Submitted by brad on Fri, 2015-01-16 13:33.
I’m sure, like me, you have lots of electronic gadgets that have status LEDs on them. Some of these just show the thing is on, some blink when it’s doing things. Of late, as blue LEDs have gotten cheap, it has been very common to put disturbingly bright blue LEDs on items.
These become much too bright at night, and can be a serious problem if the device needs to be in a bedroom or hotel room. Which things like laptops, phone and camera chargers and many other devices need to do. I end up putting small pieces of electrical tape over these blue LEDs.
I call upon the factories of Shenzen and elsewhere to produce low cost, standardized status LEDs. These LEDs will come with an included photosensor that measures the light in the room, and adjusts the LED so that it is just visible at that lighting level. Or possibly turns it off in the dark, because do we really need to know that our charger is on after we’ve turned off the lights?
Of course, one challenge is that the light from the LED gets into the photosensor. For most LEDs, the answer is pretty easy — put a filter that blocks out the colour of the LED over the photosensor. If you truly need a white LED, you could make a fancy circuit that turns it off for a few milliseconds every so often (the eye won’t notice that) and measures the ambient light while it’s off. All of this is very simple, and adds minimally to the cost. (In fact, the way you adjust the brightness of an LED is typically to turn it on and off very fast.)
Get these made and make it standard that all our gear uses them for status LEDs. Frankly, I think it would be a good idea even for consumer goods that don’t get into our bedrooms. My TV rooms and computer rooms don’t need to look like Christmas scenes.
Submitted by brad on Tue, 2014-06-24 16:25.
Five years ago, I posted a rant about the excess of customer service surveys we’re all being exposed to. You can’t do any transaction these days, it seems, without being asked to do a survey on how you liked it. We get so many surveys that we now just reject these requests unless we have some particular problem we want to complain about — in other words, we’re back to what we had with self-selected complaints. The value of surveys is now largely destroyed, and perversely, as the response rates drop and the utility diminishes, that just pushes some companies to push even harder on getting feedback, creating a death spiral.
A great example of this death spiral came a few weeks ago when I rode in an Uber and the driver had a number of problems. So this time I filled out the form to rate the driver and leave comments. Uber’s service department is diligent, and actually read it, and wrote me back to ask for more details and suggestions, which I gave.
That was followed up with:
Hi Brad Templeton,
We’d love to hear what you think of our customer service. It will only take a second, we promise. This feedback will allow us to make sure you always receive the best possible customer service experience in future.
If you were satisfied in how we handled your query, simply click this link.
If you weren’t satisfied in how we handled your ticket, simply click this link.
A survey on my satisfaction with the survey process! Ok, to give Uber some kudos, I will note:
- They really did try to make this one simple, just click a link. Though one wonders, had I clicked I was unsatisfied, would there have been more inquiry? Of course I was unsatisfied — because they sent yet another survey. The service was actually fine.
- At least they addressed me as “Hi Brad Templeton.” That’s way better than “Dear Brad” like the computer sending the message pretending it’s on a first-name basis with me. Though the correct salutation should be “Dear Customer” to let me know that it is not a personally written message for me. The ability to fill in people’s names in form letters stopped being impressive or looking personal in the 1970s.
This survey-on-a-survey is nice and short, but many of the surveys I get are astoundingly long. They must be designed, one imagines, to make sure nobody who values their time ever fully responds.
Why does this happen? Because we’ve become so thrilled at the ability to get high-volume feedback from customers that people feel it is a primary job function to get that feedback. If that’s your job, then you focus on measuring everything you can, without thinking about how the measurement (and over-measurement) affects the market, the customers and the very things you are try to measure. Heisenberg could teach these folks a lesson.
To work, surveys must be done on a small sample of the population, chosen in a manner to eliminate bias. Once chosen, major efforts should be made to assure people who are chosen do complete the surveys, which means you have to be able to truthfully tell them they are part of a small sample. Problem is, nobody is going to believe that when your colleagues are sending a dozen other surveys a day. It’s like over-use of antibiotics. All the other doctors are over-prescribing and so they stop working for you, even if you’re good.
The only way to stop this is to bring the hammer down from above. People higher up, with a focus on the whole customer experience, must limit the feedback efforts, and marketing professionals need to be taught hard in school and continuing education just why there are only so many they can do.
Submitted by brad on Tue, 2012-03-27 14:48.
For some time, the US Postal Service has allowed people to generate barcoded postage. You can do that on the expensive forms of mail such as priority mail and express mail, but if you want to do it on ordinary mail, like 1st class mail or parcel post, you need an account with a postage meter style provider, and these accounts typically include a monthly charge of $10/month or more. For an office, that’s no big deal, and cheaper than the postage meters that most offices used to buy — and the pricing model is based on them to some extent, even though now there is no hardware needed. But for an ordinary household, $120/year is far more than they are going to spend on postage.
There is one major exception I know of — if you buy something via PayPal, they allow you to print a regular postage shipping label with electronic postage. This is nice and convenient, but no good for sending ordinary letters and other small items.
I think the USPS is shooting itself in the foot by not letting people just buy postage online with no monthly fee. The old stamp system is OK for regular letters, and indeed they finally changed things so that old first class stamps still work after price raises, but for anything else you have to keep lots of stamps in supply and you often waste postage, or make a trip to a mailing office. This discourages people from using the post office, and will only hasten its demise. Make it trivial to mail things and people will mail more.
It could be a web printed mailing label as you can use for priority mail, but most software vendors would quickly support such a system. If people wanted, they could even buy “stamps” which were collections of electronic postage in various denominations that could be used by programs so there is no need to handle transactions. Address label printers would all quickly also do postage.
Of course the official suppliers like Endica and stamps.com would fight this completely. They love being official suppliers and charging large fees. They have more lobbying power than ordinary mailers. So the post office is going to quietly slip away into that good night, instead of taking advantage of the fact that it’s the one delivery company that comes to my door every day (for both pick up and delivery) and all the effiencies that provides.
Submitted by brad on Sat, 2012-01-28 00:40.
Two recent flight booking experiences on United Airlines:
a) I booked a round trip to Toronto with miles. Due to new plans, I ended up getting a different flight to Toronto but wanted to take the same flight back. I had booked return tickets for 2 passengers, but you can book one-way tickets for the same miles price, and you can book passengers together or independently (later joining the reservations to sit together.) It doesn’t cost any more to get 4 single legs, it’s just a lot more work for you and the airline.
When I needed to change it, they said, no, there was no way to just use the return leg. I must cancel or not use the entire trip. To cancel and re-credit the miles is $250 for 2 passengers — so much for free. To re-book the one-way leg another $200 or so. The original booking was $125 in fees. That’s a bunch. Had I booked it as independent trips, I could have used my return leg, and just refunded or re-used the outgoing leg. I decided to re-use the whole trip and buy a paid fare ticket. Perhaps that’s what they wanted, but now if I want flexibility I must jump through hoops booking, and make them jump too.
b) The alternate trip was to Brussels. I booked a flight with one flight number that stops and changes flights in Chicago. It’s really two flights but with one number. Many other alternatives existed that were really two flights with different numbers. On checking in, I found that there were business class seats available. Normally on United, if you have status, that means a complimentary upgrade to busines class on the domestic flights. But because I booked it as one flight, I have no domestic flight. Other people on the same flight to Chicago with me are getting upgraded because they are not flying on to Europe while I’ll sit in coach. It’s not a long flight, but still. Next time, never book a single flight unless that’s what you really want, which you may do if it’s the same plane and that reduces your risk of lost luggage and gets you better seats. In this case, there is no advantage to the single flight number it seems, and a big loss.
Of course, phone staff have no power to make things right. Sigh.
End of rant.
Submitted by brad on Mon, 2012-01-16 15:21.
Frequently these days I will see some shocking statistic reported:
- The top 1% of earners receive over 18% of all the income (or 23% including cap gains)
- The top 5% sickest Americans account for half of all healthcare costs
These numbers suggest a shocking inequality. And there might even be an unusual inequality but you won’t see it from these numbers. What’s vital when people report things like this is that they outline what the ratio should be given what would be an expected distribution. You should expect the top 1% or top 5% of any unevenly distributed thing to be consuming a much larger share of the pie. That’s what it means to have an uneven distribution. If the top 1% of income earners only earned 1% of income, you would be in a communist utopia, and that’s true even if they earned 5%. That’s what it means to be one of the top earners.
To make this clear, I present the following statistic I suspect to be generally accurate: 99% of the fire insurance payouts in a given year go to the top 1% claiming policyholders. I have not got an actual source, but it is presumably the case because fewer than 1% of people have their house burn down. You would expect that the top 1% would get essentially all the fire insurance money in any given year.
So when you see a claim about distribution involving the top x% getting much more than x%, the right response is, “sounds normal, show me why this is unexpected or unusual.” It may well be, but you need the numbers to back it up.
Submitted by brad on Tue, 2012-01-03 11:44.
Like many, I go to a lot of conferences and events. And many of those events have decided that they should give everybody a bag. Most commonly it’s a canvas laptop sized bag, though sometimes it’s a backpack and at cheaper events just a tote. Some of the bags are cheap, some are quite nice. Some come with just the logo of the event on them, and others come festooned with many logos from sponsors who bought a space on the bag.
The bags are too nice to throw away, so I’ve kept most of them, usually tossing them in a storage crate. I decided to get the bags from the last decade out and lay them out for a photo. I’m guessing a lot of people have similar collections. We’re undergoing a serious bag spam problem.
I have used some of these bags but of course the vast bulk have either gone unused entirely, or were just used at the conference or just on the day they handed out the bag. Making the conference logo visible at the conference is pointless, though perhaps with the sponsored bags, all they want is to plaster their logo at the conference. It’s actually risky to use the conference bag at the conference, especially for things like your laptop, as it’s way too easy to mistake your bag for somebody else’s.
I don’t see other people using these bags much either. Sometimes on the flight back from the conference. Or if the conference is an invite-only conference that has some cachet to its sachet. It’s very rare to see people walking around with a bag with 6 sponsor logos on it. We conference-goers aren’t the type that like to be seen as carrying around somebody’s advertising, or being too cheap to buy our own briefcase.
This isn’t even the whole collection, there’s 50% more out there. I have actually used a few bags if I happened to particularly like their design, or they came from places I actually worked at. Messenger bags which wear comfortably on the body seem to meet my approval over yet more laptop briefcases.
And I have disposed of or given away a few, or they weren’t in the crate I put bags into.
If you’re getting ready to hand out a conference bag, here are some things to consider:
- Realize that almost everybody you give a bag to has a box full of bags at home. Being a really nice expensive bag might help a little but it’s costly.
- Face it, unless you are TED, the vast majority of the bags you give out are going to sit in storage. Consider something else. Just don’t do it.
- If you feel you have to have a bag, also have an alternative schwag that’s just as valuable people can pick instead of a bag.
- Consider the bold move of putting the logos on the inside flap of the bag. That gives up the exposure you were never going to get much of anyway, and makes it more likely I will use the bag, and be reminded of you every day — and possibly even remind some of the folks I meet with who see me open my bag.
- Forget about putting 6 logos on the bag unless all you want is to plaster those logos around your show floor. You can’t even give those bags away.
- If you must have a bag, go cheap with a tote, and make it a zippered tote. We can always find uses for those, they make decent reusable grocery bags, for example. Then I’ll keep them in the trunk and remember you on grocery trips. Or go fancy and make it an insulated grocery bag.
This is not to say you could not impress me with something clever, perhaps for a short time. For example I would not mind a bag that integrated a universal power supply and had retractable cords so I did not have to take it out. Or one of those new photographers sling backpacks that you can pull around to access stuff without removing the straps from your shoulder. But if you do that, soon somebody else will have it too and I’ll have a box of them.
So what other schwag can you give out? That is a challenge of course, and there’s a whole industry trying to sell you stuff. It varies with the time, and it has to be something new so that I don’t have a box of them at home. Consumable stuff (chocolate bars etc.) are always welcome but you fear that this means your logo will be forgotten. But it’s better than being in a crate. Travel stuff is usually a hit but duplication is again a risk — retractable cables etc. Or spend your money on a nice mobile schedule for your event, one that doesn’t suck (most of the ones out there suck) and put some logos on that.
I am told that homeless shelters like donations of backpacks and other useful bags. I suppose if we all did this, and companies found their logo hanging from the shoulders of homeless dudes, they might think twice about giving out so many bags. A system to arrange donation to poor folks in Africa might also be good.
Submitted by brad on Tue, 2010-05-25 20:22.
As many expected would happen, Mark Zuckerberg did an op-ed column with a mild about face on Facebook’s privacy changes. Coming soon, you will be able to opt out of having your basic information defined as “public” and exposed to outside web sites. Facebook has a long pattern of introducing a new feature with major privacy issues, being surprised by a storm of protest, and then offering a fix which helps somewhat, but often leaves things more exposed than they were before.
For a long time, the standard “solution” to privacy exposure problems has been to allow users to “opt out” and keep their data more private. Companies like to offer it, because the reality is that most people have never been exposed to a bad privacy invasion, and don’t bother to opt out. Privacy advocates ask for it because compared to the alternative — information exposure with no way around it — it seems like a win. The companies get what they want and keep the privacy crowd from getting too upset.
Sometimes privacy advocates will say that disclosure should be “opt in” — that systems should keep information private by default, and only let it out with the explicit approval of the user. Companies resist that for the same reason they like opt-out. Most people are lazy and stick with the defaults. They fear if they make something opt-in, they might as well not make it, unless they can make it so important that everybody will opt in. As indeed is the case with their service as a whole.
Neither option seems to work. If there were some way to have an actual negotiation between the users and a service, something better in the middle would be found. But we have no way to make that negotiation happen. Even if companies were willing to have negotiation of their “I Agree” click contracts, there is no way they would have the time to do it. read more »
Submitted by brad on Wed, 2010-02-17 20:26.
On a recent trip on a plane equipped with personal inflight video screens for each seat, I decided to watch a movie quickly and then have a nap. So I started watching the movie right after settling into the seat, about 20 minutes before takeoff. I figured with that I would watch the 1:30 minute movie through the meal service and be ready for the nap about an hour into the flight. What I learned instead was a greater awareness of just how many announcements there are on a typical flight these days. That’s because the in-flight system paused the video with each announcement and put it through my noise cancelling headphones.
The many announcements included:
- The routine ones about the process of takeoff. Door closing. Seatbelt sign on. Various blah-blah-blah
- The huge array of safety announcements and instructions I’ve seen literally hundreds of times.
- A very few useful announcements: Destination check, reasons for delay, updates on flight time.
- Some possibly useful announcements (cell phones off now, OK to use electronics now.)
- Ads: Join our frequent flyer program, get our frequent flyer card, shop from the duty free cart, buy meals, buy drinks (which did not even apply to those not in coach.)
The cacophony is getting worse, almost as bad as when you’re sitting in the terminal with the endless announcements. They know people hate that in the terminals and offer the paid lounge with no announcements, but I’ve said they should just use cell phones instead and give us peace. On Japanese Shinkansen, they also offer a “quiet car” with no announcements — it is up to you to set your own alarm to make sure you don’t miss your stop if you want to sleep or relax. The trains are so on-time you can do this.
How about doing something like this, at least on a modern airplane where you have a personal screen for each seat? read more »
Submitted by brad on Wed, 2009-09-23 17:50.
It seems that with more and more of the online transactions I engage in — and sometimes even when I don’t buy anything — I will get a request to participate in a customer satisfaction survey. Not just some of the time in some cases, but with every purchase. I’m also seeing it on web sites — sometimes just for visiting a web site I will get a request to do a survey, either while reading, or upon clicking on a link away from the site.
On the surface this may seem like the company is showing they care. But in reality it is just the marketing group’s thirst for numbers both to actually improve things and to give them something to do. But there’s a problem with doing it all the time, or most of the time.
First, it doesn’t scale. I do a lot of transactions, and in the future I will do even more. I can’t possibly fill out a survey on each, and I certainly don’t want to. As such I find the requests an annoyance, almost spam. And I bet a lot of other people do.
And that actually means that if you ask too much, you now will get a self-selected subset of people who either have lots of free time, or who have something pointed to say (ie. they got a bad experience, or perhaps rarely a very good one.) So your survey becomes valueless as data collection the more people you ask to do it, or rather the more refusals you get. Oddly, you will get more useful results asking fewer people.
Sort of. Because if other people keep asking everybody, it creates the same burn-out and even a survey that is only requested from 1 user out of 1000 will still see high rejection and self-selection. There is no answer but for everybody to truly only survey a tiny random subset of the transactions, and offer a real reward (not some bogus coupon) to get participation.
I also get phone surveys today from companies I have actually done business with. I ask them, “Do you have this survey on the web?” So far, they always say no, so I say, “I won’t do it on the phone, sorry. If you had it on the web I might have.” I’m lying a bit, in that the probability is still low I would do it, but it’s a lot higher. I can do a web survey in 1/10th the time it takes to get quizzed on the phone, and my time is valuable. Telling me I need to do it on the phone instead of the web says the company doesn’t care about my time, and so I won’t do it and the company loses points.
Sadly, I don’t see companies learning these lessons, unless they hire better stats people to manage their surveys.
Also, I don’t want a reminder from everybody I buy from on eBay to leave feedback. In fact, remind me twice and I’ll leave negative feedback if I’m in a bad mood. I prefer to leave feedback in bulk, that way every transaction isn’t really multiple transactions. Much better if ebay sends me a reminder once a month to leave feedback for those I didn’t report on, and takes me right to the bulk feedback page.
Submitted by brad on Tue, 2009-09-15 14:06.
Yes, any system which is going to engage in some long activity which will freeze up the system for more than a few seconds should offer a way to cancel, abort or undo it. You would think designers would know that by now.
My latest peeve is cell phones and other smart devices which are complex enough to “boot.” now. In many cases if you want to see if they are on or not, you touch the power button — and if they were not on, they start their 30 to 60 second boot process. Which you must wait through so that you can then turn them off again. On some devices there is still a physical power button (and on many laptops you can fake one by holding down the soft power button for 4 seconds) but that’s not a great solution. Sure, at some point the booting device reaches a state where it can’t easily abort the boot as it is writing state, but this usually takes at least several seconds if not much longer to reach, so you should be able to abort right away.
Submitted by brad on Tue, 2009-03-17 17:05.
The news of the past few days has been full of anger that AIG is paying $165 million in bonuses out to managers who drove the company into insolvency, using federal bailout money to do it. The excuse — these bonuses were guaranteed in contracts.
This may be the case. I have always thought it strange when a contract includes a mandatory bonus and not sure what the point is. A normal bonus is contingent on some metrics of personal or corporate success. If this is the case here, did they just design their metrics so badly that the goals were met even in light of driving the company into the ground?
However, if you’ve been through a corporate buy-out or rescue, you know that contractual rewards like these get nullified fairly often. Usually it’s presented as a choice between getting your bonus from a bankrupt company (and thus being in line with other creditors to collect nothing, or a small fraction) or renegotiating your contract to help the rescued company get the deal. You can be a hold-out, of course, but only if it is your plan to resign, since the new management, and the people who did renegotiate, will have no interest in working with you.
Stockholders get this done to them all the time. They have various rights in the stockholder agreement, but the white knight says, “No deal unless we redo those agreements from scratch with new terms.” Stockholder agreements can be renegotiated for everybody with not everybody agreeing, however, unlike bonus agreements.
The buyout of AIG was of course different. First of all it was done in an emergency, to keep confidence in the economy. And it was done by the government, which had no choice but to do it. With no choice, the normal threat of “Fix the bonus contracts or we won’t do the rescue” was not an option for the government. And finally, the government is easy to embarrass politically. It has to be seen as benevolent, unlike a corporate raider or rescuer.
Still, I am surprised they could not make it clear that it’s “Take your contracted bonus and resign with a stink on your name, or lower/eliminate your bonus and keep your job.” Perhaps they did, but the bonuses are so sweet that the former is the easy choice. This case is famous enough that those who decided to take their bonus and leave would become well known, or at least their circumstances would be well known. A resume that says “Left AIG March 09” would be one that spoke of failure and greed.
It may just be a lesson that companies need to do better at writing bonus contracts, so they don’t pay off in the event of total company failure, or any failure connected to the employee of this scale. These would not be hard to negotiate. At the table, you can’t seriously stand up and demand you get your bonus even if you drive the company into the ground. You can’t make that a deal-breaker.
Update: A NYT Op-Ed on other ways to get out of bonus contracts.
Submitted by brad on Tue, 2009-02-24 16:19.
There are many opinions about whether the bailout and stimulus package are a good idea or not. But one thing that I hope everybody agrees is bad is that it teaches the lesson that if you screw up so badly that you hurt the global economy, we’re not going to let you fall. Take huge risks because in the event of catastrophe, the government has no choice but to make it better.
Is there a way to do a bailout that doesn’t end up rewarding, or even saving, the people responsible?
Well, outside of the frauds like Madhoff, many of them did not break the law, or didn’t break it severely. Those who broke the law should get the punishment of the law. A lot of people just looked the other way has horribly bad loans were financed, resold and insured in strange ways. Some people had no idea what they were doing was so dangerous. Some didn’t know but should have known. Some suspected but ignored the evidence. And some knew, but where happy if they were getting their share.
I propose taking a small fraction of the bailout and stimulus and using it for “punishment.” It need not be much. With a possible 2 trillion dollars to spend, even 1% would be 20 billion dollars which surely buys a lot of enforcement, and of course stimulates the industries of enforcement. But we don’t need even 1%.
The first step is to define a set of good practices and ethics defining who did wrong. They would be fairly narrow. They would not catch the people who didn’t know they were doing something wrong and were not at the level that they should have known. This is not a simple task but I think it can be done.
The next step is to say “no bailout or stimulus money for any company which employs or significantly compensates, above minimum wage, a person responsible for the collapse.” They lose their jobs. If millions are to be out of work, start with the people responsible. The most adapatable of the laid off can take some of their jobs. If the government can fire all the air traffic controllers without catastrophe, I suspect a lot of bankers can be fired too. Only minimal dole for those fired too, enough to survive, but not well. They will be incented to find other jobs, in industries not getting bailout and stimulus money. Or they can work for minimum wage in their old jobs.
Culpability will run up, as well. While there will still be standards of proof, and a presumption of innocence, if a group of people all working for one person are guilty, that person is going to have to work hard to convince a jury they had no knowledge of what went on underneath and that this was as it should be.
So yes, this means the CEOs and other top executives of most of the banks and brokerages involved will be out of work. I think they can handle it. If they are really civic minded, they can keep their jobs for minimum wage, no options, no bonus.
Now this is not my favoured plan. I think people who screw up should, wherever possible, be allowed to fail, and they and the stockholders will pay the price. If executives mislead stockholders, they should be subject to the rules. But if we have to not do that, somehow a message must get out that if you do something like this, you’re going down.
Note that I also expect, and hope, that many of these people have been fired already. But some of them haven’t. Some got fat bonuses instead.
Submitted by brad on Sat, 2008-05-10 18:46.
It seems that half the programs I try and install under Windows want to have a “daemon” process with them, which is to say a portion of the program that is always running and which gets a little task-tray icon from which it can be controlled. Usually they want to also be run at boot time. In Windows parlance this is called a service.
There are too many of them, and they don’t all need to be there. Microsoft noticed this, and started having Windows detect if task tray icons were too static. If they are it hides them. This doesn’t work very well — they even hide their own icon for removing hardware, which of course is going to be static most of the time. And of course some programs now play games to make their icons appear non-static so they will stay visible. A pointless arms race.
All these daemons eat up memory, and some of them eat up CPU. They tend to slow the boot of the machine too. And usually not to do very much — mostly to wait for some event, like being clicked, or hardware being plugged in, or an OS/internet event. And the worst of them on their menu don’t even have a way to shut them down.
I would like to see the creation of a master deaemon/service program. This program would be running all the time, and it would provide a basic scripting language to perform daemon functions. Programs that just need a simple daemon, with a menu or waiting for events, would be strongly encouraged to prepare it in this scripting language, and install it through the master daemon. That way they take up a few kilobytes, not megabytes, and don’t take long to load. The scripting language should be able to react at least in a basic way to all the OS hooks, events and callbacks. It need not do much with them — mainly it would run a real module of the program that would have had a daemon. If the events are fast and furious and don’t pause, this program could stay resident and become a real daemon.
But having a stand alone program would be discouraged, certainly for boring purposes like checking for updates, overseeing other programs and waiting for events. The master program itself could get regular updates, as features are added to it as needed by would-be daemons.
Unix started with this philosophy. Most internet servers are started up by inetd, which listens on all the server ports you tell it, and fires up a server if somebody tries to connect. Only programs with very frequent requests, like E-mail and web serving, are supposed to keep something constantly running.
The problem is, every software package is convinced it’s the most important program on the system, and that the user mostly runs nothing but that program. So they act like they own the place. We need a way to only let them do that if they truly need it.
Submitted by brad on Wed, 2007-10-17 01:44.
Most programs that ask for a password will put in a delay if you get it wrong. They do this to stop password crackers from quickly trying lots of passwords. The delay makes brute force attacks impossible, in theory.
But what does it really do? There are two situations. In one situation, you have some state on the party entering the password, such as IP address, or a shell session, or terminal. So you can slow them down later. For example, you could let a user have 3 or 4 quick tries at a password with no delay, and then put in a very long delay on the 5th, even if they close off the login session and open another one. Put all the delay at the end of the 4 tries (or at the start of the next 4) rather than between each try. It's all the same to a cracking program.
Alternately, you have no way to identify them, in which case rather than sit through a delay, they can just open another session. But you can put a delay on that other session or any other attempt to log into that user. Once again you don't have to make things slow for the user who just made a typo. And of course, typos are common since most programs don't show you what you're typing. (This turns out to be very frustrating when logging in from a mobile device where the keyboards are highly unreliable and you can't see what you are typing!)
Submitted by brad on Tue, 2007-10-09 01:56.
I may be on the extreme, but I use hundreds of different E-mail addresses. Since I have whole domains where every address forwards to me (or to my spam filters) I actually have an uncountable number of addresses, but I also have a very large number of real ones I use. That’s because I generate a new address for every web site I enter an E-mail address on. It lets me know who sells or loses my address, and lets me cut off or add filtering to mail from any party. (By the way, most companies are very good, and really don’t sell your E-mail.)
As I said, I’m on the extreme, but lots of people have at least a handful of addresses. They have personal ones and work ones. They have addresses given by ISPs, and ones from gmail, hotmail and the like. But I regularly run into sites that assume that you have only one.
One of the worst behaviours is when I mail customer service. That mail comes from my current “private” address. It’s an unfiltered address that only goes out in E-mails to people I mail, and so replies always work. But they usually write back “You must send mail from the E-mail address in our records.” Even when I have told them my account number or other such information. And in fact, even when I tell them what the E-mail address is, they insist it be in the “From” line.
With most E-mail clients, I can indeed put any address in the From line I want, including yours or any of mine. So this is a pointless form of security. Their software has been written to key off this, and won’t let their agents identify the user another way. Unfortunately some mail agents that I use on the road don’t make it easy to enter an arbitrary From, so this is a pain.
Another problem is contact databases and social networks. LinkedIn likes you to know the E-mail address of somebody you are contacting in advance. But which one did they use with LinkedIn? And which one have I used? The address I have registered with some of these sites is not the one you use to mail me, so I can direct that mail. So if you use their systems to check for people in your contact list, you won’t find me, and I may not find you. Not that there’s an easily solution to this, but they haven’t even really tried.
Now as I said, I create these emails on the fly, and from reading them, I can tell what site they are for. But that doesn’t mean I can remember what I created after the fact. Sadly, many sites are also demanding you log in using “your E-mail address” rather than a userid that you pick. While this assures that IDs are unique, it’s also not hard to come up with a unique ID to use that’s not an E-mail and can be the same over all the sites you wish it to be. Sometimes to log in or do certain functions, I have to remember what E-mail I generated for them. (If I can get them to mail me something, I can solve that.)
Of course, many of them will mail me my password. Which is hugely, terribly wrong. No site should be able to E-mail you your password, because that means they are storing it. They should at best be able to reset your password and send you an E-mail which will let you log in and create a new password. While you should keep unique passwords for sites where real damage can be done (like banks) most people keep common passwords for sites where compromise of your “account” is not particularly bothersome. But if sites store it, it means they all are getting access to all the rest, if they wish to, or if they are compromised. I wrote this blog post to give people something to point at when sites expect you to have just one E-mail. I probably need another to point sites at when they are storing my password and will mail it to me. (Especially ones that say they dare not send you messages by E-mail because it is not secure, but which will send you your password by E-mail.)
Submitted by brad on Mon, 2007-09-24 19:33.
I was quite surprised to read in the coverage of the arrest of Star Simpson at Boston Airport for having a handmade shirt with LEDs that lit up in a star pattern (to match her name) that State Police Maj. Scott Pare said “She’s lucky to be in a cell as opposed to the morgue.”
I find this a remarkable statement for a police officer to be saying about a bright teen-age girl. That we have come to the point where the Major can say something like this and expect everybody to nod in agreement. Had the police shot a bright and innocent teen-age girl, it would be tragic, but the regret on the part of the police would also have been great.
Those who do security have come to the conclusion that airports are really, really, special, so special that you can shoot girls who are not following procedure when they come to pick somebody up. The procedure in this case is a new rule about “improvised electronic devices” — namely homebrew electronics vs. something you bought at Radio Shack. You can’t bring them on the plane any more, and you can get shot for carrying them in the terminal. I have one myself, a hand-constructed power supply I need to convert the voltage from my laptop battery (which they let me bring on because it’s “standard”) and other equipment I have. I am going to have to put some logos on it to make it look official.
I have some understanding of the desire to secure the cockpits of planes so that suicide pilots can’t take control and use them as weapons. And there’s been a lot of hard work done on that. But for some reason we’ve also concluded that the non-secure areas of the airport are special, rather than being just like any other crowded place (like train stations, stadia, offices, restaurants and so on.)
Whatever they might say about what you can bring on the plane, now you can’t even have it going to pick somebody up at the airport. Simpson reportedly wore her shirt all the time around Campus, and just happened to have it on while going to the airport. She’s called crazy for bringing a “device like that” to the airport. This is the same town of course that shut itself down over LED ads for Cartoon Network that a score of other towns blithely ignored. Is this the guilt over having been the airport of choice for 9/11 terrorists?
The phrase “the terrorists have already won” is overused, but that they’ve gotten us to talk about shooting smart, innocent teen-age girls without blinking does seem to be quite a victory for them.
Submitted by brad on Fri, 2007-08-03 19:07.
I’m a big fan of making money by selling services but a disturbing trend is the requirement that customers sign a one or two (or even three) year contract in order to sign up for a service. Such contracts will have a fat termination fee if you want to end the contract early.
This is almost universal for cell phones, and of course it makes some sense when they are selling/giving you a subsidized phone. They need to be sure you will stay with them long enough to make the subsidy (From $200 to $400 if you include dealer kickbacks) back. That’s not so hard, because with many people getting cell phone plans as high as $100/month, they make it back quickly.
However, cell phone companies notoriously require a new contract for just about any change in your calling plan, including simply switching to a new plan they just started offering that you like better. Usually that’s just a one year contract. This makes much less sense. Switching your plan doesn’t cost them anything much aside from a call to customer service. They just want to put you on that contract.
DSL ISPs (and not just the phone company ones) are also notorious here. Some need it to subsidize installation or equipment, but again it’s also done simply to change price plans. In many cases you will also see major discounts offered if you commit to a contract (or of course even better if you just pay 12 months at once.)
I understand the attraction of the company for contracts. They can predict and book revenue. Quantity discounts have always had their reasons.
But they may not realize a serious negative about the contracts. They are a barrier to getting customers. In particular, a demand for a contract (when there is no major subsidy) says to me we think that without a contract, we could lose you as a customer. We fear that, if not for the contract, you would leave us. And that immediately makes me think the same thing. “What is it that makes them think they can’t keep me just by providing good service at good prices?” They already won my business, which is the hardest part. Now all they have to do is keep me happy and they will be very likely to keep it.
This recently backfired for Verizon. I’ve been off contract with them for years, though I had often debated switching to a different plan. Every time they told me I would need to sign a one year contract, and get no subsidy for doing so. (For a 2 year contract, they would have subsidized a new phone, but I wasn’t ready to do that.) So when phones broke I often picked them up on eBay rather than take their 2 year subsidy.
When it came time to really want to change plans, their demand for a new contract made them the same as all their competitors, who will also demand a new contract. And thus there was no particular reason not to switch. They encouraged me to compare all the various offers, all of which require a new contract, and all of which can offer me a phone subsidy with a 2 year contract. And all of which can keep the number, thanks to hard-won number portability. Had they been willing to let me make changes without a contract, I would have had no incentive to go shopping around at the competition. There I learned about much better deals they had, and thus left Verizon.
Perhaps they think they need a contract to keep me from the competition. But truth is, that might work temporarily but it just delays things. When a contract expires, somebody is going to be ahead, be it the competition or be it them, and they just moved the switch in time and probably locked me into the competition for their efforts.
The best company in the business shouldn’t need a contract to hold me. If the competition is offering a snazzy new subsidized phone for a contract, then my no-contract company can certainly offer that. Or, ideally, just offer me a lower monthly rate if I bring my own phone, with no need for a contract — my choice.
Over time, the public might wake up to realize that the contract is much more expensive than the phone subsidy. A typical data phone requires a plan of $60 to $80 per month, and many are on plans of $100 or more. That’s a $2400 purchase at $100/month, all to get a $200 phone subsidy. Of course most customers plan to buy from somebody over the period, so it makes sense to take the subsidy if you aren’t likely to be changing all the time, which most of us aren’t. But I am curious why all the firms feel these contracts are really in their interest.
Update: I should point out that there are reasons to get warmer to a contract when getting a new phone. Typically there is a $200 subsidy on the phone, and sometimes much more. And quite commonly, the penalty for getting out of the contract is $200, and in fact my law reduces on a pro-rata basis as you move through the life of the contract. As such, there is no reason not to sign the contract if you want that brand-new phone. In addition, there are contract trading sites (where other people will take over your contract for less than the penalty price because they don’t need a phone) to get out even cheaper.
However, you don’t want a contract without this level of quid pro quo. A contract just to change plans is ridiculous. Some carriers are getting that message.
Submitted by brad on Tue, 2007-07-31 11:45.
At this point it seems only people in San Francisco want to see Barry Bonds break Aaron’s all time home-run record of 755. He has 753 right now. In San Francisco, the crowds get on their feet every time he gets on deck, and that was even before he got on the cusp of the record. Outside SF, fans boo him, and it’s commonly believed that should he tie or break the record in Los Angeles or many other cities, he will get booed for doing it. In SF there is a willing suspension of disbelief. We know about the steroids and got over it, and now just want to see what sort of performance enhanced man can deliver.
Bonds is presumably off the steroids now, and his drop in performance shows it. Since he knows he can’t dare be caught with them, he probably will never take them again, and thus not be caught. There will only be the allegations of others.
My view is that the San Francisco Reality Distortion Field will fade, and nobody will speak of Bonds’ upcoming record with anything but cynicism. Record books will all put an asterisk next to it, and not like the one they sometimes put on Roger Maris’ record.
But Bonds still has a chance to show some class. People say he has none, so this is unlikely, but still possible. He should stop hitting home runs, one shy of the record. Or, if he really insists, after tying it. Nobody would doubt that he could have hit another 1 or 2 and broken the record, if not more. He might indeed play another season and break it by a wider margin, though he won’t have any more 70 HR seasons. The die hards will bitterly come to accept he was a user.
But this final act would get a very different reading in the history books, one of going out with some class.
Of course, there is the issue that the team might be screamingly upset. Normally, they would sue him for not fulfilling his very expensive contract. And he would have to retire this year, forgoing several million dollars, so this is not without cost. But fume as they might, I can’t imagine the team actually trying to sue him for a classy act. The PR cost would be far too high.
Update: Well, I guess he didn’t stop at 754, though he is holding off to get 756 at AT&T Park for the home fans. San Diego fans were nicer than I expected for the actual HR, though they booed most other times.
Submitted by brad on Thu, 2007-01-18 20:19.
(Note I have a simpler article for those just looking for advice on how to get their Widescreen TV to display properly.)
Very commonly today I see widescreen TVs being installed, both HDTV and normal. Flat panel TVs are a big win in public places since they don’t have the bulk and weight of the older ones, so this is no surprise, even in SDTV. And they are usually made widescreen, which is great.
Yet almost all the time, I see them configured so they take standard def TV programs, which are made for a 4:3 aspect ratio, and stretch them to fill the 16:9 screen. As a result everybody looks a bit fat. The last few hotel rooms I have stayed in have had widescreen TVs configured like this. Hotel TVs disable you from getting at the setup mode, offering a remote control which includes the special hotel menus and pay-per-view movie rentals. So you can’t change it. I’ve called down to the desk to get somebody to fix the TV and they often don’t know what I’m talking about, or if somebody comes it takes quite a while to get somebody who understands it.
This is probably because I routinely meet people who claim they want to set their TV this way. They just “don’t like” having the blank bars on either side of the 4:3 picture that you get on a widescreen TV. They say they would rather see a distorted picture than see those bars. Perhaps they feel cheated that they aren’t getting to use all of their screen. (Do they feel cheated with a letterbox movie on a 4:3 TV?)
It is presumably for those people that the TVs are set this way. For broadcast signals, a TV should be able to figure out the aspect ratio. NTSC broadcasts are all in 4:3, though some are letterboxed inside the 4:3 which may call for doing a “zoom” to expand the inner box to fill the screen, but never a “stretch” which makes everybody fat. HDTV broadcasts are all natively in widescreen, and just about all TVs will detect that and handle it. (All U.S. stations that are HD always broadcast in the same resolution, and “upconvert” their standard 4:3 programs to the HD resolution, placing black “pillarbox” bars on the left and right. Sometimes you will see a program made for SDTV letterbox on such a channel, and in that case a zoom is called for.)
The only purpose the “stretch” function has is for special video sources like DVD players. Today, almost all widescreen DVDs use the superior “anamorphic” widescreen method, where the full DVD frame is used, as it is for 4:3 or “full frame” DVDs. Because TVs have no way to tell DVD players what shape they are, and DVD players have no way to tell TVs whether the movie is widescreen or 4:3, you need to tell one or both of them about the arrangement. That’s a bit messy. If you tell a modern DVD player what shape TV you have, it will do OK because it knows what type of DVD it is. DVD players, presented with a widescreen movie and a 4:3 TV will letterbox the movie. However, if you have a DVD player that doesn’t know what type of TV it is connected to, and you play a DVD, you have to tell the TV to stretch or pillarbox. This is why the option to stretch is there in the first place.
However, now that it’s there, people are using it in really crazy ways. I would personally disable stretch mode when playing from a source known not to be a direct video input video player, but as I said people are actually asking for the image to be incorrectly stretched to avoid seeing the bars.
So what can we do to stop this, and to get the hotels and public TVs to be set right, aside from complaining? Would it make sense to create “cute” pillarbars perhaps with the image of an old CRT TV’s sides in them? Since HDTVs have tons of resolution, they could even draw the top and bottom at a slight cost of screen size, but not of resolution. Some TVs offer the option of gray, black and white pillars, but perhaps they can make pillars that somehow match the TV’s frame in a convincing way, and the frame could even be designed to blend with the pillars.
Would putting up fake drapes do the job? In the old days of the cinema, movies came in different widths sometimes, and the drapes would be drawn in to cover the left and right of the screen if the image was going to be 4:3 or something not as wide. They were presumably trying to deal with the psychological problem people have with pillarbars.
Or do we have to go so far as to offer physical drapes or slats which are pulled in by motors, or even manually? The whole point of flatscreen TVs is we don’t have a lot of room to do something like this, which is why it’s better if virtual. And of course it’s crazy to spend the money such things would cost, especially if motorized, to make people feel better about pillarbars.
I should also note that most TVs have a “zoom” mode, designed to take shows that end up both letterboxed and pillarbarred and zoom them to properly fit the screen. That’s a useful feature to have — but I also see it being used on 4:3 content to get rid of the pillarbars. In this case at least the image isn’t stretched, but it does crop off the top and bottom of the image. Some programs can tolerate this fine (most TV broadcasts expect significant overscan, meaning that the edges will
be behind the frame of the TV) but of course on others it’s just as crazy as stretching. I welcome other ideas.
Update: Is it getting worse, rather than better? I recently flew on Virgin America airlines, which has widescreen displays on the back of each seat. They offer you movies (for $8) and live satellite TV. The TV is stretched! No setting box to change it, though if you go to their “TV chat room” you will see it in proper aspect, at 1/3 the size. I presume the movies are widescreen at least.
Submitted by brad on Sat, 2006-12-02 16:17.
We still see a lot of thermal printers out there, particularly for printing labels, receipts and the like. They are cheap, of course, though the paper costs extra so it's not always a long term win.
However, I am seeing them used for receipts that people may need to use some time later, and the problem is they fade. They definitely fade if you put them in a wallet or anywhere else that will be kept on your body. For my prepaid cell phone in Canada, for example, I need to buy the vouchers in advance so I can refill over the web before I travel back to Canada, and the most recent purchase came on thermal paper that is already faded partly and will be gone soon. I wrote down the number for protection, but it's just 3 weeks later.
So let's see a move away from thermal printers for receipts. They are OK for mailing labels which are very short lived, or places that will never see exposure to heat, or accidentally being left in the sun, but inkjets are so cheap now that there's not much excuse. (Though I realize inkjets have more moving parts.)
I also find for some reason that the thin thermal paper they use at Fry's for their receipts confuses the sheetfed scanner I use to scan receipts. It's not always sure there is paper in the scanner. I suppose that's mostly the scanner's fault, but it wouldn't happen if Fry's used a better paper or process.