We all know (well, HOPEFULLY we ALL know) that investing in cryptocurrency is fraught with risk. However, with the promise of privacy and decentralized banking, doesn’t crypto do more good than bad?
In short, NO. Keep reading to find out why…
Good Design – Bad Design
Some things are designed well, and others aren’t. Posts in this category are meant to call out both, and in the case of bad designs, provide comparison or contrast to the same function designed properly.
Rant: SMA vs. RP-SMA
A few years ago, I put up a wireless camera system, and I ended up needing an antenna extension cable.
I vaguely recall buying a SMA, and it was the wrong one, which of course meant that I had to buy a RP-SMA cable, which worked.
I have also occasionally had to buy RP-SMA cables to extend WiFi antennas from time to time – mainly due to line-of-sight issues.
And I never gave it much thought after that.
Having recently installed a new gate opener, I found that I needed to raise the antenna (again, due to line-of-sight issues), and I bought a RP-SMA cable, which I assumed was fairly standard.
Imagine my surprise when it didn’t work – ONE end connected just fine, but the other end wouldn’t connect at all.
“What idiot used the wrong standard?”, I thought to myself.
So I bought a SMA cable, and that worked out just fine.
However, I started thinking about it. Why have two cables that are otherwise identical, but not interoperable?
Other than the pin configuration, SMA and RP-SMA are identical. In regular SMA, the male pin goes on the female-threaded connector. In “Reverse Polarity” SMA, the male pin goes on the male-threaded connector.
What is SMA?
The SubMiniature A (SMA) connector is a smaller, lighter-weight, and more precision version of the “F” connector.
If you’ve ever had a VCR or cable box in the 1990’s, you have at least one of these in the bottom of a drawer somewhere:
The venerable “F” connector at the end of a coaxial cable was once the standard way to connect devices that share a NTSC video signal. Over time, this was replaced by newer standards, but even as late as the early 2000’s, you could go purchase a VCR, and it probably came with one of these cables.
The pin on the male end is typically the unshielded cable’s core, which protrudes from the insulation. The male end has a female thread that freely spins, while the female end has fixed male threads. To connect the two, you insert the pin in to the female end, and tighten the free-spinning “nut” on the male end. Here is an RG59 elbow that has both male and female F connectors:
RG59 (“F” Connector) Elbow
The SMA connector is slightly smaller, lighter, and machined to more specific tolerances.
SMA Elbow
If you were unaware of the scale, SMA connectors look almost identical to F connectors. However, where the female F connector is about 1/3 inch in diameter, the female SMA connector is about 1/4 inch – about 32% smaller.
Today, SMA connectors are found almost universally in any consumer application that uses an external antenna, including hand-held radios, FRS (walkie-talkies), garage door openers, and WiFi routers.
Well, not WiFi routers.
This is where RP-SMA comes in.
What is RP-SMA?
I always assumed that one or the other supported better attenuation, or more bandwidth, or maybe one was for outdoor applications. But, that’s not the case.
“Reverse Polarity” SMA, or RP-SMA, was created as a way to appease the FCC’s requirement to keep people from being able to boost their WiFi signal by attaching a larger antenna.
I wish I was kidding.
You see, when WiFi was first standardized in 1997, the FCC required “unlicensed transmitters” to use an antenna connector that was either proprietary, or required professional installation.
In order to address the FCC requirement, some genius decided to move the pin on the then-standardized SMA connector from the female-threaded end to the male-threaded end. So RP-SMA should really be called “Reverse Gender” SMA – polarity refers to the signal, and gender refers to the connector.
As an easy fix, the larger manufacturers adopted RP-SMA as an alternative to SMA, because inventing an entirely new connector would be unavoidably complicated and unreliable.
Because all of the larger WiFi manufacturers used RP-SMA, it became fairly standard, and because it became fairly standard, parts and cables eventually made their way in to the consumer market. And once the parts and cables hit the consumer market, it was no longer considered proprietary.
So, just 3 years later in 2000, the FCC dropped the “unique and proprietary” requirement, because RP-SMA was no longer unique, and no longer proprietary. And by that time, WLAN was fairly standardized, and the government had other things to worry about.
Unfortunately, the legacy of those bad decisions is that we have two incompatible but semi-interoperable standards.
Why RP-SMA is Bad
In summary, there is too much complexity, which leads to too many possibilities for problems.
In my case, I didn’t even know that I had the wrong cable until I went to connect the two male ends together.
SMA is on the top, RP-SMA is on the bottom. In addition to the two gender changers for SMA and the two for RP-SMA, there are four additional converters between the two. Also, RP-F is mechanically-compatible with SMA-F, but won’t pass a signal because there is no center pin on either connector.
Because the two standards use the same mechanical connection, it’s way too easy to mistake one for the other. In addition to two gender changers for each, there are four additional converters, which means that there are eight possible combinations instead of the usual three (M-M, F-F, M-F) that you would find with any other connector.
Worse, you can connect a female RP-SMA to a female SMA, but it won’t pass a signal because there is no pin.
For example, if I didn’t know better, and simply bought a RP-F to SMA-F coupler, I could have spent weeks troubleshooting, and I bet others have done this.
It’s a bad standard, and now that the FCC no longer requires it, RP-SMA should be completely deprecated in favor of SMA, which was the original standard.
(And besides, “Reverse Polarity” SMA is not even named correctly)
How Do We Get Rid of RP-SMA?
- Stop making devices with RP-SMA connectors. Eventually all of the old devices will die off.
- Stop making RP-SMA cables. Make ONLY SMA cables, and continue to produce converters for situations where a cable needs to connect to an older RP-SMA device.
As with most pin-based connectors, devices that use either SMA or RP tend to have female connectors, because pins bend, and replacing a bent pin on a device is a lot more expensive than simply replacing a cable. Further, most antenna cables tend to be male-to-female, and antennas tend to be male. Therefore, for most applications, converting RP to SMA would only require a RP-male to SMA-female connector, and then everything after that, including the antenna, would be SMA.
It’s 2022, and buying a TV or monitor isn’t that easy… There are tons of acronyms and options, making it difficult to understand what you’re buying. Read on for some solid buying advice.
Unfortunately, these two things have absolutely no relationship to each other.
Recently, while working on a sheet metal project, I was annoyed that I had to go find a sheet metal gauge chart, because sheet metal is pretty much only sold in “gauge” thickness. I was even more annoyed to find that different metals have different gauges. So 14 gauge stainless is not the same as 14 gauge copper, and neither of these are the same as 14 gauge aluminum
Bore Gauge
Although this is an outdated system, its only modern vestige applies to shotguns.
And it goes like this:
The bore gauge number (n) is the diameter of the bore, such that n lead balls of equal diameter weigh 1 pound.
Therefore, the greater the bore gauge, the smaller the diameter.
So when is 12 > 20? When you’re talking about bore gauge.
Yep. That’s bad. But, it’s at least manageably bad. There is at least a formula.
Lead weighs about 11.8 ounces of weight per ounce of volume.
A pound of lead (16 weight ounces) would therefore occupy a mere 16 / 11.8 = 1.35 fluid ounces.
To relate volume and diameter, we have to convert fluid ounces to inches, and 1 ounce of volume = 1.8 cubic inches.
Therefore, 1.35 fluid ounces of lead = 1.35 * 1.8 = 2.43 cubic inches.
At this point we have 2.43 cubic inches of lead, which we know is enough for a “1 gauge” lead ball, but we need to find the diameter.
Volume of a sphere (V) = 4 / 3 * Pi * r^3
r = Radius
r^3 = Radius to the 3rd power (cubed)
Since we have the volume and we need the diameter, we need to rearrange this to solve for radius, then multiply by 2 (diameter = 2 * radius)
d = 2 * ( (3 * V) / (4 * Pi)) ^ 0.3333
By inverting ^3 (cubed) as ^ 0.3333 we get the cubed root
If we compute this for our 2.43 cubic inches of lead, we get:
d = 2 * ( (3 * 2.43) / (4 * Pi)) ^ 0.3333
d = 2 * ( 7.29 / 12.57 ) ^ 0.3333
d = 2 * 0.58 ^ 0.3333
d = 2 * 0.83
d = 1.667 inches
A 1 gauge bore diameter is 1.667 inches.
For the general case, we can start by computing the amount of lead. Since volume and weight are proportional, and the volume of a pound of lead is constant:
V = 2.43 / g
2.43 = 1 pound of lead in cubic inches
g = gauge number
We then take the same formula, substitute for V, and pre-compute some constants:
d = 2 * ( ( 3 * 2.43 / g ) / (4 * Pi )) ^ 0.3333
d = 2 * ( 0.58 / g ) ^ 0.3333
We can cube both sides and further simplify:
d ^ 3 = 8 * 0.58 / g
d ^ 3 = 4.64 / g
d = 1.668 / g ^ 0.3333
And, we can use this for any gauge number (g):
| Gauge | Diameter |
| 10 | d = 1.668 / 10 ^ 0.3333
d = 1.668 / 2.154 d = 0.77 inches |
| 12 | d = 1.668 / 12 ^ 0.3333
d = 1.668 / 2.289 d = 0.73 inches |
| 20 | d = 1.668 / 20 ^ 0.3333
d = 1.668 / 2.714 d = 0.61 inches |
And, you can plug any number in to this formula, so if you wanted a 14.5 gauge bore size (for whatever reason), you would use the same formula above, and that bore size is 0.68 inches.
You can even reverse the process to find the bore gauge corresponding to a given diameter measured in inches, by solving for gauge:
d = 1.668 / g ^ 0.3333
d ^ 3 = 4.64 / g
g = 4.64 / d ^ 3
A .357 magnum has a nominal bore diameter of 0.354 inches. If we plug in 0.354, we get:
g = 4.64 / 0.354 ^ 3
g = 4.64 / 0.0444
g = 104.6
So the next time you threaten someone, you can say “Don’t make me pull out my 104 gauge!”, and at least this has an obscure but discernible meaning.
How did we get stuck with this standard? Nobody really knows! However, most texts state that gauge was used even as late as 200 years ago, when there weren’t any good, universal measuring standards. If you ordered ammunition in gauge size, you were assured that it would match your gun’s bore diameter. As the rifle (gun with a rifled barrel) is a relatively new invention, measurements were much more standardized by that time, and it makes sense that rifle bore sizes (caliber) are always measured in inches or millimeters.
However, to this day, most shotguns are still smooth-bore, because shotgun cartridges have multiple, small projectiles (called pellets) that spray out in a disc formation when the cartridge is fired. Because the pellets are much smaller than the shotgun’s bore, they don’t come in to contact with the barrel enough for rifling to be effective. Although there are rifled shotguns (called slug guns) that are designed for shooting a single, solid lead shot (called a slug), these are uncommon. Therefore, it makes sense that we’ve kept the tradition of measuring a shotgun’s smooth bore size in gauge, rather than using caliber.
Fortunately, today, bore gauge is only used for shotguns, and rifle bores have become so standardized that I can go anywhere in the world and purchase ammunition for a gun of the same caliber manufactured anywhere else in the world.
Now, let’s talk about sheet metal gauge.
Sheet Metal Gauge
Here is the formula for sheet metal gauge:
There isn’t one. Consult a gauge chart.
But, it gets even better.
Sheet metal gauge is based on density, so not only do you need a gauge chart, you need a different gauge chart for each type of sheet metal.
How did we end up with this?
Sheet metal gauge size is based on wire gauge size, but not AWG, which is the American standard for wire gauge size.
Back in the early days, each vendor had their own wire gauge size, based on the number of machining steps required in order to get down to that gauge size. E.g. 10 gauge wire requires 10 steps. Eventually, all of that got standardized as the American Wire Gauge (AWG) standard.
Wire has been mass-produced much longer than sheet metal, so when sheet metal started to be mass-produced, the sheet metal manufacturers adopted the wire gauge standard (but not AWG), and each manufacturer had their own.
Over time, like AWG, sheet metal gauge sizes became standardized.
Unlike AWG which specifies a standard wire diameter independent of any other factor (e.g. 20 gauge wire is the same diameter in copper or aluminum, or steel, or whatever), sheet metal gauge is based on density, so the gauge size changes based on the specified material.
Nominally, every reference to sheet metal states that gauge size is based on “a density of 41.82 pounds per square foot”, but that’s not the case. If it was the case, you would be able to work backwards to find the gauge number. For example, going back to the way bore gauge works, if 41.82 pounds = 1 (sheet metal) gauge, then dividing that by 2 = 2 gauge, etc. But that’s not the case. 10 gauge (steel) = 0.1345 inches, and if we multiply that by 10, we get 1.35 inches. 20 gauge = 0.0359 inches, and if we multiply that by 20, we only get 0.72 inches. So there is clearly no proportionality based on weight or thickness.
If you google for a sheet metal gauge formula, you can find plenty of references that all begin with:
Sheet metal gauge size is based on 41.82 pounds per square foot. Consult your sheet metal gauge chart, and…
As it turns out, this is a formula for calculating the weight based on gauge size, not for calculating gauge size.
Why do we still use this archaic standard? Sheet metal gauge is codified by U.S. law, for tax purposes: 15 USC 206: Standard gauge for sheet and plate iron and steel.
So, because the government regulates the thickness of sheet metal for tax purposes, you have to consult a gauge chart whenever you order sheet metal.
If you have anything to do with technology, the chances are pretty good that you wasted at least part of the month of December patching, upgrading, or reconfiguring software that uses Log4J.
Now that the dust has settled, we can look at the vulnerabilities that were announced in December, what factors led to the problem, and why it should never have occurred.
Previously, I’ve written about gun-related movie myths in “Movie Myths: Guns – Part 1“, and in there, I described in detail how guns work – both automatics and revolvers.
Since that time, I’ve thought about making a state diagram that helps explain some of the common gun-related continuity errors that you regularly see in movies and TV.
The result is the diagram that you will see in this article, along with a higher-resolution PNG and PDF that you can download for free, which would make a nice wall decoration for any gun enthusiast.
Download the PDF here, or the PNG here.
Read on for more information about state diagrams and gun-related movie continuity errors…
Bad Design: WinZip – An Annoying Pop-Up Ad from an Irrelevant Product
The company where I am currently employed uses WinZip as its desktop standard for archive software.
This isn’t my preferred option, but whatever.
One minute, I’m cruising around in a spreadsheet, and the next, this pops up:
They company in question has an enterprise license for WinZip, which means that I’m running a fully-licensed copy.
I will cover some of the history of WinZip, and why I think it’s irrelevant, and then I will tell you exactly why I think this pop-up is wrong. I will also make some recommendations for both software designers and corporate desktop administrators.
Some History
…and, “Why I think WinZip is irrelevant”
Back in the DOS days, there were competing lossless file compression standards, and that’s still true today.
In the 1980’s and early 90’s, disk space was always at a premium, whether it was deciding what to delete off your hard drive so that you could install a new program, or how many programs you could back up to a floppy disk.
And, before the internet, you connected to Bulletin Board Systems (BBSs) through a very slow modem to find and download software. Smaller files meant that a BBS could host more files, and also, that your download time would be significantly faster.
The first commonly-used compression program for microcomputers was simply called “ARC”. Not only did ARC compress files, but it had the ability to compress multiple files in to a single “archive” file, and later versions could even span multiple floppy disks – handy if you were backing up your hard drive.
Due to its ease of use, single-file archive format, and itself being a small file that was easy to find and download, ARC quickly became standard among BBS operators and users. Every PC in the 80’s had a “C:\UTILS” folder, and ARC was one of the programs inside of it.
Although ARC was commercial software developed by SEA corporation, it was distributed as “shareware” – a license that allowed both individual users and BBS operators to freely “share” the file by copying it, but requested that users send in some money and obtain a proper license if they decided to keep using it. Of course, no one did that, and eventually, SEA released the source code for ARC.
A couple of years later, along came Phil Katz, who wrote a much faster and more efficient implementation of ARC, of course called PKARC, and rather than have both compression and extraction functions within the same executable, Phil Katz split the extraction function in to a separate program called PKXARC. This meant that you could download the much more svelt PKXARC if all you needed to do was extract files without compressing them, but in either case, you would benefit from the much faster code.
PKARC soon became the de facto tool for using ARC files.
Later, Phil Katz co-developed the ZIP file format – the same one that’s in use today. And, like ARC, everyone started using ZIP files, especially popular with BBS operators due to the smaller file sizes and faster extraction routines.
Soon, like ARC, every PC had PKZIP and PKUNZIP in their C:\UTILS folder alongside PKARC and PKXARC. Eventually, people just stopped using ARC altogether.
And thus, Phil Katz built the bulk of the PKWare software empire off of one little shareware utility.
However, PKZIP had one major drawback: It was a command-line program, requiring some knowledge of what a command line is, how to use it, and how to use PKZIP within it.
As operating systems evolved toward Graphical User Interfaces (GUIs) and began to focus on ease-of-use, there was clearly a gap.
You could download a ZIP file from a BBS using your terminal program running in a window, but then you would have to shell out to a command prompt and run some arcane (pun intended) commands to extract the files within it, in to a usable format.
In the early 90’s WinZip emerged as a graphical front-end to PKZip. With PKZip installed, and with WinZip properly installed and configured, a user could simply double-click on a zip file to extract its contents, or drag and drop some files to create a new ZIP file. WinZip handled the user interface, and on the back end, it ran PKZip with the appropriate command-line switches.
Eventually, WinZip adopted a “clean-room” ZIP implementation, and dumped PKZip. Now, there was no complicated dependencies nor configuration. If a user needed to open a zip file, they could simply download and run WinZip as a single program.
As Windows 95 boosted the popularity of home computing, WinZip quickly became much more popular than PKZip. PKWare made a feeble attempt to release a competing GUI product, but it was too-little, too-late. WinZip had been on the market longer, most users were familiar with it, it had better desktop integration, and it was far easier to use.
By the late 90’s, WinZip was one of the first programs you needed to download after any new operating system was installed.
Similar to PKWare, WinZip had a “trialware” license that allowed you to freely use it for a couple of weeks, and then either delete it or license it.
To help drive revenue, unlicensed copies of WinZIp would pop up a friendly reminder. Once you entered a license code, the reminder disappeared. Further, a license was perpetual, and initially allowed for perpetual upgrades. So for about $10 (if I recall), not only could you license WinZip to get rid of the annoying pop-up, but you could also freely download and upgrade to the latest version every couple of months when it was released.
WinZip prospered as it virtually ruled the market. Over time they added new features and updated the GUI, but WinZip was still WinZip.
And then Microsoft released Windows XP, which had built-in support for zip files.
It’s hard to believe that Microsoft turned a blind eye to this lucrative niche for nearly 10 years, but on the other hand, they were probably gun-shy after having recently fought off anti-trust litigation from Netscape. In versions of Windows prior to XP, if you double-click on a ZIP file without WinZip (or another ZIP handler) installed, you more or less get a message that says “what the heck do you want me to do with this??”
Now, with Windows XP and onward, you could double-click a ZIP file to open it, or right-click some files and send them to a “compressed folder”, which is Microsoft’s codename for a ZIP archive file.
Even worse for WinZip, by the time Microsoft released XP, there were Free and Open Source Software (FOSS) alternatives such as WinRAR and 7-Zip. Initially, each of these only supported a proprietary archive format (RAR and 7z respectively), but eventually they both ended up supporting multiple archive formats, including ZIP, and even the advanced features of the ZIP format, such as media spanning and AES encryption.
And, WinZip’s market began to dry up.
Casual users didn’t need to download anything – they simply used the operating system’s built-in ZIP file handler.
Power users could download FOSS utilities for free, such as WinRAR and 7-Zip, and simply avoid both the cost of WinZip and its increasingly clingy, laggy user interface and more frequent and annoying beg-ware pop-ups.
As it turns out, switching from a perpetual to an annual license model was a smart move for WinZip.
Rather than die out like ARC and PKZip, there is just enough recurring revenue from corporate licensees to keep it on life support.
So, despite being completely obsolete, WinZip is still running out there, with it’s ever-more kludgy and annoying user interface, limited features, and annoying pop-ups.
And, companies like the one I work for are still running it, because, hey, it works, and hey, they still have a license for it.
Why Pop-Up Ads are Bad
<RANT>
In case you don’t remember using a computer in the 2000’s, let me describe what it was like:
- “Windows has some updates for you!”
- “Update to the LATEST version of Adobe Flash to view this page!”
- “Adobe Acrobat needs to be updated.”
- “Your virus definitions are out of date.”
- “You’re not running the latest version of WinDVD / WinAMP! Download it now!”
- 10 browser pop-ups for spray tanning you should buy online, software that can clean your PC, stock you must buy immediately, adult websites you HAVE to try right now, the truth about “x”, and whatever else you don’t care about.
Play this every couple of hours on endless repeat while you’re trying to edit a document or watch a movie.
PEOPLE. HATE. POP-UPS.
People hate pop-ups so much that every modern browser has a built-in pop-up blocker – code that specifically stops a website from opening new browser windows.
People hate pop-ups because they are pre-emptive. You have to STOP doing what you WERE doing (which was important to YOU), and click “close” on a useless pop-up. You can’t ignore a pop-up, because it’s right there, blocking whatever you were working on behind it. It’s even worse when you’re typing, because you have to take your hands off the keyboard, which is both slow and distracting.
People HATE them.
So why have a completely random pop-up inside a fully-licensed product??
If I was running the trialware version (if that even still exists), then a pop-up is justified when I first launch the program. “Hey… we see that you still haven’t registered…” OK, fine.
BUT I HAVE registered. It’s fully-licensed. And, I DIDN’T EVEN HAVE WINZIP RUNNING!! So it obviously has hooks in to the scheduler (Microsoft’s biggest architectural mistake, but that’s another story) for the sole purpose of trying to sell me more WinZip crapware, that I can only assume has even MORE pop-ups!
What’s even worse is that I don’t need any of the “new features”, and I don’t want them. I don’t need some crappy product “running tasks in the background” or “sorting through my photos”.
All I need to be able to do is encrypt a ZIP file and read encrypted ZIP files.
BUT, because I’m on a corporate laptop, rather than downloading a superior product like 7-Zip, which is simple, fast, and free, I’m forced to run WinZip and deal with bulky, slow software and random crappy pop-ups. What a user experience!
</RANT>
Just let this sink in for a minute… My recent experiences with WinZip have been so frustrating that I just spent 3 hours of my personal time writing this blog post.
Tips for Corporate Desktop Admins
Why do corporations still use WinZip? Probably one of several reasons:
- You have used it for years. So what. The current version is a kludgy piece of crap. Move on.
- You already own a license. This falls under the sunk cost fallacy. Once an investment significantly diminishes in utility, the best course of action is to STOP SPENDING MONEY ON IT.
- We have to train our users. No, you don’t. The 7-Zip interface is similar to the WinZip classic interface, and anyone who has used a computer within the last decade will figure it out.
- WinZip is secure. So are 7-Zip and WinRAR. But, now that no-one out in “the real world” is running WinZip, finding new vulnerabilities is much more difficult. Existing WinZip deployments could sit on desktops for years in a vulnerable state. In contrast, with 7-Zip being one of the most popular pieces of FOSS of all time, there is lots of active development, and any vulnerability would be quickly identified and patched.
- “Open Source” licensing is questionable. No, it’s not. Have your legal department review and approve the GPL and move on.
- Being open-source, there is little or no support. IT’S AN ARCHIVE UTILITY. HOW MUCH SUPPORT DO YOU REQUIRE? Having said that, there’s probably more support out there for 7-Zip than any Microsoft or IBM product. (Microsoft is the new IBM, they just don’t know it yet.)
- It’s difficult to deploy. You don’t even have to install it. Just copy the files and run it.
- It’s expensive. The “F” in FOSS stands for “Free”.
Tip of the day: DUMP WINZIP. STOP WASTING MONEY ON MAINTENANCE AND LICENSING. MOVE ON TO A SUPERIOR SOFTWARE PRODUCT.
Tip for Software Designers
If you are Microsoft:
If someone is making MILLIONS OF DOLLARS selling an add-on to your flagship operating system, hint, you might want to BUY THEM. Loot the codebase, integrate the functionality, and move on.
If you are a startup company with a niche product:
- Stay within your lane. Don’t over-innovate. Keep the feature set simple.
- Keep the User Interface as simple as possible. People are using your product out of necessity, not preference. They don’t want 15 levels of menus, nor “innovative” user interface elements. Keep it simple and fast.
- Don’t get greedy. You have a niche product, not a “desktop suite”. Charge users a few bucks for each license, and keep the product as simple as possible.
- Pivot when needed. Despite being battered in to the dirt by WinZip, PKWare didn’t go out of business. Currently, they are out of the desktop archiver market, and their current product offering is focused on security.
- Sell out at the top, not the bottom. Because you have a niche software product, someone will eventually come along who sells a better / faster / cheaper product. Once you begin to lose market share, it’s already too late. You WILL eventually have to sell – do you want to sell while your company is dominating the market, or as you walk out of bankruptcy court?
- NO POP-UPS. Remember your place. I don’t “WinZip” on my computer daily. I do a lot of things, and products like WinZip are a very small part of it. The LESS interaction I have, the better.
Enough ranting, I think my points are clear.
If you have a set of things, a permutation is a specific way that you can list those things. Although algorithms exist to list every permutation, most of them rely on recursion – the calling of a function from within itself – which is horribly inefficient.
If you want a non-recursive algorithm that lists every permutation, keep reading…
Thanks for Misusing My Personal Data!
15 months ago, I bought a house.
During the course of that transaction, I had to disclose personal information to:
- The finance company (two, since we dropped the first one)
- The insurance company
- The title company
I was required by Federal law to disclose information, including my:
- Birthday and date
- Social Security Number
- Full Name
- Address
You know, everything you might need to, you know, KNOW in order to steal my identity.
The business purpose for this was ostensibly to:
- Obtain credit information
- Review my financial records and assets
- Report a financial transaction to the IRS
And, it was ostensibly to be used ONLY in the course of doing business.
A year passes…
I get a “Happy Birthday” e-mail from:
- BOTH finance companies, even though I dropped one of them
- The insurance company
In addition, I got an actual birthday card in the mail from the finance company that we ended up using.
Two decades ago, I would have thought “how quaint!” and moved on.
However, in the days of identity theft, YOUR BIRTHDAY is a significant piece of non-public personal data that should be closely guarded.
If I had gotten a birthday card at the beginning of the month with a note that says “Hey, happy birthday this month!” We know it’s your birthday, but we respect your privacy, so we’ve stored a generic representation of your personal data rather than your actual birthday.
Completely acceptable.
The reason storing my ACTUAL BIRTHDAY is NOT ACCEPTABLE, is twofold:
- YOU HAVE NO REASON TO STORE IT. Once you’ve pulled my credit, sold me a house, and reported all of this to the government, there is no legitimate ongoing business need to continue to retain that information.
If your company stores data for which there is no valid, ongoing business purpose, you’re inviting a data breach. - YOU PROBABLY AREN’T STORING IT SECURELY. Is my birthday in a spreadsheet, stored on your laptop that you take to your house every night, which someone could steal from your house, or even worse, steal from the back seat of your car when you stop to pick up dinner on the way home?
Don’t laugh – I worked for a company where this exact situation happened – a spreadsheet containing personnel records, including social security numbers, was stored un-encrypted on the hard drive of a company-issued laptop that was stolen out of the back of someone’s car while parked in a restaurant parking lot.
So hopefully not on a laptop, but, pursuant to GLBA or FCRA or HIPAA or a number of other laws, we should hope that my birthday is stored on a server that’s encrypted, logically-secured, physically-secured, logged, monitored, audited, sitting behind a firewall, etc. More realistically, it’s stored “in the cloud” in your company’s sales system.
In addition to appearing completely unprofessional, the situation gives rise to the following, UNCOMFORTABLE QUESTIONS:
- What else are you storing without my knowledge and consent?
- Who do you share it with?
- Is it all stored by social security number? I hope not, but that’s how businesses were run 30 years ago.
<RANT>
And…
If WE NEVER DID BUSINESS AT ALL because MY WIFE FIRED YOU, then you have NO LEGITIMATE PURPOSE for storing my data, and ZERO REASONS to send me a birthday e-mail.
You know who you are…
</RANT>
Best Practices
Most data breaches result when companies store data that they don’t need, or store improperly, or both.
- Identify and catalog all systems that store Personally-Identifiable Information (PII) / Non-Public Personal Information (NPPI) / Protected Health Information (PHI) and other sensitive, personal data.
- Make sure these systems are secured properly – the Federal government provides guidance on securing financial and healthcare data.
- Audit the data regularly to make sure you are only storing what is needed for legitimate business purposes. This includes purging old data, as well as ensuring that you are not unnecessarily, permanently storing personal data fields.
- In most cases, a business is only required to retain business records for 3 to 7 years, depending on the type of business. If you have data older than that, you need to delete it!
- If you have data fields that are necessary, say, to perform a credit check, you need to store them temporarily, and then delete them when no longer needed. Those data fields should live only as long as the transaction, and no longer. 3 months to a year would be more than sufficient.
- If you want to store demographic information, or, you know, send birthday cards in a quaint attempt to appear personable, then at least use legitimate techniques to anonymize the data.
- Don’t store the birth year at all (if not needed for demographics)
- If you DO need demographic information, Round the birth year to a multiple of 5
- y’=int(y/5)*5
- if y’=y then y’=y’+5
- In your CRM system, set everyone’s birthday to the first of the month. If my birthday is April 22, store 4/1.
Send me a birthday card at the first of the month, and let me know that because you respect my privacy, you DO NOT STORE MY ACTUAL BIRTHDAY.