I received notification today, dated the 6th, from CountryWide that a "now former" employee may have sold unauthorized personal information about me to a third party. A quick Google search reveals that this news apparently broke around the 13th.

Nice. That now makes four different companies which have somehow lost or had my personal information leaked.

This is a copy of the email I sent to AT&T.

A few years ago I began purchasing phones outside of Cingular's marketplace.
I found that Cingular did not carry the phones that I found useful or
attractive. A couple of years ago I picked up the Sony Ericsson K790a.
This is a CyberShot phone which does everything that I need for my personal
and business life.

Unfortunately, this phone is not an official Cingular phone. Even though it
runs the same operating system, Java Platform 7, as several other
Cingular-branded and supported phones, including several of the Sony
Ericsson W-series phones, I am prevented from making purchases online. This
includes ring tones, other multi-media, and Java games.

More importantly to me at this point is that I am prevented from using my
bank's on-line banking system because the application will not install on my
phone due to a missing root certificate.

I attempted to download the application using the link provided by my bank.
I found that the download would fail. I manually captured both the JAD and
JAR files comprising this application and discovered that the JAR file
*will* install and run on my phone, however as an untrusted application it
lacks some functionality.

Upon examination of the JAD file, I found that it contains two chained
certifications, the primary of which is signed by "Cingular Trusted Root CA"
root.

Certificate:
        Data:
                Version: 3 (0x2)
                Serial Number: 4955 (0x135b)
                Signature Algorithm: sha1WithRSAEncryption
                Issuer: C=US, O=Cingular Wireless, LLC, CN=Cingular Trusted CA 1
                Validity
                        Not Before: Nov 3 02:38:29 2007 GMT
                        Not After : Nov 1 02:38:29 2017 GMT
                Subject: C=US, ST=GA, L=Atlanta GA, O=Firethorn Holdings LLC, OU=ATT
Trusted for Java - Production, CN=CodeSigning for Firethorn Holdings LLC

Certificate:
      Data:
              Version: 3 (0x2)
              Serial Number:
                      50:3c:76:b8:74:c3:61:17:1f:2d:5f:c3:8e:af:fc:b5
              Signature Algorithm: sha1WithRSAEncryption
              Issuer: C=US, O=Cingular Wireless, LLC, CN=Cingular Trusted Root CA
              Validity
                      Not Before: Nov 3 00:00:00 2006 GMT
                      Not After : Nov 11 23:59:59 2023 GMT
              Subject: C=US, O=Cingular Wireless, LLC, CN=Cingular Trusted CA 1

The root certificate of this chain is not available anywhere for download.
I am told by Data Support that this certificate is not released to the
public and is only available on Cingular/AT&T-branded phones.

The implications are obvious to me: AT&T is preventing otherwise compatible
applications from running on unlocked phones by the use of a "secret" root
certificate. This artificially segregates the market and serves to help
reduce the overall value of my perfectly capable and compatible phone.

I can easily accept that AT&T does not know how to support unsanctioned
phones. For the most part, however, I have found that people capable of
selecting and purchasing an unlocked phone are also capable of supporting
themselves. We also can handle not being able to run Java apps which are
not capable of running on our phones.

But I cannot accept that an application which could run on my phone
otherwise is prevented from doing so artificially by way of a restricted
root certificate.

Thank you for your time.

--
Alan W. Rateliff, II

I have sat on this for a couple of weeks and I will no longer do so.

I have received spam email to an email address which was specifically used for communication with SprintPCS for my business data card account. Three other people who are also SprintPCS customers received the same email from the same source with the same content.

SprintPCS is adamant that it does not sell or give out customer account details.

According to my mail server logs, these emails began on January 17th. My concern at this point is that my email address, specifically crafted for use only with SprintPCS, that no one on the face of this planet or regional solar system has, and is not easy to guess, has been obtained by illegitimate means. That being the case, my concern is that other account details may have been obtained.

Over the course of two days and five hours on the phone I attempted to contact Sprint Corporate Security. I was shuffled from department to department so much that I have a detailed map of the phone tree. Only two people took interest in my problem: one person sent an email to a supervisor who never got back to me for more details, and another in Level 2 support tried to find someone who could help. Oh, well, one other person did offer to send me over to technical support so they could "block the email."

Sprint's fraud department told me that it could only act if my account had been used for fraudulent purposes such as unauthorized charges or phone calls. The fact that my private customer information, and possibly other customers', may be compromised did not raise any hackles in fraud.

At the behest of the Florida Department of Law Enforcement, I have filed a complaint with IC3, the Internet Crime Complaint Center, a joint between the FBI and the National White Collar Crime Center. At this time I have not heard anything else back and remain disturbed by the situation.

Port 465 was recommended for use as smtps, or SMTP using explicit SSL, in the Netscape SSL v3.0 draft date back in 1996. Unfortunately this port was already, or at least is now, used by Cisco for urd, or the URL Rendezvous service (whatever the heck that is.) For the past five years now I have been providing authenticated SMTP transport over SSL on port 465, as seems to be the de-facto standard (look at GMail's configuration section, for instance.)

Thursday I was made aware that several customers were unable to send email through my server colocated within the Sprint/Embarq network. At first it seemed that ComCast was blocking port 465 outbound as other ISPs did not appear to exhibit the same behavior, and neither myself nor my colocation have any ACLs what-so-ever related to ComCast or port 465.

What I discovered later, however, was that people using Sprint PCS data cards and my own AT&T data card and phone were unable to send email as well. Further prodding revealed that somewhere far upstream, Sprint/Embarq has a blanket block on port 465 due to a Cisco vulnerability.

Cisco Security Advisory: Crafted IP Option Vulnerability
Document ID: 81734
Advisory ID: cisco-sa-20070124-crafted-ip-option
http://www.cisco.com/en/US/products/products_security_advisory09186a00807cb157.shtml

What really chaps my hide about this is that Sprint/Embarq could have easily put ACLs in place that protected their Cisco equipment without disturbing customers down-stream. I find it hard to believe that no one in their network administration has ever heard of smtps on port 465, and the implications of blocking this port to all destinations. Then to add insult to injury, not providing notifications down-stream.

Now for two days customers using what has been considered to be a standard set up for smtps have been unable to send email through my server. I've now spent numerous unbillable hours tracking down the problem and coordinating with affected customers to use an alternate configuration.

Of course I would prefer to use TLS with customers, but Outlook and Outlook Express, the predominate email client for business offices, do not support it. Thank $_DEITY that Exchange does. Then there's the issue of outbound port 25 blocking that several ISPs do, but I've been using port 925 (semi-random choice) to get around that since 2000. I understand now that port 587, the submit port, is the recommended port for this, but I imagine it's only a matter of time before that's blocked as well, and I have questions as to the legitimacy of using submit for this purpose.

END OF LINE

Mobile GMaps (http://mgmaps.com) is a free Java application for Java-enabled phones, like my Sony Ericsson K790a, which turns your phone into a GPS-enabled mobile mapping system, complete with on-line tracking, custom mapping, and a slew of other features continually being added.

Even though this program has been mature much longer than Google's own Java phone-based mapping program, which also does not include the heavily requested GPS functionality, Google has sent the author what is essentially a C&D email. The email apparently claims that MGMaps is a dirivative work, as this clause from the Google Maps for Mobile (http://google.com/gmm) terms of service is invoked.

Personally, I like MGMaps better than Google Maps for Mobile, if only for the GPS functionality alone, although it does provide many more features than GMM. I have always liked Google Maps over Yahoo! or MSN maps, but alas it is time to take up something new.

I think this is crap, and goes against the normally open spirit of Google, and the Google Maps API. I only found out about it tonight as I was driving home and decided to check for updates. I read in the release blurb about the new version removing support for Google Maps.

Read more about it at the MGMaps news page.

"Google requests removal of Google Maps support from MGMaps (July 31st, 2007)"
http://www.mgmaps.com/news.php?item=136

[EDIT: I added the word "Review" to the title so that it might have a better chance at showing up in search engines. I really want people to see how frustrating being a Palm customer is.]

My primary purpose in purchasing a new Palm was to replace my well-aged Palm IIIx, which had served me well for a couple of years but began suffering screen calibration problems. When beginning my deliberation on Palm versus Windows Mobile, I stuck with Palm because I already had a small investment in Palm-based software. Even with this prior investment and the purchase of software afterwards, I am ready to abandon all of these investments and move completely to Java applications on my K790a. In fact, I am only one app away from being able to dump Palm completely, and I am considering writing it myself.

1) Palm Support (or lack there-of)

I contacted Palm support more than a few times about some of the issues I address in this list. Each time Palm's response was more or less that the problems I was having were due to me using the device improperly -- all of the faults I find with the LifeDrive are really my fault. In reality, I bought the LifeDrive because the T5 I purchased originally would never support WPA WiFi encryption, and buying a LifeDrive instead was Palm's solution.

2) Horrible file type handling

The LifeDrive support IrDA, Bluetooth, downloads (via the Blazer web browser,) and email attachments (via VersaMail) for file transfers. However, if the file does not have a "registered" handler, the system rejects the file. This is really a pain in the ass since it seems that some programs are unable to register themselves as handlers. For instance, I run Kinoma Player and MMPlayer, which together support a multitude of video and audio file types, such as MP4 and DivX-encoded AVI. Forget transferring these files via any means other than directly copying to the drive or SD card, as the PalmOS rejects the files, without chance to just save the file.

[EDIT: I have been told this is actually an issue with the programs themselves, though I have also been told that the PalmOS does not make this easy. He-said, she-said.]

3) Limited Bluetooth phone recognition

It does not recognize my new SonyEricsson K790a, so I am unable to use the SMS or EDGE networking features. To be fair, the unit only recognized my T637 enough to use it, but tests always failed because of unrecognized responses.

[EDIT: The LifeDrive itself says that I should run the Phone Link Updater, found in the Palm folder on my PC. Not only does this not exist, but the last updater available for download from Palm is dated the middle of 2005, well before LifeDrive Update 2.0.]

4) Unstable networking stack

The network stack cannot switch between Bluetooth and WiFi without crashing.

5) Unstable applications and operating system

The Palm-included applications, primarily Blazer and VersaMail, crash under normal use. It is also extremely easy to crash the operating system. Mine reboots so often that it is practically useless during a normal day.

6) The LifeDrive is seemingly abandoned

As I stated before, I have contact Palm on several occasions about numerous problems. I even presented a good dozen bug reports, each reproducible. All of my cries have gone unanswered, and there hasn't been a major system update since December of 2005, which did not address any of the problems I had with the system.

7) No sense of security

The Palm Desktop software is not multi-user aware in the Windows environment. Each Windows user who wishes to use the Palm Desktop must install the software, and even then the Palm user profiles, which are often different for different Windows users, are not protected.

8) Poor performance and functionality from included or sanctioned software

My 50MHz Amiga has better performing email and browser software than VersaMail and Blazer.

VersaMail crashes the moment it touches an ActiveSync (Exchange 2003) server, which I have come to find apparently actually communicates via Outlook Web Access in basic authentication mode rather than RPC over HTTP. The only good thing I can say about VersaMail is that it seems to handle IMAP better than Outlook 2003, though it would be nice if messages no longer on the server would be cleared from the Inbox. VersaMail should also support groups or at least have better contacts lookups.

The LifeDrive also supports VPN software. Even using the Palm-sanctioned VPN program, the system still fails to recognize that VPN functionality is available. None of the VPN menus work, and the program must be launched on its own rather than conveniently from within programs.

9) Left-Handed mode does not change user interface elements

The LifeDrive provides a left-handed mode which one would assume makes the unit more friendly to left-handers. However, it only seems that this mode affects the direction of the landscape viewing mode layout. One would expect that in left-handed mode the UI would adjust itself in ways such as putting scroll bars on the left side of programs to prevent having to reach across the screen to scroll. The left-handed mode setting also does not survive a reboot, so needless to say that, irrespective of its apparent uselessness, I never set it anymore as I would have to do so many times a day.

10) Unfriendly, inflexible, and obstinate hand writing recognition

Graffiti2 is a pain in the ass to use, especially if you do not write with the exact hand orientation as expected. This is another problem for many left-handers already. It also differs in many regards to the original Graffiti system, and cannot be trained to the writing nuances of the user.

All-in-all, the Palm LifeDrive has amazing hardware specs: 413MHz Intel XScale processor, 4GB built-in hard drive, SD RAM and SDIO, high resolution color screen with fast refresh, Bluetooth, WiFi, IrDA, and USB. The machine rocks, but is crippled by the PalmOS. This was supposed to augment my laptop as a surrogate in times when I either could not carry or simply did not have my laptop available. Instead, it has been an incredible incumbrance. My experience with the Palm LifeDrive has not only pushed me away from future PalmOS-based devices, but also to sway the professional recommendations I make to my clients. My LifeDrive is close to becoming a $500 paper weight, or embedded in a wall.

1979-ish: Motorola 32-bit CPU
1983-ish: Intel 32-bit CPU

1990-ish: DEC Alpha 64-bit CPU, followed soon by SPARC, and others
1995-ish: Intel Pentium 32-bit CPU
2001-ish: Intel EMT64 64-bit extensions grafted onto 32-bit CPU

2004-ish: AMD Athlon 64-bit CPU
2004-ish: Yet another phuqn Intel 32-bit CPU with more useless extensions

2006: Intel will release yet ANOTHER 32-bit CPU core.
2006: AMD will hand Intel its ass

'nuff said.

So, now that we've settled with our old landlord, I can say that, in my opinion, our former landlord is a miserable old, man-hating bitch. We got everything settle by way of her lawyer, and not once did we ever have contact with her during this whole fiasco. Seemingly against the idea of small-claims, but whatever it takes. My girlfriend and I settled for an amount which made us happy, recouped a large part of our expenses, and kept it from having to go to court. Without getting into too much detail, after visiting with an attorney who handled such disputes, we were fully prepared and confident that we would be able to recover $2500 in expenses, plus potential punitive damages. But, in the long run, this is just another in a long list of things to put behind us, and we're both glad it's over.

That being said, a couple of weeks beforehand I made a trip back to my home town and discovered that an old friend of mine had passed.

I started working at Taco Bell a couple of months before my 18th birthday. She worked there as a manager, for the next few years she would teach me a solid, strong work ethic and, most importantly, patience. Patience not just for my work, but for other people as well. She was a great manager, and a great friend.

She was one of the most ain't-never-done-nothing-bad-to-no-one kind of person I ever met in my life, always willing to help out -- always willing to give of herself for others. A few years later when I got laid off a job, she even brought me on board temporarily to work for her office and construction cleaning company.

I will say with absolutely certaintly that no one EVER came into contact with her without their life being touched deeply.

She was more than a manager, more than a friend, she was a mentor in life.

And it really stupifies me that people like her die, and people like my former landlord still trudge around Earth leaving nothing but swaths of destruction in their path.

I'm not saying I want her to, or think she should, die... I'm saying that the logic just seems unfair. But then again, how could we appreciate the good if we didn't have the bad.

Whatever her reasons are for being a total bitch, I don't know, and quite frankly I don't care, because nothing that ever happens to you should give you sufficient reason to make other people miserable.

Since we moved in, our landlord has been abusive to us and has refused to perform maintenance. In particular, we went without A/C for a month during a time when the average outside temperature was in the 90's daily.

Granted, she is not required to provide air conditioning, but as the Dept of Ag and Consumer Services pointed out, the fact that the lease was signed with the understanding that the house had working air conditioning at the very least constitutes breach of contract and devaluation of the property.

Without getting too deep into the specifics (as this WILL be going to trial,) about a week ago I turned on the A/C because is was hot and muggy, and lo it failed to work again. So, we sent her a seven day notice that if she did not perform a list of maintenance we provided that we would withhold rent and file with the county court.

She responded by sending us a 30 day notice to vacate, and apparently retained a lawyer to intimidate us to honor the very same.

Regardless, next Tuesday I go to the Leon County Circuit Court office and file against her for material violations of Florida Statute 83.51(1) as provided for by F.S. 83.60, and additionally for retaliatory actions as expressly prohibited by F.S. 83.64. There is a large section of F.S. 83 which deals with landlord-tenant disputes.

I will be calling around today and Monday to try to get our own legal advice, but from my discussions with DoACS and my understanding of the relevant statutes, we have a strong case.

I am putting this up as not only a small outlet for frustration, but I also found that people actually read my journal, so at the same time I am hoping someone else has experience in this arena.

The last week of August I noticed my Sony Ericsson T62u was acting funny.

The T62u is a GAIT phone. It operates on GSM, TDMA, and analogue cellular networks. I LOVED it because I could be assured of having services ANYWHERE, especially around Tallahassee where Cingular's GSM penetration has been crappy. (In their defense, Cingular is not completely at fault... we are the arm put of technology: we get everything last, and it is done half-assed when it gets here.)

Being the proud geek that I am, my T62u was in debug mode, which I put it in by entering *666 (or *777? I forget now) and power cycling the phone. Next to the signal indicator I would see a G, T, or A, for the respective networks. I noticed that I was not able to send or receive SMS (text messages) nor get on the Internet when the T62u was connected to a TDMA network.

I called Cingular about it. I was given several different stories before I finally got pissed and had a nice rant session with someone who gave me the real scoop.

1. TDMA never had those capabilities. (An out and out lie.)

2. Your phone doesn't work on our system anymore. You need to buy a new GSM-only phone.

3. Your phone needs updates which I will send to it.

4. Those updates did not turn off your TDMA... we don't have the ability to do that.

5. We have been shutting down the TDMA network in anticipation of the full GSM network rollout which is a combination of our "Blue Towers" (AT&T Wireless) and "Orange Towers" (native Cingular.)

3&4: A helpful tech at Cingular told me that she needed to send updates to my phone. I accepted and went about my business. But I then noticed something even more strange... the phone NEVER seemed to fall over to TDMA. When I called and asked if the update shut off my TDMA, they said no, they cannot do that. (Well, *I* can do that in debug mode, so I can only conclude that the same functionality is available to them.) I finally proved this point when I was in an area in which my phone displayed "No Network." Normally the phone's network stack is set for "Use SIM," but I changed it to "GSM Pref" which prefers a GSM network, but will fall back to TDMA and AMPS when necessary. Lo and behold, I get a FULL STRENGTH TDMA signal! WTF?! Draw your own conclusions.

5: THIS TIME I call and a fella tells me that the TDMA network functionality has been being shut off slowly, kind-of tower-by-tower in anticipation for the big combined GSM network push, which should happen in November. He confirms what I already know, NO, I DO NOT need to buy a GSM-only phone since the T62u obviously handles GSM. So now I am forced to change plans and accept less than mediocre usage.

I was really pissed. It took my almost a month to get the straight dope on the situation. I was also really put off by the fact that such a change in service was never announced. I wonder how many TDMA-only customers were burned by this, and then had to BUY new phones. This move was really not customer friendly, and I hope Cingular does not have the gall to put the screws to its customers like this again.

There is an upshot to this. From what I understand, while we could access both "Blue" and "Orange" towers, the networks were not completely integrated, which meant that calls were not handed off between towers of differing "color." THAT was a pain in the ass. I will say that I have noticed within the past week that areas in which this used to happen no longer suffer from the problem. So, I would move to conclude that the planned integration has finally been realized.

Signal strength in my house has also improved dramatically. Apparently my closest tower is/was "Blue," but my phone prefered the "Orange" tower from which I barely had signal.

The Cingular store upgraded the SIMs in my two T62u's to 64k units for free to help the situation.

I managed to find a new phone which I adore, and will probably usher towards even newer models: the Sony Ericsson T637. It is slick, gets excellent reception, and has all the features and functions that I find very useful in my day-to-day business.

But alas, GSM coverage is still lacking in many areas which I service, so there are many times that I miss calls. I am also not a fan of the new voice mail system, which does not allow me to interrupt a message with the "Delete" command.

Overall, I am still not convinced that I need to move from Cingular. I am a little pissed about how I was snubbed from the TDMA aspect, but from what I hear from others, I am not likely to expect any more or less from another carrier.

I do not like that customer service tried to push new phones on me when I did not need one. They actually tried that on me last year when it was decided that the GAIT phones were evil. I do like that every problem I have ever had was taken care of quickly and to my satisfaction.

So now, I have another phone I really like. I can use the Bluetooth function to get on the Internet with my laptop and my Palm LifeDrive. I also keep my calendar and contacts in synch on all three.

I pay $180/mo for two phones, 2100 minutes, roll-over, free mobile-to-mobile, 1000 SMS and some hundred MMS per phone per month, and unlimited data for both phones (this plan is no longer available, apparently.) It compares well with other services.

So, for now I will not be a churn statistic :)

I don't care what they say. I have found through the use of crafted email addresses specifically for this purpose that Dell will send you advertisements, even if you tell them not to.

Every time I call for a client I give them an email address to send me confirmations. Every time I give them an email address I tell them I do not want to receive advertisements. Every time I tell them that they say that they don't send advertisements. Every email address I give them gets their damnedable ads.

Fucking liars. I have half a mind to completely block Dell at the server level, but I know that there are many customers on the boxes which get legitimate mail from Dell.

Admittedly, every so often I have money problems. As an independent consultant, sometimes I'm living hand-to-mouth, and that gets compounded by having large invoices which go over a month past due.

Today I get a call from Sprint, which was a bit different from calls in the past. It went basically like this: a woman with what I could not identify as an American accent tells me she's from Sprint, needs to discuss my account, and would like to verify the password on my account. Uhhhh, not on a cold-call, I don't think so.

This kind of call is very suspect. And rightly so. In the past, and still today, much telephone fraud is perpetrated in such a way. Hell, in the past they've flat out asked me for my SSAN!

The main difference this time was an actual number showed up in my CLID, versus before when it came up as "Unknown."

Cingular will call with an automated message saying to call 611 about my account. I don't think it would be such a horrible thing for Sprint to do something similiar, especially since you can reach an account representative by dialing 811. Believe me, I appreciate the reminders -- it doesn't happen often, even so I'd rather not forget to pay my phone bill.

There are no absolutes in this world in regards to protecting our personal information, but many companies just throw caution to the wind, seemingly a gesture of defeat. Seriously, I had a rep for Dell Financial Services tell me that protecting my SSAN didn't matter since people can get any information on me they want. So, wouldn't it also follow that they could USE that information to forge my ID over the telephone? In that case, why even bother to verify my identification?

Sheesh.

I was wondering today if the "Adopt-A-Road" program hurts people who wander the streets to collect aluminum cans to turn in to recylcing centers for money.

I remember when I was in my before-teen years that my mom, dad, and I would wander one of the local highways and some of the back roads collecting aluminum cans. I don't think we collected glass containers. Anyway, we would take them home, crush them, then turn them in to the recycling center for money. When I got into my late teens/early 20's, I did that a few times for some gas money.

But if someone is out cleaning this stuff up, is there much hope for this kind of revenue?

http://www.theregister.co.uk/2005/10/07/sms_bible/
http://www.biblesociety.com.au/smsbible/

Christ. So, the Bible has been converted into text which can easily be sent to a mobile phone and conforms to the limitations (160 chars) of SMS messages.

So, just like at the site itself, you can see verses like

"4 God so luvd da world"

So we can breed a new generation of idiots? What is so difficult about multiple messages with the full, English-conformant text? Ever since I've been invovled in on-line chat (1985, Q-Link, to present) I have had my intelligence bombarded by stupid replacements like "U" instead of "you," "R" instead of "are," and the like. I'll admit that I used shorter phrases of things, like "prolly" instead of "probably," but even that seems to skirt the proficiency barrier.

To me, such short cuts lead to the barbaric assault on our language, such as "your" instead of "you're," the use of "of" instead of "have," and the various misuses of "their," "there," and "they're."

ON THE OTHER HAND

Does the use of such semi-cryptic short cuts help keep our minds fresh? Having to constantly translate text into our native language may work to help lead us into larger, more complex puzzles. 1337-speak is one of those things that I could never get into. I have distanced myself from even close friends who have chosen to partake in such text conventions. What makes me feel even more ashamed is that my love of complex puzzles lead me to develop my own language based on the use of pronounciations of numbers -- that is, I did not use numbers which looked like letters, such as "4" for "A," "1" for "L" or "I," etc. -- I used numbers for their sounds: "4" for "4ever," "3" in certain circumstances (yes, this system has rules) such as "tr3" (tree,) and so on.

Sometimes my dislike of the SMS/IM language perversions, and the whole "1337-5p34" thing clouds my judgement.

So, should the SMS Bible be an insult to our intelligence, or does it work to enhance our intelligence?

Oh, and just for the record, words like "pwned," "teh," "haxor," and the like ARE just plain stupid.