netiquette

Clanning Concept Art

For the unwashed, Clan Lord by Delta Tao Software is an archaic, sorely out-of-date Multi-player Online Role-playing Game  (MORPG) that has been running since the late 90s. The single world (server) and small population make it feel like a small town, thus all of the current players have the same goal (job). Thus, like any small group with common goals, it is a bit like a company: You have your people in it who are on the ball because they work well in teams and independently, those that only work in teams because they need direction, those that lead group of people in a direction, those that specialize in a subset of knowledge about the terrain (market or technology) all of whom trade their time and risk profit (experience) to advance, and finally those that just show up to have fun. These flyby ‘fun’ people are equivalent to the people who just show up for a paycheck. In the game, one seemingly minor mistake can lead to the death of the entire group.  This necessitates departing (experience and time loss) which is a bit like working on a project  and having it fail miserable because Joe Paycheck didn’t know or care that you shouldn’t have done X.

Considering the parallels I noticed about the in game group and the group of people you work with  day-to-day, I have found several commonalities that I have taken from work to game and from game to work that have helped me navigate real life teamwork, leadership and relationships.

(Original Circa 2012; Minor Update: 20170502)

Continue Reading

javascript-scam-dialog

The dialog, sounding ominous, is using ignorance and fear to urge the user to “Act Fast” to avoid disaster. It is also a complete lie aimed at scamming you

Mistype “Twitter” or any popular URL into you browser and you might fall victim to scam-ware with an dialog box that looks like the one to the right. This screen shot is a dialog box that pops up upon being redirected to a domain name with a common miskeying of “twitter.” The landing page has a javascript that threw up this auto-opening dialog box that is intended to look like a system level warning. This is all a con game — and BTW: “con” stands for “confidence” because the whole scam is based on tricking people that they can trust the person scamming them with confidence.

This dialog box automatically opens on this page, and reopens after being closed. It contains text that is ripe with known psychological techniques that urge victims to take fast action and not look for outside help. Its wording is finely crafted to shuts down a person’s reasoning centers and on impulse.

The first is a warning of imminent warning of danger: Which is akin to a sailor in a bird’s nest yelling “VIRUSES HO!”

Back in the day when a warning would require immediate action to avoid crashing a ship on the rock, this was a good survival instinct: “Don’t think, thus do it” has saved countless lives. However, this assumes you know what to do in the case of an emergency. If you don’t, following the instructions of a trusted instructor could sometime land a plane safely — as in many a commercial airliner disaster movie. So, here is a manual that shows how these scams work which might help novice users avoid losing a lot of money for no other reason than not knowing any better.

Continue Reading

Facebook, Google+ and the like each have different rules about what should happen to digital assets after an account holder passes on. Specifically, Facebook’s mishandling digital content of deceased user’s has been very public, and reported on every few years. Each time Facebook claims to have a process to convert the deceased’s pages to memorial page, the process is less than transparent, nor easy. The last time a friend passed away, we learned that Facebook required proof of death to be sent to them by an immediate family member. There is no online mechanisms to facilitate this, nor can the process be monitored once sent.

Continue Reading

SmartTVs have a tendency to collect information without allowing end users to control or even know what is being collected and transmitted. UPDATE: Recently, Samsung’s legal disclaimer about its voice controlled SmartTV had to include a warning (buried in the legal section) that the TV is always relaying what the user’s near the TV are saying, and mentioning that sensitive information should not be said near the TV.

This is an example of the invasiveness of these devices. On top of this, the technology is so new, that there are no regulations concerning what information can & cannot be collected with smart devices, nor how that information is transmitted. The article below from the BBC explains how LG’s SmartTV sends the names of his family members in clear text across the internet— something that most people would be uncomfortable having publicly available. These are just 2 examples of how buying into the convenience of a Smart TV is not worth the cost in terms of privacy.

Continue Reading

I had to send this “support request” email today because of some seriously bad error in judgement when someone hit the sent button today. Seriously folks, this is 2014… have web companies and their employees learned nothing?

Hi,

this morning I got an email asking me to click a link embedded in the email to verify my email address as a condition of maintaining my *********

The email is worded exactly like a phishing attack: requiring fast compliance, threatening a disconnection of service, lacking a link to verify this policy anywhere and the email is unsigned by anyone.

Someone in security who works there must be aware most phishing attacks are carried out exactly this way, and that you should NEVER encourage a user to click a link whether it is a legitimate reason or not in an unsolicited email because of the bad precedent it sets.

Instead, you should give the user a one-time unique token to enter and tell them to login into their account, and enter the token on their account page to verify the email was receive and in fact they do own the account. Not doing so would allow anyone with access to a client’s email account to potentially hijack the account with your service.

If you disagree, then I will have to look for a more competent company to *********. Please escalate this email until it gets to a policy-maker that understands the importance of why this is ““worst practice.”” If this does not happen, I might as well cancel my account because it is only a matter of time before your customers or your client-facing DBs are hacked.

Thanks.

Just to clarify, the raw headers show it was sent from their mail server, and the message looks legitimate, but maybe someone hijacked that through completely unrelated blunder. Anyway, the moral of the story is: do not click links in unsolicited emails. If this was a case of a password reset I requested or a two factor auth thing, or even a newsletter I opted-in for, those are totally understandable, but in this case it was probably just bad form. To allow the company time to correct their policy (or regain control of their mail server) I have not mentioned exactly which web services company this is… but this is yet another case of sloppy work in the IT sector. And, as Danny Glover once said in a movie where he co-starred with a crazy guy, “I’m too old for this shit.”*

Thanks for reading.

*luckily this last word is no longer banned from TV, and thus — in this usage — it is appropriate to describe a distinct lack of professional behavior from a commercial company.

I have gotten about 10 or more fake dropbox invites this past few weeks, and a funny thing happened: my blog stats spiked like crazy! So, given that fact, I want to help people by reposting the link to that article that should show up in searches as being a fresher piece of info. Again, the advice remains the same, timeless in its wisdom: look before you click.

http://noivad.wordpress.com/2012/06/21/dropbox_invite_scam/

As previously commented: I seriously doubt Dropbox had anything to do with the release of email addresses. Instead, I think that the people phishing have compromised some end user systems and gathered data on who else might have dropbox installed.

Why Dropbox Would Sell Email Addresses

Someone commented that they wondered if Dropbox sold user email addresses. Based on what email address the phishing scam is going to, I would say no. Also, I mentioned that Dropbox makes its money by people upgrading their accounts, and would alienate paying customers if they did. So, the marginal income they would get for selling any customer info would easily be outweighed by the loss of revenue from customers going to one of the many other cloud backup and sync providers.

Personal Cloud Devices

Speaking of cloud or cloud like data access, I am close to purchasing Connected Data’s personal cloud device the Transporter once they can answer a few simple questions. Or I might go with Hyper or Akitio’s Personal Cloud devices. If anyone has experience with these devices, please contact me on app.net (the user name is the same), or comment here. Thanks for reading.

Bye the way: you tech heads need to make sure this Dual 2.1A USB adapter & extension cord succeeds because I need this product. I get nothing out of it but my reward level for backing it, BTW. However, by my estimates, nuPlug will miss funding by 3 days unless we help it out. So please pass this link to NuPlug’s Kickstarter. Daddy needs a new charging solution. I have stepped on extension cords; had to use 2 chargers for a 2.1A iPad and another device, and I have seen companies charging as much (or more) for just a Dual 2.1A USB charging adapter!

App.net might look like just another social service to some. And, in fact, it currently looks very much like Twitter was when it started: It is just a lot of tech-savvy people talking freely and enthusiastically about app.net and whatever strikes their fancy: No celebrities promoting themselves, no ad-spam, no fake users, no incredibly stupid posts—although there are some stupid posts, there’s no one stupid enough to post public calls to kill government officials as one woman who has disappeared did. App.net is just a lot of signal with very low noise.

I get at least a few invites each month to join a new SoNet. The invites usually get a tossed into the trash almost immediately. Few get me to look at the site. But that’s usually it. Even if I do sign up the to site, I often let it languish and simply forget about it until they start spamming me to use their site, “log in with…” or want me to link my other SoNets to it.

Paying not to Share but Selectively Share

App.net is 180° away from ll of these sites though, because their interests align with my interests:

Continue Reading

I have been following Dalton Caldwell on Twitter and reading his blog posts for sometime now. A vast majority of the time, I am nodding along to each of his points, as he points out a company or industry’s fundamental breach of trust or lack of sense in some new strategy that will revolutionize the industry.

This time Dalton is trying to kickstart a new social network with a twist: App.net. Instead of selling you, the user, and having you do all the work by posting content and telling the company what you like, only to have them turn around and sell your data to marketing and advertising agency. So, they can resell it to businesses looking for people in your demographic as a higher priced “targeted ad,” he aligns the social network with users by having the money come directly from the users. Dalton—being a “very smart guy”—knows the idea of paying for a service that is usually free in order to get better treatment has come.

When live journal, tribe, friendster and myspace were all trying to figure out how to monetize their social networking sites, the public at large, didn’t understand how valuable having a way to broadcast to the internet was. Now, that the public has had a taste, the idea and acceptance of social networks being a valuable way to communicate with friends has allowed people like Dalton to finally offer a service that people know the value of paying for. Tribe, Friendster, MySpace, LiveJournal, etc. were all trying to ride the wave when it was still out at sea while also getting towed be boatloads of advertising cash. Facebook, Google and Twitter are now trying to catch a line from the advertising boat, and alienating some of the people generating the wave.

They could easily turn around and offer a paid, ad-free service, however the real damage is with their selling and sharing of your data—things such as you email address, name, age, sex, address, zip code, etc. Once sold, the Facebooks of the world cannot redact any of that information. There is no mechanism to pull your data once it is let out to a third party app or game a person tries even just once. While FB’s compliance policy says the app maker must delete your data if you remove their “free” game, there is no enforcement, nor any auditing to make sure this is actually happening. So, really, it is time for a new entity with a clean slate to start with a center that is based on serving the people who pay for the service rather than the advertisers and companies that pay lip service to privacy concerns.

The saddest part is, even when a big company such a Google or Facebook adopt practices that are gross violations of privacy or make errors that would land a person in jail, they get what amount to a slap on the wrist, and publicly apologize, saying, “it will never happen again.” But we all know that their profit-margin from either alleged “mistakes” such as bypassing a DO NOT TRACK header, or sneaking persistent ID cookies in there to follow your browsing habits far outweigh any penalty once they get caught.

For instance an executive at BP could have sat in his office knowing full well they would be forced to cough up up to 2B for gross negligence (as long as they kept their mouths shut and never admitted wrongdoing), but also the net profits will be up 50% to 15B. That 2B dollar fine is just the cost of doing business and still a 30% jump above last year. (All of this is speculation, and I haven’t even checked their numbers, but you get the idea.) The same could go on every day at a large company in the social network space as well. An executive could weigh the risk-reward ratio of any illegal action, and figure that with enough spin, plausible deniability and legal fees and decide that the penalties are far enough down the road, and that public scrutiny only lasts so long.

I see BP gas stations today and they are doing business as usual with pump prices holding steady a lot higher than before the explosion in the Gulf, because people don’t care unless it is convenient for them to. If it is inconvenient to not use a product or service that they know is from an ethically deficient company, they generally make excuses or just admit, “I don’t care” if they are a more honest person. In fact as long as their interests align, they are willing to put up with a few questionably ethical practices.

The thing is, if one of these companies deices that their quarterly profits are worth more than a permanent injury to a group of people (such as their identity being stolen and their credit destroyed) or the environment (such as sea life mutating thanks to oil dispersants used in concentrations that would affect cell replication), then you or the victim of their risk-reward calculation are fucked. Because all that will happen will be a slap on the wrist, and lip service. There is no such thing as a corporate death penalty for accidents, nor gaming the system. But there should be.

That’s why I hope Dalton succeeds. If his service takes off the ground and holds to its ethical center of “people over profit (but a profit is needed)” then companies like his will take care of killing the parasitic companies and the sociopathic companies for us. So, while I haven’t backed the project yet. I will definitely earmark part of my budget for it, and help by telling people. I do the same for any company that “gets it,” such as duckduckgo.com: because face it, Google’s “‘do no evil’ mantra” has evolved into (as George Carlin would say) “pure bullshit.”

I am not against making money, but I think no company should ever place the basis of their revenue stream at odds with sound ethical practices. If their is ever a question, then obviously you are in the wrong business or talking to the wrong people. Advertising and marketing are usually at odds with maintaining honesty and privacy, and those are the areas I would never work in. For instance: What would I say if asked to develop a system to help people find information when they want it? “Great!” Develop a system to monitor what people are doing with this tool? “Fuck off.” Why? because it’s a basis of freedom, and the word “freedom” does not mean “We will monitor what you do, so only do what we want you to.”

So, yeah, I have $50–$100 for dalton because I value people who put their business practices inline with my concerns for privacy and ethical behavior. Do you? Ask yourself if you really do too. Are you concerned enough to pay someone for this so they can erode those that are paying the numbers with your health, safety and security as their poker chips?

I got this in the email today. I found it fishy that a person I do not know sent this, so I moused over to see if my suspicion was correct. Yup! Scam most likely leading to a website that would do a drive by download and pwn my system. Patch your Windows Machines folks, & Mac users use Sophos! (I didn’t actually click the link because I didn’t want to take my machine and use it as a lab rat.) The moral of the story: look before you leap = check the real URL before you click.

As you can see the link leads elsewhere