Email Worst Practices

I had to send this “support request” email today because of some seriously bad error in judgement when someone hit the sent button today. Seriously folks, this is 2014… have web companies and their employees learned nothing?

Hi,

this morning I got an email asking me to click a link embedded in the email to verify my email address as a condition of maintaining my *********

The email is worded exactly like a phishing attack: requiring fast compliance, threatening a disconnection of service, lacking a link to verify this policy anywhere and the email is unsigned by anyone.

Someone in security who works there must be aware most phishing attacks are carried out exactly this way, and that you should NEVER encourage a user to click a link whether it is a legitimate reason or not in an unsolicited email because of the bad precedent it sets.

Instead, you should give the user a one-time unique token to enter and tell them to login into their account, and enter the token on their account page to verify the email was receive and in fact they do own the account. Not doing so would allow anyone with access to a client’s email account to potentially hijack the account with your service.

If you disagree, then I will have to look for a more competent company to *********. Please escalate this email until it gets to a policy-maker that understands the importance of why this is ““worst practice.”” If this does not happen, I might as well cancel my account because it is only a matter of time before your customers or your client-facing DBs are hacked.

Thanks.

Just to clarify, the raw headers show it was sent from their mail server, and the message looks legitimate, but maybe someone hijacked that through completely unrelated blunder. Anyway, the moral of the story is: do not click links in unsolicited emails. If this was a case of a password reset I requested or a two factor auth thing, or even a newsletter I opted-in for, those are totally understandable, but in this case it was probably just bad form. To allow the company time to correct their policy (or regain control of their mail server) I have not mentioned exactly which web services company this is… but this is yet another case of sloppy work in the IT sector. And, as Danny Glover once said in a movie where he co-starred with a crazy guy, “I’m too old for this shit.”*

Thanks for reading.

*luckily this last word is no longer banned from TV, and thus — in this usage — it is appropriate to describe a distinct lack of professional behavior from a commercial company.

Another Apple Router Bites the Dust…kinda

Last year my Airport Express (v1) was made obsolete by apple deciding to drop support for configuring it from 10.9. This year an Apple Extreme (802.11n Dual-band) that was in service for about 4–5 years finally started failing thanks to either age or heat problems. The heat issue is often important to some tech people because the amount of equipment in use easily spikes the temperature in our rooms 5°–10° or in the closets we have to stick them in. Not everyone thinks a mess of wires (properly tied or not) is a thing of beauty, so often we have to put them in closets and in spaces with little ventilation. This leads to heat building up and soon DSL modems and their UPSes and WiFi routers are dying. WiFi routers can last a long time if treated well, but if they are used constantly and under heavy loads with bad cooling, don’t expect them to last more than 5 years. As for the Airport Extreme, I am taking it to a less demanding/harsh environment. Hopefully, the lighter load will mean at least a few more years of service out of it.

As an aside: I once made the case for proper cooling in a new building when asked by the CFO if we needed Air conditioning. I said we don’t need it, but some of our equipment would burn out/malfunction 1–2 years faster costing at least a few K per year in increased maintenance and secondary costs (downtime, multiple backups, etc.)— maybe more.

I mentioned it to a friend and he said he was concerned with the iPhone 6 series’ ambient temperature ceiling (95° F). Another friend pointed out that that’s because Li-Ion batteries have this restriction, which neither of us was aware of. Checking our 5s specs, the temperature limits is also 95°F, which is interesting because the 5ses didn’t seem to have any problems in Nevada last month. So, maybe the phones Li-Ion batteries will die faster. No problem: I have replaced a few iPhone batteries and parts.

Interestingly enough, I looked and fewer and fewer manufacturers are putting this info in their specs sheets, leading me to believe some of support costs could be avoided by placing this info in the specs and making sure customers are aware of it. I know plenty of people that leave electronics with Li-Ion batteries in their cars (hidden of course). Luckily, non-operating ambient temperature ceiling are above 110°F.

Anyway, heat plays an important role in the lifespan of many electronics, and it occurred to me that few people even mention it. So, I am mentioning: If you are on a 3-year replacement cycle, paying attention to this fact isn’t too important. But if you are in the miserly camp of stretching your dollar by upgrading devices less than 3 times a decade, you might want to be aware of heat and operating temperature limits as a consideration.

In App Content Consolidation as a Feature (not really new, but apparently not really obvious either…)

I haven’t posted anything for a while. Hey, I’ve been busy, you’ve been busy—we’re still friends right?…
I wrote this to a site that offers both purchases and online content today. I have modified it to remove references to the company. It should be obvious that some companies are already doing this but for darker reasons. Also, I am not aware of any company doing this within their particular area of interest.
Enjoy.

Continue reading

Dropbox Invitation Scam Spam Today

I got this in the email today. I found it fishy that a person I do not know sent this, so I moused over to see if my suspicion was correct. Yup! Scam most likely leading to a website that would do a drive by download and pwn my system. Patch your Windows Machines folks, & Mac users use Sophos! (I didn’t actually click the link because I didn’t want to take my machine and use it as a lab rat.) The moral of the story: look before you leap = check the real URL before you click.

As you can see the link leads elsewhere

 

 

Why I give free advice…

A few times a week someone asks me about something related to computers or technology. I like answering the questions for several reasons, and I give advice for free for one very good reason.

First: I like answering because it’s an exercise for the brain. It makes me take all my knowledge and apply it to a specific instance with its own parameters and limitations. Second, if I do not know the answer off the top of my head, I am forced to find out by doing a quick search or two and reading what has been written by experts and people much more familiar with the matter. Thus, it expands my knowledge base.

The single “very good reason” for giving the advice free is simple: Having no vested interest in either selling them a product nor my services, I can give advice free of bias. I do admit my bias toward products I think work well, but I would imagine that would be a desirable bias. If I gravitate toward ease of use or advanced features I can adjust for the sophistication of the person asking. If a product has both ease of use chops and advanced features either buried or easily accessed, it makes my job easier. However, one of my first questions is: What is your budget? That let’s me know whether to recommend an open source application/hardware platform or a competent commercial application.

Either way, If the person is very technologically naïve can let them know if they’re on the right track, and steer them toward resources so that if and when they spend money or allocate resources, they can feel more confident doing so.

BTW Sis: the answer currently is a WD Live box… but that is subject to revision next product release cycle.

Quick Shot: Too Long for a Tweet, Too Short for a Page

Okay,

Quickly: This month has been a “lurning [sic] experience.” I am juggling multiple projects which are all related only by the fact that they’re simply making me a better designer. New tricks are being learned, etc. Sites are going up and being moved, and I’ll be updating everything and essentially leveraging what I learn in one place and using it in another.

I finally figured out I needed to buy more RAM for my laptop: sometimes there is less than 16MB of free RAM and over 700K page-outs in a few days of heavy use. The thing would slow to glacial pace during heavy loads. It’s really been holding me back. Who knew 4GB wasn’t enough!?!? So, I broke down and ordered a few more gigs. Luckily, installing is a piece of cake on my MBP. I was in and out of a friend’s machine in less than 15 minutes without cutting any safety corners. I also need to get another HD and replace the optical drive. OR I can just breakdown and backup over WiFi and offload some files. But I like the idea of having everything with me.

Another, non-web, but information related project is advancing slowly, but it is way too soon to even talk about. I am still researching to decide the best approach. Some of my closest friends know about it, and I think about it all the time. It is currently possible: all the building blocks are there, but no one has put them together yet. I should probably stop spouting off about it to people who work for huge computer companies though. But for all I know someone has already patented it? I dunno, I heard if you research a patent it is worse if you get sued. :\

Anyway, my plan is to release it under a non-commercial open licensing scheme, so that pizza fueled one man ops can use it freely, and large corps that can pay may license it. But as I said, someone might have already patented the pieces, but I think this would probably fall under derivative works. I’m not sure because I am not a patent lawyer. It sucks that I have to keep the cards close to my vest because copyright: originally designed to encourage innovation, is now a club that large corporations use on each other daily. Recently I read about a patent lawsuit about emoticons in a pull down menu on Ars, It seems silly to anyone, but that’s how whacked patent law is. The funny thing is, within my circle of friends I probably have all the people I would need to start developing this thing in earnest, but first I’ll go in sideways with build-up projects.

A big thanks to those people with everything from bachelors to PhD degrees in CS and related fields that I have the greatest conversations with. I learn something new every time I get a chance to pick one of these people’s brains.

Apologies about any incorrect punctuation marks or typos. I’m typing this on the fly before heading off somewhere. Cheers!