Links
Amazon

A few recommended books, movies, games, and albums. If you want to look for more recommendations, feel free to look at the larger selection over at Amazon or my Amazon Store with more recommendations.

  • Cryptonomicon
    Cryptonomicon
    by Neal Stephenson
  • DreamCypher
    DreamCypher
    Dancing Ferret
  • Tron: Legacy (Amazon MP3 Exclusive Version) [+Digital Booklet]
    Tron: Legacy (Amazon MP3 Exclusive Version) [+Digital Booklet]
    Walt Disney Records
  • The Moon Is a Harsh Mistress
    The Moon Is a Harsh Mistress
    by Robert A. Heinlein
Sunday
Oct262014

The Upcoming Fight Over Phone Payments

There's an interesting battle developing related to the new "Apple Pay" feature introduced with the iPhone 6 series of phones.

The Background

Apple Pay uses a hardware feature called NFC, or near field communication. It's a combination of antenna, radio, and identification chips that can only broadcast for extremely short ranges, and thus is incredibly difficult to eavesdrop on. It can also be encoded to uniquely identify the hardware running it.

Think of it as a wireless unique key or lock combination that can be put in your phone or watch, or a key fob.

With it, it becomes practical to store banking related information in a digital "wallet" (or "passbook") on your phone, and then at stores that have NFC readers (including Whole Foods, Walgreens, CVS) to put your phone next to the terminal and pay.

The advantages are that you don't have to produce a card who's number has to be recorded, or be swiped (possibly through a rogue card swiper).

The disadvantages so far have been that many android phones have had the wallet features locked out by the phone carriers, and that adoption of NFC-ready terminals at checkout registers has been slow due to the additional expense. Also, the apps have been somewhat clunky to use, requiring unlocking the phone, supplying a PIN, etc. - not making it much easier than just pulling out a card.

Of course, as fraud has increased - such as the recent hacks at Home Depot and Target - it is becoming enough of an expense to justify pricier terminals that help cut down on that fraud.

So what makes Apple Pay so great (assuming you have a compatible bank - only one of mine is currently on board - the other will be soon)?

  • Your default card is available without ever having to unlock the phone. No apps to open up.
  • With reliable touchID, you don't have to enter a PIN, you just hold the finger you always unlock the phone with over the home button.
  • Your credit card information is never stored on the phone, or given to the retailer.

The first two points make it far more convenient to actually use - as in more convenient than digging out your wallet, fishing a card out, swiping it, and entering the PIN or signing on the screen.

The last point directly deals with recent hacks of user info at various stores. Your phone only sees the credit card information long enough to register the phone with the bank. It stores a completely different ID internally, and generates a unique one-time number for every transaction. Anyone hacking a store you've used Apple pay will never get useful information to hit up your bank account. Like your touchID fingerprints, the information is encrypted on your phone in a way that it cannot be extracted.

The Fight

While the list of retailers supporting Apple Pay is fairly short, many quickly discovered that it worked at places not officially supporting apple pay, as long as they had enabled NFC readers. This included CVS, Rite-Aid, and other stores.

Now, these retailers have disabled their NFC readers. They no longer work with Apple Pay, or with the Android phones they used to work with.

If you're wondering why they would make life less convenient for customers, it's because they want to implement their own system called MCX, one not tied to the banks as the system that Apple (and Google wallet) are using. The reason they are doing this is one I'm highly sympathetic with - it's a reason the company I worked for stopped taking credit cards for a while - the requirements and charges tied to credit card processing. And they have every right to decide how and when they get charged to process a payment.

Unfortunately, that's where my sympathy stops.

First, their alternative solution is not out yet, and assuming it's not delayed, won't be out until next year.

Second - it is far clunkier to use, even compared to Google's wallet. You not only have to open up an app, but now you have to scan a QR code (one of those funky squares-full-of-static patterns) which allows the phone to set up the transaction, which gets triggered between the merchant and the bank, and gets approval.

I'm going to ignore for a minute how often (though rare these days, especially indoors in ideal lighting) QR codes simply don't read. Even on a high resolution "retina" display generated barcodes can be difficult for existing scanners to pick up.

Per the article, it will "enrich the customer experience" - not by making you spend less time checking out - but by allowing your retailer to better track you so they can give you coupons.

How will they get your money if they don't send a transaction to the credit card company?

The retailer themselves may not store your card and account info, but your (debit and store, not credit) cards and account info for "ACH" (direct) access will be stored online in a "cloud vault".

Three guesses what's going to be a major hacking target? In the case of Apple Pay, the Credit Card companies and banks have been dealing with this for years, and as they absorb the fraudulent charges, have one heck of an incentive to stay on top of things.

So they disabled the Apple Pay/contactless terminals their proposed system wont need. This shows the priorities: the retailers are willing to disable features that improve customer convenience and choice, that don't cost them any extra, so that they can gather more data on their customers.

The Upshot

It won't get me to stop shopping at some of these stores that have cut off Apple Pay, but where an alternative exists that fills the same niche that does accept Apple Pay, I'll be more inclined to spend the money there instead. I don't plan on using the MCX alternative.

Apple pay (and related systems) are:

  • Easier to use - more so Apple Pay here, though I look forward to Android making some changes to improve ease of use...
  • More private - retailers can collect far less information on you.
  • More secure. No retailer or clerk gets to see your credit card, no retailer stores it, and your chances of someone stealing that drop massively.
  • Here now.

The alternative:

  • Gives you less privacy
  • Has less security of your banking information as you have to store it at a third party
  • Will be clunkier to use, and
  • Isn't available yet.
Thursday
Jan302014

Learning

Recently, an article was published on the effectiveness of taking notes by hand on paper vs. via typing/computer.

I found it interesting in part because it reflects something that has been part of my learning and creative habits, that I always assumed were formed mostly by the unavailability of cheap portable computers, and the ready availability of pen, pencil, and paper. Even though typewritten notes were more thorough, there was effectively no impact on the ability to remember facts when questioned a short time later, but there was a noticeable difference - in favor of those taking notes by hand - in how well ideas were retained.

When the experiment was run again, with the results being measured by a test taken a week later, the differences were even more pronounced.

Why is this? I don't know. Part of me has long felt that the time taken to write things out - since writing is muscle memory - forces you to focus more on what you are writing, and that the need to condense the information simply to keep up as you're writing it forces you to re-work and better understand the information. You also have the aspect that repetition and/or greater sensory involvement (tactile and / or spatial when it comes to diagrams and notes) helps improve menory and understanding.

The upshot is that I realize I've always done something like this. When I want to concentrate and actively understand something, I don't type out the notes. I doodle, or write them by hand. Or simply don't take notes so I can utterly focus on a conversation (parent teacher conferences, for example). When studying for advancement exams as a mechanic in the Navy, my practice was to read through once (getting an overall feel for the main poitns presented), to read through with a highlighter annotating the most crucial information, and then to go through the hilighted sections and make my own annotated handwritten notes.

I scored quite well.

Additionally - and this is a habit I see in a number of digital and 3D artists who grew up with ready access to computer-only tools - drawings, models, and sketches almost always start out on paper or other physical media before being scanned in to use as a starting point on the computer. Many many artists only convert to digital after the work is finished. Yes, I expect to see some changes to this with some of the excellent tablet-driven sketching programs, but then these programs work hard to provide the feedback and feel of a piece of paper and pencil/pen/paint.

Finally - whether it's mapping out roles in a program, or the functions and hardware in a network, that almost always is first done on paper as well, regardless of what drawing tool (Viso, the google drawing app, Omnigraffle, etc.) is used.

Sunday
Sep152013

Chromebook Management and Wifi Networks: Devices vs. Users 

I've recently had some experience adding 30 or so Chromebooks to a school network, complete with device management licenses, and so far I am, overall, impressed.

One thing that is actually pretty cool because you can actually set available and auto-connected wifi networks for managed Chromebooks based on what organization or suborganization they belong to. That said, I ran into an odd bit while setting up the wifi settings.

FIrst of all, most Chromebooks are wifi dependent, so when they're first started up and enrolled, they have to be on a wifi network. I've found the easiest way to do this is just temporarily use or set up an "open" network.

Please note - I do mean enrolled. By default, if you want the Chromebook to be tied to a management license or system via Google apps for business (or education), you cannot simply sign into the Chromebook with an organization email address. Make that mistake and you need to wipe it back to factory settings. One option - if ordered directly through Google (with known MAC addresses) - you can to set up auto enrollment, and anyone signing in with an organization email automatically enrolls the Chromebook as well.

The option we took was to manually enroll the Chromebooks by hitting the key sequence CNTRL-ALT-e after attaching the chromebook to the open wifi network.

Once enrolled, sign in. Once it is online, the Chromebook starts picking up settings, including the aforementioned wifi settings.

Here we get into an oddity. In the network settings tab of the device settings (above) there are actually TWO sets of wifi settings that can be set or inherited at any level of the organization. Devices, and Users. You can think of "device" wifi settings as those that are available even when no-one is logged in. Since a new user needs to be on the internet to sign in for the first time, they either need access to an open network, OR valid wifi settings under "device" for a secure network provided via the management settings.

"User" wifi settings are used to manage what wifi credentials are pre-loaded and available to any user account that signs into that device. This can be an entirely different set of networks, or simply the same one that was used to log in.

Tuesday
Dec042012

Different Languages...

Sometimes I think it's a tragedy that two people merely think they're speaking English to each other, but in reality, they're not only talking past each other, but speaking completely different languages.

What?

Okay, I'm going to vastly oversimplify things here, but I've got another proposition. Engineering speak is not english. Neither is computer-geek speak. Neither is builder speak, physics-speak, contractor speak, architect speak, navy speak, or doctor speak.

Sure, the words sound like English. Some of them. At least until you hit that which we call "jargon" but is really your first clue you've left english as most people know it. Some of the words even share a similarity of meaning with their common origins.

An old joke to illustrate:

If you give the command "SECURE THE BUILDING", here is what the different services would do:

The NAVY would turn out the lights and lock the doors.

The ARMY would surround the building with defensive fortifications, tanks and concertina wire.

The MARINE CORPS would assault the building, using overlapping fields of fire from all appropriate points on the perimeter.

The AIR FORCE would take out a three-year lease with an option to buy the building.

It's hoary, and too-often told, but aside from what it illustrates about stereotypes of the various armed services, it also illustrates that while those services are using something resembling english, they have an entirely different set of assumptions and definitions for what appear to be the same sound symbols, when operating in a military context, than when using regular English.

Sure - look the word "secure" up in the dictionary, and you'll see enough different definitions to support all of those interpretations. This allows us to walk away secure in the knowledge that we're only speaking one language.

Of course, we are talking about the language that mugs other languages for spare grammar. Where Spanish, German, and French might use one word each to describe a range of nuances, based on context, English borrows a word from each of them, and uses each for a subtly different meaning.

It gets worse when you talk programming languages. Sure, the vocabulary is smaller, and the rules of grammar and syntax, while different for each, are fairly rigid and well defined. Yet, if you look at the actual words used - if, until, go, class, procedure, etc., they look like english. English with very formalized meanings.

A non-programmer looking at code from several languages like Ruby, Perl, Java, C, and Python might have a hard time telling that they're even different languages. Well, except Python, which happens to be pretty visually distinctive. And yet, while the languages have many commonalities, the subtle differences in between them, and between these languages and other languages like Smalltalk and Haskell, result in completely different metaphors and methods for solving the same problem. Completely different ways of thinking about things, different models of thought.

Each language, each set of restrictions, each context, each set of grammatical and syntax rules, that tells us how to interpret and understand these symbols which often look alike, result in you having to think in a completely different way to solve a problem. In much the same way that the different grammar, structure, and conjugation rules for German, Spanish, and Lithuanian require you to approach speaking a simple statement in completely different ways.

Learning to be a carpenter involves not only learning words you may have never heard of that only apply to carpentry, but definitions of words, and terms of art, that may have completely different meanings from those outside of that context.

And learning those multiple contexts and the different patterns and assumptions and metaphors behind them make it easier to find solutions that people who've only seen one of those concepts may never have spotted. Programmers are often recommended to learn several languages, especially oddball ones with completely different idea structures like Haskell, because even if they never make a living programming in those languages, it will help them become better programmers and problem solvers.

The same is true of learning a new skill like carpentry, painting, hiking, skating, or shooting. It gives you a new language (even if it sounds like english) and a new set of thought-patterns and symbols.

Which brings me to another, final thought.

Most of these "languages" I've discussed here are still, in the end, subsets of English. But, while the lessons and tools they give you may be different, just like a 'real' foreign language, they give you a very similar experience in mapping a new set of mental tools.

But it really does confuse communication when two people think they're talking "English" - and they're not. At least not the same english.

Monday
Dec032012

Not Very Wise Support

Perhaps I've been living in a standards-compliant web-design bubble. I've always been aware that one had to design around and account for odd quirks in page design when making sure websites look just as good in Microsofts Internet Explorer as they do in Chrome, Firefox, and Safari. I've even run across a few business banking sites that absolutely require Internet Explorer in order to manage the add-ons and check scanners.

That said, I think today is the first time I've ever seen a customer support site, even for a windows-centric product, that not only "required" Internet Explorer, but was utterly and completely unusable in any context without it. Unusable as in you could not even look up knoedge base and support articles.

Lest you think I'm kidding, check out the support FAQ page for the customer support portal for sage software. Under the question "What are the supported internet browsers for the Sage Customer Portal?":

 

Internet Explorer is the supported internet browser for use with the Sage Customer Portal.
If you use Firefox, Chrome or other browsers and encounter issues, we recommend using Internet Explorer instead.
If you use Internet Explorer 8 or 9, click the Compatibility View button  to the right of the address bar to avoid potential issues. To permanently enable Compatibility View for the Sage Customer Portal, go to Tools > Compatibility View Settings and click [Add].
First of all, there's several possible meanings for "we don't support other browsers." One is "We don't guarantee that you will see everything on the page, or everything the way we intended it to work." The other extreme is "nothing on the page works." The latter is something you get on specialized banking sites incorporating direct check deposit scanning through activeX extensions, and the like.
It's not something I expect on a customer support page. I'll grant that not all of their products have inaccessible support pages. The pages for their Act! customer relations management product work fine in other browsers. 
I also understand that the information in the support portal is tied to the products you've purchased from them, but this is also not a new problem for dozens of internet companies providing cloud-based services. I can even, understand restricting access to isntaller downloads and knowledge base articles to paying customers - Sage is hardly the only software vendor to do so.
But the only thing seen in Firefox, Safari, or Chrome, is a failed plugin message.
Making access to documentation and troubleshooting information completely unavailable in any other browser is completely unacceptable. 
Not bothering to update your site to be compatible with the last three versions of internet explorer, including versions nearly four years old, is icing on the cake.