tesco

Hey, Rug Doctor, give us the magic words!

by
A photo of the Rug Doctor machine

On Wednesday, we will finally give back the keys to the flat that we’ve rented for the past four-and-a-half years. As with most tenancy agreements, we’re required to give the flat back in a clean, tidy state, and so we spent most of Saturday cleaning.

Whilst we had vacuumed the carpets… occasionally in that time, at no point had they been properly cleaned since we moved in. So, we hired a carpet cleaning machine.

Hiring a Rug Doctor

Our local Tesco allows you to rent Rug Doctor machines: £23 for 24 hours, or £29 for 48 hours. You have to book in advance, although the night before is fine, and you can do it online or by phone. The rental charge is paid upfront, and in return for your fee you get an email with a code and locker number at the location selected.

When you go to pick up the machine, you find the Rug Doctor display, open the locker with the code given, and collect the machine, a handheld tool for stairs and corners, and an instruction book. You also need to buy the detergent at this point which you pay for at the checkouts; it’s £10 for a bottle that does 1-2 rooms, £15 for a bottle that does 3-4 rooms, and a larger £20 bottle.

Using the Rug Doctor

The Rug Doctor - before and after

The Rug Doctor machine is quite heavy and bulky, and although it’s quite easier to move on flat surfaces, good luck getting it up stairs. However, it does the job well – you can see the difference in the photo (the light-coloured bits have been treated). It works by spraying the detergent, mixed with water, on the carpet and then brushing it. It also incorporates a vacuum to suck up the dirt. You end up with a tank full of dirty water to flush away.

It’s quite quick – you can probably do most rooms in about 20 minutes, although we found that our carpets needed two treatments as they were particularly mucky. And you will need a lot of warm water – the Rug Doctor machine requires regular top-ups and we probably went through at least 20 litres of water.

Because we had the machine for 24 hours, we also had time yesterday to clean some of the carpets in the new house. These were cleaned in the summer by the previous owner before we moved in, but they’ve ended up mucky thanks to all of the disruptive renovation work we’ve had done since. Although the carpets have been vacuumed several times, I was surprised just how much muck came out after just a few months. As an asthmatic, I’m supposed to minimise my exposure to dust and yet there was still plenty in the carpets that our vacuum cleaner couldn’t remove.

Being able to get the machine from a local supermarket was really helpful, as supermarkets tend to be open long hours and at weekends. Our local hire centre, for example, is only open until 5pm (no good for us as we’re not home by then) and is shut at weekends, so we’d have to rent their machines for longer. Although we rented ours from Tesco, it looks like they’re available at some Asda supermarkets as well.

I was impressed by the Rug Doctor – it was quick, and the results were great. Hopefully the landlord will agree when we give the keys back this week.

For those who don’t get the reference in this blog post’s title, have a YouTube video.

Unexpected plain text password in the bagging area

by

If you have a few spare minutes, have a read of this blog post by Troy Hunt regarding Tesco’s poor password security. Tesco, for the uninitiated, is the UK’s largest supermarket who also sells groceries online, and is presumably used by hundreds of thousands (if not millions) of British people.

Good password practice should mean that passwords are hashed, using a one-way algorithm, and ideally salted as well. Tesco claims its passwords are stored in an encrypted format, but presumably this is a symmetrical encryption method because if you forget your password, Tesco will email it to you, in plain text. Remember, email isn’t encrypted so anyone who is snooping your emails will be able to retrieve your password, and log in to your Tesco account.

What makes this worse is that Tesco doesn’t allow for particularly strong passwords, either. They have to be a maximum of 10 characters, and can only contain letters or numbers. Even worse is that passwords aren’t case sensitive, and top it off, the tesco.com web site uses very old versions of Microsoft’s IIS and ASP.Net, which are potentially more vulnerable to security attacks.

If you have a Tesco account, I’d therefore strongly suggest that you ensure the password you use is unique (this is good advice for any web site but especially applies here) and that you don’t store your credit card details with Tesco. If you don’t use Tesco anymore, then you could contact them to ask them to delete your account, citing fears about their security.

Of course, Tesco are far from being the only offenders here, and Plain Text Offenders collects various emails from web sites who will also send you your password in plain text.