A word about the GDPR

On May 25, 2018, enforcement begins on a new set of European Union (EU) regulations designed to protect the privacy rights of consumers online called the General Data Protection Regulations, or GDPR. These regulations are designed to protect EU consumers globally, not just within the boundaries of the EU, so it has the potential to affect American businesses and websites that have customers in the EU, even though the regulations are not part of the United States legal structure.

The idea is that if a person in the EU visits and gives personally identifying information (PII) to a website anywhere outside the EU, their personal information is protected because they are making the transaction from within the EU, even though the transaction itself may not take place in the EU. For instance, if someone from France visits this website and opts into the email subscription form at left using their email address, they are giving me personally identifying information, and it is my responsibility to be transparent about what that information will be used for, as well as providing the subscriber with the ability to opt out of the subscription easily if they so choose. Since I don’t actually sell anything through this website or my consulting website and don’t do business in the EU, my exposure appears to be limited to the caretaking of email addresses. At least, that’s how I interpret the research I’ve been doing.

To that end, here is my official statement regarding my intent for the PII of my site visitors.

  • I will never sell your personally identifying information. I will never give it to anyone without directly asking your permission first (and likely will never give it away for any reason.)
  • The regulations state that any opt-in features should require active input from the user, like checking a checkbox that is not already prepopulated or another “binary choice given equal prominence.” This site already complies with that, because a user must type in an email address and actively click a Subscribe button to join my site’s subscription list, which I then manage personally, not through any third party.
  • This website is the only entity authorized to use any personally identifying information gathered from visitors (email addresses, in this case), and it will only use that information for purposes of notification about website updates or direct interaction initiated by visitors to the site.
  • You are free to leave the subscription list at any time. Just visit the Contact page and let me know you want your address removed. I will comply as soon as I am able, after which you will receive one confirmation email from me at the address you provided on the Contact form, but no more subscription or site related emails after that.
  • Per the requirements of the regulations, I will begin keeping private records documenting how and when visitors provided me with personally identifying information, what that information consists of (email addresses), and what the visitor is consenting to (email notifications of new blog posts or relevant site-related changes.)

If you have any questions or concerns, please use the Contact page to let me know. Thank you for your time and understanding.

Stacy A. Johnson
Owner and Maintainer, lytspeed.com
May 23, 2018

From Database Debacle to Unintended Upgrade

You may notice that this page does not look like it used to. That’s because I realized tonight that I accidentally blew away the directory on my host server that contained all the files to display this blog.

I choose to see this as a self-created opportunity.

My personal blog software was behind by several stable versions, and my data was still intact in the databases. So, I took this self-created opportunity to upgrade to the latest blog software, and will be tweaking the design to better match the overall site design in the near future.

In the meantime, my data is back, this page is blue and white, and that’s as far as I’m going to go tonight.

Caveat Emptor — Used CD-ROM drives

I have purchased a lot of things on eBay, and I have rarely had any problems. There was one time that I purchased a Motorola H700 Bluetooth headset that turned out to be a Chinese knock-off, but I just reported that to eBay as fraud and got my money back quickly.

Recently, though, I ran into a rather serious problem. Fortunately, it was not as serious as it could have been, but I want others reading this to know what to look for.

Recently, I posted about how I had gotten a couple of broken laptops from a co-worker and restored them to running order as gifts for my wife and stepson. One of the things I needed to do with my wife’s laptop was order a new CD-ROM drive, and I found one for a decent price on eBay. After waiting out the auction, I was the only bidder and got it for the starting bid price. The seller sent it quickly, and it arrived yesterday.

When I came home on my lunch hour, I opened it up, popped out the floppy drive, inserted the new CD-ROM drive, and powered it up. Unfortunately, the new drive worked perfectly.

I say “unfortunately” because it booted off a CD that was already in the drive when it arrived. In a matter of seconds, I saw a Norton Ghost 6.0 screen pop up, and the next thing I knew, I was faced with a Windows 98 startup screen and a C:\ prompt. I was confused. The first thought that went through my head was that there had actually been a CD in the drive and that it had wiped my wife’s hard drive. I quickly dismissed that as paranoia, but I knew that the Norton Ghost screen had to have come from somewhere. I opened the CD drive, and sure enough, an unlabeled CD-R was in the drive. I took it out, closed the drive, and rebooted, confident everything would be fine.

It wasn’t. I got a Windows 98 splash screen and a C:\ prompt again. I typed dir and found that all 6GB of the hard drive was free. The drive had been formatted to boot as if it were a Windows 98 boot diskette.

I put the unlabeled CD-R in my home computer (on which I have disabled auto-run for CDs) and explored the contents. It had six files total:

BOOTCAT.BIN
BOOTIMG.BIN
DOSBOOTF.GHO
GDISK.EXE
GHOST.EXE
START.BAT

Here are the contents of START.BAT:

gdisk 1 /mbr /wipe /sure
REM gdisk 1 /del /all /sure
ghost.exe -clone,mode=load,src=x:\dosbootf.gho,dst=1 -sure

For those who don’t speak DOS, this translates as follows:

Run Norton's GDISK program and erase the Master Boot Record without prompting
(The second line is ignored because of the REM (REMark) statement)
Run Norton's Ghost program and replace the contents of this drive with a DOS boot floppy image without prompting

The CD that arrived in my wife’s CD-ROM drive was specifically designed to completely wipe the operating system of any PC that boots from it in a matter of seconds. When I first figured this out, I assumed the victim mentality and thought that someone had intentionally planted the disc in the drive as a long-range hacking prank, but soon the System Administrator in me took over and realized that this was probably just an accident.

When organizations surplus old computer equipment, they generally take at least some steps to make sure that company data is scrubbed off the hard drive before it leaves the building. This disk is likely the result of one of these scrubbing sessions, where a technician simply booted all of the machines from this disc to quickly erase all of the data. Unfortunately, s/he forgot to take the disc out of the CD drive before it was sent to the liquidators, and this drive wound up in the hands of my eBay Platinum retailer.

At this point, it becomes a question of who takes responsibility for the disc’s presence. Since I purchased the used CD drive from the eBay retailer in good faith that it had been inspected prior to sale, I think the retailer is at least indirectly responsible for the loss of the data on my wife’s hard drive. Inaction does not absolve him of responsibility for the product he’s selling. By the same token, I could have used a paper clip to open up the drive prior to installing it in the laptop, but I think I was justified in assuming that the vendor had already done this.

The reality is that I paid a fair price for a working CR-ROM drive, and I received that. Unfortunately, along with it, I received a disc that destroyed the operating system on my wife’s computer, and that will cost me much more (in terms of time to restore) than I paid for the drive. If I go to the grocery store and purchase a product, then get home and open it to find mold in the product, I take it back with my receipt and the grocery store replaces it or gives me my money back immediately. It seems the same in this case to me. I purchased a product, the product works, but it had obviously not been inspected before shipment and damaged my wife’s computer. I would think that an eBay Platinum retailer would not think twice about simply refunding my money as part of good customer service.

I’m sure you’ve noticed that I have not mentioned the name of the retailer. I want to give him the opportunity to rectify the situation. I will probably follow up later with the results, whether favorable or unfavorable for the retailer.

So here’s where the Caveat Emptor (“Let the Buyer Beware”) clause comes in. Even though I think that the seller is partially responsible for selling me a product containing a disc that was a danger to my data, I could have avoided the situation by verifying that the drive was empty in the first place. By opening the drive with a paper clip, I could have found the disc before ever putting the drive in the computer and all would be safe. I probably would have still contacted the seller to let him know that he needs to inspect his merchandise before it leaves his door, but no data would have been lost.

Caveat Emptor.

Update 1/5/08 @ 2:13 PM: I received e-mail from the seller, saying he thought my request for a refund was reasonable, and that he would talk it over with the other owner. In exchange, he would like the disc back so he can try to figure out which vendor it came from. He even offered to pay return shipping for the disc. I think that’s completely fair, and shows that his company does believe in good customer service. Assuming things continue to progress as they are, I would buy from this seller again with no hesitation.

Update 1/9/08 @ 9:14 AM: The seller contacted me today to let me know that his business partner agrees that refunding my money is an appropriate action, considering the circumstances. He has also given me permission to reveal his company’s name and link to his eBay store, which I am happy to do, considering how responsive their customer service has been.

Synaptic-Systems eBay store

To all you mom-and-pop eBay shops: this is how to handle a customer service problem. Communicate with your buyers, and when they have a problem with a product, stand behind the product and do what it takes to make the buyer happy. Your reward will be word-of-mouth advertising, because you were willing to fix the problem.

Busy times

I have websites on the brain. In addition to spending a lot of time working on a redesign of this site, I have been putting together the initial informational launch of the Flying Pen Press website. That site is not in its final incarnation, and I look forward to building a standards-compliant CSS base for the site. For e-mail updates on Flying Pen Press news and events, sign up for the FPP Newsletter.

I went to see Bret Bertolf and his band, Halden Wofford and the Hi-Beams, perform at Stories for All Seasons last night. Bret is a multi-talented singer-songwriter-musician-writer-artist-illustrator-actor-filmmaker, and his second book has just come out from Little-Brown. The Long Gone Lonesome History of Country Music presents as a children’s book, but the level of detail and inside jokes in the book are far beyond what today’s children would know, making the book and interesting read for parents and grandparents, as well. For example, in the section of the book describing “Countrypolitan” music, we see drawings of three cosmopolitan country stars on a patio grilling hot dogs. The final pages of the book allow us to identify the three stars as Skeeter Davis, Jim Reeves, and Chet Atkins, but what’s really interesting is the way Bertolf depicted their surroundings. In the background is a 50s-era ranch-style home with Frank Lloyd Wright lines and an Edsel in the carport. But most telling is the “Fallout Shelter” sign to the right of the house, pointing down to a concrete bunker. These are the kinds of details that small children today would not understand, and might cause them to ask questions, increasing the interaction between the reader and the child. In this way, Bertolf trusts the adult readers to fill in the back story for the children and educate them about much more than just the history of country music. I highly recommend the book, whether or not you have a child to read it to.

I also found out about a writers workshop taking place this August. I won’t be able to attend, because I will be taking off nearly two weeks later in that month for vacation, but it looks to be a workshop well worth attending. The Ed Writers Workshop is named for Ed McManis (and possibly for Ed Bryant, one of the instructors, as well.) It is a three day workshop taking place on Monday, Tuesday, and Wednesday, August 6-8, at the Denver Academy. Instructors include Joanne Greenberg (Fiction), Edward Bryant (Science Fiction/Horror), Joseph Hutchison (Poetry), and Denise Vega (Children’s Literature). Registration fees for this workshop are reasonable, considering the amount of one-on-one attention students will receive with these award winning writers.

Speaking personally, I can heartily recommend Ed Bryant as a writing instructor, having participated in a couple of his writing groups. Ed is the master of the informative critique, and is able to point out strengths as well as flaws in a manuscript in a non-threatening way. He always remembers the cardinal rule: the manuscript is being critiqued, not the writer. As a result, writers leave his critiques knowing that even seriously flawed manuscripts have the potential to become great manuscripts with the right revisions.

Okay, enough stalling. I need to get my tax forms signed and in the mail. I’m happy to report that, for the second year in a row, my writing income eclipsed my writing expenses. Hey, $106 profit is still a profit!