Thursday, July 2, 2015

Another...um, salvo in the privacy war - throwable cameras

When considering use of cameras, there are numerous distinctions that need to be made between public use and private use, and there are numerous distinctions that need to be made between lawful law enforcement use and other uses.

In most cases, with a few exceptions, the camera is located in a stationary position.

Well, add another exception to the list:

Unseen areas are troublesome for police and first responders: Rooms can harbor dangerous gunmen, while collapsed buildings can conceal survivors. Now Bounce Imaging, founded by an MIT alumnus, is giving officers and rescuers a safe glimpse into the unknown.

In July, the Boston-based startup will release its first line of tactical spheres, equipped with cameras and sensors, that can be tossed into potentially hazardous areas to instantly transmit panoramic images of those areas back to a smartphone.


So now law enforcement and public safety agencies will have this tool.

As will everyone else. You can buy the high end version for less than US$2,500.

And you know that these won't only be sold to law enforcement. (They may not have the money anyway.) I bet you Robert Scoble is using one to play catch with his kids right now. And who knows what will happen when the Jenner kids start tossing these around the house.

But the party may end soon. I'm sure that NBC, using the Late Night with David Letterman monkey cam segment as precedent, will claim that this is NBC's intellectual property.

Wednesday, July 1, 2015

The world we live in (and life on video)

[DISCLOSURE: MY EMPLOYER IS INVOLVED IN THIS INDUSTRY, AND REGULARLY DOES BUSINESS WITH LAW ENFORCEMENT AGENCIES.]

I was debating whether to include this story in the Empoprise-BI business blog, or the tymshft blog. While it fits in tymshft's "we never did this before" theme, the activities described here indicate how things are being recorded - not only by my employer's customers (law enforcement agencies), but also by individuals (Glassholes, TMZ contractors, and the like).

Back in June, Tucson station KVOA posted a story about a confrontation between a driver and police. Let me start by sharing the second paragraph of the story.

Just before noon on Friday, officers pulled a man over at 12th Avenue and Ajo Way. After the stop, he rammed multiple cars in a drug store parking lot. At least 3 officers shot at him as he pulled out on Ajo Way, according to Tucson Police Sgt. Kimberly Bay.

That isn't why I read the story. The part that caught my attention began in the third paragraph.

Cell phone video captured the truck colliding with another truck at 12th Avenue.

Let's face it - if people are walking around with their cell phones and see something extraordinary, at least some of them are going to go the citizen journalist route (or at least the "wait until my friends see this" route) and capture the event on video. And, as the 1991 Rodney King beating incident demonstrates, you don't even need a smartphone.

But that wasn't the only video that was captured.

Video provided by the city's photo enforcement camera vendor, American Traffic Solutions, shows he continued toward 6th Avenue where he ran a red light....

And the video shows much more than that, as the KVOA story notes.

Has government, business, and individual video capture affected our society? Just ask Ray Rice.

Or Eric Casebolt.

Tuesday, June 30, 2015

The Ignite Game

There are all sorts of games that you can play to make a conference more interesting. While I wasn't enamored with the whole marketing free thing, I had better feelings about unconferences, although when I presented at a 2008 unconference myself I had to be a little...um, agile about the presentation title.

Around that time (specifically, in 2006), a new parlor game came along called Ignite.

Imagine that you’re in front of an audience made up of your friends, family, and people from your community, about to present a 5-minute talk on the thing you’re most passionate about. You’ve brought 20 slides, which advance every 15 seconds whether you’re ready or not. You have a few last-minute butterflies, but off you go—and the crowd loves it. Welcome to Ignite.

Nine years later, Ignite has either entered the mainstream or jumped the shark - take your pick. The Association of Proposal Management Professionals included eight Ignite presentations in its 2015 conference, and plans to include ten in its 2016 conference.

Monday, June 29, 2015

#empoexpiire - In which unicityd's mind changes

Another in the #empoexpiire series. (See the other posts here.)

In 2012, unicityd reconsidered something that he wrote in 2006.

I previously posted a defense of password expiration on this blog. Since that time, my perspective has changed and I no longer consider password expiration to be a useful security measure. Here is my reasoning...

By 2012, unicityd had concluded that the benefits of a password expiration policy are relatively minimal. unicityd also noted that password expiration policies encourage a potentially bad behavior:

Frequent password expiration encourages users to pick weaker passwords and/or write them down*. That means we have to weigh any potential benefit from password expiration against the negative consequences of poorer password selection and management. If the user writes his password down and stores it in an insecure location, it is vulnerable to any local attacker (e.g. malicious insiders).

unicityd doesn't object to passwords stored in a secure location. unicityd just objects to some common practices to remember passwords that frequently change. And I'll admit that I have been known to write a password on a piece of paper and keep it next to my computer monitor.

Alan Henry, who was often asked to perform urgent computer maintenance for someone who had left for the day, was often able to perform the maintenance anyway because his users left their passwords in easy-to-find locations. (Henry's article, incidentally, includes a picture of a computer with a Post-It Note that says "ADMIN / ADMIN." One would think that an admin would never used the password "ADMIN," but sadly there are admins who do this.)

One of Henry's stories:

I knew one person who put post-it notes [with her passwords] on the bottom of their chair—she was livid when she arrived one morning to find a colleague had borrowed her chair for an impromptu meeting in her office next door.

More of unicityd's thoughts on password expiration can be found here>

Friday, June 26, 2015

NIMBY in Kansas - but if the National Bio and Agro-Defense Facility is not in Kansas, where can it be?

I haven't written about hazardous sites in a while. In 2014, I wrote about biohazards in Boston and nuclear waste in South Carolina. In both cases, there were proponents who really really wanted the facility in their town - primarily for economic reasons - and there were people who didn't want the facility there.

The latest story comes from Manhattan, Kansas, which came to my attention via Slate's Laura H. Kahn. It turns out that a facility that deals with biological samples, and which is managed by the Department of Homeland Security, is about to be relocated.

The U.S. Department of Agriculture established an animal disease research center on Plum Island, New York, in 1954, for the express purpose of studying foot-and-mouth and other deadly animal diseases. Today, in addition to foot-and-mouth, the center studies viruses like African swine fever, which, if inadvertently released, could devastate the U.S. livestock industry.

As Kahn sees it, the current facility location is ideal.

The isolated island sits off of the far eastern end of New York state’s Long Island, where the prevailing winds blow toward the ocean. If the foot-and-mouth virus—or any other airborne danger—escaped from the lab, the air currents would likely carry it beyond where it could cause harm.

Well, DHS wants to relocate the facility to Kansas State University in Manhattan, Kansas. And Kahn is not happy.

[I]t is absolutely mind-boggling that Homeland Security has decided to move the lab, to be known as the National Bio and Agro-Defense Facility, to the Kansas State University campus in Manhattan, Kansas, smack in the middle of cattle country and Tornado Alley.

Read the rest of the article here. Kahn, incidentally, "works on the research staff of Princeton University’s Program on Science and Global Security."

So if you agree that it's a really bad idea to locate a hazardous facility (such as a nuclear facility) in Tornado Alley, where do you locate it? Ideally, in a place that is not subject to natural disasters.

Good luck.

When Janey Osterlind tried to identify the 10 safest cities in America from natural disasters, Osterlind immediately ruled out a good chunk of the country.

From a list of American cities with populations over 100,000, those cities that had a higher likelihood of being struck by tornadoes (in Tornado Alley) were eliminated, as were those cities that were more likely to be hit by a hurricane (Gulf Coast cities and some Atlantic Coast cities). Cities that had a higher probability of experiencing a tsunami (Pacific Coast cities) or that were located near active volcanoes (concentrated in the Pacific Northwest) were also eliminated. Finally, cities in areas most likely to experience earthquakes (according to the U.S. Geological Survey) were removed from the list.

OK, so Manhattan, Kansas was not on Osterlind's list. But what about Long Island? It is subject to hurricanes.

And Kahn's working place in Princeton, New Jersey, was adversely affected by Hurricane Sandy.

So where did Osterlind recommend? Oddly enough, she put Chesapeake, Virginia at the top of the list. While Chesapeake does not have as many hurricanes as, say, New Orleans, it's not what I'd call an entirely safe place.

Many of the other sites were in a range between Pennsylvania and Minnesota - far enough inland to escape hurricanes, but not as likely to suffer tornado damage (although some of the area could be subject to tornadoes.)

Outliers: Henderson Nevada, Phoenix Arizona, and Provo Utah - all between Tornado Alley and Earthquake/Volcano Land. Of course, any worker in Henderson or Phoenix could fry to death in the summer heat.

What area is safe from a natural disaster? None.

Thursday, June 25, 2015

Java users, your long nightmare is over. Insert exclamation here.

I have reason to believe that one day, Larry Ellison went to his computer and engaged in his usual practice of asking questions with the ask.com toolbar. The question that he asked that fateful day was as follows:

Is Oracle doing everything it can to promote Java?

The ask.com toolbar replied:

Yes, master. People love Oracle's Java distributions. The fact that you provide helpful software with the Java installations by default is especially impressive.

Ellison smiled, but then he realized something. Is it good to question the ask.com toolbar about the usefulness of the ask.com toolbar? He decided that he had better get a second - and a third - opinion.

"Safra and Mark, thanks for stopping by," Larry said. "I wanted to ask you something - is Oracle doing everything it can to promote Java?"

"Glad you asked, Larry," replied Safra Catz. "People hate our guts."

Mark Hurd chimed in. "They can't understand why we'd bundle what they call 'malware' with Java, just for the sake of a few bucks."

Safra typed something on her (unreleased) Oracle tablet. "Look at what this noted blogger said back in 2013," she said. "He stopped installing new versions of Java and OpenOffice because of Oracle's policies."

"But we got rid of OpenOffice back in 2011," replied Larry.

"He didn't know that," said Safra.

Larry thought for a moment, said "Next slide, please," but then remembered that he wasn't giving a presentation. "So the bundling of the ask.com toolbar with Java is angering the very technical community that we want to court for our line of business products." He thought some more. "So I think that we should ditch our agreement with ask.com..."

Safra and Mark were about to jump for joy, but Larry continued.

"...and sign an exclusive deal with Yahoo so that we can fool Java installers into installing Yahoo as their default search engine! This will be great!"

As Safra and Mark left the room, Safra heard Mark mutter under his breath, "I wonder if HP will take me back."

Why is the SuperShuttle app so bad? The dangers of "condensed" apps

I was reading the information for a company's upcoming conference, and I noticed that the company had chosen SuperShuttle as its official shuttle provider. The material noted that SuperShuttle has an iOS app. Since I happen to have a SuperShuttle account, I figured that it would be a good idea to get the app.

While the app was downloading, I noticed that the review ratings were pretty low on the app, and I wondered why.

The first problem is that there is no way to log into account.

Ouch. So much for establishing all of that information in my SuperShuttle profile.

I figured I'd see if the app was usable anyway, but when I did, I encountered the problem mentioned by another reviewer:

When you select My Profile a message comes up saying "You don't have any profile information yet. Profiles are created when you book a new reservation.

After I removed the app from my phone, I began wondering how this could come to be. The app has apparently been out for several monthsyears, but still doesn't have a lot of functionality. And it's not a beta app, either; its official version is 1.8. So, what changes did SuperShuttle make in version 1.8 of the app in January 2015?

What's New in Version 1.8
Modified font for terms and conditions.


Well, that's important.

Still curious as to how this happened, I ran across a lot of material from 2010, when the iOS and Android apps were released. The problem is highlighted in a comment made by a SuperShuttle executive back in 2010.

“The target demographic is any iPhone or iPod touch user who travels,” said Ken Testani, senior vice president of global marketing and partnerships at SuperShuttle, Scottsdale, AZ. “We’re trying to provide a much easier way for folks to book their ground transportation and also track where their vehicle is when it is their time to be picked up.

“App users can book reservations, cancel reservations and it allows for folks to earn airline miles,” he said. “It pretty much mirrors the capabilities of our Web site’s booking engine, but I actually think the process is much easier using the iPhone app, because it’s a more condensed version."


Catch that? Because the app is "condensed" - a nice way of saying it doesn't have as many features as the web version - it's better.

“Any kind of travel service is really going to mobile, and we’d be missing the boat if we didn’t have a mobile app at this point—for the travel sector in particular it’s key to be mobile right now.”

So SuperShuttle has a mobile app - and over four years after its release, the mobile app won't let you log into your account.

Of course, part of the problem may be the partner that was used to complete the app. The 2010 article included a link to MobiLaurus, the company that worked with SuperShuttle on the app. I clicked on the link to mobilaurus.com, and got an error 404 from HostGator. A web search indicated some restaurant information at www.mobilaurus.com, but when I clicked on the site's index.htm page, I got errors also.

If MobiLaurus can't manage its own website, it's understandable why the app that it developed has so few features.

Wednesday, June 24, 2015

Why this online seller is NOT recommended by Angie's List

Angie's List has been around for a long time - as long as, say Yahoo. It's a curated service listing a number of local vendors that provide services.

Last year, someone else entered that market niche - Amazon, with a service called Amazon Local.

The question that immediately arose - when the big disruptor enters the services marketplace, after having already disrupted the book market, was Angie's List in trouble?

Perhaps. After Amazon Local's launch, some people on Angie's List started getting calls:

Kristin Baker, a "project launch specialist, used her account to contact a business and tell it: "I am reaching out to see if you would be interested in doing a similar offer on Amazon as you are doing on Angie's List."

...Samantha McDonald, an Amazon Local "regional marketing consultant," did the same thing, sending an Angie's List contact a message: "I'm reaching out to you because I work for Amazon.com and run our site in the Syracuse area that features local businesses to our Amazon.com shoppers in your area. We are looking to feature a chimney sweeping offer to our customers and I came across your business on Angie's List and see you have great reviews."


Seems legit, right? Except that to find out who is on Angie's List, you actually have to join Angie's List. And Angie's List doesn't like it if you take their lists to other companies...like Amazon.

Angie's List claims that Amazon Local and its employees breached and tortiously interfered with contracts by violating its membership agreement to identify credible service providers and solicit their business.

To steal this information, Amazon Local employees signed up for Angie's List accounts, some under false names and addresses, and searched for businesses, many of them far away from their homes, Angie's List says....Its membership agreement "explicitly prohibits the use of Angie's List's accounts and information for commercial purposes," according to the lawsuit.


Several statutes are cited as the basis for Angie's List's legal complaint, including the Stored Communications Act. And there are penalties for violating the Stored Communications Act.

This provision is intended to address "computer hackers" and corporate spies. The provision is not intended to criminalize access to "electronic bulletin boards," which are generally open to the public. A communication will be found to be readily accessible to the general public if the telephone number of the system and other means of access are widely known, and if a person does not, in the course of gaining access, encounter any warnings, encryptions, password requests, or other indicia of intended privacy....

If a violation of 18 U.S.C. § 2701(a) was committed for commercial advantage, malicious destruction or damage, or private financial gain, the violator could receive up to a year in prison and a fine as provided by Title 18, United States Code, for the first offense and up to two years imprisonment and a fine as provided by Title 18 for a second or subsequent offense. In all other cases, a jail term of up to six months and a fine under Title 18 could be imposed.


This law can apply in other situations, such as the allegations that the St. Louis Cardinals baseball team hacked the Houston Astros computer system.

Tuesday, June 23, 2015

The World Wide Web isn't

Remember how the World Wide Web was supposed to unify us, and was supposed to cross borders, and allow Twitter users in San Francisco to liberate the peoples of Egypt?

It turns out that connectedness is about as effective as a smuggling ship - technically able to illegally cross over borders, but fraught with peril.

Google Noticias is still dead. I previously noted how Google chose to shut down the Spanish version of Google news rather than conform to specific laws in Spain.

But Google isn't the only Silicon Valley company whose quest for world domination has been blocked.

A week ago, a Facebook product manager trumpeted an announcement of a new product. The trumpeting started as follows:

With a phone at everyone’s fingertips, the moments in our lives are captured by a new kind of photographer: our friends. It’s hard to get the photos your friends have taken of you, and everyone always insists on taking that same group shot with multiple phones to ensure they get a copy. Even if you do end up getting some of your friends’ photos, it’s difficult to keep them all organized in one place on your phone.

To help make this easier, today we’re announcing a new standalone app called Moments.

When you go to a wedding, for example, there are many people taking great photos throughout the day. You all want a quick way to share your photos with the friends who are in them, and get photos that you’re in back. The same is true for smaller events too, like a kayak trip or a night out.

Syncing photos with the Moments app is a private way to give photos to friends and get the photos you didn’t take. Moments groups the photos on your phone based on when they were taken...


Great! Then, product manager Will Ruben continues:

...and, using facial recognition technology, which friends are in them.

Excuse me for a moment while I do the disclosure:

[DISCLOSURE: MY EMPLOYER IS IN THE FACIAL RECOGNITION TECHNOLOGY INDUSTRY.]

It turns out that the facial recognition feature in Moments - which, in effect, drives the whole danged product - makes it a problem in some parts of the world.

So Europeans aren't going to get it:

It's unclear whether Facebook – which has its European headquarters in Ireland – is in private talks about the tech with the Irish Data Protection Commission.

The Reg sought comment from the watchdog....

An Irish [Data Proection Commission] spokesman has since responded to El Reg's questions. We were told on Wednesday morning:

"In relation to the app called Moments, as it is a US product only, we have not been consulted by Facebook Ireland on it, we would only expect to be consulted if it was being introduced in Europe.

"This office has not been consulted on any planned roll out of facial recognition products in Europe, we would expect to be consulted if such products are being considered for Europe."


Monday, June 22, 2015

#empoexpiire - How password expiration policies solve another problem - but are they the best solution?

I'm writing about password expiration policies under the hashtag #empoexpiire (you'll note that I try to choose unique hashtags). And I'll admit that while they're a hassle from the user perspective, there can be some justifications for them. Let's look at a 2009 post by Matt Weir that, among other things, details a really good reason to have password expirations.

I can't name the number of places where I've gone back a year latter for some reason and all my old accounts are still valid. Let's be honest, proper authentication revocation almost never happens when people leave, move on, or are promoted. This goes double for anyone who is a system admin, network admin, or basically has access to the good candy.

Think about this for a moment. If I, a mere mortal, leave a particular company, there's a chance that my account won't be deactivated. If I were a wise system administrator, and I left a particular company, there's an EVEN BETTER CHANCE that my account won't be deactivated. In other words, the people who have the knowledge - and the computer privileges - to do damage at a former employer are those who are most likely to still have the ability to do so.

What a password expiration policy does is to help automate authentication revocation. If someone hasn't logged in to the system in six months, then they are locked out regardless if someone remembered to delete their account or not.

Outstanding! If a company doesn't think to stop people from logging into accounts after they've left the company, then just force them out!

But there's a critical caveat here:

For this to work though you have to have true password expiration. You have to lock the account after a certain amount of time. If they log in two years later and all the system does is force them to choose a new password this doesn't help. This actually can cause a lot of problems.

What's the better solution? As part of a company's standard procedures when an employee leaves the company, deactivate the danged account.

P.S. As I was typing this post, I remembered that I have sysadmin access to a particular third party service.

A service that also has another sysadmin.

Who has since left the company.

I bet you can guess what I'm going to do after I finish typing this sentence.

Friday, June 19, 2015

If you don't eat your own dog food, then I won't listen to your elevator pitch

During my Friday afternoon walk, I passed by an office for an elevator company.

In a single story building.

I'm not buying.

Thursday, June 18, 2015

Trying mobile ordering on the semi-beta Starbucks app

Usually, a mobile application is either a beta version, or it is not.

For certain users of the Starbucks mobile app, this is not true. The app itself is not beta, but a feature within the app - mobile ordering - is beta.

Yesterday, I received a notification that mobile ordering had been turned on in my Starbucks app. This is a slow rollout:

The latest expansion means that an additional 3,400 stores in 21 states, from Texas to Wyoming and Arizona to South Carolina, now have it. So do stores in Southern and Central California.

In addition, this is only available on iOS at the present time; Android users will have to wait a bit. So, as a southern California iOS user, I guess I was lucky.

Since I had already turned location services on for the Starbucks app, mobile ordering was all ready to go for me. So this morning, when I was a mile away from a Starbucks, I entered my mobile order for a reduced fat turkey bacon breakfast sandwich. (Health food, you know.)

A few minutes later, I arrived at my Starbucks - and when I asked for my order, the baristas realized that an order had printed out on their printer, and they didn't even know it. The baristas apologized profusely, explaining that this was a new process to them, and that they had to learn that they needed to monitor that little printer to see when remote orders came in.

I told them that they didn't need to apologize. This is a new process for all of us.

And after all, the mobile ordering function is only in beta.

In which a wrongful termination claim goes up in smoke

I have previously noted that private employers can fire you for all sorts of reasons. For example, in Florida, Michael Italie was fired for being a Socialist Workers Party member - and the American Civil Liberties Union had to inform Italie that there was nothing that could be done about it.

I've uncovered another termination case, in which several courts in Colorado - leading up to Colorado's Supreme Court - agreed that Dish Network had the right to fire Brandon Coats.

The issue, according to Courthouse News Service, boils down to this policy of Dish Network:

"As a national employer, Dish remains committed to a drug-free workplace and compliance with federal law."

Notice that word "federal" in the statement? There's a conflict here, since in the state of Colorado, medical marijuana use (along with some non-medical uses of marijuana) is legal.

Yet just because something is legal, that doesn't necessarily mean that an employer needs to permit the legal activity. Using another example, it's legal for me to worship my deity of choice; however, workplaces may impose restrictions on such worship within the workplace.

In the case of Brandon Coats, who only used the medical marijuana after work hours - not before or during work - this meant that Dish Network could administer a drug test, and fire him if he failed.

As I noted above, the case was heard by several courts in Colorado, all of which agreed that Dish could terminate Coats.

At that point, Coats' lawyer saw no point in appealing to the U.S. Supreme Court:

"You need the Colorado Supreme Court to stand up for its own laws," Evans told the Denver Post. "The U.S. Supreme Court is not going to do that."

Of course, there is one power that is even more powerful than the power of the courts - the power of the consumer.

If you're a Dish Network customer, and Dish asks you if you want to purchase a Cheech and Chong movie for viewing, ask yourself - do I really want to do that?

If you're a Dish Network customer in Colorado, do you really want to do business with a company that ignores your laws?

Wednesday, June 17, 2015

Why owners of single-family houses don't have to paint a white line on their front porch

With all of the stuff in the news about privacy - Google Glassholes walking into bars, cameras in the UK and elsewhere (DISCLOSURE: I am employed in this particular industry), and other things - there is a lot of debate about what is considered "public," and what is considered "private."

For example, if you are in Iowa and are drunk on private property, can you be cited for public intoxication?

Answer: it depends.

The short version of this story: Patience Paye and her boyfriend were having an argument, and the police were called. Paye stepped out onto her front porch to talk with the police, since she didn't want to disturb her children. On the porch, the police wanted to determine if she was drunk or not. They didn't make her walk a white line, but they administered a breathalyzer test and determined that Paye had a blood alcohol content of at least 0.264. She was arrested for public intoxication.

The defense argued that Paye's front porch was not a public place, while the prosecution argued that it was.

Eventually the case made it to the Iowa Supreme Court, who heard it at an Iowa high school.

Courthouse News reporded the judge's decision.

"We recognize that salespeople, neighbors, and other subsets of the public possess an implied license or invitation to approach Paye's front stairs," Justice Daryl Hecht wrote in the June 12 opinion. "Yet, we conclude there is a significant difference between the implied invitation allowing people to approach the front stairs of a single-family residence."

That "single-family residence" part is key. What if Paye were in front of a business? Then, her arrest would be valid.

"A business generally wants as many people as possible to accept the invitation; we doubt the same is true for most inhabitants of single-family homes," Hecht wrote.

OK, what if Paye lived in an apartment?

The court also distinguished between the front steps of an apartment building and the front steps of a house; whereas the former could be considered public space, the latter could not because a single tenant had the ability to bar access to the home.

So if you're drunk on the front porch of a single-family home, you're not intoxicated in public. But if you're in front of a business or apartment, you may be.

To make things even more confusing, a street is a public place. But what if you're in your car, parked on the street?

It also relied on previous case law that determined that the inside of a car was not deemed a public place, even though it is in public view.

But what about a van? A commuter van? A van operated by a religious organization? A van which is not yet paid off?

Law is hard.

P.S. Paye's reaction is not known, although she was apparently in Minnesota on May 15.

Monday, June 15, 2015

#empoexpiire - When password expiration policies are self-defeating

I plan to spend some time looking at all the stuff surrounding password expiration policies, so consider this post the first in a potential series.

What is a password expiration policy? It is a set of business rules, possibly codified in a written procedure, that governs account passwords.

Let's say that on January 1, I establish an account with a certain password. 80 days or so later (assuming a 90 day password expiration policy), I'll get messages saying that I need to change my password in 10 days. Some time within the next 10 days - possibly on the 9th or 10th day - I bite the bullet and change my password.

90 days later, the process repeats itself. I think to myself, "Well, I'll just switch to the password that I was using on January 1." No, no, the system might say; you cannot reuse your previous password...or your previous 4 passwords...or your previous 16 passwords.

Let me tell you a story - in essence, the reason why I wanted to write this series in the first place.

Eleven years ago, I set up a free account with a popular website that provides business information. This put me on the website's mailing list, but I frankly haven't been to the website itself all that often.

"Hmm," I thought to myself, "this website provides useful information. Perhaps I should visit it more often." So, for the first time in...well, in several years, I went to the website and logged in, using my password that I established oh-so-long ago.

And I got the following message:

Your Password has expired. Your password must be changed every 90 days for your protection. Please provide a new password below to access your account.

For my protection. We'll get back to that, I'm sure.

In the meantime, I was thinking to myself. "If I want to commit to accessing this website again, I'm going to have to change my password again and again. Do I REALLY want to access this website THAT badly?"

The answer was no.

Now I just have to stop the emails from the website - or, if the website makes it too hard to do so (what if I have to login to stop the emails?), then I'll just block them. The website will never know the difference, and won't realize that I have intentionally stopped visiting the site because password hassles weren't worth the trouble.

Friday, June 12, 2015

Let's make that impartial ballot statement more impartial...yeah, that's it! (South Dakota short term loans, Erin Ageton, and Marty Jackley)

When we receive propositions in California, the material consists of several parts. Normally I only pay attention to two of them: the statement in which the opponents say that the proponents are full of it, and the statement in which the proponents say the opponents are full of it. I admit that I often skip over the impartial assessment of the effects of the measure.

However, in South Dakota, that impartial statement is becoming part of the ballot battleground.

In that state, an initiative is trying to qualify for the ballot that will cap loans from "certain State-licensed money lenders" at an annual percentage rate of 36%. If that rate sounds high to you, that's because the money lenders in question are the ones who provide short-term interest loans - payday loans and the like. If you hear a commercial on the radio that says "we'll lend you money" but doesn't actually quote the interest rate at which the money will be loaned, it's probably a loan that would be affected by South Dakota's proposed rate cap.

In South Dakota, the Attorney General (Marty Jackley) is responsible for coming up with the impartial ballot statements. Here's Jackley's statement for the loan cap initiative.


In California, such an initiate would include a statement on financial impacts, but only on the financial impacts to state and local governments. It would not comment on other financial effects, such as the value of outstanding loans held by South Dakota consumers, the effects of a rate change on these loans, or the effects of a rate change on South Dakota businesses. At least in California, we only care about the effects to government.

South Dakota includes no such requirement. According to the Attorney General, an initiative statement only needs to include the following:

Under South Dakota law, the Attorney General is responsible for preparing explanations for proposed initiated measures, referred laws, and South Dakota Constitutional Amendments. Specifically, the explanation includes a title, an objective, clear and simple summary of the purpose and effect of the proposed measure and a description of the legal consequences.

According to this statement, the Attorney General only needs to speak about the legal consequences - this is, after all, the Attorney General's office. The Attorney General is not charged with addressing financial consequences to governments, citizens, or businesses.

Erin Ageton believes that the Attorney General should be educating the public more. Ageton believes that the initiative explanation could be vastly improved by the addition of one simple sentence. In fact, Ageton has already drafted the sentence for the Attorney General's consideration:

The initiated measure, if adopted, will eliminate short-term loans in South Dakota.

Ageton has communicated this sentence to the Attorney General in the form of a legal action on behalf of the firm that employs her, Select Management Resources. And yes, that firm provides short-term loans, and believes that "[t]he measure's purpose, effect and legal consequence is to set a 'maximum' interest rate so low that this form of consumer credit will simply disappear." Ageton cites a 2011 University of Washington study that says, in part, "[t]he supply of payday loans significantly decreases when rates are capped at 36% or less." The study doesn't say that the supply of payday loans will decrease to zero, but perhaps I'm being overly picky.

In South Dakota terms:

Because South Dakota limits short-term loans to $500, Ageton said, a lender will earn just $6.90 on a loan paid off within 14 days. She says that is not enough to cover overhead.

Proponents of the measure note, however, that Ageton's figures assume that the loan is paid off within 14 days. Often, that does not happen.

If the Attorney General has accurately described his responsibilities regarding initiative statements - a big if, by the way - then my layman's view is that Select Management Resources' lawsuit will be thrown out, causing the company to go to the REAL source of power.

The people who create advertisements against ballot measures.

Heck, I'll write the first one.

Tommy is an honorably discharged military veteran, an elder in his church, and he loves cute puppies. His fine American car needed repairs one day, and he couldn't get to work without it. But he won't be paid for another week. How can he pay for this expense right now?

If the special interests have their way, Tommy won't be able to pay for that car repair. Therefore, Tommy will stay home, lose his job, go on welfare, and kill everyone in South Dakota in a mad rampage.

Why? Because the special interests wanted to eliminate the one way for Tommy to get short-term money for a small dollar amount!

The special interests hate America AND they hate cute puppies.

Don't let the special interests have their way!


I'll submit my bill for creative services to Ageton next week. Interest will accrue on the bill if it is not paid.

P.S. If anyone wants to write the commercial script for the proponents of the bill (both of whom are named "Steve"), have at it.

Tuesday, June 9, 2015

Meanwhile, international controversy swirls around Yankton, South Dakota

Not because of anything Yankton did, but because of the people who couldn't make it to Yankton. The story began here.

The Junior Indian Archery team that longed to participate in World Youth Archery Championship in the US has been disillusioned after the US Embassy in Delhi denied visa for 20 members, including renowned Korean coach Chae Wom Lim.

The junior Indian Archery team, comprising of boys and girls, are scheduled to leave for the US on Saturday for the championship which will be held on June 8-14 in Yankton, South Dakota.

Unfortunately, the Delhi embassy granted visa only for seven archers, two coaches and a Sports Authority of India official and rejected the visa applications of the rest of the team members and coaches, casting a shadow over India’s participation in the championship.


What happened? Apparently the face to face interviews didn't go well.

Most of them are not well versed in English and hence lack in communication. When the visa officer asked them what they do for living, they simply said we are archers and play archery.

(If you assume that everyone in India speaks English from the British days...you don't know India.)

Let's take the story to Lausanne, Switzerland. Why Switzerland? Because the archers have an international organization and stuff, and therefore the international organization ended up making a statement.

During the last week, 18 athletes and coaches from India’s planned 35-person delegation to the World Archery Youth Championships in Yankton were denied visas to enter the USA.

The majority of those denied visas were athletes.

World Archery was informed that the reason given for the withdrawal was a failure to provide the requisite information to prove the trip was for a short stay.

As a result, the entire Indian delegation withdrew from the event.

World Archery deeply regrets the situation, particularly for the young Indian athletes who have been training for the competition for the past months. It is unfortunate and saddening that this effort will not be seen on the competition field due to administrative or communication difficulties.

During the opening ceremony at the event, World Archery Secretary General sent best wishes on behalf of everyone in Yankton to the Indian athletes, saying he hoped to see them on the field soon, competing with the same athletes.

Since the initial visa rejection was reported, the Yankton 2015 organising committee and World Archery contacted authorities in the USA and India in an attempt to resolve the issue but nothing could be done in the short timespan before the competition.

World Archery makes every effort to ensure visas are easily obtainable for its international events.

An evaluation of this situation with all parties involved will be undertaken to investigate how it might be avoided in future.


In other words, a typical statement from an international organization with no power, saying nothing. If Sepp Blatter headed archery, things would be a little different. (And the championship wouldn't be in South Dakota; I doubt they'd have enough bribe money.)

In essence, decisions made by government functionaries in New Delhi, India ended up having international repercussions. Perhaps the embassy officials truly feared that the youths would end up illegally working in the oil fields of South Dakota. Perhaps the embassy officials didn't like THOSE kinds of Indians (apparently some of the youth were from lower socioeconomic classes). Perhaps they thought they'd improve the United States' chances of winning by keeping the competition out of the country.

Whatever their motives, the whole incident has NOT promoted goodwill between India and the United States, as the comments to this article attest.

On the one hand they deny visas even to athletes from third world and pocket huge amounts as visa processing fees. But are ever too eager to help the third world in political issues with their neighbours or within their own countries. You can see the HUMAN SIDE of Americans when they spend billions of dollars to BOMB entire countries out of existence - all in the name of PEACE, JUSTICE, DEMOCRACY and HUMAN RIGHTS. ALWAYS READY TO HELP THE HUMANITY. Just tell them who to bomb! COMMENDABLE!. What they take in visa fees (and more), they return in terms of bombs. Apostles of Peace. Richly deserve all the Nobel Peace prizes they have been getting.

But then again,

You are very kind hearted . Please campaign and support for Indian citizenship to millions of Bangladeshis already in India and also those who want to come here as Indians are very generous as none else in the world. Sob,sob.

All that I can say is that if there's a cricket championship in India any time soon, and you're on the United States team...I'd make sure to buy a refundable ticket.

Monday, June 8, 2015

The world's biggest airlines...except for the world's biggest airline

I ran across an April 30 article from airport-technology.com entitled "The world's biggest airlines." The following statement appeared at the beginning of the article:

From Delta to Qantas, aerospace-technology.com lists the world’s biggest publicly traded airline companies, based on revenue over the 2014 calendar year.

Delta was at the top, with US$40.36 billion in revenue, and was followed by the expected suspects - United Continental, Lufthansa, Air France-KLM, International Airlines Group ("(f)ormed by the merger between British Airways and Iberia"), Southwest, and the like.

As I perused the list, however, I realized that American Airlines did not appear. So I checked American's website, and found this press release, dated January 27 - three months before the Airport Technology list was published.

Strong demand throughout the year led to 2014 total revenue of $42.7 billion, up 5.6 percent versus 2013 on a combined basis and excluding special items.

$42.7 billion - higher than Delta. And that is for the 2014 calendar year, for a publicly traded company.

So I thought I'd check another source, Traveljee, which (in a March 2015 post) did list American...in 5th place, with US$25.8 billion in revenue. Delta was third, below Lufthansa (first) and United Continental (second), with a listed revenue of $37.7 billion.

Neither Traveljee nor Airport Technology published the explicit criteria that they used to determine revenue, and it's possible that Traveljee didn't use the 2014 calendar year as its baseline. And it should be noted that my quote from the American Airlines press release specifically notes that "special items" are excluded.

But it's still odd that American didn't show up on Airport Technology AT ALL - or, conversely, that Airport Technology somehow assumed that American Airline's revenue was LOWER than the stated revenue for the 10th place airline on its list - Qantas, with US$14 billion.

Curious...

Thursday, June 4, 2015

In which I revisit #oow09 mind expansion...in 2015

I threw away a book this week.

I think it's fairly public knowledge by this point that my employer is moving from its current office to a new one about a mile away. In preparation for the move, I'm getting rid of things that I don't need. This is difficult - I still want to hang on to my RAIDbook - but there are some things that I'm painfully parting with.

I wrote about one of these things back in 2009, when I won a book as a prize at Oracle OpenWorld 2009. The book is entitled PeopleSoft Developer's Guide for PeopleTools & PeopleCode: Create and Distribute High-Performance Applications and Reports. Although it was a very useful book to some, I had no direct use for it myself.

But I justified my retention of the book.

So I'm not going to throw Judi Doolittle's book away, even though technically neither I, nor anyone else in my company, can technically use it. I'm going to read it, and while I'll see some things that I understand (I have a bit of knowledge about XML, primarily derived from ANSI/NIST-ITL 2-2008...), I'm going to be exposed to things that I have never seen before, and there will be a lot of it that I don't understand, but after a while a little bit of the stuff that I didn't understand will start to make sense. (Assuming Doolittle writes well, but I assume that she does if Oracle Press invested the time in printing her book.)

So, over the last five-plus years, how often did I crack open the PeopleSoft book to expand my mind? I don't have the precise number of occurrences, but I'd say that "zero" is probably a pretty accurate estimate.

While past performance is not an indicator of future results, in this instance it's safe to say that I probably won't crack the book open at the new office either.

So I trashed it.

One other consideration, if I can quote from my 2009 post:

And, as Larry promised, PeopleSoft will be supported for ten years, although that doesn't mean that 8.9 per se will be supported.

According to Oracle's website, the current version of PeopleSoft is 9.2.

And yet another consideration - will Justin Kestelyn be insulted that I threw away an Oracle Technology Network giveaway?

Probably not. Kestelyn left Oracle almost three years ago.

Wednesday, June 3, 2015

In which I revisit Internet Explorer 6...in 2015

I have written a number of things since October 2003 that have brought me personal pride, including my 2004 "Terrorism in the Skies" parody and my short story from 2011.

But if I had to name the one old post that merits repeated visits, it's a post that I wrote for my mrontemp blog in 2008 - Rant of the day - why YOU are to blame for the continuing use of Internet Explorer 6.0.

In short, I believed - and still do - that some technologists and marketers ignore the b2b world altogether, and think that it's just like consumer technology and marketing. The specific example that I cited was a person who passionately personed the barricades with this rally cry:

If all those folks using a version of any browser older than IE7 could just upgrade, get with the program and do their bit (it’s only a few moments to download and install and it doesn’t even insist on a legal copy of Windows these days!) then developers could concentrate on making great web applications using all the cool Ajax, Silverlight and Javascript features without having to worry about testing a load of different quirky behaviors.

As I noted at the time, I worked for a Fortune 500 company, and said Fortune 500 company dictated the use of IE6 to maintain compatibility with internal enterprise systems. In the enterprise world, you often can't install unauthorized software programs willy-nilly.

Four years later, I revealed that the then-unnamed Fortune 500 company was Motorola. Presumably Motorola Solutions and Motorola Mobility don't use Internet Explorer 6 any more in 2016, because no one uses Internet Explorer 6 these days. Right?

Umm...not exactly.

The New South Wales Baird government has finally come good on its promise to swing the axe on its unloved internal public sector technology and services provider ServiceFirst, announcing that what is left of its legacy workload will be carved-up between outsourcers Unisys and Infosys....

The junking of the in-house shared services play effectively ends an era in NSW where government agencies attempted to save money on technology and services procurement by consolidating their resources into a centralised provider that was usually outpaced and outpriced by competing private sector plays....


Outpaced? How?

The enduring backlog of some legacy systems in NSW has become near folklore in tech circles with some state public servants still stuck on browsers as old as Internet Explorer 6 (IE6) that was launched in 2001 and pre-dates Windows XP.

That's too much, even for me.

Although there are still advantages to IE6, even today. Especially today. In a private comment on this article about the "Stegosploit" hack, one of my friends said the following:

Well, at last there is something good to say about IE6. It's most likely not vulnerable to this, since it lacks the HTML5 support that this exploit requires.

Tuesday, June 2, 2015

In which .@macjbby provides me with another use case for text to 911

This morning, I posted something on my tymshft blog. One of the recurring themes on tymshft is the old practice of having telephones that were attached to the walls of a house. Such a limitation is inconceivable today, but on the other hand, the idea that people would carry phones around everywhere was absurd when I was growing up. Even people with car phones (phones as big as a car) were few and far between, because you had to be incredibly rich to own a car phone. True story: back in the 1980s, when you had to attach car phone antennas to your car for the phone to work, people would buy fake car phone antennas so that it looked like they were so rich that they owned a car phone.

But I digress.

Anyway, I like to write about phones on tymshft, especially when the posts bring up "get off my lawn" moments. My latest post, sourced from the Asbury Park Press, discusses the ability to send a text message to 911 instead of a voice message. As I wrote the post, I thought that I (well, Jim Walsh from Asbury Park) had covered every possible use case, both pro and con, regarding text to 911.

As I read the article, I caught a couple of Walsh's pro arguments - some people (primarily the young) prefer text to voice, and in some hostage-ish situations, texting works better than voice calls. I also noted a big con - if the dispatcher has questions about the original request, it will take longer to get the information via text than via voice.

However, I glossed over one of Walsh's arguments. But before I talk about that, let me share a tweet that I received this morning from Jeffrey Beatty in response to the tymshft post.

@empoprises Text to 911 would be much faster and accurate than by voice. I support SMS Text 911 + GPS apps to 911 Ctr

Nice response, I thought, but what motivated him to write it? Is he in the industry, and trying to promote a particular feature for texting and GPS?

So I began looking at his other tweets, such as a retweet of something from Kathryn Woodcock. She linked to a Toronto Star article:

A registered nurse in the Philippines, Talosig, 38, came to Canada in 2007 under the then live-in caregiver program. In 2010, she submitted her application for permanent resident status after fulfilling the required employment hours.

After waiting for five years, she recently received a letter from the immigration department informing her that her 14-year-old daughter Jazmine has been determined to be inadmissible to Canada because officials speculated that her deafness could cost Canadians $91,500 for health-related services over five years.


That's when I realized why Beatty is so interested in text to 911. It's because for deaf people, the current voice to 911 system is clunky.

In the current 911 system, deaf and hearing-impaired callers must use a teletypewriter (TTY) text telephone device or a telecommunications device for the deaf (TDD) to contact 911 in an emergency. These devices, invented in the 1960s, allow two users to type messages to each other, but are cumbersome and slow to operate.

In case you're wondering, it turns out that you can get a TTY device for a cell phone. One available model looks something like this:


Obviously, use of a phone's texting capabilities would be preferable to THAT.

Man, I thought to myself, that Jim Walsh article missed that whole use case!

Then I re-read the Walsh article:

(911 texting) also would benefit people with speech or hearing disabilities...

Egg on my face...

Some stock advisors are better than others...maybe

I fully support wide, unfettered dissemination of information. I believe that if all information is out there, the good information will be quickly identified, and the bad information will be quickly discredited.

I guess this post is an attempt to do the latter.

Anyone can give stock advice. You don't need a special license to do so. And in the course of searching for industry information, I ran across a blog post entitled Top High Tech Stocks to Own for 2016. Since it was published at the domain topstocksforum.com, you know that this is - by definition - the top stock advice. And if you doubt this, check the qualifications listed at the top of the post itself:


The fact that the author is the blog administrator is terribly impressive to me; you certainly don't want someone with low IT privileges providing stock advice. And as for the weather, you clearly want someone in a sunny area. (Take that, Alex Scoble.) And obviously a stable mood helps.

So "admin" dispensed advice on a number of stocks, including Document Security Systems Inc.

Document Security Systems, Inc. (DSS), incorporated on May 30, 1984, develops, markets, secure technologies. The Company specializes in fraud and counterfeit protection for all forms of printed documents and digital information. The Company holds numerous patents for optical deterrent technologies that provide protection of printed information from unauthorized scanning and copying. The Company operates three production facilities, a security and commercial printing facility, a packaging facility and a plastic cards facility, where the Company produces secure and non-secure documents for its customers. The Company licenses its anti-counterfeiting technologies to printers and brand-owners. In addition, the Company has a digital division which provides cloud computing services for its customers, including disaster recovery, back-up and data security services. The Company operates in four segments: DSS Printing Group, DSS Plastics Group, DSS Packaging Group and DSS Digital Group.

And those divisions compete against a number of well-known companies.

The Company competes with Standard Register Company, De La Rue Plc, Sharp, Xerox Canon, Ricoh, Hewlett Packard, Eastman Kodak, NoCopi Technologies, Graphic Security Systems Corporation, RR Donnelley, Canadian printer Quebecor World, Bristol ID, AbNote, LaserCard Corporation and L-1 Identity Solutions, Rock-Tenn Company, Caraustar Industries, Inc., Graphic Packaging Holding Company and Mead Westvaco.

Now I've heard of a lot of these companies, and I've had business dealings with a few of them - De La Rue, Hewlett Packard, and L-1 Identity Solutions.

Um, well...actually, I haven't dealt with L-1 Identity Solutions a lot over the past few years. In fact, I haven't dealt with L-1 at all in the last few years. That's because L-1 Identity Solutions was acquired by Safran (my employer's parent company) in 2011, and ceased to exist under that name.

A little fact that seemed to escape the notice of "admin" and his/her May 31, 2015 description of Document Security Systems.

"Xerox Canon" doesn't exist either, but I figure that's just a misplaced comma.

But perhaps I'm being hypersensitive, since L-1 more or less became MorphoTrust, that competes in the same industry. And after all, the company still operates in four divisions, called...oh, wait a minute:


OK, perhaps I'm being a little ridiculous. After all, the top stock folks certainly got the basic facts right, such as the fact that the company has been around since May...um, well...

Document Security Systems Inc. was formed June 16, 1984.

So it's no secret that I'm not impressed with the business acumen of these folks, which obviously doesn't equal the expertise of companies such as Moody’s Investors Service, Standard & Poor’s, and Fitch, three highly respected firms that...oh, wait a minute, Calpers sued all three a few years ago and said they didn't know what they were talking about.

It's easy to see why - Fitch didn't use an admin, Standard & Poor's issued its ratings on a day with poor weather, and Moody's was...moody.

Monday, May 25, 2015

What happens when you protect yourself from email spam

As an angry English woman would say, I don't like spam. Therefore, I am quite happy when my email services incorporate a mechanism to auto-detect spam, place it in a junk mail folder, and allow you to review the junk mail to make sure it's not legit (if you're quick enough; the junk mail folder is emptied automatically).

However, there are other systems to keep spam out of your email folder, as I discovered one day.

That day, I was responding to an email that someone - let's call him Clark Kent - sent to me. In his original email, Kent cc'ed several people, one of whom I will refer to as Jimmy Olsen.

When I sent my reply to Clark, I immediately received something from Jimmy - sort of.

I'm protecting myself from receiving junk mail.

Please click the link below to complete the verification process.
You have to do this only once.


I clicked on the link, which sent me to an external spam protection service, and was asked to do two things.

1. Promise Scout's honor that I would never ever send unsolicited email to Mr. Olsen.
2. Enter a response to a CAPTCHA test.

Sounds simple - except that I entered the CAPTCHA response incorrectly (gray letters on a gray background can be hard to read), and therefore had to do it again.

What if I had chosen not to enter it again? What if I had decided, "To heck with Jimmy Olsen, I'll just deal with Clark Kent"?

Jimmy, relieved that he wasn't getting any more 419 scam emails, would never know the difference.

Thursday, April 23, 2015

Trademarks, the Redskins, the Slants, and the NAACP

As a former resident of the Washington, DC area, I have a natural interest in following the brouhaha over the football team's name, which some consider to be disparaging. In one skirmish, the trademark of the Redskins name has been invalidated, although that decision is under appeal. The ramifications? If the trademark is invalidated, then anyone and everyone has the right to produce Washington Redskins products, and the team can't do anything to stop them. Opponents of the name believe that this financial pressure will cause team owner Dan Snyder to change the team name to something that can be trademarked.

But this issue goes beyond football. As Courthouse News Service notes, this can also affect music trademarks.

Simon Shiao Tam had applied with the U.S. Trademark Office to register the mark "The Slants," which is the name of the Asian-American dance-rock band for which he is the front man.

The application included images of the band name set against Asian motifs.

Finding the mark disparaging to people of Asian descent, the examining attorney refused to register it.

The Lanham Act provides that the trademark office may refuse to register a trademark the "may disparage or falsely suggest a connection with persons, living or dead, institutions, beliefs, or national symbols, or bring them into contempt, or disrepute."


Never mind the fact that Simon Shiao Tam is a member of the race that is being disparaged. The trademark office is color-blind. If Dan Snyder can't do it, Simon Shiao Tam can't do it, either.

So, what other trademarks could be lost by their current owners? Take a trademark that has been around longer than the name of the Boston/Washington Redskins. Details here:

There may be a number of proprietary logos, service marks, trademarks, slogans and product designations found on this SITE, including but not limited to: The NAACP name and seal.

This language does not clarify whether "the NAACP name and seal" comes under the jurisdiction of the U.S. Trademark Office. However, other language indicates that "National Association for the Advancement of Colored People" is a trademark - and the trademark has been defended in court.

Color me not surprised.