Not that you asked...  
   

August 29, 2005

Got It Done!

How did an excellent time-management tool help me climb a 14,255 foot mountain? I'll tell you...

First, the background. One of the personal development issues I've been working on professionally at Return Path is my time and task management. I've made fantastic progress, most this quarter, using the "Getting Things Done" system.

For those not in the now, Getting Things Done is a method and support system for time and task management.

The basic premise is that everything you have to do, from business related tasks, to personal items - needs to be captured somewhere. That somewhere is referred to as your "Operating System".

Capture your tasks: get them off of sticky notes, get them out of piles of paper on your desk, and most importantly GET THEM OUT OF YOUR HEAD and get them INTO your operating system. For me, this along with the basic triage concept are probably the most important fundamentals of the system.

Once you have captured everything, it can be dealt with. Everything can typically be dealt with in three ways:

1) Do it.
2) Delegate it.
3) Delete it.

There are few exceptions.

GTD has not only provided me with an effect triage method for dealing with your day-to-day tasks, but it also has enabled me with tools. I purchased the GTD Outlook Plugin and it is worth its weight in gold. (Thanks to colleague Jack Sinclair for this tip!) Specifically it allows you to manage email easily - with some custom buttons I can convert an email into a task, archive the message, set an alarm, categorize the item, set a due date, etc... with basically 2 clicks. I highly recommend it if you adopt this system - and obviously I endorse the Getting Things Done system overall.

Now, one of the things I like about GTD, is it allows me to capture everything I need to get done. Of course the broad focus are day-to-day business items, but the system intentionally captures all personal items. This includes things like, "wash the dog", or "pick up the dry cleaning", or "get flowers for wife" (that one is still open... I'll do it next honey - promise!).

Along these lines you are encouraged to have a category for long term goals. Things like "learn how to fly a plane" or "take rhumba lessons".

While I get great satisfaction from working through several or even dozens of tasks per day, as well as managing dozens and probably hundreds of emails - there is something about knocking down one of the bigger "life goals". When I first setup GTD and inventoried all my tasks, one of the items in my "Someday" category was "Climb Longs Peak". This has been "on my mental list" since 2002.

So, what can a great time management tool do for you? Not only can it get your email inbox average count down from 800 or so to under 100 (on my way to the pinnacle "empty inbox"!) - but for me, it pushed me up a 14,255 foot mountain. 15 miles of round trip hiking and climbing. 4,875 feet of elevation gain. Six hours to the summit and three and a half back.

I'll post a full gallery soon, but for now here is the proof! Special thanks to the climbing party that adopted me - friends and neighbors Jim and Stephanie Busby and their clan the "Bice Descendants"! And thanks to Joie for letting me go!

So tomorrow I may be back to the daily grind, but today I had the pleasure of marking the task"Climb Longs Peak" complete. Cool! Good thing it was on my list!

Posted by gcrgcr at 8:33 PM | Comments (0) | TrackBack

June 23, 2004

A thing about privacy...

It's amazing. No matter how many locks you put on the door, you are ultimately only as safe as the people inside, or those with the keys to the locks.

I just finished reading the official complaint, AOL and the United States of America vs. one Jason Smathers and one Sean Dunaway.

In a nutshell, Smathers - an AOL employee since 1999, obtained and sold upwards of 92 million AOL customer email addresses. AOL only has maybe 20-30 million customers, but most customers have more than one "screen name" or email address tied to their account.

92 million! There are what, 230 some odd million people in the USA?

This Smathers, he obtained the data and then sold it to a Las Vegas Internet Casino operator Proprietor - Dunaway. Sold in various rounds of updates, some of the files fetched as little as $32,500 - others as much as $100,000.

For a spammer, I imagine nothing could be worth more than a full list of current, active, accurate AOL email addresses. Smathers biggest mistake may have been only selling to this one spammer. Seems like a pretty small take given the risk.

In reality, he had several big mistakes, mostly pertaining to the easily revealed path through AOL's system he took in obtaining the information.

The Complaint is mostly a deposition by Peter Cavicchia of the US Secret Service. In it, he details the almost too easy to trace path that Smathers used to obtain the information. Email threads using his longtime and primary AOL employee account: JasonS2e@@aol.com. AOL Instant Messenger threads, between Smathes and Dunaway detailing the conspiracy - and intentionally send via email from JasonS2e@aol.com to JasonS2e@aol.com to specifically "archive" the information. As mentioned in the deposition, because of a 30 day cliff in old message storage in some AOL versions, many have adopted a "mail it to your self" practice to keep information saved. Duh.

Finally, tracking down the queries to the AOL Data Warehouse to a particular space in time and set of users was seemingly easy.

What I find remarkable about the case are a few things.

First, it was an inside job. I guess with many types of crime, this is the case - from theft, burglary, kidnapping, and even homicide. Those with the most knowledge, information, access, and know-how are the most dangerous. This is where things like employemnt contracts, non-disclosures and other legal documents are needed to cover the corporat bases, but ultimately it comes down to trust.

The trust level you have with employees is a direct result of good hiring processes, a good employee culture and many other factors, but that is for another blog entry some other day I suppose.

Second, any trust that was earned over time by Smathers - he was an employee since 1999 - he likely violated in various ways on his way to carrying out this theft.

It is probably that he used "social engineering" as a tactic. Social Engineering is hacker-speak for tricking a person into revealing their password. Kevin Mitnick wrote the book on it.

A large organization, such as AOL, seems likely to be more vulnerable to this tactic. In general it appears that Smathers mostly acted on his own - but atleast some of the database queries were made via an account that was not his - and either was obtained through theft, coercion, collusion, or trickery (social engineering).

I suppose small companies are suscept to the same issues, but as a company grows, I'd be concerned with the increased opportunity for internal trusted persons to share or distribute private company or customer information.

While technology abounds for leaking information easily - web, email, ftp, IM, etc... there are also more "forensics" left for folks to get caught.

As for Smathers and the United States of American and AOL - it will be interesting to see how this plays out. It appears to me that the Can Spam Act may be applicable - and I presume other US Codes. I'd expect hefty fines and likely jail time. It will be interesting to see who does time.

Posted by gcrgcr at 10:57 PM | Comments (0) | TrackBack

April 26, 2004

American Life by 2007

American Life by 2007

I work in privacy related areas, mostly regarding online information,
email, etc. I'm somewhere in the middle of the liberal/conservative
privacy guy spectrum. This came to me via email from Matt Blumberg and I got a kick out of it:

Operator: "Thank you for calling Pizza Hut. May I have your..."
Customer: "Hi, I'd like to order....."
Operator: "May I have your HSIDN first, sir?"
Customer: "My Homeland Security, ID Number, yeah, hold on, eh, it's
6102049998-45-54610."
Operator: "Thank you, Mr. Sheehan. I see you live at 1742 Meadowland
Drive, and the phone number's 494-2366. Your office number at Lincoln
Insurance is 745-2302 and your cell number's 266-2566 and you are
calling from your home number."
Customer: "Whoa! Where d'ya get all this information?"
Operator: "We're connected to THE SYSTEM, sir."
Customer: (Sighs) "Oh, well, I'd like to order a couple of your
All-Meat Special pizzas..."
Operator: "I don't think that's a good idea, sir."
Customer: "Whaddya mean?"
Operator: "Sir, your medical records indicate that you've got very high blood pressure and extremely high cholesterol. Your National Health Care provider won't allow such an unhealthy choice."
Customer: "Darn! So what do you recommend, then?"
Operator: "You might try our low-fat Soybean Yogurt Pizza. I'm sure
you'll like it."
Customer: "What makes you think I'd like something like that?"
Operator: "Well, you checked out 'Gourmet Soybean Recipes' from your
local library last week, sir. That's why I made the suggestion."
Customer: "All right, all right. Give me two family-sized ones, then.
What's the damage?"
Operator: "That should be plenty for you, your wife and your four kids, sir. The 'damage,' as you put it, heh, heh, comes to $49.99."
Customer: "Lemme give you my credit card number."
Operator: "I'm sorry sir, but I'm afraid you'll have to pay in cash.
Your credit card balance is over its limit."
Customer: "I'll run over to the ATM and get some cash before your
driver gets here."
Operator: "That won't work either, sir. Your checking account's
overdrawn."
Customer: "Never mind. Just send the pizzas. I'll have the cash ready.
How long will it take?"
Operator: "We're running a little behind, sir. It'll be about 45
minutes, sir. If you're in a hurry you might want to pick 'em up while
you're out getting the cash, but carrying pizzas on a motorcycle can be a little awkward."
Customer: "How the hell do you know I'm riding a bike?"
Operator: "It says here you're in arrears on your car payments, so your car got repo'ed. But your Harley's paid up, so I just assumed that you'd be using it."
Customer: "@#%/$@&?#!"
Operator: "I'd advise watching your language, sir. You've already got a July 2006 conviction for cussing out a cop."
Customer: (Speechless)
Operator: "Will there be anything else, sir?"
Customer: "No, nothing. Oh, yeah, don't forget the two free liters of
Coke your ad says I get with the pizzas."
Operator: "I'm sorry sir, but our ad's exclusionary clause prevents us
from offering free soda to diabetics."

Posted by gcrgcr at 7:13 PM | Comments (0)

August 13, 2001

RamSpam - Volume 2, Issue 5

RamSpam - Volume 2, Issue 5

Well, it's been a busy week or so... I *finally* got another RamSpam
out of my system... the last issue was early May, so it was long
overdue...

Took the boys to the county fair again, last Thursday, with Joie and
the inlaws... AJ let me take him on the "roller coaster"... it's for
kids... it's a real coaster, but it's pretty small... he loved it... I
figured Max would be the adrenaline junkie of the two, but I've got a
feeling we'll have two of them on our hands...

Ran 4+ miles on Saturday, about 40 minutes round trip... running
outside really stresses my muscles and joints alot more than the
treadmill, but it sure is more interesting, and despite not having a
"computer" it is more motivating relative to "making progress" and
"getting somewhere"... although as far as you run... you have to run
that far back as soon as you turn! :)

The whole WGD gang at work had today off, but it ended up being no
biggie... did a basic HTML typesetting job for Countrywide and Josh
wrote the American Red Cross thing for me (thanks man!)...
Oh well, I'm out -- later, Tom

Posted by gcrgcr at 10:02 PM | Comments (0)

 

 

 

 
  footer image