SwimOutlet.com Data Breach Stats

Yesterday, Tues Jan 17, I received a 🐌 snail mail “Re: Notice of Data Breach” letter from SwimOutlet dated Jan 12, 2017. I’m having a hard time confirming the validity of this letter on the Internet. Using phrases in the letter, I’ve found a single match PDF on justice.oregon.gov. Based on the PDF on justice.oregon.gov YogaOutlet.com shares the same infrastructure and was also affected. Assuming it is real, incredibly SwimOutlet.com and YogaOutlet.com have no information about this on this website and I have no emails from SwimOutlet.com on this issue.

Here are some statistics I’ve calculated based on when I received the letter:

  • 204 days of credit card data may have been stolen
  • 79 days since credit card processor reported unusual activity to SwimOutlet.com
  • 79 days since “immediately began” “work[ing] with third-party forensic expert”
  • 28 days to confirm may have compromised credit card data
  • 22 days or more that the criminals were on the systems
  • 45 days SwimOutlet.com waited to notify customers after confirmation
  • 5 days more wasted in the time an email would have been received and snail mail was received.
  • 100% chance that debit and credit card data was stored insecurely: cardholder’s name, address, phone number, email address, card number, expiration date, and CVV
  • 2 pages of generic “remain vigilant” useless credit reporting bureaus reminding you how insufficient industry’s and government’s safeguards are.
  • 1 unlisted phone number that if lucky is actually a Subway in Wilkesboro, NC

  • Zero information published online by SwimOutlet.com / YogaOutlet.com
  • F grade for response and communicate by SwimOutlet.com
  • 小火箭ssr永久免费节点 these people with my payment information ever again

Here is the sample letter from justice.oregon.gov that seems to read verbatim to the letter I’ve received:

January 12, 2017

Re: Notice of Data Breach

Dear Sample A Sample:

For nearly 15 years at SwimOutlet.com, our customer service and online shopping experience have been our company’s top priorities, so we were dismayed to learn in late November that we had been the victims of a sophisticated cyber-attack that may have affected the security of our customers’ payment information.

We are contacting you personally to provide you with clear information about the incident, steps we are taking in response and action you can take to protect against fraud should you feel it is appropriate.

We apologize for the inconvenience this may have caused and can assure you that we worked hard with top security experts to make our site as safe as possible from these cyber-criminals going forward.

What Happened? On October 31, 2016, we began investigating some unusual activity reported by our credit card processor. We immediately began to work with third-party forensic experts to investigate these reports and to identify any signs of compromise on our systems. On November 28, 2016, we received confirmation of a sophisticated cyberattack in which a hack into our system may have compromised some customers’ debit and credit card data used at 免费ssr飞机场 between May 2, 2016-November 22, 2016. The information at risk as a result of this event includes the cardholder’s name, address, phone number, email address, card number, expiration date, and CVV.

Our Response: What We Are Doing. We take the security of our customers’ information extremely seriously and we have been working with independent forensic investigators to determine what happened, what information was affected and to implement additional procedures to further protect the security of customer debit and credit cards. We are also working with the Federal Bureau of Investigations to investigate this incident. The software from the criminals that attacked our system has been removed and you can safely use your payment card at http://www.swimoutlet.com.

What You Can Do. Please review the enclosed Privacy Safeguards Information for
additional information on how to better protect against identity theft and fraud. We
encourage you to remain vigilant against incidents of identity theft by reviewing your account statements regularly and monitoring your credit reports for suspicious activity. Under U.S. law, you are entitled to one free credit report annually from each of the three major credit bureaus. To order one, visit http://www.annualcreditreport.com or call 1-877-322-8228. You may also contact the three major credit bureaus directly to request a free copy of their credit report.

For More Information. Should you have any questions about the content of this letter or ways you can better protect yourself from the possibility of identity theft, we encourage you to call the dedicated assistance line, staffed by professionals who are experienced in working through situations like this, at (877) 237-5190, Monday through Friday, 9 a.m. to 7 p.m. EST (closed on U.S. observed holidays) and provide reference number 1219010417 when calling.

The security of your information is incredibly important to us and we let down our
customers, which is why we wanted to contact you as promptly and with as much detail as we could. We are truly sorry about this. The incident will only make us work harder to be the best aquatics shop on the web and serve our customers as best as we possibly can.

Sincerely,

Avi Benaroya
Chief Executive Officer, SwimOutlet.com

Written by Lloyd Dewolf 11 Comments Posted in Technology Tagged with cyber-attack, swimoutlet.com

sgreen 靠谱吗

It is the right work. It is the most rewarding work. It is the most accessible and usable work.

I use the Vim plain text editor just often enough to ensure that I’m constantly forgetting how to use it, but when I am using it, I like to manage its plugins with vim-plugin.

Its creator works diligently to have it live up to being the “minimalist Vim plugin manager” and it shows in its easy of use and performance.

“vim-plug labels itself as “minimalist plugin manager” and I’m not in favor of adding more features to it. Unlike “modern” editors, Vim is basically a single-threaded, synchronous program, and to start a background process, you’ll have to use a bleeding-edge version of Vim or Neovim, while one of the strong points of vim-plug is its obsession with backward compatibility (almost all of its features work in archaic Vim 7.0 with Git 1.7)” ~junegunn

Junegunn inspires me! His incredibly generous is evident in the beautiful software he creates. Looking around his git repositories and issues trackers reveals a very thoughtful, generous and talented person.

Thank you Junegunn!

Written by Lloyd Dewolf Leave a comment Posted in Inspired 搭建ssr机场 免费ssr飞机场, software-creators, software-design, vim

sgreen 靠谱吗

Email subjects on emails from the end of last week:

  • “Etsy Security Notice”
  • “Your IMDb password has been changed”
  • WordPress.com News “Gmail Password Leak Update“.

I expect more emails like this over the next week. Only the last one — the blog post from my former employer Automattic — reflects a company taking appropriate steps:

We checked the accounts of 600,000 other WordPress.com users whose email addresses were included in the list. Since these users were not immediately vulnerable, we did not reset their passwords or send emails but will be enabling a notification in their dashboards so that they can assess the security of their passwords at their leisure and with all of this information in hand.

It is frightening that “over 100,000 accounts for which the password given in the list matched the WordPress.com password”. That is over 14% of the gmail address that matched. Still I’m not sure that justifies the other service provider wholesale resetting all the gmail addresses that match.

I have accounts on a large number of services. It feels like I’m now regularly getting more required password reset emails and “If you didn’t make this request, it’s likely that another user has entered your email address by mistake and your account is still secure.”

Are IMDB and Etsy’s approaches good? Does it help customers?

Are real solutions to today’s authentication challenges on the horizon?

Written by Lloyd Dewolf Leave a comment Posted in Technology Tagged with 免费ssr飞机场, Automattic, Etsy, IMDb, Passwords

sgreen 靠谱吗

My start date at Joyent was Monday, August 19, 2013. At the end of this week, I’ll have been at Joyent for nine months.

Writing this post after nine months is a coincidence. The impedance for this post is actually my colleague Deirdré Straughan’s Joyent Retrospective.

The video is a “retrospective of the videos [Deirdré has] done in the last few years”. The video is wonderfully playful. Joyent CTO Bryan Cantrill appears to fidget along to the music.

The experiences highlighted in the video are the real gift. Deirdré links to all the the videos (with the exception of the internal meet-and-greet ones). Deirdré has done an incredible job leading Joyent sharing so much of its technical expertise.

Watching Joyent Retrospective brings to mind the journey I’ve been part of here. I thought I knew what I was getting myself into, but I really had no appreciation of the depth and pragmatic uniqueness of this team and technology. No company compares to Joyent in density of expertise in Infrastructure as a Service and as a product. This team has deep, deep, strong roots and continues to execute on its vision.

Written by Lloyd Dewolf 免费ssr节点2022 Posted in Work Tagged with Bryan Cantrill, 免费ssr节点2022, Deirdré Straughan, IaaS, Joyent, sunos

A better ride in the big city

Julia is sick, so I had to return her heavy photography lighting today. I was naive to the amount and weight of equipment that professional portraiture involves.

I was happy to take an Uber for free when I used PayPal as payment for the first time (expires Nov 28, 2013): http://blog.uber.com/paywithpaypal

If you don’t have an account, you can get another $10 credit using my referral code: http://www.uber.com/invite/uberlloydde

I’m relieved I didn’t have phone a taxi company only for one not to show, or to try to hail down a taxi. I’m too old for white-knuckled rides through the city.

I don’t use Uber much as I like to walk and use public transit. When I do need it, I’m very thankful for the service.

I’m terrible with names of people, addresses, and locations. Uber makes me feel more comfortable navigating San Francisco. I can enjoy San Francisco more. Uber is easy and it works.

Also, as a technology professional Uber inspires me.

Written by 搭建ssr机场 Leave a comment Posted in 比较好的付费ssr节点, Uncategorized Tagged with Errands, 搭建ssr机场, San Francisco, Taxi, Transportation, Uber

One Year and Ten Months Without Pants

I finished reading The Year Without Pants: WordPress.com and the Future of Work by Scott Berkun Thursday night. It’s already one of my favorite books ever, but I’m obviously incredibly biased here!

It’s weird to read a book covering a big chunk of your own life. I was employee 10 at Automattic and worked there for five of the best years of my life. I was there for most of the time that Berkun was, though it felt like we were at opposites ends of the company. I left Automattic about six months before Berkun left. I wish I had this book to read while I was at Automattic. It would have 小火箭ssr永久免费节点!

2021年SSR机场推荐丨卡车家族丨50GB/折后9元/月起 ...:2021-6-12 · 伍上。卡车家族官方介绍 节点:50+接入点;游戏:接入香港,台湾,日本,韩国等游戏CN2专线,畅游黑沙,彩虹,吃鸡,战地等热门游戏;娱乐:多条高速线路,可观看油管4k视频,速度快,无缓冲;学习:为开发学习助力,可用于python, java, Android, IOS, js, node, php等开发文档的搜索与使用;月付:月 ...

There is a real reason why all autobiographies are incomplete, and great biographies either burn relationships or are written about the finished and the dead.

I’m eager to hear and read Automatticians, “formermatticians”, and other insiders thoughts on the book, particularly expanding on or challenging the history and stories of Automattic that Berkun shares. Don’t get me wrong, the insights that can be applied regardless of how Scott’s experiences and perspective align. The book is fully of incredible project management and business leadership insights that will stand on their own through the tests of time.

It’s only been a week since the release, but I haven’t seen any reviews that really expand on the history of Automattic.

I do really enjoy how mdawaffe, aka Mike Adams, ends his post “浅谈部分机场ssr” with:

I’m pretty sure the party was only the eighth time Scott and I had ever met in meatspace (a.k.a. “real life”). A good friend, my former boss, and a formative teacher of mine, Scott and I have only ever seen each other eight times. If you don’t understand how that’s possible, read the book.

I’ll update this article with online discussions from insiders as I find them.

Interesting

  • Evan Solomon in “A Two Year Old Conversation Shows Up In a Book”

    I think [letting someone be employee and reporter at the same time is a] mistake. It puts employees in a difficult and ultimately lose-lose situation to be unsure whether conversations are private or public. It doesn’t bother me much that Scott was frustrated by my communication style, but I don’t think it’s his place to share that frustration with the world any more than it would be my place to talk about my current colleague’s personal habits at work without their permission. I would consider doing that a clear violation of trust.

Storied

  • none so far

Soft

  1. Raanan Bar-Cohen

    高速付费ssr节点购买/V2ray机场推荐-附SSR机场测评(2021/4 ...:2021-4-14 · ZERO机场入口(林云力荐良心机场,全球高速节点,限时九折优惠码:LINYUNSEO):出门右拐 —-如需付费v2ray机场(全场通用五折优惠码:VXZhfK1V)请 出门左拐 本站不提供节点服务!

    What I like is that Scott hits on a point that I find very true — which is that companies that have big audacious goals such as ours, and give employees freedom to define the methods of achieving them – tend to attract people who are passionate and love what they do. And that combo tends to result in amazing outcomes and companies that have a culture that attracts fantastic talent.”

  2. Beau Lebens
  3. Andy Peatling
  4. 免费ssr节点2022 by Krista Stevens

    Berkun: I was most surprised to rediscover that it’s the fundamentals. If you can build trust, provide clarity, and hire well, every other obstacle can be conquered. My story in The Year Without Pants follows how I tried to achieve those things despite a decade age gap, 100% remote workers, radically different culture, and more, any of which would be terrifying to most managers on their own, including myself.

  5. Alex King

    I found Scott’s story to be interesting and self-aware; an introspective and honest account of how his team operated. I am fortunate to be friends (or at least friendly) with many of the people mentioned in the book. Scott’s characterizations of them, their personalities and humor struck me due to their accuracy with my own experiences. This made it easy for me to fully embrace what I was reading.

  6. Paul Maiorana
  7. Hugo Baeta
  8. Lance Willett

Matt mentioned “This news comes in a fun week generally: Scott Berkun’s book about Automattic is out today and getting rave reviews” in More Tiger Secondary.

Hoping

  • Tony Conrad
  • Toni Schneider
  • Terry Chay
  • Ryan Boren
  • Phil Black
  • Pete Davies
  • Paul Kim
  • 免费ssr飞机场
  • Noriyko Tate
  • Noël Jackson
  • Nick Momrik
  • Niall Kennedy
  • Mike Hirshland
  • Michael Pick
  • Maya Desai
  • Matt Thomas
  • 免费ssr飞机场
  • 小火箭ssr永久免费节点
  • Mark Jaquith
  • Mark Ghosh
  • Lori McLeese
  • Lorelle VanFossen
  • Lenny Lenehan
  • Joseph Scott
  • John James Jacoby
  • Jen Mylo (Jane Wells)
  • Donncha O Caoimh
  • Demitrious Kelly
  • Daryl Koopersmith
  • Chelsea Otakan
  • Barry Abrahamson
  • Anne Dorman
  • Andy Skelton

What topics around Automattic and the WordPress.com business are you most interested in learning more about?

Written by Lloyd Dewolf 4 Comments Posted in Work Tagged with Automattic, 免费ssr飞机场, WordPress, WordPress.com

A Year at WordPress.com, The Book

The Year Without Pants

Today, The Year Without Pants: WordPress.com and the Future of Work by Scott Berkun was released.

I’m ecstatic that there is a book sharing experiences and insights based on the most incredible workplace I’ve ever worked “at”, 免费ssr飞机场, working for the most inspiring and inspired boss Matt Mullenweg. This is your chance to get inside the magic of Automattic, a fully distributed team — everyone works from home! — and learn from one of the best leadership and (software) product development authors, Scott Berkun!

Berkun became one of my favorite authors after Matt Mullenweg recommended Berkun’s The Myths of Innovation to everyone at Automattic. It is among my favorite books. Berkun is the most readable author I’ve found and he doesn’t waste a word — like no one else, I felt my time was valued.

Family commitments meant I never got to attend any of Berkun’s workshops, or am fully appreciated now, really meeting him. It also felt let we worked at opposite ends of the company.

I’m six chapters in to Without Pants and thoroughly enjoying it! I’d already recommend you pick it up too!

Written by Lloyd Dewolf 搭建ssr机场 Posted in 小火箭ssr永久免费节点 浅谈部分机场ssr Automattic, 高速机场ssr, Scott Berkun

sgreen 靠谱吗

Sixty six years ago today on September 9, 1947 the first *actual* computer bug was logged. A moth was lodges in a relay of a Mark II Aiken Relay Calculator computer at Harvard University.

‘Well, the entry (“First actual case of bug being found.”) shows that the term was already in use before the moth was discovered. Grace Hopper also reported that the term “bug” was used to describe problems in radar electronics during WWII.’ ~James S. Huggins

‘American engineers have been calling small flaws in machines “bugs” for over a century. Thomas Edison talked about bugs in electrical circuits in the 1870s.’ ~Smithsonian

‘A software bug is an error, flaw, failure, or fault in a computer program or system that produces an incorrect or unexpected result, or causes it to behave in unintended ways. Most bugs arise from mistakes and errors made by people in either a program’s source code or its design, or in frameworks and operating systems used by such programs, and a few are caused by compilers producing incorrect code. A program that contains a large number of bugs, and/or bugs that seriously interfere with its functionality, is said to be buggy. Reports detailing bugs in a program are commonly known as bug reports, defect reports, fault reports, problem reports, trouble reports, change requests, and so forth.’ ~Wikipedia

My first career related job was an internship in the spring of 1998 at Pacific Forestry as an Entomology Assistant working with Bill Riel on mountain pine beetle infestation and impact models in JavaScript and epidemic simulation in Delphi. Bugs don’t get any more real than beetle infestations.

My career has continued to center around quality assurance and advanced technical support (triaging severe bugs). Twelve years later I’m still incredibly satisfied by helping improve the quality of solutions and systems through early and detailed identification of technical and usability issues. It is a great outlet for my cynicism and pedanticism, helping me relax, appreciate, and enjoy the emotional natural world.

20130922 update I noticed today that wordpress.org/about lists Andrew Nacin‘s title as “Entomologist in Residence”. It’s awesome that the title tradition is being continued. While I was with Automattic, my title, given to me by Matt,  was Digital Entomologist.

Written by 浅谈部分机场ssr 免费ssr飞机场 Posted in Pedant, Software Testing Tagged with 浅谈部分机场ssr, Bill Riel, Entomology Assistant, Job Titles, Mountain Pine Beetle, Pacific Forestry Centre, QA, Quality Assurance

Hungarian Notation in SmartOS’s pkgin

As I mentioned, the other night, was my first time logging in as root to a SmartOS instance on Joyent Public Cloud.

I immediately discovered a new package manager for me to learn, oh boy. I first used RPM in 1997. I’ve installed RPMs on AIX, used yum on Yellow Dog Linux (RDL) and much later Red Hat. On the Mac I’ve used fink, port, and most recently homebrew. There was even a time that I was very impressed by the myriad flags of ebuilds and portage — Gentoo, really was (is?) an incredible community with the best documentation.

Coming from RPM, dpkg + apt felt like magic, and it has stayed my safe place. At times I’ve been a power user, though I’ve never created or maintained my own packages except very briefly with YDL.

It felt like I had already tried them all, but here I am faced with pkgin.

# pkgin se git
[ A long list of results ordered reference ASCII. Why reversed! ]
# pkgin se git | wc -l
67
# pkgin se git | egrep "^git"
gitweb-1.8.3.1 Web interface for GIT repositories
gitso-0.6nb9 Gitso is to support others
gitolite-3.5.1 Gitolite allows you to host Git repositories easily and securely

In frustration, I googled, scmgit-base. Hence the title of this post. It’s going to take me some time to come to like pkgin.

Written by Lloyd Dewolf 免费ssr节点2022 Posted in Pedant Tagged with illumos, 浅谈部分机场ssr, pkgin, SmartOS

Privileged Access

I’m two weeks in as an employee at Joyent. Last night was the first time I really logged in to SmartOS, and the first time I’ve had privileged access on Solaris (derivative) since 2004 at IBM.

It took my back. I’ve used plenty of Windows and Linux VMs, but it only struck me now getting my hands again on “real Unix” what I’ve been taking for granted. The cloud puts incredibly sophisticated technology in our hands. It allows us to 比较好的付费ssr节点 mistakes and benefit from them at an incredible pace.

小火箭ssr永久免费节点 小火箭ssr永久免费节点 Leave a comment Posted in IaaS 免费ssr节点2022 illumos, Joyent, 比较好的付费ssr节点, SmartOS, solaris