International data roaming prices

 Communication, Internet  No Responses »
Jun 162013
 

tLast month, I was in Europe. It was fun (apart from a stomach bug that crippled me for two days.)

While in Europe, I used my smartphone. My phone is unlocked. I originally planned to purchase SIM cards in Hungary and the UK, to minimize costs. In the meantime though, I found out that Telus had fairly decent international data roaming packages. I already have a Telus SIM card, in a data stick that I use as a backup Internet connection. So instead of wasting my time hunting for local SIM cards with the right features, I put the Telus SIM card into my phone for the duration of this trip.

I used 191 megabytes of data, 51 minutes of voice, and 1 text message during this trip. The first 100 megabytes were covered by a $65 data package, after which data was charged at $1/megabyte. Here is the breakdown of my final bill:

Package $65.00
Data $90.72
Voice $76.50
Text $0.60
TOTAL $232.82

As it turns out, the plan I chose was not optimal: a slightly different plan that combined voice and data would have saved me an additional 17 dollars or so. But it is hard to anticipate in advance how you would use your phone (I expected to rely more on Skype, but Skype was often not working very well). On the other hand, without a plan, I would have paid through my nose:

Package $0.00
Data $953.60
Voice $76.50
Text $0.60
TOTAL $1,030.70

Even this is nothing though compared to what Rogers would have charged me. Without a plan, the amount is almost astronomical:

Package $0.00
Data $1,907.20
Voice $102.00
Text $0.75
TOTAL $2,009.95

Even with the best plan available at the time (purchasing three times 75 megabytes plus 40 minutes of international voice roaming) I would have paid more than three times as much as I paid Telus:

Package $725.00
Data $0.00
Voice $14.85
Text $0.00
TOTAL $739.85

Rogers has since introduced new prices and new roaming packages, so it is only fair to check what I would have paid under the new scheme. After purchasing 100 megabytes of data and 40 minutes in advance, the total would have come to:

Package $160.00
Data $91.00
Voice $14.85
Text $0.00
TOTAL $265.85

So the new Rogers plan is still beaten by the old plan of Telus to the tune of over 30 dollars (or more like 50 dollars, had I purchased the optimal Telus plan).

No wonder Rogers doesn’t want you to unlock your phone.

 Posted by at 10:45 am

Facebook miseries

 Internet, Personal  No Responses »
Jun 082013
 

Today I realized that in the past month, my blog has once again become what blogs were meant to be originally: a write-only medium that nobody reads.

Well, almost. The few people who actually bother to look it up at spinor.info could still read it (and thank you for your interest!) The few people who follow my tweets may have seen my posts. People on Google+ may have seen them as well, but are there still people on Google+?

However, the WordPress plugin that I’ve been using for the last couple of years now to publish my posts automatically on my Facebook page has quit on me. And since I was not usually checking my own Facebook posts, I didn’t even notice that something was amiss, I merely assumed that my Facebook friends were really not that interested in what I had to say.

In reality, my posts never made it to Facebook. The culprit has been one of the stupid “migrations” of the Facebook API (Application Programming Interface), which I foolishly enabled, thus breaking the plugin.

Anyhow, thanks to a helpful hint by the plugin’s developer in a WordPress support forum, I was able to find the cause and fix the problem.

I have yet to figure out why people who develop software on which other people depend, most notably people who develop software libraries that are used by other people’s programs, are so keen on making changes that seemingly serve no useful purpose other than breaking said other people’s programs.

Grumble.

 Posted by at 10:31 pm

Freedom is slavery! Ignorance is strength!

 Computer Security, Internet, Politics  2 Responses »
Jun 082013
 

Yes, it’s Orwellian, and this time around, it’s no hyperbole.

The US government apparently not only collects information (“metadata”) on all telephone calls, they also have the means collect e-mails, online chats, voice-over-IP (e.g., Skype) telephone calls, file transfers, photographs and other stored data, and who knows what else… basically, all data handled by some of the largest Internet companies, including Google, Facebook, Skype and others.

Last summer, I decided to revamp my e-mail system. The main goal was to make it compatible with mobile devices; instead of using a conventional mail client that downloads and stores messages, I set up an IMAP server.

But before I did so, I seriously considered off-loading all this stuff to Google’s Gmail or perhaps, Microsoft’s outlook.com. After all, why should I bother maintaining my own server, when these fine companies offer all the services I need for free (or for a nominal fee)?

After evaluating all options, I decided against “outsourcing” my mail system. The fact that I did not want to have my mail stored on servers that fall under the jurisdiction of the US government played a significant role in my decision. Not because I have anything to hide; it’s because I value my privacy.

Little did I know back then just how extensively the US government was already keeping services such as Google under surveillance:

 
 

From the leaked slides (marked top secret, sensitive information, originator controlled, no foreign nationals; just how much more secret can stuff get?) and the accompanying newspaper articles it is not clear if this is blanket surveillance (as in the case of telephone company metadata) or targeted surveillance. Even so, the very fact that the US government has set up this capability and recruited America’s leading Internet companies (apparently not concerned about their reputation; after all, a presentation, internal as it may be, looks so much nicer if you can splatter the logos of said companies all over your slides) is disconcerting, to say the least.

True, they are doing this supposedly to keep us safe. And I am willing to believe that. But if I preferred security over liberty, I’d have joined Hungary’s communist party in 1986 instead of emigrating and starting a new life in a foreign country. Communist countries were very safe, after all. (And incidentally, they were not nearly this intrusive. Though who knows how intrusive they’d have become if they had the technical means available.)

One thing I especially liked: the assurances that the NSA does not spy on US residents or citizens. Of course… they don’t have to. This will be done for them by their British (or Canadian?) counterparts. No agency is breaking any of the laws of its own country, yet everybody is kept under surveillance. And this is not even new: I remember reading an article in the Globe and Mail some 20 years ago, detailing this “mutually beneficial” practice. I may even have kept a copy, but if so, it is probably buried somewhere in my basement.

Meanwhile, I realize that the good people at the NSA or at Canada’s Communications Security Establishment must really hate folks like me, though, running our own secure mail servers. I wonder when I will get on some suspect list for simply refusing to use free services like Gmail that can be easily monitored by our masters and overlords.

 Posted by at 7:17 pm

Cats on Google Street View

 Cats, Internet, Personal  No Responses »
May 262013
 

I noticed that the pictures on Google Street View for our neighborhood were updated recently. Much to my delight, I noticed that two cats from the neighborhood, cats that we have known for at least seven years, were photographed by Google’s cameras:

Yes, my wife and I are both fond of cats. Not just our own four cats but also cats from the neighborhood.

 Posted by at 4:07 pm

Suspect in custody

 Internet, Legal, Society  No Responses »
Apr 192013
 

Minutes ago, a tweet from the Boston Police Department: “Suspect in custody. Officers sweeping the area. Stand by for further info.”

If true: if these two were indeed the clowns who committed mass murder on Monday, then congratulations are in order. They may have shut down a major metropolis for a day, but the result was worth it. This was not a shutting-the-barn-door-after-the-horses-left overreaction, but appropriate action in light of the fact that an extremely dangerous clown with explosives was on the loose. If I lived in Boston, I’d seriously consider intercepting a random off-duty police officer and inviting him for a beer.

An interesting side note, though, about how information flows (or doesn’t flow) in the 21st century: despite the massive media presence and the non-stop breathless reporting, in the end Anderson Cooper broke the news by reading the above tweet from the Boston Police Department. Not sure what it says about the freedom of the press and the authorities’ ability to control the message in this day and age.

 Posted by at 8:58 pm

Google Reader, RIP

 Internet  No Responses »
Mar 152013
 

Yesterday, when I logged on to Google Reader, I was presented with a notice indicating that Reader will be shut down July 1st.

Too bad. I was not using Reader much, but it was the one semi-automated means with which I was reasonably comfortable that allowed me to share my blog posts on Google+. Whether or not I can be bothered to continue with Google+ afterwards remains to be seen. Maybe not… blogs are meant to be a write-only medium anyway (I yell at the world, I do not expect the world to yell back at me), a model which is kind of broken in this era of social networking.

Anyhow, it appears that a number of people are quite upset at Google’s decision, and they even started a petition that is rapidly approaching 100,000 signatures. (Yes, I signed it, too.) So who knows, maybe Google will listen and Reader will get a reprieve.

 Posted by at 9:03 am

Daylight savings nonsense

 Internet, Politics, Space  No Responses »
Mar 102013
 

To the esteemed dinosaurs in charge of whatever our timekeeping bureaucracies happen to be: stop this nonsense already. We no more need daylight savings time in 2013 than we need coal rationing.

It is an outdated idea, the benefits of which may have been dubious even at the time of its inception, and are almost certainly nonexistent today. But the harm is real: you are subjecting the entire population to a completely unnecessary one-hour jetlag each spring.

Being self-employed and working mostly from my home, I am among the least affected, but I still find this clock-forwarding business just boneheadedly stupid and annoying.

Oh, and while you are at it… would you please get rid of leap seconds, too? Another harmful solution to a nonexistent problem. So what if our clocks are out of whack by a second with respect to the Earth’s rotation? Does it bother anyone?

Oh wait. The organization in charge of leap seconds is the ITU. The same ITU that is busy trying to place the Internet under international regulation, at the bidding of such champions of Internet freedom like China or Russia. No wonder they have little time left in their busy schedule to abolish leap seconds.

 Posted by at 9:07 am

Yahoo! and working from home

 Internet, Society  No Responses »
Feb 272013
 

yahooThere has been a lot of discussion lately about Yahoo! CEO Marissa Mayer’s decision to ban working from home at her company.

Many criticized her decision. Some of them raised some good points about productivity and flexibility, and the ability to accommodate workers such as expectant women.

Others supported her decision, pointing out that at Yahoo! more than at other similar high-tech companies, slackers have abused work at home privileges to such an extent that some barely did any work for Yahoo! at all.

But there is one thing conspicuously missing from this discussion: why should Ms. Mayer concern herself with this issue in the first place? Why is she micromanaging her workforce? Should it not be up to lower-level managers to decide who can work from home and why, how, and when?

 Posted by at 1:50 pm

Slackware surprise

 Computers, Internet  No Responses »
Feb 062013
 

I happen to be using the oldest surviving Linux distribution, Slackware, on my servers. I have been using Slackware for a very long time; in fact, the only other distribution I ever used was the first Linux distribution, SLS (Softlanding Linux System), which was ultimately succeeded by Slackware.

Now I realize that while Slackware is perfect if you actually know what you are doing, it is not the easiest distribution to use. It lacks many of the system management, package installation and dependency resolution tools that users of more recent distributions take for granted.

This is why I was very surprised when I read this morning in PCWorld that in a recent survey conducted by LinuxQuestions.org, Slackware was found to be the most popular desktop Linux distribution. I may have expected to see Slackware fare well on servers, but the desktop? Mind you, I am very pleased to see that Slackware is doing well, even though it appears to have been a somewhat informal survey.

As to servers, Slackware came in as a close second, narrowly beaten by Debian. Even a second place finish is impressive for this venerable distribution.

I just hope that Slackware is here to stay for a long time to come. I would loathe to switch distributions after all these years.

 Posted by at 10:35 am

21st century

 Aviation, Internet, Personal  No Responses »
Jan 292013
 

I may be sitting on board a decidedly 20th century airplane but I suddenly feel like I arrived in the 21st at last… being able to check my email and post to my blog from 30,000 feet.

image

 Posted by at 12:18 am

Anonymous war declaration

 Internet, Politics  No Responses »
Jan 262013
 

Anonymous attacked the Web site of the United States Sentencing Commission, an independent agency of the United States government responsible for articulating federal sentencing guidelines.

The USSC.GOV Web site is down (or rather, there is no DNS service for ussc.gov or www.ussc.gov; I guess that is one way of taking down a corrupted Web site) but I found the defaced content in Google’s cache, including the Anonymous letter in its entirety, as well as the accompanying YouTube video (with surprisingly good production values.)

The letter is a long rant, but I am not altogether unsympathetic to what they have to say. The death of Aaron Swartz was an absolute disgrace. It was also a completely unnecessary demonstration of a justice system gone berserk. And the concerns expressed by Anonymous over disproportional punishments, the presumption of innocence gambled away by plea deals in the face of excessive sentences and unaffordable justice, or criminalization of violations of terms of service are all concerns I share.

What I don’t share is the belief of Anonymous that the perceived criminality of government can be repaired by criminal acts of their own. Their “solution” does not lead to a better society; it leads to anarchy. Then again, weirdly and confusingly, Anonymous appear to understand this when they write, “We understand that due to the actions we take we exclude ourselves from the system within which solutions are found. There are others who serve that purpose, people far more respectable than us, people whose voices emerge from the light, and not the shadows.”

I am more than a bit puzzled by the second half of their message. In this half, they describe a “warhead”, perhaps some cybertool that they are distributing to their followers this way. The instructions are simple: download all components, assemble them, and wait for the moment that hopefully never comes when you get a decryption key.

Ok-kay… well, the components no longer appear to be available (if they ever were) on the listed mirror sites, but that’s not the puzzling part. The puzzling bit is the command line offered that the would be Anonymous supporter presumably had to execute after downloading all the files named Scalia.Warhead1, Kennedy.Warhead1, Thomas.Warhead1, Ginsburg.Warhead1, Breyer.Warhead1, Roberts.Warhead1, Alito.Warhead1, Sotomayor.Warhead1, Kagan.Warhead1:

cat Scalia* Kennedy* Thomas* Ginsburg* Breyer* Roberts* Alito* Sotomayor* Kagan* >
    Warhead-US-DOJ-LEA-2013.aes256 && rm -rf /

In plain English: assemble all the parts into a file named Warhead-US-DOJ-LEA-2013.aes256. If successful, wipe out your entire hard drive.

Say what? Yes, wipe out your entire hard drive. That’s what rm -rf / does on a UNIX system.

That is, that’s what rm -rf / does on a UNIX system if a) you are logged in as root, and b) you are dumb enough to execute it.

So what exactly are Anonymous trying to pull here? Do they think American investigators are so dumb that they would follow these instructions without question, but their own followers are smarter? Is it a kind of an intelligence test to prevent stupid people from joining Anonymous? Or has the Anonymous letter itself been hacked?

 Posted by at 9:07 am

Comprehension

 Internet, MUD, Society  No Responses »
Jan 172013
 

signonMany years ago, I created a form where players can sign up to play MUD2. To keep things relatively uncomplicated, I just created two fields for the player’s name: one labeled “Last Name” and the other, “First Name and Initials”. To me it was self-evident that if I encountered a form like this, I’d enter “Toth” and “Viktor T.”, respectively, into these fields.

But soon I found out that I was wrong. I got one signup after another like “Doe”, “John JD”. Or “Doe”, “John, JAD” if the delinquient’s middle name happened to start with an A.

What’s wrong with my form, I asked? Perhaps it’s my English? I quickly Googled “First name and initials” and found a great many hits. It was clear from the context that none of them asked for all your initials, only the initials of any additional given names that you might have, just like I did. Yet registrations in the form of Doe, John JD kept on coming. Do these people write “John JD” on passport and other official forms, too, when they are requested to enter their “Middle name and initials”?

Just to be absolutely clear, though, I added an asterisk to the field and a note: “*In case there’s a misunderstanding, this means any EXTRA initials you might have. If you’re called John A. Doe, put John A. in this field, not John JAD. And if you’re John Doe, well, that means that you have no initials to put here next to your first name!

It didn’t help. To this date, I continue getting registrations in the form of Doe, John JD.

Nowadays, this is more amusing than annoying. I needed to know the name and country of residence of players when we charged for MUD2, for tax purposes (among other things, I was obliged to collect the Goods and Services Tax from Canadian players.) But now that the game is free, it really doesn’t matter anymore what your name is. So long as you supply a valid e-mail address, I have a means to contact you if I must (which means almost never. And no, I don’t collect and sell e-mail addresses.) But perhaps it does illustrate why I always found programming so much easier than dealing with people.

 Posted by at 9:52 am

Aaron Swartz, dead at 26

 Computer Security, Internet, Science  1 Response »
Jan 122013
 

jstor_logoComputer pioneer Alan Turing, dead for more than half a century, is still in the news these days. The debate is over whether or not he should be posthumously pardoned for something that should never have been a crime in the first place, his homosexuality. The British government already apologized for a prosecution that drove Turing into suicide.

I was reminded of the tragic end of Turing’s life as I am reading about the death of another computer pioneer, Aaron Swartz. His name may not have been a household name, but his contributions were significant: he co-created the RSS specifications and co-founded Reddit, among other things. And, like Turing, he killed himself, possibly as a result of government prosecution. In the case of Swartz, it was not his sexual orientation but his belief that information, in particular scholarly information should be freely accessible to all that brought him into conflict with authorities; specifically, his decision to download some four million journal articles from JSTOR.

Ironically, it was only a few days ago that JSTOR opened up their archives to limited public access. And the trend in academic publishing for years has been in the direction of free and open access to all scientific information.

Perhaps one day, the United States government will also find itself in the position of having to apologize for a prosecution that, far from protecting the public’s interests, instead deprived the public of the contributions that Mr. Swartz will now never have a chance to make.

 Posted by at 4:53 pm

Google and privacy

 Internet  No Responses »
Jan 112013
 

Message to Google: please do NOT start uploading photos from my phone to Google+ without first asking for my bleeping permission. I don’t care if only I see the pictures. I don’t want you to upload crap from my phone without asking, is that clear?

 Posted by at 11:05 pm

Facebook likes

 Internet, Personal  No Responses »
Dec 202012
 

facebook_like_button_bigI use a simple WordPress plugin, called “Simple Facebook Connect”, to automatically post my blog posts to Facebook. The plugin also provides a Like button for my posts. Recently, I noticed that a number of my posts acquired a fair number of Likes from apparent strangers.

Today, it became clear to me that the plugin is cheating. After exchanging a series of comments on Facebook in response to one of my blog posts, I noticed that every time a comment was added, the number of Likes went up by one. So no, I am not nearly as popular as I previously thought.

Oh well. Blogs are meant to be written, not read.

 Posted by at 10:12 am

Spam from Facebook friends

 Computer Security, Internet  No Responses »
Dec 112012
 

fbspamThank you, Facebook. Now I am getting garbage that is apparently coming from some of my Facebook friends, all because (no doubt in your eagerness to please your corporate sponsors and push your sinking share price up a little) you happened to leave open a gaping security hole allowing spammers to “scrape” friend lists and e-mail addresses.

Worse yet, it is possible that the same spammers are sending garbage to others in my name. And while I may know not to click on an unsolicited link even if it appears to come from a good friend, colleague, or close relative, others may not be so cautious.

One of these days, I’ll find myself a spammer and slowly strangle him.

 Posted by at 10:23 pm

PayPal is now evil

 Commerce, Internet, Legal  2 Responses »
Oct 292012
 

I use PayPal a lot. I initially started using the service for eBay purchases, but since, I’ve used it to sell calculators, to receive payments from advertisers, even to send money to family. I generally like PayPal. Indeed, I always considered them one of the “good guys”. After all, isn’t it PayPal’s very founder, Elon Musk, who seems to have single-handedly established the era of commercial spaceflight with his SpaceX venture?

But now PayPal is notifying me of a policy update. A policy update that is specifically designed to prevent users from using the court system. Yes, you can opt out, but you can only do so in a manner that is made intentionally difficult:

“You can choose to reject this Agreement to Arbitrate (“opt out”) by mailing us a written opt-out notice (“Opt-Out Notice”).  For new PayPal users, the Opt-Out Notice must be postmarked no later than 30 Days after the date you accept the User Agreement for the first time.  If you are already a current PayPal user and previously accepted the User Agreement prior to the introduction of this Agreement to Arbitrate, the Opt-Out Notice must be postmarked no later than December 1, 2012. You must mail the Opt-Out Notice to PayPal, Inc., Attn: Litigation Department, 2211 North First Street, San Jose, CA 95131. “

Yes, you need to use snail mail. Yes, the world’s leading digital payments company apparently lacks the ability to process an opt-out request electronically.

Of course what it really is about is that they are counting on you and me not making the effort to put a stamp on an envelope.

Which indeed I won’t. I never tried to sue PayPal in the past, nor do I have plans to do so in the future. And I will still use their services.

But, I no longer consider them one of the “good guys”.

 Posted by at 8:55 am

A microwave with a twist

 Hungary, Internet  No Responses »
Sep 122012
 

Seen on a Hungarian auction site, here is a used but functioning Whirlpool microwave oven, for the modest price of HUF 8,500 (about 40 bucks):

The picture looked a little weird, but I wasn’t paying it much attention until I read the first few buyers’ questions and the answers:

  • Dear Gaborka460! Do you happen to have a full-size mirror? Greetings, – Marci502
  • Dear Marci502! I don’t understand exactly, what do a full-size mirror and a microwave have in common? – Gaborka460
  • Dear Gaborka460! :D:D Full-size mirror – the front of the microwave served as a mirror! :) – Police198
  • Dear Police198! I am really sorry, you are right, the reflection was a mistake by the person who took the picture. – Gaborka460

Person? Wait a cotton-picking minute, let’s look at it a bit more closely:

Yikes. That’s not some freakish, malformed turkey. It is a human alright. Once seen, it cannot be unseen.

And the comments continued relentlessly. Here are some of the best questions and answers:

  • Dear Gaborka460! Your microwave is now famous! :) – Police198
  • Dear Police198! Weeell, I really didn’t mean it. – Gaborka460
  • Dear Gaborka460! Is the person squatting inside just an illustration or does he come with the microwave? Thanks in advance for your answer. Greetings, – Setfly
  • Dear Setfly! The squattttting person is just an unfortunate, accidental image confusion. – Gaborka460
  • Dear Gaborka460! Can we have this with a front panel depicting a female??? If so, does that change the price? – cukormeister
  • Dear cukormeister! Unfortunately not! Is this really important? – And then the darkness. – Gaborka460
  • Dear Gaborka460! Would you please provide exact measurements as it is difficult to decide just by the picture alone if the male figure is hiding inside the microwave or just a reflection? And does the male thong come with the winning bid? Thanks: – retrobudai
  • Dear retrobudai! Is this really important? – Gaborka460
  • Dear Gaborka460! A gym pass in exchange for the microwave. – gyuribacsi87
  • Dear Gaborka460! How much for the briefs+slippers, I offer a razor in exchange! – gyuribacsi87
  • Dear gyuribacsi87! I really don’t want to be vulgar! – Gaborka460
  • Dear Gaborka460! Forgive me, but do I see this right, is it really a broiled chicken in clogs sitting in the microwave? – NVShop
  • Dear NVShop! The picture is really bad, the question, dumb! – Gaborka460
  • Dear Gaborka460! No, of course it’s not a bad picture, quite the contrary. It made many people smile today. It’s my heartfelt wish that this famous microwave soon be sold. – BudaiBrigi
  • Dear Gaborka460! 50,000 is my last offer. – seftelo1
  • Dear seftelo1! I don’t really understand?! My asking price is 8,500 for the microwave. – Gaborka460
  • Dear Gaborka460! Sorry, you’re right. My mistake. Forgive my miserliness. I’ll give you 100,000 if we can hire you as a product photographer. – seftelo1
  • Dear Gaborka460! Nearly 150,000 views, that’s something:-) – Sikiferrari
  • Dear Sikiferrari! Weeeell; This is how to advertise! And it’s not even my expertise, and I didn’t mean to. – Gaborka460
  • Dear Gaborka460! Now that the microwave has sold, I’d like to know what you ask for the garden gnome in the swimming trunks that was inside? – RGgabor
  • Dear RGgabor! Asshole – Gaborka460

Even with this last comment, one has to admire the remarkable restraint of the seller, Gaborka460, and the overall civility of the discussion. Some of it may be due to vatera.hu’s commenting system or their moderators, of course. Still… it gave me a good laugh today. And the broiled chicken in clogs is well on its way towards becoming the newest Hungarian Internet meme.

 Posted by at 6:25 pm

Kafkaesque

 Books, Internet, Society  No Responses »
Sep 082012
 

Here is a scary story: after a university professor referred jokingly to two absentee students as “spooks”, he became the subject of allegations of racism despite being well-known for his previous work on civil rights and racial equality. It so happened that the two missing students were African American, a fact of which the professor was unaware.

This Kafkaesque nightmare was the inspiration of a novel, “The Human Stain”, by author Philip Roth. Yet the novel itself became part of a Kafkaesque story on Wikipedia recently. That is because the Wikipedia entry falsely stated that the novel’s inspiration was a New York writer. When Roth asked for the article to be corrected, he was told by a Wikipedia administrator that “I understand your point that the author is the greatest authority on their own work, but we require secondary sources.”

Wikipedia’s goals to have facts backed by sources and to not contain original research are laudable. But sometimes, they go a tad too far (to say the least), a situation I ran into myself when contributing minor edits to entries about certain television series. Original research is one thing, but when prima facie evidence that is available for all to check contradicts a “secondary source”, shouldn’t it be obvious that the secondary source is simply wrong?

The story does have a happy ending, though. Now that Roth published an open letter in The New Yorker, the letter itself qualifies as a “secondary source”, and the Wikipedia entry is now updated. But if anything, this resolution just adds to the Kafkaesque surrealism of the story.

 Posted by at 6:06 pm

Samsung security breach

 Computer Security, Internet  No Responses »
Sep 072012
 

So recently, I got a nice new phone, a Samsung Galaxy S II.

When I set it up, I realized that Samsung chose to replace the built-in Google e-mail application with their own. This was a bit of a disappointment as the Samsung version seemed a tad less flexible and less configurable than the (also pedestrian) Google program, so I opted for the open-source K-9 Mail instead, which works very well indeed.

Today, I noticed that all of a sudden, my server is showing IMAP logins using my user ID from a strange IP address, occurring like clockwork, every five minutes. The IP address belongs to Samsung in Germany, Frankfurt to be precise. This was odd because my phone was actually connected to my home Wi-Fi, so there was no reason for it to go through a distant proxy server. Suspecting that something was afoul, I turned the phone off. The IMAP logins from the German IP address continued.

At this point, I immediately changed all relevant passwords. The login attempts (no longer successful) continued for a while, then stopped.

But what was this? A bit of research showed that the IP addresses are characteristic of Samsung’s “Social Hub” program. Apparently when I entered my login credentials using the Samsung version of the basic e-mail app, it passed on that information to Samsung’s Social Hub servers. So without my knowledge and my approval, my password to my personal account on my Linux server was sent to, and stored on, a server in a foreign country. (And no, I don’t want to hear that I actually gave my approval by clicking the Accept button on a 50-paragraph unreadable user agreement when I started using my phone. This kind of potential security breach must require up-front notification of the user and explicit approval.)

I have since kind of confirmed it by noting that Social Hub indeed shows my e-mail account as being registered, even though I deleted my login credentials days ago from the Samsung e-mail app proper. Worse yet, it seems impossible to delete this account from Social Hub; when I try, I just get a “Loading…” screen that stays on forever.

I still like this phone, but my opinion of Samsung just sank several notches all at once. A high technology company should be much more conscious of its users’ security needs and much more proactive in protecting them. Indeed it leaves me wondering if, perhaps, it might have been possible for a smart hacker to use social engineering and trick Samsung into revealing this information… which Samsung should never have obtained without my explicit permission in the first place.

 Posted by at 9:37 pm
 Older Entries  Newer Entries