ParentPay seriously broken (again)

400 Bad Request
ParentPay, the Microsoft-based school payment system that’s the bane of so many parents’ lives, has yet another problem. Since Saturday, every time I go to their web site I get a page back that displays as above. Eh? Where does this page come from – it’s not a browser message. A look at the source reveals what they’re up to:

<html>
<head><title>400 Request Header Or Cookie Too Large</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>Request Header Or Cookie Too Large</center>
<hr><center>nginx</center>
</body>
</html>
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->
<!-- a padding to disable MSIE and Chrome friendly error page -->

 

Okay, but what the hell is wrong? This is using Chrome Version 56.0 on a Windows platform. Can ParentPay not cope with its standard request header? If a cookie is too large, the only culprit can be ParentPay itself for storing too much in its own cookie.

I’ve given them three days to fix it.

Please generate and paste your ad code here. If left empty, the ad location will be highlighted on your blog pages with a reminder to enter your code. Mid-Post

Unfortunately, parents of children at schools are forced to use this flaky web site and hand over their credit card details. How much confidence do I have in their technology? Take a guess!

Solution

So what to do about this? Well they have the URL https://parentpay.com, so I tried that too. It redirected to the original site, with a slightly different error message sent from the remote server – one that omitted mention of cookies. So it was definitely Chrome’s header? Upgrade Chrome for 56.0 to 57.0, just in case…. No dice.

A look at the cookies it stored was interesting. 67 cookies belonging to this site? I know Microsoft stuff is flabby, but this is ridiculous! Rather than trawling through them, I just decided to delete the lot.

That worked.

It appears ParentPay’s bonkers ASP code had stored more data in my browser than it was prepared to accept back. Stunning!

 

Baofeng DMR handheld – the DM-5R

DM-5R PlusIn 2016 Baofeng released the DM-5R – what sounded like a fantastic DMR radio at a very attractive price. One of the best features was that it maintained the same form factor as the UV-5R, meaning accessories were cheap and plentiful. In fact it was completely compatible as an analogue transceiver, but with DMR too.

Only one huge problem – it only implemented Tier-1, which basically meant it could only talk to other DM-5Rs – not to the Motorola or Motorola-compatible Tier-2 units.

Suppliers insisted that Baofeng was going to release a software update for it. I’m on record elsewhere as being sceptical of this, as I’ve never seen a way to update the software on any Baofeng radios, even when they’ve introduced killer bugs in to the wild.

Apparently I was wrong(-ish), and a firmware update has appeared for the promised $10. Furthermore, a DM-5R Plus has also turned up on the market, with Tier-2 software already. I don’t have confirmed specifications (i.e. the unit in my hand) but there’s some question about the battery. Sometimes its listed as 1.5Ah, other time 2Ah. BL-5 battery packs (the UV-5R standard) are 1.8mAh. I really hope they haven’t been crazy enough to come up with a new battery format.

Battery aside, what’s not to like? If if’s Tier-2/Motorola compatible, then I’m sure I’ll love it. But how compatible is it? Questions remain. Take this announcement from DMR-UK (target likely to expire) quoting a Phoenix Repeater Keeper:

“I have now heard a station using the DM-5R on the Phoenix network. I can confirm that although the radio appeared to work (apart from having very low audio) it was actually occupying both time slots on the originating repeater. This confirms that even though the so-called Tier 2 update had been done it was still working as a Tier 1 radio.”

This is unattributed, and it’s not clear whether the transceiver was a DM-5R Plus or an upgraded DM-5R. I don’t even know if an upgraded DM-5R becomes identical to a 5R Plus. This will become clear over time.

That Baofeng didn’t get the complex firmware right first time would come as no surprise. But do I want to risk it? Only if they promised to offer a free fix; but they really don’t have a good track record there.

AO.com extended warranty – the hard sell

Our 1997 AEG Lavamat washing machine is demised. The motor finally gave up the ghost, and Electrolux (AEG) no longer stocks the spares – and even if they did, the cost of buying a new motor for such an old machine is debatable. AEG and Samsung make the machines that clean the best (according to Consumers Association tests), so another AEG it was. Unfortunately our local shop, Ruislip Appliances, is shut for the holidays so on-line shopping it was, and  AO.com had a suitable replacement that can be delivered next day. And helpfully, they agreed to take away an old dishwasher too, having paid to take away the old washing machine.

To get the latter deal, I had to order by telephone. After concluding this, the guy on the end launched in to explaining the fabulous after-care service they offered – at a price. Basically they’ll fix stuff that’s “not covered by the warranty”, such as accidental damage and bits wearing out – like bearings and door seals. Eh? Doesn’t the AEG warranty cover premature failure of non-consumable items? If a car was warranted for a year and you wheel bearings wore out just because you were driving it (reasonable distances) then you’d expect it to be fixed. Tyres are another matter; they’re consumable.

I checked the AEG warranty exclusions, and nothing like this was excluded. Basically commercial use, improper use and accidental damage. Anything else they’d fix. And their warranty lasts five years – which tells me they reckon their product won’t break down and have the data to prove it.

AO.com’s warranty excludes stuff covered by the manufacturers warranty, so that leaves very little to cover. “Ah yes, but if we can’t fix it we’ll give you a new comparable model!”. AEG would have to do the same, if it came to it. But if you read their T+C, AO.com will only do this as a last resort and they will automatically cancel your policy.

So for this little extra protection, how much did they want? Well to cover this £500 washing machine for five years it worked out at £450. Basically, where their warranty takes over from AEG’s, you’ll have already paid out the cost of a new one. If the machine was a write-off after ten years (reasonable for an AEG machine), you’d have paid for a new one twice over.

The warranties are actually called product protection plans internally, and they’re sold by AO on behalf of a third party – Domestic and General Services Ltd. They administer the plans, collect the money from the customers and pay a commission to AO

In Y/E 2014, AO.com sold £18m worth of these dubious warranties, and the value is increasing. They’ve been a bit coy about mentioning the figures in subsequent published accounts. If you’re the kind of person that’s totally unable to save up for a new appliance, it may be worth it as a saving scheme – a sort of pre-paid expensive credit option. If you pay up-front for what you buy it’s as much use as a cardboard washing machine.

I feel an OFT investigation coming on. Followed by “haveigotao.com” and similar sites.

One of the significant risks to AO Group’s future is desertion by customers (according to their Annual Report and Accounts 2015). I’m afraid the hard-sell of a dodgy product on the telephone during my first order left me questioning whether I wanted to deal with these people then, or ever again. They don’t have a price advantage over local independent dealers, and I don’t get taken for a fool by the locals either.

Other impressions of AO were good. But the washing machine hasn’t turned up yet!

Baofeng UV-5X vs UV-5R Review

Someone asked me today whether they should get a UV-5X instead of an UV-5R. The 5R is a bit of a legend in the handheld transceiver world – a very cheap and capable VHF/UHF unit covering Business Light and Ham bands on FM. It has a few flaws – for example you can’t disable the keypad and stop users doing stuff they mustn’t (a matter for Business Radio, but not a problem for ham use)

That said, if you can trust your users not to meddle, it’s a good piece of kit. And the UV-5X has an upgraded motherboard and chipset for about 25% more on a very low price – so what’s not to like? (Incidentally, it’s the same as the Baofeng FF-12P, but without the reversed display)

I’m assuming, dear reader, that you will know the Baofeng UV-5R and its variants so I won’t go into any detail on these. If you don’t, they’re extremely good kit for the money.

But if you’re considering a 5X over a 5R, which should you choose? In terms of features, the 5X appears to have similar firmware to the 5R 297 release – presumably not identical due to the new chipset, but you won’t notice a difference. When I get around to it, I intend to pull one apart to see if the chip-set really has changed, but for now I’ll take Beofeng’s word on it. CHIRP treats the 5X as a 5R, although current builds do list it as a separate model. It’s measured power output is around 3.5W on UHF and 4W on VHF, although I’ve no reason to believe this is going to be particularly consistent across examples. (Low power mode was 1.5-2W on both). Accuracy of frequency (objective) and sound quality (subjective) are very good on both units.

For what it’s worth, the 5X is (currently) shipping with a new antenna, not found on the newer 5Rs, and quite different to the longer ones found on slightly older examples. I’d hate to say one performed better than the other – I might run some tests if someone twisted my arm, but in real use I didn’t notice anything.

So what are the differences you will notice? Well, mostly cosmetic! The torch, that Baofeng seem to be so proud of on all their radios, has been upgraded from the simple LED and how has a parabolic reflector. It is thus a better torch. Quite why this is important is beyond me, but if you are a fan of radios with decent torches in, buy one and knock yourself out.

The volume knob is smaller (to make room for the torch beam, I assume). The PTT button is different. And the cover for the microphone is a fold-back job rather than hinged, but has a screw which means you can remove it completely and put it back later. This isn’t a bad thing if you’re using a microphone; the hinged cover on the 5R and similar was a bit vulnerable when open.

One improvement I did notice is that they’ve fixed the carrier squelch nonsense (on the UV-5R the setting made very little difference). However, the current build of CHIRP allows you to tweak this on other models anyway (it’s under Service Settings).

But, there is a killer reason why you may want to stick to the 5R – support. In some crazy move, the 5X uses a different (incompatible) battery and a different charger. If you’re already running 5Rs this is going to be a total pain; if you don’t have a Baofeng radio yet it’s going to limit your choice and availability of accessories. The DM-5R (the digital version) very sensibly kept compatibility with the 5R accessories, so why couldn’t this?

The 5X is, however, reputed to be splash-proof, if not waterproof. This is a good thing. The keypad also has bigger keys – that’s to say thicker with more travel, NOT as you might think, with a larger face. There’d be no room anyway, although The 5X is actually a bit taller. This means it won’t fit the rubber armour sleeves or any tight-fitting holster. Another problem is that I don’t think anyone can supply it with a UK charger as standard, although the US one will work with an adapter.

The UV-5X is not a bad radio, but to mind it’s not good enough to beat the UV-5R, where the ace is the range and availability of spare batteries. For my money, if I wanted to get more than the bog-standard UV-5R I’d go for the UV-5RHX or UV-5RTP – with upgraded (three setting) transmitter power. They’re accessory-compatible with the UV-5R, although internally (and to CHIRP) they appear as BF-F8HP and a BFP3-25 and both have NSR3409 firmware. The only difference is that the TP comes with the new rounded shorter antenna and the HX doesn’t appear to be available with a UK power adapter, although it does ship with the large battery. I don’t think anyone in the UK is selling it.

Doogee launches T5 Android, with newer technology than T6. What happened to T4?

I like Chinese mobile phone maker Doogee. Their kit is great. Their marketing sucks more than a Hoover.

Today’s global launch was for the T5 “business” handset, which looks very like my trusty T2 (aka Titan 2, aka DG700). Except it’s supplied with two different backs so you can switch it for a silicone-looking one instead of the crocodile skin effect. Actually, the T2 was supposed to have interchangeable backs. But if you’re worried about what it looks like you now have a choice. I don’t care for the leather look, but then mine is kept in a case anyway.

Doogee T5

Over the last few weeks it’s body has variously described as plastic (I don’t think so) or titanium, as opposed to the chromed steel of the T2. I suspect it’s really made of unobtanium, and I won’t believe otherwise until I see one for myself.

Confusingly, Doogee has been announcing lots of successors to the fantastic T2, but the cheaper plastic X5 has really taken off in a big way so perhaps they’re busy flogging those instead. As the T2 is pretty much indestructible (shock proof, waterproof and being used as a hammer-proof), I don’t think I’m going to have to replace it any time soon.

So it turns out T5 has a similar specification – IP67 waterproof and a sturdy metal case. I know, because I’ve dropped the thing from height on to concrete several times, that the floating screen is very hard to crack. There videos of YouTube of lorries running over it. But unlike all the toughened phones I’ve had, it doesn’t look out of place in a boardroom.

The T2 has a 4Ah battery, which keeps me going for a couple of days – or even a week if I’m careful how I use it. My kind of specification. And the T5 looks to be identical, but the battery holds slight more. Okay, it’s got a faster processor too (8-core, ARM Corex A53, if you please), 3G of RAM instead of 1G, and 32Gb of internal storage instead of 8Gb. And of course the cameras have a lot more megapixels, but it’s still a phone camera. The 5″ screen is also full HD this time, if you’re using an magnifying glass.

Enough to tempt me away from the T2? Well not really. The T2 is damn good, and the only criticism I have of it is that the chrome has worn out on the corner I hold it by. That, and the silly case. The greatest practical difference will probably be the use of Android 6.0; the T2 was stuck on 5.0. Depending on your point of view, Android 5 may be A Good Thing.

But what the new phone appears to lack is the NFC chip needed for Android Pay. And a finger printer reader. These were the only thing missing from the T2. Come on guys!

But Doogee has communication problems with the English speaking world. They announce a lot of things, not all of them turn up and some are better than described. There is also supposed to be a T3, which has a small screen on the top edge (where you’d expect to plug stuff in!) and a smaller battery. But not waterproof or hardened in any way. The internal hardware spec seems similar, but I have no idea if/when it will every be available. There’s also a T6, again not waterproof but with similar hardware specification to the T5, other than less megapixels on the cameras. It’s noteworthy for having a 6.5Ah battery – nice! But it’s Android 5.1. On the other hand, you can at least buy it for around £90.

(Footnote – mobile phone cameras are all bad in my eyes, but then I use lenses that cost twenty times the price of a smartphone).

BBC micro:bit finally launched

At verybbcmicrobit_s long last, the BBC micro:bit has been released. This is the educational embedded computer designed to inspire  kids to learn about real programming. A small board with a CPU, Bluetooth, two switches and some LEDs it’s ideal for… Well what? Obvious comparisons will be made with the established but overcomplicated Raspberry Pi.

The plan is to send these out to year 7 students over the Easter holiday. I’m involved in computer science education, but I can’t even buy one (although I can use the simulator). Quite how these will be received when they turn up during Summer term remains to be seen, but I suspect eBay will feature in getting them to those who are interested in this kind of thing.

Unfortunately, from it’s inception in 2012, those of us who have been watching events unfold have a one-word verdict in common: Fiasco.

I’ll let you know more if I actually get to see one.

TP-Link 8-Port Gigabit Smartswitch review

There’s a tendency with any well-designed network for someone to go and do something the designer didn’t expect. A single desk with a couple of wall ports suddenly needs three network printers and a couple of PCs and an IP camera, and you’ve run out of sockets. The easy answer is to bung in a desktop switch, but once you’ve done this you’ve lost control, and visibility, about what exactly is going on downstream of your managed switch port.

In recent years a few desktop managed switches have appeared, and I’ve been looking at a reasonably priced TP-Link 8-port Gigabit Easy Smart Switch (model TL-SG108E to be precise). TP-Link have an “Easy” smart switch, and a non-easy versions (such as the TL-SG2008). I’ve yet to get my hand on the latter. They also make a JetStream range of layer 2 “Light” Managed Switch, which have a couple of SPF slots even in the 8-port models. Confusingly, the “light” versions are actually the top-of-range models.

TP-Link kit started turning up in the UK several years ago, with appalling technical support and documentation. It did tend to work, and was keenly price. I’m happy to say that TP-Link has got its act together, with proper English documentation and apparent backup, although I have to say I’ve yet to invest in anything expensive enough to make calling on their customer service worthwhile.

Unpacking the Easy Smart Switch you find a the neatly made metal boxed switch, with a good quality feel about it. The PSU is the normal quality wall-wort type, delivering just under 1A. Cooling is by convection away from the metal box; there is no fan and no apparent need for one.

You can use this switch as self-configuring switch straight out of the box and it just works. Testing it unscientifically as a desktop switch, I’ve no complaints about the performance. I didn’t try aggregating the lines for an uplink or anything fancy, as chances are on a desktop you’ll only have one port talking to another at any one time.

After that it was time to manage it, and this is where I hit a snag. In spite of the box saying it was compatible with Windoze, Mac, Linux and so on, it turns out that you need to run some Windows-based software to do anything with it. Although it had port 80 open, the is no web management interface; and port 22 was there but lacked an SSH interface. In other words, it’s useless unless you are a Windows shop. According to TP-Link there is a version 2 of this switch which does sport proper web and SSH interfaces, but version 2 isn’t on sale  in the UK at time of writing.

If you find a Windows PC to run it, you can set the IP address over Ethernet or set it up for DHCP. Once it’s on the IP network the configuration utility can be used to configure various options and run diagnostics – and upgrade the firmware, which you may want to do immediately looking at the release notes on the TP-Link web site.

Useful features are port mirroring, rate setting and (if you can figure it out), various VLAN options in including port-based. You can throttle ports, view port statistics and run a cable diagnostic. One serious omission is that there is no way I could see to control the layer 2 routing – i.e. statically assign a MAC address to a particular port. Only dynamically learned MAC addresses are supported, which is what you get a dumb switch for.

There are a number of security and QoS options, such as storm control for ports. Whether this is going to be used on a small unstacked desktop switch is debatable. The VLAN options could be very useful as part of a more complex multi-switch network, giving granularity down to the desktop.

Another feature inherited from it’s larger siblings is link aggregation. You can bond up to four ports together for a high-speed uplink; but on a a 5 or 8-port switch, this really can’t be that useful, can it?

If you can live without the access control and incompatibility with anything non-Windows, the price of this switch makes it an excellent choice net to a dumb switch at about the same price. However, for a few pounds more you a get a TP-Link SG2008, which doesn’t seem to suffer these limitations – or indeed a D-Link model of similar specification. D-Link switches tend to be fast and trouble-free in my experience.

Pros: Have a managed switch at the same price as an unmanaged one.

Cons: Management features provided are less use on a small switch, especially as access control is missing. The management can only be done using a Windows utility – no web or SSH interface.

Conclusion: Spend a bit more on a better TP-Link model, or look at D-Link or Netgear.

 

iZettle contactless payments on American Express (Amex)

Since I reviewed iZettle’s new contactless card reader there have been a few updates to the App, and after the initial teething problems I’m happy to report that it’s been working flawlessly hereabouts.

iZettle Bluetooth Card Reader
iZettle Bluetooth Card Reader

The latest update is to support contactless payments on American Express. This came as a bit of a surprise, as I assumed it already did! It just goes to show how important Amex is…

You need to do a firmware update. You get this by connecting to your tablet/phone and running the iZettle App. Then go to Settings/Card Readers and select Update. I’ll let someone else try it first, as I can live without the functionality for a while longer.

This does not, of course, work on the freebie iZettle reader – only the Bluetooth one that you pay money for. Don’t be cheap – it’s good!

This update means support for contactless covers Visa, MasterCard, Applepay and Amex. I have to say that I’ve yet to find a card in the UK it couldn’t use, one way or another.

iZettle now works with Apple iOS 9(.1)

I’ve just had a note to say that Apple has released a new version of its smartphone/tablet system that fixes the bluetooth bug in version 9.0 that prevented iZettle readers to connect using Bluetooth. So fanbois can now upgrade their fondleslabs without cutting of their revenue stream.

For details see here: https://www.izettle.com/gb/help/articles/2122036

On the Android front, teething problems with iZettle 3.0 software  – the one that works with contactless – seem to have been fixed with version 3.0.1, although 3.0.2 also turned up a couple of days ago. Given some harsh testing with me, it was impossible to get version 3.0.1 confused by turning things on in the wrong order. However, some people have taken to the play store to say it’s still broken. It could be that its incompatible with their handsets (they don’t say which version of Android they’re using) – it could also be that it’s the cable connected version, which always seemed to be on the cusp of working reliably at the best of times.

While they were at it, they’ve fixed a few oddities in the user interface, so you can now just put through a payment without having to add it to the cart first (one of the points I made in the original review).

I’d be interested to hear details if anyone is still having trouble, and I may be able to help.

iZettle is now contactless on Android

Update 6th October 2015:

What a difference a day makes! Yesterday I was trying to get iZettle 3.0.0 working on my Android 5.0 handset and failing miserably. Today, it’s all working just fine. The difference? Three things:

  1. Don’t have the handset and the reader too close together. Bluetooth was interfering with the WiFi. They’re on the same frequency, and Bluetooth doesn’t really play nice with 802.11n. While the Internet connection was being blocked by the reader, the App became unstable on loading.
  2. Either turn on the reader before you start the App, or afterwards. I’m not completely sure of the timing, but there seems to be a bad spot if they’re both starting up together where they fail to sync and both go funky deux. The photographs following the review show what I mean!
  3. When you turn on the reader, wait for the “Please wait….” to disappear before you considering it to be “on”. i.e. don’t start the App while it’s in that state, and don’t do anything to try to use it if the App is already running.

If you follow the rules above, everything else works like a charm. And like all rules, there are exceptions when it might work anyway.


Review

iZettle is a Swedish company, founded in 2010, offering a complete mobile card payment system for small businesses with Terms of Business and charges that should make the bankers blush. The deal is that they charge a straight ~1.5%-3% dependent on volume, with no minimum transaction fee. You can buy a reader from them, or if your volumes are high enough, they’ll give you a free Chip and Pin reader that connects to some smartphone/tablet hardware (iPhones and a few Android devices) using the microphone/speaker. My advice on the free reader is “don’t be cheap – pay for the bluetooth one”.

Today iZettle released its all-new Android App, version 3.0.0, which allows it to work with the  Card Reader Pro Contactless . When I say “released”, it appeared in the Google Play store without fanfare; not even a press release. Apple fanbois have been able to use contactless cards (and Apple Pray) for some time now, but the Android App has always lagged behind; odd, as 90% of smartphones run Android. Perhaps iZettle really likes Objective ‘C’?

The good news, apart from contactless support, is that the new Android App is much cleaner and nicer to use than the old one. On startup, it goes straight in to the screen where all you need do is enter the amount and optional description and add it to a cart (you can’t charge it immediately, for some reason). If you have pre-set items you can access them in grid or list from by swiping left; tapping an item adds it to the cart.

70D_04547c

To take a payment just tap on the cart icon. You get a chance to add a percentage or set value discount and when you’re done it just connects to the card reader and does the business. One very welcome feature is that the display on the reader now shows the amount being charged.

There are other good features lying about in the software. For example, a battery status indication is available in settings. But the main feature of 3.0 is its ease of use.

Teething problems connecting notwithstanding, there are a few possible improvements that spring to mind. It would be handy to be able to enter a number and select “Charge” immediately without going through the cart first. This may be a bug – before you enter an amount the there is a large button marked “Charge” that changes to “Add Item” (to the cart) as soon as you enter something. Also, there are pre-set discount rates of 5%, 10% and 15% and the ability to enter any percentage manually, but you can’t edit the pre-sets. More seriously, you can’t edit the VAT rate table or enter a manual rate. It has 0%, 5% and 20%, which are the current rates in the UK, but they’re going to change. It also makes no differentiation between Zero-rate an Exempt, which does matter for proper accounting.

But these are minor quibbles. iZettle 3.0 is a big improvement on the rather clunky 2.5 and I’ve no doubt the teething troubles with the connection will be fixed. In the mean time, just leave the reader enough time to warm up.

In view of the problems I did have, a means of rolling back updates is needed. iZettle says that they can’t do this at the moment, but given the difficulty of testing Apps – especially Android ones  – on the wide range of hardware and OS versions out there, relying on a compatibility list is a bad idea tactically. There’s a danger that people will seek to download older versions of the App if they encounter problems, and a bit of research this morning turned up a few .apk files on the Internet that had definitely been tampered with. I’m trying to persuade iZettle to implement a rollback option but no luck yet.


 

 

Rogues gallery: iZettle 3.0.0 going mad yesterday. See update above.

If you get the timing wrong or something interferes with the Internet connection (e.g. it’s masked by bluetooth) you could be in for a world of pain.

70d_04521

Whenever I try to make a charge it either says that an “Unexpected error occurred – try again”, or it crashes out.

70D_04543

This is before it even gets to the “insert card” part. And it’s really flaky when it comes to keeping bluetooth contact with the reader.
70D_04533 70D_04542

It randomly freezes, in the case of the above while it was moving between screens – it appears to be when its thinking about bluetooth connections.

It even manages to crash the reader itself!

70D_04540

For what it’s worth, I’m using Android 5.0, and it worked just fine (albeit Chip and Pin) on the old version of the App.

Fortunately I don’t process a lot of payments, so can live without it but others may be having a really bad day as a result.