Random Thoughts – Randosity!

Why you should NOT use Disqus on your site!

Posted in botch, business, california by commorancy on October 26, 2017

What is Disqus (pronounced discuss)? This is a service that purports to offer an embedded comment / discussion service to your blog or website. Seems like a good feature, but let’s explore why this service shouldn’t be used.

Discussion Forums

Any good blog site or article site should offer a way to allow for comments. However, I find far too many sites that don’t offer comments at all. This is not the focus of this article, but it is one of my pet peeves. Should you choose to add a discussion or comment service, you should not consider using Disqus at all. Why?

Every good discussion package should offer a way to moderate posts and see every post that’s been submitted to your article. I believe that while Disqus does offer moderation, it also has a built-in spam detection package that hides posts from you that have been detected as spam. The problem with using Disqus, is that not only is their spam detection heinously faulty by filtering out many valid posts as false positives, Disqus does nothing about it. This means that as a site owner, you could be losing many, many valuable and valid comments to Disqus’s spam detection system.

As a site owner, you won’t even get to see those detected posts to know they were even there. They are simply hidden in the user’s profile on Disqus who posted their comment. Secondarily, the person leaving the comment can do nothing to get their comment unspammed. Once it’s detected by Disqus’s spam filter, that comment is lost for all eternity. Disqus not only does not monitor these failures nor do they don’t do anything about them.

If a user clicks on the This is not spam button, nothing happens. The post is not reposted. No one at Disqus looks at the comment. No one approves it. So, the comment remains in perpetual limbo solely on the user’s Disqus profile.

Disqus as a Discussion Service

As a site owner contemplating embedding Disqus as a comment platform for your site, you will want to know that the comments that your readers post will appear timely and fully. This is guaranteed not to happen with Disqus. You don’t want to use a half-baked discussion system thinking you’re actually getting to see all comments on your posts. With Disqus, I’d guess at least 50% of all comments left on an article are lost to Disqus’s extremely stupid spam filtering system. That number might even be higher than that. If you actually want to see all participation on your posts, you should find another system to enable comments on your articles. DO NOT rely on the Disqus platform as they WILL lose valuable comments from your readers… comments that you will never see.

If you really value your reader’s feedback, do yourself a favor and DO NOT USE Disqus as a platform. Until this company actually gives a damn about your users and actually gives you the tools to manage every user response (spam filtered or not), you should find another service to add discussion feedback to your articles that you post.

Better, lead your users to a Facebook page or other social media site where open discussions are, in fact, permitted without the draconian spam engine that Disqus currently uses to hide valid and valuable comments from you.

Tagged with: , ,

Beware of Silicon Valley Clean Energy and energy slamming

Posted in botch, business, california by commorancy on September 19, 2017

If you live in California, you need to read this. This situation has scam written ALL OVER IT. Let’s explore.

State / City Mandated ‘Clean Energy’

Apparently, as a result of city voting, some cities (such as Cupertino) have decided to force residents in that city to change their power generation provider to a third party instead of PG&E. In my case, it ends up being the scam outfit Silicon Valley Clean Energy. Why are they a scam? Here’s what happened.

First, they enrolled my electrical generation service under SVCE’s generation service without my permission. Then, SVCE waited over 60 days to notify me of my enrollment into their power generation service. Because they offered opting out at less than 60 days for free, this means I am not only being assessed a $5 exit fee from SVCE and I am now being put under PG&E’s transitional rates (which are likely to be higher than normal PG&E for at least 6 months). Oh, it gets even better.

Second, because I was force exited from PG&E’s generation services, PG&E gets to assess a Power charge indifference adjustment (PCIA) charge (effectively it is an exit charge for leaving PG&E’s power generation services). This charge on my last bill was $25.60. If you add this charge together with SVCE’s power generation charges, the total generation fee becomes identical to PG&E’s generation charges. If you spread this fee out over 12 months, SVCE’s charges aren’t as low as they seem. Also, this PCIA seems to be assessed once a year (or as frequently as the CPUC allows PG&E to assess it). Basically, this is a charge that PG&E gets to assess to cover generation fees they lost because you moved to a competitor. And, they get to do it each year.

Third, SVCE’s crap web site would not accept my opt-out request. Their opt-out form is entirely broken. I ended up calling their phone and opt-ing out there. Unfortunately, I have no idea if they really got my opt-out request because this fly-by-night outfit only has 9-5 call-center business hours. So, I have to wait until the following day and contact them.

Fourth, I was only notified of my ‘enrollment’ in this service because of a cheap card sent to me in the mail over 60 days after my enrollment.

Fifth, they make a lot of bold claims about using wind and solar energy for generation, but do not back up those claims anywhere. They could simply be buying PG&E generated power and reselling it.

Charges and electric slamming

Not only does PG&E get to assess random charges as a result of the customer is now using a third party power generation company, the power generation company gets to assess random exit charges for leaving their service when I never voluntarily joined it in the first place.

This entire situation smells of CLASS ACTION LAWSUIT. So far, I will have been assessed around $35 in fees plus an unknown amount for rates (up to 6 months) simply because SVCE grabbed my service without notifying me timely. This is the exact thing that long distance phone companies were doing in the 90’s. It is called slamming. This scam type is just another form of state / city endorsed slamming, now with the electric service.

The Feds need to jump on board and stop this slamming activity quick and force the same payback charges on the company who slammed the customer. Here’s what long distance providers were forced to do if they slammed someone onto their service and the end user paid the bill:

If you have been slammed, but discover it after you HAVE paid the bill of the slamming company, the slamming company must pay your authorized company 150 percent of the charges you paid the slamming company. Out of this amount, your authorized company will reimburse you 50 percent of the charges you paid the slamming company. Or, you can ask your authorized company to recalculate and resend your bill using its rates instead of the slamming company’s rates.

Electric generation companies need to be held accountable for slamming in the same way as long distance providers. Companies like SVCE riding on the coattails of city votes shouldn’t get a pass to switch services without permission. Slamming is slamming whether it’s for telephone service or power generation. No matter what it is, it’s a rip off unless the change is by consumer permission. If there are fees involved, the customer MUST authorize the change in advance. Otherwise, it is slamming.

How to protect yourself from the Equifax breach

Posted in botch, business, security by commorancy on September 11, 2017

Every once in a while, I decide to venture into the personal financial security territory. This time, it’s for good reason. Unfortunately, here’s a topic that is fraught with peril all along the way. It also doesn’t help when financial linchpins in the industry lose incredibly sensitive data, and by extension, credibility. Let’s explore.

Target, Home Depot and Retailer Breaches

In the last few years, we’ve seen a number of data breaches including the likes of Target and Home Depot. While these breaches are severe problems for the companies, they’re less problematic for the consumer in terms of what to do. As a consumer, you have built-in protections against credit card fraud. If a thief absconds with your number, your liability is usually limited to around $50, but that also depends on the card… so read your fine print.

With the $50 you might have to pay, the inconvenience to you is asking your credit card company to issue you a new card number. This request will immediately invalidate your current card number and then you have to play the snail mail waiting game for a new card to arrive. That’s pretty much the extent of the damage with retailer like Target or Home Depot.

No one wants to go through this, but it’s at least manageable in time… and you can get back on with your life. For breaches like Equifax, this is a whole different ball game, let’s even say, a game changer. Breaching Equifax is so much more than a simple credit card inconvenience.

Credit Reporting Agencies and Breaches

With Equifax breached, this is really where the government needs to step in with some oversight and regulations. What your social security number is the the government, your credit reporting file is to your personal financial health. This breach is a dangerous game… and worse, Equifax is basically taking it lightly, like it’s no big deal. This is such a big deal, you will absolutely need to take steps to make sure your data is secure (and even then, that only goes so far).

First, I’ll discuss what this breach means to you and how it might affect you. Second, I’ll discuss what you can do to protect yourself. Let’s start with some basic information.

There are 3 primary credit reporting agencies (aka credit bureaus):

  1. TransUnion
  2. Experian
  3. Equifax

Unless you’ve never had a credit card, you probably understand what these businesses do. I’ll explain for the uninitiated. These agencies collect and report on any outstanding credit card or revolving lines of credit you currently have. If you have a mortgage, these entities know about it. If you have a credit card (or many), they know. They also know lots of other data (i.e., previous and current address), what loans you’ve had in the past, what bank accounts you have, what balances are on your outstanding lines of credit, any collections activities and the list goes on and on. It also lists your birth date, social security number and full credit card numbers and account numbers.

Based on all of your credit lines, how well you pay and so on, these companies create a FICO credit score. This score determines how low of interest rates you’ll receive on new loans. These companies are not only a bane to actually exist, but they are your lifeline if you need new credit. Even just one blemish on your record can prevent you from getting that loan you need to buy your new house or new car. Without these linchpin companies, lenders wouldn’t be able to determine if you are a good or bad credit risk. Unfortunately, with these companies, consumers are at the mercy of these companies to produce accurate data to lenders (and to protect that data from theft)… a task that Equifax failed to do.

What did Equifax lose?

Equifax lost data for 143 million record holders. While that number may seem small, the damage done to each of those 143 million record holders will eclipse the damage produced by Target and Home Depot combined. Why? Because of how these credit reporting agencies actually work.

Equifax (and pretty much all of these credit reporting agencies) have flown under the radar in what they do. If you go to a car dealer, find a car you want and fill out loan paperwork, that dealership will pull a credit report from one or more of these agencies. Your credit report will contain a score and all loans currently outstanding. It also shows how well you pay your loans, any delinquencies in the past and other financial standing metrics. This credit report will be the basis of whether you get a loan from the car dealership and what what interest rate.

Hackers had access to this data between May and July of 2017. The hack was found on July 29th, but not reported to the public until September 8th. That’s over a month that Equifax sat on this news. It’s possible that they were requested by law enforcement to hold the announcement, we just don’t really know.

What was lost?

According to the Washington Post:

Hackers had access to Social Security numbers, birth dates, addresses, driver’s license numbers, credit card numbers and other information.

According to the New York Times:

In addition to the other material, hackers were also able to retrieve names, birth dates and addresses. Credit card numbers for 209,000 consumers were stolen, while documents with personal information used in disputes for 182,000 people were also taken.

Those dispute documents being PDFs of bills, receipts and other personally identifying information. I’ve also read, but have been unable to find the corresponding article, that the hackers may not have had access directly to the credit report database itself, but only to loose documents in a specific location. However, even with that said, do you really trust Equifax at this point? I certainly don’t.

Why is this such a big deal?

Because the credit reporting agencies have played it fast and loose for far too long. They make boat loads of money off of each credit report that’s pulled. If you pay $50 as part of the loan process to pull your credit report, the dealership will keep part of that money and the rest goes to Equifax. Because many loans applications are processed every day, some credit reporting agency is making money. Making money isn’t the problem, though.

These agencies will pull a report for anyone willing to spend money. This includes people with stolen credit cards. However, that only gets thieves so far before being caught. Instead, breaking into computers at the agency allows them to not only pull credit reports for anyone who has a record, they can get access to lots of sensitive information like:

  • Social Security Numbers
  • Birth Dates
  • Addresses
  • Places of employment
  • Home Addresses
  • Credit card numbers
  • Dispute Documents
  • Etc..

Basically, the thieves may now have access to everything that makes up your identity and could steal your identity and then attempt to divert bills away from your house, create new cards, and do other things that you may not be able to see. If they managed to get access to your credit report, they can open cards out the wazoo. They can charge crap up on those cards. And, they can perform all of this without your knowledge.

Credit Monitoring

You might be thinking, I’ll set up a credit monitoring service and have the credit reporting service report when activity happens. Even that, while only somewhat effective is still subject to being breached. If the thieves have access to all of your identity information, they can request the credit reporting service to do things like, reissue passwords to a new email address and send sensitive reports to a bogus address. These thieves can even undo security setups like a credit freeze and reassign all of that information to their own address. You won’t see or even know about this unless you regularly check your credit reports.

This problem just barely peeks into the can of worms and doesn’t even open it fully. There are so many things the thieves can do with your identity, that by the time you figure it out, it could be far, far too late. So, don’t think that signing up for credit monitoring is enough.

Sloppy Security Seconds

In fact, it wasn’t seconds, it was almost 2 months before the breach was known to the public. A move that not only shows complete disregard for 143 million people’s financial security from a company who should be known for it, Equifax doubled down by creating a lead generation tool in their (ahem) free TrustID tool. Keep in mind that that TrustID tool is only (ahem) free for one year, after that you pay. Though, protecting against new account creation is only half the problem. The other half to which TrustID can’t help is protecting your existing accounts. Because credit reports contain every account and every account number you own, if your data was compromised (and with 143 million accounts worth of data lost, it’s very possible), you need to do so much more.

Even the Security Checking Tool (which was questionably put up on a brand new created domain???) seems to have been a sham and had its own share of SSL certificate problems leading to some browsers showing the site as a scam. Some Twitter users have entered bogus data… and, this checking tool seems to have stated this bogus data was included in the breach. The question is, does that tool even work or is it merely security theater? Yet another black eye in among many for Equifax’s handling of this data breach. To wit…

and then this tweet…

To sign up for Equifax’s TrustID premium service, you have to enter even more personally identifying data into a form of a company that has clearly demonstrated they cannot be trusted with your data. Why would anyone do this? Seriously, signing up for a service with a company who just lost a bunch of information? No, I think not. Instead, Equifax should be required to pay victims for a monitoring service with either TransUnion or Experian (where breaches have not occurred.. yet).

On top of entering even more personal information, the service requires you waive your right to lawsuits against Equifax and, instead, requires binding arbitration. Yet another reason not to sign up.

It’s not as if their credit monitoring service is really going to do you a whole lot of good here. If you really do want a credit monitoring service, I’d suggest setting it up with Experian or TransUnion instead. Then, figure out a way to get Equifax to pay you back for that service.

Can’t I reissue credit card numbers?

While you can do this, it won’t protect you fully. The level of what the thieves can potentially do with your data from Equifax goes much deeper than that. Yes, changing the numbers will help protect your existing cards from access. However, it won’t stop thieves from opening up new accounts in your name (and this is one of the biggest problems). This is why you also need to set up a credit freeze.

Because the thieves can now officially pretend to be you, they can do such things as:

  • Pretend to be you on the phone
  • Call in and request new pin codes based on key identifying information (address, SS#, phone number, etc)
  • With your old address, they can then transfer your bills to a new address
  • They can reissue credit card numbers to that new address

You’re probably thinking, “What about the security measure my bank uses? Won’t that protect me?” That depends entirely upon how convincing the thief can be over the phone. If they can answer all of your identity information and find a representative who can bypass some of the banks security steps, they can get a foot into the door. That’s all it takes for them to basically take over your credit accounts… which is one step away from potentially hijacking your bank accounts. A foot in the door is enough in many institutions to get the ball rolling towards full hijacking.

How do I protect myself?

If your data was involved in the breach (unfortunately, the tool that Equifax provides is sketchy at best), the three bare minimum things you should do are

  1. Contact one of the three credit bureaus and ask for a free 90 day fraud watch
  2. Contact all three and ask for a credit freeze on your records at each credit reporting agency
  3. Set up credit monitoring at TransUnion or Experian

The 90 day fraud watch means they will need to let you know when someone tries to do anything with your credit report. However, this watch is only good for 90 days and then expires. The good thing about requesting this watch is that you only have to do it at one bureau. All three will receive this watch request from your contact with one of them. The bad thing is, 90 days is not nearly long enough to monitor your credit. In fact, the thieves will expect the 90 day fraud watches, wait them out, then go after it hard and heavy after these begin expiring.

A freeze, on the other hand, lasts until you unfreeze. A freeze puts a pin code on your credit record and that pin is require each time a company needs to pull a copy of your credit report. This will last far, far longer than a 90 day watch and serves to stop the thieves in their tracks. To freeze your records, you will need to contact all three separately and perhaps pay a fee of $5-10 depending on where you live.

Setting up credit monitoring means you can be alerted to whenever anything changes on your credit report. But, credit monitoring won’t stop the changes from occurring. Meaning, you’ll be alerted if a new card is opened, but the monitoring service isn’t a preventative measure.

You can contact each bureau as follows to set up any of the above services, including a credit freeze (links below):

  1. Equifax or call 1-800-349-9960
  2. TransUnion or call 1-888-909-8872
  3. Experian or call 1‑888‑397‑3742

Neither a fraud watch nor a credit freeze will impact your credit score. A freeze simply prevents any business from pulling your credit report without having your pin code. Companies for which you already do financial business or have loans established can still pull reports as needed. However, any new loans will be required to have your security pin code.  You can learn all about the details of a credit freeze at this FTC.gov web site.

Unfortunately, because the breach may have been more extensive than it appears, a thief can now contact the credit bureaus over the phone, pretend to be you and have any pin codes removed and/or reissued. Then, gain control over your credit records. This is why this breach is so treacherous for consumers. You need to be on your guard, vigilant and manually monitor your credit report for at least the next 12 months regularly. This is the part no big box media site is reporting. Yes, this is a very treacherous landslide indeed that is at work. Even if you do all of the protections I mention above, thieves can still subvert your financial records for personal gain by knowing your key personally identifying information.

How do I stop the thieves?

This is the fundamental problem. You can’t, at least not easily. To truly protect yourself, the scope of changes would include all of the following:

  1. Get a new social security number
  2. Reissue all of your credit card and debit card numbers
  3. Open new bank accounts, transfer your money into the new accounts
  4. Close the old bank accounts
  5. Reissue new checks
  6. Change your telephone number
  7. Move into a new address (or obtain a P.O. Box and send your bills there)
  8. Legally change your name
  9. Change all of your passwords
  10. Change all of your email addresses
  11. Set up multifactor authentication to every financial app / site you log into that supports this feature.

Unfortunately, even doing all of the above would still mean the credit bureaus will update your credit report with all of this new data, but your prior history would remain on the report… possibly up to and including all of the old account, name and address information. It is very, very difficult to expunge anything from a credit report.

In addition to the above, I’d also suggest closing any credit lines you don’t regularly use. If it’s not there, it can’t be exploited. None of this is a magic bullet. You just have to wait it and shut the thieves down as things materialize. Being diligent in watching your credit report is the only way to ensure you nip things in the bud early.

Tidal Waves and Repercussions

It is yet unknown the extent of their breach or the extent to which each consumer may have to go to protect themselves from this deep gash in the financial industry. Not only does this gash now undermine each account holder’s personal financial well being, it undermines the credibility of the very industry holding up the world’s economy. This is some serious shit here.

If half of the US’s residents are now available to identity thieves, those organizations who help protect the small amounts of identity theft throughout a normal year cannot possibly withstand a financial tidal wave of identity theft paybacks which could seriously bankrupt many credit organizations. In fact, if this tidal wave is as big as I suspect it could become, we’re in for some seriously rough financial waters over the next 6-12 months. By the time the holidays roll around, it could be so bad, consumers cannot even buy the goods needed to support the holiday season. Meaning, this could become such a disruptive event in the US’s financial history, many businesses could tank as a side outcome of consumers not being able to properly spend money during the most critical season of the year.

This has the potential to become one of the most catastrophic financial events in US history. It could potentially become even more disruptive than the 1939 stock market crash. Yes, it has that much potential.

Since I have no reason to believe that Equifax has been totally honest about how much data has actually been lost, this is the reason for this level of alarm. I’d be totally happy if the amount of data lost was limited to what they have stated, but the reality is, nothing is ever as it seems. There’s always something deeper going on and we won’t find that out for months… possibly at the point where the economy is hit hard.

Equifax Aftermath

Because the US is so pro-business, Equifax will likely get a slap on the wrist and a warning. Instead, this company should be required to close its doors. If it is not providing adequate data security measures to protect its systems, then it needs to shut its doors and let other more capable folks handle this business. This sector is far too critical of a service and that data too risky if lost to allow flippant companies like Equifax to continue to exist in that market.

Tagged with: , , , ,

Rant Time: Password Bombing

Posted in best practices, business, security by commorancy on June 29, 2017

What is password bombing? This is a malicious activity by trolls on the Internet just to inflict chaos and to annoy legitimate account holders on the Internet. Like DDoS attacks affect Internet providers, password bombing affects individual Internet users. It works like this. You have an account somewhere, let’s say Apple. Apple institutes a policy that after 3 failed password attempts your account is locked. You must then jump through a bunch of hoops to unlock the account… typically answering ‘security questions’ in addition to entering your password. Sometimes these hoops are much more problematic, like bank logins. You might even be required to call in to have someone there verify your identity and unlock your account. You might also be required to reset your password. Some companies, depending on the lockout procedure, might even require that you re-register a brand new account. The hoops you are required to jump through can be minimal to numerous… all in the name of security. A password bomber takes advantage of these security practices and bombs your account to force this account lock inconvenience on you. Let’s explore.

Security and Logins

Yes, we all want our login IDs to remain safe, but not at the expense of being locked out of our account by a random schmoe on the Internet. After all, when they enter your account’s password incorrectly, there’s nothing that affects the malicious troll except a few failed attempts… at which point they can move on and try yet another account. All of the burden and inconvenience is firmly placed on the account holder to resolve the lockout. The malicious user gets to lock you out, you as account holder have to jump through the hoops to get the account reinstated. Depending on the organization’s security practices, you might be online in a few minutes, sometimes it can take days for the lockout to expire.

Overreaching Security Methodologies vs User Preferences

As more and more breaches occur, ever more organizations are making huge security knee-jerk reactions by, in most cases, silently instituting tougher and more problematic security measures for user accounts. After all, it’s my account and, in many cases, I’m paying to have that account (in one way or another).

This is one of those times where organizations think they know better than you. They think they can simply institute security procedures and everyone will just go along with them all happy like. It doesn’t work that way. If you’re an organization instituting security practices that will affect your user accounts, you need to not only inform your user base, you need to also offer ways to set preferences to control these security practices. If you’re planning on instituting a lockout policy, then you should offer ways to prevent lockouts (multi-factor authentication) or in ways to remain informed of lockout attempts. For example, if you’re planning to lock an account due to bad data, send an email WHY your system locked the account and the IP address that caused the lockout.

Locking out accounts may sound like a great security prevention practice, but it’s what’s happens after a lockout that makes this security measure useful or a fail. Making your users jump through a bunch of sometimes impossible hoops to reactivate their account is not cool. Simply because some random schmoe on the Internet decided to type in my account name with a bad password three or more times shouldn’t require me to spend 30 minutes or longer resolving this issue. It’s your system that allowed that schmoe to continue to enter the password multiple times. That had nothing to do with me.

Why not just block that IP address from your site after multiple bad attempts and then inform the actual account holder that someone attempted to gain access from that specific IP? Let the account holder determine how to handle this issue. That’s the better way to handle this. Let us know that people are attempting to access our accounts and tell us where they are from and what device they are using. Let us make the decision. Don’t just lock us out without a word, then assume we’re okay with spending 30 minutes jumping through your silly hoops to gain access again. Do you really want us to use your services?

Password Bombers

As we are forever required to have and own more and more accounts on the Internet, it’s becoming much more common for our usernames to clash with other people. This is especially true when we’re required to use our email addresses as our login IDs. I preferred the time when we could choose our user IDs so they could be unique. Instead, we are now forced to use our email addresses which can be easily confused with other users, particularly when using an email domain like @gmail.com, @yahoo.com, @outlook.com or similar common email services used by perhaps millions of other users.

Worse, though, is when malicious trolls decide to be contrary. When they can simply go out to Yahoo or Apple or Google and just plug in random data into the login screen simply to lock user accounts. Even though this vulnerability has been around for a long time, it’s now becoming more and more common. As we move forward, it will become even more common in retaliation to stupid things like Internet comments.

These password lockout practices need to be refined to not inconvenience legitimate account holders. But, instead, it should inconvenience the password bomber. Yes, inconvenience them. Make them pay for their stupidity of entering incorrect data multiple times. Instead of locking out our accounts, block that IP from your site for 24 hours after entering incorrect login data. Prevent them from locking any further accounts through their contrary actions. Make them contact your team to get the IP unblocked. Leave the accounts alone unless it’s absolutely necessary, like under a real breach. If your organization loses password data, then yes lock our accounts until we change passwords. If some random troll decides to password bomb as an activity, make them pay for this activity by blocking their IP from your login screen.

If you have been password bombed by someone on the Internet, please leave a comment below with your story. If you like what you read here, please subscribe to the Randosity blog so you don’t miss my newest posts.

Tagged with: ,

Rant Time: Xbox One and PS4 automatic downloads

Posted in botch, business, microsoft, Sony by commorancy on June 17, 2017

So, I have reasonably fast internet service. It’s not the top speed I can get, but it’s fast enough for most general purposes. I’ve clocked it on wireless at about 18-20 Mbps down and 6 Mbps up. If I connect a device wired, it will be somewhat faster. With wireless, it’s not the fastest, but it’s definitely sufficient. The wireless is obviously for convenience, but it works well the majority of the time. However, when the PS4 or Xbox One get going with their automatic downloads, it absolutely kills my network connectivity. And so starts my somewhat shorter than usual rant. Let’s explore.

Automatic Downloads

I always turn off automatic downloads whenever possible, no exception. When there is no ability to shut off automatic updates, then I unplug the device. There’s no need to have devices automatically downloading at the most inopportune times. In fact, several months back I explicitly disabled automatic update downloads on my Xbox One. Yet, just yesterday I find my Xbox One automatically downloading again. I’ve finally had enough of rogue network devices and out of sheer frustration, I’ve finally just unplugged it. I also unplugged my PS4 for the same reason. No more rogue network devices. If these systems cannot respect my wishes when I explicitly turn off automatic downloading, then they’re going to remain unplugged until I decide to use them. Worse, these devices would also decide to randomly begin downloading updates at random times (usually in the middle of the night, but it could be any time).

The primary problem is, neither the Xbox One nor does the PS4 limit its download speeds. In fact, both try to download as much as possible, as fast as possible. If both of them get going at the same time, it’s a disaster on my network. Even just one of them downloading is enough to cause problems. If I try to ask Siri or Alexa a question, I get no response or I get the Echo’s dreaded Red Ring (no connectivity).

Rant

At least Apple respects disabling automatic downloads on its devices. These devices dutifully wait until you click update before beginning any downloads. Unfortunately, Microsoft does not honor its no auto updates setting. Instead, it just overrides that setting and dutifully starts downloading whatever it wants whenever it wants. I just can’t have rogue devices like that on my network. Rogue devices need to go away and Microsoft needs to understand that making rogue devices needs to stop. If your software can’t respect the owner’s wish not to download automatic updates, then you really don’t deserve a place in the home.

I haven’t yet determined if the PS4 overrides my no download wishes, but I recall that it, at times, the PS4 will also do this for system updates. Updates which, again, should not automatically update unless I explicitly ask it to update.

Just say no to rogue network devices like the Xbox One. For now, the Xbox One and the PS4 will remain unplugged until I decide I need to use them. Though, in the last few months, there really has been a substantial lack of game titles on both platforms. I’m really finding that the spring and summer to be a dead season with new game titles. Instead of overloading us with too many fall titles which we can’t play that fast, why not spread them out throughout the year and let us have adequate time to play each? This, however, is a whole separate rant topic in itself.

Rant Time: YouTube, Copyrights and Content ID

Posted in botch, business, Google, youtube by commorancy on May 16, 2017

Unless you’ve been living in a cave, you probably know what YouTube is. It is a video sharing platform that allows anyone to post video content onto the Internet. YouTube offers the likes of travel videos, personal vlogs, how to guides, DIY projects, music to all types of random content. However, Hollywood has forced Google to employ more and more heavy handed techniques to video uploads to (ahem) protect big Hollywood copyright content. This system is severely flawed. Let’s explore.

YouTube Channel ownership

While it’s fun to run around on YouTube looking for all kinds of weird content, let’s look at what it’s like to be a channel owner and all the fun we’re not having. While I do like writing blog articles, I also have a gaming channel on YouTube. So, I have personal experience with this issue. I like to play games on my consoles and upload recorded game content to YouTube for others to share in my fun.

As a channel owner, you really don’t get many tools other than a content uploader and metadata tools to tweak a video’s description, tags, monetization settings, language, etc. As a channel owner, YouTube offers no tools to the owner to validate that your content is, in fact, your content. Meaning, for example, you might have taken a video of a day at the beach with wave sounds in the background. Then, you’ve uploaded it. Or, you’re playing Grand Theft Auto and you record your session (minus any copyrighted audio to not trigger YouTube’s audio content detection system) and upload. Here’s where things start to fall apart.

YouTube Content ID and content ownership

Besides being a channel owner or a viewer, there is also a third lesser known management meta user. This interface is intended to be used by Hollywood and the music industry. It was designed for the likes of EMI, Sony and other large music and movie conglomerate content creators (mostly by legal threats to Google). This system allows those content creators to submit their content to YouTube into the Content ID system. What is Content ID?

Content ID is a way for YouTube’s automated system to match a channel owner’s content against a copyright owner’s uploaded reference content. Seems like a legitimate thing. I mean, it allows artist’s representatives to make sure their content isn’t being placed onto YouTube unauthorized. Where’s the problem then?

YouTube is the problem

Here’s the rant. The problem is that ANYONE can create a meta content management account and begin uploading any content they wish against YouTube’s content ID matching system. YouTube requires no verification by any alleged content creator. They create a content meta account, get approved (which is apparently relatively easy), upload random content and begin matching against videos on people’s channels. In fact, I’ve even seen content management accounts grab original videos from other people’s channels, download them from YouTube, upload them into the content ID matching system and claim ownership over material that they stole from the original owner. Yes, you can even upload content you downloaded from another YouTube channel and claim ownership of that content in your channel… though, that’s called copyright infringement.

YouTube has taken its somewhat usable platform and turned it into a joke. YouTube is a disaster if you actually expect YouTube to help you protect your own original copyrighted content. Yes, it does allow someone to download a video you own, upload it and then claim ownership of it.

Let’s keep going. What happens when content ID matches a video uploaded through the meta content management account against a channel? YouTube does several things:

  1. It flags the video on the first channel owner as copyrighted content matched against another channel. Basically, the system tells one channel that another channel has claimed ownership over that content even if the claim is false (we’ll come back to false claims).
  2. It allows the alleged ownership claimant to monetize the video (even if they do not own the content).
  3. It allows the first channel owner to dispute the copyright claim, remove the video or leave it up (depending on how the content ID matcher is used).
  4. If the content owner claims exclusive content claims on the content, the content on the first channel can be taken down or deleted.

Disputes

Here’s where the entire system falls apart. While YouTube can match content fairly rapidly, filing a dispute can take days, weeks or sometimes months to resolve. All the while the content is in dispute, YouTube allows the claimant access to monetization over the content in question. Here’s the bigger rub (as if monetizing content you don’t own isn’t big enough).

False claimants are never at all verified by Google. YouTube’s content ID matching system assumes fair play by those approved to use it. That is, people who create meta content accounts are on their honor to upload content that they actually own. In fact, this isn’t happening. While legitimate usage of this system is happening by big content providers, many lesser channels have learned to game the system to claim ownership over content they don’t rightfully own and don’t have the rights to monetize. This is especially true for channels outside the US (i.e. Russia and Vietnam) where copyright rules don’t apply in the same way as in the US. This ridiculous YouTube help article which discusses setting up a meta content account states:

“Content ID acceptance is based on an evaluation of each applicant’s actual need for the tools. Applicants must be able to provide evidence of the copyrighted content for which they control exclusive rights.”

Yeah riiiiiight. Content evidence of what exactly? Copyrights, especially on YouTube are nebulous at best. What are you expected to show, the camera it was created on? How does that prove anything? There’s no way to know that any particular video was produced on any particular camera. YouTube doesn’t show camera EXIF information in the video’s metadata.

Copyright Basics

US Copyright law states that as soon as a work is created, you are automatically the owner of it and possess all worldwide copyright ownership to this work in perpetuity. This is considered an implicit copyright. You don’t have to do anything other than create the work to own it. This assumes some basics like, it must produced entirely by you on your own equipment and on your own time. However, some countries, like China, don’t recognize implicit copyrights at all. Instead, to protect your copyrights in the countries that don’t recognize implicit copyrights, you are required to fill out forms, possibly pay a fee and likely submit your work as evidence. Only then will your work be explicitly acknowledged by the government to exist and that you own that work.

For example, when you’re using your own personal phone to take video of you playing games at an arcade, this work is now considered fully owned by you under US Copyright Law. The moment the video (and audio) is created, it’s yours. On the other hand, if you are hired as an employee of a production company, and that company owns the equipment and they have hired a camera crew to follow you around watching you play games, you won’t own that video content because the production company paid to create it. Of course, there are pesky things like contracts that can explicitly authorize or deny ownership of copyrights to any party involved in a production. So, if your content is created under a contract, you should read your ownership rights carefully. Just because you were involved in a production, doesn’t necessarily mean you have any copyrights to that material.

Evidence of Copyright Ownership?

In this day and age of immediate gratification, YouTube content owners rely on implicit copyright ownership protections to allow their channels to exist. That is, as soon as the content is created and edited (implicit copyright ownership), it’s uploaded to YouTube.

In the case of copyrights, how can anyone sufficiently provide ‘evidence’  over any content? What kind of evidence does YouTube expect to see? The camera it was shot on? The recording studio that it was recorded at? A bill of sale? Seriously, how can you possibly provide ‘evidence’ of ownership for copyrights?

The only way to provide even the smallest amount of evidence is to submit your work to the U.S. Copyright Office for registry. Let’s understand why this is not exactly feasible for most YouTube content. At the moment of this article…

  • It costs $35 to register a single work (one poem, one video, one work of art).
  • It costs $55 to submit multiple works together (a collection of poems, videos or songs).
  • Who knows how long it will take the copyright office to actually register them so that you have ‘proof’.

Sure, while you could do this to, ahem, protect your works, it’s expensive and what exactly does it do for you? The Government won’t stand up on your behalf. The copyright office is merely a registry, not a legal team. They won’t help you protect your content, that’s your responsibility to find a lawyer. It’s also not like Google will get involved in copyright disputes either. For the prices listed above, that would cost $35 for every single video you upload to YouTube and that only registers your work in the US, not necessarily in other countries. It doesn’t give you any specific legal protections other than someone can go look it up, like Google. You may be required to register your content in many different countries to protect your rights in those locales. You’re also responsible for hiring a lawyer to protect your content (regardless of whether it’s registered).

Google and Copyright Disputes

Google outright states they do not get involved in copyright disputes. Yet, by providing a content ID system, content matching and marking videos in YouTube as being claimed by another channel, this absolutely, most definitely is the very definition of getting involved.

If you don’t get involved in copyright disputes, you don’t create controls to help manage disputes. Meaning, it’s entirely disingenuous to create a copyright dispute system and then when someone disputes a claim (that your system sent us notification) state that you don’t get involved. You can’t claim that. You already ARE involved by providing the notification system.

Worse, once you begin the dispute process, Google’s YouTube team doesn’t care. They don’t actually attempt to review the content, the owners or anything related to the dispute at all. They just let the two parties fight it out even if the content isn’t owned by either of them.

Content ID System is Half-Assed Designed + False Claims

Google’s YouTube team got this content system just far enough to make Hollywood and the music industry happy because they can kill content on channels matching their own content catalog. Yet, Google never brought it far enough to actually prevent scammers from abusing it. Instead, Google lets random scammer channel owners run roughshod all over YouTube’s other channels without any consequences. I’ve seen scammer channels claim false copyrights over multiple legitimate channels (even my own) using content that they clearly do not hold copyrights over and yet those channels STILL exist on YouTube. Google does nothing about this. Why was this channel not closed? Clearly, these scammer channels have willfully violated copyright laws using YouTube’s woefully under designed crap of a content detection system to facilitate these false claim(s).

Claiming false copyright ownership over content is, in fact, copyright infringement and very much against copyright law. However, because most of these scammers are outside of the US, Google won’t do anything… not even close the scammer’s channel. Though, sometimes Google will close the legitimate channel and leave the scammer operating. That false claimant had to copy and upload that content to YouTube’s matching system which, in itself, is a violation of copyright laws. This means that Google’s content ID system facilitates false copyright claims and makes Google an accessory to copyright infringement. Google allowed the copyright infringement to take place and allowed the fraudulent claimant’s channel(s) to profit off of that infringement. This is a legal situation just waiting to happen.

Google, fix your shit. YouTube is quickly becoming an unusable mess of a video sharing platform and is now just one big lawsuit waiting to happen against Google. A lawsuit against Google for not only being an accessory to copyright infringement, but providing a service that actually enables copyright infringement in a system that’s supposed to prevent it. Ironic. Such a lawsuit, if won, might ultimately be the end of YouTube.

If you’re an IP lawyer reading this and you would to have a discussion about this situation, please leave me a note on the Randosity About Page.

How not to run a business — Case Study: Sears Holdings

Posted in bailout, bankruptcy, best practices, business by commorancy on February 10, 2017

Back in late 2004 when Kmart and Sears merged to create Sears Holdings, I had to wonder what one failing retail chain could do to help another failing chain. However since 2004, the one thing this new company has proven is that these brands die hard. In 2017, however, I think the answer has come back to conclusively nothing has been gained. Let’s explore.

Back in 2004, I didn’t really dig deep into the $11B dollar merger deal to get the nitty gritty details mostly because I had no interest in two failing retail chains (where I personally never shopped). Though, I already knew the handwriting was on the wall for both of these chains. It was just a matter of time before both chains closed their doors. That they’ve managed to hang on another nearly 17 years is a testament to the cash infusions from a billionaire. I digress.

After deciding to finally dig into this merger deal, however, I have come to find that this deal was instrumented by a former Wall Street darling Eddie Lampert. A wiz bang former Goldman Sachs employee who started his own hedge fund and apparently made mad cash. Though, I’d have questioned why a Wall Street darling would have any interest in the failing retail space. It’s clear, though, Lampert still has no knowledge of retail even after 17 years of floundering with Sears Holdings. Lampert pretends he wants to be the next Jeff Bezos with this investment, but is failing at this for two really big reasons: 1) Lack of innovation and 2) Lack of involvement.

According to his executive staff, Eddie spends most of his time at his home on a private island community in Florida. A community of apparently 86 residents and a staff of private police to ‘protect’ the island. Based on his executive meetings, he literally phones in his CEO job day in and out. He rarely, if ever, makes an appearance in the office.

Running a company by remote control

It’s one thing to be an individual contributor who works remote. Typically, these are task oriented jobs which can be easily monitored for task completion. However, as CEO, there is no possible way you can run a company from behind Skype. However, if Lampert had had substantial previous retail management experience, he might be able to get away with this. Because Lampert has no knowledge of retail after merging Kmart and Sears, he’s effectively flying blind. Even nearly 17 years later doesn’t automatically impart knowledge of retail. It’s clear, Lampert has no business operating this company. Unfortunately, whatever is left of the Sears Holding company is entirely dependent on Lampert for his continual cash infusions (up to $1B) which have kept this listing barge from sinking. However, some boats are best left to sink.

It’s crystal clear, when you buy into a business you know nothing about, you have two choices. One, sit on your arse and assume you’ll figure it out eventually (which usually doesn’t work). Two, dive in head first and learn everything you can about running a retail business. I think it’s a relatively safe bet that Lampert is in the former camp rather than the latter. Instead of being available and actively engaging in the day to day affairs of the business, he sits comfortably at his private island home and dictates policy from a Skype conference call. It’s no wonder this business is being slowly driven into the ground.

For any would-be business owner

As an owner / CEO, you need to be actively engaged in and have passion to drive your business forward, whatever that business is. You can’t sit behind a computer screen at home literally phoning in your CEO day job. That may work for a short period of time, but it won’t work forever. It’s clear, Kmart and Sears are both on the brink of collapse. Why? Because the merger of two ailing turned failing companies was a foregone conclusion without an engaged leader. A CEO / owner is there to drive and guide the business forward. To make the tough choices and ensure the business remains viable and becomes / remains profitable. Your underlings won’t do this on your behalf. They’ll do whatever it is to take their paycheck home, but they won’t go out of their way to run your business. That’s your job.

The takeaway from this case study is that you cannot sit on your arse and expect others to do your work for you. You need to be available in the office often to drive your business. If you don’t take your business seriously, no one around you will either. You need to understand your sales numbers, what’s selling and what isn’t. You need to make strategic partnerships to bring exclusive merchandise (as in the case of a retailer) onto your shelves at a low price as a way to drive customers into your store. You also need to be shrewd to get costs down and profits up. You need to hire a kick-ass marketing team who can bring the demographics into your store. In short, learn your business, understand it, live it, breath it and make it your passion. Own your business’s problems and own its solutions. Also, you need to think outside the box to continue driving all demographics into your establishment(s).

Yes, it would be nice to sit on the beach sipping margaritas all day or behind a gated community in a big mansion and also be a successful CEO of a profitable corporation. That’s a pipe dream that doesn’t happen. You only get that beach time after you’ve done your in-office time and made your money. Retail doesn’t just automatically make money for you. It requires active involvement. You need to actively drive new business into your business. It’s not like your hedge fund where you crunch numbers at a desk and move out bad performers. You need to be in the office driving your staff. You will need to reinvent your business, brand and ideas every so often to remain ‘the place to go for cool new stuff’. Once your retail business is thought of as a mom and dad store, your store is considered antiquated. The mom and dad demographic does make some money, but it isn’t the only demographic spending money and that single demographic will not convert your company from a million dollar company into a multi-billion dollar company.

Why phoning in as CEO doesn’t work

If you aren’t showing up to the office day in and out, you are missing critical verbal queues, having meaningful conversation with your staff and learning the problems that face your business. Keep in mind that some problems are outside problems. Like, for example, the threat to Kmart and Sears has been the internet retailers like Amazon. This means you need to spend quality in office time hammering through new plans to counter growing trends, like Amazon’s quick ship, quick deliver model… like Amazon’s Kindle services. If you don’t keep-up-with-the-joneses, your business is lost. Sometimes the problems are internal problems, like horribly outdated decor and fixtures. Sometimes they are supply chain related.

Since the merger in 2004, Kmart and Sears have both failed to change anything substantial with their store merchandising or, indeed, updating their store look and feel to accommodate new growing trends. Instead, they left their stores looking like something out of the 80s. Who wants to shop in a place with horribly dirty floors, drab coffee stain colored walls and fixtures with chipped paint and rust? Not to mention, that horrid glaring 80s fluorescent lighting job. You want to make your stores inviting and modern, not be a turn off. This is where it takes regularly entering and visiting stores to see how they look, how they feel to a shopper and how the merchandise is being faced. Then draw up plans to remodel your stores.

Being a Billionaire

Not everyone has this luxury. As with Lampert, he’s apparently got lots of money to spend. But, that doesn’t make it spending money smart. The saying, “throwing good money after bad” actually applies here. Why would you want to continue to invest more and more money into a chain not producing returns on your investment? That’s not a good investment strategy. For a Wall Street darling, it really makes no sense at all. Use your gift of understanding good investments and then apply that knowledge to Sears and Kmart. You’ll quickly see your error. It just takes an outside party looking in from the outside to see what someone so close to the matter can’t.

Can Kmart and Sears be turned around? While anything is possible, I’d personally say, “not at this point”. If Lampert had started the turn around back in 2004, he might have been able to pull this listing ship up right. However, because he has become a complacent mostly home bound recluse for many of the last 17 years, a turnaround for this venture is likely impossible with this leadership team. It’s too bad, too. Sometimes we just need to say goodbye to some beloved old brands to let newer brands take us to the next level.

Using time (and lighting) wisely

As a business owner, don’t let your business become a victim of complacency. Expect to reinvent your business every few years to not only keep your business fresh, but also to keep people coming in to see what’s new. Customers value companies that invest in making their stores better. Having a refreshed store means you care about your business. It also means you care about how your merchandise looks on the shelves. If your stores look old and trashy, so will your merchandise. If your store looks new, fresh and well lit, so will the merchandise. It’s literally all about creating the proper mood and perspective in your stores. Lighting has a huge amount to do with this. So, expect to replace old outdated fluorescent lighting with updated LED lighting concepts.

It just comes down to investing money in the right things for your business. It’s clear, Eddie has no clue where to have Sears and Kmart use the money he’s investing. Instead of just throwing good money after bad, ensure that that money is being used to remodel stores, being used to draw consumers in and being used to buy merchandise that fits with the store’s branding.

Unfortunately, both Kmart and Sears haven’t been ‘goto’ places in a very long time. That’s primarily because these chains have not focused on any one area to be proficient at any. For example, Target has revamped its 80s retail-only stance into becoming a neighborhood grocery as well. So, not only can you go to Target to get the latest blu-ray movie, you can also pick up some hamburger and fixings to go with it. It’s a well rounded shopping experience. However, heading into Kmart, for example, yields many deficiencies. For example, the electronics area doesn’t even carry video games any longer. How can you possibly operate a general merchandise store and not carry any video games?

Takeaway

Drive your business smart. Invest money into your business wisely. Remain focused on your goals. Most of all, remain engaged and passionate in everything you do. If you don’t do all of the things that continue to make your business a success, you may end up with a failure. Unlike Eddie Lampert with seemingly endless funds, you may find your doors shut. Though, I believe at some point soon, even Eddie’s pet project of Sears Holding will close. However, if you find yourself as wealthy as Eddie, spend your money however you feel. It’s your money. For the rest of us, driving your business smart is the obvious answer to eventual success. Though, I will say that even as passionate as you may be about your business and as much work as you may put in, there’s still the possibility that your business may fail. Predicting success or failure in any new business venture is tricky as there are so many unpredictable market forces outside of your control. For the things that you can control, you most can certainly guide your business success in the right direction and reduce your chances for failure.

Everything wrong with Corporate America: Wells Fargo

Posted in banking, botch, business by commorancy on September 14, 2016

corporateUnless you’ve been out of touch, you’ve probably read the recent articles regarding Wells Fargo’s recent activity of illegally and silently creating over 2 million credit card and deposit accounts against unwitting Wells Fargo customers! If that’s not enough, Wells Fargo then rewards its executive for this illegal behavior with a $125 million golden parachute on departure. If not, let’s explore.

Wait.. What happened?

To catch you up… Wells Fargo’s Community Banking division, the division which currently is (until the end of 2016) headed up by Carrie Tolstedt, had instituted sales quotas on credit card and bank accounts. This mean that the sales teams had to sell and open a specific number of accounts each day, week or month. These quotas lead to 2 million accounts being illegally and silently opened against people who had no knowledge of the card’s or account’s existence. Effectively, this is identity theft, right within the bank where you do business (assuming you bank at Wells Fargo).

This fraud was uncovered recently by the Office of the Comptroller of the Currency and the city and county of Los Angeles. Unfortunately, this illegal activity by this well known and respected bank is now putting that bank under fire, scrutiny and loss of trust. While that scrutiny is now a problem for Wells Fargo reputationally, the bigger problem is that these execs (who are clearly not executive material) end up walking away with millions of dollars in their pockets as rewards for wrongdoing.

This is the #1 problem with executives and executive compensation in America. Executives can now create and engage in illegal schemes, see them through to execution, then walk away as if nothing happened with huge piles of ill-gotten money. Though, I’m quite sure this problem extends to all parts of the world in all executive roles. It’s just that in America, white collar crime like this gets away with a slap on the wrist, millions of dollars in compensation and a shiny new executive job at another corporation. I wouldn’t be surprised to see Carrie Tolstedt named CEO at a new company.

What happened to real law enforcement?

It seems that law enforcement is only needed if, as a person, you rip off $500-1000, run a stop sign, have a rear tail light out or speed. As a corporate executive, you get a pass. Unfortunately too, Wells Fargo is a huge bank which underpins a huge portion of the economy. While I fully agree that this bank and all of its executives should be brought up on major and serious charges of fraud with each and every executive held accountable, it likely won’t happen. If this bank is “taken down” by the feds in rightful retaliation over this level of fraud, the economy will tank.

It’s a catch-22 situation. The government knows that if they even begin to touch Wells Fargo in any legal action, the economy will take a huge nosedive. Seriously, taking down a bank as big as Wells Fargo will have such far reaching ramifications across the globe. It could probably even spark a global financial meltdown. This is the reason AIG wasn’t taken down (or allowed to die) for its role in the housing bust and, instead, was actually bailed out by the government.

For this reason, the Consumer Financial Protection Bureau (CFPB) has instead only lightly fined Wells Fargo $185 million (only slightly more than the $125 million payday that Carrie Tolstedt walks away with) and is mostly chump change to a company like Wells Fargo. Though, the CFPB claims Wells Fargo’s $185 million is the largest fine it has ever levied. That may be the case, but it really is chump change to this bank. The “largest fine” statement is also just posturing for public approval. If you want to impose a truly large fine, impose a fine that makes a bank like Wells Fargo think twice about doing something like this again, like $1 billion. Worse, Wells Fargo likely won’t even have to pay the whole $185 million. Wells Fargo’s lawyers are likely to appeal and get it reduced (in a closed door agreement) to like $25 million (or less).

Let’s consider that the government bailed out Wells Fargo not that long ago with $25-36 billion in cash that Wells Fargo didn’t really need. So, it’s not like $185 million will even make a dent in the books at Wells Fargo. Wells Fargo likely made more than $185 million in interest alone holding onto those billions in federal aid, so this is basically the government slapping Wells Fargo on the wrist and taking back only the tiniest bit of money that Wells Fargo made off of holding onto that bailout money. Not to mention how that bailout money was even used… let’s just say, it was used less for bailing anything out than for advancing Wells Fargo’s business plan.

This is the reason the feds won’t touch banks when they run afoul with illegal and fraudulent activities. If Carrie Tolstedt and John G. Stumpf (CEO) see the inside of a courtroom over this issue either personally or as part of a Wells Fargo lawsuit, I’d be totally surprised.

Disavowing Knowledge and Placing Blame

John G. Stumpf has now firmly placed the blame on his staff for this activity. He is now attempting to disavow any knowledge of this scam. I call bullshit on that. You’re the CEO, if you don’t know what your direct reporting staff are doing with their teams, then you shouldn’t be a CEO. Sales goals are not set by the sales staff. Sales goals are set by the management team full well knowing what those sales goals might lead staff to do to make those sales numbers. When sales goals are too aggressive or too unreasonable or outright stupid, then corners are cut to make the numbers. And, that’s exactly what happened… corners were cut.

If a handful of accounts were created by one or two people, then you might be able to disavow this activity as rogue sales staff. But, since 2 million of these accounts were created by apparently 5,300 now-fired staff (more than a handful of people), there is no way that either Carrie or John can claim no knowledge of this activity or claim rogue staff. They may have even condoned the activities.

This is not only an illegal use of the bank itself, but it’s also an accounting scandal in and of itself. It means that Wells Fargo illegally reported earnings on accounts that shouldn’t have existed knowing that they shouldn’t have existed (hello KPMG). So, not only is the creation of the accounts a problem, it also means that Wells Fargo’s books now need to be 100% audited for any other illicit reporting activities. If this was knowingly going on directly under Wells Fargo’s executives’ noses (and KPMG’s noses), what else did they condone? This means restated earnings. Someone needs to crack those books open and now.

Eliminating Quotas by the end of 2016?

Seriously, Wells Fargo you were just called on the carpet for illegal activity, yet you are not stopping these sales quotas immediately? I mean, as in today? Wells Fargo has stated they will stop them at the end of 2016 coincidentally when Carrie Tolstedt walks away with her $125 million golden parachute.

Why wait an extra 3 months to cancel that sales quota activity? Why keep Tolstedt on board and reward her all the while keeping these quotas in effect? It’s what got you into trouble in the first place. If the sales team members were told to create fake accounts under real people’s names, what else might they be doing under these sales quotas? No, these quotas need to stop today, not in 3 months.

What are we teaching our children?

Here we have a well respected organization (or so we thought) … a bank … that is supposed to handle our money efficiently and we find a scam under the hood. That the money they have made off of that scam is diverted by the millions into executive salaries and compensation. This teaches our children that so long as we attend an Ivy League school, complete with a graduate degree in business and get a C-level executive job, we can line our pockets with cash no matter what illegal activities we perform against the public. And, we get away scott-free and never see the inside of a courtroom.

This is the whole reason executive compensation must be revisited and must also become regulated by the government, not by the corporation. If you make it to C-Level executive, then your position should be accountable exclusively to the government. Unfortunately, this goes against the tenets of private enterprise. But hey, I think it’s abundantly clear that there is no such thing as corporate governance. We’ve had so many of these issues year over year (Enron, Volkswagen, FIFA, Toshiba, etc). And now, we add Wells Fargo to that list and it’s time to put a stop to it. It’s quite clear that corporations cannot and will not govern themselves in an appropriate manner. When money is involved, stupidity reigns supreme. Working at a bank like Wells Fargo is a dream job for any would-be crook. You can basically set up any sort of ponzi scheme and completely get away with it. This is what we are teaching our children.

It must also become that each corporate executive is now held personally and legally liable and accountable for any wrongdoing performed under their watch as an executive for any company they govern (going all of the way to the CEO). The business itself should be held legally liable separately from any actions brought against each individual executive. No longer should ‘incorporation’ or ‘LLC’ shield executives from liability. No insurance policies should be issued or allowed to cover for such illegal activities. And… any ill-gotten gains received during their reign over illegal activities must be immediately forfeited to the government as a fine. Let these crooked C-level executives lose everything they own and end up in federal prison. These people do not deserve future jobs as executives.

There is no way Carrie nor John can deny knowing what went on in their organization. Only executives can require mandates which enact sales quotas over these types of sales activities. This meant that they were fully and completely aware of the activities of their sales staff. There is just no excuse for these types of behaviors from executives. However, it’s even worse that these corporations reward their executives with huge cash payouts when they allowed illegal activities to occur.

How not to run a business (Part 13): Hiring

Posted in business, Employment by commorancy on August 21, 2016

I’ll preface this article by saying that there is no magic bullet to hiring, even though a lot of people want there to be. Any processes put into place to reduce the number of resumes to dig through will weed out potentially good candidates. If you believe that your weed out the methods are effective at helping you find just the right candidate, you are mistaken. Let’s explore.

Don’t believe your weedout methods work

As a hiring manager, when you have a large stack of resumes sitting on your desk, your first thought is likely, “how do I read through these rapidly?” Unfortunately, there is no easy answer or magic bullet for digging through resumes.

Instead, what you need to understand is that to find the best candidate you need to read through and carefully examine every resume and every candidate. Clearly, you will find resume submissions that don’t make sense. If you try to find an easy way to skip reading, you’re going to weed out candidates that could be a good fit for your company. On the other hand, by skipping resumes, you may ultimately be left with bad candidates who are not a good fit for your company.

Don’t skip reading resumes

Many companies try many forms of pre-screening methods to limit reading resumes. Methods that include psychological tests, aptitude tests, technical tests or any combination of those tests. Depending on the position for which you are hiring, it may also include other tests such as  lie detector tests (i.e., in trust or money related positions).

Don’t get caught up in the pre-screening process and forget about finding the best candidate for your job position. If you are simply too busy and your primary goal is to get rid of half or three quarters of the resumes on your desk, you have entirely lost sight of your goal and you might as well just randomly select three quarters of those resumes and throw them in the trash. That’s how effective such early weed out methodologies are in finding the right candidate. If you believe the hype that tests are effective at finding just the right candidate, your test provider is blowing smoke. You’re paying money for nothing. That test provider is only there to sell you into their testing service, not provide you with an effective service to locate quality candidates. This comes to…

Why tests fail you

Tests weed out people who are good or bad at taking tests. If your job role is all about taking tests every day, then weeding out those who can’t take tests makes sense. However, if your job role is something other than taking tests (which most real world jobs are), then testing your candidates may weed out people who may be a good fit for your role. Not every person on the planet is good at taking tests. Tests take a certain mindset, require specific thought processes and requires quickness on your feet. It’s a mode each person gets into solely for taking tests and never a mode you get into for actually doing job-related work.

For example, in technical positions where correctness and completeness is the key to prevent mistakes, test taking is the exact opposite of what you want in your role. You want people who are careful, methodical and have attention to details. You don’t want people to rush through the work and guess at answers because that’s the quickest ways to mistakes. Multiple choice tests are extremely bad at determining if a person offers attention to detail, is a good communicator, has the skills you want or at  predicting effectiveness in a job role.

Tests also fail to screen candidates properly because apptitude, IQ and management tests do not assess a candidate’s job skills at all. Worse, the assessment it seeks might not even be relevant to their job role and may even erroneously assess the wrong skills.

How do you find a good candidate?

If you’re actually looking for the best candidate to fulfill your position, then you will need to spend the time and go through each and every resume from top to bottom and weed them out in the normal way …. by reading.

I understand time constraints. I really do. You want the easiest and fastest way possible to find your candidates without spending a lot of time on this process. This is especially true if you have thousands of resumes to review. Unfortunately, there is no easy answer. Tests won’t do it. Random selection won’t do it. Only by reading through the resumes and talking the candidates will you find the right person for your job role.

If you don’t have the time to spend on the hiring process, then you probably shouldn’t be in a hiring position. If you cut corners, then will get what you deserve. Yes, it is very tempting to use third party pre-screening technologies, like testing, to eliminate candidates sight unseen, but be prepared to potentially eliminate some of your best candidates by doing so.

Job Postings and Resume Volume

If you do actually have 10,000 resumes on your desk, then you’re likely posting your job ad too broadly. Posting your job too broadly is your first mistake. Not only will it bring in too many candidates, it will bring with it many recruiter calls (something will you want to avoid if your intent is to hire internally). Use limited job boards and job ads when posting your jobs. If one venue doesn’t work, wait until that job ad expires before posting it somewhere else. Don’t just blanket the internet everywhere to find candidates.

If you need your position filled yesterday, and who doesn’t, that’s just not going to happen if you’re looking for a Rock Star. If you need someone now, then consider hiring a contractor to fill the role to buy you time until you can find the right permanent candidate.

Overall Best Practices

Forcing any kind of pre-screening tests onto candidates is really no more effective than doing it the old fashioned way. In fact, the old fashioned way of reading through resumes and calling them for phone screens is probably the easiest, fastest and most reliable way to determine if the candidate is a good fit. It is also the best way to determine if you should progress the candidate to the next stage of interviews.

Yes, there are many testing services out there willing to take your money for the promise of producing high quality candidates. In the end, you’ll find that you could have found those candidates on your own without spending that money on a testing service.

Part 12 | Chapter Index

Tagged with: ,

Disney Infinity 3.0 Review: He’s Dead Jim

Posted in botch, business, video game by commorancy on July 18, 2016

[Updated 10/6/2016] I’ve never taken the time to write a review of Disney’s Infinity 3.0 (or any other version) because it wasn’t really worth a review. However that has changed. I feel now is the time to write one considering Disney has recently canned the entire Infinity video game project and it is now officially dead along with Avalanche software’s involvement. Disney Infinity will continue to deliver on the remaining toys and playsets that were in the process of being manufactured in 2016, but anything not already in the manufacturing process won’t see the light of day. Let’s explore.

Focus on Core Business?

That’s what Disney would have us believe. They state that while the 1.0 iteration of Infinity did well, the 2.0 and 3.0 iterations have not done nearly as well. I will explain the reason for that later.

Instead, I believe that getting rid of Infinity is a monetary method to focus on their core business. Well, that is to say they want to focus on their theme park business. Disney is, in fact, financially struggling with their theme parks. Specifically, the Shanghai Disney location is apparently sucking up tons of money and is way over-budget. In an effort for the whole of Disney to get back on track, they are trimming those pieces they feel aren’t doing well. So, away goes Infinity.

Cancel Infinity

I’m not terribly unhappy that Infinity is on its way out even though I bought both 2.0 and 3.0. After all, I can still play it, or at least, I think I will be able to. I can for now. That may not last when Disney cuts off Infinity’s network servers. Though, Infinity had it’s fair share of problems. Let’s start a list, shall we?

  • It’s boring. The characters look good on screen and even better on the figures, but playing around in the Toy Box is just B O R I N G. Seriously, creating that toy box world is about as much fun as watching paint dry.
  • The playsets are very short. So, you go out and spend $35 for a playset and two figures. Yet, the world takes maybe 1 day to get through? I mean, we’re talking about a fair amount of money for such short play value. Even Skylanders play value is longer than this. Worse, again, much of the playset is boring. Not only is it expensive, it just doesn’t hold much play value.
  • The figures are expensive. At $12-15 per figure, that’s a lot of money. Granted, the LightFX Star Wars figures are quite cool. But, still expensive. And, now that the series is dead, there will be no more Star Wars LightFX figures made. Kylo Ren was the last one.
  • The starter kit is way expensive and requires you to buy a new portal each and every iteration. So stupid and wasteful.

It is now certain that Disney will cut off the Infinity servers in this shut down process. Parts of Infinity will shut off in September 2016 and the rest will shutdown between September 2016 and March 2017. March 3rd, 2017 is the date which all servers will be permanently shut down for all Infinity game versions (console, PC, tablets, etc).

It is as yet uncertain exactly what will fail when the servers shutdown completely. It has been stated that games which have a world game piece that you drop onto the base may continue function. However, online play, such as the toy box, creation sharing, multiplayer, multiplayer matches and leader boards will no longer function. If a game requires the availability of any online access to validate any parts of the game’s content or provide extra content, it’s likely that game will no longer work at all. You should be prepared to take it away from your child before March to avoid disappointment.

Gameplay

What I will say about the gameplay is that the separate game worlds using the crystal bases are the best part of the game. They offer a short, if not reasonably well defined gameplay. For example, the Rise Against the Empire playset offers a taste of the original 3 Star Wars movie including A New Hope, The Empire Strikes Back and Return of the Jedi game segments. The gameplay is reasonably fun, if not overall short, repetitive and somewhat boring once you’ve completed the story.

Swapping characters only lets you increase your play time if your current character is defeated and needs to “rest”. Though, this whole Toys To Life type gaming concept has fundamental problems. The toys themselves are space hogs and require bulky and cumbersome cases to store. Instead, Nintendo has the right idea with using cards instead of plastic figures. Cards are much more portable and overall a better choice for ease of use, storage and functionality. On the other hand, the carded figures will probably fetch more money from collectors in the future. Though, there’s no promises on that.

The thing is, other than the graphics improving between 1.0, 2.0 and 3.0 versions, that’s about it. The  gameplay itself is essentially the same. I was hoping that Avalanche software would have substantially improved the gameplay on each iteration. Instead, the only thing they did was cause you to buy a new starter pack and make the new figures not backwards compatible with the previous games. I would personally say that Disney 2.0 was the best version of Infinity. The Marvel character playsets were decently fun and had some replay value. Unfortunately, the Star Wars playsets don’t really have that replayability. The 3.0 figure lineup has been drastically cut short. So, we may never know what was in store for us.

Overall

I can handle playing Infinity in small doses. The only playsets that I somewhat enjoyed were the Spiderman playset from 2.0 and the Star Wars playsets from 3.0. Everything else is just pointless. Even still, of the playsets that I actually liked, they were very short and more than occasionally boring. The combat is okay, but the stories are just not much fun overall. In fact, I found some of the Marvel playsets frustrating due to the nature of what they want you to do.

Opening up the capsules to release the colored sparks was just not much fun at all. Yes, they did add health or power or whatever, but chasing down the sparks was just annoying. Sometimes, many of them fall out of reach ending in frustration. Why not just pick up all of the sparks as soon as the capsule is opened? Why am I required to go chase them down if they fall off of the edge of a building?

Why am I writing this review now?

I only write this review in remembrance of what was Disney Infinity. Disney should have never entered into the video game business if they had no plans of staying in it. You just don’t jump into producing something like Infinity unless you plan at least a 5 year commitment. Unfortunately, Disney Infinity was only available for ~3 years (1.0, 2.0 and 3.0). This is far too short to know if this series might have had some staying power.

Additionally, I’m writing this review now to state that if you are on the fence and want to play one of the playsets in this game, buy it now! It’s actually too late to buy into Disney Infinity. If you can find the starter pack for less than $5, maybe. Otherwise, you should go pick up another game. If you already have it, play it while Disney’s servers are still online, let you log in and it still offers whatever is left of its online features. Once Disney closes down its Infinity game servers in 2017, the game may literally be over. On the other hand, if you’re thinking of giving this video game to your child for the holidays, know that it has no future and you are investing in a dead video game product with no life left. In other words, don’t give this as a gift to your child. Choose a different gift, such as Skylanders or Amiibo.

If your child already has this game, you might want to prepare them for the time when they attempt to start up the game and Disney has killed their game servers. This may prevent playing the game entirely, or at least the multiplayer parts of it. This may ultimately be disappointing for your child. You might want to find a way to pry Infinity away from your child now to avoid this disappointment in the future. If your child has this game and they are no longer playing it, be thankful and send it to Goodwill quickly.

If you’re thinking of buying a Toys-To-Life game system, the Skylanders franchise is still very much alive and kicking and will be releasing a new set this year (Skylanders Imaginators). It might be worth trying to get your child to switch. I know that that series doesn’t offer playing as Ironman, Spiderman, Han Solo, Luke Skywalker or any other Disney owned character, but it will be of little concession when Disney cuts off their interactive servers for Disney Infinity on March 3rd, 2017.

Have you recently purchased?

If you’ve recently purchased the Disney Infinity 3.0 starter pack and you are still within the return period, I’d strongly suggest returning the set to your retailer. You can only expect about 6 months more of real play value from this system. For a Toys-To-Life purchase, I’d recommend buying into the newest Skylanders Imaginators set which will offer a 8-10 months or more of play value. The only reason to keep the Disney Infinity set is if you really must play the Star Wars playsets. They are reasonably fun, but don’t sit on playing it. Play them (or give them to your child) now while Disney’s servers are still online. If you wait even just a few months to play the system, you might find that Disney has limited what the game can do.

As tempting as it is, I’d also highly suggest not purchasing this even if it goes on sale for 50% off or more. I’d also strongly suggest not purchasing this set to hold as a holiday gift. This video game is tied to Disney’s network servers remaining online for network play (and possibly for any play). If you buy it now to give in December, you may find your child disappointed on the big day. Be wary if you decide to buy into the Disney Infinity 3.0 Starter Pack as there’s not much time left for usable play.

As long as you understand that the clock is ticking on the longevity of Disney Infinity and you can find the game and figures for 90% off, that would be the only reason to buy into this set. Otherwise, steer clear and choose Skylanders.

Amiibo

So as not to be remiss in discussing the other Toys-To-Life system out there besides Skylanders, let’s talk about Nintendo’s Amiibo system. Nintendo’s Amiibos only work with Nintendo systems. This means you’ll need to invest in a Wii U or Nintendo 3DS/2DS game system to use an Amiibo or Amiibo cards. If you already have a Wii U or 3DS, then by all means I’d suggest buying into Nintendo’s Amiibo system over Disney Infinity, to be sure. On the other hand, Nintendo has had a lot of troubles handling its Amiibos. Either Nintendo floods the market with a ton of figures that no one wants (I’m looking at you Animal Crossing) or they make so few you can’t even find them (looking at you King Dedede, Palutena, Samus and Gold Mario). Nintendo’s ability to consistently deliver its Amiibos in sufficient quantities is a problem. Unless you enjoy continually seeing your child’s disappointment, in spending a lot of money for a toy (i.e., $50 or $100 for a single character) or running all over town looking for that elusive Amiibo, the Amiibo system may not be what you want as a parent.

Worse, your child can’t keep the Amiibo toys in the package and still play them, unlike Skylanders which can be played in the package. Nintendo has intentionally placed an RFID blocking card in front of the RFID chip. This requires that you rip the toys out of the packages to play (or at least rip open parts of the package to get this blocking card out). Ripping them out automatically reduces the collectibility. So, expect to buy them in twos. One to rip open, the other to store as a collectible.

Amiibo characters are also firmly limited to Nintendo franchises (Mario, Luigi, Kirby, Smash Bros., Animal Crossing, Metroid, Zelda, Yoshi, Fire Emblem, etc). If your child is not into Nintendo characters and franchises, buying into the Amiibo system might not be wise. With Nintendo’s Toys-To-Life system, don’t expect to see any Marvel, DC or Star Wars characters (or any other non-Nintendo characters).

Suffice it to say that the Amiibo system is cumbersome to use and has massively limited play value. The toys are mere afterthoughts to each game rather than being truly integrated like Infinity or Skylanders. For this reason, I don’t recommend the Amiibo system over Skylanders unless your child has a strong affinity for Nintendo’s characters and games and you already have a Wii U or DS.

Toys-to-Life longevity

While the Toys-to-Life system was a novel concept when Skylanders first hit the shelves, it has now become a dwindling fad. I believe that’s part of the reason Disney is now chucking its Infinity franchise in the bin. For this reason, I might suggest avoiding any Toys-to-Life products as gifts for your child. Yes, they are reasonably fun to play, but it is also costly to invest in each and every one of the figures, the playsets and the add-ons. As a parent, it’s an expensive never-ending trap

Worse, I believe that this game system fad is now ending. Infinity is the first to fall, but I believe that Skylanders may be next. Skylander’s Trap Team was arguably Activision’s best effort to date. Skylanders Superchargers was just not nearly as much fun, primarily because the racing was horrible. Nintendo’s Amiibo lineup may continue onward for a bit longer, but I believe that Nintendo is already feeling the pinch considering they are now starting to release duplicated figures in different poses and outfits. You can only do that for so long. In fact, at a time when the most Amiibos should be released all year, we’ve not had any Amiibos released so far. We’re only 2.75 months from the end of the year now and we’ve still not seen any new Amiibos since mid summer. You can’t sell what you don’t have on the shelves.

Skylanders Imaginators is the next in the Skylanders series, but I believe that this latest set will see lackluster sales, perhaps to the point of Activision rethinking toys-to-life systems as a whole. All things must end and I believe that the toys-to-life systems are now at the end of their run. If we have both Skylanders and Amiibos franchises still active by 2018, I’d be surprised. Though, I do expect to see both Amiibo and Skylanders live through to the end of 2017 (with far fewer figures released).

Once bitten, twice shy.

If Disney decides to jump back into the video game business again soon, I’ll definitely be one of the last people to buy into it. I just don’t trust Disney with video game franchises from a fun perspective or for its longevity. So long Disney Infinity, don’t let the castle door hit you on the way out.

Tagged with: , , ,
%d bloggers like this: