a phenomenon where normal, rational, human beings suddenly lose their minds every September.  This is the month that Apple unveils it's new iPhone, but it's also the month when Apple's new products are unveiled to the public.

With these new iterations of phones or new products, we expect to see a cacophony of haters, naysayers and what have you, who prognosticate that Apple is failing to innovate if they don't release a new category product every other year, or that the latest iPhone is only an improvement on an old model instead of a completely new one, and there are those that outright say that a new device is just plain bad.

Even though we know that Apple has pretty much hit each record selling quarter with an even bigger quarter for the past few years, the Internet has a habit of keeping stuff around for long periods of time, so we can see examples of what I mean by these haters who contradict it...

The iPod (the iPod classic got killed off yesterday).
In 2007, the iPhone came out...  Just incase you've forgotten, this was the competition then...
Yes, the Motorola Razr2 was released in 2007, the same year that the first iPhone was released.  So, how was the iPhone with it's touch screen received?
"iPhone doesn't support 3G, it doesn't support multitasking, it doesn't support 3rd party apps, you cannot copy or paste text, you cannot attach arbitrary files to emails." 
Then there was Palm CEO Ed Colligan on Apple's iPhone:
“We’ve learned and struggled for a few years here figuring out how to make a decent phone,” he said. “PC guys are not going to just figure this out. They’re not going to just walk in.”
Or how about this all-out failure prognostication?


Next came the iPad...  We've all heard the "But it doesn't run Flash" argument, or the "It's just a big iPhone... but without the phone functionality" tirades.  Very quickly, though, the device was shifting a million units a month.  5 generations and 2 mini's later, it's still selling very well.  

However, it's very apparent when cheap copies of Apple's design is being ripped off - but then again, some people are happy with a lookalike product if it means they pay less.  Then when the bar is raised again by a new iPhone iOS version, instead of just installing the update so that your hardware lasts two or three years, you need to buy a whole new phone.


Yes, people don't want to upgrade their entire Android phone, but because of carriers and OS fragmentation, they usually have to.

So what about the new Apple Watch?   There are already a few watches in the market.  Let's take a look at them.  

First, there is the Pebble.
This is a low-cost watch that looks very 1990s in it's heritage.  You could easily imagine the name Casio stamped across the top.


Then there is the Samsung Galaxy Gear S watch.
This is an improvement on the Pebble, but it's largely just an iPhone UI shrunk onto the wrist.  You can change the colour of the strap to suit your style.


And there's the Sony one...
Sony have made watches for a long time, but they also went for the "shrunken" PDA kind of UI.  Again, you can change the strap colour.

Then Apple comes along with the Apple Watch.
This is a marked departure from the "PDA" interface.  The fact it has a crown (knob) too is a reminder that this is not a 1980s inspired "digital" design.  I won't go through the list of features as that's been done elsewhere, but I do want to turn to the naysayers.

Wearable tech is something I'm familiar with.  Go back to 2001 and I basically wore a "bat-belt" where I had my GPS, my phone, and my Palm PDA.  Now it's all in one device and there's still something else I wear - my fitbit.  However, some people still don't like the idea that people are already wearing Nike Fuelbands, Fitbits and other health related products.

So it begins with the watch.
All I know is that above the cacophony of naysayers, there will be a slew of developers such as myself who know that many people will buy this device, and it will likely sell lots of them.  Apple is rarely first into any market, be it computers, media players, phones or watches - but when it does go in, it generally raises the bar and disrupts things.

I'll put my money on the Apple Watch nailing it, not failing it.




Friday, September 5, 2014

Ontario Smart Meters and Security

Sometimes, I see something that doesn't seem right to me, and internally I begin questioning it or trying to work out if it's deliberately not right for some other reason.  In Ontario, our Smart Meters are one such item that perplexes me because for all the hay-making in the media about security, it's actually wide open.

In Ontario, places such as Ottawa and Toronto have this meter.

As meters go, it's pretty standard.  There's an ID plate, an LCD screen that gives you basic information, then there's an IR port on the right (it's the dot in the left hand part of that enclave on the right).  Internally, there's a transmitter that sends your home's data to a designated neighbouring smart meter that acts as a master and aggregates and sends on the data from it's neighbouring slave meters.

The government and other electricity bodies went to great pains to point out that this data is secure and the remote meter repository where the data goes is secure, and the transmission is secure, and ... well, you get the picture.  

But...

There's that little IR port on the front.  It's just spilling live data onto your driveway or beaming it your next door neighbours wall...

And that is a problem.

As with many attacks on your privacy, 9 out of 10 require little more than access to the hardware itself.  There's no reason someone can't slide an IR receiver (about $2) over the port, connect it to an Arduino Mini Pro ($13) and wire the input to output to a pen-laser ($5) and now for $20 they've extended your private data to across the street, where it's picked up by a solar cell and decoded.  Now, that neighbour knows when you come and go, your habits and other patterns, etc.

The simple solution is just stick some black electrical tape over the port.  A better solution is use a Blueline Powercost monitor on it - not only do you get informative information from it, but there's an added security angle in that you're blocking the port from prying eyes (and you get the added warning that it's being tampered with if you stop seeing data).

Now you understand this simple flaw in logic, go and have a chuckle as you look through this FAQ document from the IPC.

  

Thursday, September 4, 2014

CIBC Customer Communications Fails After Data Breaches

The news over recent years has become increasingly peppered with stories about large scale data breaches.  Notable examples include:

  • Adobe - 152,000,000 records.
  • EBay - 145,000,000 records.
  • Target - 70,000,000 records.
  • JCPenny/Dow Jones/JeyBlue/etc - 160,000 records.
  • Sony PSN - 77,000,000 records.
  • Heartland Payments - 130,000,000 records.
  • TJ / TK Maxx - 94,000,000 records.
  • AOL (2014) - 2,400,000 records.
  • AOL (2006) - 20,000,000 records.
  • AOL (2005) - 92,000,000 records.


As you can see, these aren't small numbers.  

The latest breach appeared this week and it points to Home Depot.  Now, Home Depot operates in Canada as well as the USA, Guam, Mexico and Puerto Rico, and much hay has been made over the issue in the media.  Home Depot themselves put out a statement on the matter, and many security experts are looking at the issue.


Neal O’Farrell, an identity theft and security analyst for credit monitoring site Credit Sesame recommends consumers use the breach as “an earthquake drill” and go through the “security routines you’ve been putting off.”...   

I had a quick think and knowing that I use the Home Depot regularly, I know there's a fair chance I could be caught up in this one if Canada is part of the breach.  Whilst I can look at my statements after a breach, I've no idea about one key aspect of my financial protection:  One way I may be protected is if they geo-fence transactions and can flag a transaction that's trying to go through outside of some safety area.

It turns out I'm not the only one thinking about this.  A Krebs report on the matter (source) even says this: 

The ZIP code data allows crooks who buy these cards to create counterfeit copies of the credit and debit cards, and use them to buy gift cards and high-priced merchandise from big box retail stores. This information is extremely valuable to the crooks who are purchasing the stolen cards, for one simple reason: Banks will often block in-store card transactions on purchases that occur outside of the legitimate cardholder’s geographic region (particularly in the wake of a major breach).

Thus, experienced crooks prefer to purchase cards that were stolen from stores near them, because they know that using the cards for fraudulent purchases in the same geographic area as the legitimate cardholder is less likely to trigger alerts about suspicious transactions — alerts that could render the stolen card data worthless for the thieves.

So, I did the sensible thing and asked my bank to clarify what, if anything, exists to protect me:


I thought this was a straight-forward question to ask a financial institution...  So, you can imagine the face-palm I did when I read the response pointing me to a T&C page that makes no mention of geographic protection radii.

Needless to say, I had to point out that they've not answered the question... Then I re-asked the same question, but using a different wording.




At this point, it should be pretty clear to the bank a) what I'm asking, and b) why I'm asking it.  So having not answered the question, it tries to obfuscate the issue.

Now, anyone that's followed my previous gripes with this bank will know what I think about their relaxed security policies, history of foul-ups and bad communication will know I was getting suspicious that such a number doesn't exist.

So, I changed the question to see if this reveals any security context, or if it generates blow-back:


The following answer came back...

This was the most telling response of all.

In a simple enquiry to the bank to understand how/if I'm protected on a geographical basis, the bank had first actively failed to answer the question, then tried to obfuscate the issue, then finally fell back to an "argument from ignorance" stance and tried to draw a line.

Last time that CIBC drew a line like this, the wager was made where I had to try and extract credit card information from CIBC using a labrador retriever's nose.

Now, "absence of evidence" does not imply "evidence of absence", but as a customer this is highly worrying when the "burden of proof" is on the bank and they can't explain it.

Conclusion:
To add to the litany of other security issues I know about, I don't think CIBC has me covered on this one either.  My guess is it's not geofenced and probably not even geocoded from an address of banks, shops, or ATM's, where cards are used.

I can test this pretty easily too.  Thankfully, this time it doesn't require a dog.