the LYNCH report

The Power of Clear Insight

Archive for the ‘Technology’ Category

Is the new Cherrypal America Tablet vapourware? We’re not sure…

with one comment

Cherrypal, a company with a colourful reputation, to put it mildly (try searching Google for “cherrypal scam”), has announced a 7″ tablet running Google’s Android operating system. The Cherrypal America, as it’s called, is offered at $188 US, with an additional $18 US shipping, regardless of destination. What are the specs? Well, they vary. For example, they initially stated the wireless would handle 802.11 b/g/(n). What is “(n)”, you may wonder? Is it the same as “n”, absent the comforting braces? According to their support board, the Cherrypal America “can receive “n” wireless signals in “g” speed”. Hmmm. Odd.

The Cherrypal America. We're not sure if it exists beyond a picture.

The company initially advertised the units would use a Samsung Arm 11 chip, however a smart poster to their support forum deduced from the specs it couldn’t possibly be a Samsung chip, to which he received the reply, “We used a Samsung ARM11 in a pre-mass-production batch but decided to switch over to Telechip recently. All orders will get shipped with the Telechip processor. Sorry for the confusion.”

The only evidence of the tablet’s existence is a very poor quality youtube video – you can see it here (by the way, mute your speakers before you click the link, because you’ll get blasted by very poor music).

Cherrypal Americas are sold via an online outfit called Zecozi, which seems to aspire to be some sort of mash up of a commerce site with a social component, such that one can post one’s purchases for all to see. Funny timing for conspicuous consumption, given the economy and all, but we try not to judge.

There are other conflicting bits of information: the Cherrypal site indicates all units ordered by Oct 13th will ship on Oct 15th. However it wasn’t until Oct 20th that we received notification that our unit had shipped. The site also states units ordered within the US will be shipped from the US, while orders placed from other countries will ship from Hong Kong. We’re not in the US, but we received an email indicating a USPS (US Postal Service) tracking number. Oh, and about that tracking number, it’s a link, but it doesn’t actually link to the USPS tracking site. Instead, it performs a Google search for the tracking number (which returns no results). And what does the USPS say about our tracking number? “There is no record of this item.”

The support “forum” isn’t actually a forum either: one can post questions, but one cannot reply (it seems only administrators can reply).

We also received an email from Cherrypal with the following:

“We have noticed that hardly anyone reads printed manuals anymore. That’s why we make user guides and instructions available online only going forward. Thank you for your understanding. See attached “Getting Started User Guide 1.0″”

Of course, there is no attached user guide.

The same message appears on Cherrypad’s support site, also claiming a user guide is attached, only there is no attachment or user guide or link or anything else.

Does the Cherrypal America exist? We’ll keep you posted if and when we receive ours. But we strongly recommend against ordering one until there are confirmed units received by paying customers. This appears to us to be either a scam or a profoundly poorly managed operation. We’re hoping for the latter.

Written by westcoastsuccess

October 20, 2010 at 10:32 pm

Shaw Cable Blocks IEEE1394 (Firewire) on Set-top Cable Boxes (Again)…

with 68 comments

***UPDATE*** We’ve contact Novus to determine if they enable the 0x02 flag. Here’s their response:

We’ve tested your instructions on most of our channel line ups and they all seemed to have 0X00 for their CCI category. So please call our Call Center to speak with a representative for assistance in creating a Novus account to set you up with our services, thank you.

Chris Somera
Customer Care / Technical Support Specialist

We’ll be switching to Novus’ fiber optic offering today.

*****

A year and a half ago, Canada’s Shaw Cable began encrypting channels with the “0x02” flag. This flag has the effect of making the IEEE1394 (firewire) output useless to customers who use third party PVRs (such as the excellent MythTV, for example). After complaints to the CRTC and Industry Canada about this practice, the encryption flag was dropped on most channels and the firewire connection again functioned.

Until last night, that is. Once again, Shaw Cable has implemented “0x02” encryption. No reason was given for the change, and an inquiry requesting an explanation received the response contained in the letter to below.

Unlike the US, Canada does not yet mandate that firewire ports must remain functional.

Herewith, a copy of our letter to the Minister of Industry (with copies to the Minister of Culture, the CRTC, and Shaw):

To: The Honourable Tony Clement, Minister of Industry

Please see below for prior correspondence – this issue surrounds Shaw Cable’s implementation of “0x02” encryption on cable television signals, which renders IEEE1394 (aka “firewire”) ports useless on set-top cable boxes owned by Shaw’s customers. As of yesterday, this issue has once again appeared: Shaw is encrypting channels customers have paid for (including the CBC) from at least 3 – 60 (except (oddly) channels 36, 46 and 60). There are, no doubt more channels encrypted; I simply stopped checking at channel 60.

Here’s why this is an issue for Industry Canada (as previously outlined below): in order to use a PVR other than Shaw’s to record programs (and, specifically, HD programs), the IEEE1394 output is required. When Shaw remotely disables this function via 0x02 encryption, only Shaw’s proprietary PVRs can be used. This not only eliminates any competition and stifles innovation in the PVR market, in the process it creates a monopoly for Shaw’s PVR products.

There’s another issue here: disabling the functionality of something a customer owns is akin to a Shaw representative physically taking a hammer to the IEEE1394 output plug – it has an identical effect, in that in both instances, something a customer owns and has paid good money for has been functionally impaired by Shaw.

Lastly, it should not be incumbent upon Shaw to determine the particular connection a customer uses to view channels a customer has paid to enjoy – Shaw should be indifferent as to whether a customer chooses to use a coaxial cable, component cables, HDMI or IEEE1394. In the US, blocking the IEEE1394 output is not permitted – here’s the salient portion of the text of the FCC’s so-called “Plug and Play” Order of September 2003:

“(4) Cable operators shall:

(i) Effective April 1, 2004, upon request of a customer, replace any leased high definition set-top box, which does not include a functional IEEE 1394 interface, with one that includes a functional IEEE 1394 interface or upgrade the customer’s set-top box by download or other means to ensure that the IEEE 1394 interface is functional.”

The US legislators have keenly understood the need to keep the competitive landscape open for third party PVRs and other technological innovations.

As much as I’m philosophically opposed to regulatory interference in trade, I’m more strongly opposed to monopolistic trade practices, and that is what we have here.

I alerted Shaw to this issue and inquired as to why they have again implemented 0x02 encryption. Their response was:

“As per our previous emails, we do not provide any support for the use of the Firewire port on any of our digital tuners.

Jason (4211) / Shaw Technical Service Representative /Shaw Cablesystems G.P.

This delightfully sidesteps the issue entirely: it is not “support” for firewire that’s necessary. Rather what the issue is about is not actively impairing firewire signals. There’s no “support” necessary – by default, the set-top boxes allow the signal to pass unimpeded through the firewire output. It is a feature customers (like me) specifically bought these units for.

Many thanks in advance for your help, and I look forward to hearing from you.

Sincerely,

Written by westcoastsuccess

August 8, 2009 at 1:27 pm

Posted in Politix, Technology

Visa/Mastercard PayPass: A New Opportunity for Credit Theft…

with 13 comments

***UPDATE: Mythbusters gagged by credit card companies from airing show describing how easily hackable RFID is – click here for video***

Opening a recent piece of mail from Mastercard, I expected to find the usual bill and assorted ads for things I neither want, nor need. Instead, the envelope contained a new replacement card.

That seemed a little odd, since my current card doesn’t expire for another year. So, instead of throwing the envelope in the shredder (and wondering, as I do every month, why they bother with physically mailing me a bill…), I decided to read the enclosed letter and find out why my card should be replaced mid-term.

The letter informed me the new card is “PayPass enabled”. This means the user can complete a transaction without signing a receipt, simply by swiping the card near a PayPass reader. Since the PayPass reader doesn’t require physical contact, I realized the card must transmit the cardholder’s data to the reader, which immediately made me wonder how secure my shiny new Mastercard really was. I’ve had fraudulent transactions appear on a Mastercard statement before, and have gone through the ordeal of getting them removed: some research seemed in order. Off to the internet I went.

The cards use RFID technology: Radio Frequency Identification, an ultra-low-cost method for transmitting information also used in automated toll booths, inventory tracking and car security systems. The technology is everywhere, and since it’s both low-cost and ubiquitous, you can pick up RFID readers easily and cheaply.

The first thing I encountered was a commercial for Mastercard which features an elephant stealing its caretaker’s card and going on a shopping spree. I guess the intended message is, “Even if you’re as dumb as an animal you’ll be able to figure out how to use this card.” The message I got, however, was that I’d better guard the card tooth and nail lest someone (or some rogue elephant…) get hold of it and go on a no-signature-required shopping spree.

Then I came across a video on YouTube wherein Pablo Holman shows how an $8 device, available on Ebay, can be used to get complete credit card details remotely, simply by swiping it near the wallet of a user.

Mr. Holman also, quite rightly, points out the related privacy issues: with the reader’s signal boosted, it can scan a coffee shop and determine exactly who is inside. Investigators’ jobs just got a whole lot easier.

I wanted to know more about the security of the credit cards: Mr. Holman mentions that the decryption occurs locally between the reader and the card (rather than remotely, at a secure data facility). I found an excellent video, this one on Google Videos, featuring a detailed presentation by Matt Greene, a researcher at Johns Hopkins specializing in applied cryptography, among other things. The video is rather long (it clocks in at 68 minutes) but here are the take aways:

  • The encryption used, (where any is used at all), is 40 bit.
  • 40 bit encryption is remarkably simple to crack, and is susceptible to brute force attacks, since there are only about a trillion possible keys (that may seem a lot, but a middle-of-the-road home computer can process at least a million keys a second).
  • Once the encryption is deciphered, there are no safeguards against unauthorized use – no one bats an eye at a car filled with electronic gear or the use of a device (other than a credit card) on the card reader.

I decided against enabling the new PayPass credit card (it has “PayPass” boldly emblazoned on it, the better to alert a thief no signature will be required…) and called up Mastercard.

I advised the representative I spoke with that I would not be enabling the new PayPass card and was told my current card (with an expiry date a year away) will cease to work within 120 days from the date Mastercard mailed my new card. Is a non-PayPass enabled card available instead? I was told no: all new cards will contain the RFID chips. She asked if my concern was security. Indeed it is, I replied, to which she explained the new cards are actually more secure than the old cards. Well, I asked, was she aware an elephant could indulge in a shopping spree using the new cards with nary an eyebrow raised? At least that got a chuckle. However after explaining to me that every credit card company will be issuing PayPass enabled cards, she asked if I was ready to activate my new credit card.

I decided to pass, and so ended my relationship with Mastercard…

**************************************************************

Around the same time, my girlfriend received a new Visa, replacing an expiring card. On first using the card, she was told by the merchant that a PIN number was required. We encountered this again at a restaurant later that night, with the server having no idea why a PIN should be required but insisting my girlfriend enter one. That seemed odd, so we checked out the info which had accompanied the card.

It turns out this is another new “feature” of credit cards: a PIN entry is required if a transaction exceeds a certain amount. Additionally, the bank had “helpfully” added her ATM card’s PIN number to the (also RFID containing) credit card!

The use of a PIN makes things particularly awkward in, for example, fine restaurants: instead of handing the server the card and enjoying an after dinner coffee while the card is processed, you’re required to interrupt your meal and accompany the server to the PIN pad. Very annoying.

Bearing in mind the liability to the cardholder in the event of theft or fraudulent transactions on the card is $0, the added inconvenience comes with no discernible benefit to the cardholder.

**************************************************************

It’s a strange time, for the credit card companies to go down this path. On the one hand, they proffer cards which require no signature up to a certain amount ($50 per transaction, in my case); on the other hand they insist on the inconvenience of PIN numbers for other transactions.

In terms of the timing, the credit card companies are not exactly in the best of economic climates currently: a record number of people are facing foreclosures, unemployment is trending upward and the price of gas is forcing cutbacks on other purchases. Personally, I don’t know of too many people planning elaborate, plastic-fueled spending sprees these days, and a turn around doesn’t appear to be imminent: the next wave of adjustable mortgages is right around the corner, this time for prime borrowers, of which there are an awful lot more than sub-prime borrowers.

It seems an odd time for the credit card companies to throw obstacles like PIN numbers in the path of those consumers still charging larger amounts to their credit cards. And I can already envision the conversation with a credit card company’s security rep after having my card data stolen remotely:

“Has the card ever been out of your possession sir?”

“No, it hasn’t.”

“Well, then I’m afraid your liable for the charges.”

“Could someone have scanned the card data remotely?”

“That’s impossible, sir: these new cards are actually more secure…”

As much as we’ve grown unaccustomed to cash these days, it’s starting to seem the simpler, safer route…

$33 million down the drain in a day? We Test Drive Yuil…

leave a comment »

Just a day after Cuil’s ill-fated release, a new parody site, Yuil, has appeared on the search scene. Featuring an identical look to Cuil (but a non-existent privacy policy – does that mean we have none?), we decided to put Yuil through the same paces we put Cuil. Spoiler: Yuil easily outperformed Cuil.

Here’s a side-by-side comparison…

The Look

Sleek, minimalist, dark and ominous: Yuil looks…er…Cuil…

Hmmm....we've seen this interface before...

Hmmm....we've seen this interface before...

A search for "cnn" brings up the expected results. Relevance slightly better than Cuil.

A search for "cnn" brings up the expected results. Relevance slightly better than Cuil.

Gone is the out-of-place box on the right of the screen with related searches. That’s fine with us. No tabs either. That’s OK: we’ll trade relevant results for no tab-iness anyday…

Now for the test that soured us on Cuil: a search for “cuil”:

"cuil.com" is the first result returned in a search for "cuil". And we love the completely irrelevant picture, a la all the Cuil results - well done!

No problems here: "cuil.com" is the first result returned in a search for "cuil". And we love the completely irrelevant picture, a la ALL the Cuil results - well done!

How about a search for the LYNCH report? Cuil irritated us pretty good on that test yesterday. Let’s try a piece of our address, “westcoastsuccess”…

There we are, front and center - perfect!

There we are, front and center - perfect!

Finally, the test that got Cuil on our blacklist: can we access page two of the search results?

A second page of search results! $33 million in venture capital couldn't accomplish that on Cuil!

A second page of search results! $33 million in venture capital couldn't accomplish that on Cuil!

Well, we’re sold! Yuil is now the official search engine of the LYNCH report…

Written by westcoastsuccess

July 30, 2008 at 4:49 pm

Cuil: “Google Killer”? We Didn’t Find Any Results for “Google Killer”…

with 2 comments

we love the look; too bad about the results...

Cuil's homepage: we love the look and feel.

There’s been a lot of hype recently about cuil.com (which, we’re repeatedly told, is pronounced, “cool” (but which we can’t stop pronouncing “kweel”)), the new search site put together by a former Google employee, her husband and a couple of former Google engineers, among others. The hype includes claims that Cuil boasts a larger index of sites than Google, has a smarter, more human-like understanding of what you’re really looking for and is generally kweeler…er…cooler than Google. We decided to see what $33 million of venture capital gets you in the way of a search engine.

While maintaining Google's minimalist approach, Cuil represents a clearner, more modern look...

While maintaining Google's minimalist approach, Cuil represents a darker, clearner and more modern look...

First impressions

We like the look of Cuil’s homepage. In keeping with the fundamentals of the Google aesthetic, the site’s designers have gone for a minimalist approach. However, completely unlike Google’s classic home page, the Cuil site confronts a visitor with a dark, black background: about as far from Google’s vibe as one can get. They’re certainly making a statement with their theme, and it works: Cuil’s designers have somehow made the interface feel like Google and the anti-Google all at once.

Privacy Policy

This is the one area where, all other things being equal, Cuil really does have a chance of living up to the “Google-killer” label. Google has made some mis-steps on the privacy front of late – witness the Viacom et al v.You Tube lawsuit, wherein a judge, clearly out of his technological depth, ordered You Tube to turn over data which included information which could potentially identify individual visitors to You Tube and what those visitors watched. Rather than throw their mammoth resources into fighting the ruling tooth and nail (their business model, after all, is based on users’ trust), Google instead chose to negotiate a deal with Viacom that would prevent the personally identifiable part of the data from being turned over to Viacom, in the process establishing the judge’s order as a precedent for future cases.

Cuil makes the whole scenario a moot point by not keeping personally identifiable data in the first place – it’s discarded immediately upon creation. The net effect (pardon the pun) is that there is no personally identifiable user data to turn over, regardless of the whims of any judge.

That’s first-rate, and something we’d like to see become the de facto standard among websites. It also trumps Google’s “Do No Evil” creed-turned-slogan.

Searching

If you’re anything like us (and the overwhelming majority of people, in this case, are), you rarely visit search results beyond the first page: if the first batch of results don’t contain what you’re looking for, it’s time to modify your search words, toss in some quotation marks, etc. We mention this by way of getting to this point: we don’t really care if a site has 120 billion pages indexed if the site we’re really looking for is the 120 billionth result. We need results fast and accurate, or we’re leaving.

As such, we decided to test some obvious searches, some less obvious search terms and some local search terms we use all the time. We also, for amusement’s sake, searched “cuil” and “google” on each site. Then we searched for the Lynch report (this time for vanity’s sake).

Firstly, we tried “cnn”. Cuil returns about exactly the results you expect, and we really like the tabs along the top which take you to related searches – they’re a great idea and one we’re surprised didn’t occur to Google. Cuil also returns the same related search suggestions on a panel titled “Categories” to the right of the search results, and the headings reveal additional sub-headings upon a mouse-over. Pretty good stuff, and in a much nicer, more sophisticated layout and design than Google. So far, so good.

The tabbed browsing, a la Firefox, is great. A "Categories" box dupicates the tabs, and expands to show sub-categories upon mouse-over.

Related searches appear in tabs along the top, a la Firefox, which is great. A "Categories" box dupicates the tabs, and expands to show sub-categories upon mouse-over.

Next we tried “guns n roses”. Again, Cuil impressed. The search suggestion box is great, showing related searches for Band Members, Songs, Lyrics, etc., all mirrored on the convenient tabs along the top. Perfect.

"cuil.com" is not a relevant result of a search for "cuil" on Cuil!

"cuil.com" is not a relevant result of a search for "cuil" on Cuil!

Then we tried searching for “cuil”, and that’s when things really started going off the rails for the new site. Cuil doesn’t return a result for their own page in the first page of results! On Google, meanwhile, “cuil” returns “cuil.com” as its first result. That got us laughing, so we decided to see how many pages deep we’d have to go on Cuil before we found their site – maybe Cuil figures you wouldn’t be looking for their site if you were actually on their site already.

Unfortunately, we never did find a result for “cuil.com”. That’s because the site started acting up everytime we tried to dig deeper than the first page of results, routinely returning:

We didn’t find any results for “<insert the site we searched for here>”

Some reasons might be…

  • a typo. Please check your spelling.
  • your search includes a term that is very rare. Try to find a more common substitute.
  • too many search terms. Please try fewer terms.

Finally, try to think of different words to describe your search.

Hmmm…OK…”cuil” looks like a typo no matter how many times we see it in print, however we double-checked and indeed had it right. And we’ll grant you that “cuil” is indeed a rare term, but it worked for the first page of results. Too many search terms? The next best alternative is no search term at all. We are indeed, finally, thinking of different words to describe our search – all of them of the four-letter variety by this point…

"cuil.com" is not a relevant, first page result of a search for "ciul" on Cuil.

The second page of search results typically returns this error message.

We encountered the same scenario for all the subsequent searches we tried: we couldn’t get past the first page of results.

Next we tried two search terms for the site you’re currently viewing: “the lynch report” and ‘westcoastsuccess”. Neither search term brought up our site on the first page of results. Now we were getting downright irate – Google’s never treated us like this!

One more test: we get all our computer parts from New Type Computer Workshop – a great little hole-in-the-wall computer supplies/parts store down in Yaletown. We tried “ntcw” (their site is ntcw.com): no luck on the first page and second page returns the usual (by this point) error. “ntcw.com” is the first result returned by Google. We also tried “new type computer workshop” but couldn’t even get the first page of results this time.

The first result for a search of "google" on Cuil. Nothing Cuil is doing is going to require a rewrite of this entry anytime soon...

The first result for a search of "google" on Cuil. Nothing Cuil is doing is going to require a rewrite of this entry anytime soon...

Lastly, we tried searching Cuil for “google”. The first result is for “google.com” and states:

Google, a Web search engine owned by Google, Inc., is the most used search engine on the Web. Google receives several hundred million queries each day through its various services.”

Aptly put, and after our test drive of Cuil, we don’t see that changing any time in the near future…

Written by westcoastsuccess

July 28, 2008 at 5:37 pm

How To Search All Craigslist Sites At Once Using Firefox Keywords…

with 22 comments


Craigslist, with its bbs-inspired aesthetic, is a great site for finding things locally; we use it all the time. However there are times when it would be great to be able to search all the individual Craigslist sites at once. This is particularly true when trying to find rare, antique or otherwise obscure items (for example a Ferrrai 246, or just the right wheels for our vintage BMW 6 Series).

Since Craigslist is based on a local model, manually searching the globe via Craigslist would entail searching thousands of sites individually. We present a double shortcut today: a Firefox keyword search that lets you search every Craigslist site by entering just two letters in your address bar plus the item you’re searching for.

For those unfamiliar with Firefox’s excellent keyword feature, it allows you to assign shortcuts for your address bar that populate a web site’s input fields. Here’s a quick example of how it works which you can try right now:

1) Open a new tab or browser window.

2) Go to http://www.imdb.com/

That’s the Internet Movie Database site.

3) Right click in the web site’s search bar and select “Add a Keyword for this Search…”

Right click in the search box and select "Add a Keyword for this Search..."

Right click in the search box and select "Add a Keyword for this Search..."

4) In the box that appears, type “imdb” (without the quotation marks) in both fields. The first field is the name you’ll be saving this keyword as; the second field is the actual shortcut. Click the “Add” button.

Type "imdb" in both fields.

Type "imdb" in both fields.

5) Now go to your address bar and type “imdb dark knight” (again, without the quotation marks) and hit enter. You’ll be taken to the Internet Movie Database’s results page for a Dark Knight search.

Try typing "imdb dark knight" into the address bar.

Try typing "imdb dark knight" into the address bar.

imdb.com's search results.

Keyword result: imdb.com's search results.

Now, anytime you want to search for a movie, you need only enter “imdb” into your address bar, followed by a space and the name of the movie – you’ll get the same result as if you’d visited imdb.com and entered the name of the movie in imdb.com’s search bar. This works with any site and is a great time saver.

OK, time for part II: a global Craigslist search with a keyword.

1) Go to http://www.google.com.

2) In the search field, right click and select “Add Keyword for this Search…”.

3) In the Name field, enter “Craigslist” (no quotations).

4) In the Keyword field, enter “cl” (again, no quotation marks). Click the “Add” button.

Adding keyword information.

Adding keyword information.

5) Open your bookmarks and right click on your “Craigslist” bookmark. Select “Properties”.

Right click your Craigslist bookmark and select "Properties".

Right click your Craigslist bookmark and select "Properties".

6) In the Location field, enter “http://www.google.com.my/search?hl=en&q=site:craigslist.org%20%22%s%22&meta=&#8221;

Not to be ridiculously repetitive, but no quotation marks please!

Click the “Add” button.

Adding our global Craigslist search parameters.

Adding our global Craigslist search parameters.

That’s it.

From now on, whenever you want to search all the Craigslist sites in existence for an item, simply enter “cl” followed by a space, followed by the name of the item you’re looking for.

Searching all Craigslist sites for a Ferrari 246.

Searching all Craigslist sites for a Ferrari 246.

Ferrari 246s everywhere!

Ferrari 246s everywhere!

NOTE: the above keyword searches for exact matches (ie the equivalent of enclosing a phrase in quotation marks in Google). If you prefer to search results with the included words but not the exact phrase, substitute the following for the Location field in your “Craigslist” Properties dialogue:

http://www.google.com.my/search?hl=en&q=site:craigslist.org%20%s&meta=

The perfect wheels for our 6 Series - thanks, Craigslist Nashville!

The perfect wheels for our vintage 6 Series - thanks, Craigslist Nashville!

Written by westcoastsuccess

July 22, 2008 at 11:04 pm