jump to navigation

Walk this Way… and tracking it! October 31, 2016

Posted by wastedspacer in Health, Technologies.
add a comment

silly-walk-monty-python-13514283-1280-8002

Following my ongoing attempts at a healthy lifestyle I  have used unreliable pedometers for some time. As part of our work health initiative, we were presented with a wrist-strap Fitbit a couple of years ago. After turning my wrist green I returned it for a refund and returned back to my older pocket-based tracking device. In my case the Withings Pulse which has been my tracker of choice for the past few years.

The Pulse has suffered a number of near losses including almost making the wash cycle several times, falling in the path of oncoming traffic and even dropping it somewhere at the Consumer Electronics Show where miraculously I was able to backtrack and find it! It certainly shows the ravages of being in my pocket mixed with keys, change and all manner of unmentionable items. The case is broken, the battery life degraded from 2 weeks to about 6 days, the paint worn and even the touch sensitivity has failed but it still faithfully records my steps. I was considering getting another Pulse but decided instead on the Fitbit One pocket/clip-on unit.

As my wife and friends all use Fitbit devices this was a logical solution since we can compare steps to “compete” in a way at least to encourage us to walk further distances. Given some comparisons to Fitbit walkers who always seem to get more steps in than I do over the same time, I have always wondered about the accuracy of the devices so I compared miles traveled with a Google map distance and the Withings Pulse over a 3 mile circuit and they tallied closely.

The speculation from my friend Laurence is that my gait is somewhat different so I actually use less steps to cover a given distance. Now I have the Fitbit One, I decided to test the theory. Both my Withings Pulse and Fitbit One were rattling around in the same pocket – the results are below – the Fitbit shows 4197 steps vs the Withings 3944 (about a 6% difference):

withingsvsfitbit

Fitbit One – Top, Withings Pulse – Bottom

Not a huge difference and in the grand scheme of friendly comparative step counts in the pursuit of health – totally irrelevant!

My iPod also does step counts, I might actually try another comparison …

…. to be continued.

 

Advertisements

Who’s Risk Is It Anyway? June 6, 2016

Posted by wastedspacer in IT Security, Notable Incidents, Risk, Social State, Spam, SPIM and other annoyances, Technologies.
Tags: , , , , , ,
add a comment

Nolan GouldHuman beings as a species are generally terrible at rationally assessing risk. This is particularly apparent when we consider basic everyday risks as well as common threats and risk from an IT security standpoint.

All thanks to the media, blogs, viral videos and security services the general public substantially overestimate the likelihood of spectacular, headline-worthy catastrophes.  At the same time completely ignoring many extreme dangers posed by common, everyday activities.

A prime example of this irrationality is a fear of flying. Fueled by news reports citing terrorism, bomb-threats, near misses as well as mysterious or even spectacular plane crashes. Other perceived threat vectors come from government agencies with a stated vested interest in keeping us safe (and of course themselves funded). Consequently, airport security screening services further amplify this level of latent terror for the misinformed traveler.

The end-result, we in the US put up with paying(as of 2015) another $7 Billion in taxes and even more added to the cost an airline ticket for the illusion of feeling safe. As the former FBI assistant director when asked about an effective method to fund anti-terrorism he put it thus: “Keep Fear Alive”. The FBI can’t even explain their success metrics around the perceived “war on terrorism”. The only real measurement we appear to fall back on is when the security fails! The only answer seems to be: we need to spend more!

Tragically, this appears to be a similar rhetoric that the terrorists themselves use to measure how effective their terrorism is on their intended target populations. The more perceived threats and the larger the anti-terror agencies become the more apparent they are as they broadcast the potential threats posed by future terrorism! Aside from the actual heinous terrorist attacks, the terrorist organization perhaps measures their success by how much additional chaos, media coverage, public inconvenience, fear and growth in anti-terror security services their actions are catalysts for.

Shocking airborne terrorist attacks such as 9/11 understandably leave the vast majority of our world population with a “never again” security-at-all-costs attitude.  Although the total number of people ever wounded or killed by terrorism on air travel is many orders of magnitude less than the number of victims by “ordinary” dangers driving to and from the airport.  Consider events such as having a blow-out or hitting a (deer, cow, dog, pothole) or being hit by (distracted driver, truck, road debris) when driving to the airport, all of these have serious or even lethal consequences to 1000s of travelers every year.

From a pure risk/value/mitigation assessment seems like an absurd disparity we could dramatically reduce the overall risk simply paying a little more money to fix potholes. Our collective thinking is habituated and skewed by sheer terror, amplified by sensational media coverage, augmented by continual terrorist rhetoric and supplemented by security agency threat alerts. As a result the perceived terror risks are far more salient and likely than reality. Consequently we are collectively convinced that it is worth standing up and funding entire government security agencies to combat the potential threats!

OLYMPUS DIGITAL CAMERA

Keeping “Little Jimmy” safe!

As a general rule most individuals underestimate the risks for which there is a perceived benefit to the individual. The intended achievement of a laudable goal (or simply what’s in it for me) often creates tunnel vision where many risks are ignored or at least not adequately considered in context. Consider first-time parents of a small child they need to start taking to kindergarten. They logically purchase a very large SUV, perhaps a Chevy Suburban so that “little Jimmy” can be safe. What they understandably fail to consider is the consequences when the brakes fail on the Suburban. A smaller vehicle would simply bounce off the curb, the airbags would deploy and perhaps some minor injuries. With the height and gross tonnage of the Suburban however, it bounces over the curb and through the wall into the classroom killing six of little Jimmy’s classmates!

car-into-maternity-bvm-school

At least “Little Jimmy” was safe!

A less contentious example is the inevitable project management by dashboard method where NOT delivering on-time and on-budget are the only perceived risks. This conversely leads to the introduction of greater or imaginary risks for activities that have no perceived upside. The perfect IT security solution is a prime example where the pinnacle of success can be measured by “nothing bad happened today”!

We tend to mostly ignore or underestimate the less controllable risks in IT security. For example consider how easily can anyone in our organization get phished, scammed or inadvertently disclose sensitive information? We have awareness training for that but how easily or accurately can it be measured?  A number of security solution providers have a large marketing budget supporting products they can sell you to manage areas, functions and individuals you already have a degree of control over. But what happens when the actual threat is the password that’s shared with a spouse then used and inadvertently disclosed outside the organization? How can their solution address that?

The bottom line is that assessing risk can only be a general guide and not absolute. Perhaps risk assessment is more akin to Heisenburg’s Uncertainty Principle. A thorough unbiased quantitative risk assessment can certainly give a bottom-line risk score but as soon as it is observed and the results consumed by you, me or anyone else, each score will probably be different.

 

Droning on again! December 26, 2015

Posted by wastedspacer in Everything Else, Global Industry, New Rules and Compliance, Political Issues, Rants, Technologies, The Fun Stuff.
Tags:
add a comment

ARDrone

I guess I could be classed as a drone early adopter of sorts with a trusty 4 year old Parrot AR Drone. I am somewhat dismayed that the FAA demands I now need to register it! It doesn’t weigh very much, nor fly very high nor even get out much but it does exceed the paltry 250 gram weight.
Being a responsible and law-abiding adult I decided I had better respond to the FAA drone-user nagging by visiting the FAA drone registration site and send them my $5 :
So what’s the big deal?    You first have to set up an ID which should be simple but of course there are unnaturally complex password requirements. You are informed that you cannot proceed with drone registration until your identity has been verified by a web link that has just been sent to you by email. Of course hour after hour go by with no incoming email from the system. You cannot log on again as your verification remains in a pending state, I send a help request to the supplied usahelp@faa.gov contact. Many more hours pass with no response or verification email!
Eventually (later the next day) I see the FAA mail has finally arrived. I click on the supplied link and I get a 404 “not found” error! I try again an hour later with the same result, I send another Email to usahelp but once again receive no response. Many hours later the site finally appears operational and I can register my drone. I was hoping to pay via something other than a credit card (Amazon, Paypal, BitCoin etc). Certainly of concern would be the need for trusting a historically porous government entity such as the FAA with my credit card information!! But given no alternative, I am forced to supply my credit card details (perhaps I should place a bet on how long before the FAA manages to leak their customer details?)!

DroneLALAFinally I receive a printable certificate to stick on my box and I can write my FAA registration on my Parrot drone! In fact if I buy another drone perhaps I don’t need to register that, simply use the same registration number hmmm? Well the chances of me flying more than one drone at a time is unlikely to say the least.

DroneLALA2
But why do I need to register this at all? Just how dangerous is my drone – or is it more about who is actually using the drone, the where and how?  Or is it just another media fueled paranoia piece of legislation latched onto by a government department keen to elevate its own sense of importance by adding yet more “care-bear” bureaucracy that comes with a whole department of taxpayer supported employees?

bigkite
If we are registering drones why don’t we register big kites? I see 7-10 ft wide kites being sold that come with 1000 to 3000 or more feet of line! They seem to be potentially more dangerous and can also be fitted with cameras. We don’t even register guns for heaven’s sake and don’t get me started on the dangers there.
On the positive side, it is only costing $5 for every 3 years and the $5 is being rebated (though I will believe it when I see the rebate appear in my statement).  I do get a “Certificate” which makes my little drone seem just that bit more “official” than it did.
On the concern side, yet another massive, notoriously porous, allegedly incompetent and insecure government department is being needlessly inflated. The FAA itself has become a juicier target with the millions of new drone-owner identities and credit card details for harvesting and exploitation by nefarious individuals 
Sorry for droning on!!!

Thanks Chase for our new Chip cards but what happened to the PIN? July 14, 2015

Posted by wastedspacer in IT Security, Rants, Technologies.
Tags: , , , ,
1 comment so far

What is the point of having a Chip card without a PIN?

In my opinion, the US credit card industry is bonkers and just squandered $33 Billion on upgrading everyone’s credit cards by adding a Chip but neglecting to add any kind of personalization step to create a PIN (too difficult they claim)!

A simple implementation and personalization step would have been to require the card’s FIRST USE in a chip reader to create a PIN and also require a positive ID from the merchant/bank and/or face capture at an ATM sent to the owner to confirm/decline within 48 hrs.

Instead the US card holder has a card that will still work for an unauthorized person even if it is lost, “borrowed” or stolen. The only minor improvement is to reduce fraud in the case of card-skimming or number + CSC theft.

What particularly galled me was the US banking industry citing how effective the fraud reduction had been in Europe as a principal driver for this change. But those fraud-reduction statistics are actually based on the use of Chip AND PIN not just a chip alone.

Another irritating claim by Chase is the suggestion that using a CHIP card in Europe “may” require the use of a PIN in which case you are out of luck so carry cash instead! In my experience in the UK, if you have a CHIP you MUST present the PIN so this daft credit card is no longer going to be usable over in the UK. We don’t even have an option to create a PIN if we wanted one, the default settings for these pieces of dumb plastic is OFF 😦

Here’s one of the less-than helpful pieces of documentation from Chase:

DumbChipImplementation

Seems I am not alone in the lambasting of this rather dumb and seemingly pointless waste of $33 BILLION!!

Source: Money – You’re about to get a new credit card … and it’s an epic failure

and Wal-Mart’s executive in charge of payments thinks the United States’ switch to chip-based credit cards is going to be a disappointment.

So far our experience with what just arrived in the mailbox is certainly looking that way! We are being given 60 days to comply, they changed the CSC and nudged out the expiration date so we will need to update all our auto-pay settings AGAIN. We only recently received new cards and had just completed that onerous exercise!

Perhaps its time to start a consumer security pressure group to force US Credit Card companies to implement the PIN, or at least provide a way for those of us who WANT a PIN can get one since that is an embedded part of the EMV design.

[SCAM baiting Central] Windows Service Center calling October 15, 2014

Posted by wastedspacer in IT Security, Rants, Spam, SPIM and other annoyances, Technologies.
Tags: , , , , , ,
add a comment

ScamAware34

The phone rang early this morning, a call reportedly from AIG-Corp (212) 458 7243. A man calling himself Dan with what sounded like a heavy Indian or Pakistani accent allegedly working for the Windows Service Center. Having received a number of these calls before my first thought was to simply hang up. Instead, since I still had my coffee to finish off, I started asking the questions starting with where they were calling from – it sounded like “Dulls Testes” – I said you mean “Dallas Texas”? He was calling to inform me that my Windows computer “was causing virus”. I knew what would be coming next so I ask for another telephone number in case we get “cut off” (214) 272 0277. About this time I hear the phone being snatched away then someone with a lot better English tried to explain about how my Windows system was reportedly attacking the internet and if I would allow them to connect to my PC they could remotely fix the problem (yeah right).

They want me to install a program called AMMYY (which is actually a free remote-control software for WIndows). I ask why Microsoft would want me to load a non-Microsoft program? I then ask for the IP address my machine is supposedly using, he doesn’t have that available and by now the caller is clearly getting irritated. I realize that since I was in fact using a Mac at that time I could follow along and this is not going to work, but feigning some denseness, I haven’t told him that yet. Eventually when I reveal I am using a Mac, the gig is up and he starts hurling numerous expletives, after I suggest he seek another profession or source of income and I hang up. After a little more research baiting the Windows Service Center scam folks is become something of a popular “sport” captured and reported such as this example on Youtube (you will notice dozens of similar recordings).

The Dallas number (214) 272 0277 is surprisingly listed under the Dallas BBB, I suspect it is may be an auto-populated reference. Though it does seem to have an actual postal address of 12800 Abrams Rd, Dallas, TX 75243-2104 (looks like a field on Google Street View)!

Microsoft has clearly stated they do not engage in calling customers with this type of “service” they even have a community notice regarding AMMYY:

As for the phone numbers – if you see these numbers below on your caller ID Beware! Searching them both on Google or Bing reveals numerous scam complaints going back over 4 years. The AIG-Corp CID is clearly (and illegally) spoofed!

(212) 458 7243 – AIG Corp

(214) 272 0277

Now here’s a thought, I get a lot of notifications from places like Nigeria offering me opportunities to make millions of dollars if I provide a name, address and phone number. Perhaps the Windows Service Center would like me to refer them to those opportunities *evil grin*

Adult neurogenesis – Article on developing individuality and more neurons via exploration August 7, 2013

Posted by wastedspacer in Technologies.
Tags: , , , , , ,
add a comment

Image

Fascinating study on the “value” of exploration when it comes to growing new brain cells!

Increased risk acceptance => more exploration => more neurons => more innovation => $Value$ ?

http://www.sciencedaily.com/releases/2013/05/130509142050.htm

Animals that explored the environment to a greater degree also grew more new neurons than animals that were more passive.

….. gotta keep the environment rich with plenty of opportunities out there and encouragement for our folks to go exploring 🙂

When viewed from educational and psychological perspectives, the results of our experiment suggest that an enriched environment fosters the development of individuality

 this actually flies in the face of a typical enterprise drive towards extreme compliance, common working platforms, enterprise acceptable templates and a limited set of identical tools while trying to move everyone into a “standard” working environment …. hmm are we actually killing brain cells with this strategy?

Just some thoughts to mull over as we plunge ever onward towards our enterprise perfectionist vision of location unity,  corporate sameness and homogeneity!

 

Serious Security Threat or Marketing Ploy? – WSJ “Night Dragon” February 10, 2011

Posted by wastedspacer in 1, Global Industry, IT Security, Notable Incidents, Political Issues, Rants, Spam, SPIM and other annoyances, Technologies.
1 comment so far

According to a report from the Wall Street Journal – on “Night Dragon” attacks:
Oil Firms Hit by Hackers From China, Report Says

How convenient for something like this to turn up the week before RSA! Seemed like an important headline and I suspect some additional news coverage could have been imminent given there was even a scrolling ticker about this on a couple of the local TV News channels this morning. Unfortunately for whoever thought this was a perfect time to disclose they got usurped by the Egypt breaking news alerts!

The McAfee PDF report is an interesting enough study however, there appears to be a number of shortcomings in the analysis, far too much circumstantial intelligence and many disclaimers of actual allegations. Furthermore “Night Dragon” is merely McAfee’s selected report moniker for their particular identification of a threat-bundle. Symantec, Microsoft, Trend, Sophos may select the same individual threats but call them different names and may not pull them together into a creative study such as McAfee sponsored. A couple of virus definitions are highlighted identifying known threats several months ago from May and August 2010.

I’m always skeptical when a security products company does a periodic security driven “the sky is falling” in-depth analysis. There may indeed be some bread crumbs of significance, my main concern is that it could just be another thinly disguised “wag the dog” company visibility increase exercise.

My more cynical side suggests that perhaps this is an effective security company marketing strategy that undertakes a “scientific” study around high-visibility targets, periodically wave a headline comprised of: (insert enemy state here) hackers attack (insert newsworthy Western iconic industry here) Gigabytes of data and trade secrets stolen. Then add some vague traffic analysis to show the volume, where it’s going and who’s allegedly controlling it, who knows, maybe some US bank or oil company outpost had been leveraged and was being unwittingly used as a Chinese/Ukrainian managed BitTorrent host for illegal videos? Or is it really corporate sensitive bidding information and active well log data? Without concrete proof in-stream or at the endpoint, any possible botnet C&C and network findings results would show pretty much the same data stream which could allow any security company to allege such a finding without actual proof.

We (or at least corporate executives as the target of this info when escalated to the lofty heights of a WSJ article) certainly appear to fall for it every time and then demand answers around what their internal security experts intend to do about it? Of course in the shadow of “cry wolf” warnings , once in a while there really are dire and present issues that require immediate remedial action so those security experts always have to remain vigilant but circumspect.

Perhaps if we (and apparently the WSJ) are really concerned about threats from “Chinese Hackers”, we should also address the oil industry “best-practice” of off-shoring to low-cost-geographies and perhaps consider that hiring an increasing number of our Western petroleum engineers and geologists from Chinese universities may pose a more insidious threat in the potential espionage space over the long term? We certainly should take security integrity and sustainability in mind when chasing the almighty short-term efficiency and cost savings fuelled drive to top ratings supporting the investors on Wall Street itself.

On a positive side, the WSJ article cited the attack vectors were typically via Microsoft vulnerabilities so companies that take an aggressive stance towards rapidly applying patches to help obviate threats. McAfee and Sophos share threat signatures so in this particular case where the detection was spearheaded by McAfee, at least, customers of these companies may enjoy a slightly better level of immediate protection and thus should benefit from any behind-the-scenes patching that McAfee had put in place to mitigate these threats. I just cant help wonder when Symantec, then Trend, then Kaspersky will see this approach as a “winning” strategy and start spinning their own versions perhaps “Soup Dragon” or “Nuts Dragon” analysis variations?

This seems like an ideal opportunity for security personnel to put in place better detection systems beyond IDS/IPS. Perhaps including honey-pots to at least be in a position to identify the liklihood of actual inside-the-perimeter threat activity. Furthermore, they will be able to consistently state whether they are being actively targeted over time and how frequently. Those metrics could be easily accumulated and used to not only track down current threats but also provide a current state report to executives when these kinds of issues are raised by the media.

In the meantime it’s ok to cry “wolf” (or depending on your security company’s naming convention: “loup”, “mac tíre”, “भेड़िया”, “الذئب”, “lupo”, “úlfur”), CVE goes a little way towards individual definitions but would help if anti-malware security companies got together and agreed upon a common name or at least resolution for a collection of threats from a suspected single source.

ATT U(seless)-Verse October 15, 2009

Posted by wastedspacer in 1, Business Directions, Rants, Technologies, Technology Drivers.
Tags: , , , ,
1 comment so far

Years of adverts, one mile from ATT’s HQ, in 2014 we have U-V Internet but no U-Verse TV in ATT’s own backyard!

Consider the hot summer of 2007 in San Ramon California where AT&T begin a riotous assault on our senses offering a wonderfully fast TV/Internet/Phone service dubbed U-Verse! Excited at the thought that at long last, the fiber channel was finally here and I could get a piece of it. We quite literally live on the doorstep of AT&Ts Northern Cal Headquarters which I can even see from my back-garden.

Ever since moving to San Ramon, I have been a loyal PacBell, er SBC… er AT&T customer thoughout the years and have been an early adopter for ISDN (Project Victoria) and then one of the first DSL subscribers.

Expecting that AT&T would again roll this out to their local community first may have been a little premature but I went to the web site, popped in our phone number and sadly receive the message:

We’re sorry. Currently, AT&T U-verse service isn’t available for the address associated with this phone number:

*sigh* but I dutifully sign up to be informed as soon as U-Verse is available, the general sentiment from the advertizing was that it should be within months so I believe I can wait. I hear reports from new housing developments and other cities that are happily getting their U-Verse but still not the loyal AT&T customers in their back yard.

I am under a constant barrage of eMail asking me to sign up for U-Verse all the way through to the summer of 2008. AT&T continues to pump out millions of dollars to advertize in magazines, on the radio and TV waving the flags of U-Verse successes all over the place, but not in our neck of the woods 😦 Again, I am constantly invited to check to see if we can have access.

We’re sorry. Currently, AT&T U-verse service isn’t available for the address associated with this phone number:

Another year goes by with the constant battering of advertisements from AT&T amid the tortoise and other ATT denigration “Slowski” campaigns from their chief rival – Comcast. Again and again I check my telephone number and sign up for “tell me when U-Verse” notifications. I constantly hear of freinds and colleagues that are getting their U-Verse connections all over California (even remote parts). Still no sign of U-Verse again in our part of San Ramon 😦

Finally, well over another year later, I am hearing more pitches and received yet another series of Email requests to sign up for U-Verse. Once again that disappointing phrase comes up:

We’re sorry. Currently, AT&T U-verse service isn’t available for the address associated with this phone number:

I have no idea why AT&T can’t either get its act together and deliver its promise -or- tell its back-yard neighbor customers what technologies, process (or politics) of the local town infrastructure has been blocking our ability to recieve this service? It just seems that if a company wants to be commercially successful the LAST thing they should be doing is shouting availability from the rooftops where there seems to be no capability to deliver it to much of the audience!

One of these days, AT&T might eventually wander up the hill and connect us or maybe we’ll see the Verizon guy with the glasses appear instead?

Ah well, should I again don the pink glass spectacles and chant: “all I want for Christmas is High Speed Internet (That doesn’t involve Comcast)”!

*** Update Feb 2010 ***
STILL NO U-VERSE GOOGLE – Please connect San Ramon to your Fiber link and sock it to ATT 🙂

**** News Flash March 2010 ***
I was informed by a workmate that ATT Is cutting up roads and digging huge long trenches only a few miles away in Dublin. Wow – could this finally be some high-speed fiber closing in?

NOT A CHANCE *sigh* After my colleague asked the works foreman if that was fiber being pulled the answer was NO JUST REPLACING THE COPPER – AAAAGGGHHH!! ATT what is wrong with you, if you are digging up roads why oh why are you NOT putting in fiber for goodness sake??? Is it as simple as you ordered a load of copper ten years ago and have to bury it somewhere??

*** Fast Forward –  May 2014 ***

Now I have both Comcast/Xfinity (Cable) + a worthless cable-box bypassing the most excellent tuner in my TV AND AT&T/DSL internet connections in the house and they are equally disfunctional, outrageously wasteful customer-disenfranchising organizations. We did briefly sign up with Direct-TV (with a view of displacing Comcast TV) but alas the only workable but enlarged (due to low-azimuth/weak signal) dish placement was right over our backyard deck and seating area. The cancellation process was a breeze, I have to say that the Direct-TV marketing and service personnel were exceptional however I fear that will be severely diluted when mashed up with the AT&T marketing machine 😦

Unbelievably 5 years on, ATT continues the onslaught of marketing, endless telemarketing sales calls, $4 Million spots at the Superbowl, fliers. Reportedly the annual marketing budget for AT&T  is $2.36 BILLION (albeit slightly less than Comcast’s). Add to that the massive many $BILLIONS war-chest of cash used to buy Direct-TV matching Comcast’s insatiable appetite to buy the competition. Customers should ask (of both companies) after all this what is left  of their subscription to actually provide some form of value added service?

At least we can now get ATT U-Verse Internet (I don’t want/need voice)  but no TV (though I can’t wait to start getting the ATT/Direct TV marketing crud – yeah right!)  but I can still see the ATT regional HQ from my back yard. I understand a number of the employees there are being laid off or shifted to Texas? Perhaps that HQ has a questionable future.

(Twitter: MPWA)