Category: Social

  • Belloq fail: Roblox

    In the category of “we can’t handle email right” again, or at least, they haven’t convinced me they can: the email that is this blog’s domain name plus .me.com is apparently on someone’s list of “valid emails you can put in forms”, or there’s a tool that exists somewhere to grab an email off one of the numerous breaches that included it, because it gets used by random people around the world to sign up for stuff.

    This is definitely an “I’m doing this on purpose” because the name is unusual for anyone who doesn’t speak Bahasa Indonesia, and I have never yet had a fraudulent sign-up from Indonesia.

    As I do for my other email, I usually punish them by resetting the password and locking them out of the account. For dating apps I add a really savage profile about how dumb they are.

    But every once in a while there’s one I can’t do this for — Capital One, for instance, allowed ROBIN JEAN (yep, it was all caps) to supply the me.com address as their email for a credit card without verifying that it was accessible by their customer. Their password reset requires, if I recall, the account number to do a reset, so there’s nothing I can do about that one except complain every month when the balance email shows up. (We’re three months in; hasn’t helped, though they keep swearing they’ll fix it.)

    The one I’m writing about today, however,  is one that leaves me gobsmacked. And somewhat alarmed.

    On July 1, I got a purchase confirmation from Roblox that read like this (please note that I do not have a Roblox account):

    Thank you for your purchase on Roblox, the online gaming platform that is powering imagination globally!
    
    Please contact us at roblox.com/support, or call us at +1-855-333-4734 if you have any questions about this charge.
    
    Your 6/28/2020 3:11:10 AM order:
    Item Purchased: Roblox Premium 2200
    Item Price: CAD25.99
    Next Renewal Date: 7/28/2020
    Total: CAD25.99
    
    Billing Information:
    sdf sdf
    pemungkah@me.com
    Visa ending in 1563
    sd
    sd
    fsd v6e
    United States
    Username: 45dfgerdfwerewr
    Sale ID: 543250908
    
    You will be charged CAD25.99 per month for this service until you cancel. You can cancel at any time by going to the billing tab of the account settings page and clicking cancel membership. If you cancel, you still will be charged for the current billing period. We hope you enjoy your membership!

    Let’s just luxuriate in the utterly transparent fakery of that address and username for a minute.

    It is blatantly obvious that whoever is using this credit card is not on the up-and-up. So I immediately tried to reset the password. Nope. No password reset email. Well, they allow several other authentication schemes, maybe I can’t reset it this way . I’ll make sure that Roblox Support knows about this; possibly unauthorized, fraudulent charges are most certainly going to be a serious issue for Roblox, and they’ll want to be sure that they’ve protected whoever this actually was, and they’ll take quick action to fix this.

    Ha. No.

    I spent the next eleven days simply trying to communicate that someone was very possibly committing fraud, that I had evidence, and that maybe they should do something.

    Roblox “support” spent that time sending me their form emails about unauthorized charges. Once I battered my way past that, I said, fine, you can’t tell me anything. Please make sure my email is removed from your system.

    They couldn’t find it.

    I supplied the email with full headers.

    Still couldn’t find it.

    Do you have any explanation as to how this order ended up in my mailbox, then? Because it certainly was not me or anyone in my household. I would think this would be an issue, that there are orders going out to emails that you don’t have any record of.

    Time passes. Crickets.

    Then I get the automated “you haven’t replied and we want to close this ticket so our KPIs look good” email. All right, I will explain it carefully so we can perhaps get an understanding going here.

    Hi. Look. This should not be as hard to understand as it seems to be.
    
    I forwarded you an email I got. 
    
    It came to my email address, and had my email address in the purchase record.
    
    The data in the purchase record is obviously random typing on the keyboard.
    
    It’s not my credit card.
    
    It is, however, my email.
    
    SOMETHING must have created this purchase. There has to be an audit trail that points back to some account that this purchase order is associated with, and some transaction that initiated it.
    
    Whatever account it is. Whatever purchase it was.
    
    NONE OF IT should be associated with my email.
    
    Have I made it clear?

    Reply:

    To assist with or provide information about any account, we must first verify account ownership. Unfortunately, there is no email address or purchase information associated with the account. Without this information, we are unable to verify ownership or assist further with the account.
    
    Please make sure that with any account you create, you add and verify your email address. This will allow us to verify ownership and also allow you to use the reset password feature.

    What did I just send you, other than the complete email, with all the headers, containing the account name, the email address, the literal transaction ID for the possibly fraudulent sale…? So I gave up.

    I’m guessing that they may actually have caught that it was bogus right away, and immediately deleted the account, and the stonewalling is to prevent me trying to social-engineer my way into, I don’t know, getting them to confirm the credit card is good or something.

    I’m guessing that there is a  record that this account was deleted because of fraud, but because of policy they can’t tell me that.

    But we’ll never know. To whoever owns the credit card, sorry, I did my best. I hope they did protect you, or that you catch the charge and dispute it.

    I’ll just say that I don’t feel warm and fuzzy about the whole thing.

  • Reducing Google access for Pokemon GO

    Pokemon GO players on iOS: the new release today (7/12/16, in the App Store now) reduces the information it wants from your Google account from “full access” to your email and “know who you are on Google”. If you were already signed up, do this:

    • Go to accounts.google.com; log in if you’re not already logged in
    • Go to https://security.google.com/settings/security/permissions
    • Click on “Pokemon GO release”
    • Revoke privileges
    • Go to your iOS device
    • Download the updated app, wait for it to reinstall
    • Kill the app; if you don’t know how to do this, just power your phone off and back on again
    • Launch Pokemon GO; it’ll fail to get access to your account. THIS IS OK.
    • Tap “try another account”
    • Log back in with your Google username and password.
    • This time it should ask for only “know your email” and “know who you are”.

    At the time I write this, it looks like many people are doing this, as the Pokemon GO servers are rendering the server overload screen:

    IMG_2165

    For the paranoid: It sounds like the iOS programmers just screwed up and released without reducing the account permissions request; this is not a nefarious scheme to steal all your email and Google+ naked selfies. From Niantic (via Kotaku):

    We recently discovered that the Pokémon GO account creation process on iOS erroneously requests full access permission for the user’s Google account. However, Pokémon GO only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected. [Emphasis mine – JM] Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokémon GO or Niantic. Google will soon reduce Pokémon GO’s permission to only the basic profile data that Pokémon GO needs, and users do not need to take any actions themselves.

  • An open letter to my namesakes

    Hi, all you other Joe McMahons out there.

    I’m sure you’re all great guys, a pleasure to know, upstanding in your community, and a blessing to your families. Kidding – I know at least one of you wanted to cheat on his wife.

    “Why would you say a thing like that! How could you possibly know that?”

    Well, Google tells me. I take that back – actually, you tell Google to tell me, via Gmail.

    Many of you seem to have the bad habit of using our name @ gmail.com when you are asked for an email address. I am at a loss as to why you do; magical email fairies are not going to deliver you mail because you tell gmail your name. I’m guessing it’s just plain laziness and not being willing to bother to spend the grueling 2 minutes it takes to set up a Gmail account.

    This is why all the places you set up accounts for always break, and you can’t log in anymore. Because it’s my frigging email account, you dolt.

    Whenever you set up an account to post a personal ad in Liverpool, or sell your used van, or buy a new laptop and set up a Windows Live account, or join Ashley Madison (that was my very favorite) and use that account, I’m the one who gets the confirmation message.

    You know what I do? I confirm your account, and then I immediately reset the password on your account so it’s my account, and I set up 50-character passwords and 2-factor authentication if possible.

    You know why? Because accounts linked to my Gmail account might be usable to social-engineer someone into access to my Gmail account.

    And that’s my Gmail account. Keep your grubby paws off it. If not, well, in the words or René Belloq:

    “Again we see there is nothing you can possess which I cannot take away.”

  • Pure majority rule considered harmful

    I’ve been discussing an issue on Perlmonks over the past couple days; specifically the potential for abuse of the anonymous posting feature. I’ve seen numerous threads go by discussing this, most of which have focused on restricting the anonymous user. Since the anonymous user’s current feature set seems to be a noli me tangere, I proposed an alternative solution similar to Twitter’s blocking feature. One of the site maintainers very cordially explained why my proposal was not going to be adopted, and in general I’d just let this drop – but I received another comment that I can’t just let pass without comment. To quote:

    I’m saying “This isn’t a problem for the overwhelming majority, therefore it is not a problem.”

    I’d like to take a second and talk about this particular argument against change, and why it is problematic. This is not about Perlmonks. This is not about any particular user. This is about a habit of thought that can be costly both on a job-related and personal level.

    Software engineering is of necessity conservative. It’s impossible to do everything that everyone wants, therefore we have to find reasons to choose some things and not others. And as long as the reasons are honest and based on fact and good reasoning, then they are good reasons. They may not make everyone happy (impossible to do everything), but they do not make anyone feel as if their needs are not being carefully considered. But, because we’re all human, sometimes we take our emotional reactions to a proposal and try to justify those with a “reason” that “proves” our emotional reaction is right.

    In this case, what is said here is something I’ve seen in many places, not just at Perlmonks: the assumption that unless the majority of the people concerned have a problem, there’s no good reason to change; the minority must put up with things as they are or leave. Secondarily, if there is no “perfect” solution (read: a solution that I like), then doing nothing is better than changing.

    There is a difference between respectfully acknowledging that a problem exists, and taking the time to lay out why there are no good solutions within the existing framework, including the current proposal, as the maintainer did – and with which I’m satisfied – and saying “everyone else is happy with things as they are”, end of conversation.

    The argument that the majority is perfectly happy with the status quo says several things by implication: the complainer should shut up and go along; the complainer is strange and different and there’s something wrong with them; they do not matter enough for us to address this.

    Again, what I’m talking about is not about Perlmonks.

    As software engineers, we tend to lean on our problem-solving skills, inventiveness, and intelligence. We use them every day, and they fix our problems and are valuable (they are why we get paid). This means we tend to take them not only to other projects, but into our personal lives. What I would want you to think about is whether you have accepted that stating “everyone else is happy with things as they are” is a part of your problem-solving toolkit. The idea that “the majority doesn’t have a problem with this” can morph into “I see myself as a member of the majority, so my opinions must be the majority’s opinions; since the majority being happy is sufficient to declare a problem solved, asserting my opinion is sufficient – the majority rule applies because I represent the majority”.

    This shift can be poisonous to personal relationships, and embodies a potential for the destruction of other projects – it becomes all too easy to say the stakeholders are being “too picky” or “unrealistic”, or to assume that a romantic partner or friend should always think the same way you do because “most people like this” or “everybody wants this” or “nobody needs this” – when in actuality you like it or want it or don’t need it. The other person may like, need, or want it very much – and you’ve just said by implication that to you they’re “nobody” – that they don’t count. No matter how close a working or personal relationship is, this will sooner or later break it.

    Making sure you’re acknowledging that what others feel, want, and need is as valid as what you feel, want, and need will go a long way toward dismantling these implicit assumptions that you are justified in telling them how they feel and what should matter to them.

  • The Node.js “he”/”they” Change: Analysis of a Social Bug

    The Node.js foofaraw – concerning a fix meant to remove a “he” and switch it to a “they” – has gone all the way from a one-word patch to a monstrously-long comment chain on the patch and a core contributor resigning from the project.

    The controversy continues a week later, with opinions ranging from “good riddance” to “how terrible people would make a good programer quit the project”. I’d like to step back and try to do what good programmers do when something fails in a spectacular way: look at what the situation was, what happened, and try to determine not only a cause but a way to prevent the issue in the future.

    Rather than spend a lot of time on the deep analysis first, I’m going to go straight to my conclusion, and then illustrate why I think it’s true.

    The social bug

    The problem was neither completely a software problem, nor a social problem, but one caused by multiple confusions of software criteria for social ones (and vice versa), and of the essence of software with its representation, followed by not seeing the necessity of cohesion to help correct a community-wide problem.

    Node.js is both a software project and a social group. There is code: an agreed-upon, human-intelligible means of communicating information about a set of designs and procedures to other humans, such that the chosen representation of that information can be turned into a different representation that can be executed by a computer. This is shared among the people who are working on it, and all of the people working on it submit proposed changes to a set of core committers who decide what goes in and what doesn’t based on their technical expertise, the quality of the submissions, and the overall goals of the project. So far so good.

    Software, however,  is not only the expression of algorithms and design, but an expression of the community’s standards, especially when it is a public project. Because we are not computers ourselves, that communication will by necessity include desires, impulses, preconceived ideas, and all those other messy things that go along with being human. Some places the community or readers and writers will share nearly all the same ideas and goals; in others they will have large differences.

    So it’s possible, even likely, that “good’ software – it executes properly, meets its design goals, it produces proper results – may communicate a personal or social message that raises a problem for members of the group on a personal level. This is a social bug.

    Fixing a social bug

    Fixing a social bug requires a very different set of talents and procedures than software debugging does. Among these are careful listening and a willingness to take enough time to reach an agreement, or at least an understanding; a willingness to accept that bad judgement and errors in solving a social bug can cause problems far worse than the original bug; and that sometimes the only tools that can fix them are personal responsibility and acceptance, with ensuing personal costs.

    “Too small a change”

    The Node.js failure occurred because Ben evaluated a social bug patch as a software patch. The specific change was a one-word change to a comment – a change to a comment is one of the clear signs that this was a human issue instead of a software one. Second, the change was gender-related. Most software developers during the current era are aware that a gender-related question is almost certainly going to be a social issue instead of a software one. Not seeing this and switching to a different problem-solving paradigm was the first error.

    Causes for this first error are quite obscure. The very quick escalation of the problem caused by the lack of followup communication (see below) led to it being difficult to see what the proximate cause of the error was. It is possible that the initial evaluation of the change as insignificant was triggered by a cursory look at the patch: (paraphrasing) “one word in a comment? this isn’t worth it”, but we can’t say for sure.

    The first error could have been avoided in a couple ways. If Ben had spotted this as a social issue immediately and had deployed social problem-solving immediately, it’s possible that this problem could have been resolved in a couple minutes. Possibly a lack of experience or training in dealing with social issues is the base reason for this particular failure; training, either formal or informal, in dealing with social issues is recommended to provide a base to work from.

    “Works for me”

    The second error occurred when other users filed “votes” for this social bug; they were attempting to communicate that the social problem was a problem for them as well, and these reports were seemingly ignored – there was no response for some time – or brushed off with a statement that the patch was not significant enough.

    This failure can be summed up as a ‘works for me’ closure for a social bug, which, in an open source project, will more likely exacerbate the problem instead of fixing it. Closing a social bug as “works for me” communicates to the person reporting a social bug that the responder disregards the fact that the reporter is not the same as the responder, and that  the item complained about is not “working” for reporter; else it would not be being reported! “Works for me” for a social bug communicates “you’re taking this too seriously” or “this doesn’t mean anything, you should ignore it”.

    The solution to this situation is to engage the reporters. Talk to them, find out their reasons for reporting the bug, take their input seriously. It may not make sense immediately, but it is critical to be seen as open, willing to listen, and accepting. You may need to say “I’m sorry, I had no idea this was the case.” Apologizing at this point is far easier than doing so after arguing against the reporters’ feelings and thoughts. Only after listening should you take any action. You should offer to listen in private so that persons who might feel at risk in speaking in public can feel safe in speaking to you. You may be on the receiving end of some anger and frustration; do your best to accept it as a communication of those feelings rather than responding to its face value. You do not have to be a doormat; you may ask for less emotionally-loaded communication, but only after acknowledging the sender has a right to those feelings and that you understand that they feel upset/angry/frustrated. Your job is to take all this in and return understanding.

    Setting up a private conversation would have been ideal; a second-best would be to have said, “I can see this is more important to people than I thought; I understand this, but I’m still of the opinion this change by itself is smaller than we normally prefer to commit. Can we come up with a solution that expands the scope of the patch – maybe do an audit and clean it all up – and I’ll gladly commit that – or is there another possibility? Let’s talk about this – write me at XXXX@YYYY.ZZZ”.

    “Consider yourself chided”

    At this point, Isaac attempted to simply solve the social bug by merging the fix; unfortunately Ben apparently continued to view this as a software issue, and reverted the patch with comments about procedures and “chiding” Isaac, who was trying to head off the social train wreck. This sent the message (whether justified or not) that Ben had an agenda and was actively engaged in retaining the social bug, thereby escalating the bug from a small issue to a community-wide one of “what kind of message do the responsible members of the community want to send about this issue?”.

    Several problems occurred here. A secondary social issue, no doubt amplified by the Joyent/Strongloop rivalry connected with Node.js, was aired in public instead of sorted out in private. The appearance of dissension among the core committers sent a bad social message – that the basic values of the community were indeed in conflict. This led to the airing of less and less productive attitudes and attacks.

    Other persons at Ben and Isaac’s respective employers have explained that the issue was caused by Ben’s not understanding that the use of a gendered pronoun was so loaded. Perhaps this is true; given the amount of discussion of this issue over the past year or so, it seems unlikely. However, a number of people attempted to communicate that this really was an important issue. As far as can be seen, Ben did not engage with them when they tried to communicate this really was a big deal and that he should pay attention. It is always a failure in a social bug situation to appear to not care.

    At that point, many different factions within the community, who before the bug was worsened into one of community principles had not even noticed the patch became involved. By this point the discussion had already spread to Twitter, pulling in other persons for whom this was indeed a social bug that mattered to them, myself included. It also pulled in a number of persons who were coming to the “defense” of the committer, further increasing the appearance of dissension in the ranks, and leading to YouTube levels of argument. In retrospect, joining the discussion was not productive, and I should not have done so. Trying private communications first would have been the right call; if there were no other way to communicate, trying to talk to Ben directly might have been acceptable; replying to people arguing with me was definitely not, and I should not have allowed myself to do so. (Again, my apologies to Isaac, who was trying to tamp down the social problem; I’m sorry to have made it harder on you.)

    Many of the most rancorous discussions came out of trying to pretend that the software was an entity divorced from its human representation, and therefore social bug reports about the code were inane, hypocritical, or the result of ulterior motives (“white knight” was bandied around with vigor). Unfortunately there was no one at the upper levels of the Node.js informal hierarchy with the ability to choke off the argument (GitHub does not have a means of limiting discussion on a patch), and the core committers as a group were unable to, unwilling to, or simply did not think of establishing a united front and announcing a social bug solution. Isaac deployed a number of good social bug patches (language usage standards, acceptance of the patch, a definite statement that Node.js was committed to being inclusive), but the solidarity of the group had been damaged.

    Solutions for this? When a social situation is spiraling out of control, the first task is to restore a consensus. It may be necessary to impose a cool-down period; discussion of the topic is barred in the public forum but encouraged privately. If a cool-down cannot be imposed (as in this case, where commenting could not be blocked), then the putative leaders must establish their own working consensus and reiterate it until it is clear that there is a consensus for now; that observations and complaints will be listened to and all points of view will be considered; that it is clear that there is a problem and that it does need to be fixed; and that the current decision is not necessarily the permanent last word on the subject, but it is the current decision of the leadership of the project, and that it is the end of the public discussion for now. Concerned parties are encouraged to talk to the leadership to help shape policy in this area.

    Resignation

    Ben has resigned form the project. I am sorry, as he has been a valued participant and has contributed a lot of code. This is the “everybody loses” solution to dissension; one person or another quits or is forced out.

    In a hypothetical “everybody wins” version, the people who had the argument are required to resolve it – privately – and to come to an agreement. This may require one of, or all of, the participants to apologize: to each other, to the community, perhaps to others outside it, and the agreement is presented jointly by those who were arguing.

    Any further discussion of the topic is cut off by the person on the “opposite” side: in this hypothetical instance, if someone was defending the initial refusal to commit, it would be Ben’s responsibility to step in and say, “we’ve resolved this, and we don’t need to discuss it further here. If you need to talk to us about it, write me a XXXXX@YYYYY.ZZZ.” If someone was saying, “Well, Isaac was right to override,”, then it would be Isaac’s responsibility to do the same. If someone simply is insisting on discussing feminism, or language, or someone’s motivations, any one of the participants should say “speaking for all of us, we’re done with this now; this is the policy. If you don’t like the policy, send your objections and suggest fixes to XXXXX@YYYYY.ZZZ.”

    “Asshole”

    During this period, various official entities published blog posts support for one committer (the Joyent “asshole”/”fire” post) or another (the Strongloop “second language” post); none of these did much except make one set of people happy and another unhappy.

    The Joyent posting chose loaded language (e.g., “asshole”) to describe behavior; worse, “asshole” was not used in a way that made it clear that someone can act like an asshole, but that this does not necessarily mean that they are permanently and unreservedly an asshole. Certain behavior on the first committer’s part was socially inept and appeared condescending and somewhat hostile to an outside observer.

    The only real solution, difficult as it is, to someone is calling you an asshole is to stop and re-evaluate your behavior to understand why they are saying this. If your re-evaluation of your actions causes you to realize you were wrong, then you need to say this. Even if your evaluation says you are right, something has caused the name-caller a problem, and for the continued social good health of the project, you need to figure out what it is. This will probably entail talking to someone who is good and mad at you, and it will probably be very uncomfortable. You may have to take timeouts from the conversation. You will probably have to apologize. You will almost certainly have to change your actions and probably your ideas, unless a neutral observer (not someone “on your side”) agrees that the name-caller really is off in na-na land.

    Conclusions

    It is, yes, a shame when knowledge leaves a project, or when someone loses their enthusiasm for it and gives up on it. It is not a shame that people were willing to stick their necks out and say, “I think that this decision does not reflect well on the project”, especially when some of those people have a lot to lose because of it. (I’ve been in a conversation where someone has actually offered the opinion that if a person using a particular ID is being verbally harassed at that ID, the right solution is for them to abandon that ID an move to another. Apparently the harassers shouldn’t have to do so.)

    Persons who have a high profile in a public shared project do need to be willing to listen; to say they are sorry; to say thank you to someone who points out a mistake, no matter the language in which this is done. If you have inflicted a social bug’s results on someone, you don’t get to decide what reaction is appropriate; you don’t get to decide how many people are allowed to react; you don’t get to decide how someone is allowed to speak to you about it. You only get to decide whether or not to say something like “Holy crap. I didn’t realize. Thanks for telling me. I’m sorry about this.” If you decide not to, you may be acting like an asshole. If you always decide not to, you may be and asshole, for the purposes of people who observe this and then give up trying to interact with you.