Friday, September 16, 2016

The iPhone 7 - An observation

Par for the course, Apple has released its annual device update, the iPhone 7.  There are/will be the fanboys that lined up or reserved the latest thing from Apple - and the detractors.   

I may be viewed as the latter.   I've never owned an iDevice.  I've had phones, mp3 players, laptops, and tablet PC's before Apple put an "i" in front of them and gave them a steep price tag.  Personally, I've found features or customization elsewhere that was more suited to my tastes, needs, preference and budget.   However I respect other folks choice in choosing.  I realize that for some, the safe-space of Apple's proprietary environment is perfect for some folks.  I know that Apple, Samsung, LG, HTC and others all make good, reliable products that people will enjoy.   (For those laughing about my mention of Samsung and the issues with the Note 7; all these companies have had some PR nightmares)

My observation on the iPhone 7 is on their recent structural change.  Much like everyone else: there are improvements to screen, battery, processor, etc.   It still comes in in the stock configurations, etc.   The intriguing thing that their spin doctors are working over is their decision to omit the 3.5mm jack.

In layman's terms, the 3.5mm jack is the headphone (or mini) jack most devices have.  Apple's spin on this is that the port is obsolete, and that it is a push toward wireless.  They give the courtesy of providing a (proprietary) lightning to mini adapter in with the iPhone 7 to allow users to use their headphones through the device's one port.

I've read some critiques on this.  I've also read the critiques of the critiques.    I understand the notion of freeing up a little internal real estate inside the devices, but overall I'm left to scratch my head at the decision making.  A few observations:

  • You cannot simultaneously charge the device and use standard headphones/earpieces. I'm sure aftermarket folks will create some sort of splitter, or maybe Apple will re-think it like their antenna gaffe.
  • Regarding the first point, as Apple has yet to implement wireless charging, this doubles down on the lightning port's usage
  • Adding an additional connector (lightning to mini) creates an added point of signal/quality loss.   Whether or not one is an audiophile, this is just physics at play.  
  • This creates an additional potential point of failure. A standard device has the jack, plug, cord and speakers as potential fault points.   This adds another jack, plug and cable to the mix.
  • This increases replacement cost.   One adapter may be included.  However, with loss, or breakage, the $9 (direct from Apple) tag adds on to the cost of replacement headphones
  • Regarding the "push" toward wireless; this puts an additional purchase on the end user, with the Apple wireless buds tacking on $160 more.   
  • Wireless opens up some issues with regard to signal loss and congestion.  
  • Wireless also opens up some security issues
I understand that the number of audiophiles is fairly low, though some folks will probably even still claim "quality differences".   Most users will be starting with "lossy" media files anyway (mp3, AAC, etc), or streaming sources. 

I have a harder time with the inability to multitask the Lightning port.   This may be more or less of an inconvenience for different people.  

I see the liabilities and limitations of wireless as being significant and unaddressed.   Apple has created what is seen to be a "safe space" for users.   There is the incorrect assumption that the devices are immune to viruses.   There is also the social engineering (some mistakenly refer to as "hacking") which has compromised many. 

Being fair, a lot of users (on all platforms) are technologically ignorant to some degree.   Things like leaving the default router password, an unsecured hot spot, low level security, blind trust, etc can put a device and more at risk.   Honestly, these are things that many users don't give consideration.  

Wireless congestion will be an interesting thing to observe.   I can see that and interference being an inconvenience, though more dependent upon surroundings.


I'm scratching my head on Apple's move.   For me, it really doesn't affect any of my decision making.   To a degree it affects some of my recommendations.  I don't think this will become an industry-wide move.   I think it may further divide fans of each camp,


Tuesday, May 24, 2016

Remember: If It Looks Too Good To Be True...

I went clear-cutting one of my less monitored email accounts today.   Some 1900 messages were thre, Maybe 1400 were legitimate messages from the past year and a half.  I deleted those, leaving the rest.   Perhaps about 25-30 that needed to be kept - the rest got the spam flag first.    Amongst the Nigerian princes fake lotteries, and other miscellaneous nonsense I sawone that sent me about 15spam-mails.   This got my curiosity to have a look.  In general, the odds of a spammer using the same name and /or email address multiple times is slim.


Here's the contents:
Thank you for opening my email sent last week.   Since the last email I sent my lending requirements have loosened.   We are willing to loan to small businesses with no personal guarantee or Fico score requirements. We base our approvals on the Financial stability of your company.  For example last week I funded a Georgia based Software Company  $20,000 with a $99.00 daily payment Monday - Friday for 10 months.  This particular company was using my capital to secure SEO marketing and google clicks and two contract employees. As you know in order to crush the competition and stay alive you need to market and have the manpower.  Why not use my money to crush the competition. They always say in order to make money you must spend it.
My Program Highlights are


Funding in 24 Hours 
Submit Only a one page Application and Three  Months of your last business Bank Statements
Loans Available to $500,000
Loans not based on Individual FICO Scores

 My funding comes with no restrictions and  it is wired directly to your bank account for your discretion. Also this deal was funded with 24 hours of all of the conditions being met.

The Application requirements are light. 
1. Signed and completed application. (This application is attached to this email)
2. One month of your current business bank statements. 
*If you are accepting credit cards I will also need a copy of your last months credit card processing statement
Once I get this I will package and present your deal to our partner banks as well as our private investors.  I will have an approval and term sheet for you within 2 hours of receiving all of your information.  Funding will be within 4 hours after all of the information on your application is verified and funding conditions are met..  You can fax me these documents to my secure e-fax at (866) 656-8477. You can reach me anytime at my desk or at 877.237.7703 or call me after hours on my cell phone (323) 216-0555 so that we can discuss some of the programs available to your business. I'm up and going every day at 5 am PST.
CLICK HERE TO APPLY NOW

Thanks and have a blessed day,

Stef Marrero

Business Development

999 Corporate Drive 
Ladera Ranch, CA 92694
p. 877-237-7703 x 101
f. 866-656-8477
d. 949-525-4727
w. www.talegacapital.com


Of course there's also the normal BS about how this was not unolicited or whatever to try to make you believe you signed up for it.   Apparently Mr (Stefan) Marerro  is mixing Florida and California information here (domain registry info).  

What tells me it's bogus?
  • I have never heard of this individual, nor his company.  
  • I have not actively nor passively sought out any type of funding from him
  • Nor from an outfit that may share information with shady bottomfeeders/scammers.   
  • It was not addressed by name or business.   
  • It operates on false pretenses of previous/established relationship
  • It makes unrealistic claims regarding available monies
  • The requirements seem to be "too easy", especially in today's economy.
  • It arrived to an account not associated with my business

 There's a chance that there's something non-illegal about Mr Spammer's offer.  But, it's likely something that will come with more pain than gain.   The best advice to remember is that messages that come in unsolicited (even/especially if they claim otherwise) that make an offer that seems "too good to be true"; are.   Flag it, bin it, and don't be taken for a ride by something like this.

Thursday, May 12, 2016

App Review, Followup - Color ID

A bit ago, I checked out an app called Color ID.   I posted an initial review of this app, and decided to follow up on it.

Several things have remained constant in the intervening time.   I am still using the Samsung Galaxy S6 for the app.   I still have no iProducts to compare the iTunes store version.   And, I have had no change in my color vision.  I have had a bit of time to try this app out in several conditions.


This app could probably be considered "abandonware".   The developers have not been supporting, or updating it.   So, it is as-is, and will likely remain so for as long as it is around.    There is no support for it.  

How have I found the functionality?
The app uses the camera and speaker.   It has no zoom feature, but a round centering section for it to recognize.   The default isfor the voice to be on, and to check colors every couple seconds.   This can be turned off, so that you can identify color as desired.   In the options, it offers "simple colors" "exotic colors" and "Ral colors".  Simple offers things like "Dark purplish green", "Grey brown" and such.   While not having seen them, they make sense from the "basic crayon box".  They also give the numeric code that it perceives (Brownish black #0a0e0f).  Exotic colors, I believe, gives a lot of new names to the individual shades (Dune, Woodsmoke, Rangoon) though still gives a numeric (Shark #232627).  I'm not overly sure what "Ral colors" means, but seems to give a mix of unusual names, and modified basics (Jet black, concrete grey, sepia brown ) and gives numerics (Tarpaulin Grey #4d4943).

I've found the app to be a bit helpful, but, not as much as initially hoped.   I've found that slight variations in placement of camera, or minor differences in lighting, can result in the identified color.   Sometimes these minor movements (a fraction of an inch in camera placement) can switch between grey, purple, blue and green.   The nature of lighting has an affect on this, as well.   CFL bulbs, fluorescents, sunlight, incandescents, an LED monitor nearby... All of these change the minor perceptions of what the camera sees.

It's nice, and sometimes helpful.  However, it can't be relied on.   While I can be easily fooled between blue and green, I realize there is a world of differences on the spectrum of them.   It's a handy tool, but it's not something that I can count on absolutely.

Party Line Is Open

The phone lines are open: Call 1-855-326-5442, while it's still working. Some possible answers will be "Google Technical Support", "Windows Technical Support", "Yahoo Technical Support", "Technical Support", and "Computer Scammers R Us". 
 
OK, so maybe they didn't answer the phone the last way... but I called them out on it. Until such time as Level 3 Communications can be bothered to disconnect their phone service, I declare the Party Line open. 
 
These are not legitimate call center employees.   They are criminal scammers.   The same contact number claims to represent many competing corporations, simultaneously.  

Examples of deception and fraud include:
  • Microsoft (or Google, Yahoo, etc) will NEVER call you to tell you there is a problem with your computer!!! (While Microsoft will offer phone support, it requires you, the user, to contact them for assistance.   They do not have your name and number.  Yahoo no longer offers phone support - or seemingly any support.)
  • Claiming that the CLSID number is your "Windows license".  (This number, 888dca60-fc0a-11cf-8f0f-00c04fd7d062 is the same on all copies, it is not unique)
  • Claiming that the "netstat" command "shows hackers in your system" (The netstat command, by itself, shows a list of remote connections to your computer - which includes currently visited websites, it does not necessarily indicate hackers' presence)
  • Claiming that the warnings and errors in Event Viewer indicate hackers, viruses or infections (These errors are normal, and do not indicate such things as the scammers attempt to claim)
  • Being very pushy to engage in a remote session with your computer.   (Yes, on occasion legitimate companies will ask for remote access.  This is strictly voluntary, and the level of insistence is low.)
  • Use of profanity, including "The F Word" (These are termination-worthy offenses, with a generally zero-tolerance policy toward even lesser oaths, let alone "the queen mother of all profanities". )
So far these scammers have provided me a bit of entertainment in dragging them out through imaginary "problems".   I figure if Level 3 is going to leave this number up - deeming it not a violation of AUP; then Others may as well have some fun with it, as well.


Keep in mind that these are criminal scumbags, not legitimate business people.   Have fun with them.  String them along.  Waste their time.  Do not, however, let them gain remote access to your computer.   The more their time is wasted, the less it can be used to victimize innocent people, and harm their machines - or steal their money.

Thursday, May 5, 2016

Hillary's Server - Not A Political Post

The Clinton Server
(Not A Political Posting)


I've never really wanted to delve into politics here.   I find that mixing business and politics ends up being bad for business.   The "Clinton Email Server" has been newsworthy for some time.  I, like many, have personal opinions on this matter.  I do not intend to get into those here.   This is about technology, not politics.   Below, the discussion will be about whether or not an extradited hacker's claims of having accessed Mrs Clinton's server are plausible.  Please read this with an open mind, regardless of your opinion on Mrs Clinton.

The "quick and dirty" (or TL;DR) version to set things up:  Barack Obama was elected in 2008.   Upon taking office, he appointed Hillary Clinton as Secretary of State.   Mrs Clinton used a home-based mail server for her State Department correspondences.  Following the 2012 election, Mrs Clinton stepped down from the position of Secretary of State.   In 2013, information about her private mail server surfaced, and since then has become a political topic of assorted controversies.

One of the questions about this server was "How secure was it?"   Staff claim that no one got in.   However, a Romanian hacker, Marcel Lehel Lazar (using name Guccifer) claims otherwise.    In this piece, and this link, Guccifer talks to journalists following his extradition to the US.  He claims that he accessed the server, and gives some detail on "how".    A valid question, though is "Does this man's story hold water?"

The Clinton camp was quick to call "bull" on Lazar's story:
In response to Lazar’s claims, the Clinton campaign issued a statement  Wednesday night saying, "There is absolutely no basis to believe the claims made by this criminal from his prison cell. In addition to the fact he offers no proof to support his claims, his descriptions of Secretary Clinton's server are inaccurate. It is unfathomable that he would have gained access to her emails and not leaked them the way he did to his other victims.”
Perhaps to the non-user to average computer user, this makes sense.   It seems logical.   Unfortunately, to the more trained eye, Lazar gave quite a bit of information in his interviews and statements.

His access to the Clinton server started, according to him, with Clinton confident Sidney Blumenthal.   Mr Blumenthal still used an AOL email account.   With sufficient research, Lazar found details to gain access to Blumenthal's account.   We are about eight years removed from a somewhat similar incident involving participants in the Presidential Election, when Vice-President candidate Sarah Palin's email account was hacked, and leaked.  While Lazar did not get into specifics, his vague description matches the specifics in the Palin hack.  


For the average email user, looking at the inbox shows a sender, subject, time and date, and maybe other people that are on the cc list.   There's a lot more to it than that.  Depending on the mail provider/client one uses, the means of viewing the source information varies.   In this email source, there is a lot of useful information to the more-trained eye.   In order to arrive, mail must be addressed. (username @[instructs computer that domain follows] domain.extension)  When you send mail, it goes from your device to your mail provider, to their mail provider, to their device (and significant routing points along the way). 

As Lazar pointed out, each endpoint has a unique IP address.   For some (home users' computers, Yahoo, Gmail, etc), the address may change with time.   For others (large businesses, schools, hosted domains) a permanent, or static, IP is used.  Lazar is correct that there are a multitude of tools available to examine these IP addresses.  

It seems that Lazar looked a little deeply at some of the contacts with Blumenthal, and looked at where they lived on the Internet.  As I read the description, I thought "This sounds vague".  I was easily able to fill in the details, though, which were likely left out, so as not to provide a "how to" guide.  I can see "Clintonemail" being intriguing, especially not behind a .gov server.  I can see what he describes as being "one of the first things to try".  

To address the Clinton group's assertion that the contents would have been leaked, motive should be considered.    In the Palin case, the perpetrator was American, a Democrat, and she was an opposition candidate in a national election.   There was (perceived) political gain in the September 2008 leak.   By not leaking (at the time), this allows for more exploration, and more gathering.   Continuing to read Blumenthal's email source, he could potentially discover many more servers of interest.   These, in turn, could lead to other "productive" finds.   Burning his source right away eliminates the potential of future discovery.

To be fair, the fact that he makes these claims, and knows the process does not necessarily mean that he was in the Clinton server.    He tells a compelling tale, and it is extremely plausible.  However, he would need to provide some pretty good proof that he was in to convince the jury. 

The Clinton assertion that the server was secure, and no one got in; may be true.  However, it is just as likely to be optimistic belief that has yet to be disproved; or a political mistruth to protect the image of one of three remaining major presidential hopefuls.  

Ultimately, Lazar makes a very convincing and plausible argument.  To be fair,anyone who has a strong functional knowledge of IP addresses and port scanning could likely say the same - with or without having accessed a particular machine.   In the end, the answer will be determined by whether or not Lazar can back up his claims.  

Monday, March 21, 2016

"Microsoft" attempts to strike again.

With the plethora of information out there (and the number of PSA's that I've made on this subject); I would think this is an unnecessary message.  Unfortunately, people still get fooled into falling for these scams.  Microsoft will never cold call you about a computer problem!

Below I will detail the recent scam calls - how they happened; what they [try to ] do; and why it's bogus.   

I have the fortune (or misfortune, depending on perspective) of one of my numbers being "recycled". Based on certain events over the years, it appears the former owner is a senior citizen.   Seniors end up having their information sold to a lot of legitimate advertising bodies.  These lists also make good targets for criminals.  Why?  Yes, some seniors begin having difficulties with their decision making faculties.   They make easy prey.  With some others, though, they may not be "up" on the current technology, and may be more easily deceived.   Mind you, there are also plenty of Gen-X or Millenials, that are susceptible to the same.

Two recent calls in.   One was "PRIVATE", the other was from 800-439-7794.  Both callers were looking for the former (6 years ago) owner of this number.  So intent they were, that they didn't seem to notice that I told them I was someone else.   Fake names didn't catch, as they kept calling me by the owner's name - one of them even addressing me with the female forename.

The gist of the scam is simple.   Act like they are from Microsoft.  Guide you through very simple Windows commands, and then give you BS as to what you're looking at.  Pretend they will fix this issue, if only you allow them remote access to your computer.  Then enjoy the spoils (your confidential information harvested from the computer, your credit card number, bank account information, etc).

The recent scams deviated a little from the normal.  Sure they gave the normal "I'm [fake name] from Windows Technical Support" bull.  However, instead of hopping straight into the event viewer to tell lies about the logs there, they now want to tell you that your Windows Serial Number was attacked by foreign hackers in your computer, and deactivated"

As a means of "earning your confidence" they "give you the first half of the serial", which will be 888dca60, and then have you open a command prompt ("PressWindows key plus the letter R, now type 'cmd' and press enter").  Once there, they will tell you to type "assoc" and press enter. where they will read off the "rest of the serial" to you, to "match" with the number there.  This will be:

888dca60-fc0a-11cf-8f0f-00c04fd7d062





From there, he'll have you type in "netstat" on your command prompt.   Netstat will generate a list of active connections to your computer.   With regard to "foreign", Netstat refers to "remote", while the scammer used "remote" to mean "beyond the borders of your country".   Every connection that you make has a local and remote point.  If you connect to Facebook, Google, Yahoo Messenger, ESPN, Amazon, and iTunes, then you will have at least six remote ("foreign") connections.  There is nothing overly malicious about them despite the fact that some people can use them for bad purposes. 


From this, they'll try to get you to use a remote access program (TeamViewer, Ammyy Admin, GoToAssist, etc) to allow them to "fix" the problem and "reactivate" your serial number.


Why is this a scam?

First of all, as can be seen all over the internet Microsoft will never call you about a computer problem! 

But... they knew the number, and when they gave me the commands, they knew the rest:
No!  Here's the quick and dirty on the "assoc" command.   It tells the associations of everything on the drive.   It's a very long list, and if you're so inclined, you can read through it using the steps outlined aboveThe CLSID number that you see (and they'll quote you) is not your Serial.  It's not your key.  It's not even unique to your computer.   It's common amongst similarly current versions of Windows, and since it's at the bottom of the list; it's easy to use that to sound "knowledgeable". 

But s/he gave me a website to show they're legitimate:
So what?   Domains are a easy to create.  In fact, GoDaddy - has been the recent registrar and host for quite a few scam domains recently registered with fake information.  With their current promo, a year's worth of hosting can net you a "free" domain for under $15.   If they've fleeced thousands of dollars, worldwide, a few disposable domains are hardly a concern.


What they'll do:
Here are a few things that can happen if you allow the scammers to have access to your computer:
  • They install malicious software, claiming that it's there to "fix your problem".  This could be anything from a program to allow them access at their leisure, or a key logger (monitors your commands, and transmits them - includes passwords)
  • Snoop through your personal files for anting that may be "interesting" (tax info, bank accounts, etc) to liberate
  • Install a free or trialware version of software to your computer, and ask you to pay a price for it - generally a scaled price with the "most reasonable" being for the ""life of your computer".   
  • Change your passwords to lock you out, and "ransom" your computer and files back to you - for a price
  • Damage files or delete information necessitating you spend (more) money on useless service

What you should do:

In general, it's advised that you don't answer the phone for strangers.  know that Microsoft doesn't cold call, and only allow access to your computer to people that you trust.

If you do happen to answer to these criminals, probably the best  course of action is simply to hang up on them.   Microsoft will never cold call, and nothing good can come of this.  Even if your computer is having some difficulties, this is not the way to fix it.

Under no  circumstance allow a stranger to have remote access to your computer.

It is generally not advisable to bait them, as I do at times.   I know what I'm doing.   I know what they're looking for - and how to answer questions to make them think I'm playing along.   Also, when they find out they're being played, they may react  angrily.  Mostly this amounts to them cussing and calling names or making empty threats (they're not going to fly from India because someone made an ass of them for 45 minutes)

Yes, I often have better things to do with my time.   Sometimes I have a project running that I can spare a half hour instead of watching TV during.    I only do this when I'm able to spare the time.  I also do it because the time they waste with me is time they are not trying to fleece someone's grandma or grandpa.  I also do it, so that I may educate others so that they may not fall victim


Friday, January 1, 2016

App Review: Color ID (initial take)

I discovered a new app I'm testing out. It's called Color ID, and is available for free in the Play Store (Android). It looks to be available in the iTunes store, as well. To be fair, as I have no iDevices, I can't vouch for the iTunes version. Everything will be based on the version for Android. I think that the Apple version will be the same, or very similar, based on the interface, but that's speculation.

I've never had any color vision. When I was in kindergarten, I got smiley faces on everything I could learn - and a big Mr Yuk sticker under "knows and recognizes colors". This would later evolve into an occasional sense of fashion which allegedly hurt other folks eyes. Hey, it never bothered me any! 

Over time, I've adjusted (happily, I think) with things that I know (or have been told) can be interchanged indiscriminately. I've also got little compunction with asking folks in stores "What color is this?". This makes a difference as sometimes I need black - not purple - pants, or red may behave differently in the wash than black or brown.

Sometimes, though, asking for help is not possible, practical, or possibly embarrassing. By "possible", I mean that there are times when either no one else is present, or a language barrier exists. By "practical", it could be very time consuming to bring a lot of items - or an employee /customer to the items - or as I found during some sales, different color tags represent different prices. By "embarrassing", I don't mean that it would hurt my pride to ask for help... but rather it's awkward to ask "What color is this?" on an item in a size/style that clearly is not meant for me, and may very well be a gift for the person to whom I'm asking the question.

So, I said to myself "Self, since there seem to be apps for about everything; I wonder if there's one that will tell me what color things are." The answer, it came back to be with the Greengar app as the top hit.  I decided to give this a shot. At first glance, it starts with a 3.8 star review (Play Store, 1/1/2015 5PM Central time)Reviews seem to be skewed toward 5 more than 1. I'm an app-watcher, to some degree. I'm very skeptical of the permissions some apps use, and try to figure out the "why" of them. This one required the camera, and the photo/media files. This makes sense as it uses the camera to focus on the item, and can pause or take pictures of an item. 

How does it function?
So far my testing is on the favorable side. I realize that I've tested it against a back-light from my monitors, or from some fluorescents, which may skew results. I know that with it reading the colors in hex, that there's a lot of potential variance. Something listed as #699606, #6996a6, and #699607 may (or may not) appear very close to some eyes, while being each a unique color, and a slight glare may bring some variance to recognition. The quality of the camera will have an affect, as well. For me, I tried with the Samsung Galaxy S6 which has a pretty good camera.

The results appear to be at least ballpark enough for me to get a good understanding of what I'm looking at. This app gives them to me in something a little beyond "Explain it to me in the original 8 of the crayon box". "Greenish blue" or "light purplish green"are easier on a comprehension than some of the color names out there. Even some of the less obscure names, like these, end up being a pain to sort out at times. So, I like the simplicity of the app here. 

From early experimentation, it appears to be about what I'm looking for. I'm keeping in mind my initial testing is not with the best lighting, perhaps (for the app, not for me). I see that some reviews make note of possible accuracy issues, also. I'm going to have to give it some tests in different lighting situations and see how it compares. But, I do know that with the number of hex combinations of colors, it's easy to get several results for the same thing based on distance of camera, light, camera, phone, fingerprints, glare, etc.

For those who may note I have not linked to the company, but rather to the app-store locations; it's because Greengar folded. The app is still around, however. It seems reasonable to presume that this is the final version of this app, unless it's brought on by the creators' next development venture. I have given some other apps a look and have been less than impressed. For instance, one called Color Detector . This one I found to be similar, and a bit too specific in identification of the colors. This one would require me to figure out "what does that color mean" in addition to "what color is it?". 

I plan on giving this a bit more of a practical experiment down the line; and may post a follow-up review if needed. For now, I find it useful, and worthwhile (plus it's free).