New stickers! [Big Update!]

2017-10-12 Update: A kind benefactor and generous soul in the industry has sent $126 to me, to cover the cost of the entire sticker batch. Pretty sure this was their way of saying “you write too much, not reading your stupid blog”. In return, I am sending them an unsolicited envelope or box of shit (their address was part of the conditions of me accepting the money). Per their wishes, I am also now giving away the next ~ 100 stickers. I had already sold 33 and sent out an additional 26 to long-time supporters and friends. So… to share someone else’s wealth; email me your address if you’d like a sticker. Just one of the new attrition stickers, and I will probably throw in some other random sticker or two. First 100 or so to mail get them. email jericho@ my domain / twitter handle. If you can’t figure that out, no sticker for you.

In the last few weeks, I randomly poked Twitter to see who wanted stickers. A day later, I sent ~ 25 people an envelope of stickers, including an original Attrition sticker I made… 5 years ago? And a lot of hot new stickers from Risk Based Security. Long time fan of Attrition, Ming Chow, received an unsolicited Box of Shit. Once he received it, he posted a great video and some pictures of the unboxing so you can experience it too! I sent envelopes to Canada, the United Kingdom, Germany, Ethiopia, Australia, and Zimbabwe even! I also sent a large envelope of random flat junk to a con organizer in India, so he had a few give-aways for the attendees. That night of “i’ll mail a few stickers out…” ended up being ~ $70, but I am sure it brought a world of joy to the recipients! Long story short… the original stickers are finally gone.

So… I figured it was time to create a new batch, a better batch. Like last time, a somewhat limited batch, of only 300 stickers. I think the original batch was maybe 1,000 stickers, but B&W, so they lasted. This batch is smaller, but color (SCIENCE)! Due to recent changes in my life, I can’t throw money at drugs, hookers, and stickers so flagrantly. As such, I will be selling off part of this batch to recoup the cost of making them. This is good for everyone, especially me, but also means that if they go fast I am more likely to do this again. My goal is not to profit on this really, just to offset the cost so that I sell some and am free to give away the rest… likely five years down the road in a rum-fueled Twitter night. If you really want a sticker, best to grab one now. The last sticker give-away was over a couple hours one night, and many replied a day later “hey wait, I want some!” This is where you Google “race condition“.

In the interest of transparency, here are the numbers. You can figure out if this is a scam or if the stickers are overpriced.

300 Stickers
126 Base Cost (USD)

0.42 per sticker
0.03 per envelope
0.49 per stamp (domestic)
1.10 per stamp (international) =
0.94 base cost to mail one sticker domestically, or 1.55 to mail one sticker internationally

Like any legitimate retailer, I get to add “shipping and handling“! Since shipping costs are above, the ‘handling’ fee is where I get my real markup or something. If I sell 150 stickers for $2 each, then I will make $113 if half are domestic and half are international. Pretty sure more will be domestic, meaning I am closer to the $126 base cost of the stickers. To make this easier on me, since I still have to write out the envelope, get stamps, and curse you while doing it all… bottom line? I will sell 150 stickers at the following price points:

$2 for one new attrition sticker (domestic)
$3 for one new attrition sticker (international)

If you want additional stickers, I will do up to three per person, but each additional sticker is $1 though (greedy mofos). I’ll make a few bucks this way, but maybe not even enough to recoup the cost of sending out the last batch of stickers, boxes, and uber-envelopes. I’ll also be more prone to create a new batch of stickers in the future if this works. No promises. If you are still reading, then you get the information you really need! If you want new stickers, pictured below, here is the price guide:

$2 for one new attrition sticker (domestic)
$3 for two new attrition stickers (domestic)
$4 for three new attrition stickers (domestic)

$3 for one new attrition sticker (international)
$4 for two new attrition stickers (international)
$5 for three new attrition stickers (international)

If you are still interested, send the money to paypalus_at_attrition_dot_org with some indication this is for ‘stickers‘ as opposed to “hot cyber 1993 style“, and include a shipping address. If you are still concerned that I might make a few bucks, consider I also donated over $10,000 USD to charity in the last four years, so fuck you. Finally, if you do purchase any, they will get mailed out fairly quick, but I won’t be in line at the post office at 8am like a savage. Since I have no way to control this via a blog and Paypal, and I am too lazy to do this via eBay, if you are too late in ordering and I have already sold the first 150, I will refund your money. I’ll also try to update this blog to indicate the status of sales. If enough of you are crazy and I come home tomorrow night to way more than 150 stickers sold, I’ll probably send them all out and just order a 2nd batch of these.

Selling out, a bit at a time…

I sold out when I signed up for Google, Gmail, Facebook, Twitter… might as well sell out a bit more and use WordPress. While guest-blogging recently, I found out that the managed WP site is actually pretty well done for a stable, mostly intuitive blogging platform. This will also help ensure my spew stays around for years to come, even if goes away for some reason. In reality, I won’t run blog software on that domain, and doing static HTML for every little quick blog, gripe, or musing is not efficient.

Time permitting, I may actually post and backdate content from other sources, from the previous years as well, since it is so spread out.

Selling out one more notch…

over a year ago, i created a twitter account under ‘attritionorg‘. it is shared with others on the system, but i do most of the tweets. it was a break down from my previous notion of avoiding social media. i figured out how to use twitter for my own benefit; not only as a source of information, but a new method to poke small bee nests. i now really appreciate the value of being able to throw stones at charlatans and large security companies, who now feel the need to be mindful of their social presence. that means, often times replying to me and trying to put out small fires i set once in a while.

weeks/months ago, i broke down and created a ‘real’ Facebook account (real name/pic/info attached), started following close friends and others i have known for some time, even if not as close these days. i even started playing a few of the various browser games to see what millions of people found so fun. while i do see the appeal, i also see countless bugs and annoyances that infuriate me.

today, i bought a smart phone. after years of getting by just fine with my RAZR, i sold out further and got a phone that does much more than phone calls. while my old phone worked, the service was pretty horrible, yet served its purpose. i probably told three dozen people over the last year that when i left my computer, i didn’t want to have one on me. that getting away from the computer was just that. so why the change of heart?

convenience. watching friends be able to google a restaurant, pull up maps of the local area or check e-mail has merits. while i don’t have any notion of checking e-mail while out and about, the ability to get to it if needed is helpful. having a real camera will also be nice; no need to carry the small camera in addition to the old phone. the ability to carry a sizable collection of music and not lug around an ipod is even better.

who knows, perhaps this phone will encourage me to get out even more. help sever various senses of obligation i sometimes feel that lead me to check online more often than i need to.

Selling out, the process continues…

This dose of selling out was beneficial in many ways. First, by joining LinkedIn, I could see more profile information of people I was curious about. This greatly assisted some Errata research to start. In the last year or so, I turned my profile into a ‘real’ one. One caveat; I only list hobby experience on the profile. CFP review, my work on, my work for OSF including OSVDB, etc. With a ‘real’ profile, but not my real name, I was also curious who would link to me. Over time, many have, and most have had fun endorsing me for creative things. All in all, I sold out right on this one.

The Newbie’s Guide to Fear, Uncertainty, and Doubt


Fear, Uncertainty and Doubt (FUD). We all live with it, and we’re all accustomed to it at one level or another: “Do I have enough insurance?”; “Did I leave the coffee pot on when I left for work this morning?”; “Will my proposal be accepted by management?” FUD is simply a facet of life; something with which we all must contend to the best of our abilities.

FUD is yet another method often employed by a party (typically a vendor in our context) to help propogate their product or service. In short, this is acheived by attempting to instill a sense of fear, uncertainty or doubt in the minds of consumers regarding a competitor’s product. By instilling FUD in the minds of consumers, the vendor obliquely promises dire consequences if the intended target does not buy their goods.

The obvious fallacy with this approach is that a vendor’s product or service (P&S) is not sold on it’s own merit; rather it is sold as a “reasonable alternative”. FUD’s primary goal is to scare consumers away from using superior P&S in favor of inferior (yet often more recognized) P&S.

According to the New Hackers Dictionary (aka the Jargon file), FUD is defined as: FUD /fuhd/ n.:

Defined by Gene Amdahl after he left IBM to found his own company: “FUD is the fear, uncertainty, and doubt that IBM sales people instill in the minds of potential customers who might be considering [Amdahl] products.” The idea, of course, was to persuade them to go with safe IBM gear rather than with competitors’ equipment. This implicit coercion was traditionally accomplished by promising that Good Things would happen to people who stuck with IBM, but Dark Shadows loomed over the future of competitors’ equipment or software. See IBM. After 1990 the term FUD was associated increasingly frequently with Microsoft, and has become generalized to refer to any kind of disinformation used as a competitive weapon. (1)
The past few years have brought a dramatic increase in the FUD tactic. Not only are large companies using it to help stifle new and upcoming competition, in addition, uneducated journalists are wielding it like a four year old with a loaded gun: unaware of the danger, or of the consequences.

The use of FUD in a marketing campaign is often subtle and hard to spot. Well written FUD will blend in among facts and be difficult to discern. Worse, this underhanded tactic is often problematic in trying to counter. Rather than fighting against incorrect facts or misguided opinions, you find yourself battling vague assertions, self-serving maxims, and half-truths.

Worse yet is spotting the FUD campaign in the first place. Because it is an effective weapon based on half-truths, distinguishing it from legitimate opinion may be difficult. For an excellent paper and well documented examples of this, consult the paper titled ‘FUD 101‘. In this document, Mr. Green outlines several elements and examples of Microsoft using a FUD campaign against the Linux Community.

In today’s world of articles and press releases, we can identify several levels of FUD. This is important as it tells us how to respond to the ‘news’. The more FUD, the more skepticism that should be given to it. The less FUD, the better the chance it was just uneducated conclusions that lead to the text.

Twelve Elements of FUD

To help newcomers to the world of FUD, I have come up with a list of twelve elements that can and are used. In order to make this even easier for the consumer, I have devised a scale to help qualify the ‘FUD level’ used in a particular piece of writing. While this delineation is by no means an exact science, it can help put into perspective the subtle technique of disinformation.

a) Urgency

1) Buy our product now to avoid headache tomorrow! While this may be appealing initially, this often comes at the sacrifice of features or performance. Yes, it may be easy to use, but odds are it does a third of what competitor’s products do.

2) Buy our product now because tomorrow our product will kick ass! The promise of future development (also known as ‘vaporware’) encourages you to purchase the product now in order to receive future upgrades that will be better than what is on the market now. Obviously, this does nothing but hurt you in the here and now.

b) Supporters

3) No quoted names. In this world of technology professionals, it is easy to find someone who is a) qualified, b) supportive of the product and c) willing to go on the record. Anytime an article comes out that claims a P&S is desired or supported, but lacks names to back those claims, should be questioned. Why couldn’t they find at least one person to go on record endorsing the product?

4) Quoting known frauds and charlatans. Worse than quoting no one is to quote frauds. Rather than not finding someone to endorse a P&S, they had to turn to someone that is well known for NOT knowing technology. These people will often go on the record endorsing anything if it propogates their name or company, or leads to them receiving some kind of incentive (read: cash).

c) Technical

5) Epiphany Nomenclature Significance Naught (1) The use of large or fancy words in place of readily understood technical terms. Obscuring features behind words that sound impressive is a common way of hiding the truth. This technique is often known as ‘buzzword compliance’.

6) Hyping up old or standard features in place of current or impressive technology. We all use and trade email, so a company drooling over themselves in light of their amazing use of the SMTP protocol means very little.

d) Harm

7) Without our P&S, you’ll be hacked! New security and crypto based companies are fond of using this ploy. Without their products, you are a time bomb waiting to go off! Come tomorrow, evil and malicious hackers will intrude upon your network, deface your web page, read your corporate secrets and pour sand in your gas tank!

8) Without our P&S, you will not get future business! The trend of business is moving toward our product and what we deem standardizations! If you and your company don’t jump on our bandwagon, no other company will do business with you! As we all know, new technology and new standards are only adopted after long and rigorous testing. To move over to a new platform or protocol simply because some companys says so is ludicrous.

9) Without our P&S, you will lose time and money! This varies slightly from #2 in that the FUD centers around your company losing time and money today, not tomorrow. As we all know, any enterprise outfit that could possibly lose money in a matter of days without a specific product not already implemented is doomed to begin with.

e) Spin Doctoring (2)

10) Hyping opponent’s weakness. No more than a form of mudslinging, the company doesn’t rely on its own merit to pursuade you to use their products. Rather, they must display their opponents weaknesses and use them to convince you not to use theirs.

11) Creating weaknesses for the opponent. Sometimes an opponent has very few weaknesses. So, why not make some up? Clever wording and sometimes outright lies lead to one company creating supposed weaknesses in competitors P&S.

12) Attacking opponent’s strengths. Akin to #1, this relies on attacking the selling points of a competitor’s P&S. Often times, you will see this used in conjunction with #1 to attempt to completely belittle the opposing P&S.

For fun and amusement, you can use the twelve points above to rate articles. If an article or press release uses some of the methods above, attribute it one point per method. In the end, you can say that a given article has a “FUD Factor of 4” or rated “7 on the FUD scale”. Recent months have shown Microsoft to be repeat offenders, often rating between 5 and 10 on the FUD Scale. Their fear of the Linux operating system shows. No one should ever rate higher than a 10, unless the article is made up of nothing but FUD.

Response to FUD

As with all problems, it does little good to discuss them without proposed solutions. With FUD, it is much more manageable and easy to deal with.

The first thing is recognizing FUD in all its forms. Awareness for the average person is the tricky part. Consider the average person that has an interest in the ever changing world of technology and networking. They go day to day without the benefit of forums that readily challenge these huge companies oozing FUD at every crevice. Unfortunately, they are a bulk of the customers and supporters of these P&S. Educating them is the first step toward an honest profession.

Second, is the response. Even if you do recognize a company peddling FUD, how do you respond? Very simple.

1) Mail the author of the FUD as well as their editor. When doing so, be polite and present facts to back your mail. Site reference material, URLs or anything solid to back your argument and counter theirs.

2) Once mailed, give them a chance to correct their mistakes. Do not assume the FUD was intentional. The correction can come in the form of a retraction or followup article. As much as I hate to say it, the media machine may not allow for either. At that point, you must decided what to do.

3) Openly dispute the article in a public forum. Be it a mail list or web board, post the relevant parts of the article containing the FUD and refute them with your own facts. This causes a bit more strife but may be the only solution.


The use of Fear, Uncertainty, and Doubt in marketing campaigns — while certain to get the public’s attention — is plainly wrong. Armed with the above information, it’s our hope that the reader will now be able to spot it, refute it, and most importantly, not buy into it.

(1) By using standard synonyms from, we can create an alternate phrase that sounds impressive, yet means nothing.
Fancy -> Epiphany, Words -> Nomenclature, Meaning -> Significance, Nothing -> Naught. “Fancy words meaning nothing”.


Space Rogue (spacerog[at] for the idea of this paper and harassment. ATTRITION Staff (staff[at] for peer review and harassment. Anna Henricks, Geekgrl, and especially Jay Dyson for proof reading and suggestions.