Monday, July 21, 2014

I just tried to give Microsoft more money.

As regular readers of my blog or people that know me well will know, I sit in both the Microsoft camp and the Apple camp.  

  • I program in both .Net and Objective-C (and lately, Swift too). 
  • I have an iPhone and a Windows Phone.
  • I have a Mac and a PC.
  • My Mac has Windows on it too.
  • I have an iPad and a Surface RT.
I like to think that I'm fair and knowledgeable about both sides of the camp.  I really like the effort both teams are putting into technology.  I also really like the ease of use for the cloud offerings.  Aaand I'm also getting really tired of Microsoft's inability to deal with me as a consumer in a reliable way.  (We've been here before - see here)  

As a programmer, things are great.  You set things up in Windows Azure and things just work...  

"You want Visual Studio 2013 Pro? No problem, we'll just tack on the subscription to your Azure account." - and shazam - you got a valid copy of it up and running.

 As a consumer, I have to fight tooth and nail...  
"You want Windows 8 to run under Parallels?  Sorry, we don't sell Windows for Mac"...
... and when you do finally get it...
"OK, we'll sell you the full copy of Windows, but you can only download an install stub that runs under Windows, which we understand you don't have yet".
...or even this...
"You can't order a Windows Kinect device to be picked up and paid for at the store".

So this week, it was time to update my Surface RT.  I've had a good time with the device, and it has served me well, but I can't run on old tech forever - especially in my line of work.

First I took a trip to Toronto's Eaton Centre, where Microsoft has a retail space.  I spoke to the people there who told me if I bring in the old device, I was eligible to get about $200 for the old device to put towards the new one.  This sounded reasonable.  Over the weekend, I had to go to Toronto's Yorkdale Shopping Centre, and Microsoft has a big store there, so I brought along my decommissioned Surface RT.

I knew something was going wrong the moment I walked through the door and said "Hi! I'd like to trade in my Surface RT and upgrade to a Surface Pro 3".  The assistant looked at me for about three seconds and replied that there is no program that uses old devices as part of the purchasing process for new devices.  

Rather than get into a long-winded argument, I pointed out what the other Microsoft store had said and then asked him if they had lied to me?  He said he'd go speak to his manager (a tall blonde guy that was parading around with his arms in a "Y" shape as he'd just scored a goal on the XBox One soccer game).  A few minutes later, he came back and said that yes, there was actually a program for this - and promptly delivered me to the back desk.

At the back desk, I was told there was three options to choose from (Cheap, middle & expensive).  I opted for the cheapest one.  The guy went out the back of the store for five minutes and came back saying the option I'd chosen wasn't in stock - and really there was only two options.  So, I chose the cheapest of the two (the middle one).  He disappeared again to confirm they had that one.

Next came the trading in of the old device.  I was looking forward to my $200 credit being put on a device that was now already more expensive than I'd planned, so you can imagine my disappointment when the new valuation came in at $92.  I'm not kidding.

I left the Microsoft Store with the more-expensive-than-planned device, minus $100 worth of planned discounts, and just as peeved as I always do when I have to do something with Microsoft that involves me being a customer.

Having said that, the device is as nice as I'd expected it to be... It's just a shame that every time I look at the device, I'm miffed by the memory of the purchase experience (again!).  

Wednesday, July 16, 2014

Review: A Year With The Fitbit Flex

Over a year ago, I started wearing a fitbit flex.  I said on twitter that at some point I'd write a review on it, and now I've had sufficient time with it, here goes.

What is it?  
This is a fitness tracker/pedometer that encompasses a battery, accelerometer, LED display and bluetooth antenna in a wristband and looks like this:

The Fitbit Flex

How good is it?
Depending on what you want to get out of it, it's going to be either a hit or a miss.  When I bought mine, I bought an identical one for my significant other. If she recharged her device twice that may be overstating it. Why? Simply that wearing it doesn't make you slimmer, faster, fitter - it tracks the work you still need to do yourself - and for most people that's still not fun.

Personally, I'm a partial practitioner of the Quantified Self movement - whilst I'm not "all in", I can't help being driven by data about myself and my own habits.  That alone makes this device a hit for me, whether I opted to be a couch-potato or an athlete. 

For Example:
Me: "Oh, that's interesting:  I just learned that if I sit on the couch all day and watch movies, I still get in 500 steps a day."

Next day... 
Me: "Oh, that's interesting:  I just learned that if I track a normal working day, I get in 9,000 steps a day."

Yes, this was going to be a hit for me as long as I can understand the data.  For someone like my partner, it was not likely to be as enthusiastically received.

What does it record?
This has two modes; During daytime mode, it's tracking steps (so it's a pedometer). During nighttime mode, it tracks the duration of your sleep and how restless you are.  The sleep-tracking part was a big factor for me as I wanted to find out why I was so tired in the mornings. 

The data is then uploaded to an app that runs on your smartphone or tablet.  Personally, I run it on my iPad.  I then enter manual weight information from my scales to the same app, this then allows the app to calculate your calories expended throughout the day.  Combined with a food log (also in the app), you can work out if you're eating too little or too much.  The app is then tied as a feed provider to my account and everything is dashboard-presented there alongside my runkeeper data and other apps.

There's two flaws with the fitbit flex:
  • The rubber they use for the band splits. The flex comes with a large and a small bracelet band. Only the large one fit me - and it split in four places.  Luckily, I had a spare band (see unused purchase at top of article) to fall back on.  The band scuffs and scratches easily too.
  • There was a period where it stopped syncing.  Support to get this working again wasn't exactly good.  A hard reset (put it in the charger and drive a paperclip into a hole) in addition to an app update seemed to fix all of these issues, but for the month of problems I had to endure waiting for a fix still nags in my mind.
Battery life is good.  It generally runs for about 9 days - and I recharge it every weekend, so it never runs out.  You get a warning via iOS notification when the batteries are getting low if you sync every day, however, if you skip a day of sync'ing and the battery is low, it does have a habit of just dying on you.  After a year though, it does not show any sign of capacity shrinkage.

Switching Modes
Switching modes is done by repeatedly tapping on it a few times for about a second.  It's actually fairly sensitive - and this means it often goes into night mode when doing things like pushing a supermarket trolley over 12 inch ceramic tiles.  (The "ka-chunk ka-chunk ka-chunk" of the wheels will send vibrations through the handle into your wrist and put the device into sleep mode).  

A handy feature is the alarm - you can set it to buzz in the morning at a set time and it'll quietly wake you up, without disturbing others.  The only gripe have with it is I can sleep through it some times as it doesn't vibrate very long. 

All in all, it does what it's supposed to do, and it does it well.  The $99 price tag is a little steep for some, especially if you find out you don't like it.  The wrist band could do with some updating to a more durable material because it didn't last as long as I'd expect (being someone with a desk job, I'd expect more than 9 months out of it).  The fact the data is open to services like tictrac is a big bonus, and the battery life is quite amazing.  

In short, I don't regret buying it.

Tuesday, July 15, 2014

How to resync Toronto Hydro's PeakSaver Plus Meter

I hit a problem last night which I've never experienced before and the manuals were not entirely accurate, where the PeakSaver Plus Meter stopped talking to the transmitter.  No matter what I tried for about half an hour, nothing would get the two devices to pair-up and start talking again.  I even looked up the manual at Toronto Hydro, which stated this:

Naturally, I followed the instructions, but was confused because if I "press PROG/SYNC unil [sic] you hear two beeps to put the Display Unit in ID mode", it would only give me a single beep and put the unit into programming mode.

After about ten minutes of trying to work out if this only happens when you first fire up the unit (so I hard reset it, took out batteries, reset the transmitter, etc), it then dawned on me what they really want you to do:

  • Press the PROG/SYNC for about a second or so, and you'll hear a single beep.  You're now in programming mode.
  • Press and hold the PROG/SYNC button for another 5 seconds in programming mode and you'll go into ID mode.
Now you can hit "reset" on the transmitter outside and things will beep on the device and transmitter - and after a minute or so, things will start to work as normal again.

Hopefully this bit of clarity will save someone else from wasting time like I did.

Monday, June 9, 2014

CIBC Security vs A Labrador Dog

Anyone that follows me will know that I have some long running gripes with one of my banks, CIBC.  Normally, I'm just complaining about run-of-the-mill stuff at CIBC, like bad customer service, the odd occasion of lying software, or people at the bank doing stuff they shouldn't with my records (that spawned an investigation, so details are not being made public).  All of that stuff, though, pales in comparison to security.  

I take my security rather seriously.  Given how low the customer/bank trust has fallen in this relationship, we do things like give the bank a unique email address on file, and this serves as a basic breach warning if I get an email from a company other than the bank.  

I also raise security issues with the bank like this one recently when their security policies meant that they failed to proactively block their domains from credentials sharing sites (in comparison, my other bank ScotiaBank had proactively sought this out and blocked it).

May 23 2014's Twitter DM to CIBC to raise the alarm.

Now, to bring in the dog in the title...

Back in April, I asked CIBC about a security hole in their Credit Card IVR system.  In short, the hole looks like this:
  • The bank's computer calls your number.  
  • You're asked to press 1 for English.
  • You're asked to press 1 if you are the person they want to talk to.
  • The computer relays sensitive balance information over the phone.
It doesn't take a genius to spot that CIBC has no idea if you are the nanny, the cleaner, or just the thief that took possession of your handbag five minutes earlier from just pressing the "one" key - either way, the bank just blindly spills out information without verifying who it's talking to.

Here's the conversation thread on Twitter with CIBC where this was first raised...

Twitter Conversation With CIBC

As you can see, the people at CIBC dropped the conversation there and then... 

However, I did speak with someone who works as a consultant at a rival bank about this over beers, so the issue didn't go away just because the bank wasn't taking things seriously.

A challenge was then laid down to see if we can train a dog to press the "1" key on a telephone every time it hears "Press One" on the speakerphone.  If we can train a dog to do that, we can prove the current security measure can be breached at the bank.

Before I started training a dog to do this, a seed of doubt had been sown in my mind by "EH" above...  What if my memory was incorrect and it had asked for a password, or some other code and I'd just entered it without thinking?  We would have to wait until CIBC's computer called again to double-check this...

Tonight, it called.  It didn't ask for anything, and the above script of pressing the "one" key twice will get the details spilled, just as I thought.

This mean's it's game on... the challenge has been accepted and I will now attempt to train a labrador dog to show it can circumvent CIBC's security.

Friday, May 30, 2014

A Forensic Hole In Ontario

I have a habit of noticing things, and then questioning what I just saw.  This then generally leads me on a series of questions as I dig deeper into “why” something happened, and why that thing happened, and the cause of the thing that made the thing happen that caused the thing I noticed.

One such area where this happens is electricity.  

As a kid, I used to notice the lights dim briefly every evening on weekdays at about the same time each day.  This turned out to be a result of grid switching some 40 miles away from me.  The reason for the switching was to bring on extra power to cope with the evening demand as people came home and cooked and switched on the television for the night.  As an adult, I still notice things like this - though these days, it’s a little more complicated as to what’s going on because now I live in Toronto, where we have many more factors to consider, but I still notice when the electricity supply changes.  What many people don’t know is that in addition to these big changes that are easily perceptible by dimming lights, or a drop in the tone of the noise from your furnace fan or hairdryer, there’s smaller changes happening.  

Without going into the specifics of generation and transmission mechanics, the grid has small changes happening all the time and it affects everything from the brightness of your lights, to the hum of your air conditioning.  This changing hum is known as the Electric Network Frequency.  

The amazing thing about it is it’s a unique pattern - if you record the frequency at regular intervals on the power grid, you can then match it to the hum found on audio tracks in a video or the brightness of lighting and determine what time that video was filmed.  This is called Electrical Network Frequency (ENF) analysis.  In some countries, it is now being regularly used to determine the time that crimes happened.  

A while ago, the question that crossed my mind was “who in Ontario records this frequency to help criminal investigations in here?”.   I asked everyone from the generator to the distributor to the regulator, and nobody claims to keep a record of the frequency.

If that’s true, then that’s a shame.  From a forensic standpoint, this is a really good tool that have, and Ontario at least doesn’t have access to it.

Wednesday, May 28, 2014

We've got the wrong weather... again.

Regular readers know I follow the weather, and I do a little more than the average person, and I even have a copy of the bulk of the country's weather history, so I can pull out answers to questions.

Today however, I just had a thought:  The usual "W" pattern for the air pressure in Toronto at 10pm might be different for this month as we just had a bank holiday.  I quickly ran the numbers off manually from Environment Canada and highlighted the bank holiday in green.    

Sure enough, the value for Monday was similar to the Sunday and Saturday, lending more weight to my thoughts that this is a manmade problem.  I checked the week before's data and that looked approximately how I'd expect it to look, though a bit week...  So, I just went back another week - and it appears that three weeks ago, the Tuesday appears out of whack...

This isn't a very scientific set of data, but it appears that the month of May this year has the wrong weather.

As a refresher, this is what the right weather should look like:

I think that what I need to do in the coming days is update my personal copy of the weather history and recrunch the more recent numbers on a bigger data set, to see if we can determine if this is part of a bigger trend, or just an anomaly for the month as I have seen this before.  The question is "when did I see this?"...

The Internet Of Things is Driven By Insurance

The basic business model of the Internet so far has centred around advertising.  You give up some of your privacy and your demographic information is sold to fund the service you use for free.  

The Internet of Things (IoT) is a new emerging part of the Internet that we’ve seen coming for a long time, but it’ now starting to really take off.  Have you wondered what it’s business model is?


  • The self driving car or car with an internet tracking system is less likely to have accidents or be driven erratically, so your car insurance company is happy to listen to data of what it’s doing.
  • The internet enabled fridge will make your health insurance company happy to hear that you keep running out of vegetables, and less happy about that full-fat mayo that you keep getting through.  
  • The same health insurance company will likely reward you soon for fuelband/fitbit data.  Participation in exercise and healthy lifestyles is tough to monitor but easy with a fitness band or similar equipment. 
  • The home alarm system, yep, that will tie your coming and going habits to the home insurance, too.

The next big battle is going to be over those who compete for discounts in insurance, and those who get penalized with higher premiums because they fail to conform to what the insurance companies want you to do.  Just think about that for a moment…  This isn’t about loss compensation, this is about loss control.  If you manipulate people into doing safer things, you control your potential losses.

Now, before you think it’s all doom and gloom here, there is a flip side to this coin:  
With automation and monitoring comes the elimination of some risks.  

The point of sensors in things is to detect the condition of things.  If you can now reliably eliminate bad things before they happen, there’s no point in insuring for the bad thing happening.  This means insurance companies are going to have to look for new risks to charge you for and profit from.

This is going to be very interesting to see how it plays out.  I have a feeling, though, that it’s not going to be a smooth ride.