Apr 102016
 

I’ve been encountering an increasing number of Web sites lately that asked me to disable my ad blocker. They promise, in return, fewer ads.

And with that promise, they demonstrate that they completely and utterly miss the point.

I don’t want fewer ads. I don’t mind ads. I understand that for news Web sites, ads are an essential source of revenue. I don’t resent that. I even click on ads that I find interesting or relevant.

So why do I use an ad blocker, then?

In one word: security.

Malicious ads showed up even on some of the most respectable Web sites. Ad networks have no incentive to vet ads for security, so all too often, they only remove them after the fact, after someone complained. And like a whack-a-mole game, the malicious advertiser is back in no time under another name, with another ad.

And then there are those ads that pop up with an autostart video, with blaring sound in the middle of the night, with the poor user (that would be me) scrambling to find which browser tab, which animation is responsible for the late night cacophony.

Indeed, it was one of these incidents that prompted me to call it quits on ads and install an ad blocker.

So sorry folks, if you are preventing me from accessing your content because of my ad blocker, I just go elsewhere.

That is, until and unless you can offer credible assurance that the ads on your site are safe. I don’t care how many there are. It’s self-limiting anyway: advertisers won’t pay top dollar for an ad on a site that is saturated with ads. What I need to know is that the ads on your site won’t ruin my day one way or another.

 Posted by at 9:19 am
Feb 212016
 

Last night, when I almost managed to kill my server, I was playing with a service that I just discovered: Weather forecast in ASCII.

Well, almost ASCII. UTF-8 characters, to be precise. (And it was while messing with those xterm settings that I managed to enter a command using the wrong syntax.)

Still, it’s a nicely formatted three-day forecast suitable for text terminals. And it has pretty thorough world coverage.

I just hope the forecast holds up for Tuesday, as I’ll have quite a few errands to run that day and I’d prefer not to get stuck in a snowstorm.

 Posted by at 9:24 am
Jan 282016
 

There is an interesting paper out there by Guerreiro and Monteiro, published a few months ago in Physics Letters A. It is about evaporating black holes. The author’s main assertion is that because of Hawking radiation, not even an infalling ray of light can ever cross the event horizon: rather, the event horizon evaporates faster than the light ray could reach it, neatly solving a bunch of issues and paradoxes associated with black holes and quantum physics, such as the problems with unitarity and information loss.

I find this idea intriguing and very appealing to my intuition about black holes. I just read the paper and I cannot spot any obvious errors. I am left wondering if the authors appreciated that the Vaydia metric is not a vacuum metric (indeed, it is easy to prove that a spherically symmetric time-dependent solution of Einstein’s field equations cannot be a vacuum solution; there will always be a radial momentum field, carrying matter out of or into the black hole) but it has no bearing on their conclusions I believe.

Now it’s a good question why I am only seeing a paper that is of great interest to me more than six months after its publication. The reason is that although the paper appeared in a pre-eminent journal, it was rejected by the manuscript archive, arxiv.org. This is deeply troubling. The paper is certainly not obviously wrong. It is not plagiarized. Its topic is entirely appropriate to the arXiv subject field to which it was submitted. It is not a duplicate, nor did the authors previously abuse arXiv’s submission system. Yet this paper was rejected. And the most troubling bit is that we do not know why; the rejection policy of arXiv is not only arbitrary, it seems, but also lacks transparency.

This manuscript archive is immensely valuable to researchers. It is one of the greatest inventions of the Internet era. I feel nothing but gratitude towards the people who established and maintain this repository. Nonetheless, I do not believe that such an opaque and seemingly arbitrary rejection policy is justifiable. I hope that this will be remedied and that arXiv’s administrators will take the necessary steps to ensure that in the future, rejections are based on sound criteria and the decisions are transparently explained.

 Posted by at 5:51 pm
May 152015
 

Whenever I travel, I think a lot about Internet security. For purely selfish reasons: I do not wish to become a victim of cybercrime or unnecessarily expose my own systems to attacks.

The easiest way to achieve end-to-end encryption is through a virtual private network (VPN). Whenever possible, I connect to my own router’s VPN service here in Ottawa before doing anything else on the Interwebs. The connection from my router to the final destination is still subject to intercept, but at least my connection from whatever foreign country I am in to my own network is secure.

A VPN has numerous other advantages, not the least of which is the fact that to the outside world, I appear to have an Ottawa-based IP address; this allows me, for instance, to use my Netflix subscription even in countries where Netflix is not normally available.

The downside of the VPN is that I am limited by the outgoing bandwidth of my own connections. But in practice, this does not appear to be a serious limitation. (I was able to watch Breaking Bad episodes just fine while in Abu Dhabi.)

Unfortunately, a VPN is not always possible, as some providers, for reasons known only to them, block VPNs. (I can think of a few workarounds, but I have not yet implemented any of them.) Even in this case, I remain at least partially protected. I have set up my mail server such that both incoming (IMAP) and outgoing (SMTP) connections are fully encrypted. This way, not only are my messages secure, but (and this was my main concern) I also avoid leaking sensitive password information to an eavesdropper.

When it comes to Web sites, I use secure (HTTPS) connections whenever possible, even for “mundane” stuff like innocent Google searches. I also use SSH if necessary, to connect to my servers. These days, SSH is an absolute must; the use of Telnet is just an invitation for disaster.

But of course the biggest security risk while one is on the road is the use of a public Wi-Fi network anywhere. Connecting to an HTTP (not HTTPS) server through a public Wi-Fi network and logging in with your password may not be the exact equivalent of telegraphing your password to the whole wide world, but it comes pretty darn close. Tools that can be used to scan for Wi-Fi networks and analyze the data are readily available not just for laptops but even for smartphones.

Once an open Wi-Fi network is identified, “sniffing” all packets becomes a trivial exercise, with downloadable tools that are readily available. Which is why it is incomprehensible to me why, in this day and age, most providers (e.g., hotels, airports) that actually do require users to log in use an unsecure network and just intercept the user’s first Web query to present a login page instead, when the technology to provide a properly secured Wi-Fi network has long been available.

In the future, no doubt I’ll have to take even stronger measures to maintain data security. For instance, the simple PPTP VPN technology in my router has known vulnerabilities. Today, it may take several hours on a dedicated high-end workstation to crack its encryption keys; the same task may be accomplished in minutes or less on tomorrow’s smartphones.

So there really are two lessons here: First, any security is bettern than no security, as it makes it that much harder for an attacker to do harm, and most attackers will just move on to find lower hanging fruit. Second, no measure should give you a false sense of security: by implementing reasonable security measures, you are raising the bar higher, but it will never defeat a determined attacker.

 Posted by at 2:46 pm
Mar 312015
 

Social networking sites know a lot about you, and LinkedIn is no exception.

The other day, I noticed a cute tool (for all I know, it was around for years; I don’t visit LinkedIn that often) that graphically summarizes my LinkedIn connections. Here it is:

I was a bit surprised by the number of connections I seem to have from the San Francisco Bay area. I am also wondering about the correct interpretation of the Seniority plot. If you have a lot of senior connections, is it because of your own seniority, or is it because these were all your would-be bosses, but you were never able to find a good position and form good relationships with co-workers?

Then again, as far as I can determine, others may not even be able to view this graphic. That is, unless you are silly enough to post it to your blog for the world to see! Oh… what?!

 Posted by at 5:06 pm
Mar 272015
 

In an interview with Radio Free Europe, a former employee reveals what is a de facto Orwellian Ministry of Truth operated by Putin’s regime in Russia.

In St. Petersburg’s Internet Research center, professional Internet trolls are employed who post comments on various social media sites. The operation is sophisticated: employees play different roles, creating an impression of genuine debate in which, of course, the government line always prevails. Their activities sometimes become surreal, described as a parody of Orwell’s novel. But wait a cotton-picking minute… wasn’t it Orwell’s novel that was supposed to be the parody? What a strange world we live in.

 Posted by at 10:49 am
Mar 252015
 

Curse my suspicious nature.

Here I am, reading a very nice letter from a volunteer who is asking me to share a link on my calculator museum Web site to cheer up some kids:

rachel1

And then, instead of doing as I was asked to do, I turned to Google. Somehow, this message just didn’t smell entirely kosher. The article to which I was supposed to link also appeared rather sterile, more like an uninspired homework assignment, with several factual errors. So I started searching. It didn’t take very long until I found this gem:

Then, searching some more, I came across this:

Or how about this one:

Looks like Ms. Martin has been a busy lady.

So no, I don’t think I’d be adding any links today.

 Posted by at 7:33 pm
Mar 232015
 

Emmy Noether… not exactly a household name, at least outside of the community of theoretical physicists and mathematicians.

Which is why I was so surprised today when I noticed Google’s March 23 Doodle: a commemoration of Emmy Noether’s 133rd birthday.

Wow. I mean, thank you, Google. What a nice and deserving tribute to one of my heroes.

 Posted by at 11:36 pm
Mar 142015
 

I hate software upgrades.

It is one of the least productive ways to use one’s time. I am talking about upgrades that are more or less mandatory, when a manufacturer ends support of an older version. So especially if the software in question is exposed to the outside world, upgrading is not optional: the security risk associated with using an unsupported, obsolete version is quite significant.

Today, I was forced to upgrade all my Web sites that use the Joomla content management system, as support for Joomla 2.5 ended in December, 2014.

Joomla-Logo

What can I say. It was not fun. I am using some custom components and some homebrew solutions, and it took the better part of the day to get through everything and resolve all compatibility issues.

And I gained absolutely nothing. My Web sites look exactly like they did yesterday (apart from things that might  be broken as a result of the upgrade, that is.) I just wasted a few precious hours of my life.

Did I mention that I hate software upgrades?

 Posted by at 7:30 pm
Mar 052015
 

300px-Audio-volume-high.svgNotice to Web advertisers: If you stick a video on a Web page that starts with blaring noise in the middle of the night, the only thing you accomplish is that I close the bleeping page in a mad panic, and I make sure never to visit it again.

Moments ago, this is what happened when I visited a page on the Montreal Gazette’s Web site, trying to read an article, only to have a car commercial start without any interaction on my part, at maximum volume.

I don’t know what car was being advertised. I don’t even care. I just swore and scrambled to click the Close button.

This is unpleasant even during the day, insanely annoying late at night when you worry about waking up family members, for instance.

I hope that one day, the idiots who believe this form of advertising is appropriate will all have their eardrums pierced in a most painful manner by excessive noise.

It appears though that I am not alone: there is a study suggesting that such loud ads are bad for business.

As for me, against my better judgment, I just decided to install AdBlock Plus on Chrome. Let’s see if it works as advertised.

 Posted by at 2:06 pm
Sep 232014
 

Dear CRTC: Please stop trying to protect us poor Canadians from evil companies like Netflix.

Video-on-demand is not broadcasting. The Internet is not the public airwaves. You have no business trying to bully companies just because they threaten the livelihood of lumbering, decrepit behemoths like Rogers.

I am a Rogers Cable subscriber. I have been a Rogers Cable subscriber ever since they purchased Ottawa Cablevision more than two decades ago.

What am I getting from Rogers? Here are a few examples:

  • Inept, sometimes openly contemptuous customer service (like, what kind of a backward moron am I for still wanting to use analog cable without a settop box?);
  • Technically substandard service (programs interrupted by local commercials that are inserted at the wrong time, substandard signal quality on some analog channels; an analog video frame that is reduced in size by a ratio of 59/60 for no apparent reason);
  • Overpriced, obsolete hardware and no opportunity to use non-Rogers equipment, e.g., with a subscriber identity card;
  • Unnecessary encryption on all digital channels (including local channels), which makes it impossible to use a TV without a settop box.

And you wonder why I am contemplating “cutting the cord”?

Instead of blaming Netflix, perhaps you can have a conversation with Rogers about addressing issues that alienate their customers. If you are not willing to do that, fine, then let the free market do its thing. But take your dirty regulatory paws off the Canadian Internet, please.

 Posted by at 10:18 am
Aug 142014
 

Electronic mailing lists are a somewhat old-fashioned way to let a group of people stay in touch and communicate about a topic of interest.

Many mailing lists these days offer a “digest” service: instead of sending out each message individually to the list recipient, they receive one message a day, a week, or some other set interval, containing all the traffic from the mailing list during that time period.

Tonight, on a mailing list to which I subscribe, I saw yet another request to delete the original message from any replies, for the benefit of digest readers. I have seen such requests many times in the past, and every time I come across one, I get rather annoyed.

Including the original message is of course redundant for “digest” readers, as they probably have a copy of the original message right there, as part of the same digest. But for non-digest readers, including the original saves the time it takes to look up the earlier message.

In other words, what these helpful volunteer “list police” folks are really saying amounts to this: If you are one of those idiots who actually bothers to read messages individually, your time is less valuable than the time of those who already decided that the list is not worth that much attention in the first place.

Why, thank you for putting me in my place.

 Posted by at 10:49 pm
Jun 212014
 

Having been annoyed by a Firefox crash a few weeks ago, I decided to give Google’s Chrome browser a serious try on my Windows desktop. I am, after all, using Chrome on my Android phone and tablet, so I figured I might as well swear allegiance to our Google overlords on my desktop as well…

But it’s not going to happen, not just yet. Yesterday, after I managed to close a tab in Chrome by accident one too many times, I Googled for ways to disable the “X” in tabs other than the active tab… only to find that Google years ago declared that they don’t consider this a problem and they would not solve it. Indeed, I find Chrome’s customization features rather limited compared to what is available in Firefox under about:config.

So, I switched back. I shall be using Firefox for the time being. I am still keeping Chrome on standby, just in case Mozilla goes berserk (their recent UI changes were not exactly welcome with open arms by much of the user community, myself included; who knows what new insanity awaits us in the pipeline.)

And, it seems that I am not alone.

 Posted by at 3:28 pm
Apr 102014
 

In light of the latest Internet security scare, the Heartbleed bug, there are again many voices calling for an end to the use of passwords, to be replaced instead by fingerprint scanners or other kinds of biometric identification.

I think it is a horrifyingly, terribly bad idea.

Just to be clear, I am putting aside any concerns about the reliability of biometric identification. They are not as reliable as their advocates would like us to believe, but this is not really the issue. I am assuming that as of today, biometric technologies are absolutely, 100% reliable. Even so, they are still a terrible idea, and here is why.

First, what happens if your biometric identification becomes compromised? However it is acquired, it is still transmitted in the form of a series of bits and bytes, which can be intercepted by an attacker. If this were a password, you could easily change it to thwart an attack. But how do you change your fingerprint? Your retina print? Your voice? Your heartbeat?

Second, what happens if you “lose” your biometric identification marker? Fingers get chopped off in accidents. People lose their eyesight. An emergency tracheotomy may deprive you of your normal voice. What then?

And what about privacy concerns? There have been rulings I understand, in the US and perhaps elsewhere, that imply that the same legal or constitutional guarantees that protect you from being compelled to reveal a password may not apply when it comes to providing a fingerprint, a DNA sample, or other biometric markers.

The bottom line is this: a password associating an account or a service to a unique piece of secret knowledge. This knowledge can be changed, passed on, or revoked, and owners may be protected by law from being compelled to reveal it. Biometric identification fundamentally changes this relationship by associating the account or the service with an unmalleable biometric characteristic of a person.

Please don’t.

 Posted by at 10:27 am
Apr 012014
 

I checked my Google AdSense report moments ago, and much to my delight I found that most of my earnings today were due to clicks from Jupiter’s icy moon Europa.

What a nice surprise on the first day of a new month, April.

Wait a moment… First day? April???

 Posted by at 4:20 pm
Dec 012013
 

American news channels are abuzz with news about the revamped Obamacare Web site, healthcare.gov.

Moments ago, out of curiosity, I visited the site. To be precise, I wanted to search for news about healthcare.gov, so clicking on a link that actually took me to the site is something I did more by accident than by design.

Indeed, I only realized that I actually visited the site (and not just a news site page about the site) when I encountered the following error:

healthcare-gov

Ah, the irony.

 Posted by at 2:39 pm
Sep 122013
 

Here is a sight I have not seen since July 30:

Route results for 199.166.252.0/24 from Vienna, Austria

BGP routing table entry for 199.166.252.0/24
Paths: (4 available, best #1)
  1239 577
  AS-path translation: { AS1239 BELL-AS }
    edge3.Frankfurt1 (metric 13114)
      Origin IGP, metric 100000, localpref 86, valid, internal, best
      Community: Europe  Lclprf_86 Germany Level3_Peer Frankfurt
      Originator: edge3.Frankfurt1
  1239 577
  AS-path translation: { AS1239 BELL-AS }
    edge3.Frankfurt1 (metric 13114)
      Origin IGP, metric 100000, localpref 86, valid, internal
      Community: Europe  Lclprf_86 Germany Level3_Peer Frankfurt
      Originator: edge3.Frankfurt1
  1239 577
  AS-path translation: { AS1239 BELL-AS }
    edge3.Frankfurt1 (metric 13114)
      Origin IGP, metric 100000, localpref 86, valid, internal
      Community: Europe  Lclprf_86 Germany Level3_Peer Frankfurt
      Originator: edge3.Frankfurt1
  1239 577
  AS-path translation: { AS1239 BELL-AS }
    edge3.Frankfurt1 (metric 13114)
      Origin IGP, metric 100000, localpref 86, valid, internal
      Community: Europe  Lclprf_86 Germany Level3_Peer Frankfurt
      Originator: edge3.Frankfurt1

This is a valid routing table entry for my class C address space at a randomly picked backbone router somewhere on the Internet.

On July 30, Verizon Canada disconnected me. Or rather, they decommissioned the point-of-presence equipment that was utilized by my Internet connection, without moving all their customers first to another POP.

When Verizon proved unable to restore my connection after 10 (!) days, I canceled my contract with them. Meanwhile, my sites’ continuing existence on the Internet was maintained using a backup cable modem connection.

But, as of today, I once again have a functioning DSL connection, courtesy of Bell Canada. Better yet, they were actually able to set up everything properly, including my special request for routing for my portable class C address space. Needless to say, I am very pleased.

And their service costs a lot less than Verizon Canada’s.

 Posted by at 4:41 pm
Sep 062013
 

So the NSA and their counterparts elsewhere, including Canada and the UK, are spying on us. I wish I could say the news shocked me, but it didn’t.

The level of secrecy is a cause for concern of course. It is one thing for these agencies not to disclose specific sources and methods, it is another to keep the existence of entire programs secret, especially when these programs are designed to collect data wholesale.

But my biggest concern is that the programs themselves represent a huge security threat for all of us.

First, the NSA apparently relies on its ability to compromise the security of encryption products and technologies or on backdoors built into these products. An unspoken assumption is that only the NSA would be able to exploit these weaknesses. But how do we know that this is the case? How do we know that the same weaknesses and backdoors used by the NSA to decrypt our communications are not discovered and then exploited by foreign intelligence agencies, industrial spies, or criminal organizations?

As an illustrative example, imagine purchasing a very secure lock for your front door. Now imagine that the manufacturer does not tell you that the locks are designed such that there exists a master key that opens them all. Maybe the only officially sanctioned master key is deposited in a safe place, but what are the guarantees that it does not get stolen? Copied? Or that the lock is not reverse engineered?

My other worry is about how the NSA either directly collects, or compels service providers to collect, and store, large amounts of data (e.g., raw Internet traffic). Once again, the unspoken assumption is that only authorized personnel are able to access the data that was collected. But what are the guarantees for that? How do we know that these databases are not compromised and that our private data will not fall into hands not bound by laws and legislative oversight?

These are not groundless concerns. As Edward Snowden’s case demonstrates, the NSA was unable to control unauthorized access even by its own contract employees working in what was supposedly a highly structured, extremely secure work environment. (How on Earth was Snowden able to copy data from a top secret system to a portable device? That violates just about every security rule in the book.)

So even if the NSA and friends play entirely above board and never act in an unlawful manner, these serious concerns remain.

I do not believe we, as citizens, should grant the authority to any state security apparatus to collect data wholesale, or to compromise the cryptographic security of our digital infrastructure. Even if it makes it harder to catch bad guys.

So, our message to the NSA, the CSE, the GCHQ and their friends elsewhere in the free world should be simply this: back off, guys. Or else, risk undermining the very thing you purportedly protect, our basic security.

 Posted by at 1:50 pm
Aug 072013
 

Visitors to my blog or Web sites may have noticed that in the past week, my Web pages loaded more slowly than usual, and may even have been unavailable at times.

The reason: shortly before noon, July 30, I lost my primary Internet connection.

This connection was via a legacy DSL service (bridged DSL) to a company that used to be UUNet Canada, was purchased by MCI, and eventually, by Verizon, and now does business under the Verizon Canada name.

Yes, the same Verizon that is about to enter the Canadian wireless market, much to the concern of Canada’s “big three”, Bell, Rogers and Telus.

I noticed the service interruption essentially immediately, and reported it to Verizon. First, they suggested that it was a telco problem; indeed, Bell Canada even wanted to send out a technician, but fortunately, I was able to talk them out of this. (The DSL modem was connecting just fine.)

The service was not restored the next day, nor on August 1. But on August 1, I had a long discussion with a Verizon technician. The first thing I learned is that the technician resides in the Philippines. Back in the old days, when I had a technical issue with UUNet Canada, I usually ended up talking to an engineer in their Toronto network operations center, and my issue was resolved in minutes. Don’t get me wrong, the Philippines technician spoke accent-free English and had a basic level of understanding of the technology; but no real competence and, obviously, no decision-making authority.

What the technician did explain, however, is that Verizon made a colossal screw-up: they decommissioned some of their point-of-presence equipment here in Ottawa without first moving all customers who were still using said equipment. The technician told me that they were scrambling to find a solution, and I’ll be back up and running within a few days.

Well… that was August 1. A long weekend then came and went, but still, no Internet service. So on Tuesday, August 5, I called Verizon Canada. Their main 800 number was answered by a pleasant sounding young lady (an intern, I later learned) but on my first two calls, she managed to connect me to two different voice mailboxes, whereas on the third try, I got disconnected. On the fourth try, she made a real effort to reach someone within the company. She was ready to give up (providing me with an e-mail address instead) but when I told her that I’d rather wait on hold a little longer, she finally managed to get me connected to a senior manager.

This gentleman was friendly and competent enough, and certainly understood and appreciated the severity of my situation. I explained to him that I was already taking steps to switch to Bell Canada as my primary Internet provider. He promised to look into my situation and find a solution. He asked for a day. I asked him to call me this morning, because I wanted to make a decision today, one way or another.

He called indeed at the promised time, but all he could tell me was that he was still waiting for some technical folks to come out of a meeting. Okay, we agreed that he’d call again before 2 PM. He sent an e-mail at 2:09 PM, saying that it would take just a tad longer.

At 3:45 PM, I e-mailed and then called him. No answer. So a few minutes later, it was the end of the line for me: I called and e-mailed again, this time instructing Verizon to terminate my service. I then contacted Bell and asked them to initiate setting up my new account.

Now let’s be clear for a moment: I am not talking about some cheap $20/month wireless contract. I was paying a premium, to the tune of several hundred dollars, to Verizon for this service. And I’ve been their customer (with a a short interruption) since way back in 1994. If my experience is indicative of the kind of service Verizon provides, all I can say to people cheering the prospects of Verizon’s entry into the Canadian wireless market is to be careful what they wish for.

It will be a few days before my new service with Bell is up and running. I am sure there will be headaches, but I am hopeful that it won’t be too much of a hassle. Meanwhile, I am relying on a backup service that I set up two years ago with Rogers, when my Verizon service was down for a few days (that time, it was actually Bell’s fault, or so I was told.) This service is a little slower, but at least it works (for now).


I said “I was paying a premium”, but in the last few months, I really wasn’t. Not my fault… I really tried giving them my money. Earlier this year, Verizon moved their Canadian business customers to their pre-existing Enterprise system that combines billing, online payments, service calls, etc. I dutifully set up my account as instructed and made many attempts to pay. The system accepted my credit card, informed me that my payment was processed, but charges never actually appeared on my credit card account. Last month, I contacted Verizon and after some lengthy phone calls with their billing department, also located in the Philippines, they finally told me that the problem has been found and fixed. Well… no charges appeared on my credit card account yet. Funny thing is, when I check with Verizon, my account there shows no arrears. What can I say? If they don’t want my money… I just hope that if they do come to their senses and collect the outstanding invoice amounts, they don’t actually try to charge me for the month of August… the service, after all, went away on July 30 and it was never restored.

 Posted by at 9:20 pm
Jun 202013
 

I have read about this before and I didn’t want to believe it then. I still don’t believe it, to be honest, but it is apparently happening.

Yahoo will recycle inactive user IDs. That is, if you don’t log on to Yahoo for a period of 12 months, your old user ID will be up for grabs by whoever happens to be interested.

Like your friendly neighborhood identity thief.

Yahoo claims that they are going to extraordinary lengths to prevent identity theft. But that is an insanely stupid thing to say. How can Yahoo prevent, say, a financial institution from sending a password confirmation e-mail to a hapless user’s old Yahoo ID if said user happened to use that ID to establish the account years ago?

That is just one of many scenarios that I can think about for Yahoo’s bone-headed decision to backfire.

And I can’t think of a single sensible reason as to why Yahoo wants to do this in the first place. They will piss off a great many users and likely please no one.

I hope they will change their mind before it’s too late. I hope that if they don’t change their mind, something nasty happens soon and someone sues their pants off.

 Posted by at 11:00 pm