2FA/SMS, Email/SPF/SPAM, Fix/Bug/Request, Contract/Termination, Data/Retention, OVH, Rants

Post date: Sep 11, 2016 9:47:13 AM

  • Just as a reminder that NIST isn't anymore recommending 2FA using SMS. It's mentioned in the Digital Authentication Guideline, I've posted about bit earlier.
  • Following comments are based on feeling after reading my backlog of summer emails.
  • Email, is that really so freaking hard for people to use and get. Sick'n'tired about people whining about... Not receiving email. Well, it's not my or our fault if... A) You ask to use your from domain B) You haven't configured your SPF properly C) Recipient checks SPF information and reject messages. Not interested, it's not technical fault. A) It's your domain B) It's your SPF rules C) It's the recipient which refuses to receive your email. - Not my fault, nor technical fail, again, don't call us. Any pointless and unnecessary discussion about this topic will be charged to the max. - There's nothing to discuss about this topic, and it's business as usual. RTFM. Get used to it, don't whine, fix it, if you care. Simple solutions which are more than obvious A) Use our domain as sender B) Fix your freaking SPF records C) Whitelist our SMTP IP so it's not getting blocked. - Meh
  • Once again, some people are always asking 'fixes'. No there's nothing to fix, if there isn't flaw. I order blue car, then I start whining, that the supplier should fix the car to red. - Won't happen. If they order paint job and pay it, then it's totally different story. But starting discussion about 'warrant fix' is just absolutely ridiculous. If they want to make it even more ridiculous, they can whine that they've been whining bout the warranty repaint job to different color for months and nothing has happened. Yeah right. That's true. And nothing will ever happen. Except, I might invoice for each time they try to contact me about this matter. - How about honestly saying that they want the car to be repainted to different color and are ready to pay about it. This isn't first time, nor last. But seems to be pretty standard in software customization as well as with any ICT projects. Customers try to BS about requirements. Requirements are fixed when final order is done, unless otherwise agreed. Also scope gets fixed at that point. If someone claims project was a failure, it's not true. If it was failure from their part, it's completely different story again. If they didn't mention or document requirements before the project started properly. I ordered car without trailer hook and then I whine that it's a failure, because I can't pull my trailer with it. Live with it, that's what you were asking for. - Meh again.
  • First customer wants to terminate all agreements. After that they start asking for their data. Actually, this is a perfect question. And answering to requests like this might contain a trap. A) After agreement termination, we don't have any responsibility to maintain their data B) Even worse, after agreement termination we don't have any legal right to maintain their data. So basically when contract is terminated we're at least in theory responsible for proper disposal of customer data. - Often nobody actually cares about the details. But in some cases these steps could be very critical. As well as there are many related laws. It's actually very easy to 'help the customer' but at the same time technically break several laws. - I think the Yahoo lawsuit was perfect example about this. Yahoo restored deleted emails. Which they claim they don't have, but they still got those. - This also just confirms the 'cloud service point' I've written earlier about. Nothing you'll every upload to cloud gets deleted, ever. It's the only safe assumption. Whatever service providers claim, might not be true for several reasons, which I'm not going to extrapolate here. But have covered in several earlier posts.
  • Afaik, there was one funny forum post complaining about OVH in the same style. Customer first refused to renew server and after server expiring complained that OVH didn't allow downloading their data after the server was expired without the customer paying for it. Ha, and they complain about the payment? I think they should have been very happy that the service provider even got their data any more. They could as well said, it's gone. Enjoy the rest of the day. Often there are clearly written guidelines to follow, but exceptions aren't rare as well as in many cases nobody follows the guidelines even if those would exists and be very clearly written. In some cases people think that their data would be indefinitely kept by someone for free, even if they terminate contracts. I don't know what they're thinking. Because retaining the data is actually against many privacy laws. Yet, as said, many companies still do it for multiple undefined purposes and reasons. - Even if OVH was mentioned in this bullet point, my comments aren't regarding OVH practices nor I'm ranting about OVH in this case.
  • That's just a few business as usual daily tech rants. ;)