Q. Why does my DDR4 memory show as 1333 MHz in my motherboard when it is supposed to be 2666 MHz?

A. The RAM is DDR4-2666 MT/s memory.

MegaHertz (MHz) means the measure of clock frequency in million cycles per second.
Mega Transactions per Second (MT/s) means the computer transaction rate in million per second
DDR means Double Data Rate.

DDR memory makes an operation on the leading edge and the trailing edge of each clock cycle, so there are two operations per clock. So, a 1333 MHz memory bus speed clock equals 2666 MT/s DDR RAM.

This would often erroneously called 2666 MHz RAM, but it isn’t really. It is 2666 MT/s RAM.

Q&A is a compilation of questions we have answered around the Web

Posted in Computer Questions and Answers, Memory, Q&A | Tagged , , , , , | Leave a comment

Q. Can I put Quad Channel RAM into a Dual Channel machine?

A. Single or dual or quad channel memory access doesn’t have anything to do with the individual RAM modules — an individual RAM DIMM is the same whether it is sold alone, or in a package of 2 or 4 matching pieces as a kit.

The key to dual or quad channel memory access is
1) the motherboard and memory controller on the CPU have to support it, and
2) you have to install 2 or 4 pieces of RAM that match identically – in terms of size, speed and configuration – into the appropriate slots on the motherboard (refer to the manual for instructions of slot population order).

Not many desktop machines support quad channel access, but most modern desktop and notebook machines support dual channel access. Dual channel access improves the speed that the CPU can access the memory locations on the modules by treating two modules as one big module. Although the theoretical bandwidth is doubled, the effective real world difference is around 6% performance improvement in memory intensive use.

If you buy an appropriate specification quad channel kit (that is, four pieces of matching RAM), you can certainly install them in a computer that supports dual channel, and you will get dual channel access.

Q&A is a compilation of questions that we have answered around the Web

Posted in Computer Questions and Answers, General Computer, Memory, Q&A | Tagged , , , , , , | Leave a comment

Q. What is the difference between NVME, M.2 and SATA?

A. M.2 (formerly known as NGFF) is a standard for a computer expansion card socket, and the cards that can go into it. M.2 – Wikipedia

M.2 cards are named after their size: the most popular is M.2 2280 – 22 mm wide x 80 mm long. All 22 mm wide cards fit the same basic M.2 socket,but they are keyed with slots in the connector edge to differentiate between different functions of cards.

SATA and PCI-e (PCI Express) are both computer bus interfaces for data communication to a storage device.

NVMe (NVM Express) is a logical device interface that is specified for PCI-e devices in the M.2 socket, so “M.2 PCI-e” and “M.2 NVMe” are sometimes used interchangeably. SATA drives use the previous ACHI logical device interface.

SATA devices can come in a variety of physical packages, including 2.5 inch drive, 3.5 inch drive, 5.25 inch optical drive, mSATA socket, or M.2 socket.

M.2 storage devices are designed to work with either the SATA or the PCI-e NVMe standard but not both.

The M.2 slots on a computer motherboard may be SATA only, PCI-e only, or may support drives of both both interfaces: you have to check the documentation or the labeling on the motherboard itself.

Speeds: SATA drives are limited to the maximum SATA bandwidth of 6 Gbps (about 600 MBps). PCI-e Gen3 x4 lane NVMe drives are limited to a theotetical maximum of 3,940 MBps. The newest products shipping with PCI-3 Gen4 x4 lane interfaces have a theoretical maximum of 8000 MBps

Posted in General Computer, Hard Drives and SSD, Q&A | Tagged , , , , , , | Leave a comment

Q. Why does it take much longer to copy a large file to a USB flash than to an external hard drive?

A. USB “keychain” flash drives are slower because the flash drive has much poorer writing performance than an external hard disk drive. The real world speed of writing depends both on the performance of the interface (USB in this case) and the write performance of the storage medium.

USB hard drive and USB keychain drive

Attached by USB 2.0, an external hard drive can reach about a 30–40 MBps writing rate, limited by USB 2 transmission. On USB 3.0 (USB 3.1 Gen 1) and USB 3.1 Gen 2, hard drives will hit the maximum writing rate of the spinning hard drive, which is about 100 – 200 MBps depending on the drive.

Consumer USB sticks (on USB 3) can do 10 – 45 MBps sustained write speed. That’s down to the low cost NAND Flash chips, the rudimentary controller, and the inefficiency of writing NAND flash memory in general. Flash memory cannot be simply written byte by byte, it has to be written in relatively large blocks. If there is any data on the drive already within a block, then the whole block has to be copied to temporary storage, then erased, then merged with the new data, then written back to the block of flash cells. There are some workarounds to shuffle pages within blocks, but in USB flash sticks the controller is not sophisticated. All this means is that writing to flash takes much longer than it should https://en.wikipedia.org/wiki/Flash_memory#Block_erasure

Single large files will write much faster than many small files. A freshly formatted stick will write faster than one that is badly fragmented with existing data. USB flash drive – Wikipedia

There are faster, more expensive sticks out there, that can do up to 100 MBps or more peak rates on USB 3 User benchmarks, but watch out for the random small file performance. See 639 USB Flash Drives Compared

How to achieve the best transfer speeds with external drives | AKiTiO

Q&A is a compilation of questions we have answered in various venues

Posted in Computer Questions and Answers, Hard Drives and SSD, Q&A | Tagged , , , | Leave a comment

Q: What should I check first if my computer lost internet access?

The first rule of support is: Check the cables.

The second rule of support is: Check the cables again! Is everything powered on?

Once you have done that, you need to isolate where the internet access is being interrupted. Was the internet connection working previously? Do you have WiFi or are you cabled?

Are you able to log in with WiFi and get ‘bars’ of WiFi connectivity? If so that’s good, it means you have connected with the WiFi router. Making a connection to the router however is not the same as making a connection to the Internet, it is only the first step/.

If you can’t connect to your WiFi router, try making a cabled connection to the router from your computer, this will test whether the problem is with your WiFi login ID and password, or the WiFi connection. The cabled connection requires no login.

So look at your router, it should have lights for WAN connection (your broadband connection) and one or more lights for the wired and wireless internal connections. Do any of the lights look different from normal (dead or orange instead of green, for example?)

Do other machines in your location have Internet access, or are all devices (tablets, smart TV, etc) that are hooked through this router offline? If all your devices are out, you probably have a service problem or a router problem.

Turn off the router, and turn off your broadband modem (they might be the same device or separate units). Then wait at least 30 seconds. (now is a good time to unplug and replug the cables between the modem and the router). If the modem and or router don’t have power switches, you can just pull out their power plugs.

Now turn on the broadband modem, wait 30 seconds (observe the lights as it makes connection with the provider, it should settle on one or two lights green indicating WAN access).

Then turn on the router, and wait for it to connect to the modem. Observe its lights. Also check the broadband modem, some of them have a switch on the top to cut connection and put it in standby… its all to easy to accidentally turn this switch on.

Router

If you don’t get a stable light for the WAN connection (the Online light in the example) on your router and/or modem, the service to your building may be down. Call your broadband provider.

If a separate router doesn’t get a stable light from its WAN port, then the connection between the router and the broadband modem may be bad, or the router may be mis-configured.

If the lights look normal, try logging in again from the computer.

If this computer won’t log in to an internet connection, but other devices can, first do a restart on the computer, and try again.

If the computer will log onto WiFi but still can’t get on the Internet (you get Page Not Found on any site you try in any browser), then the computer’s or router’s DNS settings may be bad, or the internet connection from your provider may be down. Hints for troubleshooting DNS problems You can try replacing the DNS Server settings in the computer’s network preferences with Google’s ( 8.8.8.8 , 8.8.4.4 ) or OpenDNS ( 208.67.222.222 , 208.67.220.220 )

Here are further steps past the basics.

Wi-Fi Stopped Working? Here Are Several Fixes to Try

Troubleshooting Your Internet Connection

Posted in Computer Questions and Answers, How-To, Internet and Networking, Q&A | Tagged , , , , , , | Leave a comment

Q: Can I use compressed air to clean out dust from inside my computer?

Yes, you can.

‘Canned air’ is a common, if environmentally dubious, method of blowing dust out of computers. Although chlorinated fluorocarbon propellants have been banned, the replacement propellants, Hydrofluorocarbons (HFC) and hydrocarbons, are still not good for the atmosphere, and throwing away the empty metal cans doesn’t help either.

If you are in the business of computer repair or use air dusting frequently, a Metro Data Vac (available from computer stores and online) is a better product. It costs less than 10 cans of ‘air’

Metro Data Vac duster

It’s useful for other things like inflating air mattresses and beach balls. I also use it to blow the excess water out of my vegetable garden’s micro-drip irrigation system to prepare for winter.

I would not use a household or shop vacuum on blower mode with a hose – the vinyl hose tends to build up a static electric charge in the air coming though, and I am cautious about that.

Some people have asked about an air compressor, this can be used with appropriate nozzles and keeping mind to limiting the pressure (you can damage components with too much pressure). The caution about compressors is if they are oil lubricated and the oil gets in the air lines – you don’t want to spray an oil mist in a computer.

Posted in Computer Questions and Answers, General Computer, How-To | Tagged , , , , | Leave a comment

Q: What does “swap memory” do that physical RAM memory in a computer can’t do?

A: It can be bigger.

Swap files on the computer’s hard drive are there for when you don’t have enough physical RAM, so the operating systems swaps data out of RAM space and writes a file on storage, to free up RAM for then next use. All modern operating systems use Virtual Memory files, Swap Memory files or Paging files.

The problem is, that hard drives are much, much slower than RAM (how much slower?) so when the operating system is forced to use the swap file, it slows the whole machine down. It’s a big part of the “spinning ball” syndrome you see when you have multiple documents open and you switch between documents or programs. The first defense is to get enough actual RAM to accommodate all of most of your multitasking requirements.

But if you cannot upgrade your RAM any further (either because the machine doesn’t take more, or you are already at the max), installing a SSD drive as your main drive is the last resort to speeding up multitasking. The SSD, being faster than the hard drive, will lower the time spent waiting for the swap file.

Q&A – Questions we have answered in various places over time

Posted in Computer Questions and Answers, Memory, Q&A | Tagged , , , , , | Leave a comment

Q: What old generations of RAM memory are the same speed as drives?

A: RAM, of any generation, has always been much faster than hard drives or SSD drives, and RAM continues to be faster.

There are several reasons.

Bus access: RAM is on a bus that is much ‘closer’ to the CPU than drives, and with more lanes. The CPU can access RAM through the high speed motherboard connections, whereas hard drives have to be accessed through a SATA or IDE or PCI-e controller, which imposes limits to bandwidth.

Latency: Latency is the time lag between when a request is made and the first data is read. RAM has latency measured in nanoseconds. Drives have latency measured in milliseconds

Going back 20 years, from PC-66 SDRAM to today’s DDR4, RAM latency has always fallen into the range of 8 to 20 ns. As RAM speeds have increased from 66 Mt/s to 2400 Mt/s the latency has increased. Since latency is measured in clock ticks, PC100 runs at 100 MHz clock speed, at latency 2 that equals 20 ns. DDR4-2400 2400 MTs RAM runs at 1200 MHz clock speed so at CAS latency of 16 that equals 13.3 ns.  CAS latency – Wikipedia

Hard drive latency is the average time that the drive needs to process the request, move the heads, and wait for the platters to spin around to the correct block of data. A typical hard drive would have a combined seek time and rotational latency of about 5 ms. or 5,000,000 ns. That’s 250,000 times slower than RAM latency.

SSDs have a very short latency, one of their big advantages over hard drives. In the article below, the read latency was .031 ms. But that is still 31,000 ns, 1,550 times slower than RAM. Sadly SSD’s write performance is much worse than their read performance.

SSD Throughput, Latency and IOPS Explained – Learning To Run With Flash | Page 2 | The SSD Review

Hard disk drive performance characteristics – Wikipedia

Throughput: Drives are also limited in their bandwidth. SATA hard drives can output between 150 and 210 MBps SATA SSD drives can output up to about 540 MBps. Writing speeds will generally be lower. DDR4–2400 RAM memory can output 19.2 GBps or 19,660 MBps, That’s 36 times the bandwidth of the fastest SATA SSD.

PCI-e M.2 NVMe SSD drives can achieve up to 2,800 MBps read speeds (writes slower). Still 7 times less bandwidth than contemporary RAM.

What are the data transfer rates for DDR, DDR2, DDR3 and DDR4?

So: The slowest RAM of the past 2 decades has never been as slow as the fastest drives of today.

Q&A is a compilation of questions we have answered on the Web in a variety of venues

Posted in Computer Questions and Answers, General Computer, Q&A | Tagged , , , , , | Leave a comment

Q: News web sites lock up every computer I’ve used, using much of it’s resources

A: Your experience is not the same as others.

Yes, news sites rely a lot on syndication, ads, dynamic content and loading content from multiple different sources. But the majority of computers do not bog down or lock up on news sites, so there are more variables at play here.

What computer? How much RAM does it have? What OS and version? What web browser and version? What news sites in particular? What internet connection and how fast?

The two most obvious things to try are to use a different web browser, and clear out your browser cache frequently.

If you use Firefox with the NoScript extension, you can control what scripts are allowed to run from which domains, and therefore selectively filter the content until you only get what you need. In general, use the latest version of the web browser, and turn off as many features and scripting as you can.

Then, look at your computer(s). Do they have sufficient resources for your OS and the programs you are running?
Its’s very common for people with 4 Gb RAM running Windows 10 or OSX 10.13+ to suffer major performance drags, whereas it may have been fine in an earlier OS. Get enough RAM.

How much multitasking are you doing (including background apps like antivirus, downloading, helpers, etc.)? The more programs and background processes you have open at once, the higher the demand for memory. Cut down on the excess.

The free utility CCleaner has a convenient tool for viewing and disabling startup processes under Windows and Mac

Q&A is a compilation of questions we have answered on the Web in a variety of venues

Posted in Computer Questions and Answers, Internet and Networking, Q&A | Tagged , , | Leave a comment

Q: Is it expensive to add a Thunderbolt port to a budget priced laptop?

A: Yes, because it means buying a new laptop.

The Thunderbolt protocol is an extension of the PCI-e bus and therefore cannot be converted from USB or any other common interface.

Thunderbolt relies on having a Thunderbolt hardware controller chip, typically built into the motherboard, plus CPU PCI-e lanes dedicated to it, and BIOS support.

For these reasons, it is a non-starter to add Thunderbolt to an existing machine (laptop or desktop) that does not support it.

You can’t go from this –

to this –

in real life. Only in Photoshop

Q&A is a compilation of questions we have answered on the Web in a variety of venues

Posted in Computer Questions and Answers, General Computer, Q&A | Tagged , , | Leave a comment

QNAP NAS storage owners – time to update your units

There is a security vulnerability that affects the QNAP NAS storage devices, and their QTS operating system. It has been fixed with a firmware update from QNAP in February, but the catch is — you need to manually install the update before it will fix things.
Because backup appliances work in the background, and we don’t have them in our faces (on our screens) like Windows and OSX, we don’t see nag notices reminding us to upgrade. But they are computers, inside, and their OS needs updating as well.

When I checked my NAS units, the firmware was at 2016 levels, that is not good. (Also, I forgot the Admin passwords to allow QFinder to actually let me upgrade.)

Here’s the steps to putting that right:
Use the QFinder Pro application ( https://www.qnap.com/en/utilities/essentials to install the latest version) to log into your QNAP device with your Administrative password.

QFinder Pro Screen

Oops. If you are like me, you set this up 4 years ago and have long since forgotten the password. No problem, since you are long overdue to change it anyway…

Locate the Reset button on the back panel of the QNAP, behind a small hole. (The location will vary with different models)

With the QNAP NAS running, using a pin or a very thin screwdriver (a Torx 5 for repairing iPhones turns out to be ideal) press this button down for three full seconds. Release when it beeps, or release after 4 seconds and it should beep once on release. This will reset the Admin password, WITHOUT destroying the shares and user access that you set up. If you hold the button down 10 seconds, then it will destroy your setup and make it difficult to get back at your data. https://www.qnap.com/en/how-to/knowledge-base/article/the-different-ways-of-resetting-your-nas-explained/

Next, after the QNAP has rebooted, use QFinder Pro to log on to the unit with the username “admin” and the password “admin”.

Note, if it persistently rejects your password: The QNAP application and Web interface both send passwords as clear text by default. If you have a security program, (Bitdefender in my case) it may block that as insecure, and you may have to create an exception in the security program to let it through.

Choose the name of your NAS in QFinder, choose Configuration, enter the username and password.
Now your first job before anything is to change that password to a secure one, because every hacker in the world knows they can access your machine with admin-admin.
In Configuration, choose the Password tab and enter the existing password, then your new password twice.

Then re-log onto the QNAP with your new, secure password (which you have safely recorded in your password manager for reference in 2024…).
Choose Login from QFinder Pro, which will launch your Web browser and then Login with admin and your new password.

Qnap login splash screen

In the web based interface, you’ll likely have several pop up windows offering Help, suggested Apps, etc. Politely decline these.

It may present a window saying that the Firmware needs updating, You can OK that one to start the process. If not, go to Control Panel, System area, Firmware Update icon

It will tell you the firmware that is ready to be downloaded and installed, just OK it and then be prepared to wait for 20 – 40 minutes as it downloads, installs and reboots the QNAP.

Once it has restarted, you are done. Well almost. In my case the firmware was old enough that it had to update to an intermediate version before it would install today’s version, that just meant another run through the Firmware Update cycle. The QFinder Pro interface will throw up a red flag after the Version number if there is another update needed.

Posted in How-To, Security | Tagged , , , , , , | Leave a comment

iPhone 5 Owners need to take action before Nov 3

Apple announced that iPhone 5 will require updating before Nov 3 or iCloud, App Store, email, web and other services will no longer work.

Starting just before 12:00 a.m. UTC on November 3, 2019,* iPhone 5 will require an iOS update to maintain accurate GPS location and to continue to use functions that rely on correct date and time including App Store, iCloud, email, and web browsing. This is due to the GPS time rollover issue that began affecting GPS-enabled products from other manufacturers on April 6, 2019. Affected Apple devices are not impacted until just before 12:00 a.m. UTC on November 3, 2019.

Apple https://support.apple.com/en-gb/HT210712#925

The implication is that if you do not update before Nov 3, you will no longer be able to connect to Apple and will not be able to update the phone via the IOS updater, and you will have to restore it from ITunes on a computer. If you don’t have a current backup, that means losing data.

Apple is sending out alerts to iPhone 5 owners that their phones must be updated to iOS 10.3.4 before November 3. If the iPhone 5 is not updated in time, it will be unable to connect to the internet entirely, including web browsing in Safari, email, iCloud and App Store services. This issue is specific to the iPhone 5, which was last sold in September 2013. To keep the phone functioning normally, update to the latest iOS 10.3.4 update before November 3. If you miss that date, OTA updates and iCloud backup will no longer be possible as the phone will not be able to connect to the network. In that case, you will need to connect to a computer and restore with iTunes on a PC or Mac.

As reported by 9to5Mac

If, like me, you have an iPhone 5 sitting in a drawer as a backup phone, it would be an excellent idea to pull it out now, charge it up and get it updated.

I was a little alarmed that the updater advised that it “will have to take all the apps off the phone to update, but, trust me, I’ll put them back on again”. It seems to have kept its promise.

Why do I keep it? There’s one dodgy application that I use, for a Chinese company’s automated pet feeder. I don’t want this app on my daily phone or iPad, so I keep it on the older iPhone and only use it when I go out of town and have to set up provisions for “She who must be fed”

Posted in iPad, iPhone, iPod, Mac questions, News, Security | Leave a comment

What ports do I have on my device? Sorting out cables, USB, Thunderbolt and Firewire

USB

Host ports
A host is a computer or another device with an operating system, that has the ports and the OS support (and drivers) to control a USB device.

Where are the ports? If it is a desktop computer, there are usually several USB ports on the back panel where the motherboard’s ports come out. The Host USB ports are all Female jacks

​If it is a notebook computer, the ports may be on either side of the machine or on the back.

USB 2.0 and 3.0 host ports are rectangles about 13mm wide and 5 mm high, these are called USB A Female ports.

Black designates a USB 2.0 port. It is fine for keyboards, mice, printers, scanners, etc.

White was used in the original USB 1.1 standard, however you will not see any USB 1.1 devices or computers that have been manufactured in approximately the last 15 years.

The ones with blue plastic inserts are USB 3.0 speed (USB 3.0 is now officially named USB 3.1 Gen 1, just to confuse things). the ones with black inserts are USB 2.0. Red inserts charging ports that continue charging USB peripherals even when the computer sleeps. USB peripherals generally will work with either USB 2.0 or USB 3.0 hosts, however the available 5V power and data speed on USB 2.0 ports may be limited for some devices.

​The latest USB port is Type C (officially USB 3.1 Gen 2 with Type C connector). It is smaller, a slender rounded port about 7mm wide and can be inserted in either direction.  With the correct cable, you can adapt from USB – C to USB – A type. You will see USB C ports on only the most recent machines.

​Peripheral Ports
Peripheral devices like printers, smartphones and cameras have various USB ports but these will all be Female ports.

A peripheral must be connected to a host. You can’t connect two peripherals together. A few peripherals such as smartphones and tablets, can be both a host and a peripheral using the same port (but not at the same time) – for example hooking up to a computer as a peripheral or acting as a host attaching to a USB stick to back up files.

Where are they?
The ports are located in different places, usually on the back panel or the rear section of a side panel for printers, on the bottom edge of cellphones and tablets, and behind a flap or a rubber seal on cameras.

Here’s what to look for
USB ports on printers and large external devices tend to be a squarish, 10 mm x 10 mm USB B-Type port, there are 2 versions, USB 2.0, and USB 3.0 which has an extension on one edge

USB ports on most phones, tablets and cameras are Micro USB which is about 7mm x 2 mm with one of the long edges bevelled. These are common for charging ports as well as USB data, and are a mandated charging standard in Europe. 

Older devices may have Mini USB, which was quickly passed over in favor of the Micro design.

Some devices that need more power such as external hard drives, may have a Micro USB 3.0 which is wider than the MicroUSB and has a second set of contacts. The USB 3 Micro B port will accept a Micro B connector.

There are some other rare types of USB cable connections, and some manufacturers use a non-USB standard connection. Some Olympus and Nikon cameras use the UC-E6 connector, the cable would have a standard Type A male on the other end

Very occasionally, a peripheral will use the full size Type A port, which is problematic because there are few A (male) to A (male) cables available.

Apple iPhones and iPads have never used USB to date (2019). Instead, they use proprietary connectors, first the Apple 30-pin connector, then the Apple Lightning connector. Although the Lightning connector is close to the same size as Micro USB and USB Type-C they are not compatible. The older 30 pin connector is similar to one Samsung used, but again they are mutually incompatible.

Thunderbolt

Thunderbolt comes in three versions, 1, 2 and 3.

Thunderbolt (formerly under development by Apple and Intel as “LightPeak”) is an interface that combines DisplayPort monitor signals with PCI-e high speed data communications signals. A single cable attached to a Thunderbolt 1 port provides two channels of up to 10Gb/s of data in both directions, and can support displays and hard drive storage (including large capacity RAID). Thunderbolt 1 was subsequently updated to Thunderbolt 2 and Thunderbolt 3, with 20 Gb/sec and 40 Gb/sec respectively

Thunderbolt can be daisy-chained for multiple devices on one cable, and can be used with adapters to output to DisplayPort, HDMI and DVI monitors. But check that the drive does have two Thunderbolt ports. Peripherals and monitors with single Thunderbolt ports are terminal devices and can only be used on the end of the chain.

The Thunderbolt 1 and 2 cabling system uses the same connectors as MiniDisplayPort, and is compatible with MiniDP video.

The Thunderbolt 3 system uses the same connectors as USB Type-C. Because Thunderbolt 3 carries USB as well as DisplayPort and PCI-e data, a Thunderbolt 3 host is backwards compatible with USB 3.1 Type C peripherals — but not the other way around, a USB Type C host will not support a Thunderbolt peripheral.

Thunderbolt cables are active cables, they have electronics built in, so standard Mini DisplayPort and USB-C cables cannot be substituted.

Firewire

Firewire (IEEE-1394a) was introduced by Apple on their Macintosh line as a higher performance alternative to USB for external hard drives, Developed with Sony, who named it i.Link, and Panasonic, it was also used as a transfer cable for DV Video.

It and was used in two versions, Firewire 400 and Firewire 800, which doubled the performance. Firewire 400 used a 6-pin cabling system. The main connector was a D-shaped, metal shelled connector, but there was also a small 4 pin variant that was small enough to fit on a camera or camcorder. The Firewire 400 cable carried 12V power, and in an unfortunate design choice, if the connector was inserted upside down into the computer (theoretically prevented by the asymmetrical shape, but practically quite possible, due to the flimsy construction of metal of the connectors) then the 12V power would short across the data lines, burning out the peripheral’s Firewire circuitry and possibly the Macintosh’s as well.

Firewire 800 (IEEE-1394b) switched to a keyed 9 pin solid plastic connector, which was more reliable, and maintained backward compatibility with FW400 if you used appropriate adapter cables.

Posted in General Computer, How-To | Tagged , , , , , , , , , , , , , , | Leave a comment

Purchase Order Fraud – Impersonation scam

Every week we receive orders and quote requests from companies, universities and hospitals all over North America, requesting expensive IT equipment. Great, right? Not really, because these are fraud artists that are trying to lure companies into sending valuable goods to them, and having the bill sent to the institution that they are impersonating.

They will have all the correct logos, all the correct addresses, and the real name of a senior employee at the institution – all information that can be found online or in an annual report. But the email domain will be a lookalike; ucalgary-ca.com instead of University of Calgary’s real domain of ucalgary.ca. Or they will make a misspelling or add something to the domain , jlsmithindustries.com or jlsmiths.com or jlsmith.net instead of jlsmith.com

The criminals will want 30 day terms to pay (as normal for a large company). This gives them plenty of time to disappear before the real company sends back your invoice and tells you they never ordered anything. The variation would be if they offer to pay by credit card, and provide a stolen card number. Credit card chargebacks typically take 2 – 4 months to be reported, and the money will directly withdrawn from your bank.

If the vendor is unwary enough to go through with the quote, they will receive an official-looking purchase order, complete with company logos and signatures. If they accept the order, when it comes time to deliver the goods, invariably there will be a “new office” or “warehouse” or “client site” to ship to, rather than the main company address. That will turn out to be an anonymous mail drop. Or alternatively, the scammer will arrange their own shipping on their account to the real address, and simply redirect the parcel with an address change as soon as it is shipped.

Note: Never let an unfamiliar customer use their own shipping account, and call your own courier companies to set all outgoing parcels to “No redirect” or “No Non-Direct Delivery” for your account – otherwise the courier company will let the recipient redirect the parcel to an alternate address as long as they have the tracking number (or they can allow a neighbor to sign for the package)

Here’s the most recent example

  • The first clue is that you are receiving an order or a RFQ from a company that has never contacted you before or that is out of your territory. In the example, the fact that we are in Canada and they are in Texas makes it improbable that it is legit.
  • Second can be that they ask for strange combinations of products – network switches and printer paper, for example, or they are asking for products that you don’t normally carry or advertise, although the criminals are getting better at paying attention to this.
  • Third, they mention payment terms up front, and/or they want extra fast delivery, and/or they do not seem concerned about price.
  • Fourth of course would be grammatical and spelling errors or stilted language in the email, but that is not reliable, as criminals can hire writers and editors too.
  • In the example above, one tell is the use of a AOL email address. That is sloppy on the part of the criminal, they didn’t bother to set up email boxes at the phony domain bshwc.com they registered 39 days ago. No reputable company does business email from a free email service (gmail, hotmail, outlook, aol, yahoo, ymail, etc,).
  • The email may be excessively concerned about proving who they are. Hint: Chief Procurement Officers or any executive suite or senior staff do NOT handle routine requests for quotes.

Crucially, you must check that domain name in the From: and in the Reply To: areas of the email headers with Whois to see who it is really registered to, and when it was registered.

Look up the actual company or institution with a Google search online to see what their real domain is. Contact the purchasing department from the information on the real website to confirm if you have any lingering doubt that it may be real.

If you are like me, you will take the extra time to email the actual company and alert their security and accounting departments to the fraud attempt. They can also take action through the domain name registrar and the domain and mail hosting companies, to take the domain down for criminal activity and for trademark infringement. In the example above I got the domain registrar ENom.com to take down the bshwc.com domain within one day. Not all of them are this responsive.

University of London has been hit with this so often that they have a page dedicated to the problem. It’s worth a read.

Posted in Media and Commentary, News, Security | Tagged , , , , , , , | Leave a comment

Is FixYa Dead? Have the scammers won?

FixYa is a site where people can post ‘how do i fix…’ questions online, and other members volunteer suggestions to solve the problem. This is similar to Quora and Yahoo Answers. While there have been debates on the quality of the answers (FixYa seems to reward speed over accuracy), the quality of the questions (many seekers are not good at articulating their problem, or even the make and model of device they are using), or the revenue model (every question gets a ‘suggested answer’ to pay for telephone support from 6Ya.com), I have been participating from time to time on the free site, for the good feeling of helping others.

However, the FixYa site is now overrun with ‘questions’ that consist of spam. The form this is taking are posts that provide a phone number for support for a particular company or product, such as “GMail Support for New York l8OO.333~l23.5 Toll Free “, interspersing characters and substituting alphabetic lookalikes for numbers. (to skirt a simple ###-###-#### filter that would reject the post. FixYa’s elementary algorithm is fooled by the simplest of evasions).

Update Nov. 8 2019: I sent an email to VerticalScope corporate outlining the issue and requesting a response.

Update Nov. 14 2019: No reply from VerticalScope or FixYa. But in a perverse turn of events, FixYa has now blocked my account from posting answers or comments. I also see that the top spam deleting Expert “Antispam” has not posted in the past 24 hours, I have no way of knowing whether FixYa has blocked him or not. Yet our most persistent spammer “Anku Singhala” who was reported 4 weeks ago, is still spamming strong today with 805 scam posts up (despite having 1000’s deleted).

Update Nov 15 Account reinstated with no explanation…

The dark side is that these toll free numbers will connect unsuspecting users with criminal call centers,

Is this Avast’s phone number. I . Don’t. Think. So.
The scammer reused boilerplate from a Dell support scam post, and said that Avast was founded by Michael Avast (instead of Michael Dell). Typical of the random text they insert to avoid detection.

Once a user phones, the operators will attempt to get the user to log into a poisoned website where the operator will take over the user’s computer to install viruses, spyware, ransomware, or to steal the user’s identity. Or they could use social engineering, persuasion or bullying tactics to directly extort money, charge card information, or other valuables.

CBC recently reported on a tech-support scam call centre in India, where they were pulling in $2,000-$3,000 in scammed money per operator, per day, with dozens or hundreds of operators. The BBC ran a similar article.

That FixYa permits these posts to remain on the site for more than 1 minute is inexcusable.

FixYa Support scam photo
A ‘Question’ on FixYa The scammer was sloppy with this post and one of the phone numbers got trapped and *******’ed out.
These template-generated posts are crude and easy to spot because of the nonsensical grammar and repetition but don’t be complacent. The scammers will get better writing and editing, and help-site users who are in distress with a problem are not prone to thinking all that critically.

The FixYa FAQ says this about reporting: “Click the “Report Abuse” link or icon (small flag)”.
See if you can spot the “Report Abuse” link below.

Yeah, it is hiding under the “Flag” text, no Flag icon to be found.

As of Oct 18 User “BROWN” (brown-42171) already had 658 spams and rising. Three days later they are still active and have 450 spams despite a concerted effort to delete them. User “Love Guru” (ravi-miits-31691) is posting prolifically on Oct 25 after being reported Oct 17.

Once an answering user (a FixYa Expert) has passed a certain score threshold (for answers, “helpful” ratings, etc.), they are able to use additional links to delete posts or edit the post. I am using this new-found Expert power to post warnings and delete 800 numbers.

I am trying to warn FixYa readers to never use these 1-800 numbers. Ironically, answers are subject to automatic censorship at posting – the word “Fraud” is **** ‘ed out, and if you try to post the same answer to more than one question, then FixYa says “Oops” and blocks posting of the answer. (This results in having to manipulate each answer by changing some punctuation or wording to be able to post the next one.)

In the past four weeks I have edited, flagged or deleted more than 10,000 scam posts and reported over 550 users. And they come in faster than I can copy and paste the reports – at least hundreds of spam posts per hour. As far as I can tell there are about four other FixYa Experts doing the same, I am estimating volunteer Experts are deleting 5,000 – 10,000 spam per day. Some of these Experts report that this has been going on for weeks.

FixYa, which was originally based in California, is now owned by VerticalScope, a content and advertising company based in Toronto who operates numerous websites, which is in turn majority owned by Torstar, publisher and owner of the Toronto Star newspaper among others. VerticalScope went through a downsizing in staff in 2018, although it is recruiting for staff in Community Growth, Business Development and Ad Operations and Programmatic Performance.

FixYa gets revenue from onsite advertising (there are a lot of intrusive ads) and from their paid service, 6Ya, which sells subscriptions and recruits Gig-economy freelance ‘Experts’ to make money delivering phone support.

Torstar recently reported a sharp downturn in revenues, the lowest stock price in their history, and suspended their dividends til at least 2020

I have consolidated reports to the FixYa support mailbox outlining the offending usernames and the numbers (hundreds) of spam posts per username.
I have yet to receive a reply of any kind from FixYa or any evidence that any of these reported users have been deleted for spamming.
Or any evidence, frankly, that there is any staff moderation going on at all.

It is at the stage where scam ‘questions’ and answers outnumber legitimate how-to questions more than 100 : 1 in some categories, notably printers, computers, software and cellphones (and oddly, Carrier Air Conditioners, presumably a misapplication of the search term Cell Network Carrier, and probably assigned by an algorithm). If you are trying to work in an affected category the site is mostly unusable.

Update Nov 8: Today I checked the Unanswered Questions list. It takes scrolling down over 50 pages (147 scam questions) before you can reach the first real question. The Computer and Internet Unanswered Questions has about 600 scam posts before you get to a real question. This really raises the concern, is the FixYa site usable at all?

Note: Oct 18 The FixYa site is suffering major slowdowns and frequent Bad Gateway errors. Is it possible that the posting volume of scammers is actually causing a Denial of Service attack?

Update: Oct 20 the site is back to medium performance, and the efforts of the volunteer users is making some headway against the bulkage of spam so some questions can be found between the spams. But new spammer accounts keep appearing at the rate of dozens per day, and ‘vintage’ spammer accounts are still active despite being reported.

Doing a deeper dive, I see posts from over a year ago where six different answers are posted to a question, each with a different 1-800 number and or web link for (example) “Canon Printer Support” – none of which are the actual Canon number or website.

Answer scams: Checking these users’ answer histories, they have used their same 1-800 number and or website for ‘support’ for every question from Apple to Dell to Zebra. It is beyond the realm of possibility that these posts are anything other than;
at best – stealth advertising for paid support sites,
or
at worst – scam / criminal tech support fraud.
Both are in direct contravention of FixYa Terms and Conditions, yet these scam answers are still online over a year later.

The question is, will FixYa do what it takes to turn the tide on this inundation of dangerous spam? Will they continue to rely on the volunteer moderator community, or will they dedicate staff effort to fix this quickly and effectively? Will they give it only a quick fix, or should it provoke a deep-think about the structure of the site?

FixYa:
If you run an online forum you have to moderate it. And if you can’t train an algorithm to see how they are scrambling the information to evade simple filters, and to limit post by frequency, content or IP source, then you need to have direct human moderation. And not just volunteer moderators.

You are providing a platform for criminals and lending them your credibility. Unsuspecting consumers are getting hurt.

I can spot these scammers; why can’t you, FixYa.

FixYa owners, FixYourself.

Postscript: I have given up on FixYa, personally. I have never received a reply from Support despite dozens of requests. When I looked into the site recently, it appeared relatively spam free, with a smattering of nuisance and nonsense posts. Oddly, someone tried to post comments here on this blog, complaining that some FixYa user was being “bullied” by another user, and that user 2 should be banned. The credibility of these comments was undermined by multiple identical comments arriving from the same IP address, with different fake usernames. One doesn’t have to stretch to guess what manner of user it is who is complaining about being deleted.

Posted in Internet and Networking, Web News | Tagged , , , , , , , | 1 Comment