The iPad 2 saga (aka Best Buy fail)

Having resisted the original iPad, I succumbed to the temptation of the iPad 2 and placed an order via the online Apple Store at 9am on the UK launch day, March 25th. Unfortunately, due to demand, I was given an estimated shipping date of 15 April, with estimated delivery on 26 April, inexplicably eleven days after shipping – a far cry from the experience I had when I pre-ordered my iPhone 4 and it arrived on launch day.

I thought I’d be OK to wait, but having played with one in the Birmingham Bullring Apple Store last week (who didn’t have any stock available to take away on the day), I started getting twitchy fingers – as well as considering going for a 32GB model instead of the 16GB I’d ordered through Apple – so started watching the very useful iPad-Stock.co.uk website.

After a couple of false alarms – Tesco Direct occasionally showed stock but every time I got to the checkout, I was told it was out of stock, and a friend managed to order one from HMV only for his order status to change to “pre-order” within hours – I eventually managed to find some stock, this time at Best Buy, the US electronics giant who have recently opened up shop (physically and online) in the UK. All went well, until I put my credit card details in… declined!

I tried a couple of different cards – one credit, one debit – and strangely both of those failed as well. My phone then rang – it was Tesco Bank, the issuer of my main credit card, who wanted to go through a few transactions with me to make sure they weren’t fraudulent. Having verified that the declined Best Buy transaction (along with a few previous purchases elsewhere) were legit, the operator unblocked my card and said that I should be able to put the order through again.

Great, I thought, so I input my card details again – still no joy! So I phoned Best Buy, who helpfully told me that my account had been blocked for 24 hours due to the original declined transaction and I was welcome to try again tomorrow. When I asked if there was any way around this, I was told not – I couldn’t even order over the phone. A friend of mine had a similar experience, so I wonder how many potential orders Best Buy have lost out on due to this dubious “security” measure – I can imagine a lot of banks and card issuers have declined cards as people suddenly dropping some £500 on an electronics website could well appear fraudulent without speaking to the customer first.

Knowing that the Best Buy stock was likely to have run out by the following day, I decided to go elsewhere. At the time, Insight were showing stock of the black 32GB Wi-Fi model that I wanted, so I decided to place an order with them. The deal wasn’t as good as the Best Buy one, as I had to pay £12 delivery, but if it meant I could have the iPad in my hand sooner, I was happy to fork out.

I was pleased to see that the website accepted my credit card details… then dismayed when I got an email later saying that it had been declined. By the time I read the email on that same evening, Insight’s phone lines had closed, and as it was a Friday I wouldn’t be able to give them a different card to try until the following Monday. Another retail fail – why doesn’t the site have an option to update the payment method via the website when the phone lines are closed?

So, having exhausted my options, I gave up for the day. At around 10.30 this morning, I had a quick look at iPad-Stock, not expecting to see anything, but to my surprise there was stock showing at Comet. They were offering free delivery for Tuesday, or £6 for a Monday (7am-6pm) delivery. It’s not like me to pay extra to receive something a day early, but this is the iPad 2 we’re talking about… My order went through successfully and I got an email confirmation, so all good so far.

I haven’t cancelled my Apple order yet – I thought I’d wait until my Comet order is fulfilled, so I have something to fall back on in case of problems. However, a friend of mine also put an order through with Comet and tried to cancel his Apple order immediately, and was told that the order was already being shipped and couldn’t be cancelled – so he ended up cancelling his Comet order. I’ll wait and see what happens on Monday – worst case is I can’t cancel it and have to return it to Apple when it arrives, or sell it on to a friend or colleague (at cost price, naturally – I can’t be bothered eBaying it).

Thoughts on npower hometeam

I signed up for a npower hometeam 50 central heating care contract at the start of February. Knowing that boiler repair can be expensive and that my boiler hadn’t been serviced since we moved in over a year ago, £15 a month didn’t seem a bad price for peace of mind, especially as it includes an annual service worth £75. Also, as npower supply my gas and electricity, I’d be entitled to 50% cashback at the end of the year if I didn’t call them out.

Towards the end of March – coincidentally, a week before my first annual inspection and service was due – the boiler failed and I called npower out. They offered me an appointment for two days later, so I agreed with my employer to work from home on that day.

The engineer arrived and set to work looking at the boiler. He thought that either the gas valve or PCB needed replacing, although he didn’t seem to perform any extensive diagnosis in order to reach this conclusion. He then started the annual service inspection, and at this point noticed that there was a small gap between the boiler and the flue because the original installer hadn’t properly attached the bottom of the flue pipe to the fan assembly. Unfortunately the flue pipe was cemented in place through the wall of the garage in which the boiler is installed. He said that npower could fix this, but as a pre-existing fault it would be chargeable at £200 and they wouldn’t necessarily do a great job as they are not installation specialists, so I would be better off getting a local gas fitter to rectify the problem, which would probably take around an hour and cost in the region of £80. The npower engineer said that once the flue had been fitted correctly, I should contact the call centre and book an appointment so he could come back and fit a new gas valve. In the meantime, he said he had no choice but to declare the boiler as “Immediately Dangerous” and disconnect it from the gas supply.

The engineer left, and I immediately contacted Custom Heat, a local (Rugby-based) gas installation company, about whom I had previously heard good things. They were able to come out the following day after 1pm, which I was pleased with as I was eager to get the issue resolved.

When the Custom Heat engineer arrived, he took a look at the boiler and told me categorically that there was no problem with the flue installation, and that the npower engineer was wrong to condemn the boiler. He reconnected the boiler to the gas supply, charged me a £72 callout fee and left.

I got straight on the phone to the npower call centre to explain this. The operator was very apologetic and promised that she would call me back by the end of the day. This didn’t happen, and when I called the following day to chase this, I was told they had no record of the conversation. So I explained everything in detail again, requesting that the information be added onto my account notes, and was given an appointment for the npower engineer to return five days later.

The engineer arrived and, to my surprise, he had no knowledge of what had happened with Custom Heat. He was still adamant that the flue was incorrectly fitted and therefore the boiler was unsafe. He demonstrated this by dismantling the boiler and shining a torch up from the combustion chamber into the flue, and we could both see that there was an escape of light. He said that unfortunately he’d have to condemn the boiler once again and wouldn’t be able to replace any parts until the boiler had been made safe.

So I phoned Custom Heat to explain the situation. The operator said she would get the engineer to call me back as soon as possible. Around ten minutes later, he called me so I briefly explained the situation again and put him on the npower engineer who was still on the premises. The Custom Heat engineer told him that he they would come out and fix the flue with no charge, and that I should call the office to arrange this, which I did. The operator initially tried to backtrack on the “free fix” promise, saying that there would be no additional callout fee, but parts and labour would be chargeable. I didn’t accept this and they did back down and send an installer out within 15 minutes. As luck would have it, the npower engineer was fortunately still here and he was able to explain his findings.

The installer was very good and completed the work within an hour and a half, albeit with some difficulty as the boiler was installed approximately seven years ago and the fittings had started to corrode in place. Unfortunately, by the time he’d finished, the npower engineer had left, so I had to book a third appointment with them, for three days’ time.

The npower engineer arrived, was happy with the flue, and started carrying out a proper diagnosis of the original fault. He decided that the gas valve wasn’t the problem after all, and it was actually the PCB. He didn’t have one with him, but was able to pick one up from a local supplier and fit it the same day, which did indeed get the boiler working.

So, after twelve days without heating or hot water (even the shower runs from the mains water), I was finally up and running again.

Clearly the original installer was at fault for not connecting the flue correctly, but I have no recourse as the central heating system was already fitted when we move in, and we were left no paperwork showing who installed it. Also Custom Heat were in the wrong for refusing to accept that there was a flue problem, and reconnecting the boiler without remedial work when the npower engineer had declared it unsafe. I can’t fault the npower engineer for erring on the side of caution and refusing the work on the boiler until it had been made safe, but things could have progressed much more quickly if the call centre staff had logged my issue correctly, and there wasn’t such a long lead time for appointments, which would have made the situation all the more unpleasant had it happened in the middle of winter.

Custom Heat deserve some credit for eventually fixing the problem for free, saving me approximately £60 in labour, although I’d have preferred to have paid and had it fixed first time around. They were also quick to come out on both occasions, unlike npower. I would hesitate to recommend Custom Heat based on my experience though, as they were happy to leave me with a visibly unsafe boiler.

I’m glad I had the npower cover, as it saved me paying £200-odd for a new PCB (although reconditioned boards are available on eBay for around £65) plus labour to diagnose the problem and fit the part. Fortunately my employer is flexible enough to allow me to work from home when necessary, so despite the inconvenience, I wasn’t out of pocket for four separate days I had to spend out of the office.

I haven’t decided whether I’ll renew my npower hometeam contract when it runs out. Most likely, I’ll switch to the British Gas equivalent which costs an extra £2/month for similar cover (albeit without the 50% cashback option), which could be worth it if they’re able to get out to me more quickly in the event of a boiler breakdown.

Tesco Bank rejecting some non-IE browsers for “security reasons”

When attempting to log into my Tesco Bank savings account recently, I was greeted with a message stating that my browser – the latest stable build of Google Chrome – is unsupported:

Tesco’s security concerns seem unfounded given that Google Chrome – which, incidentally, is based on same the WebKit rendering engine as Safari - was recently proven to be one of the most secure browsers.

Also, despite the site’s recommendation of a “modern version of Firefox”, I found that I was also prevented from logging in using the latest version of Firefox 3.6. Trusty (or should that be rusty?) old Internet Explorer 6 seems to work fine, and that’s not a particularly secure browser by any stretch of the imagination!

Strangely, I’m able to log into my Tesco Bank credit card account just fine with Chrome; it’s just the savings area that locks me out.

Fortunately the only reason I logged in was to withdraw my full balance ready to add to my 2010/11 ISA, but if I were looking to continue saving with Tesco, their short-sighted approach to browser support would certainly have me thinking twice.

Scansure – buyer beware!

I recently purchased a hard drive from Scan.co.uk – one of their Today Only specials. At checkout, they automatically add Scansure Protection - an insurance policy which protects against installation damage. This is a bit sneaky, and because I wasn’t really concentrating, I neglected to remove it. It only cost me £2.30, but that’s money wasted as I have been building my own machines for years now and it’s unlikely I’d damage the drive. Unfortunately, from browsing the Scan forums, it seems that it’s impossible to cancel Scansure after going through with the order.

This experience probably won’t stop me buying from Scan in the future, but I’ll certainly be more careful. Ideally I think Scansure should be opt-out rather than opt-in, or at the very least there should be an option for registered users to disable Scansure permanently on their account.

Google Mail to become Gmail in the UK

I have been using Gmail since its early invite-only beta days in 2004. As explained by Google, they were involved in a dispute over the use of the Gmail name in the UK, so they were forced to rebrand the UK service to Google Mail in 2005. Existing UK users were allowed to keep their @gmail.com address (although the logo on the Gmail interface switched to the new Google Mail logo), while any new customers were assigned a @googlemail.com address.

Fast forward to today and it appears that Google have reached a settlement, as they have rebranded back to Gmail in the UK. Effective immediately, new UK users will again be able to sign up for @gmail.com addresses, while existing users will be able to choose whether to switch or to keep their old @googlemail.com addresses. The Google Mail logo will also be phased out and replaced with the Gmail logo.

This doesn’t really mean much in the grand scheme of things, as whether the “official” email address (as displayed in the Gmail user interface and in the From field of all sent emails) is @gmail.com or @googlemail.com, the domains are actually interchangeable, but it’s still a good step forward which will eliminate a lot confusion.

The only country in which the Google Mail brand now exists is Germany, where there is an ongoing dispute between Google and the owners of German company G-Mail. Maybe Google will now look to resolve this and be able to offer Gmail as a truly global brand.

FoneM8store: Buyer beware!

I recently did some online shopping for an automatic air compressor to keep my car tyres topped up, and decided upon the Ring RAC600 Automatic Digital Air Compressor. Ring Automotive are a well-respected manufacturer and the product attracted positive reviews on Amazon.co.uk, and FoneM8store were offering the item for just shy of £22 delivered which seemed like a good deal.

I have used Amazon regularly since 2000, but having never bought from a Marketplace seller in the past, I was slightly dubious. Unfortunately, I decided to go ahead anyway.

To cut a long story short, I placed my order on 15th February, and it was supposedly dispatched on the 17th, with a delivery estimate of 19th-23rd. I emailed the seller on the 24th as I hadn’t received the item. The seller requested that I confirm my name and address so they could send a refund. I had already provided this information, which was the same as quoted on the dispatch confirmation, but was happy to provide it again.

I then received an email the following day stating that the replacement was “on its way”, and that I should contact them again in case of further problems. No delivery estimate was provided so I waited until 3rd March before sending another email to the seller to advise them that the item still hadn’t arrived.

I received a curt reply of “You definately have a problem with your local sorting office then , these things weigh a tonne, can you check with your local sorting office to see if they are holding any items for you at this time please.”

I had in fact already checked with the sorting office who had confirmed that they were not holding any items for me. I responded to this effect, and requested a full refund as I didn’t want to wait for yet another replacement that had no guarantee of arriving.

By now it was 5 March, but the seller told me that “we cannot refund on this item as yet as the replacement item was only sent out 6 working days ago, if this has not arrived by wednesday [10 March] of next week please feel free to email us back and we will sort this out for you.”

Fast-forward to today: still no air compressor – by now I’m frustrated but not surprised – so went back to the seller to ask for my refund. Despite having been in correspondence with apparently the same person – “Maria” – since February, she ignored my request and – déjà vu time – asked me to “please confirm your home name and address and we will send a replacement out by recorded delivery straight away”

I replied to remind Maria that the refund had already been agreed in the event of the first replacement item not receiving, but thought I was probably wasting my breath so have now filed a claim under Amazon’s A-Z Guarantee. Hopefully I’ll get my money back but Amazon’s website doesn’t give any indication of how long this is likely take.

I’ve always had a fantastic experience with Amazon.co.uk themselves in the ten years in which I have been a customer, and will probably continue to buy directly from them, but will definitely steer clear of Marketplace sellers. Amazon have taken a gamble by integrating the Marketplace feature so closely into their site and they need to be very careful not to allow dishonest sellers to tarnish their hard-earned (and, in my opinion, well-deserved) good reputation.

Right, off to Halfords, I think….

Update (16th March): I actually ordered the same item from eBay yesterday (for marginally less) and it arrived today. Lesson learned I think! Meanwhile Amazon say they should have a decision on my claim by 25th March.

Update (22nd March): I have finally received my Amazon refund! Glad to have my money back, after being without it for over a month.

In detail: Argos credit card security breach

When I saw today’s The Register article, “Argos buries unencrypted credit card data in email receipts“, I immediately logged into my Gmail account to see if I had been affected.

It didn’t take me long to find an email receipt from an order placed in April 2009, and was able to see the problem first-hand.

Near the bottom of the email is the wording “We take security of your details seriously. We may send you emails from time to time, but we would never send an email asking for your log on or card details. See online security for further information.” The underlined words point to a page on argos.co.uk via an URL of some 1600 characters – ironically, this is where the problem lies:

http://www.argos.co.uk/webapp/wcs/stores/servlet/ArgosStatic
PageSecondLevel?includeName=Security.htm&langId=-1&storeId=1
0001&catalogId=1500001501&returnToURL=PlaceOrderProgressView
?storeId=10001&cardnumber=****************&houseNumber=*&val
idationno=***&readtsandcs=on&availableDeliveryOrder=********
**&LockDelAddressAsBillAddress=false&startmonth=&paymentAddr
essId=*********&javascriptEnabled=true&contactAddressId=****
*****&orderId=**********&creditPlanId=&unavailableDeliveryOr
der=**********&delcity=RUGBY&SCSNum=03&com.ibm.commerce.cont
ext.experiment.ExperimentContext=com.ibm.commerce.context.ex
perimentimpl.ExperimentContextImpl@63656e2a&switchno=&emailT
ype=HTML&vatReq=N&voucherCode=&catalogId=1500001501&creditPl
anShortText=&address2=&address1=**********&delpostcode=*****
**&cardtype=VISAD&FFM2011461168=5&POnumber=&deliveryAddressI
d=*********&langId=-1&startyear=&eccvValidated=Y&paymentName
=MR C BARNES&delHouseNo=&addressId=*********&delcounty=Warwi
ckshire&fromView=DeliveryOnlyPaymentInfo&SECURE_ACTION_RESUL
T=7&postcode=*******&SECURE_ACCEPT_CARD=Y&country=United Kin
gdom&town=RUGBY&endyear=****&isInstantCredit=false&endmonth=
**&issueNo=&nor=0&foundValidBinCardType=valid&address=******
********************&instantCreditOtherCard=true&instantCred
itOrder=N&county=Warwickshire&jspStoreDir=argos&delPostcode=
&continue.y=15&continue.x=108&cardholder=***********&argosIm
pl=1&deladdress2=****************

Obviously I’ve redacted my personal details, but the actual text contains my full unencrypted card number, CVV code, expiry date, name as printed on the card and address – basically all the information needed for an identity theft attack. Not only was the information transmitted in clear-text when the email was sent, but the link provided is a standard insecure HTTP link which, if I were to click it, would once again transmit the information in the clear.

A PC Pro story on the same subject credits the find to reader Tony Graham, whose credit card details had been used fraudulently. While there’s no evidence to link this incident to the Argos breach, my card details were also misused by fraudsters around the time of my Argos order, so this could be more than a coincidence.

My email receipt from a subsequent order made in July last year didn’t seem to expose these details, so presumably the problem had been resolved by then. Nevertheless, I would hope Argos have the decency to contact all customers that may have been affected, making them aware of what has happened and urging them to check their statements carefully.

“Domain Registry of America” scam

I’ve just received a letter from the “Domain Registry of America” (scam site URL) warning me that the expiry date of one of my domains is approaching. This is nothing but a scam which attempts to trick unsuspecting users into “renewing” their domain with DROA (i.e. transferring their registration to them) for up to 5 years. My advice is to either renew your domain with your existing registrar or let it expire.

The letter reads as follows:

As a courtesy to domain name holders, we are sending yiou this notification of the domain name registration that is due to expire in the next few months. When you switch today to the Domain Registry of America, you an take advantage of our best savings. Your registration for: *****.com will expire on June 07, 2006. Act today!

Domain name: *****.com
Reply Requested By: April 7, 2006

You must renew your domain name to retain exclusive rights to it on the Web, and now is the time to transfer and renew your name from your current Registrar to the Domain Registry of America. Failure to renew your domain name by the expiration date may result in a loss of your online identity making it difficult for your customers and friends to locate you on the Web.

Privatization of Domain Registrations and Renewals now allows the consumer the choice of Registrars when initially registering and also when renewing a domain name. Domai nname holders are not obligated to renew their domain name with their current Registrar or with the Domain Registry of America. Review our prices and decide for yourself. You are under no obligation to pay the amounts stated below, unless you accept this offer. This notice is not a bill, it is rather an easy means of payments should you decide to switch your domain name registration to the Domain Registry of America.

The letter goes on to offer me the choice of renewing my domain for one, two or five years, for £18, £30 or £55 respectively, and also offers the .net and .org variants for £30 each for 2 years.

Looks like exactly the same standard letter that was sent to this blogger a little over a year ago. Steer clear!

The Oil PC

Submerging your PC in cooking oil seems like one of the worst ideas ever suggested, but it’s been done by the guys at Tom’s Hardware. Turns out that oil is a pretty good coolant, and as it doesn’t conduct electricity, won’t short out your components.

The associated Digg story links to a few other people who have tried similar things. My personal favourite is this one – in my opinion, he’s done a better job by avoiding the gratuitous use of silicone sealant and employing mineral oil to improve visibility and presumably reduce the chance of the oil becoming rancid. I also like the airbrick which sends bubbles up through the case.

I’m interested in trying something similar – I replaced my graphics card today and stuck the old card’s fan in a pot of sunflower oil. When I powered it up, it started spinning as normal, although silently and a lot less quickly. I’m not ready to rebuild my main PC in a fishtank full of baby oil, but I’m tempted to drag an old junk PC down from the loft and see how it fares as a silent, oil-cooled system.

Note that it’s unlikely that you’ll end up with a completely silent system – certain components such as the drives and power supply are definitely best kept out of the oil – but you can at least reduce fan noise and maybe even improve cooling at the same time.

Obviously, experimenting with cooling-by-oil-submersion is not without its risks – there’s a chance that you’ll fry (no pun intended) your system and/or end up with a pool of oil on the floor – but you can certainly have fun trying.

Procrastination

I have a rather scary exam in Formal Software Development tomorrow morning, so am finishing my last minute revision this evening. Rather than bore you with the details, here are a couple of fun stories I found on Digg earlier today:

PHP Easter Egg

Append ?=PHPE9568F36-D428-11d2-A769-00AA001ACF42 to any URL on most PHP-powered sites to see a cute picture of a dog (or a different dog, a rabbit or a guy with breadsticks up his nose, depending on the PHP version in use).

You can also use a similar technique to view the PHP and Zend logos, and the PHP credits.

There’s some more information here.

My only concern about this bit of harmless fun is that it exposes sites running PHP, but there are lots of other ways of finding this out with a default PHP installation. If you want to disable this, and other “clues”, set php_expose to Off in your PHP configuration file (php.ini) which I assume also removes other “clues” (such as PHP-specific HTTP headers). But I say: use PHP, and use it proudly. :)

(via Digg) – note that the trick no longer works on Digg URLs – the server guys did the php_expose thing!

How to cheat at Windows Pinball

The author of this article has uncovered a cheat in the 3D Pinball game bundled with Windows XP that has lain undiscovered since XP’s 2002 release. By typing the magic words “hidden test”, you are able to drag the ball around the board and do some other cheaty things. What makes it more interesting, though, is his explanation of how he unearthed the elusive cheat using debugging tools.

Apparently it only works on the XP version of the game, not the previous version which shipped on the Windows 2000 disc. However, the XP EXE should run on any version of Windows from 95 upwards. (If anyone can confirm or deny this, let me know.)

(via Digg)