Wednesday, December 2, 2015

Safeway Email Spam

It used to be just scammers and spammers would send you unwanted email. The CAN-SPAM act made it the law that companies had to provide an opt out process, and had to stop sending you email once you opted out. But we know how the law favors mega-corporations like Safeway, so more and more companies are realizing that this legislation isn't being enforced. Most companies, when called out, will say "oops" and blame technical difficulties before taking you off their mailing list. Just that alone provides a pretty high bar since you have to opt out, and then tell them that they aren't honoring your request. At which point they say something like "we apologize and value your privacy" to the people who jump through all the hoops.



And then there's companies like Epicurious, who are owned by overseas mega-corporations and don't seem to care. And right when I was down to only one company I couldn't get to stop spamming me, I get sick of Safeway's emails that look like a 12 year old was texting me, opted out twice over a two week span, and still get their emails. I opted out an extra time because I couldn't find the screen shots from last week, so this is opt out #3.

But where Epicurious is a shitty company owned in some far away land, Safeway is a store that's just down the street from me. Their prices are a little high, and their selection isn't that great, but they are close to me, and sometimes they have good coupons.

Having high prices and a mediocre selection, this Safeway next to me is never crowded. It doesn't seem like they have too many customers left like me to alienate, because they lost me as a customer. There's an Albertson's just as a close.

Right now is the beginning of the process. I opted out a couple times, and I'm posting the screen grab I made last week so that when I do the next installment of this post, it'll be easy to see that I didn't mess with the dates on the image, because their system says that it will take 24 hours to process the request. A week from now when I show a stack of emails, it'll be easy to see that they aren't honoring the request, if I don't get any farther in the process.

Bellow you can see it even has the address of the store that's no longer getting my business.






Thursday, November 19, 2015

FCC Response To Complaint Against Epicurious

Well, the FCC finally responded to my complaint. I wonder why big corporations like this can violate the law with no consequences, when, you know, there's no consequences. I'm really glad to hear that no further action is required, even though Epicurious continues to send me email almost two months after I pressed the unsubscribe button.

Oh, and I filed an FTC complaint the same day I filed the FCC complaint. I'm not holding my breath. Meanwhile, they send me spam every single day, weekends and holidays included.

FCC Consumer Complaints (FCC Complaints)
Nov 17, 10:32 AM
Hi Mark
Thank you for your submission. Your complaint provides the FCC with important information we can use to develop policies to protect consumers, remedy violations of the Communications Act, and encourage future compliance with the law.
The FCC appreciates the information you’ve shared with us. It appears that the Federal Trade Commission will be better able to assist you.
We urge you to contact that agency about this matter.
Please go to the Federal Trade Commission's Consumer website at http://www.consumer.ftc.gov/. You can review educational materials or file a complaint.

As such, no further action is required by the FCC. Your complaint was closed as of today.

Sunday, November 1, 2015

Android Explained: New Google Now Voice Commands

For anyone who ever said "Siri is nice, but Apple isn't my flavor of koolaid," then you will like some of the recent voice commands for Google Now. The voice commands were rudimentary at first, mostly focused on navigation. But in recent months, they have been really buffing it out with stuff you would expect to be there, like sending texts and alarms and such.

Being Google, there are some really cool commands in there like "do I need a jacket today?" and "turn on wifi".




Having suffered a neck injury a couple years ago, it affected one of my hands and made it hurt to text. Now it's easy to text someone by saying "OK Google text this person" and then you dictate the message with your voice, confirming at the end to send. This feature is still a little more basic than it should be, but already incredibly useful to someone like me who won't drink the Apple koolaid no matter how much it hurts to type.

Another of my favorite new voice commands is "OK Google set alarm for 9 AM"

Here is a really good writeup of the new commands as well. All you have to do is say "OK Google" to active a voice command. One of the commenters claimed that you can say "Ok dude" but that doesn't work for me.

Some of my useful favorites:


"What's the weather?"
"What time is it in [place]?"
"Navigate me to [place]"
"Send a text to [person]"
"Wake me up at [time]"
"Do I need a jacket?"
"What is the next turn?"
"What time will I get there?"
"Call [person]"
"Go go gadget [app]"
"Do I need an umbrella?"
"Read the last text"
"Are we there yet?"
"How far is [place]?"

Some of my fun favorite "easter eggs":


"Beam me up, Scotty"
"What does the fox say?"
"Who's on first?"
"Make me a sandwich"
"What is the airspeed velocity of an unladen Swallow?"
"What is the loneliest number?"
"Hello. My name is Inigo Montoya. You killed my father. Prepare to die."





Some of my interesting favorites:


"Flip a coin"
"How old is [person]?"
"Who is [person] married to?"
"Who wrote [book]?"
"When is [holiday]?"
"When is the next episode of [tv show]?"
"What is the tip for [amount]?"
"What is the word for [word] in [language]?"
"Is John Snow dead?"








Friday, October 30, 2015

Review: DoingOutdoor Panasonic NCR18650 Unprotected Lithium-Ion Cells [6 Pack]

From the day I started building USB power packs using 18650 lithium-ion cells harvested from laptop batteries, I've dreamed about replacing every single cell with brand new NCR18650B cells. These packs all take unprotected cells, which is good for my use because these Panasonics are known for being long.

But they are expensive, even direct from China, and a good many are intercepted because customs will arbitrarily decide these types of batteries are too dangerous to ship. They can be had on Amazon, but it's very hard to tell the fakes. Some of these fakes can fool some of the experts.

I decided to take my chances on Amazon, and I have heard of DoingOutdoor, so I bought two of their 6 pack of these cells for about $37 each pack. Pricey, but much cheaper than anywhere legitimate that I've found. I figured that if they weren't legit, then Amazon would take care of me.

Here is the official spec sheet from Panasonic, in PDF format.

Unboxing


The cells are wrapped individually in little cardboard boxes, so they are safe to ship. I doubt Amazon would allow anything unsafe since their name is on it too. They sure look legit to me. The color of the cells, weight, etc., all feel good in my hand.

Box of 6 Panasonic NCR18650B Lithium-Ion Cells, Individually Packaged


Testing


I figured the best way for someone like me to prove these cells are legitimate is to measure and weigh them, and test the capacity, both anecdotally in my 4x18650 Ruinovo USB power bank, as well as my analyzing charger. There's no way a fake is going to measure anywhere near 3400 on the charger, though it takes a LONG time to test these cells, because the charger does a full charge, discharge and then charge again, at 500 mA!

Four Panasonic NCR18650 Lithium-Ion Cells With Four Sony Laptop-Harvested Cells


Weights & Measures


Weight and length both look within spec. I took a random cell out of the box, and got 46 grams on my calibrated scale, and 65.01 mm on my calipers, which wanted to be at 65.00 but kept bouncing back and forth.
Panasonic NCR18650B Unprotected Cell - Caliper Measurement
Panasonic NCR18650B Unprotected Cell - Caliper Measurement

Panasonic NCR18650B Unprotected Cell - On Scale


Test #1 - USB Power Bank


This power bank had 4 decent and matched Sony cells harvested from a laptop battery. They all tested near 2,000 mAh before I put them in, so this has made a decent power pack the last year or so. And other than scratching and killing a couple electronic gadgets from being heavy and aluminum, this Ruinovo power bank has really done well, surviving being carted all over the country in the truck.

Ruinovo DIY USB Power Bank With 4 Panasonic NCR18650B Unprotected Cells

Ruinovo DIY USB Power Bank With 4 Panasonic NCR18650B Unprotected Cells - 2

Ruinovo DIY USB Power Bank With 4 Panasonic NCR18650B Unprotected Cells - 3

The unit charges from a micro USB port at 1 amp. When I first plugged it in, it registered about 25 percent charge, and spent 11 hours charging until it hit full, which is a completely reasonable number. This power pack is now 4-6 full charges for a modern smartphone, actual capacity!

Test #2 - Opus Analyzing Charger


This Opus analyzing charger has constantly surprised me with its results. Cells I thought were good have turned out to be garbage, and cells I thought were garbage have turned out to be workhorses. Science doesn't tell us how to live, but it can measure a battery's capacity like a boss.

These are two cells I pulled out at random and stuck in the charger, knowing it was going to be a long wait.

Test Results: Slot 1 was 3322 and Slot 2 was 3296. Not bad for their first charge cycle.

So, the Opus likes them.



Conclusions


These are the real deal. I started testing them immediately in case I would have to return them, but no need since that USB battery pack is now my precious, and I have the cells to build several more just like it. I have a 6x18650 DIY power bank coming within a week or so. Something that size should be fairly ridiculous with 6 of these bad boys in it.

Sure, there are about a million other USB power packs, but they almost universally lie about their capacity. Most give you the capacity that it would have if it had good cells in it like these, but they put varying degrees of awful Chinese cells in them, usually in the range of about 1,000 mAh each. Having a power pack with a real world capacity of about 13,000 mAh is about as good as you can get at any price.


Friday, October 23, 2015

Still Getting Email Spammed By Epicurious

Almost a month after I unsubscribed from the Epicurious emails, they are still spamming me every day. So far I have unsubscribed, tried to contact them, and filed both FCC and FTC complaints against them.

In the meantime, they happily continue to send me emails.


Thursday, October 22, 2015

Help Stop CISA

CISA is a truly awful cyber security bill that has nothing to do with security and everything to do with mass surveillance. Earlier today I dismissed what I thought was a pop-over ad, until I realized that it was a) on my own site! and b) a message from the Internet Defense League, which doesn't activate its messages very often, so I forget that I'm a member and have granted them the ability to put messages on my site when it's really important.

And this is really important. So, if you have a free moment, make sure to visit them or fill the form out on any of the sites they are putting their popovers on. There is also a "CISPA is back" site and lots of other good resources like Fight for the Future, change.org, and the Electronic Frontier Foundation.


Saturday, October 17, 2015

FCC Complaint Against Epicurious

Well, I still continue to get email spam from Epicurious every single day. They didn't honor the unsubscribe request, and I've escalated to filing complaints with the FCC and FTC.

Yesterday the FCC responding to me, saying that they are looking into my complaint, yay!

However, my prediction is that Epicurious will tell the FCC "oops, technical glitch, sorry," take me off their mailing list but continue to spam everyone else who didn't complain to the FCC. But the FCC has a newly-developed spine during Obama's second term, so we'll see how this plays out.

There are also a few more cards to play if I get no love from the FCC complaint. But I'm giving it a week or so before I keep at it. There's also the possibility that they could do something lame or stupid and draw attention to the issue.


Tuesday, October 13, 2015

OK Google For The People

The other night someone said "OK Google" to their phone, and every phone in the car responded with that "blunk" noise which means Google is listening to you, and all of our phones searched for "Does Wendy's still have the pretzel burger?" Spoiler alert: It doesn't.

Google listening when the phone is asleep in your pocket is a great feature. Except when it isn't.

Sunday, October 11, 2015

Epicurious Email Spam: Continuing Saga

This is a continuation of my first post about epcurious.com sending me unwanted spam emails every single day. I tried unsubscribing, I tried the official email contacts for their domain, and now I'm pondering my next move.

Long beholden to corporate interests, the FCC has recently developed a spine and has an online complaint form that they hopefully look at. Also, from looking at their site, it seems to make a difference whether spam has been going to my phone (wireless) or my desktop PC, in which case it looks like the FTC has a separate complaint form.

Since I read email on both my phone and my desktop computer, I'm going to file complaints with both the FCC and the FTC. The next escalation after this will be to start reporting the epicurious.com domain to individual email providers and keepers of black lists. If the large email providers start treating these emails as the spam they are, then they can stop that spam in its tracks by filtering it before it reaches folks like me.

Below is a screen shot of the FCC complaint I just filed. Usually when I reach about this level of effort, the company spamming me magically stops. But what about everyone else? This is a lot of effort to spend for every single spammer!




A quick visit to the FTC's site, where they say "If you try to unsubscribe from an email list and your request is not honored, file a complaint with the FTC." Uh, yeah, that's exactly what I want!

The FTC asked for company address, phone number, etc., so I Googled them and chose their Los Angeles office for the complaint.

And here we go, a fresh FTC complaint! I don't often need to go this far, but I did say it was on. Oh yes, it's still on.


I've worked in the corporate world, and getting complaints from "three letter agencies" of the government usually doesn't make the boss happy.

I'm sure they will say "oops, sorry, we'll fix it," which I guess is how this game is played. But I have a hard time believing that a large company like this doesn't have the capability to let people unsubscribe from their emails.

More like "Oops, we made a mistake in our financial best interests. Oops, we did it again. Oops, sorry."

 But either one of these agencies could make epicurious change their ways if they really wanted to. As I said, the FCC has recently grown a spine, and the FTC has always had one, so we'll see how this plays out...

Saturday, October 10, 2015

The Power Of Blogging

Friends and family often comment on how nice it would be to have a blog big enough to fight back
against bullies like spammers, scammers, shady businesses and all other companies and people who deserve to be called out for their bad behavior.

First, it's a lot of work. I think the main factor for the success of anything is the work you put into it. A blog is just a public diary--you still have to write!

Second, the real power of the blog to me is simply the power of search engines like Google, Bing, etc., to index all these blogs. Why should a huge corporation tremble in fear for a small fish like me calling out their behavior?

Because a blog post is a public, permanent record of their behavior. You may say "I'm too little to change anything" because your blog only has 2 readers. But a billion people could find what you wrote if they searched for it hard enough, even without any type of promotion of your blog. If you write something, and it doesn't suck, and people are looking for what you wrote, then they will find your blog.

So, the power of blogging is really the power of Google. And like other aspects of life, it's more what you do with it than how large you are!

Thursday, October 8, 2015

Epicurious Obnoxious Email Spam

Some companies have a lot of nerve. As some one who loves to cook, I went to their site and registered about a year ago, I don't remember what for. I also don't remember getting any emails from them until just recently, when they opened the floodgates of spam and started sending me email every day.

"May Take Up To"


I quickly hit 'unsubscribe' on 9-26-2015 and was taken to the following page, where it cheerfully informed me that it "may take up to 10 days" to process my request. At that point, I figured if they honored the unsubscribe request, then it would magically take the full 10 days.



A couple problems with the "may take up to 10 days":

1. They phrase it like some poor intern is in some back room somewhere, furiously typing all these requests. This gigantic corporation, owned by another gigantic holding corporation, is probably working their little fingers to nubs trying to honor your request. Yes, I'm sure that's it.

2. I build large, back end computer systems for a living, and I can assure you that the average database can execute a query to set some flag on some users account in closer to 10 thousandths of a second than 10 days. The computing power needed to set something a database is generally extremely small, even for large databases.

3. It seems a little deceptive to say that it may take up to 10 days, when they know for a fact it will take that long, because that's how they've likely programmed their system. I'd be interested to see even one legitimate case where it took less.

My guess is that 10 days is the most realistically plausible number a gigantic corporation thinks it can get away with. Also, companies that push the boundaries often don't honor unsubscribe requests at all.

Day After Day


True to their word on 9/26/2015 of "may take up to", they happily continued to send me emails every day:





Day 11, Day 12...


Who could have predicted that they wouldn't honor an unsubscribe request. Say it isn't so! I might have even read/liked some of those cooking tips if they weren't so obnoxious about it.


Ok, It's On


A company is supposed to honor an email unsubscribe request, at least in this country. A quick WHOIS check, and it sure looks like they are in this country.


I just sent an email just now to both email contacts listed for epicurious.com.



What Next?


Usually the next step in my spam hunting is where I report back that the company eventually replies back to me, informing me that it was a mistake, and taking me off the list. Oops. Now, what do you think the odds are that they start honoring all their unsubscribe requests after somebody points out the problem?


Tuesday, October 6, 2015

Amazon Guaranteed Shipping Is A Scam

Image result for amazon primeI'm a big lover of Amazon Prime. I place orders all the time, and most of the time with Prime, it make sense versus driving to somewhere like Target and paying a little more. Why spend that time and gas to drive across down when I can walk across the driveway?

Now, the main reason to drive to somewhere like Target or Home Depot is when you need it right now. But for the most part, waiting 2 days for prime isn't a problem. Except when it's 3 days. Or 4 days, or more.

The problem with Amazon is that they give you messages at checkout telling you that your order is guaranteed by a certain date, if you order within a certain time. Just the other night, I bought something, where it gave me the message that I would get it by Tuesday if I ordered in the next 29 minutes, so I clicked the order button.

But Amazon's "guaranteed delivery" is really just a best effort. It's not a real guarantee, which normally comes with some other promise. Guaranteed, or what?

If you can't answer the "or what?" part, then your guarantee is not worth anything. Here is a landing page which explains how to get that awesome guaranteed delivery. It all sounds great, but notice that the guarantee is the only promise. They even state "Note: Your delivery date promise for Guaranteed Accelerated Delivery will state Guaranteed and be displayed on the final page before you place the order." Notice that they don't tell you what will happen if your order doesn't arrive on time.

So it's a promise! They promise to get your package there on a certain date, not a promise to do their best to get it to you by that date--it's a promise to get it there on that date!

Supposedly buried in the fine print is the knowledge that you can get a free extension of your Prime service. It's not a horrible "or what?" but it still bugs me. They know when they break their promise because they know when something is delivered. But they are happy breaking their promises and letting you figure out what your recourse is.

As much as love Amazon, they are getting kind of slimy.

Update: After emailing them at cis@amazon.com they extended my Prime subscription by a month. That's something, but it still bugs me that guarantee something that's out of their control.


Saturday, September 26, 2015

Still Getting Distributed Denial Of Service (DDoS) Attacks

It's honestly not surprising that I would get hit with denial of service attacks after calling out spammers and other companies for poor behavior. The bigger shock wouldn't be getting this sort of attention, because most people double down on their dickery when you call them on it.


About the only reason I host my blog on Google's Blogger is that they can handle any amount of traffic. The day one of my posts goes viral, I'll get the advertising from the billion page views. Also, the day my blog gets attacked for making someone angry on the Internet, they'll really be attacking Google.

Good luck with that. Also, Google shows the attacks as page views, and they are attacking more than one, so thanks for making my blogs more popular!

Sunday, September 13, 2015

Video Hitching After Upgrade To Windows 10

I've done some searching on the Google-machine and it looks like I am not the only one having problems with my videos hitching and stuttering after my computer. My mouse was stuttering too, after the upgrade, but I moved it to a different USB port and haven't had the problem.

But I think I have it at least narrowed down. Windows has a decent design, but it has an Achilles' heel. Only a kernel mode driver can block hardware like a mouse. It looks to me like some common driver is having issues after the upgrade. My guess is something to do with USB, but that's just a guess.

Either way, it's annoying. I like Windows 10 overall, but every time technology advances, it seems like we take a step backwards, too.

Someday there will be a stealth update where the problem will just go away. Maybe they'll make some oblique reference to the problem. Hopefully it's soon, because a $50 phone these days can watch video without hitching.

Friday, August 28, 2015

Bank Of America: Major Grief

All I wanted was a paper bank statement so I could use it to establish Oregon residency. I need something official looking with my address on it and a postmark so that I can get things like a driver's licence here.

So, I went to their web site and there was an option to request a paper statement even though my account is set to paperless. I ordered the statement and waited. And waited. Finally I called their customer service.

Calling customer service was fun. First, it asked me to enter my ATM PIN number, which I did. The system happily informed me that the PIN number didn't match the phone number on file.What? I had to look up my full account number on their web site and key it in to the phone system just to proceed.

So, when I finally got to talk to a person, he asked me my first and last name, full address, date of birth and last 4 digits of my social security number. This is almost as much information as I opened the account with.

We started with me asking what was the problem calling into the phone system. We went over my phone number on their system and he said it looked right, but it was the telephone access PIN I needed to key in, not my ATM PIN, which the system specifically asked me for.

To setup a telephone PIN, he gave me a temporary PIN, and asked me to call the system, key in my full social security number plus the number 1, and then enter the temporary PIN, at which point it will supposedly let me create a real PIN. Seriously? The CSR didn't believe me that the phone system specifically asked me for the ATM pin number for the card ending in XXXX. But this can of worms wasn't even why I was calling, so I moved on.

I next asked the CSR if he could see what happened to the paper statement that I requested and which never arrived. He told me that it looked like they had sent it to my North Holly Street address in Anaheim. Which is great, but I haven't lived there in almost 20 years, and I didn't give them that address.

So, after discovering that they were using my 20 year old address that I never gave them, not even 20 years ago, and informing me that the problem was corrected, we started to order the paper statement. He supposedly verified everything and after a waiting period of 5 business days, their system will send me a paper statement for my most recent account period.

What a nightmare. I only chose "BofS" because they are the closest branch to where I moved, and two of my siblings bank there. I love my hillbilly Banner Bank but they don't have many branches near where I live, so I wanted something closer.

Thursday, August 13, 2015

Windows 10: The War On Privacy

Companies like Microsoft, Apple and Google should be the champions of our privacy. But these companies throw us under the bus just like every other company.

Windows 10 ups the ante by taking out options where you can tell it not to phone home, and even worse, phones home sometimes even where there are options to tell it not to. The folks over at Ars Technica have a great story about this issue.

It gets even more insidious. Reading the comments, it appears that Windows will selectively ignore the HOSTS file, which has been around as long as Windows has been around. This HOSTS file lets you map Internet address to other address.

Using the HOSTS file, you could for example make your computer stop connecting to "ads.somecompany.com" by mapping it to the IP address of 0.0.0.0, making all application and browser requests for that address simply fall into the void.

This mechanism of Windows has rarely been used, and today you'll mostly see it in adware blocking type apps and other situations where you don't want an application in Windows phoning home.

Now, the real story here to me is that Microsoft is now selectively bypassing HOSTS in the cases where you add Microsoft's own servers to the list in order to stop Windows 10 from phoning home without your permission.

 Below you can see the stock file that comes with Windows. It was a great feature for many years and still can be as long as you don't put an address that Microsoft will bypass the HOSTS for, and right now that list of exceptions is unknown.

HOSTS is typically located at c:\windows\systerm32\drivers\etc

Now that HOSTS can't be trusted, the only way to stop Windows 10 from phoning home is to use a dedicated firewall on your network, whether it be features built into your router or a dedicated machine. If you have the right router, you can flash it to DD-WRT open source firmware and turn it into a $1000 router.

In the war on privacy, pretty much everyone is your enemy, and the battlefield is sitting on your desk. And in the war on privacy, you are a combatant whether you wish to be or not.

Saturday, August 1, 2015

No, I Don't Want A Target Credit Card

I've been saying this for a while now: Most big businesses at some point have just dropped all pretense of caring about their customers in the name of short term profit.

Today I was in Target just grabbing a couple of quick items. The two people in front of me didn't have much either, but it took 20 minutes to checkout because all of us had to sit through a very clumsy presentation on the glory that is the Target credit card, with its 5% cash back. But wait, there's more! Somehow this magical credit card can be used just like a debit card. Yep, it does everything.

The woman in front of me was obviously uncomfortable and trying to be polite, though she was cornered by the pushy cashier. He was putting her on the spot, to where she would need to be gruff to escape the situation, but she didn't want to do that, so she half played along until she found her moment to flee and said "ok I'll think about it, thanks" and practically ran out of the store.

When I got to the front, I was asked if I was prepared to save 5% today. I informed the cashier that I was prepared to save zero percent and that my savings of zero percent was intentional, and by design. The cashier happily treated me like I was on drugs. "Zero percent, huh? Why wouldn't you want to save 5% on all your purchases at Target? There's no reason not to."

I leaned in a little, looked him in the eyes and said "because I really don't want a Target credit card." Defeated, he said "well, let me know if you change your mind" and a quick, sarcastic "yeah, I'll do that" ended the exchange.

The real answer of course is that I don't think much of Target, or any company that would put more effort into sales of its credit cards than actual customer service. I don't blame the poor guy who was taking his corporate mandate and running with it. A brother's got to eat. No, this was Target clearly putting him in the same position he was trying to put me in.

Huge, publicly traded companies must continue to grow for no real reason other than they are expected to grow. Even if they have to resort to being obnoxious, and even if that level of dickery will harm their profits in the long term.

 It was nice in the old days where stores at least pretended to care about their customers. You could chit chat with the store employees and it was almost like everyone was an actual human being. Nowadays, every transaction at every store is a high pressure sales pitch, once only reserved for used car lots.

There's a few exceptions of course, and some stores have varying levels of class, like the low key "savings cards" you'll find at stores like Safeway or Fred Meyers. No pressure, but you'll just overpay on about half your items.

Wednesday, July 22, 2015

AT&T Spam

Most companies have just dropped all pretense of pretending to respect their customers. The goal of most companies these days is to grab your attention and get you to buy something before your attention is lost. I'm pretty sure they think you and I are too stupid to remember something like a company trying to trick you into buying their products or clicking on their links. Besides, everyone else is doing it. What phone company, bank, insurance company, etc. treats anyone like a valued customer these days? They treat you like you are a rag to wring out is how they treat you.

And AT&T didn't care if you hated them when they were the only phone company in the country before they were broken up for being a monopoly, and they don't care if you hate them now. So, it's not surprising that they would try to trick their wireless customers, especially the under-privileged prepaid customers.

I got this email with a subject saying "Prepaid: Action Required" and I thought "WTF, I  better read it in case they suddenly think I didn't pay my bill." since they play so many shenanigans with their prepaid non-customers.

The email says:

Because you're a valued customer, we'd like to keep you up to date with announcements and service updates throughout the year. To make sure you're receiving these notifications, we're writing to confirm we have your current email address.


This is so full of wrong. First, they don't even treat me like a customer in the first place. Prepaid is totally different from their main wireless operations--you even pay your bill at a different web site. I don't think I'm technically even an AT&T customer--I think it's "go" something. Second, they know my phone number and already use text messages to give me notifications (and spam).

Just today I got this super awesome notification in the form of a text message, so I know they have no problem reaching me.


Great news! They caved into marketing pressure from their competitors and decided not to screw me out of data I paid for. 

And third, what part of their email required action? 

What I think happened is that they put "prepaid: action required" to scare me, a lowly under-privileged prepaid phone user, into looking at an email that was only confirming they have the right email so they can start sending me email spam in addition to text spam. By the way, I did send "Stop" as a reply to the above text, so we'll see if they honor it.



Tuesday, July 14, 2015

Experian: The Spammer's Friend

Many of you will know Experian as one of the three credit scoring bureaus. This mega-corporation compiles vast amounts of data on every human being it can, all without their permission, and sells this info along with a "score" to show that human's financial worthiness.

But Experian also runs one of the largest email marketing firms, Cheetahmail, which they bought more than 10 years ago!

Here's a quote from their press release:
The acquisition is designed to help Experian, Costa Mesa, CA, bolster its direct marketing services, particularly in aiding clients in sending more highly targeted e-mails to their opt-in subscriber lists. Terms of the deal were not disclosed.
Sweet! Who doesn't love highly targeted emails? Notice above that they said "opt-in" as part of the press release wording.

They have a Corporate Privacy Policy which states that clients are not to send unsolicited spam:
Corporate email client anti-spam policy: Clients of Experian CheetahMail have agreed to not send unsolicited commercial email through our systems. Any client who violates this agreement is subject to privacy review, services termination and potential legal action.
So far, so good, except that I have been receiving spam from one of their clients as detailed in this blog post. I recently sent them an email asking them to look into their spamming client, but it was returned 3 days later as "Undelivered Mail Returned To Sender".

Their email provider, Cheetahmail, does provide a way to report abuse, and I sent them this email.

But now the abuse email abuse@cheetahmail.com bounces back as undeliverable! It's not hard to find others leveling criticism at their operation.

Notice their bounce mail indicates that I should contact the postmaster, but also notice there's no contact info provided. That is my next project: to find someone to report the problem with the abuse mechanism so I can stop being spammed by one of their clients. The "details.txt" attachment from the bounced mail also looked a little wonky. "delivery temporarily suspended" sounds fishy to me. I wonder if I tried again...

I will update this article if/when I get their attention.So far running a Google query on "Cheetahmail Postmaster Address" and I found a couple people saying that Cheetahmail ignores reports to the abuse or postmaster addresses. I'm surprised anyone even knows their postmaster address.

UPDATE 7/20/2015: They contacted me a few days ago and told me that they had me taken of their spammy client's mailing list. Nice. It only took thousands of keystrokes to make that happen. One of my readers commented in the other post that they had the same problem with emails to their abuse department bouncing. Oops.

It just seems really fishy that one of the world's largest email service providers can't properly configure their account that receives notices of abuse about their clients, while their their spammy clients seem to work fine. It's one thing if a hair salon doesn't seem very savvy with email, but this is an email service provider.

It's almost like some of these companies are saying "Oops, we did what was financially in our best interest, even though it was ethically questionable. Oops, we did it again. Oops, we did it again. Oops, our stock price went up." It just seems fishy.

UPDATE 2/16/2016: I sent a test email to the Cheetahmail abuse address as a followup to this article, and got a quick response back. It looks like they are being responsive, which is a good thing for everyone. Most of the time it doesn't seem like I gain any ground in the fight against spam, so this is a happy moment.

Sunday, July 5, 2015

Miniinthebox.com Spammers

A couple years I did a couple small orders with miniinthebox.com and I've regretted it ever since. The orders actually shipped and were fine, but I've been constantly email spammed by them since that time, and their emails have been getting progressively more obnoxious. Unsubscribing from their email has no effect.

Not only does unsubscribing from their email offers have no effect, this is one of the few companies I've found that does not appear to have a single contact point that I can find. They get horrible reviews, and I'm not the only one accusing them of being spammers.

Notice below that the email from miniinthebox doesn't even have a return address to their domain.

It has the word 'trust' in the subject line, better open it soon!


On the site gethuman.com, it lists Mini In The Box's reasoning for not having any email address to contact the company:

- Few miniinthebox.com customers have wanted it
- They simply don't use email for support
- They don't feel email is secure

...and yet they have no problem filling my inbox with email I don't want and have no way of turning off or contacting them to turn off. Smells a little funny to me. I've seen these Chinese super-stores have some pretty nonsensical behavior, but I haven't seen one stoop this low or lay it on so thick.

This is not a good company by any stretch of the imagination and I highly recommend avoiding them like you would an infectious disease.

Notice below that when you unsubscribe, it's not even the same domain, and you can see the second hint of trouble by the wording it gives you. Like "You've unsubscribed but don't worry, you'll still enjoy our spam."

Wait, what?
From this point on I'm going to definitely pay attention and document all the spam they send me, and will try to come back to this article.

Below is the domain registration information for miniinthebox.com. Notice that they have enabled privacy protection to obscure the public information about their web site. Who a web site belongs to has always been public record, until the registrars decided they could milk the shit out of their customers and sell them privacy. Mini in the box is a Chinese company that's definitely not located in Florida with any phone numbers that ring anywhere in America.


A shady company that's done everything they can to make themselves hard to contact, say it aint so!

UPDATE 7/12/2015

Here they are again in my inbox. I'm not going to try to unsubscribe anymore. That ship has sailed. They appear to have a legitimate email provider and I have sent an email to their abuse department to  see what they might think of their client's spammy habits.


UPDATE 7/20/2015: After the email request to Cheetahmail's abuse department bounced and I blogged about it, they contacted me and told me that they took my name off the Miniinthebox mailing list.

Wednesday, June 24, 2015

Your ISP Could Be Using Javascript Injection Attacks Against You

You are sitting at your computer surfing the web like the time waster you are. You click on a web site link and the web site comes up. But another tab opens asking you to take a short survey. Even novice computer users are skeptical these days with all the hacks, attacks and phishing attacks.

But you are not on a shady site. You just got a popup from a legitimate site asking you to take a survey from your local Internet provider. Maybe you close the popup and ignore it. But an hour later, the same popup appears on a different web site.

Are all those companies in cahoots, or is your computer infected? What's going on?

What's happening is that your Internet provider is using hacking techniques on you in order to put that survey tab in front of your eyeballs. When you go to load a web page, your provider gives you the web page you asked for, but injects its own code into that web page, masquerading as part of the page.

Now, your browser doesn't think there's any security issue because that injected code is pretending to be part of the page you asked for. The browser has no way of knowing what should be the legitimate content of that legitimate site you are trying to browse.

You trust your Internet provider to give you the content of web sites you visit. That's the whole point of their service. But your trust is misplaced for several reasons, and one of these reasons is these man-in-the-middle style attacks where they trick the browser into accepting code that's not part of the site you are browsing.

Does it sound like hacking to you? It sounds like hacking to me. I'm not lawyer but I was under the impression that these type of attacks are exactly what the Computer Fraud and Abuse Act was created for, if only for high-value computers. Again, I'm no lawyer, but since the ISP is injecting these surveys into everyone's traffic, doesn't that mean any bank or government employee who sees this survey is a victim of a man-in-the-middle hacking attack under the CFAA?

Other than the recent backbone shown by the FCC comminsioner with net neutrality, when it comes to technology, the law for the most part does not apply to large corporations. It's usually the Aaron Swartz's of the world that technology law applies to.

They threatened Aaron Swartz with 30 years for making copies of public domain documents before he took his own life. What jail time do you think anyone at Comcast will do for using black hat hacking techniques against you in order to show you surveys?

And everything in this post so far ignores the security implications of not being able to verify the authenticity of this on-the-fly injected javascript code. How do I know the difference between this opportunity to tell my provider how much they suck and a black hat attack, trying to steal my identity?



Wednesday, June 10, 2015

Clickbait Must Be Stopped

Early TV was free. If you owned a television set from the 1950's all the way up through the early 1980's, free programming was the norm. Most people understood it was free because sponsors paid large sums to these stations to sell us more beer, soda and cars.

Newspapers traditionally have cost money. They take plenty of money from advertisers, but they have other costs involved with printing and transporting their media around, unlike a TV station that just beams a signal out. Most people understood that it was a decent value to pay a small amount to buy a newspaper.

Enter the Internet, where not just media but all forms of information move at the speed of light. And with it came societal expectations for news more in line with broadcast TV. Now the "signal" is a web site, but conceptually it's similar.



With the Internet, lots of media companies and just companies in general had to change the way they do business. I'm not going to pay a dollar to find out what happened overseas yesterday. I understand that just like for broadcast TV, these media companies are still taking in vast sums of money from advertisers, and seeing ads on a web site doesn't bother me in the least.

...Except that somewhere along the line, the tone of these media companies changed dramatically. Some of them didn't meet their ridiculous estimates to grow to a size big enough to blot out the sun. Some media companies even *gasp* lost  money because they refused to adapt.

Did they blame their own complacency or hubris for refusing to capitalize on what's obviously a lucrative medium like the Internet? Nope. They saw the Internet as bad, and they saw you the customer as a freeloading potential thief.

Since you have the poor taste to try to find out what's happening in the world without having to pay one of a handful of gatekeepers, you are obviously a freeloader trying to steal legitimate content off the hard working backs of the mega-media-corporations.

It should then be no surprise that most of the big media web sites are partners hand-in-hand with click bait, shock photo ad banner farms with no ethics or scruples whatsoever. The "good" ones will put "sponsored" in tiny letters.

Some corporations have grown so big that they just dropped all pretense of caring about their customers or their own conduct as corporate citizens.

I remember reading iconic magazines like Popular Mechanics and newspapers like the LA Times growing up, and none of these proud institutions went out of their way to steer your towards their advertisers by pretending that their ads were content and news articles.

This behavior of throwing you, the reader, under the bus to make a few extra bucks from their uber-aggressive advertisers is shamefully commonplace among even the biggest news sites. I won't even go into depth that most of the new sites these days are clickbait sites.

In my opinion, if the business model of your company involves tricking people into clicking on ads you know they probably don't want to see because they think it's your content, then you are only diluting and devaluing your own content over time. I think many of these huge media corporations are click-baiting themselves out of a job.

My blogs have ads and affiliate links. They pretty much have to, though it barely covers my own expenses of running my sites. I put the ads where Google tells me it thinks I should put them and it looks reasonable to me. For every business decision about my blog, I ask myself "would my mom approve?"

Everyone tells me "You are so good at this stuff-- you should be making millions on the Interwebs." And I say "Yep, I probably could. All I have to do is stop being passionate about writing real content and start cranking out the cat photos and clickbait captions like "12 reasons why these cute kittens will be dead tomorrow" and "Emily Blunt wore what dress?" which take them to even shadier sites, in an increasingly-shameful progression of faux content usually ending in the purchase of a Chinese made waffle iron or similar high margin item. No, I won't do that. But that's OK, because there's only about a million hands up saying "I will!" So: I get to be poor for my ideals--go me.

What will stop clickbait? Well, there are some good news apps for phones and tablets which seem good at filtering it out and showing just bona fide news, eventually you will get linked to something that will spam you with clickbait.

Thursday, May 28, 2015

FM Radio On Your PC For 17 Bucks

Ever since discovering my new favorite toy a month or so ago, the SDR radio USB dongle for my computer, I've been finding all these fun things I can do with it.

Currently I'm living in a cabin in the woods which barely has reliable power and Internet. The big power items are my fridge and desktop computer, all being powered by a long strand of romex to the neighbor's house, and I'd rather not push it with more devices like an FM stereo receiver. I already have a sound system on my PC.

So, finding out that this SDR dongle receives stereo FM was immediately appealing to me. It took a week of playing with it, but I finally have about a half dozen radio stations getting a good signal here in a valley which is known for not getting a reliable signal for anything!

1. Get An SDR Dongle


There's a million of these dongles out there based on the Realtek RTL2832U chipset. They vary in price from about $24 all the way down to $10. I paid about $12 for mine, and I've noticed the price fluctuates a little bit in either direction with every seller almost, so look around before you buy it.

2. Get An MCX Male To Coax Male Connector


This little dongle comes with a tiny antenna which is barely good enough to show you what an awesome device you have. It might even be good enough for an urban area depending on where you are. But I'm in the middle of nowhere, so I need a real antenna. The problem is that most FM antennas are coax, and this dongle comes with an MCX connector.

In order to attach a third party antenna, you'll want to make sure you have the adapter.


Above you can see the special adapter allowing me to plug in the FM antenna

3. Get An FM Antenna


The market is flooded with thousands of different kinds of FM antennas. There's enough antennas to devote an entire blog too, not just an article. But once you have the adapter above, you can connect it to anything coax and even make an old school dipole antenna if you want.

What I ended up doing was using a fancy amplified indoor antenna like this one that my sister gave me. I bought another strand of coax cable to make it longer and ended up mounting it outside. We'll see whether it stands up to the elements. It works awesome and I haven't even connected the little signal booster it comes with.


The flat indoor antenna sitting right below the cellular signal booster antenna

4. Install The Software


Once you have the dongle plugged into a USB port  and connected to a real antenna, all that's left is to install some software. I have personally connected my SDR dongle into Android tablets and even my Raspberry Pi 2, but so far I like running it best on Windows with SDRSharp because it's so easy to use.

Below is a screen shot of what I've heard referred to as "the most complicated way possible to listen to FM radio" but I think it's cool. You also have so many more settings to fiddle with. The taller the wave form, the better the signal.

Notice that it even shows the song and station info if the station supports it

5. Fine Tune Your Antenna


Once it's all setup and you're receiving FM radio, you can move the antenna around and experiment by seeing which stations get a better signal with the antenna in different positions. I picked a spot outside right next to the cellular GSM signal booster where it gets the best reception for my favorite station and also gets good reception for the local police / fire / medical services.

Final Thoughts


Combined with a good sound system, this setup gives me great sound from my favorite station, 97.1 Charlie FM in Portland, OR. It came in at a total cost of about $17: $12 for the dongle and $5 for the adapter. If you can't find an antenna lying around or don't want to build one for free / cheap, then add the cost of an antenna and you're still nowhere near what a good FM receiver costs, and I consider this setup a good FM receiver.

Another thing to keep in mind is that most of the software programs to play FM radio could use a good chunk of your CPU's processing power if you are using an old PC or tablet. My PC is older but it has a 6 core AMD Phenom II inside of it, so there's no problem. My new quad core Raspberry Pi also plays FM radio with no problem, though I have read that older versions could have trouble with certain software.


Friday, May 1, 2015

Adventures in SDR: Software Defined Radio For Cheap

Background (Not For TV!)


My quest originally involved looking for a cheap TV tuner while I stay out in a cabin in the woods, rehabbing my sister's property in a very rural area. I can get satellite but I don't watch much TV. I could stream Netflix or something but I'm lucky to have this semi-reliable, low-bandwidth Wi-Fi connection across a small valley to the neighbor's house.

So I bought this $13 dongle from Amazon which says "TV" in its name. I didn't catch that other identical versions of this product from other sellers had obvious reviews complaining that this USB dongle did not decode ATSC, meaning you can not use it to watch TV in the USA. The only reviews I noticed just mentioned how awesome this device is.

For anyone who doesn't understand, the irony of these USB devices based on the RTL2832U chipset is that they can basically receive anything but TV.

I was about to return this dongle when I did a little research, stumbling on one of the coolest hobbyist toys I've ever owned, and the second most fun I've ever had for 13 bucks.

Software Defined Radio: SDR


It's exactly what it sounds like: a programmable tuner. Mine has the Rafael Micro R820T tuner in it, meaning it can receive radio frequencies from 24 MHz to 1766 MHz, which is a very wide range for something under 20 dollars.

Lucky for us, an electronics enthusiast discovered a fluke (?) in the chipset of these dongles a few years ago, and now there's a whole community and a boat load of software making use of this dongle. There are applications for Linux, Android and Windows which can do everything from receive FM radio transmissions to police scanners and even some exotic things like pick up airplane transponder data and satellite signals.


Magnetic base stuck to a wood screw!


What Can It Pick Up? 


This dongle can basically pick up any signal in its frequency range, which is wide. Not only is the frequency range large, but so are the implications for its use because most of us take for granted all the little wireless gadgets we have.


  • CB: Citizen's Band
  • FM Stereo Radio 
  • Standard Police and Fire Frequencies
  • Weather and Emergency Broadcasts
  • CDMA and GSM celluar signals from phones and towers
  • Family Radio and other store-bought walkie talkie frequencies
  • Store bought baby monitors and similar devices
  • Automotive key fobs and garage door openers
  • Weather balloons
  • Radio Astronomy
  • Airplane transponder data

Jeez, What Can't It Pick Up?


  • American ATSC TV, which it doesn't have the bandwidth for.
  • Ham radio is below its range, and so is AM radio
  • Wi-Fi is above its range
  • Most land-line wireless phones are above its range
  • It obviously can't decrypt encrypted radio transmissions

The Sky Is The Limit


Actually since this thing can pick up signals from airplane transponders and satellites, so the sky isn't the limit. For the most part, the capabilities of this device is limited more by the software than the hardware. It can't fully decode ATSC television signals, though there is an app which can partially decode TV and give you an almost clear black-and-white TV picture ... no thanks.

The great thing about these RTL2832U dongles is that they run on so many platforms. I just ordered a Raspberry Pi 2 kit yesterday and I intend to hook it up to my dongle and put my SDR device on the network.

SDR# Software For Windows


If you are using this device for Windows, which most of us are, then your best best is probably SDR# which is pronounced "SDR Sharp" because it is written in the C# language and is open source. Here is a link to their web site. Once you download the ZIP file, all you need to do is:
  1. Unzip the ZIP file into its own folder
  2. Run the installer batch file and let it download the software
  3. Run the zadiag.exe diagnostic program, list the devices, and install the driver for your dongle
  4. Run SDR sharp and choose "RTL-SDR / USB" for your device
  5. Press the Play button
To listen to FM radio, just tune somewhere between 88,000,000 and 108,000,00 making sure to select "WFM" as your modulation setting. What's nice about SDR#'s built in FM radio is that it picks up the song and station information as you can see in the screen shot below. I've seen it called "the most complicated way possible to listen to FM radio"


There are lots of plugins on their web site, and I use one as a scanner, where I can set the frequency range and cut it loose to listen to local fire, police and medical. Below the scanner stopped to listen to the local police dispatch. 




More Resources for Software Defined Radio


The SDR Wiki Page is a good starting point
RTL-SDR.COM is a good resource
OSMOCOM who are the experts
SDR# is a must if you are using Windows
Hack RF is a powerful but expensive alternative platform
Web SDR radios can be connected to and controlled over the web!
Reddit has a whole community devoted to SDR

Friday, March 27, 2015

Petco Spammers

I love Petco. The wife got to keep the Petco account with our recent breakup, so I went ahead and got my own rewards card, which obviously you have to put your email on. I mentioned that I love Petco, right? So I gave them my real email address, and that's where I started liking them less.

The first couple days I got probably a dozen emails from them. Well I just signed up, so maybe they have a lot of good deals to tell me about. And then the next day, just as many emails, and the day after that.

About the third day after getting my new rewards card, I went to their site and opted out of all their emails. They sent me confirmation that I had opted out, and reminded me in the email that it would take a while to "process" my request. So they continued to spam me for about 24 hours after that.

I had almost forgot about them when I started getting spam yesterday. Just a few little spam emails, not the onslaught I originally got. But I have opted out of all email communication from them. You would think in this age of big data, a large database would not "forget" that I told the company I didn't want any more emails from them.

There's no excuse for companies like this to push the envelope with not only my decades of good will as a customer, but the law as well. I'm sure if I could magically talk to one of their executives, they would say something like "oops, we're still working on that" when we all know it's in their best financial interest to make lots of mistakes with their email marketing. Mistakes that I'm guessing are all in their favor.

So, I'm doing about what anyone can do, which is make my complaint on my blog where a mega-company like Petco can't spin the facts, and the fact is that they don't honor their opt-out email operations.

Over the last couple months I've really cut down the spam in my many inboxes, mostly by holding legitimate companies to their opt out, which I'm sad to say almost never happens simply by opting out. I normally have to make a big production out of it.