It’s 2016, why is rotating a video such a pain?

How many times have you quickly shot a video on your phone and not rotated it for landscape? It happens too often and we see these videos all over social media. I sometimes forget to do it as well, or portrait is more in line with what I am shooting. So, I want to quickly rotate a video 90 degrees sometimes. Should be easy, right?

I’ve asked friends and social media before, but I asked again last night and got a lot of great input. My criteria were very simple, but I did not specify platform; I want to load an MP4 video, rotate it 90 degrees, and save it. I didn’t qualify it, but my expectations are that it would not lose quality, it would keep the original MP4 format, and that the process was “one-click” (or close). While I have plenty of history using Linux, going back to CLI graphics tools to do this is not ideal for me, but I considered those options.

  • @cl suggested Windows Movie Maker – It will rotate trivially, but saves your MP4 as WMV and the quality drops noticeably.
  • @TCMBC suggested mencoder – A command line utility, part of MPlayer. So it is not trivial (download, configure, compile, figure out CLI syntax), but it does rotate. Yet, the quality drops noticeably.
  • @viss suggested ffmpeg – A command line utility and graphics library, not so trivial. It did rotate, but the quality drops noticeably.
  • @viss suggested The ‘Rotate My Video‘ web site – It is a bit slow for file upload and conversion, but very easy to use. It played the video correctly in my browser, but when I saved the video the final copy was not rotated.
  • @DeviantOllam suggested (in DM) the Rotate Video FX app for Android – I thought the UX wasn’t intuitive for starters. It did rotate the video for immediate playback, but no apparently way to save the new video back to the device. Sharing it brings up the usual Android options, but uploading the video to google drive and the video was not rotated.
  • @elkentaro suggested Apple’s QuickTime Player – Even with his reference which is outdated, there is no apparent rotation function. Even the ability to save a file is now ‘Pro’ only.
  • MegaManSec suggested ImageMagick ‘convert’ utility – this didn’t work and gave me a nice reminder of the old ‘terminal flash attacks’ from the early 90s.
  • @DeviantOllum suggested Virtual Dub but warned me that some versions handle MP4 and some don’t. Thus, I didn’t try it.
  • @Grifter801 suggested VLC but qualified it “just for viewing”.
  • @mehebner suggested Open Shot Video Player but said it is Linux only, which isn’t convenient.
  • @cl suggested iMovie but it is Mac OS X only, which isn’t convenient.
  • @cl suggested Facebook but he isn’t sure you can save after. I am fairly sure you lose quality though.

The final recommendation, and the one that worked the best for me, is Handbrake suggested by @bmirvine. The upside is I had it installed (but an old version) and am familiar with it to a degree. The best part about conversion is that the video does not lose any quality. The downside is trying to figure out the ‘Extra Option’ argument to rotate is a raging mess, as seen on this thread. I found that using “, –rotate=4” as the extra option worked for version 64-bit (latest as of this blog). The only other annoyance is that Windows won’t show a thumbnail of the newly saved video for some reason. [Update: with a newer version of the K-Lite codec pack, the thumbnails render fine.]

There are my quick testing results. I hope it helps. I’d like to give a big round of thanks to all who contributed ideas late night. Reminds me that Twitter has some value and isn’t a cesspool of insipid political tripe. =)


The Problem with Facebook…

Maybe that was a bit of a ‘clickbait’ title, since the list of problems with Facebook is epic, tragic, and depressing. So let’s go with, “tonight’s example of an ongoing problem with Facebook”.

One of my biggest gripes about the social media platform is that after all this time, they still do not give us a simple way to view posts chronologically. At some point in the past, they introduced an option to supposedly to that, but it was done via a URL argument and not a user-friendly GUI widget. I’ve used that option to view Facebook to this day, and it is still horrible. Why? Because as you think you finally get the holy grail of simplicity, it is still weighted… just less so. Meaning you are more annoyed when some crappy post pops up four times that day.

OK, so they want weighting and control to deliver the posts your friends make, as they see fit. That means you never see some posts you absolutely want to see, while seeing other posts multiple times a day. Their algorithm has nothing to do with standard weighting, and everything to do with their weird formula that no one can seem to figure out. OK, fine…

Facebook has also been on a tear about ‘honesty’ in the form of user profiles. The last few years have seen nothing but drama and turmoil as Facebook tries to enforce their ‘real name’ policy. A policy that the Chief Product Officer at Facebook apologized for, ensnared a former employee or seven, unfairly targets the LGBT community, and has caused enough headache to warrant a Wikipedia entry. Oh, of course, that the “noble and charitableMark Zuckerberg defends. So… integrity and honesty and clarity is important, right?

That sets up the easiest of questions. Why is Facebook targeting their user base, who they profit off, regardless of a real name attached? Sure, they may make a few more pennies on the dollar if a real name is attached over a pseudonym, but still profitable. For years, it let them defend their absurdly high user count on top of the obvious ploys of ignoring idle accounts and such. Now, jump to tonight, which set up a perfect example of where Facebook shows they don’t care. A rather simple example, but one that should be trivial for them to programatically notice and warn against, in a variety of methods. If a single user is posting something that may be fraudulent, contradictory, or a basic scam (e.g. how many times have you been tagged in an image for Oakley sunglasses, even in 2016), why isn’t there a warning? Even when the account isn’t compromised, the user isn’t warned. When the same image of knock-off sunglasses is posted to hundreds of ‘friends’ from a compromised account, it comes with no warning, either from the subject matter, or the break from the normal behavior (e.g. that user with 87 friends tags one photo with 87 names, when never tagging more than 2 people the last 5 years). We’re not talking AlphaGo or Microsoft Tay, we’re talking a couple decades behind them as far as computer intelligence goes. The fact that one was an amazing success while the other was an amazing failure, speaks to my point. They are cutting edge, trying to solve ‘problems’ that are are incredibly complicated. Meanwhile, Facebook can’t figure out what boils down to mid 1990’s email spam patterns, implementing the most basic of statistical filtering.

That said, I would love to see Facebook answer how the following two posts, from the same user, within 40 minutes of each other, could be posted without a warning to them AND me. Compare them posts carefully, not that there is much to go on as far as the end-user sees. At some level, this is stupidly trivial and any half-assed program should notice. No, it isn’t trivial or worth ignoring, that such articles get posted with such discrepancy. That is how we end up with stupid rumors and lies spread around as if they are fact, and fundamentally why our political climate is like it is. When you stop ignoring the details, especially the obvious contradictions, you are buying into a system that doesn’t serve you; rather, one that only exploits you.



The Charity Snail Mail Burden

If you have ever donated to a charity, you likely received something in the mail from them down the road. A thank you note (and request for more money), a new fundraising initiative where they would like you to donate again, or general information (and request for more money). What happens when you donate to a dozen or more charities over the years? The amount of snail mail you get from those charities, and many others you have never donated to, gets out of hand. At the start of 2015, I decided to keep all of the snail mail I received from charities for the entire year. How much would it be? What kind of ‘gifts’ would add up over the year?

Before the fun bits and pictures, a quick background on this. Charities have three primary categories for spending money: administrative (e.g. salaries, office supplies), fundraising, and program expenses (i.e. what their cause is). Charities are rated based on that breakdown, among other things, by the excellent CharityNavigator web site (a 501c3 not-for-profit themselves). As an example, let’s look at the breakdown for Paralyzed Veterans of America, who spends almost two thirds of the money it brings in trying to raise more money. They only spend 33% of their money on the intended cause; helping paralyzed military veterans. That is an absolutely horrible ratio and not a charity anyone should support. They are essentially in the business of raising money. All of the snail mail you get from charities falls under that ‘fundraising’ category. If a given charity sends what seems to be an obnoxious amount, that is money they could be better spent on the program expenses.

20160103_141807  20160103_141953
20160103_143928  20160103_144238

In one year, I ended up receiving 351 pieces of mail from charities, that weighed 26.6 pounds. It’s hard to say if this is truly a lot, and what led to this. I donated to 32 different charities in 2014, some in a manner that would not have led to any snail mail (e.g. “would you like to donate a dollar to..” during grocery store checkout). A few were local charities that do not maintain mail lists and would not have generated any mail. Other bigger charities though, certainly took the opportunity to solicit me for additional money. And at least one of those charities sold or shared my information with other charities that I never donated to, and in some cases would not. To offer a bit of perspective, the 26.6 pounds of charity mail can be contrasted with the 10.8 pounds of ‘commercial’ snail mail I received.

20160103_202512  20160103_203008

Back to charities! Who were the worst offenders? The top six charities by snail mail volume are as follows, with links to pictures of their offering, and what percentage of their money they spend on fundraising:

Charity Fundraising
Humane Society (31 pieces) 19.1%
World Wildlife Fund (21 pieces) 18.9%
American Red Cross (21 pieces) 6.0%
USO (16 pieces) 26.5%
JDRF (13 pieces) 12.8%
Doctors Without Borders (11 pieces) 10.3%

Note that I have donated to the top five charities on that list, but never donated to Doctors Without Borders. Considering that I received snail mail from around 75 different charities, almost three times as many as I donated to in 2014, that is certainly interesting. Also note that many charities were right on the heels of 11 pieces, but I had to pick an arbitrary amount to highlight above. Charities should note something very important! This level of snail mail is a waste of money, and does not encourage some contributors to keep donating. I understand that direct mail campaigns are a huge source of revenue, but finding a happy medium for the amount of requests versus the expected income would be appreciated. Someone donating $25 to a charity and receiving 30 pieces of mail, is watching $14.70 of that money go to postage alone (for charities that are paying full price, which some do). That money should be spent on program causes, not soliciting for more money that will likely be wasted.

Now the fun bits. Which charities sent me money? Yes… a long-standing gimmick of some charities is to send some level of money, typically under a dollar, and ask that you send them more back. They usually want 25 – 1000% more of course. This gimmick is frowned upon by many people, and for good reason. First, it is just that, a gimmick. Second, for charities that put a nickel, dime, or quarter in the envelope, they are quite literally throwing money away. Many people are tired of receiving the snail mail spam and quickly throw it away, coin or not. Even March of Dimes no longer sends a token dime in the mail. In 2015, Paralyzed Veterans of America sent $0.15 (3 nickels), FINCA sent $0.10 (2 nickels), Unicef sent $0.10 (2 nickels), Sierra Club sent $0.30 (6 nickels), National Law Enforcement Officers Memorial Fund sent $1.50 (6 quarters), Keepers of the Wild sent $0.50 (1 half dollar), Leukemia & Lymphoma Society sent $0.05 (1 nickel), and sent $0.05 (1 nickel). All said and done, I cleared $2.75!


Next, what is it about mailing address labels and charities? I mean seriously… almost every single one thinks that sending me such labels is a ‘gift’. Do these people not understand that the average adult in 2015 does not send that many written letters? Even people who send in checks to pay bills don’t generate too much snail mail. Yet, the National Wildlife Federation sent me enough address labels to mail a letter a day, every day of the year. Amnesty International sent 96 mailing labels in a single piece of snail mail… and sent three of those mails. USO sent 81 address labels in a single envelope. I didn’t have the patience to try to count them all individually, but I did take the time to count 154 sheets of address labels, weighing 558 grams, or 1.23 pounds.

20160103_labels1  20160103_labels2

Membership cards are another popular thing to send, because membership apparently has its privileges? By privileges, I mean it grants you absolutely nothing. Yet, dozens of charities want you to carry that card around… yet none of them send you a new, bigger wallet. National Wildlife Federation sent me four membership cards in a single year, and Sierra Club sent me six. I have not donated to either.


If that isn’t odd enough, the support stickers that are sent out are certainly interesting! In addition to the usual “Don’t give me a speeding ticket” stickers, that you receive from supporting law enforcement organizations, I received a NRA 2015 member sticker! Despite never donating to the NRA, or contacting them. It makes me wonder if that is how the NRA claims such high membership numbers. Is it based on who is on their mail list?


Moving on to stamps! Yes, postage stamps. A few charities will include a stamp in their offering, with the intent that you use it to mail them more money. While this is a variation of the ‘coin’ gimmick, the real tragedy is that some nonprofits have figured out the USPS offers special rates for charity-related mail, and others have not. The USO understands this, as their Self-addressed Stamped Envelopes (SASE) include five 1-cent stamps on them, while the Human Society of America sends a SASE with a forever stamp. Regardless, all of the stamps included, on an envelope or not, can be re-purposed since they have not been used to send mail yet! In 2015, I received two Forever stamps, one Postcard stamp, nine 10-cent stamps, one 4-cent stamp, seven 3-cent stamps, three 2-cent stamps, and 85 1-cent stamps. That is $3.39 in stamps! If they came in a sealed roll, I could return them to the post office for cash per old hacker legend. Alas, I can just tape them onto an envelope as needed, and they are still valid stamps.


To wrap this up, what else did I get? Nine calendars and 26 writing pads, apparently for the silly number of letters these charities think I write, that demand thousands of mailing address labels.

20160103_calendars  20160103_paper_pads

I also got card sets (again, maybe explains the address label flood?), magnets, random swag, calendars and paperwork, as well as X-mas specific gifts:

20160103_cards  20160103_magnets  20160103_paperwork  20160103_swag  20160103_xmas

And finally, two bits of pure amusement. First, ‘Doctors Without Borders’ seems to be fond of sending us Americans world maps. Yes, yes.. I know, Americans suck at Geography. But sending us world maps that we’re to hang up on our wall, of our first-world decorated establishments where style and the artist’s name matters more than actual living enjoyment? Please. But I get you, send the maps, rub it in that we’re a nation of stupid.


Second, all of this snail mail spam… can you opt out of it? Nope. At least, none of it includes any wording or forms or telephone numbers to remove yourself from the snail mail lists. For the charities that call as often as they send snail mail? If you complain enough, and trust me, ‘enough’ is relative… they will eventually opt you out. But then? They send you a not-so-form letter. In the case of March of Dimes, they write:

“… we are writing to you because of your request not to be contacted by telephone… please donate $25 to us”

I donated $5 to them on 2014-06-04, meaning it was “target of opportunity” (e.g. grocery store, or some case where someone asked me to donate). This was not a yearly contribution I make to half a dozen or more charities that I feel are making a difference. In the span of half a year, March of Dimes called me enough that I got fed up with them and specifically asked to be removed from their spam call list. They did as I asked! But then… reverted to snail mail to ask me for more money.

In summary, U.S.-based charities are living in the 80’s. They send pads of paper and mail address labels, on the heels of you telling them “quit harassing me”. They send stamps and currency in a desperate attempt to guilt you into donations. Some send you as many as 30 pieces of snail mail in a calendar year, on the back of a $50 donation given to a specific sub-group of their organization (e.g. in my case the Prairie Dog Coalition, a part of the Humane Society). If I want to find out if the Prairie Dog Coalition printed a new token adoption certificate, I e-mail the director. And Lindsey responds to me personally every single time. That is what I want to support… both prairie dogs in jeopardy, and the director of a non-profit group who takes the time to respond to my emails, helping me to support their cause in the specific way I want to. This is a model for how charities should work in 2015/2016. Instead, most are still stuck in the early ’80s, sending me dead trees that I don’t need or want.

If the director of a non-profit can’t reply to you, or even sign that Christmas card they sent, while asking for more money? That is bad. They should task their staff to send personal replies and sign such cards. It doesn’t matter what name ends up on it; it matters that someone on the other side appreciates my contribution, and takes the 30 seconds to read and reply to me or scribble their mark. In fact, I think that might be a great criteria for charities I support in 2016. No personal contact? Then maybe the charity is too big and has plenty of money coming in. Maybe they don’t need my donation. Instead, I can give to local charities, which I have started focusing on, where I can see exactly how my money is used, and even stop by and talk to the ‘director’ or staff when I want. I put that term in quotes because it is a misleading title for small local charities, for someone who is often knee-deep in mud or animal poo, doing their best to make the charity work. With that personal connection, especially when I find myself volunteering or visiting, then I feel very comfortable telling friends, family, or social media about their cause and encourage them to donate as well.


What the Harlem Globetrotters Really Teach Kids

A couple weeks ago, friends and I attended a Harlem Globetrotters game. It started out as a joke over football about underdog teams, when my friend Amanda reminded me of the poor Washington Generals. If that name rings a bell but you can’t quite place it, they are the go-to team that plays the Harlem Globetrotters. From their web page: “The Washington Generals are the most well known and recognized opponents of the World Famous Harlem Globetrotters.” The header graphic even shows a chalkboard and their amazing number of losses, with a single win. We figured it would be fun to attend a Globetrotters game and root for the Generals.

This began the descent into the ego and madness that is the Harlem Globetrotters. As a kid, you only remember black basketball players doing tricks, spinning balls, doing fancy dunks, and always winning. Yes, I used “black” as an an adjective. Show me a “white” Globetrotter. This exclusion actually carries forward to present day. There are still no white Harlem Globetrotters, despite white people living in Harlem. In 2014, they still proudly boast about their ninth black female Globetrotter taking the court several times throughout the game, turning her into a feature. But no whites. We’ll get back to that in a bit.

The Generals’ web site ‘Player Opportunities‘ page has an important reminder, and why we showed up to root for them. “The Generals serve an important role in the Globetrotters tours and realize the final score does not always define winners.” That is awesome, and really sums up what kids sports should be about. While I don’t think every player in a league deserves a trophy, I think that kids should be reminded that effort matters, even if they didn’t win.

But now, we have to back up again. I went to order the tickets for the three of us and noticed something. The Harlem Globetrotters were playing! Err, OK I got that. But who were they playing? It wasn’t listed. I checked the Harlem Globetrotter page hoping their line-up would have it. Nope. I Tweeted to them asking who they were playing, asking they bring the Generals. To this day, the assholes never answered. That level of disrespect is very telling about the organization. So I did what any logical fan would do, I called the ticket-seller and asked. I spoke with a nice young lady who checked her information and was surprised to find she couldn’t answer my question. She took down my information and said she would get to the bottom of it by calling the Globetrotter organization to find out. Hours later she called back and reported that the Globetrotters would be facing the “World All Stars”. Hrm, never heard of them, so Google their name. I don’t see anything front page indicating that is a viable option. Tack on the word “basketball” and they only show up as the 5th result in a loss to the Globetrotters. What kind of shitty game is this where the opponents aren’t even mentioned anywhere? Where I can’t easily find out they are playing their almost 100-year rival?

The All Stars don’t have a web site. I can’t order a jersey to wear to support them. Other than “lost to the Globetrotters”, they are nothing. “What the shit is that?!

So we did what any fan would do. We ordered and wore our Washington Generals clothing to the game, and we made signs to support the All Stars. To be effective, we had to make sure they would see us, so we got court-side seats.


Granted, being the cheapskate I am, there was one row of people before us. But at a Globetrotter game, that is actually a layer of protection from being drug on the court and embarrassed by them. From courtside, we were in a position to support our team.


Wow, they didn’t look thrilled to be here. The game started out all about the Globetrotters. They did their warm up, their comedy banter, got introduced one-by-one. When it came time for the All Stars to come in, they barely got their name mentioned. Both teams warmed up to get ready for the game. Just before the game started, Big Easy, with a microphone pinned to his jersey so the entire stadium could hear him, taunted the All Stars. The only taunt I remember was him pointing out that one of the five All Stars on the court was white, mocked him for it, and ended by laughing at him. The other nine players on the court were black. Do I need to remind anyone the definition of racism and that it goes every direction?

The game proceeded, now with ‘fan voted rules’ that were put into effect each quarter. This included a “trick shot challenge” and a “special jersey double point” benefit. So on top of the four point rings (yes, these games have four-point shots), the player wearing the red jersey could do a four-point shot and gain eight points for it. The All Stars tried several times but only made one of them. As best I recall, that was one more than the ‘talented’ Globetrotters. Speaking of, the world famous Globetrotters have a second career as brick layers if it comes down to it. Those dumbasses threw up more bricks and missed more dunks than I have seen in my life. Yes, they missed set-up dunks where the other team wasn’t defending. Absolutely pathetic.

Halftime rolls around and the Globetrotter mascot, Globie, comes out. He did his little dance routine and entertained the crowd.


As he left the court, he pointed at Amanda and my Generals’ attire and shook his head. For a brief moment I thought he might take a diving leap and try to tackle us. He seemed pretty pissed we were there supporting the opposite team. That said, during the “trick shot challenge” quarter, the coach of the All Stars noticed us and pointed to us twice smiling. At least someone recognized our efforts and appreciated some support from the crowd.

During the game, we also got to witness a variety of things that ranged from “what…” to “oh jesus avert your eyes”. It started with an All Star going to make a slam dunk, only to find the Globetrotters stripped him of his shorts and jersey in the process. Leaving him in his underwear to scream out loud and run in a panicked manner toward the locker room. The Globetrotters followed this up with their “slow-mo replay” gag that not only had them reaching between an All Star’s legs and sexually assaulting him, but doing it repeatedly in slow motion. But that was absolutely nothing compared to the half-time show.

I honestly could not watch a majority of the show because of social “norms”. Seriously. They had four local dance troupes doing their dance routines to music. Each wave was full of underage girls wearing revealing skin-tight outfits, doing sexually suggestive dances. Some of their moves and gestures I have seen in strip clubs. I feared that if I watched them like any other person, someone might think me a sexual deviant in all the wrong ways. That was the most uncomfortable 20 minutes I have suffered in years. Back to basketball…

While the All Stars did their share of missing shots, like the Globetrotters, I started to take notice of the scoreboard more often in hopes they would catch up. That is when I noticed that the rigged game is more rigged than I realized. Sure, we know they are told to lose the game and that is expected. The ego-filled Globetrotters have to win, except that one time where the Generals beat them (and we’d love to know the story behind that!). Yes, the Generals’ sweatshirt I wear proudly displays their motto, “Over 12,000 losses since 1926!” Remember the four-point shots, and the bonus with the red jersey due to the special per-quarter rule announced shortly before? At least one time when the All Stars scored an eight-point shot, they were only credited with four. Because the Globetrotters were throwing up so many bricks, and missing so many set-up dunks, the score-man had to further help throw the game.

What does that leave us with?


The Harlem Globetrotters holding the bag. Kids show up and have a fun time. In reality, they leave with a long list of subtle messages driven into their head. That racism is OK because it is humorous. That the underdog can’t win, and that the name-brand will cheat in multiple ways to win. That being a female in this sport is a ‘rare thing’ and makes you a two-minute highlight during the game. That physically and sexually assaulting the opposing team is humor, not a bad thing. Is that really what our kids should be learning growing up? I don’t think so. If anyone else did this on the school playground, they might face being expelled.

That is why I proudly show up and support the opponents. I even retained the serves of a local artist to make sure my signs were high-quality, because I care. Washington Generals or All Stars, doesn’t matter. They need our support to help them win their second game in almost one-hundred years. I encourage you to attend your next Globetrotter game, wave signs, and proudly support the other team.




An Open Letter to @Twitter

Dear Twitter,

You run one of the largest and most visible social network sites on the Internet, highly visible to millions that don’t even have Internet access due to media saturation and today’s lexicon. And you suck at it. Despite your recent IPO and suggestions that you finally figured out how to make money off this beast you have created, you still don’t seem to understand the first thing about the monster you created. Namely, how your users actually use the service. Your overall user experience (UX) is horrible. In no particular order, a few of the incidents and poor decisions that support my case:

  • The dreaded “Twitter unfollow bug“. This has been plaguing your platform for many years, and you still have yet to solve it. Worse, you default to sending us junk mail asking if we know people, trying to get us to follow more people. These two things are at odds with each other.
  • When you finally made it easy for a user to download an archive of their tweets, you sent a URL that was broken. Only a fraction of your users could see that you were HTML encoding an & sign in one place, and manually fixing it would allow the download. The fact you missed this shows that you essentially have no Quality Assurance (QA) testing in house.
  • Your emails are annoying. I specifically opted not to receive them in the past, only to have you revert my decision, the subjects are laughable. Not only are they written with no thought to how they appear outside your world, you seemingly can’t figure out the purpose of a profile or make brain-dead assumptions about all users.
  • Subject: Do you know cyberwar on Twitter? <– errr…
    Subject: Twitter followers want to purchase from your business! <– hot damn. now I need a business plan…

  • Twitter on a Tab? No thanks. When opting not to receive audible notifications, your software ignored that and kept dinging at me happily. No means no. Again, in your attempt to get more people using your service, you completely forget the basics of the UX and that all software should receive some QA time.
  • One of the most frustrating problems recently, is your constantly changing decision on how to handle URLs in direct messages. One day, they aren’t allowed without warning. The next day they work again. Days later, now I can’t send the same URL to the same person because I have “already said that”, even when the accompanying text is different. News flash: some web sites do not have static content on their front page. If you need an example, check out this web page: If you can’t figure out that I am friends with someone via the mutual follow, or the fact we have conversed via DM for months (or years in some cases) and that we may want to send URLs to each other, just get out of this business.
  • Your inability to fight spam on your service has moved beyond a running joke and on to the “sad” category. You still cannot detect profiles that are obviously spam and have every indication of being easily pegged by a half-way intelligent algorithm. At least twice, you have identified Twitpic as a “hostile” service, calling it “malware” once. All the while allowing these spam profiles to send sketchy links.

I fully understand that the size of your network makes some of this challenging. But this is also on you, because you opted not to address these problems years ago when it was more manageable. Instead of fixing these recurring nuisances with a solution that scales, you let them languish until they are beasts that are more difficult to vanquish. The list above is just the ones that come to mind quickly this morning.

In summary, you suck as social media. You don’t care about your users beyond figuring a way to profit directly off of them. In case it has slipped your mind, you need us. We are your business foundation. Figure a way to profit off of us! Just do so while occasionally paying attention to your user base please.



Quit volunteering my time.

Every week someone, or several people, think their 140 characters is worth me spending an hour+ writing an article for them. They noticed some plagiarized text or think someone is a fraud, and they turn around and expect me to research and document it. For years now, I get mail to Errata with a single link or a couple lines of commentary, along with the expectation that is all that is needed. Voila! An article will magically appear. These days, I don’t even get an email, just a Tweet or two.

I’ve said it before, many times. I’ve given an entire presentation on the project twice. I’ve told people in person, in email, and on Twitter. For the last time:

Errata was designed to be a community project. That’s “crowd-sourced” for you new people. A couple people serve as a clearinghouse for well-written, well-documented articles. No names on the articles because if they are properly referenced then attribution is not an issue. Then the clearinghouse stands up to defend the work as needed. Simple concept.

If you are in the security industry and cannot write an Errata article, get the fuck out now. You are simply too stupid and too dangerous to be advising anyone on something so important as security. Sure the articles take a little time because they have to be solid on making logical points, being organized, and citing public information that justifies any accusations or conclusions. But anyone that does penetration testing or auditing or system maintenance should be familiar with documentation along these lines. They are not difficult to write, they are time consuming.

If it bothers you that someone plagiarized or is selling snake oil, and it should, then take the time to write your own blog. Enough of us have stood up and defended our work. We’ve shown that you can do it, quite safely, if you are responsible in your work. If you still feel it risky, write the article and send it over. Do the leg work, we’ll provide the safety net.

Until you send such articles, don’t volunteer me to write them.


Any wonder why people use images without attribution?

Found the perfect image for my @BSidesDE talk. Noticed in the corner a tiny ‘GettyImages’ watermark, so I went to their site to see how much it would cost to license. Because I happen to know they require a license… which I imagine 99.9% of the modern Internet world does not. The auto-pricing options did not seem to match my intended use, a regional talk to maybe 75 people. I chatted with a rep to ask if there was a better price than $495 quoted by the web site.

Welcome! A representative will be with you shortly. For your security, do not give out your credit card number or other sensitive personal data during a Live Chat session.
You are now chatting with Andy.
Andy: Hello! How can I help you today?
Brian Martin: When selecting the pricing options, the drop down listing possible uses does not include anything close to what I want to use the image for.
Andy: How do you plan to use the image?
Brian Martin: For a regional public conference (free to attend), I am not being compensated for the talk.
Andy: Okay, will it be in a presentation?
Brian Martin: Correct
Andy: Okay, we do have a license for that. What image were you interested in?
Brian Martin:
Brian Martin: That is an IBM 7094 if you would like to update the information =)
Andy: Michelle Williams at Beyonce’s bday party?
Brian Martin: No…
Andy: Okay, I must have pulled up the wrong image
Brian Martin:
Brian Martin: “woman at computer control panel 1960 high res”
Andy: Okay, woman at her computer panel?
Brian Martin: yes
Andy: yes, I see it.
Andy: Okay, so this usage will fall under our External Presentation license
Andy: You can find that under our Marketing Use category
Brian Martin: OK, that was not on the drop down list. How much is it to use the image for such a purpose?
Brian Martin: OK, but this is not marketing at all. Just a talk about the history of software vulnerabilities. I am with a 501c3
Andy: How many people do you think will be ata this conference?
Andy: Right, but it’s a public conference right? Not just your company?
Brian Martin: think they are expecting 150 max across two days, maybe 75 max in my presentation
Brian Martin: Correct
Andy: Okay. Even though it isn’t marketing, that is the correct license for this use.
Brian Martin: OK, how much is that?
Andy: Pricing for that license comes out to be $685
Brian Martin: Unbelievable
Andy: Is that anywhere near your budget for this project?
Brian Martin: Since GettyImages hates 501c3 non-profit work for the advocacy of better computer security, I will have to find an alternate image. Thank you for your time.
Andy: No problem. Enjoy the rest of your evening!
Andy: Thank you for chatting today. We value your feedback. Please click the “Close” button at top right to answer a few questions about your experience with us today.
Thank you for chatting with us. Please click the “Close” button on the top right of the chat window to tell us how we did today.

I understand they want to make a profit, but without more granular licensing, do they have any doubt people freely use their images in presentations or web sites, simply cropping out the watermark?

If I had used GettyImages for each image in my presentation, I would be looking at a convenient rate of about $34,250.


Android & Granular Permissions

For Android-based phone owners, you are no doubt passingly familiar with the permission system that governs applications and what they can do. Every time you install an application, the device will ask you if you accept a list of permissions that it says are required for it to run. If you want the app, you must accept the permissions no matter what they are.

In theory, users can simply decline an app that requires excessive permissions and find an alternative. After all, there are over 1 million apps available right? Many won’t even read the permissions, while others may casually dismiss them because they are clearly stated, and any app in the Google Play store has to be legitimate!

The problem is that even the most simple and legitimate apps may request a variety of permissions that are not needed to make the program run:

Screenshot_2013-08-22-19-09-55   Screenshot_2013-08-23-19-12-04

A classic example of an application requesting permissions that aren’t required can be seen in the T-Mobile MyAccount app. The app is designed to give a user information about their T-Mobile cellular account, nothing else. This should take nothing more than permission to send and receive network data from their servers. Instead, the app has traditionally wanted extra permissions that are excessive. Worse, the latest version wants more, including “System tools” that give the app even more control over the phone. As T-Mobile is my provider and I don’t want to call them to find out account information, I have to accept their overly broad permissions. There is no alternative application in this case.

The second example is Avast Mobile Security & Antivirus that expects keys to the kingdome. There is a bit of irony that a security app wants enough permissions to completely own your phone, the same threat it claims to protect you from.

The Alternative

The obvious solution to this problem is setting it up so permissions are granular. This would allow a user to deny a specific permission while allowing others. If denying a specific permission causes the application to stop functioning, the user could enable it again if desired.

How hard is it to implement this for Google and Android? Trivial. This is readily apparent in that phones that have been jailbroken already allow it. Android users have requested this feature from Google via Ticket 3778. If you are an Android user and want to see this implemented, load the ticket and ‘star it’ (click the star on the upper left) to indicate you want it. If Google opts not to implement that one, there is a similar feature request (Ticket 6266) that would give a set of optional permissions an app wants, but are not required to function.

Until we get granular permissions, the concept of security in the context of applications will be a lost cause.


T-Mobile’s Poor Implementation Works Against Amber Alerts

Just over a month ago, I received a pop-up alert on my Samsung Galaxy 3 (via T-Mobile) with a standard, and persistent, emergency broadcast noise…

Emergency alert
Longmont, CO AMBER Alert: LIC/245FLJ (CO) 2001 Blue Ford F350 Pickup truck
Type: AMBER Alert

The noise stopped briefly, then picked back up again until I tapped “OK”. This is a radical departure from the previous product behavior and service provided. Presumably this came with the latest Android update T-Mobile pushed shortly before (May 13).

No warning about this change, no indication where the alerts are coming from, no explanation on criteria for receiving (Longmont is almost 40 miles north of me, outside a metropolis of ~ 4.5 million), no indication of how often we receive them, a repeating noise that we have to acknowledge (as opposed to SMS that gives a noise/vibration one time only), etc. I’m not opposed to getting such warnings but I should be able to opt in and control the settings for how it is displayed.

One hour later, I received the same alert. That is intrusive and annoying. When it happened, I thought “if this shit happened at night, it would wake me up and force me to get up to ack the alert and turn off the phone” and just that happened. Wednesday early morning, at 5:20AM I received another. As I thought, it woke me, given the emergency sound and vibrating on my desk.


Looking at the SMS options that control this is also interesting. I now have to receive “Presidential Alerts” and cannot opt out of them. There are also Imminent Extreme alerts, Imminent Serious alerts, and the Amber alerts that I have received twice now. What are the others, and what differentiates them? When was the last time a Presidential broadcast was sent to everyone’s email address or home phone number? Absurd you say, why is it all of a sudden OK to send them to every subscriber’s cell phone?

What bothers me the most is that the Amber alerts, and presumably the others, do not adhere to the rest of my SMS settings. When I get an SMS, it vibrates once, makes an audible noise of my choice once, and sits idle until I check the phone. Amber alerts come up with a different sound; one that repeats until I acknowledge it.


This is ridiculous. I want to receive them, but on my terms. The current setup and being woken at five in the morning forced me to disable the Amber alerts. T-mobile’s crappy technical implementation has worked contrary to their intentions by annoying customers into disabling them. This works against the entire purpose of having the alerts pushed via cell phones.


Customer Service; Why I am mad before we start talking…

Back in the early ’90s, as part of my interest in phone systems and BBSs, friends and I looked at creating our own voice mail system. Back in the day, voice mail was still a developing technology. It wasn’t just about calling a number and leaving a message if no one answered. Hackers and phreaks used voice mail for diverting (via their outdial features), trading information (hijacking legit voice mail), and setting up their own hacker voice mail systems with menu systems that led to current information about phone hacking information. These systems could understand DTMF and had fairly simple, if not deep menu systems.

Jump to today with elaborate phone support systems that tie into databases, transfer calls across continents within seconds, and offer a variety of features. From 1993 to 2013, that gives 20 years of advancement and innovation. When a current support system has issues, it pisses me off. I get that today’s systems are more advanced, but we were already doing some of that functionality as a hobby 20 years ago. Largely, the issue is the standard Quality Assurance (QA) issue; the company does not test the system from the customer perspective.

To illustrate this, and to explain why I am frequently pissed off beyond words by the time the nice support representative says “hello”, I will use CenturyLink tech support (800-247-7285) as an example. While there are variations between support lines, this one is indicative of the problems that routinely set me off.

The Call

Welcome to Centurylink… For English please stay on the line… [Spanish]… pause

What happened to giving native speakers a ‘1’ to bypass this? Don’t make me wait for a secondary language message.

I have your phone number as… (identify my #) … one moment while i retrieve your account

The first time I enter my phone number. From here, the system accesses my account and has all of my information. They provide my phone service, long distance, and Internet connection.

Next, I am given options and select ‘Internet Repair’.

I have your account information… please hold while I evaluate your service… there doesn’t appear to be any open repair tickets. If you can’t connect to the Internet, press 1.

Next, it gives me an option to perform some automated tests via the voice prompt system, or I can choose a representative, which I do.

Please enter your phone number where you can be reached.

The second time I have to enter my phone number. I am glad systems ask for a call-back number in case of disconnection, but the phone company knows my number.

You can quickly chat online from a computer with a representative by using

I just selected “Internet Repair”, and the first advice they give me is a web site I can’t access because I have no Internet service.

Your account information is confidential and protected by law. Advise our agent if you prefer we don’t use it to market the products OR repair service. This has no effect on the service or offers we’ll provide.

What does this mean exactly? That if I don’t want them to “market the products” to me, then I also don’t get my service repaired? Yet, it has no effect on the service they will provide? This level of double-speak is infuriating.

While on hold waiting for a representative…

There is no limit to what you can do with high-speed internet from Century Link. Imagine an Internet up to 40 megabytes, now they can be yours…

Seriously? Not only am I calling because my service isn’t working, you taunt me with this? For the lat 10 years, I have had 7mb service with a whopping 0.8mb upload speed. Every six months, I call and ask if they can offer faster. When CenturyLink put up billboards advertising up to 40mb two miles from my place, they still did not offer it. Years later, when a friend that lives 100 yards from me can get it, I still can’t. I have asked for a business connection and offered to pay more, still nothing.

After several minutes and the repeated frustrations above, you finally come on the line. You greet yourself, then promptly ask me for my name, phone number (third time), billing address, and last four of my social security number.

That, is why I am always mad when I speak to you.