Skip to content

iPhone 6s battery refurb is only $49 until the end of June

If you are still enjoying an iPhone 6s, be advised…. it becomes a “vintage” product on June 30th, 2022; so get it in for repairs/refurbishment before then if you want to keep using this fabulous model.

Oh joy, a more sophisticated spam/extortion racket

My spam filters caught an interesting message recently, an email from myself (from field forged) claiming that my account was hacked and correctly naming my email address (account name) and a legit past password… hmm, I am paying more attention now…

The would be extortionist is asking for bitcoin worth about $837 presently, and threatens to expose my alleged naughty site visits to my entire contact list. At this point I am chuckling, as I don’t care (threats of embarrassing websites are not embarrassing to me) and I realize it s all a bluff; the password the extortionist claims to have used to access my computer was never the password to my computer, though it was my old Yahoo! account password until all those millions of Yahoo! accounts were exposed in about October of 2014…

Then it occurred to me; if a user was not as scrupulous about unique passwords for each account, they might be exploitable through this method… Heads up, if your account at Yahoo!, Target, Home Depot, Equifax, Experion, PlayStation Network or any other site is exposed, it is NOT proof that crackers actually have access to anything other than that one account… ask for proof.

The quest for lower cost internet service

In my ongoing quest for lower cost internet service to the house I switched from Comcast/Xfinity to Verizon/FIOS today.

It turned out to be relatively quick install of FIOS internet-only service, which works fine with my own router (you only need a Verizon router if you don’t already have a router or if you need TV and phone services as well as internet).

It also turns out to be relatively painless to cancel Comcast – about 28 minutes internet chat… not at all what I had feared after reading stories on the internet; Comcast did want to make me a better deal – but they could not go below $49.99/month.

Basic internet service should be commodity priced – but it is not yet… so we will continue to play this game until it is.

Cable Modem problems resolved, I hope

I have been having a problem with my cable modem losing signal strength and then either regaining it, or being unable to establish connection and rebooting automatically for a while now. It has been very frustrating.

I could see errors like these in the Cable Modem’s logs at http://192.168.100.1 (most Cable Modems have a local-only web-status page at that address):


Ranging Request Retries exhausted;CM-MAC=b8:16:19:2e:7a:ee;CMTS-MAC=00:01:5c:96:de:64;CM-QOS=1.1;CM-VER=3.0;
Unicast Maintenance Ranging attempted - No response - Retries exhausted;CM-MAC=b8:16:19:2e:7a:ee;CMTS-MAC=00:01:5c:96:de:64;CM-QOS=1.1;CM-VER=3.0; Cable Modem Reboot due to T4 timeout ;CM-MAC=b8:16:19:2e:7a:ee;CMTS-MAC=00:00:00:00:00:00;CM-QOS=1.1;CM-VER=3.0;

When things are working – I’d typically see downstream power levels in the 0 dBmV (-1 or 1, sometimes -2) range across all 8 channels. A few times a week that would drop entirely and the modem would reboot and recover.

Frustrating.

Opened and Xfinity Support Chat – was assigned “RAM” who ran through a checklist… mostly more frustrating and boring, except…

one item was to check or replace the coax from wall to cable modem…
when checking it – I discovered a no longer used old T-Splitter inline between – probably from when I had Cable TV as well as Internet only (cancelled that in 2011). An unterminated coax is an antenna if I recall, and that would cause problems.

I removed that from the loop (connected Coax feed directly to the modem , bypassing the old T-Splitter)…

Result: Presto – immediately got 3 dBmV on all 8 channels (much stronger signal) – the un-terminated splitter was the problem I think.

Only time will tell – but I suspect that fixes my issue.

Leave Facebook Now

Facebook (specifically Sheryl Sandberg and Mark Zuckerberg) knew that Russians were manipulating American voters in June of 2016, and not only did they abstain from trying to stop the blatant manipulation, they denied it was happening at all. They lied. The entire platform is designed for exactly this sort of manipulation. Leave now.

Sources:
https://www.nytimes.com/2018/03/19/technology/facebook-alex-stamos.html

https://www.vox.com/policy-and-politics/2018/3/21/17144748/case-against-facebook

http://www.businessinsider.com/well-these-new-zuckerberg-ims-wont-help-facebooks-privacy-problems-2010-5

https://500ish.com/foot-in-mouthbook-c35a64cd9341

https://twitter.com/brianacton/status/976231995846963201

https://www.thedailybeast.com/exclusive-mark-zuckerberg-awol-from-facebooks-data-leak-damage-control-session

https://www.facebook.com/sheryl/posts/10160055807270177

Update: Deleted the account on March 23rd; because:
1) I want more in exchange for the incredible value Facebook derives from data about me
2) I want Facebook to do more to prevent the spread of misinformation and fake news

Since there is no incentive for Facebook to ever do either of the above, I am done.

Outer Banks

Apologies to those of you whom I scoffed at when you told me you could surf North Carolina’s outer banks. I was wrong, you most certainly can!

I recently visited Kill Devil Hills, NC with some buddies from high school and enjoyed some damned good food and good beaches and wind and waves. I watched a young man get up on some pretty small waves with a very small board and do some fun stunts from the shore and talked with him briefly after he finished. It brought back some pleasant memories of being in the USAF in Hawaii, in 1985-1986.

I am now kicking myself for not checking out the Outer Banks as soon as I came to the Washington DC area; it’s only about 5 hours drive (ok, 6 hours if you stop at Pierce’s Pit BBQ in Williamsburg, VA about half way along the route).

Still happy with my 2006 Prius

My trusty 2006 Prius is still going strong. On a back from North Carolina’s Outer Banks I managed to average 54.2MPG over 336 miles (admittedly mostly highway miles and it was nice enough to need neither AC nor heat). Changing the HID Zenon D4R bulbs was much easier than I expected as well. $28 for the pair of bulbs; and about 90 minutes of work in very cramped space – beautifully bright head lamps.

I am about to roll over 200,000 miles on the car.

Veterans get some military exchange benefits

Nice news for veterans: DoD will allow all honorably discharged veterans to shop at the online military exchange stores starting this Veterans’ Day… PX/BX/NEX pricing may have a tough time comparing to online internet pricing these days – but the tax-free aspect may appeal in some states.

https://www.defense.gov/News/News-Releases/News-Release-View/Article/1049503/department-of-defense-extends-online-military-exchange-shopping-privileges-to-v/

AAFES: https://www.shopmyexchange.com/
NavyExchange: https://www.mynavyexchange.com/
Coast Guard Exchange: https://shopcgx.com
MarineCorps Exchange: https://www.mymcx.com/

Veteran’s Status Verification at https://vetverify.org

I was happy when USAA insurance opened up to all veterans in November 2009.

Protecting yourself after the Equifax personal information leaks

The Equifax leak of our personal information is particularly harmful; it makes identity theft of most credit holding Americans trivially easy for the rest of their lives. Not for just one year, but until we pass away. The problem is that the information leaked is all the personal details that do not change. Steve Rubin of Pheonix, AZ wrote about the best step by step guide to how we should react that I have seen so far; I have made a few edits based on my own experience.

Here it is, in ten steps (follow them in order). The first few won’t seem to be directly related, but they create the foundation for what you need to have in place in later steps.

1. Don’t get angry (that comes later). Find a comfortable place to work and maybe get yourself a snack.

2. Set up a password manager, if you don’t already use one. I’m not going to get into password theory too much, but you should be using passwords of at least 16-20 characters long and thus you won’t be able to remember them all. Steve uses 1password and is happy with it. I use KeePassX and MiniKeePass from the KeePass family. KeePass (http://keepass.info/) or 1Password (https://1password.com/) are best of all; and LastPass (https://lastpass.com) is also very good but be aware it’s encryption is private and may or may not be secure (though may people and organizations I trust swear by LastPass). Any of the three is vastly better than no having secure passwords in a vault/manager.

3. Secure your primary email address(es). You have to be sure that you can receive communications safely. Set a strong password. Enable two factor authorization (2FA). Save the credentials in your password manager. A secure email address where you can receive verification codes is needed later; you need to prevent anyone else taking control of your email address long enough to intercept verification codes sent to the email address(es).

4. Secure your mobile phone. Set a strong password. Use Touch ID if you have it. This is where those 2FA codes are going to be sent, so you have to be sure that is completely safe too. Save the credentials in your password manager. Edit: I do not recommend any biometrics as a credential, as it is way too easy to spoof them, strong passcode to get into the phone is much better. A secure phone number where you can receive verification text messages is needed later; you need to prevent anyone else taking control of your mobile phone long enough to intercept verification codes sent to the phone number(s).

— the next few steps will need the prior ones completed first, so review 1-4 and make sure you have that all in set up —

5. Make sure you have control of your Social Security account. Go to https://www.ssa.gov/ and create an account. Choose every security option it gives you. Save the credentials in your password manager. This agency is likely to use texts, emails, and US postal mail to verify you are who you say you are; plan on it taking several days, but you can press on while you wait…

6. Make sure you have control of your IRS account. Go to https://www.irs.gov/individuals/get-transcript and create an account. Choose every security option it gives you. You don’t actually need to get the transcript at the end (but you can); you just want the account controlled. Save the credentials in your password manager. This agency is likely to use texts, emails, and US postal mail to verify you are who you say you are; plan on it taking several days, but you can press on while you wait…

7. For every bank account, credit card, or other financial account you have, log in and make sure you have a strong password set. Save the credentials in your password manager. Then, go through all the alert options and use them! Get used to receiving lots of emails confirming that transactions are actually yours. That’s your new normal. Assume any bank issued PINs are compromised and change them. Don’t forget 401K, IRA, Stock Trading Accounts, and even Airline/Hotel frequent flier programs.

8. Are there any new credit cards that you NEED to apply for, insurance policies you are planning to open, or utilities you have to set up? Want a new phone? Anything else that might at all trigger a credit check. Do it now. Then come back to this list. I’m not suggesting doing anything you wouldn’t have done anyway, but if you were two days away from applying for a fancy new credit card, it will be easier to deal with before you lock things down.

9. Set up a schedule for getting your free annual credit reports. Look them over for errors and report any that you find. You get one free from each major agency per year. A possible schedule might be SEP 10 Experian, JAN 10 Transunion, MAY 10 Equifax (and fee free to hope that Equifax doesn’t exist in eight months…). Set annual calendar alerts and act on them when they come up. The official site is https://www.annualcreditreport.com – be wary of spoof sites and even sites run by the credit reporting agencies themselves that do nothing but try to pressure you into buying their commercial offerings (most of which are a rip-off).

10. Set up fraud and security alerts. The upside is that this should mean that a credit agency has to contact you (preferably by phone) before taking an action on your credit history. So if someone tries to use your information, you’ll receive a phone call, thus it should be obvious if the inquiry is on your behalf or not.
The downside is that you have to renew it every 90 days. At the moment, there is no way around this hassle.
You need to contact one of the three major agencies and they will inform the other two. You want an Initial Fraud Alert. It should be obvious that Equifax is a lost cause, so use Experian or Transunion:
https://www.experian.com/fraud/center.html
https://www.transunion.com/fraud-victim-resource/place-fraud-alert
You also should contact ChexSystems. They deal with new checking/savings accounts, and you don’t want someone else opening one in your name. You want to Place A Security Alert. https://www.chexsystems.com

11. BONUS ITEM. Contact your state’s Attorney General and/or members of Congress. Equifax has to be brought to task for this failure (AG), and the rules about how credit works and identities are verified need to be completely rebuilt (Congress).

What about identity/credit monitoring? Equifax is going to be giving away a year of monitoring. That’s standard procedure for these breaches, and when it’s a standard breach that’s a mediocre response. Remember the difference in the type of information, though? This is not a standard breach, so it’s a nearly irrelevant response. You also may (it’s unclear) forfeit your right to join a class action lawsuit if you accept it.

Identity monitoring is really insurance. They promise lots of things, but they can’t prevent anything. They can only react. If you feel more comfortable having that insurance, so that you have a team available to help you in case your identity is compromised, then feel free to get one of these products. But you may want to look for one that isn’t run by one of the credit agencies or their subsidiaries. That seems like a conflict of interest to me.

What about credit freezes? Unless you live in a state that has laws making these free, I don’t recommend them. The biggest problem is that all of the information needed to call a credit agency and unfreeze has been leaked, so you’ll probably just be wasting your money! You can read more about what these are at https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs

Freedom of speech and public access

I had to stop and think about the possibility of my own hypocrisy today…

I have been casually following the story of Dreamhost (full disclosure, I’ve been a happy Dreamhost webhosting customer for many years) fighting attempts by the US government to collect detailed information on visitors to sites organizing protests against Trump.

While I am fine with specific search warrants pulling data about specific criminal acts, I have become more and more concerned about the abuse of broad search warrants being used to cast a wide net and determine later whom to prosecute; and even more so, given the government’s inability to protect it’s own data, what happens to the collected data when it falls into the wrong hands. I have been cheering Dreamhost on for this specific issue because I think this search is too broad.

On the other hand, I have also cheered when Cloudflare (full disclosure, I am employed by a Cloudflare competitor) dumped their customer “Daily-Stormer” a white supremecist’s website, because, like most Americans, I am disgusted by the hate speech and vile rhetoric of NAZI’s and CSA apologists and racists.

Matthew Prince, CEO of Cloudflare has an interesting explanation of why they dropped their paying customer, Daily Stormer:

Other tech companies are having this same conundrum:

It’s a tough call to make; once you start moderating or censoring; where do you draw the line? Traditionally most large companies have absolved themselves of decision making and hid behind US legal policy; then tried to push that policy one direction or another via lobbying activity. That process lends itself to corruption, but it also provides a thin layer of something like due diligence via the process of public discussion held before the law makers sign or reject a bill.

I am all for freedom of expression and speech; but hate speech clearly needs to have a cost or consequences… but at what point are we silencing opposition? Who decides what is opposition and what is the incitement of violence?

I’ve been applauding DreamHost for standing up to Trump’s attempts to collect detailed logs on people critical of Trump – but cheered when CloudFlare dumped DailyStormer… does that make me a hypocrite?

I think confusion over what is public and what is private is widespread.

I do not think I am a hypocrite for cheering both the resistance of DreamHost to US Government demands for the data of Trump critics and the decision of Cloudflare to cancel their customer. One is a private transaction, the other is abuse of public power, potentially compounded by the potential for harm if one of the haters gets their hands on the list of Trump critics… We’ve already seen them send death threats to the parents of the victim murdered in Charlottesville; why should we assume good intent for people critical of the president by that president’s supporters?

Who really was guilty in the death of Thomas Becket?