More Household Chores

Well, once again, I've been tasked with fixing another appliance in the house. This time, the dryer. And before anyone asks, yes, Angel trusts me working with high power electricity. The dryer was functional in all ways except the slightly important part, heat. So, something doesn't work, how do you fix it? Tear it open.

So, the dryer first stopped working on Thursday of last week. Once I got off of work, I started tearing into the dryer to figure out what was wrong with it. Have I ever tried to troubleshoot a dryer before? No. Do I have a clue of what I'm looking for? No.

The process starts with opening the back of the dryer. For reference, the big part, not the little one. Once I get the back off of the dryer, I discover that there isn't much to it. The only part of the machine I couldn't get to was the motor. However, since the exhaust fan and drum spin, I'm not worried about getting to it. So, what are the pieces of the machine I'm looking at? Well, to be perfectly honest, I don't know yet.

Since there wasn't too much to look at, time to open the small part on top of the dryer. The top of the dryer wasn't too much different from the bottom. There are only a set of wires running from point A to point B. Since the dryer is functioning in every aspect but that of heat, the knob/timer should be working fine. Since the machine starts and stops, the start button obviously works. What is left to investigate on a machine of such relatively simple construction.

Well, thankfully, Whirlpool so conveniently provided a wiring diagram inside the top section. Based on the diagram, I was then able to identify what the devices in the bottom portion of the dryer were. I found a fuse, a couple thermostats, and a thermo-fuse (for lack of a better name). I was able to deduce that the fuse was in working order with a multi-meter. The thermostats and thermo-fuse are a completely different story. I thought one of the thermostats were the problem. However, while testing the fuse the battery died within the meter. At this point I've decided that since I can't prove without reasonable doubt which part is broken. Also, there is still one more part that could be the culprit. The coil.

The heating coil, according to the diagram, works off of 220/240 current. There is only one 220/240 plug in the house. Something within the dryer is broken and I can't manually trigger the coil. What else is there to do to test the coil? Yup, you've guessed it. Hot wire the coil to the plug.

WARNING: DO NOT TRY THIS YOURSELF! YOU CAN BE SERIOUSLY INJURED TRYING TO REPRODUCE THE FOLLOWING STEPS!

The plug has 3 wires in it, red with white generates a 110/120 volt circuit and red and black creates a 220/240 volt circuit. Well, according to the diagram anyway. Since I've been inside the guts of this machine, it is already unplugged. So, from my dad's garage, I had some 12 gauge solid wire lying around. There are already 2 pieces, so I'm set there. Each wire has one end stripped. So, there are only two strips that I need to do. I don't know what heat rating this wire has, but for the duration I'm going to use it, it is safe enough. So, I unscrew the retainer screw for the red and black posts for the plug. I place the wires into the gap that is produced and refasten the screws.

Now that these wires are ready to be energized, I determine where and how I'm going to place the wires against the coil once the plug is connected. So, the two safety mechanisms I took to protect myself was first determining that connecting the wires in opposing directions (both inward to the center of the 2 posts which would prevent the wires from touching because the posts would be in the way) and having Angel in charge of the plug. So, now that the safety procedures are in place (no matter how unsafe it might have been) it is time to give this coil a go.

Angel's instructions were that should I get shocked, unplug the source. Then, she connected the plug to the outlet. So far, so good; no sparks and I'm not getting zapped. So, I present the wires to the coil. First the one in my left hand. Nothing happens. Then I begin to move the wire in my right hand to the coil. I get about 1/4 or 1/8 of an inch from the terminal and ZAP! Sparks fly. I guess I moved too slowly getting the wire to its destination. Well, at this point I've proved that the circuit works. But, I have not proved if the coil will still heat. Also, the look on Angel's face was classic. The look said OMG!!! But, she didn't say a word or make a move.

So, I regain my composure and try this again, this time prepared for the spark. Once I get the wire connected, the coil didn't wait any time getting hot. I mean did not wait. I was absolutely amazed at how quickly it went from black to orange and being able to feel the heat on my hands. Ok, the coil works. I remove the wire from the coil. Angel removes the plug and I remove the jumper wires. This leaves me to believe that there are only 2 items that could possibly causing our no heat issue. A thermostat or a thermo-fuse.

Angel and I make the futile trip to Lowes to see if we can purchase the replacement parts. Well, as expected, the parts for the many items that they sell are not warehoused at the stores. The sales representative was kind enough to provide me with a number to call to get the parts ordered. Well, since we're there and we didn't get what we needed, I bought a new battery for my meter.

Well, since it was so late, I didn't make the call to the Lowes Parts Replacement line that night. Friday was a day from hell at work (10 AM - 3AM working) and therefore, I didn't make the call then. The business card did not indicate if they were open on weekends and I failed to think about it on Saturday (well, it didn't help that I spent most of the day sleeping). Therefore, I gave them a call on Sunday just in case they were in operation. My luck is with me then, they were there and were able to help.

Before I gave them the call, I pulled out my meter again and did a continuity test on all of the thermostats and the thermo-fuse. Well, the only one to give a reading that worried me was the thermo-fuse. It was open. Therefore, I thought it was the culprit for certain.

I gave them the make and model of the machine, a brief description of the part that I believe is the problem and they placed the order for delivery on Tuesday (today). To my amazement, the parts to fix my problem came to a combined total of $35. I had heard horror stories about people being told that fixing their dryer would be so expensive, it would be less expensive to buy a new one.

Well, today, my parts arrived. I decided to hit the new pieces with the meter and to my surprise, the new parts were generating the same results as the ones I took out. At this point I'm skeptical. Did I order the right parts? Is the dryer going to work when I put it back together? I don't have a clue and there is only one way to determine the answer. Time to put everything back together.

Once again during this process, I am shocked. I don't know what changed at this point, but once everything was reassembled the dryer is working. Almost as equally amazing, once again, there were no pieces or parts that were not replaced left over. This is amazing. In a two week period I've fixed 3 appliances of varying degrees of difficulty successfully and without left over parts. Is this going to become a trend? Should I get used to this? I guess only time will tell.

Anyway, one of the more interesting aspects of this instance has to do with the following question. When these things are so simple to fix by yourself, is it worth calling in a technician that is going to inflate the cost because of the addition of labor costs. I think I'll keep working on things myself until I'm out of options, either physically or due to knowledge.

Read More......

Identity Theft

About a month ago, Angel & I both experienced an instance of Identity Theft. A combined total temporary loss of about $375. We got the full amounts back almost immediately, so the loss was a non-issue. However, I thought I'd share our experience with everyone.

The day started out as any other, I woke up and walked across the hall to work. However, shortly there after, Angel was asking me about a transaction that was posted on our joint account. Since the transaction was for $299, it immediately jumped out at us. It was a transfer thru Western Union. Neither of us have ever used Western Union nor had made a transaction in the recent past for that dollar amount. Therefore, we began to worry.

The first call was to BofA. Unfortunately, since the transaction had not cleared yet, there was nothing they could do for us. They recommended that we call Western Union. Angel calls to talk to Western Union and they claim there is nothing that they could do for us because the transaction had already been paid out. Also, this transaction, so they claimed, contained all of the information related to Angel's check card. This included, Name, Address, phone number, Debit Card #, expiration date, and security code (the one on the back of the card). With this information in hand, Angel calls BofA bank to have the card blocked and subsequently shreds the card. They inform us that it would take 7-10 days to receive the replacement. We would not get that until we returned from our honeymoon. Unfortunately, at this point, there was nothing more we could do about it until the posting of the transaction cleared. We wait 3 days.

In the meantime, I checked into my PNC account, though for reasons I can't recall, and discover 2 transactions with the European arm of eBay via PayPal. I logged into eBay and find no reason for these charges. These charges were in relation to sellers fees. You know, the type you get charged for posting an auction. I have never sold anything on eBay and don't have a sellers account in my eBay account. The final oddity to the story was that it was charged in Euros. It wouldn't make sense for my US based eBay account to be charged in Euros. Therefore, I call them and start to question the charges. They would not begin the investigation until I could mail them a statement from my account. This was unacceptable. My statement period had just begun and I wasn't waiting for a month to file a claim thru them. I threaten to resolve this thru Paypal and they don't even give up a fight. At this point I'm steamed.

I log into Paypal and start poking around. I find a link for disputing transactions. I give the forms all of the information they want and I feel unsatisfied. But, at least with this action, I know that the ball is rolling. To make a long story short, Paypal attempts to contact eBay three times and do not receive a response. Subsequently, they give me the money back. I don't know how my Paypal account became linked with a different eBay account. Also, I don't even remember what the linking process is like. I don't remember what information is required or anything. Aside the point, I change the passwords for both my eBay and Paypal accounts and did it again once I got my password manager. Now I am certain that noone will be steeling my passwords for any reasons. I can't even remember them.

Back to the Western Union story. So, we've waited the three days required for the transaction to completely clear the system and call BofA back. Once again, we go thru the process of explaining what happened, what we've done, and what we want them to do. They immediately start processing the claim. However, they did not present us with a temporary credit until they receive an Affidavit. They send that out to us immediately. Before we fly home to Pittsburgh, the letter is received, we both sign it (once again, joint account), and get it back to them. While we're in Pittsburgh, we receive notification that while they are investigating the transaction that the money has been replaced in our account. They investigation did not turn up any information that they were willing to disclose to us. However, the end result stayed the same (as it should have), we got our money back.

Between these two little issues, I decided that we would take further steps to securing our information. Introducing a password manager with password change policies. The post RTFM will explain the difficulties of my first few days with it. And the subsequent Password Quagmire will discuss my surprise at the number of passwords that I have to juggle within our favorite ether entertainment spot, which we like to call the Internet.

I know that this little password manager is not going to prevent any future issues like the one that occurred against our BofA account, but I'm pretty certain that they only way that my Paypal account could have been linked to another eBay account was thru hacking my password.

Read More......

Password Quagmire

As a follow up to my RTFM post, about getting my password situation under better secure control with a password manager, I have learned something interesting. The number of places that require a password that I use are numerable. I new that there were many places that I use a regular basis, however, I didn't know how many. Now that I have all of my passwords configured into my manager, I'm shocked.

I now have 41 passwords stored in my manager. The device has a maximum capacity of 50. I certainly hope that my internet usage doesn't change too drastically in the near future. I will max it out and then have to figure out a different storage or usage scheme. Right now I have 13 password slots for just work and the Army. If required I could consolidate my US Bank passwords again, but that would defeat the purpose for which this all started. Trying to synchronize all of my passwords at work is a bunch of work. I would rather not have to do that again. Though, keeping the separate might be more difficult, but I've yet to discover this problem as I haven't yet started using this for work purposes. (That will be Monday.)

Anyway, this little device, once configured the way you want it, is pretty simple to use. To begin use, just click the center button. This will cause the device to prompt you for your 5 key finger pattern (a password comprised of a combination of the arrow keys). Once into the token, you use the center button as they enter key and the arrow keys to navigate to which password you want to use. It is pretty simple and straight forward.

However, it doesn't always produce as much feed back as you would like. To shut off the device, you press the left arrow key from the main menu (View, Options). However, while you are in the View mode, you select a site to view the password of by pressing enter, to return to the list press left. However, the first left arrow press only takes you back to the individual record so you can see the username also if required. To get back to the list, press left again. If you get impatient and press left too many times, you could shutdown without wanting to.

The device boasts a last used password memory. I will not tell you that this is false. On a technical level, this is not a lie. As long as your session within the token continues, you can look at a password, return to View, look at options, or whatever else and when you return to View, it will take you to your last used password. However, once you shut it off and return it to use, it will not remember which password you were using. Having a list of 50 available slots in the device, navigating around to view you password can get annoying.

The user interface allows the user to overlook this issue, as they have provided 2 very useful features. The first one is the wrap around. From record 1 you can roll back to record 50. For me, this was very useful. My most commonly used personal passwords are at the bottom of the list. All of my work related passwords are at the beginning. The other solution that they put into place is a common one. If you hold an arrow key down, it will continue to move from one record to another. If you hold it down long enough, the progression speed will increase. Thus, moving faster then continually pressing the arrow yourself.

The instructions also recommend another security tool for those worried about having their token hacked. They recommend that you use a symbol offset for the passwords on the token. Therefore if someone was able to obtain your token AND hack your finger code, the passwords that they see are not the passwords that you actually use. There are simple ways of doing this, but for the paranoid, they have an example of a complex way to use it in their manual. Their demonstration from the FAQ's is as follows:

AN EXTREME EXAMPLE –

The following is an example of a complex offset that
combines multiple techniques which can be used
separately or in combination with other techniques.
This example includes (1) a fractional reading of only
a subset of the displayed code; (2) applying
multipliers against displayed numeric characters; and
(3) substitutions for displayed alpha characters.

For this example, lets say a user utilizing the token
generates and stores a purely random string of 14
printable characters.

The Display reads:

\BjrGjh3>u7A&t

The user secretly applies the following complex
offsets only known to him/her to arrive at the true
password for the Login Record:

 Offset (1): The password length is only the last 8
           Characters read right to left on the display;

 Offset (2): All displayed alphas are decrement by
           one character;

 Offset(3): All displayed numbers are incremented by
           one.

The actual password for the Login would be
discerned in the following 3 step process:

 Step 1: - Locate the Last 8 Characters of the
           displayed password and read them right to left.

                t&A7u>3h

 Step #2: All displayed alphas are decremented by
           one character (application of offset #2):

                s&Z7t>3g

 Step #3: All displayed numbers are incremented by
           one character (application of offset #3):

                s&Z8t>4g

Under this complex example, the displayed password
of

 \BjrGjh3>u7A&t

would be converted by the user to the actual
password of

 s&Z8t>4g

Without knowledge of the offset only known to the
user, it is impossible to deduce the actual password
from the displayed password.

So, since getting this bad boy configured for use, I have done myself a favor to force myself to use it. The first thing was to put all of my passwords into it. The second was to completely turn off password saving in my browser. Since these passwords are more complex and different from anything that I have memorized, I have to go back to it each time I want to log in somewhere of less common use or if I press the wrong link and log out of a commonly used site or due to a reboot.

This might sound and be annoying, however, it is better then what I was doing before. The same password everywhere and/or exposing my site usage to anyone that can obtain access to my computer. For any of you wondering, yes, this also included my passwords for my financial websites. I feel safer knowing that even I don't know my passwords.

Read More......

RTFM

For as long as I've been into computers, this has been a recurring theme. Read The Fine (or other "F" word of choice) Manual (RTFM) is the mantra of a support analyst. We use this term for those people that don't have the drive or skill with computers that would have lead them to a simple answer.

Unfortunately, every once in a long while, there are circumstances that arise I have to use this against myself.

I recently received a new toy. This little device (just about the size of a OEM car keyless entry box) is soon to become another tool for my computing arsenal. With all of the passwords that I maintain and with all of their various rules of composition, it was starting to become difficult keeping them straight. It really wasn't that big of a deal until a situation occurred just before the wedding with eBay and Paypal. At this point I determined that I needed to do something to better secure my information within the ether world of the Internet.

Bear with me if you are reading this early. I will document the aforementioned situation in a subsequent message. Once it is posted I will create a backlink.

Anyway, after being financially impacted by some unknown means I determined that it was time to increase my security. So I bought two of these Mandylion Password Managers. I could not tell you how long I had been using the same passwords at many of the sites that I was required authentication. Furthermore, majority of the sites were using the same passwords. The exceptions were the ones that required a specific password composition, such as no symbols. Anyway, the more sites and places that require a password that use the same password increase my risk to exposure should it ever be cracked. Although, the password I was using was strong, the more that it is used, the more potential that it can be discovered. The definition of a strong password is one that is not dictionary based and contains a mixture of letters, numbers and symbols.

Well, as with many of the things that I do, as soon as I received my new toy, I grasped on to it whole heartedly and have taken it to the extreme. I've spent several hours with this toy already and almost gave up on it as a publicly consumable item. It has taken me 3 days thus far to get it configured the way that I want it. However, as the title of this message implies, my frustration was due to an issue with the instructions. I didn't read ALL of them.

So, lets recap my experience from the start.

I get this device while I'm working so I have to sit on it until I'm done with work. As soon as I finished work for the day I rip into the packaging and begin the discovery process. I get the device connected to the computer. Install the drivers & associated software and validate that it is what it says it is. So far so good. Now, lets put it to use.

I fire up the software to begin to enter the array of sites and locations that I use a password the most often. I determine what the password template should be for each site. For example, how many characters and what character set (are multi case letters required, numbers, are symbols permitted) to use. The next question is regarding what time period the password should change. Since only at work do any of my passwords have a mandatory expiration period, this is completely subjective. How often do I want to change the password.

To this point, everything has been peachy. However, the next part caused the most frustration. There are a few options regarding how the password should be specified initially on the token. I figured that since I had set policy information that manually entering a initial configuration password that this would work. However, this is not the case. As soon as I would enter a manual initial password, the password pattern would reset to manual. This was not a good thing. I was hoping with how shotty this software appeared that this was just an ascetic problem. This was not the case. Therefore, once I transferred the information to the token, it would configure it anyway that it wanted.

However, I didn't discover this until after I started using it. Since the password I wanted to see was on the token, I went to begin changing passwords that I use. However, after getting just a couple sites into the process, I discovered that passwords were being generated that I couldn't use. The password templates that I specified were not being enforced (because they were reconfigured) and getting passwords that were too long or even with the wrong character set.

This was unacceptable.

So, now I have a real dilemma, I was under a misconception that I needed the software to configure this device for everything that I wanted. I now know that this is not the case, however, it is too far gone now for me to start over. The only thing that a computer is required for is the initialization step. Anyway, since I'm now using the passwords that are on it, I'm not going to re-initialize it. I'll deal with it with what I've got.

Moving on with the issue. Now, the device has passwords that I don't have memorized but I need to make configuration changes to it. So, I'm back to the same problem that I had initially. I need to update the password template from the software (because I locked the token from being able to do it) and I need to be confident that once I make the change that the password on the device is correct. A little forethought was put into this. I wrote down the passwords on the token into notepad and tried to reconfigure it.

At this time, I'm not very confident that what I tell the software will not certainly reach the token. So here's the deal. I first need to determine how to set the password pattern template and set a starting point password. As I told you before, this wasn't working. So, instead of flailing blindly at this software, I open the manuals. There was an option for the initial password called "Bootstrap". I didn't understand this term and wasn't sure what the results were going to be. Unfortunately, the manual was not very clear at the definition of this option, but it did give the impression that this was the option for which I was looking.

I return to the UI and start to redefine my password template options and specify bootstrap passwords. We have success. The software accepted the password and did not reconfigure anything else in the configuration.

Please bare in mind, all of this has transpired over a three day period. I'm not so sure that the typical consumer would put this much effort into using this device. I might have been better off making all of the password additions and configuration within the tokens interface, but this would have been cumbersome and time consuming. In hindsite, it might have been less cumbersome.

So, I spend some time (a lot of time) researching my browser cache and putting every password that I use for work (including the Army) or personal use into the software and I'm now ready to start using it.

The moral to this story is read the manual, understand the tool you are trying to use and it will save you tons of time in the long run. However, I'm not excusing the company. The documentation is less then desirable and the UI is about as intuitive as something I would expect from Beagle. Maybe, not even that good. His interfaces might not be pretty, but they work well and he will explain to you how to use it. That is more then what I got from this company.

The last challenge left in this adventure is to get Angel to set up her token. I'm certain that working with her will be a better usability test for this device. However, she has an advantage, I know how it works now. I'm sure that I'll have more to say about this little tool in the future.

Read More......