Saturday, October 24, 2015

Panic At The Benefits Site

Bit of a panic moment, this morning. Got an email from my former employer's benefits plan administrator telling me "because your ESOP plan had less than the required minimum balance to be retained under the current program, your plan will be cashed out, taxes assessed and a check sent". This struck me as odd, because the only plan I was aware of that was managed by the brokerage was my 401(k), which, if it was below the minimum balance, would have meant that a not-inconsiderable chunk of money had somehow managed to go "poof".

The initial panic wasn't helped by the fact that, the link that the plan-administrator sent to me to view my plan info was erroring out in a way that could have been interpreted as my account having been deactivated.

Decided, "calm down. Go run your morning errands. Try the site again in a couple hours and see if it was just a transient problem and not something more serious."

Get home and try the link again. Same damned error. Opt to try logging in using a different method. The different method worked. Found all my funds still present an ESOP that I hadn't specifically known about.

And, no, the email wasn't bogus, just broken. I'd checked the headers before clicking the links ...and the fact that it was sent to an address set up specifically for use by the plan-administrator meant that, if it was a phish, they'd have had to have already compromised the administrator's site to get my address. Lastly, the site's URL and SSL certificate were all good. All those details in place, were it an exploit, they likely would have had a better effort-ROI by just extracting data directly from the site-owner than trying to phish me.

Thursday, October 22, 2015

Cloud, The Vogon Way

Me: "I'd like to be able to send account-validation emails to people who register to my bug-tracking system".
AWS Dox: "Sure... but if you mail direct, most sites will treat your email as spam"
Me: "Ok... How do I get around that"

AWS Dox: "Well, you can relay through SES"

Me: "Cool. Lemme go set that up."

AWS-SES: "Rejected!"

Me: "Your SMTP message is a bit vague - are you rejecting the relay because of the sender or the recipient?"


AWS Dox: "To relay with SES you have to validate senders - or sender-domains - and recipients"

Me: "Ok... The SES console says my domain is validated and that any sender in the domain should be good."


Me: "Guess that means the rejection message applied to the recipients. Lemme verify a recipient ...even though that makes SES crap as a smart-relay"


Me: "Fuck... I only validated the recipient in one region and the rejecting relay is in another. Lemme verify my recipient in _multiple_ regions, then ...You do realize this makes SES a real horror-show for smart-relay services, right?"


Me: "What the actual fuck??" (dig through shitty AWS dox some more) "Srsly? I gotta validate my domain in each region I want to relay through SES??"

I swear: Vogons had to have consulted on the design of some of AWS's service-components.

Saturday, October 3, 2015

There Are No Easy Answers

So, the latest "easy answer" (to the U.S.'s gun promlem) that seems to be washing across the various social sites I visit is the idea of "require insurance for gun ownership and you'll make guns too expensive to carry!". On the face, it sounds good. I mean, car insurance isn't cheap for most people and medical insurance is stupidly expensive. So, why wouldn't gun insurance be expensive, too?

Problem is, the cost of insurance isn't high just as a matter of course. Insurance costs for many things can actually be extremely low. What drives insurance prices is generally how much it costs for an insurer to provide coverage to a risk-pool. This includes things like administrative costs, but the real drivers of costs are the annual payouts to be covered. Those payouts are driven by two main things: the costs of claims and the likelihoods of having to pay out those claims.

Car and medical insurance are both expensive - particularly medical - because the likelihood of having to pay a claim and the size of the claims are both high.

If you've ever been in even a fender bender and looked at just the cost of body-work, even trivial incidents can be stupid expensive. Throw in personal injury claims and then take the number of claimable incidents that happen over a given amount of time, and you come up with fairly high risk-exposure for an insurer.

Similarly, if you've ever been the customer of an ER for something minor and then looked at your EoB, you've noticed that even "small" emergencies are stupidly-expensive.

With both automobile and medical insurance, insurance rates are highly variable. Some peoples rates are punishingly-high while others' may border on trivial. Why? Actuarial tables and claim-history. Insurers look at your age, your health, your personal habits, where you live and other indicators of risk (likelihood of payouts and likely sizes of payouts). Those factors are evaluated and you're put into risk-pools of people with similar evaluations. The insurer then has to determine, "give a pool of size X with a likely annual payout of Y for that pool, how much do I need to charge each of that pool's members to be able to turn a profit". Insurers can further decide "do I make my profit by providing coverage to a small number of subscribers that I get fat margins on or do I make my profit by providing coverage for a larger number of subscribers but where each subscriber earns me a lower margin". In non-competitive markets, insurers tend towards the former. In competitive markets, the temptation to do the latter is higher (gain customers by undercutting your competition).

Thus, even if one were to pass legislation saying "gun owners must be insured" (and courts don't ultimately see such legislation as infringing on exercise of a constitutional right), it's entirely reasonable to assume that not all insurance will be prohibitively expensive. Indeed, if such mandated insurance were to prove prohibitively expensive, it would increase the likelihood of courts deeming an insurance mandate an infringement on exercise of a constitutional right. You  have to figure that, unless there's artificial restraint of competition, there'll be at least one or two insurers that would do the math and figure out that they can make serious bank by providing low-margin/high-volume insurance policies.

Friday, September 11, 2015

Fix-em' Up

Good article:

Fix-em' Up

The reason I bought an HP Zbook instead of the HP Omen was that the ZBook is user-serviceable.

I'd made my previous EliteBook last for five and a half years because I could get replacement keyboards, wifi cards and upgrade-parts either from the vendor, Amazon or eBay.

The Omen was _not_ user serviceable. I couldn't even do something as simple as swapping out the damned hard drive without an HP repair kit, since the only way to open it was to sever some glued-on parts, first.

And what were factors in recent phone purchases? The ability to swap out batteries and SD cards.

Planned obsolescence is semi-fine for a toaster or a hairdryer. But the further north of $100 you go, the less acceptable it is to not be user-serviceable.

Monday, August 24, 2015

Regal Really Cares

Today, I received a reply to a message that I sent through Regal Cinema's web-based contact form. This is a form that asks you for contact information - including asking for your name. I wrote to them to complain about their plans to implement bag-checking:

Dear Ms. Patron:

Thank you for contacting our office regarding Regal's policy to inspect backpacks and bags of any kind prior to entry into our auditoriums. We certainly appreciate the opportunity to respond.

Security issues have become a daily part of our lives in America. Regal Entertainment Group wants our customers and staff to feel comfortable and safe when visiting or working in our theatres. To ensure the safety of our guests and employees, backpacks and bags of any kind are subject to inspection prior to admission. We acknowledge that this procedure can cause some inconvenience and that it is not without flaws, but hope these are minor in comparison to increased safety

Again, thank you. We appreciate you taking the time to contact us over this matter. We value your patronage and hope to see you in a Regal Entertainment Group theatre soon.

Customer Relations Department
Operational Services
Regal Entertainment Group
My first reactions were: "Ms"?? "Patron". That's like "wow". Talk about making a customer feel like you're taking the time to give them special attention. The above was sent with a From/Reply-To address of "". So, at least I know the robot's name, eh?

I sent a reply to "Jamie". I did not make the assumpiont that "Jamie" is a Mr. or a Ms - more likely an "it" is it appears Regal bothered to pick a gender neutral name for their bot. I'm assuming it will never be read by a human, but it felt good to write it:
Thank you for your form letter. Its utter lack of personal response speaks volumes about your business practices and is a testament of your concern for your customers. I'm reasonably certain that nothing in my initial contact email provided indication that you should address me as "Ms.". Addressing me as "Patron" - when your web form asks for a name - means you can't even be bothered to do a simple mail merge. Your missive gave me the same kind of warm-fuzzies that receiving a letter addressed to "occupant" does. Way to really set a high bar on customer relations.

Having seen your bag inspection in practice, this weekend, I'd be embarrassed if I were associated with Regal Cinemas. If you're going to engage in this kind of farcical security-theatre, you should probably train your staff to at least not half-ass it. Asking my wife to open her purse and then just sorta glancing inside it is really pointless. While I'm not asking you to have your staff pawing through our bags, at least do something that indicates you're committed to the farce. If you're going to inconvenience me, don't make it such an obvious waste of my time. Frankly, your current bag-check execution makes the TSA - and their +80% failure-rate look like paragons of security. Your security efforts make feel more secure going to a nightclub in a bad part of town.


Should be interesting to see if I get any kind of response. I'm guessing either no response or yet another, completely impersonal form letter.

Oh well, fuck Regal. Their theatres are always filthy and poorly run, any way. Somehow, they even manage to fuck up the execution of theatres with luxury seating (seriously: no table service??).

I really wish Alamo would take a stab at closer-to-the-city locations.

Thursday, August 13, 2015

Rising Medication Costs

So, NBC news decided to do a click-bait style piece on the rising cost of prescription medications, tonight. They talked about the end-user effects but none of the underlying causes, so I decided to see why prices for existing medications were generally trending upwards in price rather than the downward that would be expected as mature products reached the point of "economies of scale". I found a ConsumerReports article on the subject. Interesting read.

Point #1 is kind of maddening. If you weren't covered by a large, powerful lobbying group and did the same thing, you'd end up jailed for price-gouging.

#3 is kind of a difficult nut to crack, if you're on multiple drugs and the lowest prices aren't found all at the same source. Who has the time to shuttle from store-to-store to score the lowest price (especially if you receive no co-pay difference for having saved your insurer money)

#4 I haven't found any of my doctors to be anything other than neutral on cost-concerns. Frankly, it's not my doctor's job to factor in price when prescribing to me. If price is a concern, he should be willing to work with me - and, when I've raised the concern, no doctor has been anything but happy to ensure that I am able to most-affordably acquire my medications (they'd rather you take something affordable than not fill scripts due to price problems)

#5 One of the medications I'm on is over $5,000/dose. My annual out of pocket maximums go up, year by year. The maker of the medication has an assistance program that, thus far, has made it so my annual out-of-pocket maximums are bridged.

Wednesday, August 5, 2015

Still Haven't Seen It All

I suppose it's nice to know that, even on the wrong half of my 40s and after two decades in IT, it's still possible for a vendor's "technical" presentation to be the worst one I've ever had the displeasure to sit through.

Seriously, vendors: if I'm asking you a question, it's an opportunity for you. You can either use that opportunity to impress me - to sell to me - or, like today, you can use it to completely turn me off of you and your products.

If I ask you a question, "I don't know" is actually an acceptable answer. If I ask you a question you don't fully understand, it's also ok for you to tell me you don't understand the question as asked and ask me to elaborate on or restate my question. Bulling ahead and trying to give an answer to a question I didn't ask - especially if it demonstrates you didn't understand my question - is not ok. Giving me an answer that can't possibly be correct and that you can't defend if I challenge the response is also not ok. Giving me an answer that contradicts something that the later slides in your PowerPoint say is so is also not ok. Framing your answer as an opinion rather than fact - particularly if your slides are making a contrary assertion - is decidedly not ok.

It's been a good, long while since I've left a vendor presentation completely furious.