Monthly Archives: February 2009

links for 2009-02-27

Posted on by
Reply

Citibank “SEC line item” double-books authorized charges on compromised accounts?

Posted on by
14

We have a Citi MasterCard that was one of the (apparently) hundreds of thousands whose security was compromised in the recent Heartland Security Breach.

I’d heard the news about the breach, but the first sign I had that we were involved was when I tried to use the card for an online purchase. No email, no phone call, nothing from Citi regarding the problem. When the transaction failed three or four times I knew it wasn’t the vendor website’s fault, so I checked my Citi account online. There I saw a bright red warning that my account had been shut down because of risk of compromise.

When I called (this was back on February 20th or so, I think) to complain about the lack of notice, the customer service representative explained that Citi had no time or resources to notify all the cardholders, especially given the scale of the possible breach, but had rather acted to place all the possibly compromised accounts on hold as soon as they could. I was told they had issued new cards with new account numbers, at no charge to any of us, and that the new card would be here shortly.

Well, we got the new card, and we activated it and set up online access.

Interesting thing we discover, which (aside from the general lack of coverage of the Heartland fiasco in the press and blogosphere) is why I’m bothering to write this: a strange charge we didn’t recognize, with code TOTAL SEC BALANCE TRANSFR-ITEMIZED. The amount charged ($99) was the same as the new charges that had accrued on the old account before the transfer, but “99″ is one of those numbers that makes you wonder about intentional design. In any case, this clearly implied we had either been double-charged, or charged an extra and unauthorized $99 fee.

So I got back on the phone and called customer service just now, and spoke with Jim. He explained to me that TOTAL SEC BALANCE TRANSFR-ITEMIZED was a “system message”, which represented (as it seemed) the sum of items booked to the old closed account just before the new one was set up. He explained it was an “accounting quirk in their system”, and that it would disappear at the beginning of the next billing cycle. Merchants had authorized $99 worth of charges right before the account was closed and balances were transferred, and the mysterious line item indicated the transition from “authorization” to actual charge. Jim explained that generally this transition removes the authorization charge from the billing system, but because the account changed in the interim period, the charge accrued on the new account but the authorization couldn’t be removed from the old one (or something like that). He pointed out (very helpfully) that if my card had been misplaced or stolen, the same dynamics would have kicked in there, too, and the same sort of transactions would have happened.

This got me thinking. It may be ephemeral, a “quirk of the system”, but nonetheless on the books and until the authorization is cleared I owe an extra $99 to Citi. It’s mere coincidence of timing that our account came to $99. But it seems highly likely (given the several-days typical delay between authorization and charge in many merchants’ transactions) that any regular cardholder might have one or more transactions spanning a period like this.

So here we have hundreds of thousands, or millions of credit card accounts, all compromised and all synchronously being transferred to new accounts. What fraction of those had interrupted transactions spanning the synchronized transfer, resulting in these TOTAL SEC BALANCE TRANSFR-ITEMIZED “system messages”?

The numbers are hard for me to even estimate with the information I have on hand (though Jim did allow it was “really a lot” of cards). Seems big.

The thing I have to wonder about is: just at this crucial juncture in the financial crisis, when the company is under the closest scrutiny in decades and the stock is suffering from massive loss of investor faith, Citi has double-booked a sizable Accounts Receivable sum.

And probably not just Citi….

links for 2009-02-26

Posted on by
Reply

links for 2009-02-25

Posted on by
Reply

links for 2009-02-24

Posted on by
Reply
  • V2 suggestion on WeGottaEat
    I would love to believe that totally ripping off copyrighted material in a design that is <i>available for public use right now</i> isn't a stupid, hamhanded, self-destroying instance of outright copyright infringement and bad design. But I'm not seeing the argument.
    (tags: design web-design infringement copycats inspiration-does-not-involve-command-X)
  • Worldchanging: Bright Green: Common Security Clubs: Finding Support in Hard Economic Times
    "“What becomes clear to participants is we are facing some major economic and ecological changes,” said Andree Zaleska from the Boston office of Institute for Policy Studies, who is coordinating clubs in the Northeast. “We are not going back to some golden age of economic growth based on empire, unfettered capitalism, and cheap energy—nor do we want to! We have to prepare ourselves and our communities for transformation.”"
    (tags: economics localism communitarianism community self-help activism social-networks cultural-norms)
  • Clojure for individual-based modeling – The differential biology reader
    "Yet Clojure offers many advantages over its dialectical ancestors. The first is immutable data structures. This forces you to think about everything as input and output (good for modeling) while making it easier to think and reason about (good for understanding your model) your program. The differentiation that Clojure makes between identity and state is also a good fit for modeling. Clojure is also built for a concurrent world. Clojure can handle a lot of different parts of a program simultaneously reading and writing changes to the world, allowing you to focus on each part of your system as individuals rather than worrying about the mechanics of making them all work together. Clojure also keeps vectors and hash tables as built-in, both convenient data structures for modeling tasks."
    (tags: LISP programming language Clojure concurrency modeling)
  • Management's False Darwinians | Slow Leadership
    "Simon Caulkin wrote a powerful article attacking this debased from of corporate Darwinism recently. In it, he wrote: “Bastardized and coarsened, the concept of “the survival of the fittest” (a phrase only later adopted by Darwin from Herbert Spencer) has powerfully shaped modern business. The robber barons of the early 20th century quickly latched on to the self-serving idea that “might is right”—cut-throat economic competition was the normal state of affairs and the rise to the top of the strongest was part of natural law and the inevitable outcome of history.”"
    (tags: Spencer Darwin social-darwinism that-word-you-keep-using)
  • Exploration Through Example » Blog Archive » Everyone needs a cryptic slogan
    "Retro-Futurist Micro-Scale Anarcho-Syndicalism"
    (tags: agile post-agile teams project-management)
  • I Love Pair-Programming » Absolutely No Machete Juggling
    "I see pairing work so well every day that I consider my career prior to my current job to have consisted mostly of wasting time. When I think back to all the code I’ve written for a job, I’m annoyed at how much less efficient I was then since I wasn’t pairing, and how much better my code and my products would have been if I had paired on them full time."
    (tags: pair-programming efficiency risk-management software development cultural-norms TDD productivity)
  • sunkencity.org: flickredit
    "FlickrEdit is a Java Desktop application that allows you to display and edit your photos in a variety of ways. It also allows you to download/backup or upload your photos to and from Flickr. FlickrEdit is written in Java and it uses flickrj framework to access Flickr.

    FlickrEdit uses Java Web Start to run and update the application (Wikipedia info on JWS). Click Below to Launch FlickrEdit!"

    (tags: via:lmorchard Flickr web2.0 backup better-safe-than-sorry)
  • Fear of Free | Dear Author: Romance Novel Reviews, Industry News, and Commentary
    "I’m continually amazed at the number of people that fear free digital content, believing that free digital content now will ultimately lead people to believe that all content is without value, that all consumers of books will somehow refuse to pay for digital content. The conflation of free and digital is one that is tossed around frequently, often based on the decreasing revenues of print newspapers and their inability to leverage or monetize their digital content. However, I don’t believe that the format defines whether content has value. The format might change the amount of the value expressed in monetary terms but I don’t necessarily believe that the digital form of content equals free. "
    (tags: disintermediation publishing business-model copyright distribution)
  • University of Michigan | Business Intelligence
    "Most large organizations have a "top-down" central planning function, although they operate externally within a "bottom-up" (market) economy. As the business environment becomes more complex, top-down planning systems have been hard pressed to adequately understand and effectively respond to the quickly-developing challenges.

    To cope with the complexity, some leading organizations are introducing more market-based BI systems to help with organizational decision-making. One of the emerging practices is called, prediction markets."

    (tags: conference local University-of-Michigan prediction-markets wisdom-of-crowds decision-making)
  • www.fadedpage.com
    "Distributed Proofreaders is an online community of proofreaders who strive to make Project Gutenberg the repository of the best free electronic books available. At any moment, hundreds of volunteers are working on different phases of saving history, one page at a time. Learn more by visiting www.pgdp.net or our newest site, www.pgdpcanada.net"
    (tags: Distributed-Proofreaders software scripts preprocessing digitization bookphile)
  • Snarkmarket: Demoralizing
    "You can talk about professions being demoralized, in both senses of the word. Medicine is a deeply moral profession, but have the incentives (and disincentives) of the medical-industrial complex been chipping away at that foundation?

    Banking once had a moral dimension. Is that even detectable anymore? Are there bankers at Citigroup who still see themselves fundamentally as stewards? Or is that species extinct?"

    (tags: morals worklife career cultural-norms algorithms planning coping community)
  • Detroit: City of Hope — In These Times
    "Other communities across the country are beginning to create alternative ways of living. In Milwaukee, a renaissance has begun, sparked by the two-acre farm of former basketball player Will Allen, who recently received a MacArthur Genius award. “We have to go back to when people shared things and started taking care of each other,” Allen said recently. “That’s the only way we will survive. What better way to do it than with food?”"
    (tags: via:srose localism community Detroit rustbelt Michigan economics communitarianism)
  • InfoQ: Brian Marick and Micro-Scale Retro-Futurist Anarcho-Syndicalism
    "…Nowadays, when I go into teams, especially teams in large organizations, what I am hearing from people is “At least work doesn’t suck now as much as it used to”. Which somehow seems less of an important thing to devote your life to creating: “He helped work suck a little less, but it still sucked”. The micro scale is intended to connote that we need to re-focus our attention on the people inside the team, on their happiness and on their success, and on empowering them and in particular we should stop hoping that someone in the organization the powers that be will reach down and give us permission to do Agile, give us permission to do reasonable things, help us out, we need to focus on the individual one to one scale which is where living a useful life lies."
    (tags: video XP agile Ron-Jeffries jargon cultural-norms dilution revival)
  • Exploration Through Example » Blog Archive » Onward! Call for Essays
    "A successful essay is a clear and compelling piece of writing that explores a topic important to the software community. The subject area should be interpreted broadly, including the relationship of software to human endeavors, or its philosophical, sociological, psychological, historical, or anthropological underpinnings. An essay can be an exploration of its topic, its impact, or the circumstances of its creation; it can present a personal view of what is, explore a terrain, or lead the reader in an act of discovery; it can be a philosophical digression or a deep analysis. It can describe a personal journey, perhaps that by which the author reached an understanding of such a topic."
    (tags: call-for-papers agile conference essay programming software-development)
  • philip beesley: hylozoic soil. « shape+colour
    "Holy shit. Anything with “capacitance-sensing whiskers and shape-memory alloy actuators” is more than fine by me"
    (tags: artificial-life VIDA installation art emergent ALife)
  • Linear Classifiers and Loss Functions « Justin Domke’s Weblog
    "So, in summary– a drop in classification error on test data from .941 to .078. Thats a 17% drop. (Or a 21% drop, depending upon which rate you use as a base.) This from a method that you can implement in basically zero extra work if you already have a linear classifier. Seems worth a try."
    (tags: classification machine-learning statistics methodologies heuristics learning-from-data)
  • Haml/Sass
    "Haml and Sass are templating engines for the two most common types of documents on the web: HTML and CSS, respectively. They are designed to make it both easier and more pleasant to code HTML and CSS documents, by eliminating redundancy, reflecting the underlying structure that the document represents, and providing elegant, easily understandable, and powerful syntax."
    (tags: Haml templating Sass CSS Ruby documentation markup)
  • 50 Successful Open Source Projects That Are Changing Medicine
    "Open source healthcare is forging forward quickly on the Internet. But, fast developments often produce many failures. But, many medicinal open source projects that have gained success development. This success shows that open source alone is not the solitary factor in development. Instead, look to great management, public relations, marketing and a sound program that stands up under the scrutiny of a growing number of peer users and, often, patients."
    (tags: collaboration medicine diagnosis healthcare software open-source)
  • Non-Hierarchical Management (Aaron Swartz's Raw Thought)
    "Spending your days doing grunt work for people who are smarter than you. Obsessing over their mood and personal problems. Turning down all opportunities to take credit or get attention so you can continue to work as a servant. Does this really sound like a job you want?

    Probably not. Few people are cut out for it. It’s really hard. It’s incredibly stressful. It’s not at all glamorous.

    But it’s vitally important. A team without a manager is doomed to be an ineffective team. So if you can’t do it, find somebody else."

    (tags: management advice business-culture administration entrepreneurship collaboration hierarchy cultural-norms)
  • My Least Favorite Interview Question » Absolutely No Machete Juggling
    "I have no idea what the interviewer’s expectations are, so I have to guess. I have, essentially, a 50/50 shot at guessing correctly. To make matters worse, my answer will likely go through a number of different interviewers, and I have a 50/50 shot at having guessed correctly with each of them. Assuming that a single “no” from one of the interviewers means I don’t get a job offer, having 2 interviewers gives me a 25% chance of success. Three interviewers gives me a 12.5% chance. A team of 6 or 7 interviewers (extremely common in up-and-coming companies) gives me virtually no chance at all."
    (tags: Nudge programming interview hiring specification assumptions project-management business-culture)
  • Digital Image Collection-Folger Shakespeare Library
    (tags: digitization Folger library reference Shakespeare)
  • The Stalin Compiler « Justin Domke’s Weblog
    Stalin is extremely slow to compile. In principle this isn’t a big deal: you can debug using a different scheme compiler. Still, Stalin seems to be somewhat less robust to edge cases, than at least chicken scheme.
    It is amazing that Scheme code with no type declarations can beat C by almost a factor of 2.
    Though in principle Stalin produces intermediate c code, it is utterly alien and low-level. I have not been able to determine exactly what options Stalin is using when it calls gcc on the source code. That could account for some of the difference.
    (tags: trade-offs programming multiobjective-optimization compilers LISP C design-automation middleware)
  • GiraffeSoft | Welcome to smarter web app development.
    "Then, to display the timeline_events, you'll need an association on your User model. We've frequently defined this as a has_many :through followed items, like how you might imagine it's implemented in the github activity feed. Then, in your dashboards/show.html.erb, you'd have something like this."
    (tags: timeline programming Rails RoR Ruby)
  • Grasping Reality with Both Hands: Republicans: Worse than You can Imagine (Bobby Jindal Edition)
    "Jindal believes that this grandstanding–at the expense of the interests of the people who elected him–will raise his chances of winning the Republican presidential nomination in 2012. I urge all Republicans to reflect that political loyalty ought to run both ways: a politician–like Jindal–who has no loyalty to his supporters who voted for him is not a politician whom any voter has any business supporting."
    (tags: financial-crisis politics grandstanding reconstruction-echoes)
  • Indian innovation thriving despite downturn and terrorism » VentureBeat
    "Private equity and venture capital to major countries has slowed or fallen in recent quarters, although the long term still looks promising. Ajay Shah, a senior fellow at the National Institute of Public Finance and Policy, calls India a “pre-modern market economy” that lacks a well-integrated bond market and other financial infrastructure to move money quickly into the system. Large conglomerates such as Tata and other Top 100 firms in India “will tap into all types of cash you’ve never heard of,” he says. But other companies –- especially family-run firms that lack diverse products –- cannot find debt capital and are being pounded by “unprecedented negative shocks to cash flow.”"
    (tags: investment entrepreneurs India venture-capital startups globalism economics)
  • Steamboats Are Ruining Everything: Why not ask for more?
    "… For some reason, Google has scanned two versions of my book American Sympathy, and its database doesn't seem to know they're the same book. Moreover, it also has a reference to what seems to be a free-standing copy of one of my book's chapters, not yet digitized, which I never published separately. I claimed that, too. And I claimed an "insert" in a scholarly anthology that reprints a journal article that overlaps a great deal with one of the book's chapters. I know for a fact that no one else has any right to that insert. Google's instructions say that if an insert reprints material also published in a book, the author should only claim either the book or the insert, but not both. Well, that makes sense as far as the lump payments go. But if Google is later going to sell ads on webpages or sell downloads, it doesn't make sense…."
    (tags: licensing digitization authors rights copyright Google moral-rights)
  • All we want are the facts, ma'am
    In the days when Sussman was a novice, Minsky once came to him as he sat hacking at the PDP-6.
    "What are you doing?", asked Minsky.
    "I am training a randomly wired neural net to play Tic-Tac-Toe," Sussman replied.
    "Why is the net wired randomly?", asked Minsky.
    "I do not want it to have any preconceptions of how to play", Sussman said.
    Minsky shut his eyes.
    "Why do you close your eyes?", Sussman asked his teacher.
    "So that the room will be empty."
    At that moment, Sussman was enlightened.
    (tags: via:arthegall via:cshalizi science models modeling statistics learning-from-data pattern-discovery hubris hyperbole Chris-Anderson that-Greek-dude-with-the-wings-that-melted)
  • Airspeed: Large Aircraft Security Program – Capt Force Speaks Out
    "If I get enough named supporters so it looks like a real show of force, I’ll include the list in the spot at the bottom. If I don’t get a big response, I’ll probably leave the list of supporters off. Either way, your expression of support will be appreciated.

    Note that I am very upset over the proposed rule and the text and tone of my comment reflects this as best I know how without using profanity. And the proposal deserves profanity. If you work for an alphabet organization or otherwise have a relationship with the TSA that requires not angering the TSA, this is not the comment with which you want to be associated. Only the brave and the independent need sign up here."

    (tags: TSA government regulation security-theater law aircraft transportation security authority public-policy Bushism bad-design)
  • Steamboats Are Ruining Everything: Moral rights vs. work-for-hire
    "American law does not similarly protect the moral rights of its authors. In fact, it has a legal convention called "work-for-hire" that is to moral rights what peonage is to citizenship. If you sign a contract with a "work-for-hire" clause, you agree that what you've written is a thing without any more integrity than a lump of coal, and that the purchaser can do whatever he wants to it, editorially, without any need to consult you, and that no matter how much or under what circumstances the work is republished, you have no rights to demand further payment. In my opinion, work-for-hire contracts are disreputable acts of force majeure on the part of publishers. Nonetheless, it is almost impossible for a novice writer to avoid signing them, and in the last few years, it has been difficult even for established writers to avoid them…"
    (tags: work-for-hire contracts collaboration lawyers business-culture moral-rights copyright makers)
  • BlockShopper v. Jones Day: The right of Web sites to link. – By Wendy Davis – Slate Magazine
    "If sites really needed permission to link to others, the Web would be a very different place. It's hard to imagine there would be a Gawker, or for that matter a TMZ, a Wikipedia, or anywhere else that embarrasses the subjects of posts. In another example of an effort to stop linking, a city lawyer in Sheboygan, Wis., demanded that blogger (and political critic) Jennifer Reisinger remove from her site a link to the police department. Reisinger has sued various city officials for violating her First Amendment free speech rights. Her case is pending in federal district court in Wisconsin. Let's hope the judge in Reisinger's cases sees linking differently than Judge Darrah did. If cases like these come out the wrong way, the Internet could go from a Web to a series of one-way roads."
    (tags: slippery-slope lawyers bad trademark internet precedent-FAIL)
  • Wikinomics» Blog Archive
    "Following the completion of the process, all of the individual budgets were aggregated into one single “Citizen’s Budget”, which gave a clear picture of the participants’ wishes for the 2009/2010 municipal budget.

    Overall, 1800 citizens registered to use the website, with 1291 writing individual budgets (750 of whom provided written justifications). Although this is less than 1% of the city’s population (217 000), it still represents a sevenfold increase over the roughly 150-200 citizens who might show up for an offline, townhall consultation process."

    (tags: collaboration public-policy government engagement web2.0)