Can we stop Credit Card Fraud Forever Now Please ?!?

Simplest and most effective way to stop credit card fraud dead in its tracks would be to…

Make every Credit/Debit Card Holder buy a cheap ($9.95) security dongle that issues a 6 digit number – Corporations use these to secure their networks and this works !!!  Security dongle make a Bluetooth connection with your Credit/Debit card (obviously must be some kind of smart card…) which means any time your security dongle is not within 30 feet of your Credit/Debit Card your bank cancels your card for you automatically along with your security dongle and they reissue both as a paired set.  This allows the Security Dongle to automatically issue the 6 digit number for you when making a purchase at a merchant (gotta make sure the data is encrypted however – banks really suck at using encryption for this purpose…).

Every time you want to use your Credit/Debit Card you have to press a button on your security dongle to get a new 6 digit code that you enter when making a purchase.

Even if someone does manage to get your credit card number and zip code they won’t have your security dongle unless they steal it from you.

Done – no more credit card fraud !!!

Very little cost to banks other than development of a smart card and Bluetooth security dongle.  Banks could even use your Android of iOS smart phones in-place of a smart credit/debit card but then this has always been an option for the last 3-4 years.

Why banks don’t go this route is the amazingly stupid thing in my humble mind but then I am just the boob whose credit/debit card was recently hijacked which I don’t mind saying is what got me thinking about this problem in the first place.  I really seriously doubt anyone would ever both trying to hijack anyone’s credit/debit cards once this level of security was in-place and widely used.

Dual-Key or Public-Private key security has been around for many years.  It would not be difficult to create a very secure system at very little cost using Android/iOS Smart Phones with the ability for the customer to recreate a new Key-pair before or after each purchase in a safe and secure manner such that credit/debit card fraud could be eliminated completely.

Oh yeah, if Smart Phones could be used in-place of credit/debit cards I as a customer would be able to limit who can use my card to only those who fall within a very small geographic area simply by geotagging purchases, but again this just makes perfect sense.

Just my 2 cents now that I have to visit my local banking branch just to get the ability to use my own money now that my credit/debit card was cancelled and is in the process of being replaced for me simply because my stupid bank was too lazy or too stupid to figure-out how to ensure my money is as safe as it would be were it sitting in my own mattress at home.

Rant ends.

P.S. You all can thank me later when your credit/debit cards can also never be hijacked again !!!

HP Special Edition Livestrong L2000

Get it while it’s hot –>

You are bidding on a HP Special Edition Livestrong Laptop, model L2000.    This laptop is in great condition with no dings or dents and it boots up Windows 7 Ultimate or Ubuntu 11.10 Desktop.

Specs are as follows:

AMD Turion 64 Processor at 1.8 GHZ
14″ WXGA Screen
DVD/CD-RW Combo Drive
54g(TM) 802.11b/g WLAN
6 Cell Lithium Ion Battery
AC Adapter

Software Extras:
Windows 7 Ultimate
AVG 8.5 Anti-Virus
FireFox 4.x
Slingbox Player
PGP Desktop
Adobe Reader
Google Chrome
Process Tamer
Driver Detective
Dual Boot Windows 7 Ultimate x86 or Ubuntu Desktop 11.10
This machine is guaranteed NON-DOA.  This laptop is in great cosmetic condition.  See pics for details, all the standard decals are in place just as you would expect.   All ports are tested working.  All drivers are properly installed for Windows 7 Ultimate and Ubuntu 11.10 Desktop; fully compatible with Ubuntu Studio 11.10.

No Reserve and bidding starts at only $39.95.  Shipping is a flat rate fee of $19.95. via UPS.  I am not here to make money on shipping.   This machine is guaranteed NON-DOA.

SalesForce.Com Issues/Gotchas aka. Bugs/Defects (Redux)

Yet another undocumented SalesForce Bug has been found !!!

This bring my personal count to 4 and climbing…

It is rather odd these kinds of defects can exist in such a prestigious framework as SalesForce/VisualForce/Apex with so many people using it when other web-based Frameworks (Django and others) do NOT exhibit such behaviors.

I have revised #2 and #3 while adding some additional issues since my last post:  (This is where experience counts… since I know what is expected when unexpected things begin to happen…)

SalesForce.Com Issues/Gotchas aka. Bugs/Defects

1). Cannot reference null values for <apex:outputText/> or <apex:inputText/>.
2). Cannot reference non-String objects with <apex:outputText/> or <apex:inputText/>.
2a). Under some circumstances VisualForce will allow String objects to be referenced by <apex:outputText/> or <apex:inputText/> tags however after a certain threshold has been reached the Force IDE will begin to complain about what it calls SObject references after which the only acceptable correction is to reference the result from a SOQL query – this can clash with #2 for some obvious reasons.
3). Cannot retrieve the Parameters from ApexPages.currentPage() more than exactly once because the associated [Parameters] information is lost for subsequent invocations.
4). Cannot pass back the ApexPages.currentPage() when expecting the user to make a correction in the <apex:inputText/> because the VisualForce page will remember the values from the Parameters thus ignoring user inputs for subsequent form posts.

DropBox.Com is out, PogoPlug.Com is in !!!

Read the fine print from your latest DropBox Policy Statement and you will notice your files belongs to them !

DropBox has been known to leave the door open whenever they wish which means your files can and have been viewed by others.

DropBox likes to play games with your files and mine to get the most from their storage back-end systems.

DropBox is about to get the boot from me simply because there is a better solution with a much lower cost.

The better solution, this month, is PogoPlug.Com

What is PogoPlug ?

If you want to buy the optional hardward you can do so however it ain’t required.  This may be why there are so many PogoPlug units up for sales at eBay lately.

All you need to use PogoPlug is their FREE software.

Download the FREE software, install it on every computer you want to access remotely and then you got your own DropBox without letting others get into your files, potentially.

PogoPlug works GREAT for small files, obviously

A test on a 2.5 GB file resulted in a very slow process of getting that file into my LAN at home but after several hours it was done.

Small files are a breeze, obviously.

Keep in mind I am not using the PogoPlug device when copying files to my own PogoPlug Storage connected to my Mac Mini where the PogoPlug software is installed, so who knows how much faster the PogoPlug device can copy files when the action is performed using the PogoPlug device.  I have concerns as to how easily the PogoPlug device can share files on a LAN – that use-case is more interesting to me than being able to use my own DropBox… time will tell.  Who knows, I may be selling my PogoPlug device on eBay once I have gotten my fun out of it.  Had I known how the PogoPlug software works I would not have bothered with the PogoPlug device, but that’s life !

Now all I need is to get rid of Catch.Com !

I am not all that comfy with allowing others to handle my valuable data with TLC.  Heck, I am not all that into letting Google do it and I surely don’t want DropBox messing around with my goodies any more.

We all should be skeptical of those who claim to provide FREE services because they all got to make some $$ somehow and most of the time they will try selling whatever they can to raise money – they could be selling your information.

Beware… and be safe.  Always use safe computing, use encryption !!!

Android Development Project #1 – Game Tube

Game Tube is a new Android App for Android 2.2+ and Adobe AIR 2.5+

Game Tube 1.0

Game Tube 1.0 will allow people to view certain selected Gaming Sessions for entertainment purposes only.

New Gaming Sessions will be added on a regular basis.

Game Tube 2.0

Game Tube 2.0 will allow users to “upload” their gaming videos via You Tube as a way to share their Brag Clips with other users of Game Tube 2.0.   People will have the option of installing a Desktop Version of Game Tube 2.0 to their Windows/Mac/Linux Desktop to Administer their Game Tube Brag Clips;  there may be some support in the Android version for this also.

Game Tube 3.0

Game Tube 3.0 will allow users to build their own Social Networks of friends and others they wish to share their videos with.  There may be a FaceBook App that interfaces with Game Tube 3.0 to allow users to share their Brag Clips via FaceBook.  Support for Twitter and other Social Networks may be added depending on user support and user requests.

Stay Tuned for the ride !

Check back here for additional details whenever they become available.

PDFXporter + Polymorphical Project Diary :: Rapid Project Development :: Day #13

Read the Disclaimers and Warranties and download the Pre-Alpha now

Day #13 – Billable Hours #1 -6

Application Prototype in a Single Day !

This is the first big real-world test for the concepts published in this article series. Someone needed a complete Application rather quickly and since this is something near and dear to my own heart I chose to step-up and provide the prototype in just about 6 hours or effort.

Polymorphical is born !

By using the exact same code model from the PDFXporter Project I was able to build-out a completely functional Prototype for Polymorphical in just 6 hours of work.


These are the only two Requirements, there are no others.

  • Scan a bunch of JavaScript files and determine the Class Hierarchy for all these JavaScript files such that a Tree can be displayed.
  • Cache the Class Hierarchy based on the timestamps of all the files that describe nodes in the Class Hierarchy so that users can display the information quickly without having to scan each time.

Why use the PDFXporter Project as the template for Polymorphical ?

The answer is simple.

Because I can !

Because the new Application should inherit 100% of the functionality of the former !

Because doing this is just cool !

And because the guy for whom this work is being done might just be a little bit impressed and that might work wonders for my career.

Day #13 – Billable Hours #6 -8

Rework the Model so both Projects share more code !

Now that there are two different Projects sharing the underlying Framework the time has come to allow many more Projects to be spawned from this Framework by building a common upper-level Framework; the lower-level or Core code is already 100% reusable.

Project Recap so far…

During the previous 12 days of development the following has been accomplished by one single individual contributor:

  • Reusable Cloud-based versioned API has been created, tested, validated and placed online with live code.
    • The Cloud-based API can easily be reused for ANY project or product that requires License Management.
      • If one Product can be produced then ANY number of Products can also be produced with minimal effort.
        • Two (2) different Projects have been built so far using very little time and effort.
          • ALL Projects that stem from the original share the very same Cloud-based Back-end now this saves time and money like there is no tomorrow.
    • The License Management System can be easily extended to require Pay-Per-Use or Pay-Per-User or any other viable model.
      • The Payment processing System could be any usable provider such as PayPal or Google Checkout.
      • License Management System also supports Freeware.
      • License Management System does not use OpenID nor does it require Users to have Google Accounts.
        • OpenID or Google Account Authentication could be used going forward as options.
        • FaceBook Authentication is also an option going forward.
    • Terms and Conditions have been installed in the product.
    • Auto-Updater has been coded but needs to be tested using a real-world scenario.
    • Badge Installer for the Personal Version has been completed and is online.
    • Version has been deployed and is online.
  • Reusable Adobe AIR 2.5 Framework has been created, tested, validated and placed online with live code.
    • Adobe AIR 2.5 also means there could easily be an Android App using much of the same code as is used by the Desktop App.
    • Native Installer means Native Process Support is automatic – this allows the Desktop versions to be augmented by some rather powerful client-side code, should this become a requirement.
    • Adobe AIR 2.5 also means the Desktop version could run in Windows, Mac and Linux however for now the pre-Alpha version is Windows only.

PDFXporter Project Diary :: Rapid Project Start-Up :: Day #1

This is why I love PHP – NOT !!!

A critical vulnerability in the PHP engine has just been identified. This exploit is significant because most PHP applications on impacted systems are remotely exploitable to a very simple denial of service attack. Zend has released a security hotfix to address this vulnerability (see below).

Due to the way the PHP runtime handles internal conversion of floating point numbers, it is possible for a remote attacker to bring down a web application simply by adding a specific parameter to a query string in their web browser (click here for more information).

This vulnerability is present on all versions of PHP including PHP 4.x and 5.x, on all Intel-based 32-bit PHP builds.

Platform Vulnerability
Windows YES
Linux (using 32-bit PHP build) YES
Linux (using 64-bit PHP build) NO

Zend Server and Zend Server CE users should immediately apply the security hotfix.

Hotfixes for Zend Core and Zend Server CE tarball installer are currently being finalized and will be made available soon.

Happy PHP’ing,
Zend – The PHP Company

%d bloggers like this: