Saturday, January 20, 2018

Don't be a knee-Jerk on the way to GDPR

Yesterday morning my inbox was littered with, essentially, spam. These were posts to a discussion thread in an online community which I had not subscribed to, that system sending me the messages anyway.

It seems, someone wanted to protect people like me from having personal data poached from group discussions and related pages they’re managing. We can understand that this is a valuable goal, and in fact is consistent with requirements under GDPR to protect Subject’s personal information. So in their system, they have redacted email addresses, replacing mine with gl…@gmail.com.  I’m thrilled my email address is not displayed in the clear on this site, and equally happy that a data breach or similar event won’t expose my personal details in the wild.

Or I would be thrilled, were my inbox not full.

Because somehow their system still sends notification to subscribers. In reality it looks like it is sending emails to everyone it knows whose email address matches the redacted pattern. Trying to send an email to a true subscriber, gl…@gmail.com, they seem to have sent an email to all gl…@gmail.coms. Including to me.

Many people got these emails, and putting it mildly, they’re not happy about it. My HR department won’t let me post many of their comments on the topic. Especially since, to unsubscribe from a thread they didn’t subscribe to, recipients were being asked to click through an acceptance of Terms of Service.  Bad form!

Were it in effect, and in absence of a less blunt instrument, I guess GDPR offers these subjects a recourse: Dear DPO, I’m gl…@gmail.com, please erase me.  How will that go?

Let’s see now, what’s 4% of gross revenue for any of the large developer community owners?

So yes, we need to protect Subject data, but unthoughtful knee-jerk redaction without concern for downstream impact isn’t the answer.

Wednesday, August 3, 2016

Another clever way to prevent opt-out

Here's another clever way for spammers to keep spamming you.  Legally they have to include a way to opt out, usually via a link at the bottom of the email.  As I wrote a few days ago, sometimes those links cleverly look like phish attempts, so anti-phish measures block them.

Today I got one I could actually click, and did so. It seems the unsubscribe page was (accidentally, I'm sure) so badly written as to crash the browser!  Outstanding!


Friday, July 15, 2016

How anti-phishing is giving me more spam

I hate to write this one, for fear the spammers will learn from it and send more. But really ...

I'm getting spam from a particular sender. Same old thing.  But this one looks sufficient like a phish ..  well, our corporate anti-phish technology is triggering on it and removing the URLs. Which means I can't use the legally-mandated URL to opt-out.  So I get more spam from them.

It kinda sucks.  Protection implemented for the best of reasons, to block phishing, is making spam more prevalent.

Damned if you do.

Saturday, June 11, 2016

Mai Tai chez Glen

I've been fiddling with my Mai Tai recipe off and on for a couple of years ... here's what I'm making now, gets good reviews from my favorite tasters (you know who you are).

This makes about 4 tall drinks.

7 oz spiced rum
3.5 oz coconut rum
7 oz pineapple juice
2 oz guava nectar
8 oz orange juice (homestyle - ie. with pulp)
6 or 8 solid shakes of Angostura Bitters
1 oz dark rum
6 or 8 chunks of fresh pineapple

Serve over ice.

If you're being fancy, save the dark rum to the end. Fill the glass 3/4 with drink and 3 to 5 ice cubes. Pour a little grenadine down the side of the glass to layer on the bottom, and float a little dark rum on top.  I can't be bothered, and just mix the dark rum in, skipping the grenadine 'cuz I don't like pink drinks.

Some people have crappy paper umbrellas, and stab the pineapple chunks with them. I don't. I just throw a couple of chunks of pineapple in the glass at the end.  My guests can eat the infused pineapple when they're ready for another. :)

Aloha.

Thursday, June 9, 2016

Rude android apps

I'm getting pretty annoyed at the self-indulgence of some Android apps.  Facebook, gmail, and others.

Here's the deal. When I leave my home, I often turn off WiFi ... I've found that if I leave it on, sometimes my phone connects automatically to networks that need a signin, and because I didn't plan to connect, I don't sign in, and for a while any transfers are blocked. Eventually I might notice, but in the meantime an important email hasn't been delivered to me, or something I've sent hasn't actually gone upstream. So I turn off WiFi when I leave the house.

Sometime later, I want to do something that will use a fair amount of traffic, and deliberately connect to the local wifi where I am. Usually at a bar. Just thought you might like to know. :)

However, after I connect, my phone basically stops working for a couple of minutes as every friggin little pissant app I have on my phone decides now is an awesome time to sync. I watch the little traffic icon thing, and the up and down signals are pegged. In both senses of that word. It's really annoying, and all because these crappy apps think their background transfers are the most important thing in my life right now. I couldn't care less about the 39 Facebook updates in my network. Not in the next few minutes anyway. I deliberately connected to a network because I wanted to get something done! And I can't.

I guess what I need to find is some app that doesn't completely disable background transfers .. but maybe delays some of them so they don't all go at once.

In the meantime, if the apps themselves would just wait a danged minute or two - you know, be polite - I'd be a lot happier. Catch the signal that the network is now present, and set a timer for yourself. Wake up in 1 to 3 minutes. Do your sync.

I'm frankly about 5 more episodes of this away from uninstalling Facebook from my phone.

Thursday, April 30, 2015

Detailed specifications

As a Product Manager, I frequently struggle with how many details I need to supply in an Epic. Say too much, the team doesn't read it. Too little, weird things happen.

Lest my current staff think I'm pointing at them, I'm not.  :)

Broken cookiesYears ago I wrote a requirement that spoke of an unique sequence number. The product delivered to me had randomly selected numbers that nonetheless were unique.  I couldn't believe it .. randomly choosing the numbers, then testing uniqueness, was harder than just allocating the number in sequence. Which was, in fact what I had asked for.

Today, another wonderful example, this time from my local bakery. Box up some cookies so we can sell by the package. Seems simple. What bake shop owner in their right mind would imagine some industrious packer breaking cookies to make the boxes as full as possible? Such as this box, straight from the market, over half the cookies are, well, halves. Who would ever think to write in the epic, "Box up some whole cookies, take broken ones home for your kids." Or, "Don't break my pieces of art to make them fit!"

It would be like writing in the manual for the pizza delivery driver, "Don't hit any fire hydrants with our delivery car!" Though come to think of it, when I was in high school another student did in fact wreck a pizza delivery car by driving it into a fire hydrant at full speed. Hmmm.

Wednesday, September 26, 2012

Caller ID; or, Wireless Caller my butt

I've got this telemarketer calling me and they won't stop. Different number each time, different name in the Caller ID, vague about their company name, and continuing to call despite being asked at least 3 times now to add me to their Do Not Call list.  For that matter, they are ignoring the National Do Not Call Registry.

And here's the rub: I pay for Caller ID precisely so I can not interrupt my work to deal with this crap.

Meanwhile, the Telco I pay is letting disreputable callers spoof the system I pay for. It hasn't, after all, escaped me that the caller ID is reporting pretty unlikely names. This morning is "Wireless Caller". Tell me, since when has a telemarketer clearly in a call center (lots of background voices) used cellphones for the calls?

And I'm starting to wonder why I pay, and why others pay.  Class action refund, anyone?