I just got back from a trip to New Mexico where I rented a car from Alamo. One of the many questions is how to pay for gas. I chose to return the car empty and pay Alamo's $2.73/gallon rate to refill it on return. The other option is to return it full, or pay over $4.00/gallon to fill it on return. The latter is more attractive to Alamo, so check your paperwork carefully, in case the rental agent "forgets" to use the right option (they did forget in my case, but switched it when I complained on returning the car).
I had a Chevy Malibu, I'm guessing a 2010. Almost all cars in the past few years come with an on-board computer that tells fuel economy in various ways, and how many miles left in the tank. Strangely, the Chevy Malibu didn't. I checked Chevy's web site and the new 2011 model comes with this computer as a standard option. So, either one of two things has happened: Chevy made the computer standard between 2010 and 2011, or Alamo has enough buying clout to get Chevy to make a rental-car version of the Malibu without this trip computer. And since the trip computer would have made it very easy to return the car with an empty tank, it is to Alamo's advantage to not have it.
I returned the car empty. And they charged me for 16 gallons of gas (which is pretty accurate, 16.1 gallons according to the website). But they charged me $2.73 plus 7% sales tax (which is the rate for the city I was in) plus 5% "leased gross receipt" plus a 9.89 percent "concession fee".
The sign on the desk said "$2.73 per gallon" with no asterisk or any information about the additional charges. I was told by the rental agent both on rental and return that $2.73 was the going rate of gas in the city. It wasn't. There were stations charging that much, but most charged less, and I bought gas at $2.57 in the suburbs.
When I buy gas at a station, they never charge sales tax. New Mexico actually doesn't have a sales tax, they have a gross receipts tax. But my bill shows me paying both.
The sign on the desk said $2.73/gallon. It didn't say anything about the almost 10% surcharge for a concession fee. Nor about the 7% and 5% taxes.
The amount is not much. I don't think an attorney general or the BBB would talk to me over this amount. But it is dishonest and unethical. Buying special model cars to prevent consumers from knowing how much gas in the tank is dishonest and unethical.
Sunday, November 21, 2010
Wednesday, March 24, 2010
Domain Registry of America
I just got a paper letter from Domain Registry of America telling me my domain was going to expire soon and I could renew with them for their best price. But they sent it to my home address, not the P.O.Box address I use for all domain contacts.
I don't know how they do this. I'm pretty sure I never used the address for any of my domains. The domain is actually my name (first and last) dot org. I haven't received any other letters like this for my other domains, so I think they have purchased a usps mailing list from someone and correlated it to domain names.
The letter in question was a pretty straightforward attempt to catch me sleeping. It stated my domain was about to expire, and I really really really needed to renew it, and by sending in 3 times the annual amount I currently pay they would be happy to transfer me to their service.
I don't know how they do this. I'm pretty sure I never used the address for any of my domains. The domain is actually my name (first and last) dot org. I haven't received any other letters like this for my other domains, so I think they have purchased a usps mailing list from someone and correlated it to domain names.
The letter in question was a pretty straightforward attempt to catch me sleeping. It stated my domain was about to expire, and I really really really needed to renew it, and by sending in 3 times the annual amount I currently pay they would be happy to transfer me to their service.
Friday, March 19, 2010
The latest facebook phishing scam
There's a facebook phishing e-mail going around, it tells you your password has been reset and the new password is in a zip file attached to the mail message. There's nothing unusual about the phishing attempt. It's unusual that it is receiving so much attention, but that isn't newsworthy to me.
What is unusual and newsworthy is the source of the e-mail addresses it was mailed to. I use a different e-mail address whenever I register at a website. Typically it is company name @ my domain. Not only does this lead to lots of fun confusion when I tell a company representative my e-mail address (I've been accused of lying), but it also lets me track if the company sells their e-mail list, or uses it in nefarious scamming ways.
And it lets me see when a company might have been hacked, and their e-mail list stolen. I've received two messages so far, one for my Roku (www.roku.com) e-mail, and one for my Big Brand Water Filter (www.bigbrandwater.com) e-mail. I don't know anything about Big Brand Water Filter, other than they sell cheap water filter parts, but Roku has always been a reputable company. I suspect their e-mail list has been stolen somehow.
Update: I cannot remember exactly in which context I used the roku address. I have purchased from them, and used their support forums, but I also had a professional relationship with them, and the only support forum account I could remember used my work e-mail address. The Big Brand Water Filter was used for a purchase, and only once I think. It is troublesome to think that the phishers hacked into servers and had access to sales data.
What is unusual and newsworthy is the source of the e-mail addresses it was mailed to. I use a different e-mail address whenever I register at a website. Typically it is company name @ my domain. Not only does this lead to lots of fun confusion when I tell a company representative my e-mail address (I've been accused of lying), but it also lets me track if the company sells their e-mail list, or uses it in nefarious scamming ways.
And it lets me see when a company might have been hacked, and their e-mail list stolen. I've received two messages so far, one for my Roku (www.roku.com) e-mail, and one for my Big Brand Water Filter (www.bigbrandwater.com) e-mail. I don't know anything about Big Brand Water Filter, other than they sell cheap water filter parts, but Roku has always been a reputable company. I suspect their e-mail list has been stolen somehow.
Update: I cannot remember exactly in which context I used the roku address. I have purchased from them, and used their support forums, but I also had a professional relationship with them, and the only support forum account I could remember used my work e-mail address. The Big Brand Water Filter was used for a purchase, and only once I think. It is troublesome to think that the phishers hacked into servers and had access to sales data.
Tuesday, July 7, 2009
Whither OS (homage to Monty Python's Whither Canada)
Google announced their Chrome OS today:
“We’re designing the OS to be fast and lightweight, to start up and get you onto the Web in a few seconds.”
A couple of years ago, my kids' computer was infected by a virus. They said "oh, just re-image it, we don't need anything on the disk."
I'm slowly repairing a goof on my music collection where I erased all track numbers, not a huge deal, but time consuming. But I look at that time, then at my wife happily using Pandora, and wonder why bother.
Where is your personal data? Mine, currently, is mostly on a server hosted on the opposite side of the country for dirt cheap. I ran a server in my house for a decade, but the hassle became far more expensive than the cheap hosting available. So is the data really mine anymore? Probably not, the hosting company has access to it, though that would be outside the terms of service. I still have my old server, with tons of pictures and music, too expensive to host remotely.
Ancient history: the behemoth computer that ran jobs constantly, and mere mortals could only have jobs run during the wee hours of the morning. Your data was on punched cards, and you got more data back in the form of a print-out. Then time-sharing came along, and instead of waiting overnight, you sat frustrated at the terminal hitting enter and wondering how many other damn people were using it. Your data was in an air-conditioned room somewhere, perhaps on a disk drive looking like a washing machine with a label on the front saying "don't place anything on this disk drive, it will break if you do." Then there was the personal computer, and you didn't have to wait for anyone else, but it couldn't do very much. Your data was on floppies, or maybe a 10 megabyte hard drive.
Then networking came into the picture, and where data lived got confused. At first, it was pretty clear. When you got an e-mail, it was downloaded to your account or PC and removed from the server. But then, laptops and multiple accounts came into the picture. I want my mail available no matter where I am, or what computer I am on, and of course I don't want anyone else to read it. I have a cool music playing program at home, why can't I use it at work? Or at the coffee shop? I can get to my bank account from anywhere, why not music?
Where is your personal data? What is your personal data?
How is it backed up or saved from loss?
How is your privacy protected?
Why would you buy a desktop system for home use?
These aren't rhetorical, I'd like to know. For me - my data is on my server, or my old server. It is websites, e-mail, notes, music and pictures. It's backed up by various means, including RAID. It used to be privacy was protected by me being the only one with access to my server, but that's no longer true. Now I don't know. And I don't think I'll ever buy a desktop system again. The only reason for this would be because I needed a lot of CPU power, memory or hard disk space, say for software development (other people might want it for gaming or similar high demand applications). But right now I access powerful remote systems to do software development, I don't need the power at home.
“We’re designing the OS to be fast and lightweight, to start up and get you onto the Web in a few seconds.”
A couple of years ago, my kids' computer was infected by a virus. They said "oh, just re-image it, we don't need anything on the disk."
I'm slowly repairing a goof on my music collection where I erased all track numbers, not a huge deal, but time consuming. But I look at that time, then at my wife happily using Pandora, and wonder why bother.
Where is your personal data? Mine, currently, is mostly on a server hosted on the opposite side of the country for dirt cheap. I ran a server in my house for a decade, but the hassle became far more expensive than the cheap hosting available. So is the data really mine anymore? Probably not, the hosting company has access to it, though that would be outside the terms of service. I still have my old server, with tons of pictures and music, too expensive to host remotely.
Ancient history: the behemoth computer that ran jobs constantly, and mere mortals could only have jobs run during the wee hours of the morning. Your data was on punched cards, and you got more data back in the form of a print-out. Then time-sharing came along, and instead of waiting overnight, you sat frustrated at the terminal hitting enter and wondering how many other damn people were using it. Your data was in an air-conditioned room somewhere, perhaps on a disk drive looking like a washing machine with a label on the front saying "don't place anything on this disk drive, it will break if you do." Then there was the personal computer, and you didn't have to wait for anyone else, but it couldn't do very much. Your data was on floppies, or maybe a 10 megabyte hard drive.
Then networking came into the picture, and where data lived got confused. At first, it was pretty clear. When you got an e-mail, it was downloaded to your account or PC and removed from the server. But then, laptops and multiple accounts came into the picture. I want my mail available no matter where I am, or what computer I am on, and of course I don't want anyone else to read it. I have a cool music playing program at home, why can't I use it at work? Or at the coffee shop? I can get to my bank account from anywhere, why not music?
Where is your personal data? What is your personal data?
How is it backed up or saved from loss?
How is your privacy protected?
Why would you buy a desktop system for home use?
These aren't rhetorical, I'd like to know. For me - my data is on my server, or my old server. It is websites, e-mail, notes, music and pictures. It's backed up by various means, including RAID. It used to be privacy was protected by me being the only one with access to my server, but that's no longer true. Now I don't know. And I don't think I'll ever buy a desktop system again. The only reason for this would be because I needed a lot of CPU power, memory or hard disk space, say for software development (other people might want it for gaming or similar high demand applications). But right now I access powerful remote systems to do software development, I don't need the power at home.
Thursday, July 31, 2008
What is U-Haul up to?
I moved - a pain, but not really blog-worthy. Except: I rented a U-Haul truck to carry our belongings across town. One of the big ones, fun to drive, gets 7mpg if going downhill with a tail wind.
There was this mystery box on the side of the cab, below the dash, just next to my left calf. Had a digital readout, two LED digits, that perhaps were tracking time, they went from 70 to 74 while I was using it. I'm remembering vague stories about rental car companies charging a fortune because their secret GPS tracked the guy going 80mph (which is a little amazing itself, my GPS once tracked me doing 150MPH even though I was doing about 60) so I watched my speed.
I asked the guy when I returned it: "so... what's that little box there with the readout". "Oh, it's for the brakes... you know... the brakes on these big trucks". I replied "yes, I know about air brakes, but what's that box *for*"? He's kind of blustery: "it's the brakes, you know... These big truck brakes...". I didn't question further.
I'm pretty sure it isn't for the brakes: it's an add-on box, and brakes are pretty integral. Plus, I don't think a gradually increasing pressure from 70 to 74 would be a good sign.
The question is: what is it? What sneaky data is U-Haul capturing?
And as long as we're on this subject, did you ever notice that Nickelback's song "Leader of Men", when played on the radio, leaves out the half verse that states "Turn your television off, and I will sing a song, and if you happen to have the urge, well you can sing along". It's a conspiracy between the music industry and U-Haul, I tell ya....
I'm going to go make a tin foil hat now.
There was this mystery box on the side of the cab, below the dash, just next to my left calf. Had a digital readout, two LED digits, that perhaps were tracking time, they went from 70 to 74 while I was using it. I'm remembering vague stories about rental car companies charging a fortune because their secret GPS tracked the guy going 80mph (which is a little amazing itself, my GPS once tracked me doing 150MPH even though I was doing about 60) so I watched my speed.
I asked the guy when I returned it: "so... what's that little box there with the readout". "Oh, it's for the brakes... you know... the brakes on these big trucks". I replied "yes, I know about air brakes, but what's that box *for*"? He's kind of blustery: "it's the brakes, you know... These big truck brakes...". I didn't question further.
I'm pretty sure it isn't for the brakes: it's an add-on box, and brakes are pretty integral. Plus, I don't think a gradually increasing pressure from 70 to 74 would be a good sign.
The question is: what is it? What sneaky data is U-Haul capturing?
And as long as we're on this subject, did you ever notice that Nickelback's song "Leader of Men", when played on the radio, leaves out the half verse that states "Turn your television off, and I will sing a song, and if you happen to have the urge, well you can sing along". It's a conspiracy between the music industry and U-Haul, I tell ya....
I'm going to go make a tin foil hat now.
Wednesday, February 13, 2008
An honest mistake?
I was watching the City Council on television one night, and they were dealing with restaurant owners who had failed the City's sting operation and served alcohol to a minor. One owner's defense - "It was an honest mistake" - was ignored (and probably correctly so).
But something happened recently that made me realize there are errors and there are errors, and perhaps an honest mistake is different than intentional malice.
Suppose we are managing a database of CDs, just a listing of CDs, their artists, titles and track names. Input comes from the community at large. Someone puts a new CD in their computer, it looks it up in the online database (via the Internet), and if it isn't found, they type in the info and it is submitted.
Suppose that instead of typing "The White Stripes", they enter "The White Stirpes". Or suppose that instead of entering all the track info carefully, they enter the first one, then get bored and then enter "track 2", "track 3", ... or worse, "asdf", "lkjh", ...
If the database is smart, it will recognized that "The White Stripes" and "The White Stirpes" are the same artist. And by carefully culling data from the online community, it can recognize that "The White Stripes" is correct, and "The White Stirpes" is a misspelling. Anyone else asking for info about "The White Stirpes" will then receive information about "The White Stripes", which is almost certainly what they want. (Yes, it's possible that Weird Al Yankovic will for a new band called "The White Stirpes"). This kind of error provides valuable information to the database.
But "track 2", "track 3" or "asdf", "lkjh" are not as valuable. "Track 2" is recognizable as filler, but random characters aren't. Neither provide the same information that an "honest" misspelling does.
In this case, honest mistakes are far better than intentional malice (well, intentional laziness).
Any other cases? Counterexamples?
But something happened recently that made me realize there are errors and there are errors, and perhaps an honest mistake is different than intentional malice.
Suppose we are managing a database of CDs, just a listing of CDs, their artists, titles and track names. Input comes from the community at large. Someone puts a new CD in their computer, it looks it up in the online database (via the Internet), and if it isn't found, they type in the info and it is submitted.
Suppose that instead of typing "The White Stripes", they enter "The White Stirpes". Or suppose that instead of entering all the track info carefully, they enter the first one, then get bored and then enter "track 2", "track 3", ... or worse, "asdf", "lkjh", ...
If the database is smart, it will recognized that "The White Stripes" and "The White Stirpes" are the same artist. And by carefully culling data from the online community, it can recognize that "The White Stripes" is correct, and "The White Stirpes" is a misspelling. Anyone else asking for info about "The White Stirpes" will then receive information about "The White Stripes", which is almost certainly what they want. (Yes, it's possible that Weird Al Yankovic will for a new band called "The White Stirpes"). This kind of error provides valuable information to the database.
But "track 2", "track 3" or "asdf", "lkjh" are not as valuable. "Track 2" is recognizable as filler, but random characters aren't. Neither provide the same information that an "honest" misspelling does.
In this case, honest mistakes are far better than intentional malice (well, intentional laziness).
Any other cases? Counterexamples?
Thursday, January 10, 2008
Spam from Coffee shops?
Bruce Schneier, one of my heroes, wrote that he runs an open WiFi at his home. One of his reasons was:
I run my own mail server at home, and originally configured it to accept the STARTTLS command. Running an open relay is a no-no, and so unless you have authentication credentials, connecting to my server from outside will only allow local delivery. With the credentials, you can send mail to anywhere.
One day soon after configuring this, I was sitting in a local coffee shop (I think it was Caribou, but I am not sure), sending an e-mail and got a strange error message: it didn't recognize the STARTTLS command. After a few minutes head scratching trying to understand why my server wasn't recognizing it, I realized that I wasn't connecting to my home server. The coffee shop wireless (on top of their auto-sign-in process) was stealing all port 25 traffic and feeding it to their own server. I'm just guessing, but I'd bet a lot that this is to prevent someone from walking in, grabbing a delicious cup of coffee and a scone, and sending a few thousand e-mails saying "Dearest one, I am a 200 year old senile senior citizen who wants to give you a 25,123,999 (twenty five million, one hundred twenty three thousand, nine hundred ninety nine) U. S. Dollars".
I began running a second mail server on a different port, and now it works fine. Port 25 is still for anyone sending me mail (including, unfortunately, spammers) and the other port is for me when I'm away from home.
One of the reasons I set up my own mail server was security: checking e-mail is done via secure IMAP, sending is done via encrypted SMTP, and theoretically, I can send myself a message and later read it, from anywhere in the world, securely. I don't have anything that really requires that much security, but it's cool to have it.
And yet, it's not perfect. A coffee shop/hot spot could run a man-in-the-middle attack by carefully watching my outgoing traffic, and if I'm not careful about certificates, they've got me. I'm not sure why they'd want to, but it's possible.
I can count five open wireless networks in coffee shops within a mile of my house, and any potential spammer is far more likely to sit in a warm room with a cup of coffee and a scone than in a cold car outside my house.
I run my own mail server at home, and originally configured it to accept the STARTTLS command. Running an open relay is a no-no, and so unless you have authentication credentials, connecting to my server from outside will only allow local delivery. With the credentials, you can send mail to anywhere.
One day soon after configuring this, I was sitting in a local coffee shop (I think it was Caribou, but I am not sure), sending an e-mail and got a strange error message: it didn't recognize the STARTTLS command. After a few minutes head scratching trying to understand why my server wasn't recognizing it, I realized that I wasn't connecting to my home server. The coffee shop wireless (on top of their auto-sign-in process) was stealing all port 25 traffic and feeding it to their own server. I'm just guessing, but I'd bet a lot that this is to prevent someone from walking in, grabbing a delicious cup of coffee and a scone, and sending a few thousand e-mails saying "Dearest one, I am a 200 year old senile senior citizen who wants to give you a 25,123,999 (twenty five million, one hundred twenty three thousand, nine hundred ninety nine) U. S. Dollars".
I began running a second mail server on a different port, and now it works fine. Port 25 is still for anyone sending me mail (including, unfortunately, spammers) and the other port is for me when I'm away from home.
One of the reasons I set up my own mail server was security: checking e-mail is done via secure IMAP, sending is done via encrypted SMTP, and theoretically, I can send myself a message and later read it, from anywhere in the world, securely. I don't have anything that really requires that much security, but it's cool to have it.
And yet, it's not perfect. A coffee shop/hot spot could run a man-in-the-middle attack by carefully watching my outgoing traffic, and if I'm not careful about certificates, they've got me. I'm not sure why they'd want to, but it's possible.
Subscribe to:
Posts (Atom)