Tag: Stupid people

I never wanted to do business with Countrywide in the first place

I’m among the many people who had their personal information sold by a Countrywide employee to some “third party”. I’ll share the first paragraph of the letter.

We are writing to inform you that we recently became aware that a Countrywide employee (now former) may have sold unauthorized personal information about you to a third party. Based on a joint investigation conducted by Countrywide and law enforcement authorities, it was determined that the customer information involved in this incident included your name, address, Social Security number, mortgage loan number, and various other loan and application information.

If this were happening to someone else, it would make me laugh on so many levels. First, the “employee (now former)”. It’s sad that they felt the need to specify that the employee is no longer employed. It’s sadder still that, had they neglected to mention it, many would have assumed that the employee was still there, undoubtedly selling more information to more third parties. Then, he/she “may” have sold. If you aren’t sure that my information was sold, how can you be sure what information was involved? And then to list all these things specifically and then add, “other loan and application information”. Have you ever applied for a home loan? It’s about a 7,000 page application. If this “third party” studies for a bit, he could email my mother and she’d think it was me. My favorite part is that I didn’t even set out to do business with Countrywide. Because of the ridiculous shell game that is the mortgage market in this country, I never went to Countrywide and asked for a loan. Sure, I signed papers allowing my lender to sell the loan or the servicing or whatever they did to Countrywide. But that doesn’t mean I wanted to do business with them. They end the letter with another apology.

We apologize again that this incident has occurred and for any inconvenience or worry it may have caused.

No, not “we apologize that we vet our employees like John McCain vets VP candidates (ZING!)”. Not “we’re really sorry we betrayed your trust and exposed you to identity theft”. Nope, they’re sorry it happened. They’re sorry you’re all freaked out and upset that someone has all sorts of personal financial information about you Apologizing for what happened without ever acknowledging that it was your fault is not an apology at all. Not once in the letter do they take any sort of responsibility. They “take [their] responsibility to safeguard your information very seriously”. Yes, they are very serious about offering two years of free credit protection once incidents like this happen. If that’s taking it seriously, I’d hate to see how they handle problems they don’t feel are very important.

The unintended consequences of blocking webmail

No matter how hard you try, you can’t effectively block anything on the internet. My favorite angry tech geeks just mentioned the great quote from John Gilmore, “the internet interprets censorship as damage and routes around it.” That’s not exactly what happened when they blocked webmail at work, but it might as well have been. There’s a free wifi signal in our building provided by the DC government. I have no idea why it’s there, or who it’s meant to serve, but it’s been great for me. However, it goes in and out a lot. You have to authenticate with an email address every time it drops you, and sometimes that would happen every few minutes. It could be really frustrating, especially when I really needed that connection. It was the only connection I had for the laptop where I do all my work, and when it wasn’t working, I couldn’t get to source control, I couldn’t do all sorts of necessary work tasks. So, when they blocked webmail on the official work network, the DC wifi took a beating. They started blocking on a Monday, and through Wednesday, the DC wifi was totally useless. Even when it would successfully authenticate me, it wouldn’t let me do anything. What happened next? Whoever runs that wifi network must have upgraded some equipment, because now that connection is better than it’s ever been. They must have gotten complaints from whoever is actually supposed to be using that network, and took steps to improve it. And now I have a pretty reliable connection. It hurts my argument that work needs to buy me a Blackberry, but I didn’t really need a Blackberry. In some sense, everyone wins here. People aren’t checking webmail on the official work network. As misguided a security policy as that is, it remains their right to block webmail. And I have a better uncensored connection that helps me be more productive at work. Clearly I’m not the only one using it, and the others undoubtedly benefit from the increased quality of the wifi service. More and more, we have to realize that everything is available on the internet. You can accept that, figure out how it affects your business, and move forward. Or you can waste resources fighting against it until you realize that no amount of censorship, lawsuits, or new laws will ever stop the flood of information.

Just because HDTVs are cheap now doesn’t mean your child needs one

Have you ever ridden in an elevator with a little TV screen provided by The Captivate Network? There’s one in the elevator at my office. I like to watch because it makes me forget that I’m in an elevator (As faithful readers know, I hate elevators). It also occasionally has some interesting things, like little news tidbits and weather. Today, I was coming back from lunch, and the screen showed a “gadget review”. They mentioned a 32″ Samsung HD TV. They mentioned that it was perfect for any dorm room. At the bottom was the price. $850. What college student could possibly need an $850 television in his/her dorm? Do you know how big the TV was in my college dorm? 13 inches. And I turned out just fine. Seriously, parents, if you buy your college student an $850 TV, you are a bad parent. College is about being poor and trying to hook up with as many people as possible. If you’re spending a lot of time in your room watching a huge TV, you’re doing it wrong.

Record labels are stupid

For whatever reason, NIN.com has a really crazy archive system, so this link may not work for you, but apparently someone has released an old NIN album on vinyl without Trent’s knowledge or approval.

You may have heard there’s a new re-release of The Downward Spiral on vinyl. I heard that, too. I have no idea what it is or what’s on it because the band has had no involvement in it.

How typical of the music industry – a band finds new ways to make money without treating fans like criminals, and some label that has rights to older music decides that it’s going to support the artists by cutting them out of the loop. Way to go, record label! That’ll show everyone that you’re still relevant!

BMI is bunk

I’ve said many times before that we should stop computing BMI (Body Mass Index), we should stop basing any sort of judgments on it, and we should just stop even remembering that it exists. It’s a terrible measure of health, and it mistakenly classifies all sorts of people as healthy or unhealthy. Well, now I can say the same thing again. But this time with science! Chad Orzel, physicist and new father, says:

This will not come as a surprise to anyone who has ever put the stats for their favorite pro athlete into a BMI calculator (you want to tell Michael Strahan he’s obese?), but it’s nice to see it holds more widely.

He references a NYT article that I won’t bother to read because, frankly, the NYT gets on my nerves. But it says just what I said above – if you use BMI to judge a person’s health, you’re going to be wrong much of the time.

Of all the dumb things to say

I’ve always been a fan of Mike Mussina. He broke into the league in 1991, and quickly became a star the next season. He was a big part of some exciting Orioles teams that kept losing to the Blue Jays. I’ve never been a fan of Murray Chass. He’s a favorite target of Fire Joe Morgan, and deservedly so. He recently started a blog, but refuses to call it a blog, refuses to allow comments . . . He pretty much took all that’s good about a blog and threw it away, while taking all that’s bad about journalism and put it on a pedestal. Anyway, today he’s writing about Mike Mussina. He has no idea what he’s talking about. So, because Mussina is having a good year at age 39, and people think he might finally break the 20-win mark for the first time, we’re starting to hear talk about the Hall of Fame. That seems pretty reasonable – five of the ten comparable pitchers listed at Baseball Reference are in the Hall, and at least one more (Curt Schilling) has a good shot. What does Murray Chass think about this? “Mussina has an impressive career won-lost record (265-151) but not much else.” His won-lost record is actually the least impressive thing about his career. Sure, he’s 39th all time in winning percentage for players with 100 decisions. That’s pretty good. But won-lost record is a pretty useless measure of a player’s actual ability. Let’s look, though, at the good measures of a player’s actual ability. Let’s look at WHIP, 1.19, 9th among active players. Let’s look at K/BB ratio, 3.56, 13th all time. Or how about strikeouts, 2759, 21st all time. All of those are much better measures of a pitcher’s ability, and in all of those Mussina compares well with Hall of Fame pitchers. What else does Chass have to say? He compares Mussina to some of his compatriots who are not in the Hall – Tommy John, Bert Blyleven and Jim Kaat. “All had career victory totals in the 280s. Except for winning percentage, all had better records than Mussina.” I’m not even sure I can address that. What does it even mean? Let’s start with Tommy John. 288-231 career record, a winning percentage of .555. That’s not nearly as good as Mussina. Neither is his 1.28 WHIP, 1.78 K/BB, or total strikeouts, 2245. Then look at Jim Kaat. 283-237 (.544), 1.26 WHIP, 2.27 K/BB, 2461 K. Not in the same league. Now, Blyleven is harder to bash, because he, like Mussina, deserves to be in the Hall. He’s become something of a sabermetrics poster boy. He excelled in the “new-fangled” stats like WHIP (1.20), K/BB (2.80), strikeouts (3701), 5th all time. But he played on crummy teams, and compiled a 287-250 record (.534), and it’s keeping him out of the Hall.

John and Kaat were each 20-game winners three times, Blyleven once. Mussina doesn’t come close to the number of complete games and shutouts any of the three had. The three had slightly lower totals of baserunners per nine innings. But why let facts get in the way of a partisan view?

I’m not sure how he’s measuring baserunners per nine innings, because all three are higher than Mussina. It’s true, Musinna’s complete games and shutouts are low. But no one (except Roy Halladay) finishes games anymore. Mussina is fourth in both categories among active pitchers, so he compares well to present-day pitchers. So, Murray Chass, I can only conclude that you are either a moron or a Red Sox fan. You certainly don’t seem to know a whole lot about baseball.

Didn’t mean to censor the TSA propaganda

Someone (Or, more likely, some script) claiming to be Bob from TSA Blog left a comment on this post. It was a totally useless press release talking about the ineffective things TSA is planning to do about the lost (now found) laptop. Despite the fact that it fits my definition of spam (It wasn’t a response to the post, which “Bob” clearly didn’t read, it was a monologue on the same subject with a link to the author’s blog), I published it. But due to a little snafu with the back button and not paying attention, I accidentally deleted it. So, sorry to censor your spam, TSA Bob. If you post again, I’ll publish it again. But note well that spamming blogs that call out your stupidity and/or incompetence is not going to do a bit of good, and you might be better off finding something more useful to do with your time. Edit to add: Here is the text of the propaganda, stolen from the original Boing Boing post’s comments.

The Transportation Security Administration (TSA) continues to investigate the circumstances surrounding the loss of a Clear®- owned laptop computer on July 26 that contained unencrypted data of approximately 33,000 customers. TSA has verified that a laptop was discovered by Clear® officials yesterday at San Francisco International Airport (SFO). It was voluntarily surrendered to TSA officials for forensic examination. TSA’s regulatory role in this matter is as follows: Every commercial airport is required to have an approved airport security plan. So Register Traveler is part of that comprehensive plan at the airports where it operates. Under the airport security plan, the sponsoring entity, (SFO in this case) is required to assure its vendors have an approved information security program. Because the computer at SFO was not encrypted it is in violation of the airport’s security plan. TSA also has the ability to go directly to vendors when the plan is not being adhered to so TSA is conducting a broad review of all Registered Traveler providers’ information systems and data security processes to ensure compliance with security regulations. Clear® needs to meet the information security requirements that they agreed to as part of the Register Traveler program before their enrollment privileges will be reinstated. Encryption is the wider issue as opposed to one incident with one laptop. So for now, Clear® enrollments remain curtailed. Current customers will not experience any disruption when using Registered Traveler. Bob TSA EoS Blog Team

The worst part about this is that TSA’s response to this seems to be a stern wag of the finger at the contractor. I feel safer already.

Speaking of IT security and idiots

It seems a TSA contractor has misplaced an unencrypted laptop full of people’s personal information

The Transportation Security Administration suspended Verified Identity Pass Inc., the company that operates the registered traveler program under the brand name Clear, from enrolling new applicants due to the alleged theft of the unencrypted laptop.

Link from Boing Boing, but they kind of dropped the ball by not mentioning the unencrypted status of the missing laptop. Luckily one of the comments mentioned it. Keep in mind this is entirely against TSA regulations (I worked there for 9 months). TSA is colossally stupid sometimes, like when they made me take my unencrypted (before the regulation went into effect) laptop home on the Metro every day for a week rather than leaving it in the secure facility where I worked. But I’m almost inclined to not blame them for the actions of a contractor.

TSA officials said the suspension will protect consumers waiting to enroll in the Clear program and allow the company to bring its procedures into compliance.

How about making them give back all the money due to breach of contract? There’s no accountability in government contracting.

Webmail isn’t evil, IT departments are

The IT department at work has decided to block all webmail beginning August 18th. This is a big problem for me, because I’m a contractor and don’t really use the work email. It’s a pain, and I can’t get to it from home without jumping through hoops. My actual work email is my Gmail account. So this is going to cause me a ton of problems. And for what? I did a little Googling for the security risks associated with webmail.

“Any pop-up ad that appears in a webmail message could potentially contain a virus when it opens,” she said. “An attachment that comes in from a webmail message could possibly bypass all the safeguards all the way to the user’s computer.” In addition, just opening a Web browser window to these commercial webmail sites can leave a computer open to outside attack. (Source)

This is a bit of a strawman argument. First, you can get popups or viruses or whatever from all sorts of sites. It’s not restricted to webmail. But if you use good, up-to-date software, this shouldn’t be an issue. There are some really good free, open-source tools to protect your computer. If your users are getting viruses and hacked computers, it’s not the fault of Gmail or Hotmail. It’s your users, and it’s the tools you’ve chosen to give them.

I’m an . . . advocate of the “block access” point of view. Personal webmail, if accessible, provides another vector for your data to fly out of the window but one that you have poor control over and little ability to monitor and audit. Neither can you comply with data storage and archiving regulations if the service is being used to legitimately send and receive business data to and from external addresses. (Source)

Archiving is a legitimate concern. Although I can’t imagine why the author thinks it’s not possible to comply with regulations – there is nothing stopping you from hooking up your webmail account to Outlook or Thunderbird and downloading it all. Then you can archive to your heart’s content. Actually, I think Yahoo and Hotmail make you pay for POP3 access, but that’s because they hate their customers.

If anything, what’s [sic] it’s partly demonstrating is the problems in the usability associated with security products. By making them too cumbersome, it’s natural for people to seek routes around them — making the security procedures a risk in their own way. (Source)

This I totally agree with. I use a ton of Google’s web tools for legitimate work purposes because they are easy and useful. If you block them, I’m going to try to get around the blocks, like the way you can use https instead of http to get around some filters that block Gmail. But I more or less know what I’m doing. I’ve heard of some ridiculous unsafe hacks to get around work-imposed security. Some of the workarounds are much more dangerous than the thing being blocked. But you know what’s more dangerous to security than all of this put together? Stupid people. And, to a perhaps greater extent, smart but ignorant people. People who think they know better, but don’t, are a huge source of problems. Much better to know you’re incompetent and stop trying. I remain entirely unconvinced that this will do any good. You can’t possibly block all possible routes for sensitive information to leak out of the office. By blocking webmail, you’re taking away one of the most convenient methods, but what you may end up doing is driving the leaks to more and better hidden channels. Maybe now one person is going to start Twittering all day, while another is going to use some other service. The information can still get out. And what about someone who goes to do a little online banking and accidentally hits a phishing site that steals their banking info and deposits a virus on their computer, giving a hacker total control of their PC? Are you going to ban bank sites, too? Why not just ban everything? Chain employees to the desk in rooms with white walls and no windows. Give them three breaks a day where they can use the bathroom and buy lunch from the company (Wouldn’t want them sharing company secrets at the local deli, would we?). Maybe we should just stop sharing secrets with employees altogether. Just keep it all with the executives, who can lock themselves in ivory towers, making angels in piles of FOUO and COMPANY PROPRIETARY documents. Maybe we shouldn’t even do any work. The dangers of compromised secrets are too great. We should all go back to a hunter-gatherer economy, where there were no documents in need of protection from the horrors of webmail. Better for the environment, too, as a majority of Americans would die of starvation within the year. Or we could save time and trouble by committing mass suicide in orderly rows. That would teach Google to make a great webmail service with an intuitive, helpful interface. Stupid jerks.

Just let me do my job

LifeHacker | IM Can Reduce Workplace Interruptions, Study Shows It has always driven me crazy that so many workplace IT departments block various web pages deemed as harmful to productivity. My philosophy is:

  • If I’m using too much bandwidth, reprimand me
  • If I’m not doing my job, reprimand me
    Otherwise, trust me to be an adult and do my job. Who are you to say what web sites I might need to do my job? At my previous job, we used GTalk all the time for legitimate work purposes (In addition to non-work purposes) before they blocked it. Dozens of times I’ve been researching a work problem and come up against a blocked website. I spend A LOT of time on the computer. Too much, some might say. And some of it is time spent at work on non-work things. I freely admit this. But I get my job done. Sometimes, GTalk helps me do that. Sometimes some sketchy-looking forum helps me do that. Sometimes Google Documents helps me do that. And sometimes I just want to putz around on eBay for fifteen minutes to clear my head. I think if employers started worrying more about actual employee productivity than micromanaging internet access, we’d all be a lot better off.