Wednesday, June 16, 2010

And to Apple: I’m sorry, but as good as you make me feel about the world of technology, I just don’t love you enough  to endure AT&T’s bad habits anymore. So, the iPhone has to go, too. And that makes IMAG0002me sad. I truly wish things were different. I almost can’t believe I’m doing this. They say if you love something, let it go free. It’s a brutal suggestion, really.

Let me start out by saying, for those who don’t know, that I’m a security and IT management professional by trade. I’ve held executive and senior management roles for both security and IT functions at a publicly-held company in the financial services space, I’ve consulted with governments and companies large and small on cyber-security issues, and these days I manage security strategy for a Fortune-500 company. So, I have some perspective and reality-based opinions about security and quality.

Let me also say - plainly and clearly - that this blog is where I voice my own opinion about things that are on my mind (as opposed to discussing work-related topics). And my mind is pretty active right now as it concentrates on my personal AT&T Wireless account and the lack of service and security quality the company has delivered over time. In other words, I have some strong opinions on the topic.

This is certainly a bit of a rant, but it’s not a knee-jerk reaction. It’s grounded in reality and reason and I have put some time and thought into my decision.

And enough is enough: I’m done with AT&T.

First AT&T’s reliability and call-handling problems were the issue, and frankly those were bad enough on their own. There are locations where I can *guarantee* calls will drop on my iPhone on the 3G network, every single time. Areas with three to five (out of five) bars of signal strength that suddenly drops the call and goes to zero, before churning around trying to reconnect and eventually coming back with a full signal once (I assume) a tower hand-off finishes. I actually have to tell people that the call will drop in a few seconds and that I will call them back in a couple minutes when the service recovers. They always want to know how I can know that. It’s sad. Coverage has gotten *worse* over the past several months in many areas where I travel, and call reliability has suffered. It’s probably worth noting that the same bad service areas affect my iPad’s 3G data access, as well. So, it’s not just my iPhone.

As if that wasn’t enough, there’s the costs associated with the AT&T service. We pay a premium for iPhone voice and data plans, and get crap for service in return. If I had a buck for every time someone tried to call me and got voice mail, while my phone was sitting in front of me with four or five bars yet never rang once, I’d be able to pay that early termination penalty AT&T requires of it’s customers. It’s bad enough that AT&T sells us this poor service, but it’s even worse that Apple isn’t more publicly vocal and more forceful about getting the problems solved. It’s been three freakin’ years already, for gosh sakes! There is absolutely no excuse.

Then a week ago comes news that AT&T’s iPad registration service was exposing email addresses and validating iPad hardware identifiers, as uncovered by a hacker group with ShootFootan unfortunate name (don’t Google it if you are not already familiar with why it’s unfortunate, just trust me on that one). I, too got the victim-list email from AT&T describing what had happened, six or seven days after the fact. It’s not the actual leak that stinks in this case, it’s the fact that such a design would make it into a Internet service in the first place.

Since then, there’s been a bit of a meta-debate about who’s responsible for what, and all of it is really just details. The fact that the information leak *could* happen in the first place is yet another indicator of why AT&T is a sloppy, careless company when it comes to the services I consume and my personal information. Shame on them. But there’s more…

Then this week comes the straw that broke my proverbial camel’s back, as AT&T’s servers fail massively under load during the iPhone 4 pre-order, and we discover that apparently the company's critical software changes didn’t get tested, and changes got made at the last minute. Oh, and as a result our personal data is being exposed – once again - due to a supposed flaw in the AT&T systems and how they access database records.

Holy cow.

Regardless of the variety of outstanding questions about the exact details and severity of the security situations, the very existence of these problems is more than just problematic.

One has to wonder, if one is being pragmatic and watching the past couple weeks’ activity: What else might they be skimping on that we don’t already know about? If I followed the same practices and didn’t test or validate security and functionality in my line of work, there’s no doubt I’d be gone in a second. Again, simply unacceptable for a huge company and it’s customers, who demand and require trust.

None of this is indicative of a company that practices good, basic security principles as a matter of course. It’s not indicative of a company that strives first for quality. And it’s not the type of company I feel like I can trust anymore.

So, I am quitting you, AT&T. I’d say it’s been nice knowing you, but that would be mostly a lie. So I’ll just walk away and let the past be the past, and focus on the future. Nine-plus years is enough. Good luck to you. I hope you will change, but it’s going to take some serious work, and I just don’t know if you can actually do it. Your track record is not good. Change is hard. Change means pain. And  in the end, most people aren’t willing to endure that process. But maybe you will, and if you do please let me know. I’d like nothing more than to be a happy customer and to write something happy and positive here. I’ll keep my iPad service going with you, since I don’t really have much of a choice and its very existence is part of what makes it possible for me to let the iPhone go. But it’s time for a new phone on a new carrier.

Maybe someday you’ll earn my business back. You might have Apple in your jaws of exclusivity, but not me. For now, you’ve lost my trust and business -- and please realize that you killed an Apple iPhone customer in the process.

And that’s really saying something.

P.S. – A quick final thought to Apple:

I love the hardware. I love the OS. I love the apps. But I can’t stand the service provider, which has failed us for too long now.

I fail to see how you can continue to do exclusive business with a company like AT&T, and I hope you’ll quickly open up options for your customers. Maybe you’re already working on it, which would be a breath of fresh air in this cramped, stuffy, smelly room. I’m sure many will suffer the pains of AT&T to get your hardware and software in your hands, and honestly this is a painful decision for me to make because your phone is something I want and need. But your corporate quality and image is directly tied – even intertwined - to AT&T in the United States, and for a company that stands tall on the ideals of doing things well rather than doing them first, your AT&T relationship is a failure of massive proportions, with quality never measuring up and ability to correct way too lacking. For what it’s worth. I want your products more than any other, but AT&T’s issues have finally crossed a line and have reached the summit of Mt. Unacceptable.

So, what do I do? Please, tell me. Do I wait patiently for a relatively short period of time for another carrier option, or do I just make the move now and use someone else’s hardware?

I am truly sorry to have to leave, Steve. Please, win me back.



Add/Read: Comments [7]
Apple | IT Security | Mobile | Tech | Things that Suck
Wednesday, June 16, 2010 9:49:31 PM (Pacific Standard Time, UTC-08:00)
#  
 Friday, January 29, 2010

You could argue that one shouldn’t complain about a product before it lands in your hot little hands, but a common theme over the past few days among the pundits on the web has been the newly-announced iPad and it’s apparent lack of openness. as Alex Payne comments, “Apple has decided that openness is not a quality that’s necessary in a personal computer. That’s disturbing.”

While I think the iPad is a cool device, and that it will be useful, and that I will likely buy one… I have to agree with Alex. He’s right. That’s an interesting and complicated place to be: I want to and probably will use an iPad to do good things, and make valuable use of it. But there’s a big part of me that won’t like it too much.

The risks of closed platforms have been debated for some time, in many venues and over a variety of companies, platforms and systems. Lots of catchy terms like “walled garden” and “black box” are used to describe essentially one thing: Vendor-provided ecosystems that you can only interact with they way the vendor allows you to.

It’s why the iPhone “hacking” community has been so active, and so popular. Everywhere I see teenagers and aducts with iPhones that have been “jailbroken” so they could run third party apps and get around Apple-instituted limitations, or unlocked so they could drop in a T-Mobile SIM card. The numbers are staggering when you look at how many iPhones have been modified. And I think we all know that the same community will step up and take the same approach with the iPad. After all, “it’s just a big iPod touch,” as they say. Well, whether you look at it that way or not, the software is a common denominator for sure.

Apple needs to step up and find a way to work their garden so the walls can at least be lower. There must be a healthy balance between truly closed, which is what we have today. Apps can’t be installed on the iPhone unless Apple sells and approves then (unless you jailbreak your device). Allow multitasking and background application activity, in the very least. Some restrictions are simply unacceptable.

The closed nature of the device – and I call it that purposefully – foretells the possible future, one where consumer devices replace computing systems. The iPad may have a computer chip in it, but so do my clock radio and televisions, and those are devices – not computers. If I can’t have unfettered access to the computer, it’s a device in my mind. When I was a kid we used to get into the guts of the computer, physically and programming-wise. We were able to make them do whatever our little hearts desired. That might be something good or bad, smart or stupid, broken or functional. But we learned and we created, we discovered and we built.

The iPad is a design feat (with a fat bezel, but still a cool design). The OS is another design usability marvel. The ecosystem built around the devices is popular, usable and works. But it stifles creativity, choice, flexibility. Are we at another of these inflection points, where things like common-person usability and “it just works” are acceptable trade-offs for flexibility and capability?

My hope is that Apple will step up to the plate and make some hard choices that benefit their customers’ bigger-picture needs. It’s the right thing to do, and would add some traction to what otherwise appears to be a deceptively  slippery slope. I can envision a software switch (which would be set to the “safest” mode by default) that a device user could manipulate to “lower the garden walls” electronically as a matter of choice, with the potential consequences clearly spelled out (and I should point out that this would be a useful enterprise capability as well, should they wish to properly and securely enter that space someday).

Choice. What a concept.

Ready – Set – Comment.



Add/Read: Comments [3]
Apple | Mobile | Tech | Things that Suck
Friday, January 29, 2010 11:38:03 AM (Pacific Standard Time, UTC-08:00)
#  
 Monday, June 08, 2009

Today Apple announced the next rev of the iPhone, the "iPhone 3GS." It has beefed up processing power and some cool new features like a better camera, more storage, etc.

Normally I'd be ultra excited about getting one as soon as its available. But this time around, I'm having a hard time getting inspired.

It has nothing to do with Apple's hardware and software. In fact, the processing power boosts and other changes are very, very tempting, and in a world where all else was equal it would be a no-brainer for me to drop the early upgrade cash on the table and move on up.

But the fact of the matter is, with AT&T's ultra-poor network performance on my current iPhone 3G, I think I'm better off waiting until Apple adds another U.S. carrier. I consistently have to turn off the 3G capabilities on iPhone 3G in order to avoid dropped calls and to successfully get network connections. That was the case with the first iPhone 3G I had, too. To top it all off, the service has gotten worse recently in my experience. I just can't see dropping that much cash for a new phone to operate on a network that already sucks. I've been sorely disappointed by AT&T, almost to the point where I want to call them and tell them they've consistently failed to perform to the level of service they claim (which is 100% the case).

It's time for Apple to drop that bomb on AT&T. Failure to perform in this case is going to cost Apple market share. It's got to be embarrassing to the company. During the announcements made today at Apple's World Wide Developer Conference, every time AT&T was mentioned the crowd just laughed. Seriously laughed, and not because there was a funny joke. It was because AT&T's quality is so lacking one just can' t help but either laugh or cry. They even laughed when AT&T was not mentioned - most notably with regard the fact that the carrier's logo was missing from some key slides in the presentation, pointing out AT&T's lack of launch time support for MMS and tethering, two of the key selling points for the new phone model.

AT&T has turned into that partner that Apple doesn't need, and shouldn't want. It's time to make a change. AT&T has simply failed to perform. When you can't reliably make and maintain calls and the data network won't keep a connection between towers, something's just not good enough. I hope Apple will step up - sooner rather than later - and add another carrier or two even before AT&T's exclusive agreement expires. It takes two to be successful in any partnership, and in this one AT&T's turned into a bit of a boat anchor.

What would change my mind on this one? Simple: When my current 3G phones work like they should on AT&Ts network, I'll be the first one to say so right here. Out loud and with conviction. But, I'm not holding my breath quite yet.Tmobile

Maybe a good jailbreaking and switch to Tmobile will work on the new OS and device. I'm sure someone will figure out out. Desperate times call for desperate measures. We shall see.



Add/Read: Comments [5]
Apple | Mobile | Tech | Things that Suck
Monday, June 08, 2009 8:16:24 PM (Pacific Standard Time, UTC-08:00)
#  
 Saturday, January 31, 2009

Good or bad, we live and work in an increasingly binary world.

More and more I notice our collective bipolar mentality. Everything is completely one extreme or another, with no time or thought put into the idea that there might be something much more realistic and reasonable in-between. It's black or it's white. You're conservative or you're liberal. It's all the way on or it's shut completely off. It's awesomely great or it's despairingly terrible.

What happened to the various shades and levels of gray, moderation and good? Perhaps this is a result of our increasingly computer-centric boolean society, where everything at it's core can be distilled down to one's and zero's, on and off, yes or no - with nothing in-between. But the organic world has never worked that way, and I think maybe we're seeing the signs that people have forgotten to look for the compromise.

One case in point, among many: A blog article today at TechCrunch reports that management at a large company, Nielson, has decided to remove the Reply-All button from all instances of outlook. Apparently some executive committee decided this would reduce waste and increase productivity. Certainly they must be right: It's a technology problem, right? Whoever the person was that thought of the reply-all concept originally couldn't possibly have been thinking about the consequences of including this feature. They must have been misguided, unknowing and wrong.

Or were they?

To take such drastic action as to completely remove the reply-all button from Outlook seems - well - misguided, unknowing and wrong. It takes a people problem, assumes (incorrectly) that it's a technology problem, and in the end creates a new - and potentially larger - business problem.

Don't get me wrong. I hate rampant reply-all email threads as much as anyone, maybe even more so. I especially dislike the passive-aggressive, nasty, insolent and rude behavior that people often use (often, ironically, in a reply-all email) to try to tell people how much they dislike email spam. If I'm copied on a business topic thread that I don't feel the need to review and would especially like to avoid, I don't like it. But I really hate it when people include me on their angry extension of the thread where they insult the original sender and complain. At least the original thread had a business purpose.

As a senior manager, several times I've replied-to-all to say "This thread is closed, please restrict the distribution of future info those those who are needed." In every case, the goal was to get people to stop and think. It almost always worked.

Now, I can see where accidental reply-all's and excess email would business and technology people to look for a way to just make it stop. I'm not saying there's not a problem to be solved - quite the contrary. But reply-all also provides a legitimate and useful piece of business functionality, one that makes people more efficient and in many cases ensures all the right people are in the loop.

The real problem here is people-related: There's a time and a place for using reply-all, and when people get lazy or don't think things through, the situation can become spammy, annoying and time-consuming. When it's useful it's very useful. When its misused it's a real pain.

Given that fact, taking the all-or-nothing, binary technology approach and removing the functionality entirely seems to be a poor method for dealing with is - at it's root - a people behavior problem.

In fact, for years there have been other options available. One example is the Reply to All Monitor (pay software, try code RA26BA50 for a possible 50% price reduction). There are other apps out there, as well. If you don't want to buy software, you can also program some VBA code to modify Outlook's behavior and prompt the user before they can send ("Are you sure you want to reply-all?"). Plus, there are a variety of ways to configure all your Outlook instances to use a plugin or your own VBA code. Of course, if you're removing the reply-all button from all the Outlook instances at a company, you probably already know this.

Imagine: Someone else might have had this problem and found a smart way to solve it. I guess the thing that really bothers me is what looks and feels like a reactive decision, likely made by people without complete information. Do you really want to completely disable all reply-all's, or is the true intent and desire to try to get people to think before they send, while allowing reply-all in cases where it makes sense?

Anyhow, I think you get the point. You can't really solve people problems with technology. Instead we should use technology to try to support people in behaving in the way we need then to. But in the end, it's all about the person's behavior, not the computer's.

Or you could say, "Buttons don't reply-to-all, people reply-to-all."



Add/Read: Comments [6]
Tech | Things that Suck
Saturday, January 31, 2009 1:20:41 PM (Pacific Standard Time, UTC-08:00)
#  
 Sunday, December 21, 2008

I'm stuck at home during this incredible and unusual snow storm. I quite literally cannot drive my four-wheel-drive truck out of my driveway due to the wet and icy layer under the two feet of snow that's accumulated, melted slightly, and then refrozen over the past week. Unfortunately, when the storm is at its worse, my iPhone has lost it's connection to AT&T's network. "No service" has become its full-time status. I've tried both enabling 3G (which we don't have out here) and restricting it to EDGE only, and it simply will not connect. Until recently I would at least get a signal if I set it down it in the right spot.

When the power goes out at the house, I need to be able to make at least one phone call (to the power department). In a storm out here, power outages are a fact of life. I've been unable to call the PUD this week because I had no cell service on the iPhone. And the power went out for 7 hours the other day.

Today I got fed up with the inability to place a call and waded through the sea of snow to my truck (which is stuck), rifled through my center console, and found my old Blackberry 8800 and the battery. It's been in there and unused for over a year. I popped the SIM card out of the iPhone and slid it into the Blackberry, then popped the battery in. Even after sitting for a year the battery had a half-full charge (wow) and the Blackberry powered up and within a few second acquired the AT&T network. Text messages started to flow in - success! Of course, the data connection was refused, but the GSM phone service works fine for text and voice service. It makes Snowmageddon a little more tolerable.

I've grown more and more frustrated with my iPhone's network performance over the past month. I plan to take it in and see if it's the individual phone, or a network change, or if it's more of a design thing, but I'm not holding my breath. Luckily the iPhone still works on WiFi without the SIM card (which actually makes it an "i" rather than an "iPhone" I suppose, heh), and that's good because I rely on it for a number of truly invaluable network-capable applications.

Anyone else done comparisons, or had network performance issues with their iPhone 3G after some time has passed? I've done complete restores of the phone to make sure the phone was clean software-wise, same issues. Any experience you have will be appreciated.



Add/Read: Comments [5]
Apple | Tech | Things that Suck
Sunday, December 21, 2008 7:13:13 PM (Pacific Standard Time, UTC-08:00)
#  
 Wednesday, July 23, 2008

DNS has a hole in it. Bad guys are working on exploits right now. Patches are available right now. Anyone responsible for a DNS server needs to exercise that responsibility. Right Now.

Dan Kaminsky found a security hole in DNS recently, the details of which he was keeping quiet so providers could fix and release patches and DNS server owners could get those patches deployed, in order to avoid security breaches on the Internet. His intent was to release the gory details in a couple weeks at the Black Hat conference.

But the other day word of the details inadvertently leaked out, and so now everyone responsible for a DNS system must - and I do mean must - drop what they're doing and make sure their systems are patched and safe. Failure to do so puts Internet users at risk of site fraud and hijacking.

DNS is a system that translates names you can remember (like www.greghughes.net) to especially non-memorable numerical addresses the Internet can route (such as 208.109.238.146). It's the Internet's phone book, so to speak.

The security hole allows malicious people to spoof a web site using the actual, legitimate domain name. In other words, bad guys could hijack a DNS server, and if it happens to be one your computer relys upon, you could type in a legitimate address like www.google.com or www.yourbank.com, but the web page would be a malicious one - a fake. The recently-released patches plug the hole and prevent this misuse (although it doesn't really change the underlying protocol).

Aaron Massey wrote a very good post describing the issue and it's various details. He also links to Halvar Flake, a talented reverse-engineering guy who thought the threat through and pretty much guessed it right on his blog. After Halvar's guess, another security blog that had specific knowledge of the threat details confirmed Flake's hypothesis. As a result, the threat was disclosed.

Luckily, the various creators of the DNS systems used all over the Internet released patches about two weeks ago. The real question is, have you patched your servers? This is a critical flaw - it needs to be patched immediately.

If you want to know whether the DNS server your computer relies upon is vulnerable or not, you can use the DNS Checker in the sidebar of Kaminsky's blog (as long as it remains there).



Add/Read: Comments [1]
IT Security | Tech | Things that Suck
Wednesday, July 23, 2008 7:14:34 AM (Pacific Standard Time, UTC-08:00)
#  
 Wednesday, July 16, 2008

On TechCrunch IT, in a post called "The New Apple Walled Garden," author Nik Cubrilovic makes a good point...

TechCrunchIT » The New Apple Walled Garden

Geeks and enthusiasts wearing Wordpress t-shirts, using laptops covered in Data Portability, Microformats and RSS stickers lined up enthusiastically on Friday to purchase a device that is completely proprietary, controlled and wrapped in DRM. The irony was lost on some as they ran home, docked their new devices into a proprietary media player and downloaded closed source applications wrapped in DRM.

I am referring to the new iPhone - and the new Apple iPhone SDK that allows developers to build ‘native’ applications. The announcement was greeted with a web-wide standing ovation, especially from the developer community. The same community who demand all from Microsoft, feel gifted and special when Apple give them an inch of rope. When Microsoft introduced DRM into Media Player it was bad bad bad - and it wasn’t even mandatory, it simply allowed content owners a way to distribute and sell content from anywhere.

How can people who preach and pontificate open systems be so enamored with a completely closed, proprietary system as Apple's? Now, don't get me wrong. I was in line at an Apple store last week with all the people Nik talks about in his article. I really like the iPhone and I think my Mac is great, hardware-wise (okay, the OS is not too bad either). But there's something that's always lurking there in the back of my mind, like a pestering little voice that doesn't want me to give in or forget lessons of the past. "A closed system is a system doomed to fail," the voice tells me. Either that, or it is so limiting as to stifle. Or both. Maybe I need to get my medication checked. On the other hand, maybe the voice is right. Or both.

Risking cliche cynicism, I think one has to consider whether The Church of The Steve congregation is further developing (or devolving, if you prefer) in its adoration, at the expense of long-term good. Blind faith, crazed unthinking people saying one thing yet doing another, the how-dare-you-question mentality... Sounds familiar. And that's coming from an Episcopalian. An imperfect, sometimes-questioning, sometimes-doubting, cynical one -- But you get the point. I hope.

Perhaps the scariest part of my thought process today is that I actually agree completely with Dave Winer on this one. He nails it right on the head. Okay, there are times when I agree with Dave, but until now I've never really admitted it in public. :)

What do you think about Apple's model? Fanboy? Concerned? Who cares? End of the world as we know it? Utopia? Told-ya-so?



Add/Read: Comments [2]
Apple | Random Stuff | Tech | Things that Suck
Wednesday, July 16, 2008 10:31:58 AM (Pacific Standard Time, UTC-08:00)
#  
 Tuesday, June 24, 2008
I've traveled to Europe with my iPhone before, and despite activating an international data plan I ended up spending a bit more than I wanted to (by about $100). But Raven Zachary came back home to a $800+ bill, and there are many tales of others having even worse experiences.

Raven wrote a blog article offering some tips to keep your costs down, all of which are good. So, if you are traveling out of the USA with your AT&T iPhone (and yes, that DOES include to Canada or Mexico, so do your homework), check out what he wrote.

As of today, there is no "unlimited" international data plan available. It can get very expensive to deal with email attachments and use the maps program, or even just to check email the same way you do back home (meaning automatically every n minutes). With the 3G network coming on the new iPhone and the associated roaming costs for high-speed access projected to be higher, this all becomes even more important.

Until AT&T makes it a little easier to be their customers, and simplifies things for those of use paying them big bucks for service, you'll need to order specific international services and configure your iPhone in certain ways to make sure you don't get nailed and you'll have to search the 'net to find sources to read about the problems and related solutions. I feel sorry for people who get completely blindsided (and there are a lot of those people out there). So much for seamless, don't-have-to-think-about-it use, eh?



Add/Read: Comments [0]
Apple | Mobile | Tech | Things that Suck
Tuesday, June 24, 2008 6:49:54 AM (Pacific Standard Time, UTC-08:00)
#  
 Thursday, May 15, 2008
I've spent the past couple days, off and on, editing a manuscript on my Mac using the Pages application that is part of iWork '08. I've been editing a Word .doc file, which pages can open and deal with. Sort of. In the end, the way Pages handles Word docs... FAIL.

Formatting issues have resulted in a badly-hacked mess of a document that probably barely passes for acceptable when I return it with edits. I feel pretty terrible for the recipient.

So, frustratingly it's time to buy a copy of Mac Office '08. I was afraid it would come to this, and I guess I'm not really surprised at all. It was wroth a try, and I get Keynote so that's cool (as long as I don't have to use it for PowerPoint files that is).

Meanwhile, time to go up in the office and grab that Windows laptop with Office 2007 and get back to work...



Add/Read: Comments [15]
Apple | Tech | Things that Suck
Thursday, May 15, 2008 3:26:31 PM (Pacific Standard Time, UTC-08:00)
#  
 Friday, March 21, 2008

Got iTunes, or anything else Apple on your Windows computer? If so, when the Apple software checks for updates, you'll probably AppleUpdateSafari1see an option (which is enabled by default) to install Safari - even if you don't already have it installed  on your computer. Safari is Apple's default web browser (and actually not a bad one at that). But since people are used to seeing - well - updates when the software checks for updates, you might not realize you're installing new software.

Just making sure you're paying attention here, is all.

Sure enough, when I check for updates on my Windows machine, where Safari has never been installed, I'm presented with the option to install it...

AppleUpdateSafari2

As Tom Krazit tells us... Just un-check the box if you don't want to install Safari. Simple as that.

"It seems that at some point people became conditioned to downloading anything that shows up from an official source, like Microsoft, Apple, AOL, Yahoo, or whoever. Remember, it's your PC; spend your installation capital wisely." (link)

It's always important to pay attention to what you're clicking on. Fact is, Apple's probably counting on the fact that a significant number of people will just click without thinking - And that's indicative of a whole slew of problems, with users, companies, you name it.

For my part, I made the educated decision to install it. I actually kind of like Safari on the Mac, so I'm interested din trying it on Windows.



Add/Read: Comments [0]
Apple | IT Security | Tech | Things that Suck
Friday, March 21, 2008 12:47:04 PM (Pacific Standard Time, UTC-08:00)
#  
 Wednesday, December 19, 2007

Merry-Freakin'-Christmas from Blockbuster. NOT.

Not too long ago I wrote about Blockbuster's sudden and substantial rate increase. People were upset, me included. I begrudgingly gave in, however, and started paying the $7.00 increase - from $17.99 to $24.99 - per month for unlimited in-store exchanges and three mail rentals at a time.

BlockBusterLetterDec27th A few minutes ago I got a very "friendly" email from Blockbuster, letting me know some of the great rentals they have available in the first paragraph, encouraging me to exchange movies in the store in the second paragraph, and then pretty much putting it to me without so much as kissing me first in the third paragraph. Here is exactly what it said (click the image on the right to see a screen shot of the actual email with the section highlighted):

"To continue to bring you the unmatched convenience of both online and in-store DVD rentals, your monthly subscription fee will change from $24.99 to $34.99. This adjustment† will go into effect on your next billing cycle on or after December 27, 2007. The benefits of your subscription plan will remain the same."

So, in the time span of about four to five short months, my monthly cost has gone from $17.99 to $34.99 per month (in other words, roughly doubled) and the services I get for the money are less (since I no longer get the two coupons a month for movie or game rentals that I got for a couple years before their August price and service change).

"Ok, but that's the last straw."

As soon as the month I have already paid for runs out mid-January, I'm dumping this mess. Goodbye Blockbuster. Hello Netflix. I feel like I have to encourage everyone to do the same. This is - in my opinion - not a consumer-friendly company. I know they need to make a profit, and I was willing to support that. But dragging your customers through this kind of mess is not the way to do it. Believe me when I say I'd likely have been willing to spend more for better service (or at least consistently good service in both the store and online, which I don't get today), had a reasonable rate increase been effectively sold to me.

If some kind of miracle happens between now and January 18th when my account runs out and Blockbuster changes their plans, I'll consider sticking around. But it won't happen. This appears to be just more of the same decisions. It's too bad.

If you received an email, feel free to make use of the comments here. What does yours say? What do you think? What - if anything - will you be doing about it? If you agree with me and want to share the sentiment, you can link to http://www.boycottblockbuster.com/, which points to this page.

Time to stand up and say something.

Added -- Some other comments made on other blogs:

And, via Gizmodo, a humorous visual that effectively captures the essence of the situation...

 

I also noted that new subscribers to Blockbuster (people who go there today to sign up for the first time) will be recruited under the "old" pricing plans, as they have not changed the information on the web site. That seems a little disingenuous, if not completely dishonest, doesn't it? Click the image below to see a fill-size screenshot of their pricing page on the site as of the morning of December 20th. I'd hope they'd at least get this problem fixed soon (unless they don't intend to increase the prices for new customers, of course).

blockbusterpricesdecember19list



Add/Read: Comments [28]
Random Stuff | Things that Suck
Wednesday, December 19, 2007 8:09:45 PM (Pacific Standard Time, UTC-08:00)
#  
 Friday, December 07, 2007

Note: This article contains a cheesy workaround that worked for me. It is most certainly unofficial and not supported by HP or anyone else (including me). So, if you use it - just know your mileage may vary.

I have a HP Pavillion dv9620 laptop with Vista 64-bit Ultimate preinstalled. It's a big-ol' laptop and has a webcam built into the top of the display. But the camera has hardly ever worked. For months I am grumbled at it each time it has failed to work in MSN Messenger and in HP's own QuickPlay software. It worked for a while, then it worked only when I first started the computer, and eventually it would not even do that, so I pretty much gave up. HP drivers did not help, one bit. Heck, just finding them on the HP web site is a painful task.

Tonight Carl Franklin asked me to help his test his webcam. We fired up Live Messenger and I was able to see and hear him just fine, but of course mine was not working. Pretty lame.

Call that inspiration. Nothing worse for a technical person than to have a broken system, especially in front of other techies, heh. I decided to start searching the web again this evening for some sort of solution, and after finding a bunch of the same-old forum and newsgroup posts, I ran across what appears to be a real gem. And it seems to have solved my problem: No more failure to see and use the HP webcam, at least so far in Messenger and in QuickPlay.

chicony1

The camera is made by a company called Chicony, and it turns out Acer also uses their cameras (as do some other manufacturers). Note that not all HP notebooks have Chicony webcams - some have Ricoh models and possibly other brands. Check your Device Manager to see who the hardware manufacturer is listed as to help determine whether or not this is the right method for you (or just try it and deal with any glitches if it's not). But, according to this post in the forums at notebookreview.com, people are having great success using the Acer drivers on their Vista Pavillion machines with the built-in webcam.

I downloaded the drivers, checked them for safety, and updated my system by following the simple instructions. Voila! It works! It shows up in device manager as an Acer webcam, but I can live with that, for sure.

image

With a little luck it will keep working. Before posting this I rebooted and rechecked the camera, opened a few programs to try to screw it up, etc. So far, so good.

Here are the brief instructions (as slightly adapted from the post by Dylan Bennett at notebookreview.com):

  • First, download the drivers. I got mine from here, and yes -- these are the drivers I used on my 64-bit Vista install: Acer Extensa 5210 Chicony Webcam Driver 5.7
  • Next, unzip the installer executable file, then run the setup program and do the reboot thing.
  • After you log back in Windows should tell you it's setting up your devices and finding the drivers. Let it finish.
  • Open the Control Panel and then open the Device Manager.
  • Find the webcam under "Imaging Devices." On mine it was listed as a generic USB 2.0 device. Yours may be different.
  • Right-click on the webcam entry in Device manager and select "Update Driver Software..." from the menu.
  • Choose "Browse my computer for driver software."
  • Choose "Let me pick from a list of device drivers on my computer."
  • Uncheck the "Show compatible hardware" checkbox.
  • Scroll in the list to find Chicony in the dialog's manufacturer list.
  • Choose the "Acer Crystal Eye webcam."
  • You're most likely going to be warned that the driver cannot be confirmed to be compatible. You can tell it to install anyway.
  • Wait for the driver to be installed.
  • Check Device Manager under the Imaging devices section again and see what you have. Note that the webcam will likely now be listed as an Acer Crystal Eye webcam.

devicemanager4webcam

Now, go and use Messenger or whatever program has given you fits before and see what your results are. Be sure to reboot and try all your webcam-enabled programs. Give it a real brutal test before declaring success. For me it's been great, but your mileage most certainly may vary, and I am certain HP will not consider this a supportable configuration, heh.

Proof it works for those that need it, here you go. Gotta love the reflection-in-the-glasses thing, heh:

Good luck!



Add/Read: Comments [53]
Tech | Things that Suck
Friday, December 07, 2007 9:31:37 PM (Pacific Standard Time, UTC-08:00)
#  
 Thursday, October 11, 2007

Jason Cross hits the nail on the head. It's not the hardware, it's not the software, it's not even the company. It's something else completely.

Bad apples (pun intended) can truly spoil the barrel.

I have to say, based on my own experiences and as a Mac user since the very first one came out (yes, that one) when I was a kid, I agree with Jason's points. Well-said and fairly-put.

Now you go read it. Someone needs to say these things, and Jason did. Good for him.



Add/Read: Comments [3]
Random Stuff | Tech | Things that Suck
Thursday, October 11, 2007 5:56:25 AM (Pacific Standard Time, UTC-08:00)
#  
 Thursday, September 13, 2007

Updated: If you're wondering how this was resolve by Apple in my particular case, you can read about it here.

Ugh, this just had to happen.

I went to an Apple Store up in Bellevue, Washington yesterday before the nerd dinner and picked up a couple things, namely a Jawbone Bluetooth headset (which is awesome, more on that later), a touch-screen glass protector and a leather holster for my iPhone.

Don't buy the leather holster. Long story short, it's too tight, there's no way you can keep a good grip on the phone when you try to pry it out of the holster on your waist, and when it does come out you'll be lucky if it doesn't have some real velocity and inertia behind it. Like I said, you'll be lucky if.

I wasn't that lucky.

As I left the hotel today a text message chimed in and I went to pull the phone from the holster. It was hard to pull on, and when it finally gave way it came out fast, bounced off the palm of my hand, down my leg and to the floor. Actually, it didn't really hit that hard. Nowhere near as hard as every other phone I have ever had.

But the metal case that encloses the iPhone is apparently pretty soft. As in, it bends easily. The "power" button (that one on the upper right top edge) is now stuck and won't operate because even though the fall was broken and slowed, the soft-ish metal bent just enough to tweak the opening where the plastic button sticks though. So, now it's effectively jammed. Argh.

I was near the Apple Store (same one) when this happened and so I went there to see what I will have to do to get it fixed, but the wait for one of their "experts" was like three hours, and I had to dive into Seattle traffic to make the trip back home to Portland. So, I'll cal Apple or take it to the local store in the next day or so.

I'd recommend a couple things based on this experience. Again, don't use the leather holster, it's just a poor design, and one that a friend of mine has has loosened up over the month he has had it, but to the point where it no longer properly holds the phone (it went from tight to too loose, go figure). Also, if you're prone to dropping phones, go straight out and get one of the rubber armored slip-on cases. I sure wish I had chosen that instead of the holster. Hopefully this will help someone avoid a problem and the expense I am sure to be faced with when I get this thing fixed.



Add/Read: Comments [19]
Mobile | Tech | Things that Suck
Thursday, September 13, 2007 7:11:44 PM (Pacific Standard Time, UTC-08:00)
#  
 Thursday, September 06, 2007

I'm quickly learning the pain of running a 64-bit OS on my new laptop. Of course, that's the version of Windows Vista Ultimate it came with, what with all the processors being sold these days are 64-bit and all.

I went to install iTunes (which installed with a message explaining it would not be able to copy CDs) and activate the new iPhone, and what do you think I see?

   image

Crap. You have got to be kidding me.

Apparently this is a well-known issue. Except that I didn't know and on the box it says, "Windows Vista" is supported, without any mention of version or 32-bit vs 64-bit. reading the fine print details of the release notes one finds a buried mention of no support for 64-bit Windows. Hmph.

Now I have to decide what to do - return the phone out of pure spite, or sync it to a different computer... Sorry, but "lame" is the only word that comes to mind here. Fanboys will undoubtedly spew vitriol at that statement, but it's still lame.

Ideas anyone? Will a 32-bit OS running in a virtual machine work for me maybe?



Add/Read: Comments [6]
Mobile | Tech | Things that Suck
Thursday, September 06, 2007 10:51:20 AM (Pacific Standard Time, UTC-08:00)
#  
 Monday, August 27, 2007

Well, I just discovered that I am missing at least one blog entry from the past. I know it's missing because I specifically went looking for it today. I also linked to it in the past from another entry that still exists on this blog. It's just gone. Weird. Also not good. Makes me wonder what else might be missing. I have an idea what might have caused this, but that doesn't help solve the issue. I may have to go back and find some old site content backups and figure out when it disappeared, and probably enumerate all of my posts from the old backups and compare them to what's online now. from there I can make repairs.

Ugh, that just sounds like so much fun... A use for my copious spare time, I guess. Not. Heh.

If you happen to find a link to something here that doesn't work (it will probably redirect you to the main home page), please let me know the original URL and the topic or place you found the link.

Thanks.



Add/Read: Comments [0]
Random Stuff | Things that Suck
Monday, August 27, 2007 12:48:08 PM (Pacific Standard Time, UTC-08:00)
#  
 Thursday, July 26, 2007

CIO Magazine online has a great new article detailing the top ten thing you should never write in an email, as well as some other communication tips for business-types. It's decent advice and worth a read, for sure.

Here are the top-ten items (be sure to read the original story as well for the full meal deal):

Don’t Do That! 10 E-Mail No-Nos

1. Negative comments regarding your firm's executives. Too easy for someone else to forward accidentally.

2. Performance criticism. Seems more "official" than when spoken, causing people to worry too much.

3. Bonus or salary matters. Company plans may change.

4. Racial or gender slurs. Enough said.

5. Details relating to product liabilities. Court trail, anyone?

6. Lies about your company's rivals. Another ticket to legal trouble.

7. Office dish. If people want to spread their own news, let them.

8. Sloppy writing. Your image is at stake, even if you're hacking away on a BlackBerry.

9. Sarcastic humor. Without inflection or visual cues, it's risky.

10. Private matters. Don't e-mail details on any part of your life that you wouldn’t want to see in the newspaper.

Source: Dianna Booh

Been bit before? What else do you think should you never, ever put into an email?



Add/Read: Comments [0]
Management | Random Stuff | Things that Suck
Thursday, July 26, 2007 12:25:54 PM (Pacific Standard Time, UTC-08:00)
#  
 Sunday, July 08, 2007

IMG_0307Went out this evening for a hour or so ride with a friend on the dirt bike and ATV. Had a great time, but I need to remember when I come to a sudden end of a road, the front brake is not the first one to grab. I can't believe I did that.

Ouch. Thank God for helmets and gloves. Sorry for the detailed picture. A reminder's a reminder. And it's a knee, if you're trying to figure that out.

I've had one past motorcycle mishap that resulted in injury, which involved a deer in the roadway. This one was just me being stupid. I also had a ATV screw up once that I got a bit of a bruise on, and that's about it. This time, a couple bruised and beat up knees, some scrapes on my chest and a sore, sprained wrist are pretty much all the injuries I walked away with (plus a bit of a sprained ego, I suppose), which is excellent considering I went over the bars and straight into the packed gravel road. I did what I learned in sports as a kid - walked it off and got back on. And took it really easy the rest of the ride, heh.

Anyhow, I am posting this embarrassing moment to serve as a reminder to me and to others not to be a sloppy idiot on a motorcycle. The rear brake is down there by your right foot. Right foot good. Right hand bad.

Right foot, right foot, right, foot right foot, right f...

Doh!



Add/Read: Comments [2]
Personal Stories | Random Stuff | Things that Suck
Saturday, July 07, 2007 11:29:55 PM (Pacific Standard Time, UTC-08:00)
#  
 Tuesday, January 16, 2007

Okay now people, those of us who grew up elsewhere in snow and ice know what it means to drive in it (and have a bunch of reasons not to). I mean, I learned to drive in three feet of snow ferchrysake... There are times when you just have to restrain yourself. So, if you live in a city where it gets icy once or twice a year, and if the only way you can drive halfway decently is if its dark and cloudy but completely dry on the ground (you know, when even direct sunlight makes you lose control), then please please please please... just don't leave the house when there is snow or ice on the ground. Especially in a vehicle. That nice AWD car or four wheel drive SUV won't help you one little bit as soon as you touch the brakes... But it will dent. There is no force field.

Evidence to support my argument is available by clicking the pretty picture. Please review. TYVM:


(photo from King5 News)

"Elementary teacher Derek Porter witnessed 15 different car
collisions on icy roads outside his Portland apartment
Tuesday morning and caught several on home video."



Add/Read: Comments [1]
Random Stuff | Things that Suck
Tuesday, January 16, 2007 11:05:18 PM (Pacific Standard Time, UTC-08:00)
#  
 Monday, January 01, 2007

I'm in the process of moving my email for the greghughes.net domain to a new mail server, and I've realized - once again - just how complicated spammers have made our lives. Especially from a technical standpoint.

PTR records in DNS and RBL records on services that no one ever heard of and which have no set rules to determine what gets on the list or how to engage them in getting off a list. What a mess. Luckily I am not on any RBL lists (with the exception of one idiotic one that everyone seems to be on, and which I certainly hope no one ever uses). But I have friends and acquaintances who have been in that boat before and it's not fun.

But the biggest pain with moving a mail server has to be DNS propagation and the wrenches people throw into it. Enough time has passed that all locations should be pointing to the new mail server, because the old DNS records have expired. Yet there are a significant number of (large and prominent) email and Internet service providers (including my own) that are apparently caching longer than the record provides. Fun. That means I am checking two mail servers (and that's a bit of a challenge, let me tell you), and that I cannot send email to pretty much anyone until the planets align and the name server records line up.

Even my web site still has a few bots and spiders and other systems munging through it. I wonder if they'll notice when I turn it off?

One other thing I have observed. The spammers also don't respect caching of DNS records, but in the opposite manner. Instead of caching a record for too long, they completely ignore the cache settings to make sure they can flood your new mail server with as much crap as possible, as quickly as possible.

Ah, gotta love it!



Add/Read: Comments [0]
Tech | Things that Suck
Monday, January 01, 2007 10:47:54 AM (Pacific Standard Time, UTC-08:00)
#  
 Sunday, October 22, 2006

Some things just bug me. Sometimes I write them down. :)

For example - What is it that makes the concept of putting stuff into the overhead bins on airplanes so freakin' complicated? People just don't seem to get it, despite the repeated intercom begging performed by the flight attendants to put rollaways in wheels first, wheels first, WHEELS FREAKIN' FIRST.

Even worse, there's a subset of people who, when asked to move their bag to the optimal position in order to accommodate others, can get downright indignant. What is it with these people? Move your bag, sit down and shuddup already. They didn't build that bin - or this whole airplane - just for you. Jeez.

I dunno why this bugs me so much. I guess it's because the underlying message from such people is that they don't really care how their behavior, stuff or actions affect others. We have enough of that kind of problem already in this day and age. We really don't need it when a couple hundred people are jammed into a metal tube with wings and a couple engines hanging off a few bolts hurtling said flying torpedo through the air at a few hundred miles an hour.

Okay, I feel a little better now. Heh.



Add/Read: Comments [2]
Random Stuff | Things that Suck
Sunday, October 22, 2006 5:51:35 PM (Pacific Standard Time, UTC-08:00)
#  
 Thursday, October 05, 2006

Vista_logoWell, honestly, it's about time.

Bloggers are all over the story, and are espousing a variety of opinions, but I have wondered for years when Microsoft would finally crack down on software thieves and simply not allow their software to run unless it was legitimately licensed. I'm responsible for cutting a big check each year to Microsoft to pay for the software we use at the company I work at. It costs me more, in effect, because others are taking without paying.

So, Windows Vista will detect piracy and take action. In Microsoft's words:

"Collectively termed the Microsoft Software Protection Platform, the new technologies will introduce improvements in how Microsoft software activates, is validated online and behaves when tampering or hacking is detected."

Thinking about this from a security guy's perspective, one thing bothers me: Turning off the anti-malware capabilities on unlicensed copies? Are you kidding me? That means the rest of the world falls victim to everyone out there that's running pirated Windows? Please, please, please change this one - Microsoft might be a victim, but no need to invite the rest of the world into that club. And it looks like Richi Jennings agrees with me on that one. That's just poor prioritization. Hopefully someone will rethink the approach in that specific area...

Elsewhere, Ed Bott at ZDNet has written a very good piece describing the changes and his thoughts on the matter. He has some important point, ones that Microsoft should make sure they have thought completely through and have a plan for - especially where it comes to Volume License customers. Those are the people you don't want to aggravate, for sure.

Among Bott's comments:

Microsoft denies that this is a "kill switch" for Windows Vista, even giving it a separate question and answer in its mock interview announcing the program. Technically, they're right, I suppose. Switching a PC into a degraded functionality where all you can do is browse the Internet doesn't kill it; but it's arguably a near-death experience. The accompanying white paper describes the experience in more detail:

By choosing "Access your computer with reduced functionality," the default Web browser will be started and the user will be presented with an option to purchase a new product key. There is no start menu, no desktop icons, and the desktop background is changed to black. The Web browser will fully function and Internet connectivity will not be blocked. After one hour, the system will log the user out without warning. It will not shut down the machine, and the user can log back in. Note: This is different from the Windows XP RFM experience, which limits screen resolution, colors, sounds and other features. [emphasis added]

My head practically exploded when I read this sentence describing the new, improved punishment regimen: "Windows Vista will have a reduced functionality mode but one that is enhanced." Enhanced reduced functionality? Orwell would be proud.

Snarky as ever, Engadget reports:

Well, Microsoft has fired the first salvo in this war on pirates -- according to The Associated Press, the Redmond crew will be taking "much harsher steps to curtail piracy" than in years past. First, the company will "deny access" to some of the "most anticipated features," including Windows Aero, the new GUI. Then, Vista will start issuing ransom demands (we're not kidding about this part), demanding that a legitimate copy be bought within 30 days, or else. What would such consequences entail? How about limiting Web access to an hour at a time? Further, what about not being able to open documents from the desktop or "run other programs such as Outlook e-mail software" ? However, the article goes on to say: "Microsoft said it won't stop a computer running pirated Vista software from working completely, and it will continue to deliver critical security updates." So for those of you keeping score, Microsoft wants to make using your computer as miserable as possible, while keeping it as "safe" as possible, ok?

People out there will whine and complain and say it's not fair, that it's all a bunch of red tape and people will be inconvenienced (and they might be right about that one point), and a million other things that go along with the typical victim mentality (sorry guys, but possession of stolen goods is illegal, even if it's inconvenient, and possessing stolen stuff unknowingly doesn't make the goods any less stolen). And Microsoft needs to make sure that legitimate users are not impacted in a truly meaningful and workable way. But the fact of the matter is that Microsoft is right on this one. In fact, it seems to me that if I ran a company that created software for use by consumers and businesses, and if I wanted to make sure it was being legitimately used and paid for, I'd just keep it from working at all if it was obviously stolen.

But the politics of huge-mega-corporation-attacked-by-angry-mob is a multi-billion-dollar business, apparently.

Glad to see they're finally doing something about it, though.

Some Techmeme-tracked discussion on the topic:

Technorati tags: , , , ,



Add/Read: Comments [8]
IT Security | Safe Computing | Tech | Things that Suck
Thursday, October 05, 2006 6:51:25 AM (Pacific Standard Time, UTC-08:00)
#  
 Saturday, September 23, 2006

Saw this coming a mile away. It's always fascinating when people - or companies - show their true colors.

Apple Computer is sending cease and desist letters, apparently, so a number of companies and organizations that are using the term "pod" in their positioning or names, claiming it causes confusion in the marketplace. Podcast Ready is the latest victim among several.

Give me a break.

The deal is this: It's said Apple has recently applied for coverage from the USPTO to get protection via trademark for the word "pod" in addition to the already protected term "iPod." They've not been granted protection, and I would hope they won't get it. "Podcast" is probably next on their list, at this rate. I see several others have already applied for the term and several variants.

But , after all, it doesn't take a solid legal footing to be a bully, it just takes - well - a bully mentality.

And now, it appears the fight is being taken to the podcasting playground. Despite the fact that Apple didn't invent the term "podcasting," and despite the fact that they adopted - even embraced - the term (and created a whole section and special logo for iTunes, etc.), Apple apparently believes they can Monday-morning-QB this one into the courts - and they must think they can win. One would hope that's not the case, but in California, who knows.

Don't get me wrong - Apple's a company that makes cool stuff and I own a Mac in addition to my PCs. But hey - no one likes a bully, especially when there's really nothing to gain, and a lot of people who could be negatively affected as a result of this move. The idea that the terms "Podcast Ready" and "myPodder" could be confusing in a way that hurts Apple is a stretch. "Podcast" is practically a household term now, and the fact is that Apple didn't jump in until well after it became the defacto standard name and term (despite some heated debates early on around the terminology).

Apple really needs to go find someone or something else to pick on, lest all the other kids on the playground get tired of the black eyes and bruises. Or send some of the lawyers out for a vacation or something. Their judgement is getting clouded.



Add/Read: Comments [2]
Tech | Things that Suck
Saturday, September 23, 2006 9:45:06 AM (Pacific Standard Time, UTC-08:00)
#  
 Friday, September 01, 2006

Now and then I get to rant.

I am (once again) on an airplane, on my way to some upper Midwest city for the day, heading right back home this evening. You get real perspective on airplanes, you know. Perspective on things like heights and time - and on people, too. People you know you'll never see again. And when one knows they'll never see the people around them ever again, I guess they let their words flow more than they might otherwise. That can be good or bad.

There are two middle-aged guys, poorly dressed in corporate standard attire, in the row in front of me. Like as in one of these guys is wearing one beige dress sock and one navy one. They've been yapping away ever since we got on this flight three hours ago. We should have landed well over an hour ago, but they have these things called, umm, I think they're called 'delays' in the secret vernacular of air travel. Anyhow, no one really understands it, so we just sit in the broken down coach seat and smile like it's comfortable as the flight attendants walk up and down the aisles with forced smiles on their faces. You know, the smile that says 'Isn't this fun, we're all stuck on this thing going nowhere again, and we're gonna be late too, yay!'

Anyhow, at least I got some sleep, which is nice (seriously). But that's not my point.

Now I am back awake, and these same two yahoos (no, I don't mean they work at Yahoo! as that would be a compliment, and as you are about to see I have no compliments for these particular guys) are still going on and on about someone they apparently work for and how SHE (emphasis added to match their conversational emphasis on the fact that their supervisor is apparently female) does this and SHE does that and how SHE expects things and how SHE can't possibly understand. It's really rather amazing to listen to. It makes one want to yell "Shut up!"

They're also apparently very concerned about some presentations that they have to give. But they don't seem concerned at all about the actual content, or the audience, or whether the presentation convinces anyone or informs, or anything useful like that. Instead they're harping on and on about how SHE likes JOHN's presentations better, and how the other day they were afraid that they might not look like good presenters in the room with so-and-so, and what they might be able to do to make such-and-such look bad the next time.

Wow. And all of this where I can hear it, with a computer open to a PowerPoint deck I can clearly read and a company logo I can clearly see. And now one of the guys is opening a girly magazine.

Yahoos, I tell ya. And someone's paying them money to "do work."

Some people are truly amazing. Amazingly pathetic, that is. I'm glad I get to work with quality, decent people in my job. If I had to work with guys like this, I don't know if I could keep my mouth shut. Actually, I know I couldn't. They'd be right out the door, no question.



Add/Read: Comments [1]
Random Stuff | Things that Suck
Friday, September 01, 2006 7:49:57 AM (Pacific Standard Time, UTC-08:00)
#  
 Wednesday, August 09, 2006

Proof that cyber-crime is real, Consumer Reports is out with their State of the Net survey. It's pretty much as bad as we all know. From MSNBC:

"...American consumers lost more than $8 billion over the last two years to viruses, spyware and various schemes.

" Additionally, it shows consumers face a 1-in-3 chance of becoming a cybervictim -about the same as last year."

Thing is, prevention is much less costly than reactively paying for damage already done. You want to prevent the guy from getting into your place? Or do you prefer to let him in but then keep him from walking out the door with your money? Or are you like most people, who are resigned to watching him walk out the door with the prize, throwing your hands up in the air, and blaming someone (anyone, really) else?

How do we convince people, and what will it take?



Add/Read: Comments [0]
IT Security | Safe Computing | Tech | Things that Suck
Wednesday, August 09, 2006 1:57:19 PM (Pacific Standard Time, UTC-08:00)
#  
 Monday, August 07, 2006


UPDATE - AOL apologizes (not as if it makes a difference at this point, though):

"This was a screw-up, and we're angry and upset about it. It was an innocent enough attempt to reach out to the academic community with new research tools, but it was obviously not appropriately vetted, and if it had been, it would have been stopped in an instant," AOL, a unit of Time Warner, said in a statement. "Although there was no personally identifiable data linked to these accounts, we're absolutely not defending this. It was a mistake, and we apologize. We've launched an internal investigation into what happened, and we are taking steps to ensure that this type of thing never happens again."


AOL, over on their research wiki site, on Sunday posted an article describing their release of search data collected for more than a half million AOL users over a three month period. They claimed the data was made "anonymous," and that it was being released for research reasons. Problem is, it's not anonymous enough. Each unique user was replaced with a unique random identifier. That means you can see everything that user 336072 searched for. What if someone examined everything you searched for over three months? Even without knowing your name explicitly, do you think they might be able to find out some interesting things? Have you ever done a "vanity" search?

It's just not anonymous enough. I have a copy of the data that I downloaded before it was taken offline, and I've poked around in it a bit, so I know. Not only that, but spammers and search engine "optimizers" out there are going to have a field-freakin-day with this data. No, I won't share it with anyone else. It never should have been released in the first place, so I am not going to add fuel to the fire.

Michael Arrington at TechCrunch wrote about it in his blog entry entitled "AOL Proudly Releases Massive Amounts of Private Data," and updated his post a couple times as AOL mysteriously removed the data file from the web, as well as the page announcing the availability.

Arrington: "AOL must have missed the uproar over the DOJ's demand for "anonymized" search data last year that caused all sorts of pain for Microsoft and Google. That's the only way to explain their release of data that includes 20 million web queries from 650,000 AOL users."

When you consider that AOL search is - get this one - actually Google's search with a different face on it, you can imagine what the emails and phone calls that went flying around between the two companies on Sunday afternoon might have sounded like. Ouch.

Yeah, and so much for the privacy of AOL's users. If you're an AOL user, is that what you signed up for, to be a guinea pig in AOL's poorly-planned foray into academia? I think not. This is identity theft just waiting to happen, that's what this is. Again from Arrington:

"The data includes personal names, addresses, social security numbers and everything else someone might type into a search box. The most serious problem is the fact that many people often search on their own name, or those of their friends and family, to see what information is available about them on the net. Combine these ego searches with porn queries and you have a serious embarrassment. Combine them with "buy ecstasy" and you have evidence of a crime. Combine it with an address, social security number, etc., and you have an identity theft waiting to happen. The possibilities are endless. "

Google says "do no evil" and keeps this kind of data under wraps when challenged in federal court. AOL? Not so much.

Any would-be AOL boycotters better be prepared, though. Last we checked, you can't even cancel your account at AOL without being put through the ringer. Several years ago when I canceled mine it was a several-months-long experience before I was able to decipher enough to get the billing truly stopped. Coming and going, that's how they get ya in Dulles... There's a reason PC Magazine ranked AOL "Number One" in a list of things you'd really rather not be on...

Technorati : , , ,



Add/Read: Comments [1]
IT Security | Safe Computing | Tech | Things that Suck
Monday, August 07, 2006 2:25:00 AM (Pacific Standard Time, UTC-08:00)
#  
 Friday, July 28, 2006

Tell me what you think, share what you know... In large part, I help catch bad guys for a living. So I have my own perspective and base of experience, but please share yours.

You may already be familiar with the term "phishing" and possibly you have a good idea of what it means. If you're not familiar with the term, you should be. Essentially, bad guys set up fake "phishing" web sites, typically by copying an online banking or other e-commerce site. The bad guys then send out emails or use other means to try to get you to visit the fraudulent web site they've set up, in hopes you'll think it's legitimate and "update" Phishing - click for Univerity of Colorado's takeyour banking or other private information there. In reality you're not communicating with the actual bank or e-commerce company at all, and you're not really updating anything - Rather, you are providing confidential identity and financial information to cyber-criminals. The bad guys then use that information to steal money, defraud you and others, and to create a new identity or leverage yours for their own gain. They're good at what they do, and the fact of the matter is, it works well enough for those who are the best in their "industry" (and it is its own micro-industry, as we'll discuss) to be motivated to make a career of it.

The general technique of convincing you via trickery to give up your private and sensitive information is called "social engineering." Bad guys act in ways that cause you think you're communicating with a legitimate business, but in reality you're being defrauded of information and - in turn - your financial and identity assets. More recently even myspace.com and similar sites have been faked, so we know these criminals are creative and go after us where we live. Whether it's a phone call from someone who sounds like a legitimate business person or a web site that looks like it's the real thing, it's all social engineering - tricking you into believing you're communicating information to a legitimate person or business when you're not.

You've likely seen emails show up in your in-box that pretend to be from ABC Bank or XYZ Credit Union. Beware any email that request information from you. The emails typically say something has happened to your account or that they;re verifying information, and you need to update your information by clicking a link to go to the bank's web site. But those emails are fakes, and so are the sites that load when you click the link. They're sent (well, spammed really) to anywhere from a few thousand to millions of people at once. Even when only a very small percentage of victims actually take the bait (hence the term phishing, eh?) , the bad guys win and come out ahead - big time.

Unfortunately, people do take the bait. I see it every single day in my work. Just the other day I dealt with a situation in which someone who provided their information to a phishing site fraudster was ripped off for $19,000. We're talking about serious stuff here... Now, when you lose money it's sometimes recoverable (but not always - you can sometimes be held responsible for giving away security secrets, after all). But if someone steals your private identifying information - things like driver's license numbers, dates of birth, social security numbers and the like - it's bad news. You're in trouble. Recovering from a stolen identity can be nearly - and oftentimes completely - impossible. You can get a couple thousand dollars back if you get tricked into giving up a password, but you can't take back your social security number once someone knows it.

You get the picture.

So, phishing is when someone sends an email and tries to get you to provide your secret information on a web site that looks like a legitimate one, but which is really just a fake copy that some bad guy controls. A lot like walking into what you think is your favorite coffee chain and walking out with a Strychnine latte, really. And on top of that, you paid the bad guy who you thought was your friendly barista $5 for it - and left a tip.

We've covered some of the basics of phishing fraud - just the first thin layer of the problem, actually. Over the course of some future posts, we'll dig a bit deeper into the details of what makes up a phishing campaign and what can be done about it. We'll also discuss pharming, spear-phishing and other cute terms that start with "ph" but which are really just about the farthest thing from cute you can imagine.

There are solid reasons for this madness that plagues the financial service and e-commerce industries. But truly understanding the problem means more than just knowing what phishing emails look like and avoiding fake sites. The fact that the sites are even there in the first place, that the email actually reaches your in-box, that you can't tell a fake site from the real one - all of these things are problems in and of themselves. To truly prevent the problem - and let's face it, prevention is the golden key here - we need to know and understand much, much more.

For instance, do you know why certain banks, credit unions and online retailers are targeted over others? Here's a hint: It's not always about how many customers they have to target or how big a name the bank is, although that can be a factor. Many of the biggest targets are credit unions with just a few thousand customers. And do you know what the phishers actually do with the information they fraudulently trick you into providing?

Do you have any idea who the bad guys are?

That's a taste of what we'll be discussing here over the next few weeks. I'll publish some of my thoughts on these topics and more. Not the secret stuff that lets us catch them, but the information consumers and institutions can use to help combat the problem. It's an opportunity to learn and share information. If you have ideas, thoughts or comments about the phishing problem, or online fraud in general, please leave a comment on this entry, or write about it on your own blog, or alternatively you can email me (but please use the comments if it's safe and reasonable to do so in order to provide the benefit to others - I tend to get a lot of emails that would be much better from a community standpoint if they were posted instead as comments). I'll leverage my own thoughts as well as the thoughts of others like you to help build parts of the future discussion. With hat tips all along the way, of course.



Add/Read: Comments [0]
IT Security | Safe Computing | Tech | Things that Suck
Friday, July 28, 2006 10:04:12 PM (Pacific Standard Time, UTC-08:00)
#  
 Friday, July 21, 2006

Honestly, I can't tell you how tired of the typical, average, mundane, same-old PowerPoint presentation I have become. 99 percent of the time, as soon as any given PowerPoint presentation starts, I can feel the bile and boredom start to slosh and boil in my gut - in part because I sit through so darn many presentations, but even more so because most presentations - well - they just suck.

There's nothing quite like a slide deck with all the bulleted words the presenter that will be coming right out of the speakers mouth, if your intent is to say to your audience, "Hey, you're an idiot, so let me read this to you." Who's the idiot, really? There's nothing more redundant than reading and listening to the same thing. Or even worse, a zillion words on the screen and the speaker is talking about something else entirely. You lost me at "Hello."

So more and more I feel like I'm wasting my time. "Read to me, speak at me, bore me with bullets ad nauseum." Please, don't.

Don't get me wrong - I know people don't do this on purpose, they're trying hard and - well - it's the way everyone else does it, right? I also know I'm being a bit harsh (in order to make a point, really). It's just that for most every presentation anymore it doesn't matter all that much what it's actually about, because it's so much like everyone else's. PowerPoint is PowerPoint is PowerPoint, and it's tiring.

If you sell a product, or an idea, or some thing, you don't want it to be just like everyone else's do you? Apply that rule to your presentation style - How do you differentiate yourself from the crowd?

We actually love the crowd, of course, because it's easy to stand out when everyone else is doing the same thing. But it's worth risking having to work harder at it if a few people will revisit their presentations and get out of the common PowerPoint traps.

Anyhow, I got to a point where I was also hating giving presentations with PowerPoint (which I do quite often), not because of the PowerPoint application itself, but because of the fact that all my presentations seemed to be basically the same, and all the templates out there seem to encourage it: Long bulleted lists, points to read aloud, graphs and charts and nasty nasty nasty clip-art. Seriously, using clip-art should be a felony. No, really. Seriously. Like as in prison.

So, a couple weeks ago I took a chance on a presentation I gave at a conference, and went all Lessig-ish with it. A couple words on each screen to punctuate the salient points, a plain white background with big, readable black letters centered on the screen, and the rest was all talk. No handouts (and believe me that was a real surprise for the attendees - but it's not like they walked out or rioted or anything). It took some concentrated effort to create the new presentation. Not rocket-science level effort, mind you - but extra work it was. Time well spent.

And - get this - it worked. The audience was engaged and the conversation (which is what it's all about - exchanging thoughts and ideas, as opposed to making a speech, right?) was interesting, for everyone including me. You could tell the format and style was something new for the audience, for sure, but the looks on people's faces were certainly fun to watch. And the thing is, they actually had looks on their faces. Gone was the blank gaze. Everyone in the room was looking at me as I spoke, and that means making a connection. They'd glance at the screen momentarily and then look back to me for the information, not the other way around. We actually looked in each others' eyes. Now, it's not that I have some kind of problem where I desperately need that kind of attention - it's just that it's clear as day that direct, personal communication is much noticeably more effective and meaningful.

The questions from the crowd at the session were good - They were thoughtful, and the audience was obviously tuned in. Not that my audiences aren't tuned in in general - quite the opposite. But in this presentation you could sense the difference - One could feel the connection and involvement noticeably more.

After the conference, we sent my spartan slides, along with the relatively detailed speaker notes printed on the page below each slide, in PDF form to anyone who attended and wanted it. Gotta provide those handouts at some point, you know... Unless it's caught on video or something.

One of the best and most effective presenters I know personally, Scott Hanselman (it's my week to link to Scott, heh), called it "Existential Presentation." I assume by that he means free, individual, unique, possibly even rebellious. I can see that. 

Personally, being the practical and somewhat-less-eloquent guy I am, I see it as a kind of resurrection of some form of miraculous goodness from the hell of a bloated and obese PowerPoint existence. Ah, existence. I get it, Scott!

Anyhow -- What do you think?

P.S.  Great resources for presenters and presentation authors (hey - you do write your own presentations, right???):

  • Presentation Zen Blog (which has been subscribed in my aggregator for quite some time)
  • Garr Reynolds presentation tips
  • Scott Hanselman's Tips for a Successful Microsoft Presentation (great stuff)

From the comments, Jim Holmes points out a couple more great ones:

and Shane Perran also has some excellent suggestions:

  • Steve Jobs - Simply brilliant when it comes to presentation. That goes for most of the Apple design/marketing team
  • www.guykawasaki.com - Guy Kawasaki - A one time Apple guy turned VC and absolute master of presentation
  • sethgodin.typepad.com - Seth Godin - Author of the ever popular Purple Cow and another master presenter and storyteller
  • www.alertbox.com - Jakob Neilson - While wildly hard-nosed about design, he knows content usability like no other - mostly web oriented, there is a lot of carry over

Those are all good ones, and most all those blogs I subscribe to (and the rest I just did, heh). Presentation is about content, style, design, personality, conversation... All important components.



Add/Read: Comments [2]
Random Stuff | Tech | Things that Suck
Friday, July 21, 2006 2:51:58 PM (Pacific Standard Time, UTC-08:00)
#  
 Thursday, July 06, 2006

Just when you thought you'd seen it all, well - you'll just have to check this one out for yourself (from KGW.com).

Straight from the Portland Bureau of Ridiculousness...

A Northeast Portland man is suing basketball superstar Michael Jordan and Nike founder Phil Knight for a combined $832 million. Allen Heckard filed the suit himself, June 29th in Washington County Court. Heckard says he’s been mistaken as Michael Jordan nearly every day over the past 15 years and he’s tired of it.

 
kgw.com

“I'm constantly being accused of looking like Michael and it makes it very uncomfortable for me,” said Heckard.

Heckard is suing Jordan for defamation and permanent injury and emotional pain and suffering. He’s suing Knight for defamation and permanent injury for promoting Jordan and making him one of the most recognized men in the world.

Uhhh... Yeah, right. You can read the whole story here. And roll your eyes like me. Rolling eyes is so much fun. What an idiot.

My favorite quote from the story:

Some might wonder how he decided to sue Knight and Jordan for $416-million each. "Well, you figure with my age and you multiply that times seven and ah, then I turn around and ah I figure that's what it all boils down to."

Wow. Scary thing is he might get a few bucks tossed at him to go away. Or if we're lucky he'll lose hard and get stuck with the defendants' attorney's fees. You think he considered that possibility?

What an idiot. Sorry, but there are times when you just have to come out and say it.



Add/Read: Comments [3]
Random Stuff | Things that Suck
Thursday, July 06, 2006 10:41:02 PM (Pacific Standard Time, UTC-08:00)
#  
 Saturday, July 01, 2006

The headline reads: "Credit card security rules to get update."

I see that and I think to myself, "Hey, cool."

Then I read the story.

What it should have said: "Credit card security rules that make perfect sense and protect your identity are about to be flushed right down the toilet because companies say it's too hard."

Now, that's not so cool.

Why is that? Industry requirements that were put in place not too long ago that required companies to encrypt sensitive information are going to be removed. Yes, you read that right - Removing the already established requirement to encrypt the data that is most sensitive and valuable. I'm not one who typically leans in the direction of government mandated standards, but in the absence of private self-regulation and in this particular case...

From CNET's News.com:

While security stands to benefit from a broader, another proposed change to the security rules may hurt security of consumer data, critics said. The new version of PCI will offer merchants more alternatives to encryption as a way to secure consumer data.

"Today, the requirement is to make all information unreadable wherever it is stored," Maxwell said. But this encryption requirement is causing so much trouble for merchants that credit card companies are having trouble dealing with requests for alternative measures, he said.

In response, changes to PCI will let companies replace encryption with other types of security technology, such as additional firewalls and access controls, Maxwell said. "There will be more-acceptable compensating and mitigating controls," he said.

The Payment Card Industry (PCI) security standard was developed to improve the security of applications processing credit card transactions. In the best-practices world of layered security, we deploy security in multiple locations and in different parts of the lifecycle. We even get redundant, especially in areas that matter the most.

To think that more firewalls can protect data in a way that makes it unnecessary to encrypt is ridiculous. Encryption protects data from theft when other layers are compromised. It keeps data safe even from internal theft (and trust me, that's at least as common as external theft, often even more so). It means - if done correctly - that even is a server is stolen from a datacenter,  the bad guys still cannot get at the information that's stored in a secured form on the machine. Keeping people out is important, but encryption is about the bad guys that already got in. So let's can the firewall arguments, although perimeter security is still a critical thing to deploy.

Scanning software to make sure you cover the threats and reduce the chance of successful attack is a good thing - but having people analyze it with eyeballs is significantly better. Scanning software only finds the low hanging fruit that is exposed on the outside layers and only finds the things we already know about. It provides no mechanism for creative scrutiny and under-layer analysis. It doesn't account for finding the new threats and vulnerabilities. Those things take active brains and connected eyeballs. It's what I don't know how to detect that will kill me in this case. It's the holes I can't see today, but which will be all too obvious tomorrow. So let's drop the "build secure software" argument as an alternative to encryption, although it's still an important thing to do.

Ultimately, cutting out the data encryption requirements will make it easier for companies that do transactions - by trading off the security of sensitive, personal information. It comes at our expense. It's a bad idea. And you should do something about it.

It's not easy to do 99% of what makes up my job, and it's not always fun. Security is hard. It's not really supposed to be easy. But I do it because it's necessary and right. The identity of users is the proverbial gold and crown jewels of this real-life game. It's not about protecting institutional assets - it's all about protecting individual people's identities.

To be concise: Removing the encryption requirement is a fundamentally bad idea that will hurt real people in the real world. Especially in this day and age of identity theft and with the endless news stories covering data loss and theft where the data is vulnerable specifically because it's not encrypted, I'm rather shocked by the decision. It's another example of where doing what's right falls victim to doing what costs less and reduces complaints.

It's time to stand up for what's right for security. First of all, as a business you should not be storing any personal information that's not absolutely necessary and that I have not specifically told you I want you to store for me.  Protection of the personal information you do store is your responsibility, but I own it. Encryption of my sensitive information in your systems should be a requirement, not a nice-to-have or a convenience-based suggestion.

Period.



Add/Read: Comments [5]
IT Security | Safe Computing | Things that Suck
Saturday, July 01, 2006 4:05:10 PM (Pacific Standard Time, UTC-08:00)
#  
 Monday, June 05, 2006

A coworker sent me a link to a news article today, yet another one about a data breach from - you guessed it - a stolen laptop. This one was an auditor working for Ernst & Young and doing an audit of Hotels.com, and apparently the auditor (and I can't believe this) left it in his or her car and it was broken into and stolen.

So now, thousands of Hotels.com customers' personal data - meaning names, addresses and credit card information of about 243,000 people - is potentially in the hands of someone who could use it improperly. Oh, and by the way, my name is certainly on that list.

Up until today I was frustrated to no end with these events.

Now it's personal. Now I'm angry.

And get this: The theft occurred in February and Ernst & Young didn't notify Hotels.com until the first week of May. What??? And on top of that, customers were not notified until a few days ago. You've got to be kidding me...

This post contains some useful information about data breaches, packaged with a bit of a rant by yours truly about information security - or the serious lack thereof - in US companies and institutions. As a reminder, what I post here is my own opinion and not that of my employer or anyone else. I work in information and cyber security, and I care - a lot - about these issues.

There's a major attitude problem - let's call it a lackadaisical mentality - out there and it's high time someone did something about it. Lazy security means lots of helpless victims, and we're so far behind the 8-ball as a country it's downright scary. There's a fundamental "people problem" at the root of this, and no matter how much technology we throw at it, the analog physical and human components need to be addressed before any of the technical issues can be resolved.

The Privacy Rights Clearinghouse maintains an online chronology of data breaches with descriptions of each event, outlining any known data breaches that have occurred since February, 2005.

All told, as of the time I write this, there are 84,797,096 individuals whose identities are known to have been included in these data breaches. Banks, universities, health care providers, insurance companies, corporations, credit card providers... Lord only knows about the ones that have not been reported. Ugh, it's depressing. It's also ridiculous.

What bothers me the most is how often the term "stolen laptop" shows up in the list. What in the world are people doing with sensitive information stored on computers that can walk out the doors of all of these heavily regulated companies and institutions? It's insane from a security management perspective.

But then again, let's take a look at just how many US banks, universities, health care providers, insurance companies, corporations and credit card providers are certified under some kind of recognized information security management standard. Let's take the big standards - BS 7799-2 and ISO 27001 - for example.

BS 7799-2:2002 (in this case, the "BS" stands for "British Standards") has long been the recognized standard for overall security management, and the new ISO/IEC 27001:2005 international standard is basically BS 7799-2:2002 in an updated form. It's also related to ISO 17799, since we're throwing around fancy names. Ultimately it's all the same stuff, just renamed and reassigned. The 27001 standard represents a systematic approach to managing sensitive information so that it remains secure. It encompasses people, processes and IT systems.  It is used to determine and evaluate a company's security management framework and is internationally recognized as the gold standard for security.

If a company doesn't have a security management framework in place, not only is it unaware of what's happening in it's own walls, it doesn't really know whether or not it knows much of anything. Yeah, that's confusing. What you don't know is what will most likely kill you. Either way, it's negligent in this day and age not to be formally on top of information security, and that involves not just firewalls and technology, but risk assessments, people, processes, and an over-reaching management framework to ensure all the bases are covered.

Did he say "negligent?" Yes, negligent. And I mean it.

It's a lot of work to achieve and maintain the 7799/27001 certification and to hold up to ongoing audits, to be sure (just ask me or my coworkers about it some day, we live it), but it's not rocket science and for gosh sakes, IT'S IMPORTANT. And it's not about the actual certificate, it's about all the things that go into the process of getting the certificate and keeping it.

So, if you had to hazard a guess, how many agencies, institutions and companies in the United States do you think have this important and recognized certification?

Be prepared to be disappointed. Especially when compared to the number of certified organizations in other countries, like say Japan and India and Korea. Or pretty much any other developed country, for that matter. It's really quite pathetic.

Of the 2600+ organizations on the certificate register, there are only seven  (yes, that's "7") companies or organizations in the entire United States certified under ISO 27001, and only 39 have been certified in the US under BS 7799-2 and ISO 27001 combined. Keep in mind, there's overlap on the lists, as a number of companies (like ours) have converted from the British Standard cert to the ISO 27001 model, meaning we've been certified twice.

This table shows how many organizations are certified under either ISO 27001 or BS 7799-2 as of June 5, 2006. The term "organization" can mean any one of several things: companies, portions or divisions of companies, agencies, or various other other entities. I've left off most of the countries that have only one certified organization to save space.

Japan

1602

Brazil 

9

Slovenia 

2

UK 

244

Sweden

8

South Africa

2

India 

186

Spain

7

Armenia

1

Taiwan 

92

Turkey

7

Bahrain

1

Germany

57

Iceland

6

Chile

1

Italy 

42

Greece 

5

Egypt

1

USA 

39

Kuwait

4

Lebanon

1

And of the US companies, agencies and organizations on that list, only one of them is a bank (and even then it's only the information security team's component of the business). None of them are credit unions. None of them are insurance companies. None of them are health care providers. One of them is a university. A couple are government agencies - and not the same ones that have been in the news lately, that's for sure.

If you think about it (or search for it, for that matter), how often do you hear about information disclosure outside the United States? Sure, it happens, but seemingly not nearly as often. And why is it, I wonder, that in Japan there are so many certifications? ISO 9000 (the gold standard for manufacturing) is huge there, as well. 

The fact of the matter is that overall, companies and institutions in the US don't take security nearly seriously enough.

So - It's time to do something about this. Now, not tomorrow. It's already much too late, so we need to get moving. We're already in triage mode, friends.

What to do? To start, if you do business with any company that handles sensitive individual data, ask them about their security certifications. And don't accept just a SAS-70 certification as covering the bases - it only covers operations of the datacenter and has practically nothing to do with the rest of the company. Also, make sure you know specifically what any issued certifications actually cover - this is called the "scope" of the certification. Is it the entire company (usually it's not so you have to ask), or is it just a department or division? If the company is not formally certified, do they have a security management framework and a standard they follow?

Also, this is formal security management we're talking about. Don't accept lame responses like "we're covered under HIPPA" or "we get audited for Sarbanes-Oxley so that's all covered..." Sorry, that doesn't come close to cutting it. Neither of those auditing standards require a company to have a security management system in place, and neither come close to covering what's needed to ensure proper security standards are met outside of their narrowly focused scopes.

Get educated. Find out what needs to change. Demand change. Question systems that put the secrets in the hands of people who don't have a personal stake in the game. Do business wherever possible only with companies that are cognizant enough of security to formalize their program on a standard framework and which preferably have external certification of the results of that effort. I'm not kidding here. And yes - it can be done.

Unless you have a better idea (and feel free to share - comment away), that's what it will really take to create change - Market forces. We certainly can't count on the government to do anything about it - they'll just come up with vague, useless legal acts that almost always miss the mark and cost the business sector billions (take SARBOX for example). Individual action and demanding that companies get serious - and that they do so in a manner where they can be formally reviewed and held accountable - is the best real-world way to force change.



Add/Read: Comments [3]
IT Security | Safe Computing | Things that Suck
Monday, June 05, 2006 10:06:00 PM (Pacific Standard Time, UTC-08:00)
#  
 Thursday, March 02, 2006

Okay, Dork fightclubI just have to say something here. I can't help myself. Like CBS hasn't already done enough to ruin things for us in its own studios, now it's reporters are taking it to the streets, too.

You know, Fight Club used to be cool, one of the best movies of the last several years for sure, then these guys have to go and freakin' ruin it.

Grrr...

Let me put it this way: This is to Fight Club as "What are YOU doing???" is to "WAZZZZUUUUUUP?!?!?!?"

Someone should go find these guys and kick some @*$ for real for breaking the first rule. Where's Tyler when you need him? Not to mention what this does for the image of software engineers in our world. That's it, might as well just give up now.

Alright, anyhow, back to our regularly scheduled programming...



Add/Read: Comments [3]
Random Stuff | Things that Suck
Thursday, March 02, 2006 5:52:00 PM (Pacific Standard Time, UTC-08:00)
#  
 Monday, February 13, 2006

I've been heard on occasion to suggest that it might be a good (or at least interesting) idea to turn off email in the workplace and to resort to more personal means of communication, like say in-person. Or on the phone. Anything that's not written.

Why? Because, it can be so hard to really understand what someone is saying, and especially difficult (if not impossible) to tell what they mean. When you're talking about business relationships, it's hard to believe one can make good, solid decisions based on conversations as limited as email.

Now there's some research that supports my hair-brained suggestions:

According to recent research published in the Journal of Personality and Social Psychology, I've only a 50-50 chance of ascertaining the tone of any e-mail message. The study also shows that people think they've correctly interpreted the tone of e-mails they receive 90 percent of the time.

"That's how flame wars get started," says psychologist Nicholas Epley of the University of Chicago, who conducted the research with Justin Kruger of New York University. "People in our study were convinced they've accurately understood the tone of an e-mail message when in fact their odds are no better than chance," says Epley.

One thing's for sure: Simply knowing what the results of this research tell us could make a difference in daily email communication practice.

Does your place of work ever discuss email communication, its pitfalls, and etiquette? Now that's a topic that's worth some face time.

(via wired.com)



Add/Read: Comments [1]
Tech | Things that Suck
Monday, February 13, 2006 7:19:07 AM (Pacific Standard Time, UTC-08:00)
#  
 Monday, December 26, 2005

Plagiarism sucks, and Om Malik's weblog was apparently being copied verbatim, images and all, and repurposed sans-attribution on another site that was serving up ads and (potentially) making money. I've had this happen to me a few times in the past year or so, and in some cases found the only way to fight it was to quote the DMCA in an email to the host. Lord knows asking Google to hold them accountable for their terms of service did not work in my case - Google just wrote back and said "we can't do anything." Plus the bad guys were repurposing content from a whole slew of other sites. Lazy jerks.

By the way - this is really not exactly a trivial deal for many blog authors and publishers. I know when it happens to me, I chase it down and take it seriously. No lawyers needed - I am pretty good at that stuff and have some legal and courtroom experience, so why not put it to use eh? The ads on my site pay for my web hosting and my Internet access each month, and then some, so I have a little more than just an ego interest in what I choose to write and post.

Anyhow, below is an email I used last year to resolve a plagiarism problem involving full content from this web site. It's blunt, direct, complete and it worked. Also, note that this letter followed multiple attempts to get the site owner to remove plagiarized content. I'm posting the email letter here simply for the benefit of anyone who might become a victim of blog plagiarism and wants access to some ideas that have worked for others in the past.

And by the way - make sure you have a copyright statement and maybe a Creative Commons license on your main page that states what people can and cannot do with your blog content (mine's at the bottom of every page - it says people can repurpose it with attribution and for non-commercial purposes). It can't hurt to do this, and it helps set reasonable expectations and ground-rules for well-behaved people, while it can also be ammo for the ill-behaved later on...

Note that the problem I tackled with the below email was resolved within 4 hours of the email being sent to the hosting provider (the site owner never responded), and it happened a year and a half ago, so please don't go harassing anyone - this is just posted here to help people who might end up in a similar situation.

Where you see the word "(-- edited --)" below, I have removed identifying information to protect the innocent as well as those who complied with the requests to remove the offending content.

[via tech.memeorandum.com]

-------- Original Message --------
Subject:  ACTION REQUIRED: Illegal use of copyrighted content by one of your customers for commercial purposes
Date:  Sun, 3 Apr 2005 17:18:51 -0700

NOTICE: IF YOU ARE THE OWNER, OPERATOR OR HOSTING PROVIDER OF THE “MICROSOFT-DOTNET-TECHNOLOGY.INFO” DOMAIN, THIS IS A CEASE AND DESIST LETTER REQUIRING YOU TO IMMEDIATELY CEASE REPUBLISHING CONTENT OR ALLOWING/ENABLING CONTENT TO BE REPUBLISHED, WHICH IS SOURCED FROM THE “GREGHUGHES.NET” DOMAIN.

The owner of the web site(s) located on your servers/network at the below IP address and domain name is stealing and republishing - via an automated web-server application that gathers an XML feed - content owned and copyrighted by Greg Hughes at http://www.greghughes.net:

216.7.187.20 (MICROSOFT-DOTNET-TECHNOLOGY.INFO)

The following ARIN information identifies (-- edited --) Holdings, LLC (which is a corporation in Colorado) and (-- edited --).com (which appears to be a possibly defunct operation) as owners of the IP address/block in question:

Location: United States [City: Loveland, Colorado]

NOTE: More information appears to be available at NET-216-7-186-0-1.

(-- edited --) Holdings, LLC D393LLC-DC-INVERNESS6 (NET-216-7-160-0-1)
                                  216.7.160.0 - 216.7.191.255
(-- edited --).com VONOC-216-7-186-0-23 (NET-216-7-186-0-1)
                                  216.7.186.0 - 216.7.187.255
 
# ARIN WHOIS database, last updated 2005-04-02 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

The person(s) running the web site at MICROSOFT-DOTNET-TECHNOLOGY.INFO have been contacted in the past via the “contact” form on the web site and told to stop repurposing this content, specifically because they have not obtained permission and because they are profiting from advertising revenue from said web site. This activity constitutes theft of intellectual property under copyright laws and the DMCA. The information being sourced is copyrighted as indicated on the web site, and is not in the public domain for re-use. The party(ies) associated with MICROSOFT-DOTNET-TECHNOLOGY.INFO have not responded to repeated contacts and requests to cease use of the copyrighted material.

We have sent a CEASE AND DESIST letter to the parties once again today (April 3, 2004) through their web site contact form at http://www.microsoft-dotnet-technology.info/contact.asp. At this time we request that you remove the offending web sites and pages from your servers, as they are clearly in violation of the common acceptable use provisions of the parties to this email:

http://www.(-- edited --).com/acceptable-use.asp#copyright

IN ADDITION, the same person(s) appear to be sourcing copyrighted material for commercial use from Yahoo!, Search Engine Watch, moreover.com, the Kansas City Public Library, National Geographic News, about.com, and Web Hosting News. Unless the situation is rectified immediately we will also be contacting those persons and companies to advise them of the misuse of the copyrighted property and data.

The WHOIS information on record for the domain in question is:

Domain ID:D8436219-LRMS
Domain Name:MICROSOFT-DOTNET-TECHNOLOGY.INFO
Created On:27-Nov-2004 15:34:17 UTC
Last Updated On:27-Nov-2004 15:34:20 UTC
Expiration Date:27-Nov-2005 15:34:17 UTC
Sponsoring Registrar:R136-LRMS
Status:ACTIVE
Status:OK
Registrant ID:C7727838-LRMS
Registrant Name (-- edited --)
Registrant Organization:(-- edited --)
Registrant Street1:(-- edited --)
Registrant City:(-- edited --)
Registrant State/Province:Gujarat
Registrant Postal Code:(-- edited --)
Registrant Country:IN
Registrant Phone:(-- edited --)
Registrant (-- edited --)
Admin ID:C7727839-LRMS
Admin Name:(-- edited --)
Admin Organization:(-- edited --)
Admin Street1:(-- edited --)
Admin City:Ahmedabad
Admin State/Province:Gujarat
Admin Postal Code:(-- edited --)
Admin Country:IN
Admin Phone:(-- edited --)
Admin (-- edited --)
Billing ID:C7727840-LRMS
Billing Name:(-- edited --)
Billing Organization:(-- edited --)
Billing Street1:(-- edited --)
Billing City:Ahmedabad
Billing State/Province:Gujarat
Billing Postal Code:(-- edited --)
Billing Country:IN
Billing Phone:(-- edited --)
Billing (-- edited --)
Tech ID:C7727841-LRMS
Tech Name:(-- edited --)
Tech Organization:(-- edited --)
Tech Street1:(-- edited --)
Tech City:Ahmedabad
Tech State/Province:Gujarat
Tech Postal Code:(-- edited --)
Tech Country:IN
Tech Phone:(-- edited --)
Tech (-- edited --)
Name Server:VOB1.(-- edited --).COM
Name Server:VOB2.(-- edited --).COM

(Note: I edited the names and other identifying infomration from the WHOIS record at the request of the person listed in the contact sections of the record becuase they asked me to do so. While the information is accurate as it was originally posted, it serves no useful purpose to keep that person's phone and other information here and the orginal issue was resolved, so I agreed to make the change).



Add/Read: Comments [2]
Blogging | Random Stuff | Tech | Things that Suck
Monday, December 26, 2005 9:21:05 PM (Pacific Standard Time, UTC-08:00)
#  
 Saturday, December 17, 2005

Scott Adams says he recently quit caffeine. It wasn't exactly pleasant for him. Sounds like it still isn't.

I can relate. Except that I have not quit.

I drink coffee like it was, well, water. Like it's going out of style. It's easy to do - there's tons of free coffee everywhere I go. Which means work and home. And church sometimes. Free coffee everywhere.

Coffee is The Devil. So I am not sure why it's at church.

If I don't get my requisite dose of caffeine in the morning, I (seriously) can't see straight. Like as in my vision is blurry and my head hurts. That can't be good.

I stopped smoking a couple years or so ago. I've quit other things before, many years ago. But caffeine, well man oh man... Painful.

For the record, cigarettes was the hardest from a withdrawl perspective. Freakin' BRUTAL. It still is from time to time. I tell people I *stopped* smoking. I don't say I "quit." Nothing is guaranteed, nothing is forever. For today I am stopped, and it's better that way.

I guess I've learned that much fairly well. Heh.

But, back to coffee - It's the one vice I have left remaining in my life, really. I know I shouldn't drink as much as I do, but it just won't let me go. I've tried it - Ringing ears, blurry vision, massive headaches, general lethargy, an *inability* to sleep (seriously), and on top of that no more coffee, which I actually like (and I never actually liked smoking that much).

Argh. Decaf doesn't really appeal to me. All the decaf I've ever had tastes like crapola.

Any ideas?



Add/Read: Comments [8]
Personal Stories | Random Stuff | Things that Suck
Saturday, December 17, 2005 11:01:32 PM (Pacific Standard Time, UTC-08:00)
#  
 Sunday, December 11, 2005

I'm supposed to be on my way to Portland by now, to meet up with the youth group for a evening thing, Christmas shopping and stuff.

Supposed to be. Just one minor problem.

My truck's sitting out there in the driveway, with my laptop, camera, phone, and everything else I might possibly need tucked inside. The engine is all warmed up, the heated seats are turned on.

And the doors are all locked.

And the extra key? Yeah, let's not even go there.

To solve this problem, after failing miserably at the Magic Wire Coat Hanger Method, I brought out the smallest Yellow Pages book in the United States and looked for a local locksmith.

I'm starting to see why there are times when it's easier to live in or near the city. My first call was to a guy who, it turns out, is over in the state of Washington. Another call or two went unanswered. My next call was to a guy three-quarters of the way to the city, and he said he'd be heading my way. That's about 30 minutes away.

Days like this make me happy I have that Hemi V8 under the hood, what with the truck sitting there in the driveway at fast idle for the past hour and all.

But hey, with the PC laptop locked up in the car, at least I can be glad to have this Mac sitting on my desk in the corner over here. And I can be glad I have time to apply the gazillion software patches and updates I apparently missed since I last used it who-knows-how-long-ago.

I just hope there's enough gas left by the time they guy gets it unlocked to get me to the closest gas station.

Okay, I'm done. How's your weekend?



Add/Read: Comments [4]
Personal Stories | Random Stuff | Things that Suck
Sunday, December 11, 2005 2:21:24 PM (Pacific Standard Time, UTC-08:00)
#  
 Wednesday, November 30, 2005

Thomas Hawk wrote about a severe problem he had ordering a camera from an abusive online retailer that's really nothing but a major, unethical sales scam operation. The fact that he wrote about it and pointed to a number of other people's experience is great, and it brought to mind a number of other things that people need to know, especially this time of the year.

First of all, there ARE unethical, bad people out there trying to sell YOU their stuff. And there are some that will threaten, extort and otherwise manipulate their "customers." It doesn't just happen to other people - it can and will happen to you, too. Protect yourself and do your homework. While the vast majority of online retailers are good, solid companies, there are the few bad apples, just like in any community, that make it bad for everyone they can take advantage of. 

  • If the price is too good to be true, it's probably not true. Seriously. Don't fool yourself.
  • Do your homework if it's a company you have never head of or dealt with. You're trying to save money, so spend some time. That means getting information about the company. A good way to do this is to look for bad information online, by using Google or another search engine to search for "The Company Name"+scam (like this and this show some serious info). Look for the NEGATIVE information. Keep in mind that there are times when the bad guys will try to make themselves look good by posting positive information. It happens.
  • Don't rely solely on the Better Business Bureau to tell you what you need to know, but do be sure to check information there. The company Thomas wrote about has a record with the New York BBB that's pretty terrible. Also be sure to use epinions.com's "Online Stores and Services" search and read through the whole lot. Again, there are bad guys that will post fake positive comments about themselves - so be a pessimist.
  • Always use a reputable credit card, never use a check or debit card. If you ever need to reverse charges, a credit card with purchase and fraud protection is invaluable; You can't reverse cancel payment on a check that's already posted, and you fighting the debit card battle is painful if the money has already been pulled from your account. Credit cards provide lots of real protection, so use them for these purchases. That's why I have credit cards, really, is to protect myself if ever needed for major purchases. That and true emergencies. Other than that I think they are evil, heh.
  • Did I mention "If the price is too good to be true, it's probably not true?" Okay, well it's worth repeating.

Finally, based on other people's experiences with the company Thomas had his problem with, I'd suggest you never, ever do business with Price Rite Photo, which also uses a number of other business names. Check the BBB for retailer names and aliases, and alway always always be careful and suspicious of the too-good-to-be-true deals.



Add/Read: Comments [1]
IT Security | Safe Computing | Things that Suck
Wednesday, November 30, 2005 5:20:00 AM (Pacific Standard Time, UTC-08:00)
#  
 Monday, November 28, 2005

Leave it to the Oregon Lottery to come up with the holiday marketing stunts to top all stupid holiday season marketing stunts. Thank God for the lottery people... And here we were starting to worry people might actually take Oregon seriously for a second...

So, here you have it: Scratch-and sniff lottery tickets in a beautiful fruitcake flavor. Yeah, seriously. Scratch the card, and it smells like f-r-u-i-t-c-a-k-e. Uhhh... Yuck.

People actually want to buy this crap? Wow.

To top it all off, be sure to check out the (actually somewhat amusing) MP3 files being used to promote the seasonal cash-collecting game.

It's all at http://spiritoffruitcake.com.

Sheez...



Add/Read: Comments [2]
Random Stuff | Things that Suck
Monday, November 28, 2005 7:30:54 PM (Pacific Standard Time, UTC-08:00)
#  
 Sunday, November 20, 2005

A couple months ago I took early delivery of a ThinkPad X41 Tablet PC, and I like it a lot. There are a few things I'd improve (like maybe offer a faster proc and faster hard drive spin speed as an option, and possibly higher resolution video), but overall it's great.

But I ran into my first problem last week. The "push-through" latch - which sticks out of the machine's screen either on the screen surface side or the top surface side, depending on whether you've rotated into slate mode - broke and fell out. So not I have a Tablet without a latch. Luckily, the lid tends to close shut. he only real problem is it also tends to rotate if you push on it the wrong way.

Looking at the base side of the latching mechanism, it appears something in there broke. Not good. And the thing, is, all I've done with it is open and close it normally... No torture, drops, hard landings, hard closings or anything.

Bummer. Seems like the convertible Tablet PC latch market needs a better design. Someone out there should design the perfect latch, patent their Really Good Idea and run with it.



Add/Read: Comments [3]
Tablet PC | Tech | Things that Suck
Sunday, November 20, 2005 8:33:49 AM (Pacific Standard Time, UTC-08:00)
#  
 Saturday, November 19, 2005

Want to instantly turn off a blogger? Ask them to link to you without a compelling reason. Seriously. Unless it's a truly compelling and timely topic, never ask for a link. If you do, prepare to be ignored.

Robert Scoble wrote a short-but-right-on-target post today that I can totally relate to. And keep in mind, my blog is like 1/100th of what his is from an attention perspective, so the impact of blatant link begging on me is nothing even close to what it is for him, I'm certain.

Like Robert, I've also been getting a lot of emails and even a few phone calls recently from PR people, bloggers, marketers and other people who don't quite "get it" asking me to write about specific things on my blog. Some have even gone so far as to offer something in return as payment. At first I just laughed and tried to figure out why anyone would actually take the time to ask me to write, then I looked at my pageviews and did some fuzzy math in my head. Okay, so lots of people read the content on this site, that's cool. Not as nearly as many as the big guys, but a lot nonetheless. My AdSense income amazes me more than anyone. But my voice is mine, and it's not for sale.

I'm not saying I don't want to hear about cool stuff - send it on. What I am saying is if your request takes the form of "will you please link to this?" or "hey you should link to this" or "you should write about this for me," I'm really not interested. Of course, if you think something is really cool and it catches my eye, too (and you're not pulling a fast one or crying wolf), I'm going to be interested.

I've gone so far as to reply to one or two of the more truly blatant, entitlement-laden requests with words like "I don't take requests" or "Sorry, I don't do performance blogging." Most of them I just ignore and immediately file in the electronic circular file. It's not that I don't want to hear about good and cool stuff. I just don't want to be anyone's hired or begged PR publisher.

PR people often operate in the old-skool world (been there in a prior career), one where lazy print writers looking for something new to write about love to get calls from PR agencies with some pre-written copy that can be regurgitated or copied verbatim and published. Bloggers don't work that way. If you (hypothetically) send me a book to review, I will try to read it when my schedule allows and if it catches my interest. If I find it especially compelling I might write about it. If I don't like it, I'll most likely just let it go. If it's really, really bad, I might just write about that, too. But probably not - I prefer to emphasize the positive here. So, unlike the print world, there' some risk involved. One thing's for sure: There's no promise or guarantee I'll write anything. And if the request is to take a book or software or anything else in turn for a guaranteed review, don't ask. I'm not for hire. Some people have asked if they would have a chance to respond to anything negative before I write it. I tell them no, but that my blog has comments and if they have a blog (they should), they can always participate in the conversation. It's amazing how many people that puts a stop to. Heh.

I agree with Robert's suggestion. If you see something cool and want me to blog about it, send me a link and tell me what's got your interest and why. I don't care whether it's a link to your site and your comments or if it's pointing to the original info, or whatever.

Now, don't let me scare you away. I write about many things - stuff I care about. Some of it I discover by reading something someone else wrote or sent to me. If I happen to have the same level of interest as you when you show me something, I might take you up on the info. Conversely, if you specifically ask a blogger to link to you for selfish reasons, prepare to be ignored unless it's something very special and urgent.

I've written almost nothing all week until today, partly because I got tired of these calls and emails with blatant requests. It's not fun. It feels like work, and that's one thing this blog is not. Plus, I have been pretty busy recently with my job and life. We all need a break now and then.

Anyhow, Robert - you got that one right, man.



Add/Read: Comments [1]
Blogging | Random Stuff | Things that Suck
Saturday, November 19, 2005 5:00:06 PM (Pacific Standard Time, UTC-08:00)
#  
 Saturday, September 24, 2005

Stuck on StupidEvery now and then some random person or event comes along that deserves memorialization. Such is the case with Lt. Gen. Russel Honore and his words this past week when confronted with a gaggle of reporters. Honore and others (including the Mayor of New Orleans, who was having a hard time with the media crowd) were at a press conference (called by the mayor) in order to immediately get out the important word about the government's plan to evacuate people from the city of New Orleans in the face of yet another hurricane - this time, it was Rita.

But some of the reporters at the press conference were apparently still stuck on Katrina. The General was there to make sure they clearly understood their role in the situation. There's a time and a place for everything, to be sure - and that means there's a time for the media to ask questions, and there are other times when the message needs to be immediate, clear and loud in order to save lives and ensure peoples' safety. Unfortunately, there are many in the media who are all about conflict, not about helping people (regardless of what they say their motivations are). It's makes the former journalist in me scream at the TV. I hate it.

So - Thank God for people like Lt. Gen. Russel Honore. Here's his words, an audio file and a partial video of the interaction between him and the media:

Audio Attachment: 0920honorestuckonstupid.mp3 (1685 KB)

Video Attachment: stuckonstupid2.wmv (2957 KB)

Gen. Honore: And Mr. Mayor, let's go back, because I can see right now, we're setting this up as he said, he said, we said. All right? We are not going to go, by order of the mayor and the governor, and open the convention center for people to come in. There are buses there. Is that clear to you? Buses parked. There are 4,000 troops there. People come, they get on a bus, they get on a truck, they move on. Is that clear? Is that clear to the public?

Reporter: Where do they move on --

Gen. Honore: That's not your business.

Reporter: But General, that didn't work the first time --

Gen. Honore: Wait a minute. It didn't work the first time. This ain't the first time. Okay? If...we don't control Rita, you understand? So there are a lot of pieces of it that's going to be worked out. You got good public servants working through it. Let's get a little trust here, because you're starting to act like this is your problem. You are carrying the message, okay? What we're going to do is have the buses staged. The initial place is at the convention center. We're not going to announce other places at this time, until we get a plan set, and we'll let people know where those locations are, through the government, and through public announcements. Right now, to handle the number of people that want to leave, we've got the capacity. You will come to the convention center. There are soldiers there from the 82nd Airborne, and from the Louisiana National Guard. People will be told to get on the bus, and we will take care of them. And where they go will be dependent on the capacity in this state. We've got our communications up. And we'll tell them where to go. And when they get there, they'll be able to get a chance, an opportunity to get registered, and so they can let their families know where they are. But don't start panic here. Okay? We've got a location. It is in the front of the convention center, and that's where we will use to migrate people from it, into the system.

Reporter: General Honore, we were told that Berman Stadium on the west bank would be another staging area --

Gen. Honore: Not to my knowledge. Again, the current place, I just told you one time, is the convention center. Once we complete the plan with the mayor, and is approved by the governor, then we'll start that in the next 12-24 hours. And we understand that there's a problem in getting communications out. That's where we need your help. But let's not confuse the questions with the answers. Buses at the convention center will move our citizens, for whom we have sworn that we will support and defend...and we'll move them on. Let's not get stuck on the last storm. You're asking last storm questions for people who are concerned about the future storm. Don't get stuck on stupid, reporters. We are moving forward. And don't confuse the people please. You are part of the public message. So help us get the message straight. And if you don't understand, maybe you'll confuse it to the people. That's why we like follow-up questions. But right now, it's the convention center, and move on.

Reporter: General, a little bit more about why that's happening this time, though, and did not have that last time --

Gen. Honore: You are stuck on stupid. I'm not going to answer that question. We are going to deal with Rita. This is public information that people are depending on the government to put out. This is the way we've got to do it. So please. I apologize to you, but let's talk about the future. Rita is happening. And right now, we need to get good, clean information out to the people that they can use. And we can have a conversation on the side about the past, in a couple of months.

Time to print some bumper stickers... "Don't get stuck on stupid." Heh. It's not a new phrase - more like old made new again. But it's great, and appropriate.

Update: The Stuck on Stupid Blog. Heh...

(via RadioBlogger and The Political Teen)



Add/Read: Comments [0]
Helping Others | Humor | Random Stuff | Things that Suck
Saturday, September 24, 2005 4:12:53 PM (Pacific Standard Time, UTC-08:00)
#  
 Sunday, July 31, 2005

Recently I've had a number of interesting (albeit often protracted) conversations with people about processes in business, and how formal, written procedures and established processes can be good (I agree, to a point) and can also be very, very bad.

I'll explain in a minute, and while I'm at it I'll do some tangential opining and show why I think Sarbanes Oxley and other process-intensive initiatives and guidelines don't always accomplish what they set out to do. In fact, in the case of SARBOX, I'd argue it doesn't even come close to accomplishing what it was originally intended for. But that's another story...

First a reminder and a bit of clarity: This is a personal blog, so anything I write is my opinion and mine alone.

Saturday morning telephone support call: Failed process illustrated...

Saturday morning I woke up at a criminally early hour (for a weekend anyhow). Since sleep apparently wasn't in the game plan I decided to call Vonage to see if I could actually get someone on the phone, and if I could convince them to listen to me long enough to troubleshoot a hardware/firmware problem I've been having with my VOIP terminal adapter.

For the record, I like Vonage. A lot. I recommend them. I'll refer you if you email me and ask. But I'll be honest - I'm never too excited about calling them.

But on Saturday morning, that's what I did. After umpteen layers of voice menus and hitting random keys to get pretty much nowhere, calling back after being disconnected (don't hit 'zero' in Vonage's voice prompt system...), and then finally getting someone on the line (whom I could not understand and who it seems could not understand me during the entire painful process of validating my account, name, billing address, etc.), we finally got around to troubleshooting the problem:

Vonage Lady: "Yes, hello mister huge-hess...

Me: (silently) <grrrrrrr!!!>

Vonage Lady: "...how can I help you with today?"

Me: "Okay, so I am having a problem with my Motorola VT1005 terminal adapter, about once a day it loses its connection with Vonage and I have to pull the power plug and plug it back in to get it to work, and several times a day the network data port stops communicating completely so my computers here at home cannot get to the Internet. I have to unplug the Motorola device and plug it back in in order to resolve that problem, too, and then it happens again later, a few times a day."

Vonage Lady: "Okay, so what I understand from you is..." (reads back a different version of what I just said, but leaves out all the key points, like the whole data connection problem, etc)

Me: "That's partly correct, but the worst part of the problem is that several times a day..." (I explain the loss of LAN port connectivity issue again)

Vonage Lady: (seemingly ignoring what I just told her) "Okay, I would like you to go to your router and unplug the wire from the PC port and so you will have the modem and the wire, and the Vonage router and then your computer, and I want you to plug a wire into your computer okay can you do that and tell me?"

Me: (wondering if I - a high-tech IT guy with lots of experience fixing crap much more complicated than this - really understand what she means) "Umm, okay, so... You want me to plug the ethernet cable that goes from the Motorola device on the LAN side into my computer directly then?"

Vonage Lady: (pause, pause, pause) "Uhhh, yes, I need you to put the wire from the PC port in your computer."

Me: (deciding the only logical thing to do is to go with my gut) "Okay, so I have done that, okay I am ready for the next step."

Vonage Lady: (seems to be shocked that the next step is already starting) "Ohh umm, okay, one moment please... Okay, I need you to open your Internet Explorer, and in the address bar at the top of the screen..."

Me: (I'm starting to quietly get a little frustrated now) Okay my web browser is open, you want me to type in an address?

"... I would like for you to type this address in the address bar."

Me: (I'm already on the adapter's admin web page, I think to myself, she's gonna send me there - slowwly) "Okay, ready."

Vonage Lady: "Okay, One-Nine-Two..." (pause, pause, pause)... "No, wait... H-T-T-P --"

Me: "192.168.102.1?"

Vonage Lady: "No, no no. AICH-TEE-TEE-PEEEE, COLON, SLASH-SLASH, ONE-NINE-TWO..."

Me: (waiting for more numbers) "... ... ... okay, i got that part, you can keep reading it to me."

Vonage Lady: "DOT-ONE-SIX-EIGHT-DOT-ONE-ZERO-TWOOO-DOT-ONE"

Me: (Thinking to self: Is there an echo in here?) Okay, I'm there.

Vonage Lady: "Oh well, now we need to go to the admin.html page, so to do that please click in the-"

Me: "Okay, I'm there."

Vonage Lady: "Oh, okay... Do you see a button that says Restore Factory Defaults on the page there then?"

Me: "Yes. I have a fixed IP address though, so if we do this it will stop working 'til I reconfigure."

Vonage Lady: "That's okay, push that button and tell me when it's done."

Me: <click>

Vonage Lady: <she's now long-gone due to the fact that she just told me to kill my phone line>

Bad process and procedure? Most certainly. But what's the real problem in this story? Unfortunately it's one that we see happening more and more these days, over and over again with all the emphasis on building deep, complex, wide swaths of processes and supporting procedures.

I'm not here to argue against process. I'm here to argue for thinking.

When process hurts...

People have stopped thinking for themselves and doing critical analysis of the situation at hand. Instead, they read from a script. They follow a written procedure. They stay exactly between the lines, thinking the lines are the end-all-be-all of clarity in every situation. When I speak to people in my field about this, I describe it as being similar to walking around with blinders on.

We're suffering from a deficit of creative thinking and reasoning. But more on that in a few minutes.

What does this result in? Three things mainly:

First of all, people increasingly look at the world and the things going on around them as being bipolar in nature: black and white. In reality though, it's all about the infinite shades of gray. Oh, how simple the world might be if it was all pure black and white in nature, but in the real world it's just not so. Unfortunately, the desire to simplify things cognitively into black/white, us/them, good/bad is probably a greater part of the way people look at things today than it has even been.

Second, people have lost their sense of ownership and don't think for themselves. Pride goes soon after that. More and more the accepted method of teaching people how to do things has become the "hand-me-the-procedure" method. But, absolute processes and procedures are fundamentally flawed. There's simply no way to compute every possible outcome or input to a situation, yet we expect that by creating processes and procedures that *must* be followed, we can solve critical problems. The fact is that while they may ensure compliance most of the time, they can also often ensure lack of compliance some of the time - especially when the procedure or process doesn't exactly fit, but the person applying it doesn't stop to think about that fact. Or, even worse, they're not given the level of permission needed to stop, think, and evaluate situations on their own.

Third, we walk around with a false sense of confidence and safety. By assuming we are creating controls and processes to keep the bad things from happening, we do the one thing that police officers and security professionals have known better than to do for all time: We lure ourselves into that place where we believe everything will be okay, everyone will follow the rules, everything will be out in the open, the checks and balances will all work because the auditor signed a pieces of paper (not like the auditor had any real guidelines to audit against or anything...) and the bad guys won't be able to get away with anything anymore.

But it just won't work. Nope.

I'm sorry Senator, I have no recollection...

Example from the real world: The Sarbanes Oxley Act (SARBOX for short) was terrific for consultants, and lots of people are making lots of money off lots of companies that are shelling out big bucks for something that only minimally does what it needs to do (if that). The fact of the matter is that SARBOX resulted in huge expenditures and rampant development of crippling processes that offer little protection from bad, smart people who want to pull a fast one on investors. Even one of the sponsors of the act says it doesn't really accomplish what was originally intended. Hey, Senator, can we send you an invoice for the costs of this mandatory program that won't do what it's set out to do? Let me know. Thanks.

So, SARBOX is good for consulting companies, and expensive for business, and even though the rules and regs don't really fit small to mid-size businesses, they have to follow them anyhow. It doesn't really prevent another Enron from happening. In the end, it's costing the shareholders it was intended to protect a lot of money, and it's not really doing what it needs to do.

Hmm. That's like going to a store with no knowledge of tools, telling the sales person I need a something to help drive a nail into a wall, being sold a bunch of hard hats and yellow vests and thick gloves, along with a pneumatic nailing system and a whole stack of safety equipment and mandatory classes to make sure I use it right, and a certification that's required to issued by the government before I use it... And then six months later finding out there's this thing called a claw hammer...

Maybe we forgot what we set out to do. Maybe there's a short term memory problem involved. Or maybe too much vague, confuse, poorly-defined process got in the way of building (wait for it...) effective process.

This is starting to sound like "the meeting to plan the meeting."

Anyway, back to Vonage...

I made another call to Vonage (after I set up a fixed IP, reconfigured the TA, etc., and this time without getting disconnected), Communication went a little easier with the support worker I got this time, and within a minute of the same scripted process, I heard him pause for a moment. He stopped what he was doing and said, "Mr Hughes," (thought: do people who put time and effort into pronouncing names correctly also think more for themselves?), "I am going to transfer you to another number because I think they will be able to help you with this. I could go through all of the things I have here, but I really don't think they will help you."

There ya go, now that's thinking for yourself.

Within five minutes, another Vonage rep (who was quite knowledgeable and professional by the way) had deduced - after listening to my technical explanation and asking a couple follow-up questions - that my terminal adapter is pretty much on its last legs, and offer to send me a replacement.

I spent two hours on the whole deal, between the first phone call, phone menu prompt maze from hell, getting disconnected by the voice menu system, the first rep, getting disconnected by my hardware reset,. It took 10 minutes to solve it, as soon as I spoke to a couple people who were willing and able to think about the situation outside the script.

Now, I've picked on Vonage here just because they happened to be the company I called on Saturday. I have tales of woe from a slew of other tech support experiences, too. A friend just IM'ed me to vent about his phone call this morning to Dish Network. I like Vonage, I like their services, and I like their prices. I think they're doing a good job, and they are adding (literally) 10,000 new users a day (got that from the last guy I spoke to on the phone). They have more than a million users now. So don't take this to be a Vonage bashing post - it's not. But I do think it illustrates an important point.

So - what do we do now?

Okay, great so what are we supposed to do about the Blinders of process? It's simple: Let your employees take them off. Encourage them to!

In fact, it might be worth training employees in two basic skills that most people don't get any decent training in: Listening and troubleshooting. Think about how much time we spend learning to read and write, to speak in front of others, to read from the script. How much training in our lives, from school to professional adulthood, is spent learning how to listen well? How much time do we spend learning the nuances of critical thought or effective problem solving and troubleshooting?

Not much. Not enough, for sure.

But we'll have to save that topic for later.



Add/Read: Comments [6]
Personal Stories | Random Stuff | Things that Suck
Sunday, July 31, 2005 3:37:07 AM (Pacific Standard Time, UTC-08:00)
#  
 Sunday, June 12, 2005

You've seen it before, over and over and over again: PowerPoint presentations that contain practically every word pouring out of the presenter's mouth, slides that digitally drone on and on and on and...

PowerPoint, when used well, can be a useful, powerful (hmmm) and productive tool. But more often than not, it's a bane of our existence, putting us to sleep with completely forgettable blocks of useless text and gratuitous effects.

I have seen PowerPoint used as that proverbial, metaphorical screwdriver, where the proper tool would instead be a hammer. I've seen attempts at web-site designs done in PowerPoint (by the way - that still doesn't work people). I've seen it used over and over - by a wide variety of people trying desperately (and with good intentions, I am sure) to create something outside their area of expertise - using it to do things for which it simply was never intended.

But even when PowerPoint is used what is was meant for - creating slides for presentations - it can be painful to see how people use it. It's a software tool and requires some level of technical understanding to be sure, but technical expertise in using the program is not the most important part of the job.

PowerPoint has become a crutch, and more often than not it's damaging the patient. It's the loaded gun in the hands of the untrained shooter. It's the '79 Cadillac being driven by the nine-year-old who learned by watching mommy.

Kathy Sierra gets this. She understands, and she wrote about it to try (I assume) to make a difference in how it's used in the world. If you use PowerPoint, regardless of your expertise of years of experience you should read her post and take it to heart.

I've also been reading Cliff Atkinson's new book, "Beyond Bullet Points," and it's a great book for learning how to put together effective presentations "that inform, motivate and inspire." Recommended.

PowerPoint's a great program, to be sure. But it's only a good tool when put in the hands of someone who knows how and when to apply it. Kathy's post should be mandatory training. We license drivers... Maybe we should come up with a test and a license for PowerPoint users?



Add/Read: Comments [1]
Random Stuff | Tech | Things that Suck
Sunday, June 12, 2005 12:51:24 PM (Pacific Standard Time, UTC-08:00)
#  
 Sunday, June 05, 2005

Ok, time for a random pet-peeve post. I don't do these often, but I figure maybe I can change the whole world if I post this, so here goes:

People, listen up. If you learn only one grammatical/spelling/language rule this year, please make it this one... It will improve your sales figures, professional development, ability to earn promotions and recognition at work, and your general status in the community. Seriously.

Loose is a four-letter word.

Now, allow me to explain...

  • Loose = loos = adj/adv, meaning not tight, fastened, restrained, rigid, bound, etc.
  • Lose = looz = verb, meaning to fail in, or to fail to retain possession (opposite of win or find)

I can't even begin to tell you the number of emails, blog entries, letters, and even printed and online professional news articles (who's copy-editing these days anyhow?) I've read where members of the Hooked-on-Phonics generation (dat's Huhked-ahn-Fonikz fer yoo membrz) use the incorrect word in a variety of sentences.

Examples of improper use of "loose" in a sentence:

  • "Joe is such a looser. I can't believe that guy."
  • "If you don't try hard enough, you'll loose the game."

Examples of correct use of "loose" in a sentence:

  • "He's got a screw loose in his head."
  • "Your seatbelt is looser than mine."

I could also easily list a variety of colorful uses of both words in the same sentence - but I won't. Use your imagination and post a comment if you feel so inclined.

How have you seen these words (or others) completely butchered? Any funny examples?



Add/Read: Comments [4]
Random Stuff | Things that Suck
Sunday, June 05, 2005 2:59:44 PM (Pacific Standard Time, UTC-08:00)
#  
 Tuesday, April 12, 2005

It's no real surprise that VOOM, a satellite service that provides boatload of HDTV programming to its customers, is about to shut down. Cablevision, the company that owns the subsidiary, is cutting its losses before it's too late.

But it's really too bad that a company that was making its name on hi-def television is going south. With HDTV being such a big thing, a service provider like VOOM, which already has a satellite in operation, seems like such a good thing.

It's unclear what will come of the channels and the satellite space currently used by VOOM when they shut down on April 30th. Hopefully something good will come of all this - HDTV is so late in coming.

Why did VOOM fail? Bad marketing? Before it's time? Cable-company ownership mark of death? Bad company name?

Sorry to see it go...

Voom_gone



Add/Read: Comments [0]
Random Stuff | Things that Suck
Tuesday, April 12, 2005 10:35:10 PM (Pacific Standard Time, UTC-08:00)
#  
 Tuesday, April 05, 2005

Forgive the topic (just skip this entry if you don't care to read semi-graphic bathroom prose), but Doc Searls writes today on his weblog about the bad habits guys have in the men's room - namely not using the urinal for "number one," and making a mess while standing and "using" a stall instead. So, I have to respond. I can't help it, it's like a disease this blogging thing.

Doc bluntly covers the not-lifting-the-seat problem, as well as the hygiene issues:

"But: why piss all over the place? Why not lift the seat? Don't these guys ever sit on the damn toilet? Do they like sitting on somebody else's pee? 

"These questions come to mind for two reasons: 1) because I just witnessed exactly that scene, in a mens' room here at a nice hotel here in San Francisco; and 2) nobody ever talks about the problem.

"So I'm thinking... a substantial percentage of men A) only piss in stalls; and B) don't lift toilet seats. If you're one of those guys, and you blog, can you please explain your position, so to speak, on this issue?"

Well, I can tell you that it still surprises me, even after all these many trips to restrooms over the years, how often I find a bathroom that's a disgusting mess because of people who have no sense of personal responsibility. And that includes places where only adults use the restroom.

But Doc's words make me thing of more.

For example, take the following from Greg's Quiz on Common Sense Men's Room Hygiene, based on experiences of observation over the past couple of weeks:

A guy walks into the men's room, approaches the urinal, and relieves himself. Once he's done he "zips-up" and then...

a) walks straight out the door.
b) walks straight to the sink, washes hands, dries hand on paper towel, and walks out the door.
c) walks straight to the paper towel dispenser, uses paper towel, and walks out the door.

Which action is the most disgusting? Please explain you answer.

Use the comments to relieve yourself of your thoughts and record your answers to the quiz, should you be so inclined.



Add/Read: Comments [0]
Random Stuff | Things that Suck
Tuesday, April 05, 2005 9:58:07 PM (Pacific Standard Time, UTC-08:00)
#  
 Monday, January 31, 2005

How do you save a few bucks on McDonald's drive-through staff in Oregon?

Outsource them. To North Dakota. Click for more...

Ree-freakin'-diculous.



Add/Read: Comments [5]
Random Stuff | Things that Suck
Monday, January 31, 2005 5:34:30 PM (Pacific Standard Time, UTC-08:00)
#  
 Thursday, January 27, 2005

Weatherman1"Louis is here with the weather..."

The painful, awful, terrible weather.

"Maybe Louis, you can tell us what we can expect for the rest of the week..."

If you're ever having one of those days where you feel like the clumsiest person on the face of the planet, just click the link above, and find comfort in the fact that someone, somewhere has almost certainly had a harder day than you.

(I recall my time in journalism school, which is almost certainly where this tape came from, and it could be brutal at times. Broadcast news performance is an art, and artists are few and far between).



Add/Read: Comments [2]
Humor | Random Stuff | Things that Suck
Thursday, January 27, 2005 10:00:47 PM (Pacific Standard Time, UTC-08:00)
#  
 Friday, January 21, 2005

Jeremy Zawodny points out the Blogger's Bill of Rights and gives his opinion on the matter. He doesn't like it. Neither do I. It's just another example of people making something out of nothing, and trying to avoid personal responsibility in the good name of free speech. Here's where I speak up and say why I think it's crap, too...

Now, I'm a fairly outspoken person. I've also had a tendency in the past to open my big mouth, say exactly what I think, and then go into another room to extract my foot from my esophagus. But when I stick my foot in my mouth, I am keenly aware that it's my foot, it's my mouth and it's my choice - regardless of whether or not I thought it through ahead of time. Whether or not I was correct isn't relevant. You can be correct every time, but that doesn't necessarily make you right.

People, this is all about responsibility and ownership. You want to say something? Fine, but ya gotta own it, like it or not.

Let's define a couple of terms for the purposes of the discussion:

  • Consequences: The results of something one chooses to do, or not to do. All choices have results, both good and bad. Some of those results impact the chooser, some impact others.
  • Speech: Pretty much any form of communication - collective, individual or otherwise - in a variety of forms. In this context, we'll keep it somewhat simple (since we are talking about individual weblogs) and say it's an individual's written or spoken words.

Okay so - Right up front I'll say this: There is no special, magical set of rights that bloggers can (or should) expect, not with regard to employers, husbands/wives, boyfriends/girlfriends, coworkers, friends, family members, governments, or anyone else. The idea that blogs are somehow special or different and should be treated differently is arrogant and probably and indicator of the root of the problem - people think they are entitled to say whatever they want, however they want, with no consequences. Sorry, Charlie. Ain't happening.

  • Your right to free speech does not apply to the specific medium in which you exercise it. Speech is protected in certain circumstances, in certain locations, regardless of the form that speech takes. You have no more right to expect protection on a blog than anywhere else. Your rights are reasonable to expect, but when your exercising of your rights infringes upon the rights of another, you're crossing a line.
  • If you shoot off your mouth on your weblog, it's not an ollie-ollie-oxen-free home-base super-top-secret say-anything-I-want kind of thing. You are responsible for what you say, at the time you say it.
  • Speech is behavior. In a previous career I was always amazed at the idiots who thought if they could just get their car into the driveway, they were safe, regardless of the level of alcohol in their blood while there were on the street that got them to their driveways. It's not where you land, it's who and what you affect along the way.
  • Your speech is your speech, and with it come consequences. If you choose to say or write something on a weblog, keep in mind, it's speech in a public place and you are making a choice, and with that choice comes certain consequences. Your choices may impact others (coworkers and employers), and as a result, the very second you post your words, you choose to accept all of the consequences of that speech, regardless of whether or not you have taken the time to think about said consequences.
  • Your employer can hire and fire based on the quality of your behavior and how it impacts business, your performance, personalities, coworkers, morale, anything. You should remember this before you post on your weblog for everyone to read. And comment on. And quote. And read again. And copy/paste/email to your coworkers and your boss and his/her boss. And to end up on the Wayback Machine.

It's not about who yells the loudest or who thinks/knows they're right. What it is about is being responsible for oneself and thinking ahead about the impact of exercising one's right to free speech.

One important aspect of thinking ahead is considering the consequences and weighing the risks. Preferably before speaking. But if you don't take the time to do that, it shouldn't be (and isn't) someone else's problem.

Anyhow, that's about all I have to say about that.



Add/Read: Comments [6]
Blogging | Things that Suck
Friday, January 21, 2005 9:19:42 PM (Pacific Standard Time, UTC-08:00)
#  
 Wednesday, December 22, 2004

Not the same way one New Hampshire UPS truck driver does. I bet his last name is Murphy – It almost has to be.

CLICK HERE for the story...



Add/Read: Comments [0]
Humor | Things that Suck
Wednesday, December 22, 2004 12:04:44 AM (Pacific Standard Time, UTC-08:00)
#  
 Thursday, December 09, 2004

Seriously. My sensibility hurts.

At the invitation of a friend, I went to the movies tonight, and saw The Grudge.

Sheez. Now there’s something like two hours of my life I’ll never get back.

I’m not the kind of person to talk out loud in movies, but this one sucked so hard I couldn’t help myself. It’s was editorial comment after editorial comment. And you know what? I wasn’t the only one. And on top of that, NO ONE complained about the out-loud commentary that was going on. That should tell you something.

I’m not even going to explain why it sucked. That would simply do the film too much justice, and someone might spend enough time reading this to subconsciously convince themselves they should see it. DON’T!

And that’s all I have to say about that…



Add/Read: Comments [1]
Movies | Things that Suck
Thursday, December 09, 2004 11:57:11 PM (Pacific Standard Time, UTC-08:00)
#  

Coudal.com has perhaps the most useful PDF file of the year available to download…

Do you ever get tired of those idiot people who suck up all the ambient quiet while talking on their cell phones about things that they – well – should probably just keep quiet?

Take action now:

“After reading a story in the NYT, Jim's wife Heidi decided that maybe there was a way to fight back against the obnoxious cell phone users that we all have to deal with in stores, restaurants, trains and pretty much everywhere else. Can design ride to the rescue? Jim and the incomparable Aaron Draplin think it can. So, as a public service, we introduce the reasonably polite SHHH, the Society for HandHeld Hushing.”

Download this PDF, get out your exacto knife or scissors, and start fighting back (NOTE: The PDF contains a few choice profanities, so if you’re easilly offended, don’t click).

(via Engadget)



Add/Read: Comments [0]
Humor | Things that Suck
Thursday, December 09, 2004 2:49:13 PM (Pacific Standard Time, UTC-08:00)
#  
 Saturday, December 04, 2004

Most any blog that’s been Googled, Slashdotted, or Engadgeted – or for that matter pretty much anything that drives traffic to a site – has seen the effects of referral spam. It SUCKS. Porn and marketing sites create a fake link to your blog entry, which results in a link to their web site (usually and unpleasant and unwelcome one) showing up in your referral list for that entry. Your readers click a link and get porn tossed right in their faces. Ugh.

With dasBlog, the only way I had to effectively battle this (I am a victim of referral spam for sure) was to turn off referral displays on my blog. I don’t want that, but this is a family-friendly site for the most part, so keeping the nasty out was important.

But last night Scott Hanselman, a friend and co-worker, sent me a new little C# 2005 Express project ZIP file, told me to compile it, and to try it out. He just built it for himself, and passed it on for me to use.

No more referral spam!

UPDATE: While I was able to kill the nasty referrer links, I have again removed referral listings from the blog for a while, because I have one particular weblog entry that has so many hundreds of referrers, it will crash the browser when you try to load it with referrers showing… But that’s a whole different issue…

Since then, Scott has posted the project source file on his blog, too, so any dasBlog users that need it can take advantage. He plans to make it a little more elegant in the future, but this is a great start!

Scott Hanselman, YOU’RE MY HEEEROOOO. :-)



Add/Read: Comments [0]
Blogging | Tech | Things that Suck
Saturday, December 04, 2004 11:42:40 AM (Pacific Standard Time, UTC-08:00)
#  
 Thursday, November 11, 2004

I'm feeling a bit put-off today. And a little sarcastic, I admit that freely. But there's a reason...

I just don't get why it is that sales people will make cold calls, leave a long, run-on message that they're obviously reading from a note card or computer screen, and then when they leave their phone number, speak so damn fast you can't catch the freakin' numbers.

Then, of course, comes the obligatory indignant follow-up call a couple weeks later, going something like, “I've been trying to reach you and left you a voice mail, but have not heard back from you, so please call me as soon as possible at one-eighthundred-fourtwofishevyumaevablahblahblah.

Ugh.

Look, sales guys, here's the deal.

Leave me a short but meaningful message that includes the purpose of your call, and when you leave your phone number, please speak slowly and clearly. DO NOT go on and on espousing crap like synergy, top-100 blah blah, value-added yada yada and the same crap every other poor sales person drones on and on about. Just tell me why you're calling and what you really want to talk to me about.

Don't expect me to call you back. Believe it or not, I have plenty of other things to do, and believe it or not, those things are almost always more important than speaking to every vendor that cold-calls me.

If I am interested, I will call you back, If I am not, I won't. If you slurred or raced through your phone number, then obviously I won't. Don't take it personally. And don't expect me to listen to a two-minute voice mail full of buzzwords a second and third time just so I can try to decipher that slurred phone number you left at the very end.

And whatever you do, don't get me on the phone and act indignant because I have not returned your cold call. It's one of a hundred I got this week, and your indignant disposition will earn you a “don't call me again.”

Thank you in advance. I appreciate your time and value our relationship. Hope to speak to you soon.



Add/Read: Comments [0]
Random Stuff | Things that Suck
Thursday, November 11, 2004 3:58:42 PM (Pacific Standard Time, UTC-08:00)
#  
 Thursday, November 04, 2004

Finally some action and results in the spam war.

A jury in Leesburg, Virginia has convicted Jeremy Jaynes and his sister of scamming millions of dollars via SPAM email schemes.

The jury has recommended Jaynes spend 9 years in prison.

Hey Jeremy... You've got mail male. Congratulations.

You jerk.



Add/Read: Comments [2]
Tech | Things that Suck
Thursday, November 04, 2004 8:41:16 PM (Pacific Standard Time, UTC-08:00)
#  
 Monday, October 11, 2004

I picked up a copy of a documentary film on DVD today from Best Buy called FarenHYPE 9/11, which is a response film that was made to take a critical, factual look at the Michael Moore film, Farenheit 9/11.

If you watched the original Michael Moore movie and cared at all about it (whether you liked it or hated it, doesn't matter), you owe it to yourself and everyone else to watch this documentary. You'll see people from the Moore movie talking about how they were misrepresented in the original film. Much of what Moore presented in Farenheit 9/11 is examined, critically reviewed and corrected in this film.

Seriously - there are two sides to every story, and Moore's story was such an exaggeration and misrepresentation of many facts, the FarenHYPE 9/11 DVD should be mandatory viewing. It is inexpensive - only about $11 at Best Buy, and you can order it from Overstock.com as well.

You don't necessarily have to be a Bush supporter to accept that Michael Moore flat out lied and twisted events to meet the requirements of his agenda. This is in no way an attept on my part to change your mind with regard to a voting decision - that's all yours.

It's the best $11 I've spent in quite some time.

One more time: regardless of your opinion of the Moore film and it's content, be sure to see FarenHYPE 9/11 - Once you see it, I think you'll understand why I'm so adamant.

Anyone who wants to borrow my copy, let me know.

And now, back to your regularly scheduled programming...



Add/Read: Comments [2]
Random Stuff | Things that Suck
Sunday, October 10, 2004 11:02:12 PM (Pacific Standard Time, UTC-08:00)
#  
 Saturday, August 28, 2004

Web forums used to be useful. Then h4xZ0r teenagers found them, and the world changed (for the worse). Over at adminmod.org for example, about two years ago things in the support forums went to hell in a hand-basket - about the time goldzip came along (or a little thereafter). Forum flaming became an art for a short time, but as it is with most art-forms, it was quickly commoditized and thus cheapened.

But I digress...

Someone apparently picked up on this little-known and less-understood behavior over at the Steam forums, and having realized that a FAQ or sticky post won't get read by the people that need to read it, did what all good communicators do: Took it to their own medium and style.

Introducing: Posting and You

Pretty much hits the proverbial nail right on the head.



Add/Read: Comments [1]
Random Stuff | Things that Suck
Saturday, August 28, 2004 7:01:49 PM (Pacific Standard Time, UTC-08:00)
#  
 Sunday, July 04, 2004

I woke up this morning, bright and early, and was getting ready to head out the door. I decided to check my email real quick, and BAM! ... Tons of referral tracking notifications, all from the same porn URL - So, it looks like someone referral-spammed by blog last night. I just removed all the bad listings, and have been trying to think of a way to prevent this from happening again. I'm coming up short in the ideas department, with the exception of the obvious: turning off referral tracking. I really don't want to do that, though.

It's the first time in quite a number of months that the site has been online, so I'll leave them on and see what happens in the future. Anyone have any bright ideas about preventing referral-listing spamming? Hey - I guess I should just be glad it's not comment spam!



Add/Read: Comments [0]
Blogging | Things that Suck
Sunday, July 04, 2004 7:10:23 AM (Pacific Standard Time, UTC-08:00)
#  
 Saturday, June 12, 2004

This has got to be one of the most amazingly perfect examples of what's truly wrong with our world today.

PostmodernPets.com sells really-freakin' expensive pet crap for tons of money. German designer Phillip Plein has designed all kinds of cool stuff, apparently including dog bed that sells for - now get this -  a mere $1650.00!

Straight from the "uh-yeah-right" department (and the company info page of their web site):

"After browsing through our selection of products, we think that design-addicts that do not currently have pets may change their mind, and will soon discover what wonderful joys that these loveable companions can bring to life. And even if you don't purchase any products from our site, we hope our website will deepen your appreciation of postmodern design and your appreciation of pets and the fun and humor that both can bring to your life."

Riiiiiight...



Add/Read: Comments [0]
Random Stuff | Things that Suck
Saturday, June 12, 2004 10:57:15 PM (Pacific Standard Time, UTC-08:00)
#  
 Wednesday, June 02, 2004

The United States Patent and Trademark Office never ceases to amaze. Working as an intellectual property litigation attorney will be the biggest, fattest, most lucrative cash cow of a position of the next ten years, mark my words. Here's why:

According to a bunch of people on the Internet (here's one), it looks like Microsoft has patented the double-click. No joke. Wow.

Now, I'm a Microsoft fan, and I make no qualms about saying so - but this is going a little far, isn't it? I mean, this is amazing, really (and it has to be true, it's on the freakin' Internet!) Probably most shocking thing about it is that the patent was granted within the past month or two.

Or is it really that big of a deal???

Articles have been posted on the Internet, predictably describing this as a completely out of control situation. But, when you read the patent, it's not exactly as some might have you believe. In reality:

  • The patent is primarily related to hand-held devices (I'd feel a little better if it was limited to handheld devices, though).
  • The patent application states that the invention “relates generally to computer systems, and more particularly to increasing the functionality of application buttons on a limited resource computing device.”
  • It describes the way an application or the OS on the device determines what kind of soft-key press has occurred, generally short, long, or multi-press events.
  • From the patent: “As those skilled in the art will appreciate from the following description, while the invention is ideally suited for incorporation in a palm-type computing device and is described in such a device, the invention can be incorporated in other limited resource devices and systems, for example mobile devices such as pagers and telephones.”

Okay, so while it may be a little surprising, it's hard to say this is truly a patent on the use of the double-click action in any computing application. But it is pretty broad-reaching, and as always open to interpretation and challenge. Which gets expensive, every time it has to be litigated or challenged (see “cash cow,” above). Especially for smaller companies without major corporate resources.

And Microsoft has made no secret of it's position that there are thing it's invented (or at least claims to have invented) and for which it's recently been issued patents. The FAT file system and ClearType technologies are two recent examples, and Microsoft (some would say rightfully) has also stated publicly that it intends to pursue completion of patents to protect and increase its earnings. And even though it's a big company with big profits, that's no reason to start yelling about how they already make too much money. Whether it's the first dollar earned or the trillionth, it's not about how much, it's about who's idea it was in the first place. If Microsoft can't own ideas that are truly theirs, neither can Apple, IBM, my employer, or anyone else - whether they be big, small, corporation, or individual.

But hey - you don't really need Microsoft to be amazed. All we seem to need is the U.S. Government Patent and Trademark Office. At least recently.

Well, there is one positive thing to take away from all this: If it makes you smile, it's at least a little bit good for you (even if you do shake your head at the same time). :-)



Add/Read: Comments [1]
Random Stuff | Tech | Things that Suck
Wednesday, June 02, 2004 9:32:48 PM (Pacific Standard Time, UTC-08:00)
#  
 Thursday, May 13, 2004

Well, ok, I don't actually hate them... Heck I live in a town called “Deer Island,” so I guess I can't really hate them... But the one last year that jumped in front of me, the one I drove around just barely, the one where I was on a motorcycle, and it was dark, and the ditch I drove into in order to avoid the deer, well, it had a big fallen tree branch in it, and I never knew you could total a motocycle just from the cost of the broken plastic...

Yeah, well anyhow deer are ok with me unless they're in the middle of the freakin' road in the woods at night. Then they just suck.

But anyhow, none of this matters, especially since I got right back on that horse again this year (or more specifically I got back on all 203.5 of them).

My real point is, I laughed out loud while reading a pretty funny blog entry. And I thought I'd share the laughter. The link was gleaned from several other blogs I read. Enjoy.



Add/Read: Comments [1]
Humor | Personal Stories | Random Stuff | Things that Suck
Thursday, May 13, 2004 8:05:51 PM (Pacific Standard Time, UTC-08:00)
#  
 Tuesday, April 27, 2004

I know there are some people in the world that never get spam email, but unfortunately I am not one of you. Between my email being publicly available on the Internet for the past few years and the fact that I have to sign up for all sorts of random things with a real email address, it’s just added up, and I get inundated. It’s funny to talk to others about spam email. Either they understand because they, too, have fallen victim to the scourge of the Internet, or they look at you like your advanced-stage leprosy has caused you right ear to fall off and your left leg to rot.

So, in the interest of protecting the reputations of those of us who unwillingly receive tons of junk mail a day, let’s take a look at how and why spam reaches our inboxes. Hopefully some who read this will learn something new, others will realize the errors of their ways and stop calling their spam-laden friends perverts, and still others will pick up a few hints about how to avoid becoming a victim (in the cases where it can be avoided, that is).

Remember one thing walking into this: Spam is almost completely about money. If there wasn’t a potentially big payoff in sending spam, no one would do it. If people did not reply to spam email messages and offers, no one would do it. It’s a business, albeit one that most of us hate with a passion.

Before I get too far down this road, let me say that every day I receive in excess of 200 junk mails in just one of my email accounts. I have other email accounts that get none. So, since I am one person with multiple accounts, something tells me the issue here is not me personally, but instead about how the world of email and spam works, and how the spammers started using my email address in the first place.

The fact of the matter is, much of what many people believe about spam and how one starts getting it is patently false. Certain assumptions are correct, although often the facts are twisted around, and people often wear blinders, assuming there is one root cause or one simple solution. It’s not that easy, friends. So, here are a few (admittedly random) things I think everyone should know about spam:

Myth Number One: If You Get Spam, You Must Be One Of Those Porn Surfers

Just like in junior high school, where your friends laughed at you and pointed in the hallway when they found out you did THAT (never mind that it wasn’t true, of course), people tend to assume that if someone gets spam email, it’s because they went to an “adult” web site and registered with their credit card and email address. As a result, you were added to an email list, and so now you get tons of junk email about V1agra and S3X – but hey, if you get that kind of email, it’s entirely your fault and you got what you deserved.

Not true. As someone who has *never* registered for online porn or anything even resembling such, especially with my work email address (I mean, come on, how stupid can a person get?), I can tell you that you don’t need to be a perverted Internet sex addict to become a spam victim.

I can also tell you that people really do think along the lines of this particular myth. Not many, but at least some do: A couple of years ago, I was standing in front of the entire company, showing off the new secure, web-based email interface. I switched from the PowerPoint slide to the browser where I had my email account open, and sure enough, right there on the screen was a spam email with the words “XXXPORN SUPERSTORE” in bold red letters. Luckily it was just text in the email, and while surprising to many, there was nothing vulgar displayed. Needless to say, many laughed and I still get (lighthearted and friendly) comments about it to this day. A few people followed the pattern of the myth and assumed I *must* have signed up for porn using my work email account (uh, yeah, sure), while others stopped by to see me later and tell me privately that they, too, had a problem with nasty, offensive spam and that they had no idea why or where it came from. It wasn’t long before we started working on ways to combat the spam at work. More on that later.

Myth Number Two: It’s Completely Your Fault

Another assumption people make is that if you get spam, it’s because you signed up for *something* somewhere on the Internet and voluntarily made your email address available when you filled in a registration form. If you had not done that, they say, you would not get the spam email.

Similarly, some say that if you get spam, it’s because you must have posted your email address somewhere on the internet, like on a web page, and so you advertised it for spammers to eventually find (this is one form of a technique called email address “harvesting”). And so – again – it’s all your fault.

Ok, so it is true that if you register with your email address on a web site that does not respect privacy, or if you put your email address on a web site somewhere, you could end up becoming a spam victim. It’s reasonable to say that these are two ways email addresses might get on a spammer’s list. However, it’s important to understand that you don’t *have* to do these things in order to get on a junk email list. There are many other ways, and some take no action on your part. More on that below.

Myth Number Three: People Who Get Spam Are Irresponsible, Don’t Think Ahead, and Cannot Be Trusted

This sounds almost comical, I know, but I actually stood on the edge of a conversation where one person said to another (seriously), “I would never hire anyone who gets spam email. It’s just an indicator they don’t know what they’re doing and that they’re basically stupid.” Wow. If there was ever a false, way-over-the-top generalization made about junk email, this has to be the one. The guy who made the statement was serious as a heart attack, and went on to explain that because people can completely avoid spam if they would just be more careful and use common sense in the first place, spam was an example of how you can tell whether or not someone will be a good employee. He even includes the question, “Have you ever received spam email, and if so what do you think about it?” in his interviews. I’m just glad this guy doesn’t work at my company. If he wasn’t actually serious, I’d laugh, but the fact of the matter is there are people out there who make off-the-cuff, uninformed decisions about lots of things based on completely irrelevant data. Amazing.

Myth Number Four: Spam is Totally Preventable – You Just Didn’t Do Enough

People just don’t seem to get it. Spam is *not* totally preventable. While there are ways you can protect your email address from getting on spam lists, there is no sure-fire set of things you can do that will guarantee your account will stay junk-mail-free.

By way of example, I set up a catch-all account on a domain I own recently. Any email sent to any email address on the domain was all funneled into this one email account. I did not set up a web site, did not set up or submit any email addresses anywhere. I just set up the brand new domain with it’s single show-me-everything email box and waited.

Within a few days I started receiving spam at random addresses on the domain. Some of them you might expect: admin@domain.com and support@domain.com for example. But others were more creative and sneaky. Random first initials and last names, first names followed by last initials, common first and last names combined, etc.

So, there’s the proof – you don’t have to sign up for anything, post your email address anywhere, or take any action at all to start getting spam. Now, granted – if you are not prudent about how you handle your email address or if someone else mishandles it (intentionally or otherwise), you are more likely to fall victim. But sometimes you just have to do nothing.

Myth Number Five: Out-of-Office Auto-Replies Are Totally Cool and Make My Life Easier

Ah yes, the ol’ OOF autoreplier – You know, it’s that thing that shows up in your mailbox when you send a friend or colleague an email and they happen to be, say, on vacation, or maybe at the mall shopping instead of working.

What, you ask, is so bad about that? And what does it have to do with whether or not I receive spam email?

Glad you asked.

Let’s say someone sends a spam email that happens to be directed at your email account. Here’s what happens.

1.       Email sent by sorry, good-for-nothing spammer

2.       Arrives at your email box

3.       Your server sends your out-of-office autoreply back to the reply address specified in the spam email

4.       That reply address is monitored

5.       Spammer checks the account your server replied to, sees your autoreply, and thus has confirmation your mailbox is legitimate, working, active and – therefore – valuable to him/her.

6.       Spammer adds your address to the list of email addresses confirmed to be good – the gold list, so to speak

7.       Spammer sells gold list of known-working email addresses to other spammers for a premium

8.       You get more (and more and more and more) spam

Fun eh?

Moral of the story: Don’t use Out of Office autoreplies, or configure them so they only work for internal emails. And yes, I know there are legitimate business reasons for wanting to use them – it’s a trade-off decision that has to be made. You just need to understand the potential effects.

Myth Number Six: Antivirus Software Has Nothing to Do With Spam

Wrong again. AV software certainly can protect your computer and its data from damage, theft and a lot of other nasty things, but what you may not have known is that it can also protect you from becoming a spam victim. The only problem is, everyone has to use AV software (and use it correctly) for it to really work.

For the uninitiated: A “Worm” is a virus-like application that replicates via email. Generally speaking, once they get on your computer they scan your system in a few common places (address books, cached web pages from sites you have browsed, text files, documents, etc.) for email addresses. *Any* email addresses. They then use those email addresses to send emails (which generally include an attached copy of the same worm) to the email addresses found on your computer. So, you see how it works – the worm sends itself all over the place, to thousands of people, and each step of the way it collects email addresses so it can send itself again to more victims.

But wait a minute – that’s not always the extent of what they can do. In addition to installing other software that might, for example, allow a hacker to gain access to the files on your computer or to use it to launch attacks against other computers, some worms take those email addresses and (as long as they are being gathered) send the addresses off into cyberspace where spammers and others can get them.

So, in other words, if you don’t use anti-virus software on your computer and you get infected with one of these harvesting worms, you’re not only making yourself a victim – you’re dragging along all the innocent people listed in your address book and the other files where the worm does its harvesting, as well.

Using current AV software is part of being a good Net citizen. By doing so you protect more than just yourself.

Myth Number Seven: Well, That’s All Fine and Good, But There’s Nothing You Can Do About It Once It Starts

Again, not true. There are a number of companies out there that sell software that is quite effective at blocking spam from reaching you or your end users.

Why would you want to use it?

If you’re an individual, then you want to rid yourself of the mess. Maybe it offends you (depending on what kind of spam you get). At least you’d like to segregate email that is determined to be likely spam so you can filter through that separately from your legitimate email.

If you’re a person with responsibility for a company’s information systems, the reasons are bigger and more important. You have a responsibility as an employer (or the agent of an employer) to make sure the working environment is positive (or at least not offensive or hostile). Depending on the type of spam email your end users are receiving, you may have a responsibility to them to make sure you are doing what you can to combat the problem. Remember, ignorance is not bliss. And as easy as it is to put measures into place to help curb spam these days, not doing something when there is a problem is – truly – ignorant.

Where I work we use Mailfrontier’s anti-spam gateway. There are a number of other products from a variety of vendors that also do a good job. But for our part, we like what we’re using just fine; Mailfrontier is highly customer-oriented as a company, and continually combats the latest techniques spammers are using to get their junk through to you.

Myth Number Eight: If I click the link to remove myself from the spammer's list, I will stop getting spam from that sender

Please hear me on this one. I know people would like to believe that spammers are good, honest, ethical people just trying to make ends meet, and that they follow industry-accepted standards for conducting business. We all want everyone to be good and wholesome people, concerned primarilly with doing the right thing, always telling the truth and helping old ladies across the road.

But in the real world - not true.

Spammers want to know if you receive their email, because if you do, they can sell your email address to others and make more and more money. The best spammer email address list is the one that contains the highest percentage of known-good email addresses.

So, when you click to “unsubscribe,“ more often than not you are not actually unsubscribing. Yes, I realize you may be shocked at the dishonesty of it all, but there's a good chance the spammers are simply tricking you into clicking a link that simeply lets them know you received their spam email. You never get taken off the list.

On a related note, people who are using Outlook 2003 (and when Windows XP SP2 comes out, Outlook Express will also include this behavior) have probably noticed that Outlook blocks images from being loaded from Internet servers unless you specifically allow them to be loaded. Why? Because the address used to contact the server and load the image can contain a code that uniquely identifies you, thus (again) validating your email address.

UPDATED: My friend Travis emailed me with some valid comments about Myth Eight:

I think the validity of the unsubscribe link is directly proportional to the legitimacy of the spammer's business.  If you get porn spam, or "V1AGRA" ads, you're probably better off not clicking the link, sure, but ads from job posting sites and such generally do actually unsubscribe you if you click.

That's a good point. Travis continues with his own opinions about spam:

Spammers should be punished by death.  A brutal, painful, horrible death.  Something that's probably specifically in the "cruel and unusual punishment" class.

Spam sucks. There’s no one root cause. You can’t always prevent it. But there is something you can do about it.

Anyhow, when it comes to spam, that’s about all I have to say about that.



Add/Read: Comments [1]
Tech | Things that Suck
Tuesday, April 27, 2004 12:05:08 PM (Pacific Standard Time, UTC-08:00)
#  
 Thursday, April 01, 2004

I must say, I was just a little surprised at how many people actually thought I was being serious earlier today... I mean - DOG SEAT BELTS??? Come on! ;-)

My story was borrowed from a pre-planned radio show on 1190-KEX here in Portland. The radio personalities notified some listeners a day ahead of time, to have them help to make it that much more believable. It worked.

The first person I heard from among many today was my friend, co-worker and neighbor, Mike. He seemed shocked that my dog, Buddy, was in jail.

My reply: “Can you *believe* that crap????”

He wasn't the only one. :-o

Once the radio show started this afternoon, not only did the phone calls start rolling in to the KEX studio, but the local and state police offices started getting a lot of phone calls, too. The Portland Police Bureau was warned ahead of time, and it sounds like they were ready, but the Oregon State Patrol wasn't aware or prepared for a bunch of phone calls from angry and confused people wanting to know what the heck was going on with this “new law.”

Classic.

Anyhow, Happy April Something-or-Another. :-)



Add/Read: Comments [4]
Humor | Personal Stories | Things that Suck
Thursday, April 01, 2004 7:52:05 PM (Pacific Standard Time, UTC-08:00)
#  

I used to be a cop. I don’t have a problem with laws that make sense. I do, however, have a serious problem with stupid laws that go too far.

On Wednesday evening, I became a victim of Oregon's new PET RESTRAINT LAW.

This law requires that you restrain your pet (dog, cat, ferret, whatever) in special seat belts while traveling in a moving vehicle. Yes, that’s right, Dog Seat Belts. The cost of these special animal restraints runs anywhere from 20 to 30 dollars, if you can find one. Holding an animal in your lap is NOT acceptable. Animals are apparently also required to be restrained in the back of an open pick-up bed in an attached animal carrier. This law actually went into effect January 1, 2004 but only warning tickets were given out until March 1, and since then they've been writing citations for real. And I got screwed.

So now I owe a fine of $150 for my first offense and my dog was confiscated to the local animal shelter, and I have to go there to get him back, but I can’t do that until I show proof that I have a pet restraint in the car. Plus, I’m told that if I get caught a second time, they’ll take my pet from me permanently and charge me with animal neglect.

The stupidest part is that it wasn’t even a cop that saw my dog walking around in the back seat – It was someone working on a construction crew on a highway near my house. Any Oregon State police officer, city cop, OR roadside worker can act as a witness in court according to the statute. If the road crew sees you and calls the police, they can either find you and pull you over (like me), or they can send you a citation in the mail.

This sucks. How the heck do these laws get passed???

Update: See Hook, Line, Sinker ...



Add/Read: Comments [0]
Humor | Personal Stories | Things that Suck
Thursday, April 01, 2004 12:01:18 AM (Pacific Standard Time, UTC-08:00)
#  
 Tuesday, March 16, 2004

An Open Letter to Commercial Software Companies
(or, Food for Thought for one yet to be named)

I don’t expect perfection from you. If your software has some issues that make it difficult to implement at a business level, I simply expect you to support the implementation and help me get it done. You best have a damn-good support department – a support staff and managers that respond to emails and phone calls. Not just responding when it’s convenient – I mean responding in a timely manner and following through on any commitments they make. If I have to spend six weeks trying again and again to get your people to help me, you should see the problem without me telling you there's an issue, and without me having to write this letter.

I’m on the edge of firing a software company, one with which I have an established relationship, and only after working very hard to try to be a “reference-able” customer. Sure, the software application has all the promise in the world, but enough glitches to require working through the bumps in the road in order to meet every-day production use requirements. I have been working under the assumption we could get past these hurdles, but what good is that is your people won’t even return email or phone call requests for assistance? I should not have to do any of the work it takes to be a customer that you can use as a reference – That’s your job.

And know this: All the good past experience in the world means nothing when you suddenly drop the ball over and over and repeatedly fail to pick it up, despite the fact that I am standing here pointing at the damn ball. I don’t care how much potential there is in the vendor-customer relationship. If you don’t do your job, you can expect I will not be your customer.

But perhaps most importantly: If you screw up the relationship and don’t make good on it, you’ll have to deal with all the consequences, including the fact that I’ll probably tell people far and wide what a bad experience I had with your company, and how it hurt my business and reputation. Many people from a wide variety of businesses look to me for advice on software and systems, and I tell the truth when asked. So, if it means some bad exposure for your company and product, remember the most important lesson of all – You’ve earned it.



Add/Read: Comments [0]
Tech | Things that Suck
Tuesday, March 16, 2004 6:45:27 PM (Pacific Standard Time, UTC-08:00)
#  
 Friday, March 05, 2004

Ten years ago, SPAM as we know it was born. Not sure it’s reason to celebrate, but this story is an interesting historic view. Spam ruined Usenet back in the day, and now it’s doing a lot of the same to email.

Happy birthday, you lame, no-good, dirty, rotten scoundrels. And thanks to my friend Mike for pointing this out to me.



Add/Read: Comments [0]
Things that Suck
Friday, March 05, 2004 11:35:57 AM (Pacific Standard Time, UTC-08:00)
#  
 Tuesday, February 24, 2004

Bike? CHECK!!  Video Camera? CHECK!!  Sheer Cliff? CHECK!!  Parachute??? Uhhh...

Oh my my my my my.. It hurts sooo bad just to watch. Can't say I didn't warn you.

Note to self: Make sure parachute's properly rigged before riding off cliff.



Add/Read: Comments [0]
Humor | Things that Suck
Tuesday, February 24, 2004 7:45:31 PM (Pacific Standard Time, UTC-08:00)
#  
 Sunday, February 01, 2004

AAAAAAGH!! Something about Kid Rock in a cut-up American flag, preceded by the lamest set of artists they could possibly think up, that just further affirms my prior belief that CBS sucks. Only in Houston. Really. Think about it...

And wow, what perfect timing: Janet Jackson. Gee, wonder why? Justin Timberlake certainly seemed to enjoy being on stage with her, though.

Oh, and here I am, watching the Superbowl with our entire youth group at church. And there's Justin and Janet, gettin' it on. And hey, quite the ending there - wow.

Great. Just great. The game means nothing, but suddenly halftime is the most important thing on the face of the planet. These kids are all over it. We've got twelve year old boys hollering for others to get out of the way just in case there's more Janet Jackson on the screen. No such luck, kids. Maybe next year.



Add/Read: Comments [4]
Things that Suck
Sunday, February 01, 2004 5:51:34 PM (Pacific Standard Time, UTC-08:00)
#  
 Tuesday, January 27, 2004

Overheard: “TriMet's a great system if you live next to it.”

Uh, yeah. :-)



Add/Read: Comments [0]
Things that Suck
Tuesday, January 27, 2004 5:58:39 PM (Pacific Standard Time, UTC-08:00)
#