Archive for the ‘Internet’ Category

My letter to the FCC about the open internet proposal

Thursday, May 22nd, 2014

To: openinternet@fcc.gov
Subject: Internet must remain open

To the commissioners:

Those who object to regulating internet service providers to ensure an open internet, as the FCC is currently proposing to do, adhere to the rigid political philosophy that regulation, by definition, stifles competition, innovation, growth, etc.

However, this philosophy is only even theoretically true when there is real competition and an even playing field. Unfortunately, the plain fact of the matter is that when it comes to internet service, far too many consumers don’t benefit from either real competition or an even playing field. In those circumstances, not only does regulation not stifle growth, regulation is essential for growth.

More than 30% of Americans live in areas where internet service is a monopoly. This problem is getting worse, not better, as cable companies continue to merge, leading to fewer competitors with iron-fisted control over larger and larger swaths of territory. Allowing the massive internet providers to game the system even further by charging fees for better access to their networks, or by charging their customers for access to content from outside their network, e.g., by introducing bandwidth caps that exclude content produced by the internet provider, will cause consumers to be screwed over even more than they already are. How anyone can suggest otherwise for a straight face is incomprehensible.

Those who oppose classification of the internet as a Title II common carrier make hyperbolic references to how “backwards” Title II regulations and how we need to look toward the future rather than the past. The fact of the matter is that the strict regulations placed for many years on POTS providers are the only thing that ensured that every person in America has access to telephone service. That is exactly what is needed for internet service, which is why it should be classified as a Title II common carrier and aggressively regulated to bring fast internet to everyone, everywhere in the United States.

Those who claim that such regulation will force the large internet providers to raise their rates are blowing smoke. Comcast, for example, is raking in huge profits, literally at the expense of consumers, by providing legendarily poor service and charging ridiculously high prices. If its prices were regulated, as telephone prices were for many years, it would still make a profit, it just wouldn’t be able to fleece consumers quite as much as it can now.

Congress is completely dysfunctional and is almost completely incapable of passing any substantive consumer-protection legislation. If that means it falls on the FCC to figure out how to reinterpret the laws Congress has already passed to allow it to enact meaningful open-internet regulations that will protect consumers, then so be it. Godspeed and get to work.

Sincerely,

Jonathan Kamens

Dear T-Mobile, thanks for wasting my time!

Friday, May 9th, 2014

Dear T-Mobile,

In my life, I am blessed in many ways. I have a wonderful family; I am part of several great communities; I have a good job I love with people I respect and learn from every day; I have a roof over my head and enough food to eat.

However, like many other people, the thing that is in shortest supply in my life is time. And the time I can’t afford most of all, the time that drives me crazier than anything else in my life, is the time I am forced to waste dealing with other people’s incompetence. And this is why I am writing to you today to register two complaints, one general and one painfully specific.

(more…)

Using Selenium to monitor Phone Power international call usage

Sunday, April 20th, 2014

Back when I was using Vonage, I wrote and shared a Selenium script to alert me automatically if I was approaching my monthly usage limits.

Then I kicked Vonage to the curb and switched to using Google Voice plus an OBi202 box for my home phone service, lowering my monthly bill from around $14 for Vonage to $Free for Google Voice.

Alas, as of May 15, 2014, Google Voice is no longer going to work with my Obihai box, so I’m back to paying for VoIP. I decided on Phone Power‘s $5/month special offer (I have a sneaking suspicion it’s going to go up after the first year, but we’ll see) for former Obitalk Google Voice users. Alas, Phone Power has the same problem as Vonage — they let you view on your web site how many minutes you’ve used toward your quota of free monthly international minutes, but they don’t have any sort of automated alerts when you’re approaching your limit.

So I went ahead and tweaked my old Vonage Selenium script to work with Phone Power instead. For anyone who might find them useful, I’ve posted them in this public gist.

(more…)

How LastPass protects your data

Thursday, April 10th, 2014

I’ve seen several people recently discussing how LastPass protects your LastPass master password and your encrypted site password data (a.k.a., your vault). If what some of those people were saying were true, then LastPass wouldn’t be as secure as I thought it was. This gave me pause, since I use LastPass to store all my passwords, so I decided to do some research to try to understand for myself exactly how it works. Now that I’ve done that, it seems to me that others might benefit from my research, and in any case writing it down will clarify it in my own mind, so here it is.

(more…)

We need a “/heartbleed.txt” standard, and we need it ASAP

Wednesday, April 9th, 2014

Heartbleed LogoThose of us who help create and maintain “the internet” that everyone benefits from are now tasked with helping the world recover with one of the biggest, if not the biggest, security holes in the history of the internet.

To be certain they aren’t vulnerable, users need to change their passwords at every site that was at any point vulnerable to a Heartbleed attack. But a site has to be patched, and its SSL certificate has to be reissued with a newly generated secret key, before its password should be changed; otherwise, the new password is just as vulnerable to Heartbleed as the old one was. What’s more, you can’t just look at the start date of an SSL certificate to determine whether it was reissued, because that doesn’t tell you whether the site was patched before the certificate was deployed, and worse than that, some CAs (e.g., Digicert) quite reasonably re-key certificates without changing their original start dates.

I have passwords at over 500 sites. I’m sure there are people who use many more sites than that. Manually figuring out which sites need their passwords changed, and when to change them, and keeping track of which ones have been changed, is an impossible task.

What we need is a standard, widely adopted way for web sites to indicate, in a way that can be easily interpreted by software, whether they were ever vulnerable to Heartbleed, and if so, when the vulnerability was patched. Then browsers and password keepers such as LastPass can easily determine and track which user passwords need to be changed, and warn the user.

(more…)

How not to run a computer security company

Thursday, March 20th, 2014

My email identity thief is at it again

Tuesday, February 11th, 2014

Das Keyboard comes from behind for the win

Saturday, October 5th, 2013

I recently received a package from Metadot, the creators of Das Keyboard. It contained:

T-shirt, magnet, note pads, note of apology, daskeyboard Space Pen, daskeyboard pens

Here’s what the enclosed note says:

Jonathan, We're sorry we messed up! Please accept these goodies as our thank you for being honest and patient with us. Das Keyboard

The day before, I’d received another package from them, containing a brand new Das Keyboard.

From the “We’re sorry we messed up!” you might suspect that there’s a less positive back story leading up to the seemingly happy ending, and you’d be correct. But I told the ending first for one simple reason: what Metadot did at the end made up for everything that came before, in a way that most companies nowadays just don’t seem to understand. Yes, they made a mistake (quite a few of them, actually), but they acknowledged and apologized for it, they didn’t make excuses, they fixed it, and they went the extra mile to show they were sorry.

Here’s the whole, long story… (more…)

Canceling my previous recommendation for NoMoreRack.com

Wednesday, July 31st, 2013

I recently recommended a flash charger for cell phones and other devices, being sold by NoMoreRack.com for a great price.

I stand by recommendation of that particular product, but I find it necessary to withdraw my recommendation for NoMoreRack.com.

They strongly encourage their customers to recommend their site and products to friends and relatives, and they give customers a $10 credit for each referral that results in at least one purchase. However, they don’t mention anywhere in the various screens urging people to refer others to their site, or in the emails that get sent out whenever a referral credit is generated, that these credits expire after 48 hours. Other credits they give occasionally display the expiration date prominently, which suggests that the concealing of expiration times for referral credits is intentional.

Their inventory doesn’t change often enough for anybody but a shopaholic to be likely to want to buy something from their site within 48 hours of every referral credit. Therefore, their business model for finding new customers is apparently predicated on (a) actively concealing how long referral credits are good for and (b) not actually paying out most of the referral credits that are generated, since they expire before they can be used.

This is an incredibly shady and dishonest business practice which borders on fraud. I don’t do business with companies that do stuff like this, and I discourage others from doing so.

Since Diallo Mamadou Oury is so insistent on sharing my personal information, here’s some of his

Tuesday, July 30th, 2013

I have no idea why Diallo Mamadou Oury, who lives in Dakar, Senegal, insists on using my email address to sign up for services and web sites all over the Internet (previous postings). But since he apparently feels entitled to share my personal information without my consent, I have no compunctions about sharing his. Here’s an email message that landed today in my inbox:

(more…)