NFC: An Issue of Trust?

The introduction of NFC (Near Field Communication) technology for payment cards, quite frankly, gives me the willies. I recently received my first “wave me at the coffee counter” touch payment card from my bank, and it set me to thinking. And what I think is that I have what any decent psychiatrist would call trust issues.

Imagine the scenario. You waft your wallet full of touch-payment cards at the payment station in your local Barista hangout – which one gets used? The first one detected, I suspect. And Murphy’s Law says it won’t be the one you wanted. To make sure the right one is used, you’ll have to take that card out, present it to the payment point, and put it back in your wallet. The delays this is going to create at ticket barriers and on buses will make for an unhappy rush hour experience (and let’s face it – rush hours don’t need any help, thank you very much).

And anyway, taking out the card you intend to use is boring! The whole point of putting NFC on a payment card is to speed up the process. The next time you’re in London on the tube, look out for the Oyster users who glare at the tourists who get immersed in the whole which-way-round-ness of barrier ticket confusion, with murder in their eyes. Even I use an Oyster card, and I don’t live there! And now, London commuters are going to have to lift out their oyster cards as well, because plans are afoot for TfL to accept touch payment cards at tube barriers and on buses. So pretty soon Oysters will have to be kept separate from any other touch-payment enabled cards. In fact, all of these NFC/RFID enabled cards will have to be kept separate from each other. Perhaps we need a lanyard for each one, or is that just a Health & Safety disaster in waiting?

All of this negates the purported benefit – namely, speed efficiencies and ease of use.

My other issue is theft. NFC/RFID is actually good for thirty feet. On a good day, mind you (or “down hill with the wind behind it”, as my mother used to say), and not on any legitimate pay stations (which are generally restricted to a range of between 4-10cm). The kind of distance that I’m talking about is inherent in the technology, and means that thieves using a reader with a good range on it can steal the limit (soon to be increased from £20 to £30) on each of your NFC cards without ever going near your pocket. One afternoon’s wandering up and down Oxford Street could net tens of thousands for a “hard-working” tealeaf. And with passports moving to having biometric data stored on NFC chips, it means that identity thieves can hoover data up in a similar fashion. There are already phone apps on the open market that will read content from passport chips.

Now, ApplePay on the other hand is a solution that actually uses NFC well, and it’s a simple one at that. The NFC isn’t activated until you press the home button and your fingerprint is validated. Given the ubiquitous nature of the iPhone, it makes perfect sense for retailers and the like to adopt pay stations that accept ApplePay. Sadly, as it’s a service that’s only active in the U.S. at the moment, it feels a bit like Cinema and VHS releases back in the day.

If you still want to use your wafty-payment plastic, it turns out that you needn’t worry about theft, though, as I’m not the only one who’s been thinking about this issue. Betabrand have teamed up with Norton to create a set of RFID-shielded jeans, and there’s already a plethora of RFID-shielded wallets and card sleeves available on Amazon. I recently bought one from a certain “outdoors” retailer, but I was still able to gain access to the office by waving it in front of the door access system, so I guess the jury’s still out. Luckily, I needed a new wallet in any case, so no harm done. But it begs the question – is it tech worth getting just yet, or should we rely on our own good housekeeping and the odd insurance claim?

Frankly, I think I’m better off simply never leaving the safety of my foil-insulated house. But that’s probably a story for another time.

Surely No-One Likes Tech Support

I’ve been filling in for our support guy this week, as he’s been off ill, and for reasons that may or may not become clear (this is just a rant, after all), no-one else really seems that interested in manning the support line (oh, and it just so happens that my extension number is next in the hunt group – funny that).

I have to say that some of our customers are absolute fucktards – there, I said it. They really are, though. In a normal world, most people will just ‘google’ something (apparently, it’s a new verb – to google, meaning to spend as little time as possible whilst at work, actually doing work, but instead using up valuable internet electrons to discover who’s tupping the currently most popular Kardashian – whatever one of those is). In this case, however, they’d rather spend time in a telephone queue, listening to a mediocre at best impression of Stephen Hawking telling them how important their call is to us, or emailing in their foetid whinings, then (presumably) going back to Kardashian Watch (I’ve heard it’s a bit like Spring Watch, but with bigger tits).

The drivel that comes through – “what’s a vendor?“, “I don’t know if we’re getting email or not“, “do I have to tell anyone, or can I just restart the server?” – each of which can be answered simply: dictionary, I think you do, and yes you can.

If you don’t know what a vendor is, you probably shouldn’t be working anywhere in the supply stream, and let’s face it – we ALL work somewhere in the supply stream, no matter what we do for a living. Go home early, you’re really not contributing in the constructive manner expected of you.

Not sure if you’re getting mail or not? Really? Shall we visit that uncertainty using a not so gentle example of parallelism? If you’re not sure whether you’re being punched in the face by a rabid Alpaca wearing spandex and a cape, odds on you’ve either been punched so much/hard that it’s a wonder you’re still in a fit state to even postulate such a thing, or you’re not. It’s quite simple. Or, if this helps: check your server queues, internet connection, or – heaven forfend – your fucking inbox!

Do you have to tell anyone? This is a tricky one, and I suppose the answer depends on any number of things – your love of grammatical construction, how long you wish to remain in your current employ, and the observational skills of those in a position to terminate said employ, to mention but a few. Think about the position you’re in, as a system admin. You’re responsible for a server that a large number of individuals connect to throughout the working day, and which hosts a system that itself is responsible for recording and progressing the IT Change Management process for your entire organisation. Now think carefully about your question, just one more time.

Sweet Christ in a wok – I ask you!

Some of them even start with “Bob did tell me before, but I can’t remember“, or “which one’s the help key? I pressed what I thought it was but just got sent to a web site“. Yes, that was the ON-LINE HELP, you twat!!

“F1 motherfucker! Learn for yourself – it’s YOUR JOB!!” is what I want to shout at them, but I don’t. Instead, I just simply hang my head, in homage to Eyore, and pray for the speedy arrival of 5 o’clock. Or death. Today, I have a preference, and yes, it’s probably death.

Oh wait, it’s 5 o’clock.

Creating FileZilla User via VBScript in a Troll-Averse World

I recently needed some code to generate FTP user accounts (with password and folder name) via command-line parameters, using data stored in another application.

What turned out to be the biggest challenge, was resisting hunting down and immolating the several internet trolls I came across whose sole contribution is negativity. In looking for help on how to do this (what with me not being a developer) I reached out to the tinterweb, but received naught but derision – surprisingly, from Stack Overflow and a FileZilla forum administrator.

I finally found someone who had posted something of value, and so in the end, I used VBScript to take the data already stored in another application to create a username and password for the FTP account, and a folder, all with appropriate permissions. We use FileZilla as the FTP Server, so it was a case of generating text containing the relevant data, and inserting it at the right location into the user settings file, in the appropriate XML format. Oh, and I had to convert the plain-text stored password (owch, I know!) to MD5 hash.

I attach the VBscript, by way of an “up yours” to the aforementioned trolls, in case anyone else ever needs to do the same thing. No doubt they’ll criticise the style, content, method, blah, blah, blurgh … I don’t care – it may be dirty, and possibly inefficient (and as such, probably offensive to some), but it works.

The moral of this story? If there is one, it’s possibly that the help is out there, but the chaff is strangling the wheat.

We need more Troll Hunters.

VBScript to Create FileZilla User (dumped to MS-Word, to allow upload in WordPress)

I should mention, of course, that this wouldn’t have been possible without the help of Shawn K. Hall – many thanks…


Microsoft SQL Server Management Studio 2008 is slow to start/execute under Windows 7 64-bit – fix

Microsoft SQL Server Management Studio 2008 is slow to start and/or slow to execute under Windows 7 64-bit.

There are two parts to this – Slow to Start, and Slow to Execute.

Firstly, the solution for Slow to Start.
This could be an issue if your PC is not connected to the internet, or your internet connection is a little ‘iffy’.

Under Internet Properties, Advanced, scroll down to the Security section. Uncheck the box next to “Check for publisher’s certificate revocation”. This prevents the application from going online to in order to check certificate.

Alternatively, paste the following into your HOSTS file:
# entry to get around diabolical Microsoft certificate checks
# which slow down non internet connected computers

The solution for Slow to Execute is in 2 parts:

1. Right click the management studio icon, and change it to run in windows XP SP3 compatibility mode.
2. Now, it seems that there’s a bug in the management studio, that won’t use XP SP3 Compatibility properly/fully. In order to get it to function, you need to bump UAC one level/notch up. Bummer.

Save the change, and reboot. Sorted.

Update – 08/06/11: I have since stopped running this in compatibility mode, and set my UAC to “Never Notify” (although I’ve kept the run as admin option), and the speed issue seems to have ‘gone away’. Bizarre? Certainly.