Archive for the ‘Computers’ Category

My letter to the FCC about the open internet proposal

Thursday, May 22nd, 2014

To: openinternet@fcc.gov
Subject: Internet must remain open

To the commissioners:

Those who object to regulating internet service providers to ensure an open internet, as the FCC is currently proposing to do, adhere to the rigid political philosophy that regulation, by definition, stifles competition, innovation, growth, etc.

However, this philosophy is only even theoretically true when there is real competition and an even playing field. Unfortunately, the plain fact of the matter is that when it comes to internet service, far too many consumers don’t benefit from either real competition or an even playing field. In those circumstances, not only does regulation not stifle growth, regulation is essential for growth.

More than 30% of Americans live in areas where internet service is a monopoly. This problem is getting worse, not better, as cable companies continue to merge, leading to fewer competitors with iron-fisted control over larger and larger swaths of territory. Allowing the massive internet providers to game the system even further by charging fees for better access to their networks, or by charging their customers for access to content from outside their network, e.g., by introducing bandwidth caps that exclude content produced by the internet provider, will cause consumers to be screwed over even more than they already are. How anyone can suggest otherwise for a straight face is incomprehensible.

Those who oppose classification of the internet as a Title II common carrier make hyperbolic references to how “backwards” Title II regulations and how we need to look toward the future rather than the past. The fact of the matter is that the strict regulations placed for many years on POTS providers are the only thing that ensured that every person in America has access to telephone service. That is exactly what is needed for internet service, which is why it should be classified as a Title II common carrier and aggressively regulated to bring fast internet to everyone, everywhere in the United States.

Those who claim that such regulation will force the large internet providers to raise their rates are blowing smoke. Comcast, for example, is raking in huge profits, literally at the expense of consumers, by providing legendarily poor service and charging ridiculously high prices. If its prices were regulated, as telephone prices were for many years, it would still make a profit, it just wouldn’t be able to fleece consumers quite as much as it can now.

Congress is completely dysfunctional and is almost completely incapable of passing any substantive consumer-protection legislation. If that means it falls on the FCC to figure out how to reinterpret the laws Congress has already passed to allow it to enact meaningful open-internet regulations that will protect consumers, then so be it. Godspeed and get to work.

Sincerely,

Jonathan Kamens

Dear T-Mobile, thanks for wasting my time!

Friday, May 9th, 2014

Dear T-Mobile,

In my life, I am blessed in many ways. I have a wonderful family; I am part of several great communities; I have a good job I love with people I respect and learn from every day; I have a roof over my head and enough food to eat.

However, like many other people, the thing that is in shortest supply in my life is time. And the time I can’t afford most of all, the time that drives me crazier than anything else in my life, is the time I am forced to waste dealing with other people’s incompetence. And this is why I am writing to you today to register two complaints, one general and one painfully specific.

(more…)

Using Selenium to monitor Phone Power international call usage

Sunday, April 20th, 2014

Back when I was using Vonage, I wrote and shared a Selenium script to alert me automatically if I was approaching my monthly usage limits.

Then I kicked Vonage to the curb and switched to using Google Voice plus an OBi202 box for my home phone service, lowering my monthly bill from around $14 for Vonage to $Free for Google Voice.

Alas, as of May 15, 2014, Google Voice is no longer going to work with my Obihai box, so I’m back to paying for VoIP. I decided on Phone Power‘s $5/month special offer (I have a sneaking suspicion it’s going to go up after the first year, but we’ll see) for former Obitalk Google Voice users. Alas, Phone Power has the same problem as Vonage — they let you view on your web site how many minutes you’ve used toward your quota of free monthly international minutes, but they don’t have any sort of automated alerts when you’re approaching your limit.

So I went ahead and tweaked my old Vonage Selenium script to work with Phone Power instead. For anyone who might find them useful, I’ve posted them in this public gist.

(more…)

How LastPass protects your data

Thursday, April 10th, 2014

I’ve seen several people recently discussing how LastPass protects your LastPass master password and your encrypted site password data (a.k.a., your vault). If what some of those people were saying were true, then LastPass wouldn’t be as secure as I thought it was. This gave me pause, since I use LastPass to store all my passwords, so I decided to do some research to try to understand for myself exactly how it works. Now that I’ve done that, it seems to me that others might benefit from my research, and in any case writing it down will clarify it in my own mind, so here it is.

(more…)

We need a “/heartbleed.txt” standard, and we need it ASAP

Wednesday, April 9th, 2014

Heartbleed LogoThose of us who help create and maintain “the internet” that everyone benefits from are now tasked with helping the world recover with one of the biggest, if not the biggest, security holes in the history of the internet.

To be certain they aren’t vulnerable, users need to change their passwords at every site that was at any point vulnerable to a Heartbleed attack. But a site has to be patched, and its SSL certificate has to be reissued with a newly generated secret key, before its password should be changed; otherwise, the new password is just as vulnerable to Heartbleed as the old one was. What’s more, you can’t just look at the start date of an SSL certificate to determine whether it was reissued, because that doesn’t tell you whether the site was patched before the certificate was deployed, and worse than that, some CAs (e.g., Digicert) quite reasonably re-key certificates without changing their original start dates.

I have passwords at over 500 sites. I’m sure there are people who use many more sites than that. Manually figuring out which sites need their passwords changed, and when to change them, and keeping track of which ones have been changed, is an impossible task.

What we need is a standard, widely adopted way for web sites to indicate, in a way that can be easily interpreted by software, whether they were ever vulnerable to Heartbleed, and if so, when the vulnerability was patched. Then browsers and password keepers such as LastPass can easily determine and track which user passwords need to be changed, and warn the user.

(more…)

How not to run a computer security company

Thursday, March 20th, 2014

TURN OFF two-factor authentication before restoring an Android phone

Sunday, February 23rd, 2014

Android phones have this awesome feature whereby your list of installed applications, your application settings, your Wi-Fi settings, etc., are backed up automatically inside your Google account, such that when you set up a new phone and link it to your Google account during the initial setup, all that stuff gets restored automatically, making for a lot less work for you returning your phone to the condition you want it to be in.

However, if you have two-factor authentication enabled on your Google account, it doesn’t work properly, or at least it didn’t for me. Here’s what happened:

  • I turned on my newly factory reset phone.
  • During the initial setup process, I entered my Google account username and password.
  • The setup app told me I had to log in on the internet (i.e., through the browser) because of my two-factor authentication.
  • I logged in on the internet, including entering the two-factor authentication code I received as a text message.
  • The setup process proceeded to completion.
  • I discovered after it was done that my Google account had not been successfully configured into the phone.
  • I configured the account again. This time it worked, but my apps and settings were not restored.
  • I couldn’t find any way to tell the phone to restore my apps and settings at that point.

Moral of the story: if you’re setting up a new phone or resetting and rebuilding your old one, and you want your apps and settings to be restored, then turn off two-factor authentication completely until the phone is set up, and only then turn it back on.

 

A journey of searching and renewal

Sunday, February 16th, 2014

Today, I embarked upon a magical journey, a journey of discovery, a journey of oneness with the environment. In a word, a journey of recycling.

For several years, I’ve been accumulating junk of various sorts on a shelf under my workbench with the intention of eventually figuring out how to dispose of it in an environmentally sound way. Today, I decided to throw it all into boxes and try to get rid of it.

(more…)

My email identity thief is at it again

Tuesday, February 11th, 2014

Another reminder of why I so “love” Paychex

Wednesday, January 1st, 2014

Because I am a boring old fuddy-duddy, I was spending the minutes leading up to the New Year trying to reconcile my 2013 medical flexible spending account (FSA), i.e., to match up the FSA transactions listed on the Paychex web site with those listed in my financial management software and confirm that there were no incorrect transactions in either location.

Alas, after several passes through the transactions, there were, in fact, several that I couldn’t reconcile, and even taking those into account, the reconciled balances were not matching up. However, rather than make yet another pass at trying to make them come out even, I decided to go watch the ball drop with my kids.

When I came back to my office, I had been logged out of the Paychex web site due to inactivity, and the transaction history page I’d been looking at was wiped clean. It wasn’t even available in my browser cache, because the Paychex web site is *shudder* entirely implemented as a Flash application. “No problem,” I said to myself. “I’ll just log back in and bring up the data again.”

Alas, when I logged in, I discovered that the web site had rolled over to my 2014 FSA, and none of the data from the prior year was accessible any longer on the site. (more…)