Finger chopping?

From www.citeworld.com/security/22399/iphone-fingerprint-scanner-better-biometrics

With the new sensors you don’t have to move your finger, just press it against the reader. And like the sensor in the iPhone 5S, the sensors that will be in laptops and keyboards and other phones can detect the ridge and valley pattern of your fingerprint not from the layer of dead skin on the outside of your finger (which a fake finger can easily replicate), but from the living layer of skin under the surface of your finger, using an RF signal. That only works on a live finger; not one that’s been severed from your body.

This will protect you from thieves trying to chop off your finger when they mug you for your phone (assuming they’re tech-literate thieves, of course), as well as from people with fake fingers using the fingerprint they lifted from your phone screen.

Well it won’t really protect you from thieves chopping off your finger, it will just give them less reason to, I guess.

Windows “Blue”

Windows Blue: Microsoft’s plan to release a new version of Windows every year

“Windows Blue is […] a major update to Windows 8, and also the beginning of a major shift that will result in a major release of Windows every 12 months — just like Apple’s OS X. Blue will roll out mid-2013, and will be very cheap — or possibly even free”

er, Microsoft… you’re a software company, you make your money selling… software. Apple can give away or charge only $20 for their OS because they’re a hardware company and make huge margins on said hardware to offset the software development cost. You don’t have that luxury.

Just putting that out there.

Merrill Lynch “Macs are no good. Go to your library and use a PC”

My mother works for a certain large company and has a 401k with them managed by Merrill Lynch. She also has a Mac Mini, which will show up again later. The first part of this was relayed to me by my mother and sister, I didn’t become involved until later on.

Yesterday my mother starting having massive issues getting into her ML.com account, and apparently so did many, many other people. She ended up getting on the phone trying to get support. She didn’t want to deal with the automated phone robot and took the option to speak to a representative. She was told that due to “high call volume” that she could leave her phone number and a representative would call her back between 1 hour 45 minutes and 3 hours. Wow. I can only assume that there were hundreds, perhaps thousands of other people having the same issue. She had nothing else to do that day so she waited.

In the interim she apparently had managed to get into her account briefly, but was booted off and was unable to get back in.

After a while, a representative called her and was very condescending to her saying things like “Have you ever even used a computer before?”. Now my parents bought an Apple II in 1983, and my mother was primary user of it. Besides helping me learn BASIC programming, she ran her small business on it. She’s had a computer ever since. So while she may be a bit overwhelmed by the whole web thing, yes, my mother has used a computer before.

The tech ended up emailing her a link to use to login to her account which also worked, but then this exchange ended the phone call. I think the tech was trying to get her to create a bookmark, not really sure though.

ML: Click on the “Start” button and…
Mom: I don’t have a start button.
ML: Excuse me?
Mom: I have a Mac-
ML: Macs are no good. I suggest you go to your local library and use the PCs there. I cannot help you if you’re using a Mac. Have a good day.

Well, of course Macs are good, or good enough before yesterday to use ml.com. They were also usable at that very moment as she was able to get into the site.

I told my mother that they probably just updated the site, pushed out some bug and fixed it within a couple of hours. That was yesterday.

Today I got phone call from my mother saying that she couldn’t remember the administrative password for her Mac, and ml.com was asking for it. Alarm bells were going off in my head. Why would ml.com be triggering basically a sudo command? I fired up a VNC session so I could see what the hell was going on. I see she has the following page open:

 

“See? It’s saying it was my Administrative User ID and Password” my mother says. Nope, I’m not sure why it says “Administrative Site” there, but it’s totally different from the OS X system pop up. I asked her to try to login, she gets a “login failed” error. Strange. I look at the URL which is

https://www4.benefits.ml.com/adm/login.aspx

Now my total amount of experience with ml.com can be measured in minutes at this point, but I’m thinking that maybe this is some sort of non-public login. Regular users shouldn’t be using this. As an experiment, I trim out the “/adm” from the URL so now we have:

https://www4.benefits.ml.com/login.aspx

Which is this page:

Very similar. I ask my mother to login here, and amazingly, it works.

Now I’m curious. How did my mother get to that wrong login page? I click the log out link and open a new blank browser tab. “Mom, show me how you normally get to the site.” She types “ml benefits login” into the Safari’s search window, which brings up this Google results page:

 

See that “LOG IN” link right there in the quicklinks? Guess where that goes?

That’s right.

http://www.benefits.ml.com/adm

How many millions of people browse the web this way? Enter something, even the domain name of the site they want, into Google, Bing, etc, and click on the top link? What happens when one of those links is incorrect? Even if the user ends up on the correct site?

This isn’t a Mac issue. This won’t even be remedied by going to the library and using their PCs. This is ml.com’s issue probably after a very recent Google update. Some robots.txt / nofollow magic will fix this during the next Google refresh. Until then, a quick refer check to see if the user came from Google at the top of the /adm script will fix it now and save ml tons of money in support. I can totally see the reasoning behind the “Administrative Site” in red caps on the /adm page. Crap, I’ve done similar things myself, although never on a site of this level. Guess what though, it doesn’t help. Massive UX lesson to be learned here.

Lost S6E3 Thoughts

Just one quick one I haven’t seen covered elsewhere.

If Sayid has “the sickness”, who else have we seen in a similar situation? Seemingly dead, but CPR’d by Jack back to life?

Charlie.

And it was after that is when we saw the really Dark Charlie, relapsing, killing Ethan, having strange dreams, attempting to “baptize” Aaron, etc. Charlie was infected, but he was cured at some point and overcame the “darkness”. Was it from being close to the Swan hatch implosion, or maybe building the church with Eko? Either way, there’s hope for Sayid yet.

Close