This completely defies logic. Growl does a good job of alerting the user. I just cannot understand why Growl was not acquired. Sure they added a notification panel that probably required access to the kernel code in order to implement… but in then it is uneventful. The worst part is that I have not determined which to use although it’s probably growl… but then there is the individual bias that the Apple apps are going to have instead of playing nice in the sandbox. I also hate that something in my system is trying to email me using mail.app. I want to specify the mail app and that’s that.
Category Archives: Complaint Depatment
OSX Mountain Lion – iCal = FAIL
iCal is a disappointment. I know that it’s pretty and a little refined from the last version… but it sucks! Or more succinctly it fails to integrate with my Google apps calendar. I’m not even sure how to describe the failure. All I know for sure is that it could not sync my calendar completely. It was missing so very many of my events. It was missing so many that I’m not interested in even trying to make it work. Google simply works and that’s all I need.
Editing in the cloud – web based IDEs etc
The challenge: Last month I tried an experiment. Could I be productive writing code exclusively on my MacBook Air 11″. While the results were positive I wanted to get back to my 24″ monitor. It has not changed my need to mouse of cmd+tab around the active apps but I can see more, specially now that I have a second monitor for things like IM and Skype. What I do not like about this configuration is that I’m using BBEdit and editing files on my remote dev server via SFTP. And knowing how unstable an internet connection can be; not to mention that BBEdit has no collaborative features so if I edited the file on a second system there is a chance I could jank the whole thing up. Of course I could use GitHub or BitBucket as a proxy, however, there are plenty of use-cases there that is not practical and that means keeping the dirty laundry around longer than I want.
Ideal Solution: I’d like to see a chrome or safari plugin that uses their sync capability to keep my credentials secure and then an offline editor plugin with collaborative functionality similar to subethaedit. And while I’d really like to edit the files on my servers via SFTP or FTP/S I’d also like access to my DropBox instance.
(the coding monkeys have not done anything in over a year. subethaedit is clearly sub-par as an editor but it would not take much to make it a leader… maybe before macromates?)
Less than ideal: At first shiftedit looked like a potential alternative. It was not a perfect fit but it offered some features that I liked. But when I started to read the bottom line 3pt font… they keep my dropbox uid/password on their servers. Are you kidding me? Codeanywhere was another alternative. Their website touts very similar functions that shiftedit does. One interesting feature is that they will let you resume a current editing session and syncs the edit sessions across the different tools like chrom, ipad etc… nice. But again, the bad news is that they require a user account. I have a support request into them in order to get a sense of what they keep or proxy on my behalf.
I just don’t get it: Many of these cloud services companies are simply mashups of different cloud services. That’s easy. What is hard is keeping all of these mashups from becoming a severe risk. Think about this… if the likes of GlobalPayments and similar businesses that are wrapped in a veil of PCI requirements, implementation and audits including obfuscation of card numbers and account numbers with very robust encryption including duckput… what makes you think the likes of the cloud mashup of the day is (a) protecting your data adequately (b) and even scarier is not simply a trojan of sorts. Once these mashups have access to your account they can read it all, not just the files you designate.
So pick and choose VERY carefully.
advert-ware reinvented – no free lunch
It used to be that when you bought your new PC (specially from IBM) or Mac that you received the hardware and the base operating system. Nothing more.
Then some slick marketing guys realized that they could subsidize cheap hardware by installing would-be free-ware or later adware and then it got so bad (Packard Bell and eMachine) that they were installing 100s of apps leaving little room or overhead for your own apps. Many of the apps could not be removed. And when you did a fresh install of white label MS Windows there was always some driver that was missing.
In recent years a very similar thing has been happening in the browser market. Many of the browsers manufacturers get paid for directing your search queries to one search engine or another. The fact that some browsers give you a choice of search engines is not FREE. They are getting paid by all of them or there would be no incentive. (I have yet to see duckduckgo installed on Chrome)
A few months ago I was impressed that twitter was integrated into my iPhone. At first I thought it was a cool idea, however, now that Facebook integration was announced with iOS6 I’m pissed. How long before all the sponsor-ware consumes enough resources that I cannot save that last family picture or favorite song? It’s no wonder that Apple is moving everything to iCloud. They want all of the local storage for this new model.
We must wake up! There is no free lunch. Everything that you think you are getting for free, specially on the web… has a price. It may not be immediately obvious to you but it’s there; you’re just not looking hard enough.
For example:
(1) browsers – already discussed.
(2) anything GPL – strictly encumbered with viral like requirements
(3) Facebook – you are constantly advertised too and your social network is worth more than gold
(4) AIM – AOL has targeted AIM’s end of life but it’s intent was for marketshare and retention of their existing user base.
(5) GitHub or BitBucket – no secret there. These are businesses. At some point they should be making money with their paid subscriptions but the freebees are techno-crack.
(6) XCode – If Apple did not offer a free toolset then someone would likely underprice them (recall Borland and the Turbo brand of compilers). Offering the free toolset lets them control the API. Microsoft lost this battle but is still trying to win the war. Now they are offering an express version of their development environment.
**Feel free to suggest a would-be “free” app and I’ll try to locate the cost.
Lead Generation – the analog enemy
Many years ago I worked for Premier Global. They were in the messaging business. Everything from fax, to voice, to email. That included incoming and outgoing messages. I remember one fine day when a coworker was recognized by executive management for tweaking their robot dialer to wait a few seconds after the remote side picke up the phone. The assumption being that the receiver would say hello and if they were interrupted by the dialer that they would most likely get a hangup. Anyway, they were right. The conversion rate was much higher now.
I’ve hit this topic several times this year… and now that I’m all the do not call lists I’m still getting calls. The one list that really pissed me off this weekend was the Broward County Police and Benevolent Society. The agent happened to drop the dirty little secret that there is more than one company working for the Police and Fire. This disgusts me on many levels.
Anyway, after reading this morning’s jobs wanted lists I saw that there is yet another lead generation company using robo-dialers looking for programmers. So the question is… with all of these lead generation companies attempting to get our attention at almost the same “best” time of day. What would it take for these robo-dialers to completely saturate the analog phone system? Figure that any one of the Amazon servers could handle 5,000 – 10,000 calls at once depending on the networking. A complete DDOS could be scripted in a few hundred lines of code.
Correcting some misconceptions
I just read an article from MickeyMcKay where he espouses proper grammar for entrepreneurs. While I have no idea if he’s correct or not I should mention:
In deference to mickeymckay just a few years ago it was reported that bad grammar and spelling [was] a sign of a good executive. — @rbucker
Another author was writing about not being able to find Ruby on Rails programmers in Atlanta; and that he was forced to troll the local user groups in the hopes of finding candidates.
A few years ago I was having a similar problem recruiting RoR programmers in Birmingham Alabama. The root cause was that there were simply not enough RoR programmers at all. And so if we wanted to hire them away from their projects we had to raise our already high salary expectations.
As for the corrections:
I do not believe that grammar is a key indicator of anything except someone that might be educated or at least remembers their education. On the other hand it might also be the mark of someone with a good spelling and grammar checker. Either way it’s cancelled out and generally meaningless.
Qualified programmers of all types are in demand; they are very selective about their work, compensation, environment, contribution, and so on. The real reasons however; (1) most new programmers have huge egos that need to be satisfied (2) most experienced programmers cost too much; (3) no matter their situation almost all of them are waiting for a huge payday that has not come yet by the latest fly-by-night contrived social app of the day.
Linux and *BSD need a lot of polish
Linux and *BSD need a lot of polish if they ever hope to assault the desktop. Chrome OS is supposed to be based on Linux but that’s the internals that people never see. The actual desktop is rendered from the Chrome browser and while this is akin to a dumb terminal it is still kludgy because it’s all running on top of X. And while X is powerful… it’s simply not modern enough to compete. (The same can be said for the various desktop managers). Frankly they all suck. The windows desktop is better than than an of the X/wm derivatives… even though Windows 7 seems to have chunky controls.
Would the next generation desktop please stand up!
When we used DOS we wanted more and we received TopView.
When we used DesqView and we wanted more we received Windows.
When we used Windows and we wanted more we received OS/2.
When we used OS/2 and we wanted more we received Windows.
When we used Windows and we wanted more we received Mac OS9, others got Next, others got XWindows and a few others.
Now we are in 2012 and we use Windows 8, OS/X Mountain Lion and we still want more.
I see the current situation in 2 parts. (a) XWindows has not seen any real improvement since it was first released. Sure there are several window managers but they are all built on top of X11 and we still have the same kludgy interface. (1) multiple screens is painful (2) cut and paste is painful (3) programming APIs are worse still (4) it has not seen a true refresh in many years.
And in the second part (b) while Microsoft has been keeping the status quo and incrementally added Aero and Metro as part of their recent releases… Apple rewrote the GUI when it deployed OS/X but has not done anything interesting since then. It seems that they have ignored the GUI in order to focus on the core. I’m sure they have reasons same as Microsoft but given hardware technology you’d expect more from the leaders.
But going back to (a). X does not really have the advantage of being connected to hardware vendors the way that Microsoft and Apple are. But they have freedom to do anything so why not fix it. Canonical and RedHat have the deep pockets to improve the situation but they would rather shuffle the deck chairs. (Have you tried the setting panel on Ubuntu 12.04? It’s terrible.)
Windows 3.1 called and said it wanted it’s BitBlt back!
Apple took a lot of heat when it departed from X-11 in order to build it’s desktop. Now, in hindsight, it was a stroke of genius. Clearly the X-11 team is mired in the past, their conferences, meetings, meritocracy, politics and a complete lack of understanding. It’s time for a new and modern desktop for Linux. And if you need X-11, take a hind from team Apple and … “there’s an app for that”.
More Credit Card Fraud, Where is the Bank Fraud?
I just wrote an article about credit card fraud… but here’s some food for thought.
Computers have been in banking for a good many years. Probably since the 1960 or even a little earlier than that. But in recent history we hear about credit card fraud and not banking fraud. The systems are typically integrated and supposed to be equally secure… but the attack vector is always credit cards.
I wonder of saying it was credit card fraud (a) allows the banks to charge more for credit cards (b) allows the government and banks to say our banking and reserve system is secure.
The thing to think about… the credit card company (the issuing processor and all entities) they do not need your social security number. For anything. Your bank does and they do not need you card number(s).
There are many ways to fix this problem (a) laws, (b) banks (c) technology.
Credit Card Fraud! Again? Really?
I’m somewhat of an expert when it comes to credit card systems. I have worked for the likes of NaBanco, First Data, WildCard Systems, MetaVentures, Insight Cards, Klarna, NXSystems. I have also collaborated and certified directly with Visa, MasterCard, American Express, and Discover. I have also designed open and closed loop systems including stealth platforms like insurance eligibility. Finally I have participated in several PCI audits as the target and the auditor.
Yet I was still outraged when I received a letter from a major card brand that my account had been compromised; they go on to reassure me that my social security number and some other private details have not been compromised.
Let me be perfectly clear here. *** This is utter and total bullshit !!! *** I’d like a chance to repeat myself but that might be gloating or looking for business.
Firstly; PCI and may other security and privacy measures are not as secure as I’d like. PCI takes the rent-a-cop approach to security. Observe and record. There is nothing in the PCI document that tells the institution to take an active role.
Secondly; The Rules and Regulations for the various major associations does not go any farther than the PCI when it comes to detection or the active prevention of fraud. Again, observe and record. And unless you are doing something that is going to hurt the brand-name the issuers and acquirers can take whatever risks they deem necessary to capture and keep a cardholder.
The CEO of Klarna (Sweden) is always talking about removing friction from the transaction process. His company’s product does not use credit cards and is similar to Bill Me Later (temporary credit is offered on the fly). Part of what makes his product successful is not that his customer’s credit is tied to their SSN but that the laws in the countries that Klarna operates is mindful of how this private information is being used and in fact the it’s not so private. It’s about as common as your cell number.
who are the players in the credit card process
GLOSSARY
(*smiley*) This is the cardholder. The cardholder is on both sides of the picture because the cardholder deposits his hard earned cash into a bank or makes partial or full payments for credit that had been provided. The cardholder also buys goods or services from merchants. Therefore the cardholder is on both sides of the credit equation.
(M) This is the merchant. The merchant provides goods and services to cardholders. The merchant also pays a percentage of each sale to all of the entities to the right.
(MB) The merchant bank is where the final settlement funds are deposited once the transactions cleared.
(GW) The gateway processor is considered a 3rd party service provider. They provide some level of transaction, reporting or security service for the merchant. They may provide other types of business integration or workflow.
(GW Bank) Depending on the acquirers rules the gateway processor has a clearing bank in order to capture their commission from the day’s transactions.
(AP) The acquiring processor is just a technical entity that processes transactions between the merchant and the association. The AP does not actually have to be a bank but they need to be bank sponsored.
(A Bank) The acquiring processor bank performs the clearing function for the acquiring processor, however, more importantly this bank sponsors the AP’s relationship with the association.
(association) Visa and MasterCard are associations of banks. American express is referred to as an association but was a privately held company at one time. Discover was spun off from Sears and is/was also a proper bank.
(IP) Like the AP, the issuing processor does not need to be a proper bank. The IP need only be sponsored.
(IP Bank) The issuing processor bank handles the clearing and settlement on an on-demand basis. Sometimes this entity is extending credit to the cardholder and sometimes this entity is holding the cardholder deposits. It depends on the individual card program.
(Bank) The cardholder bank is where there cardholder interacts with deposits and payments.
Authorization – this is the first part of a 2 or 3 step process (from the merchant). It depends on where the transaction is being performed. If you are buying a book from the book store then this is the first of 2 transactions. It’s just intended to see if you have enough funds. If it’s a gas station or a restaurant then it’s a pre-authorization — because it is absent of a tip.
Settlement – the settlement process takes place at least once a day (from the merchant). It is when the point of sale device tells the issuers what transactions were actually completed. This triggers the clearing and settlement process.
Clearing and Settlement – The association takes all of the settled transactions and groups them together sending like transactions to the individual issuing processors along with a “demand” file which the issuer uses in order to pay the association.
Single Message System – this is when the authorization and the settlement transaction are performed in one transaction. ATM transactions are typical single message system(s).
PS: There are few differences between credit cards and debit cards. I suppose the actuary have a different view of this but it amounts to the same results. It’s still a 15 or 16 digit card number.
The Short Version
What does all of this mean?
The cardholder bank makes money when you deposit money and potentially gives you a fraction back as interested, once they have charged you fees. The cardholder bank also makes money during the clearing and settlement process as “demand”. The bank does pay processing fees of a sort but the majority of the bank’s gross revenue comes from the transaction.
The reality is that the merchant pays the freight on card transactions. And that is passed through to the cardholder.
NOTE: if you want to create an issuing processor from the ground up then I strongly recommend that you get someone to do the IP for you. Get some cardholders and capture the transaction revenue. You can also use your own system (although you might be processing on someone else’s IP at least you are getting instant discounts. I hope that makes sense) This is the reason that Discover can return 5% on all transactions and the similar for Costco-Amex and others.
What does it all mean?
Someone in the diagram above lost or allowed to be stolen; my data. Whether or not that data is used to perform actual fraudulent transactions should not be my problem. I pay to get the card. I pay to use the card. And I get a fraction of the value in interest if I do nothing… except fees for not using it.
This letter that I received should not be a “get out of jail free” card for whichever entity permitted my data to leak. I should be able to sue them individually because any class action lawsuit only benefits the lawyers and not the cardholders. In fact they should just start dumping money on my doorstep in advance of any bad thing that might happen. And more importantly I will be watching my credit scores for the rest of my life… looking over my shoulder waiting for someone to take advantage.
PS: Suzy Orman once said that you should never cancel a credit card. If you do it will negatively effect your credit score. I have a Delta/Amex frequent flier card that I do not use. They charge me $100/year for membership and I get nothing in return except that they extended me some credit that I have to pay for anyway if I elect to use it.
In the US our laws seem to protect corporate America and not America. What is good for corporate America is not always good for me!
In Summary
We are not safe and we are paying too much.
I almost Forgot
… the reason for writing this post in the first place. The association that sent me the letter recommended that I check with the various credit bureaus in order to see whether my personal information was in fact being used. True, that is an option, however, the credit bureaus only give me one or two free reports a year. And if you’ve ever used their services they harass you with FUD and other tough sale pitches and tactics in order to get you into a subscription. The wording in their online Apps is so questionable it was obviously intended to get me or anyone else to make a mistake.
Really what I’m suggesting here is that this service needs to be FREE for the individual. Forever.
