Saturday, February 10, 2024

Airbnb puts money first and people's safety second

Airbnb does the job and as long as you read carefully u should be fine, EXCEPT, there has been a glaring hole in their booking process for many years now. If you book a place the does not provide the "immediate booking" option then if the host refuses to accommodate you (most often because he/she had not updated the eligibility status of their property) you do get a full refund BUT only after 1-3 weeks depending on your bank's policies. They tell you something like "sorry, we pre-authed the amount and then when the host refused to host you we issued a full refund - it is just that the credit card hold will take at least a week to clear". Bottom line is that if you are low in funds in your card at that moment and you need a booking right away you are basically screwed.

The "full refund but time to reflect" story is just a cheap excuse they have been using for years to excuse outsourcing all risk and hassle to the client while not considering that they sell SHELTER, one of the most basic human needs, and not Gucci bags or some other frivolous thing.

Someone who has had his reservation denied and his funds withheld for weeks before refund may find himself homeless in a place like El Salvador and die in the streets like some homeless bum, if his card is not at the moment loaded enough to make a new reservation. Airbnb is quite indifferent and callous to this possibility, although well informed about it, because the current, in purpose flawed, booking process they keep using is convenient to them.

This is serious traveler safety issue and It would be interesting if some some NGO or even GO investigated how many people suffered, got in danger, got injured or died because of this practice worldwide.

Process needs to change and credit cards should be actually charged - NOT PRE-AUTHED - when host accepts. Then if something goes south the money would remain as booking credit you can use immediately for another booking.

At the very least a dialog should be added that warns you of the possibility of denial when u are trying to book a property that may refuse to host you resulting in your money getting frozen for weeks - but no; they don't want that. Instead they try to make it look like it is your fault: "You did not properly read our terms or service", etc. Typical corporate sheep herding.

Airbnb simply does not care - all they want is the money and their peace of mind and if some poor travelers die, well, poor people die every day.

Thursday, March 4, 2021

Have Outlook store mail data in a drive other than C:

As with many things Microsoft things that you would think are simple to do can turn out to be, perhaps unnecessarily, hard.

All I wanted was for Outlook to store its mail data (stored in .pst and .ost file) in E: drive instead of the default C: drive but for that, at least with the latest version of Outlook (2019) you actually need to edit the Registry.

Here is how:

Obviously, you can have it point to a full path and not just the root directory of a drive.


Thursday, November 26, 2020

VStarcam C90S surveillance camera won't connect to the WiFi

It is not mentioned anywhere but this particular model does not support the IEEE 802.11n protocol even with its firmware flashed to the latest version published by the manufacturer. You will need to force your router to 802.11g mode for it to be able to connect successfully and be accessible.

VStarcam C90S support link

Charge your motorized toothbrush with a wireless phone charger

In case you forgot to pack your motorized toothbrush charger, basically place your toothbrush, standing up, on a wireless phone charging pad or on your phone, if it supports reverse charging.

NOTE: after testing this I can confirm that the wireless charger does charge the toothbrush but ONLY A LITTLE BIT regardless of the time you let it charge. I suppose the there are significant differences in the specification of the wireless charging interfaces of the two. Charge is barely enough for a single short brushing session.

Tuesday, October 27, 2020

Getting the right International travel COVID-19 certificate in Greece

There is a large number of private laboratories/clinics in Greece that do COVID-19 diagnostic testing on short notice and can provide a certificate with your results in English.

Regardless of the which country you are heading to the most important thing to remember is that the type of COVID-19 diagnostic test required in all cases is the PCR (Polymerase Chain Reaction) type of test, also known as, molecular test, nucleic acid amplification test (NAAT), RT-PCR test, or LAMP test. To be on the safe side though, make sure the certificate you receive refers to it as "PCR" or "RT-PCR" which is the name everyone will recognise and accept as valid.

Then, depending on which country you heading to, things can become more demanding. For instance, the airline employee at check-in or the immigration officials at the port of entry may require that you produce documentation or online evidence that the laboratory you did the testing at is officially certified/recognised for this type of testing by the Greek government. Given that the Greek government's sites are usually in Greek and pretty terse in quantity and quality of easily accessible information this could prove hard to do. I did do some research and thankfully there is official info online, in English, that can be used for that purpose.

The official Greek certification body for laboratories (including medical) has a minimal English version of its site here:

The site is the typical buggy, incomplete, non user friendly Greek public sector mess. It may take some time but eventually you will hit this page here (screenshot below) which allows you to get a listing of all medical labs certified to ISO 15189 standard.

The results are not necessarily labs that do COVID-19 PCR diagnostic testing and they are a mix of public and private entities. Using this listing you can find those labs that are listed under ISO 15189 certification for "human samples", like the one below, and which, in their "Scope of Accreditation" document, linked into their "Accreditation Details" page, list COVID-19 PCR testing as well.

If you already know of a lab that does COVID-19 PCR testing and want to check if it is officially certified then you can use this search form here.

Finally, for those able to read Greek there is a precompiled list of certified COVID-19 PCR diagnostic testing labs here.

Wednesday, October 14, 2020

Samsung T7 Touch 1TB External SSD Drive security mode's security is questionable

 I just purchased a 1TB Samsung T7 Touch External SSD Drive. Main reasons were:

  1. Its hardware based AES-256 encryption capability.
  2. Its USB 3.2 connectivity and claimed max read/write throughput of about 1 GB/s
  3. Its looks
Regarding point 1, the Windows software version that comes with the drive and enables its security mode is buggy. It cannot self-update to the latest version, or tell you if there is one (although it supposedly supports self-update) and although it does work, the drive would freeze, and with it the whole explorer.exe process, after a few hours of continuous use, e.g. while copying over many gigabytes, or having Google Backup and Sync sync those many gigs to Google Drive.

Obviously, like this, the drive would be useless for power users while its coveted security mode is on. Thankfully, the latest software version, which you have to seek out, locate, download and install yourself, does fix the problem; once installed it downloads and installs the latest firmware to the drive which makes the drive work as expected, i.e. it is stable in long term use while security mode is on.

The implementation of its security mode, however, does leave a few serious doubts to those who are security conscious and technically akin to cybersecurity. When I  switched from security to non-security mode and after I disconnected and reconnected the drive I noticed that my files, previously copied over with security mode on, were still accessible as normal. So, how were they encrypted then? Security mode was off and I was never asked for a password when I reconnected the drive, so... This implies the following grim fact: The AES-256 symmetric encryption key is always the same, but probably unique per drive, and potentially known/recorded by Samsung. The are some subcases here - some grimmer than other:

  1. The AES-256 key is hardcoded and therefore potentially fairly easily accessible via hardware/physical attack by a person with some electronics expertise. This would mean that turning on the security mode and supplying a password merely saves your password in a non volatile register (maybe hashed or maybe even in plaintext, though the latter would be unthinkable for a company like Samsung - more to be expected by Chinese companies of the worse kind), the host software compares the password you supply, on each drive connection event, to the one in the register and then either allows files to be decoded by the hardcoded key and appear as available or not. Security-wise, this is a pretty bad predicament.
  2. The AES-256 key is recorded in a non-volatile register, initially in plaintext, but once security mode is turned on, it is encrypted, using an undocumented algorithm, with the user password as key or part of the key, and then re-recorded in the same non-volatile register in encrypted form. When security mode is turned off it is re-recorded in its plaintext form and I remember that the software does ask you for your password when you turn off security mode. This is better but does not change the sobering facts that:
    1. Samsung potentially knows and records the AES-256 key for each drive it puts out in the market.
    2. We do not know how good the key encryption algorithm and overall implementation of the encryption/decryption process is.
Considering the points above, using password only (instead of password & fingerprint) as a more secure option may not be worth not taking advantage of the convenience of the fingerprint unlock feature although if implementation of point 2.2 is good, living with the fact that Samsung may have to disclose your drive's key if you are involved in a major FBI international investigation is not as bad as knowing that some fingerprint sensor fidgeting may unlock your drive.

Regarding point 2, a host computer with a USB 3.0 bus will only give you half the maximum read/write speed of the drive (around 400/500 MB/s); to get close to the maximum speed of 1GB/s you would need a host computer with a USB 3.2 bus.

Regarding point 3, the drive's looks are obviously great.

Finally, here is a tip from Samsung itself on how to improve the drive's performance on Windows hosts.

Wednesday, July 22, 2020

Office Add-In Caching is Problematic

Caching for Javascript based web add-ins for Microsoft Office is super problematic. Hard to make it let go of certain files and use new versions of them. Microsoft gives some instructions on how to clear the add-in cache here but it still won't work sometimes.

Especially problematic files are "FunctionFile.html" and "FunctionFile.js" if the Visual Studio naming convention is to be followed (i.e. how Visual Studio names these files in an auto-generated web add-in project). These files are not downloaded in the task pane's browser instance and therefore caching of them does not follow the same rules; they are extremely sticky and development can get pretty frustrating.

Only way I have found to deal with the problem is rename them in a versioning way whenever I effect changes on the files and want to see the results immediately. Specifically, assuming that the "Home.html" and "FunctionFile.html" naming convention is being used:
  1. In the add-in manifest rename "FunctionFile.html" and "Home.html" to "FunctionFile2.html" and "Home2.html", increasing that version number every time you need to refresh the cache.
  2. In "FunctionFile2.html" rename all instances of "FunctionFile.js" to "FunctionFile2.js"
  3. In "Home2.html" rename all instances of "Home.js" to "Home2.js"
  4. Rebuild & republish the solution if you're using the VS based automated process, or upload the changed files to the add-in backend if you're doing it manually.
  5. Go and manually (e.g. over ssh/sftp or in file explorer if doing it locally) rename the .js files to their new versioned names.
  6. Sideload the published xml manifest of the add-in to your Office app and take pleasure in the fact that your changes finally reflect immediately.
Microsoft has produced irritatingly problematic technologies before but I'm having difficulty remembering something as persistently problematic and as irritating as this. They keep throwing their dirty laundry at the developer.