Is it safe to open securedoc.html (Cisco Registered Envelope)?

Updated on Thursday, March 19, 2020

Cisco's insane securedoc HTML attachment

I last got one of these in 2010 and assumed it must have died by now, but no, otherwise sensible organisations are still training their customers to fall victim to phishing attacks by asking them to open dodgy email attachments.

The product in question is Cisco Registered Envelope and it deals with the lack of security in email by sending you an encrypted HTML file. Opening this file sends you off to register on some website and then runs a Java app to decrypt the message. This is insane. The HTML attachment in insane and the Java applet is insane.

The latest email I got in this format was an appointment reminder from UCSF. I'm sure there is some HIPPA requirement that they can't just send medical information in a plain text email. But they could send an email that lets you know you should login to your account to see the appointment. It's not like the securedoc.html method is magic, you still have to create an account on a website to use it so it buys you literally nothing.

UCSF, shame on you. Look after your patients digital health as well as their physical health. Out of self interest if nothing else, nobody can pay you if their bank accounts have been emptied after falling victim to a real phishing attack.

Cisco, shame on you. This product is so wrong headed it's impossible to believe that you're doing anything right.

​(previously)

(All Etc Posts)

Tedious Feed Update

Updated on Wednesday, February 22, 2017

Tedious Feed Update

If you subscribe to I Thought He Came With You via RSS please switch to this new feed and delete the old one.

Longer version... this blog has used FeedBurner for ever but I managed to get locked out a couple of years ago. I upgraded to Google Apps for Domains and part of the process was transitioning various services over to a temporary account and then back to the new one. Most of them made it over but FeedBurner got orphaned somehow.

I've emailed, left forum posts etc but no luck. Google doesn't really do customer service so despite actually paying them I seem to be out of luck. Also, Google hates RSS so FeedBurner probably isn't the right long term tool even if I could get back into my account.

I've been meaning to do something about this for a while but as it was working it wasn't a top priority. This changed when my blog got hacked a couple of times in a row - I'm not sure if it was the software (I'd been using BlogEngine.net) or my hosting provider but it's painful to fix and I decided I needed a change. I Thought I Came From You is now running on a home grown platform. It should be more stable, faster (some quick benchmarking suggests twice as fast so far) and not get hacked quite so often.

So switch to http://ithoughthecamewithyou.com/syndication.axd for updates (I can't recommend Feedly highly enough) and delete the old feed. If you have any problems leave a comment below or send me an email.

(All Etc Posts)

Fitbit on a bike

Updated on Thursday, November 12, 2015

Fitbit on a bike

My company bought everyone a Fitbit for Christmas and now we're in a Battle Royale to get the most steps. I'm at a disadvantage as I often cycle to work and Fitbit does not track this accurately.

A couple of people suggested that clipping the Fitbit to your shoe would help. So over the last week I conducted an experiment. My ride from home to the office is 6.5 miles. With the Fitbit clipped into my hip pocket it registers 2,362 steps. Perched precariously on my shoe I get 2,389 steps. You can't cheat Fitbit this way.

How far off is 2,300 steps? If I was walking the same distance I'd get 13,000 steps. But I  wouldn't be coasting down any hills so that isn't right either.

For my weight relaxed walking should be around 155 calories a mile, cycling at around 10 miles per hour is 78 calories a mile. This is about a 2:1 exchange rate so those 2,300 steps should be 4,600 or so.

Fitbit does have some options to manually add activities that it doesn't register correctly. This sounds too much like hard work though, it's difficult enough to remember not to put the poor device in the washing machine. I'm also 234,037 steps behind the current leader for January so I'd need to cycle home for lunch as well to stand any chance of catching up...

(All Etc Posts)

CI Dream

Updated on Thursday, November 12, 2015

CI Dream

I have an old Ambient Orb hooked up to our build server at work. It glows green when everything is working and red when a build fails. It's nice but not visible enough. My dream is to fit every developer box with a second generation blink (small USB LED indicator) or two so if things go pear shaped the whole office lights up red.

(All Etc Posts)

Staying Chrome?

Updated on Thursday, November 12, 2015

Staying Chrome?

I've been using my Samsung Chromebook at work for around ten months now. It's not my main computer but it's a meeting survival powerhouse for email, instant messaging and note taking. The battery lasts approximately forever, it boots immediately and the decent keyboard and trackpad are just miles ahead of fumbling around on a tablet.

There are two problems for me with the Chrome universe. One will probably get fixed, one could be a deal breaker.

The first issue is VPN support. Apparently we use some sort of old, fiddly Cisco VPN that ChromeOS simply won't talk to. I filed Issue 261241 in the Chromium bug tracker and hopefully it will get fixed soon. If you're struggling with the same thing please star the bug report.

I can work around the VPN problem by using LogMeIn or Chrome Remote Desktop. But I can't live long without Skype. Actually I'd be perfectly happy to never use Skype again but my company runs on about fifty thousand Skype chats. I used Imo.IM for a while but they were forced to drop Skype support. Right now I'm using IM+ which as far as I'm aware is the only working Skype option for a Chromebook (please tell me if I'm wrong) but it's buggy and can't restore a connection between sessions. I either need to find a way to kill Skype at work or wait for (or write) a better web-only client.

Probably worth sticking it out, Gartner reports a 8.6% fall in PC sales but predicts Chromebooks growing to over 12 million units by 2016.

(Read the full Chromebook adventure: Part 1: Going Chrome, Part 2: Staying Chrome? and Part 3: Leaving Chrome)

(Image by he4rtofcourage, CC).

(All Etc Posts)

Memo to future: How to reassemble Kate’s cot

Updated on Monday, May 24, 2021

cot-step1

The long bolts with plastic washers attach to the head and foot of the cot (1). These are easier to screw in using a drill with a hex bit. Put the four smallest bolts through the holes (2) before attaching the sides or you’ll be taking the sides off again. These will be used to attach the mattress spring.

cot-step2

Cams go in the head and foot (1), smallest bolts as described above (2).

cot-step3

Now just attach the sides with the medium bolts and then the mattress spring using the wing nuts.

cot-step4

Missing one of the medium bolts? It’s in this bag somewhere. When asking Kate to help by putting bolts in a bag remember to be very, very specific about which bag next time. The rest of the hardware is in a Ziploc in a side pocket.

(All Etc Posts)

etc, cot

Immature Gmail Exploit

Updated on Thursday, November 12, 2015

Immature Gmail Exploit

The Gmail Android client helpfully puts the first letter of the name of the person who emailed you in a big block at the left of the mail list (I guess if you have Google Plus friends you probably get a photo instead). But it's pretty easy to change the from name in your email client and trivial to do this programmatically.

Tips... spell your message backwards and use a different subject line for each email so they don't get grouped together.

(All Etc Posts)

Google Spreadsheets API and Column Names

Updated on Sunday, May 2, 2021

Google Spreadsheets API and Column Names

I had a play with the Google Spreadsheets API recently to feed in some data from a C# application. The getting started guide is great and I was authenticated and adding dummy data in no time. But as soon as I started to work with real data I got:

"The remote server returned an error: (400) Bad Request."

And digging deeper into the response:

"We're sorry, a server error occurred. Please wait a bit and try reloading your spreadsheet."

The original sample code still worked so it didn't seem like any sort of temporary glitch as the message suggests. After much hair torn it turns out I was getting this error because I had used the literal column names from my spreadsheet. The API expects them to be lower case with spaces removed. If not columns match you get the unhelpful error above, if at least one column matches you get a successful insert with some missing data.

Error messages are one of the hardest parts of an API to get right. If you're not very detailed then what seems obvious to you can leave your developers stumped.

Hope this helps someone else...

(All Etc Posts)

BBC Slams BA

Updated on Thursday, November 12, 2015

Might there actually be grounds to sue BA on the basis of a frequent flyer program that never lets you actually fly anywhere ever?

Updated on Friday, February 24, 2017

Did you know? You can use your Avios to book hotel stays and car rental...

Well that’s good, as you sure as hell can’t use them for a flight:

There is no availability on British Airways for the displayed date range.

Previously…

(All Etc Posts)