October 2004

It is sad. It has happened again. What is it? The failure of customer service. I see it happen all the time in all sorts of organizations. Companies start out as small organizations. They will do anything for customers and build a loyal following. Then the organization grows and starts to put policies and procedures in place. This is absolutely necessary. Without these measures the organization will collapse inwards and no one will be served.

Down the line the organization grows and what was a team of ten becomes fifteen and even twenty. The original people who felt they company was a part of their flesh and blood leave. Replacements are hired. Employees start going to the job instead of going to their careers. And you end up with a situation like I once again encountered yesterday.

Returning from a meeting I went to check email. It was down. I tried contacting the server and it was unreachable. I call support and the person I talk to has heard somebody else mention that they shut down the account. Indeed my connection has been dropped by my ISP. It turns out that a large institution, who is a tenant of one of my clients, has machines infected with SASSER. They'd been notified and cleaned them on October 20 and the ISP acknowledged the response. Then nothing until yesterday. It seems the disinfection wasn't effective.

Without notice or any sort of consultation the ISP that I've been with since the mid-90s shut down the connection. Once they did they didn't even bother to email me and let me know or do anything. Just shut it down. Throughout the move I've given them contact information several times, they've called my new number on other issues. So what happens when I point out that it's unacceptable to have a service provider that cuts you off without any sort of notice.

The appropriate thing to do at this point is to look at the situation and see what is necessary to contact the client. Especially when you see a long-time (in the ISP game) client who has been loyal and has provided between $30-$300 a month of income over time, you try to contact them. Instead what happened (and so often does) is that a person in the organization sits back with the satisfied "we fixed it" pose and sips their coffee. It becomes an office gossip for a few minutes, man we had this really bad box and we killed it.

Then the customer calls and points out that this wasn't the best way to handle the situation. Out comes the policy and procedure book that says "we call and don't send email in this situation". Nevermind that the reality is they already had sent email. Nevermind that they didn't even try to call until after the customer reported the problem. Nevermind that they had lost the customer contact information. Nope. None of that matters. Instead of saying 'Gee we're sorry,' or 'We'll make it right,' the answer is "you provided invalid contact information." What? I've only provided it a half dozen times. You've successfully contacted me via email dozens of times. You didn't do what you say you will. You caused problems for several customers (one direct and several indirect) and the best answer you can come up with is "you provided invalid contact information."

If you're a shareholder it's time to get out. Companies cannot long survive with customer disservice.

Many a discussion recently has been held on whether blogs are journalism and their authors journalists. At the same time we hear from our new audio blogging, er podcasting compadres that it was wonderful that Jon Stewart gave the entertainers at Crossfire what for and called their bluff. In less than a half hour Stewart pointed out the problem. The entertainers on Crossfire are no more journalists that most bloggers.

Somewhere along the line it all broke down. There is an aspiration that many bloggers have to be recognized as journalists. They want to be a part of the club, to call the fourth estate home. But journalism is so much more than just telling the story one wants to tell. It's more than a collection of press releases and spun yarns. Dave Winer has been a poster boy for the power of blogs (and there are multitudes of ways in which blogs are very powerful). Those who say blogs aren't journalism often draw out comments on his weblog about how the writer "doesn't get it." Today Winer said:

And Scoble can do his part to help his employer. When I read his glowing reports from O'Reilly events, it's really hard to think of him as a friend. Sylvia Paull, who's helping with BloggerCon, and has been a friend for 20 years, once said this: "I don't go to parties my friends aren't welcome at." This is a good principle, and as good a definition of the spirit of the Web as I've ever heard.

A step back in time
Let's look back at the roots of journalism. Bill Bradlee and Bob Woodward, at their recent talk in Las Vegas, summarized the Watergate "story" in this way. It was 400 stories over 2.5 years.

In no way do I mean to minimize the powerful presence that blogs are becoming in our daily lives. They have left several indelible marks on our country and world. Without them Trent Lot might still be a leader and forged documents on 60 Minutes would have taken far longer to expose. Many incorrect attributions have been corrected by the source and countless views would be unexpressed.

The problem is that with consolidation of media and the corporatization of the news media we've become accepting of getting a few minutes of global news each night and fooling ourselves into believing that we are enlightened members of an enlightened society when in reality we have become consumers of more entertainment programming masquerading as news.

Bradlee and Woodward also pointed out that every one of the more than 400 stories published, and every fact in them, had to have two independent sources. Woodward pointed out that the most valuable part of what Bradlee did was not what he published but what he refused to publish. Journalism is so much more than telling compelling stories. It's doing the legwork and getting the background to make the mundane stories compelling. It's not in the telling of the story you want to tell your friends, it is in the telling of the story that needs to be told. True journalism lies in the careful writing, editing and re-writing to get the story right. Instead of sensational sound-bites (or blog-bites) we the people need real journalism. We need to focus on quality and getting the whole story instead of speed and getting part of the story first.

In the end I agree with Winer that blogs are just as good as today's media. But there should be a much higher goal. Let's make the blogs into a haven for journalists. Instead of debating if we're as good as the system's hacks on TV, let's set a higher standard.

There is a discussion going on over at Macintouch about what they are calling "Opener" Malware. I sent a comment but unfortunately it was below the threshold of what was published. The discussion is focused on the Opener script but mostly misses the critical point - that it is a part of the OSXRK - OS X Root Kit. All of the comments I read at Macintouch are at best mis-informed. While the Opener script itself does not "infect" computers as a part of the OSXRK it can be used to exploit machines. From the readme file:

###################################
# osxrk : OS X - Rookit
#
# the burning man - Public Release 0.2.1
# Sept. 2004
#
# by g@pple
#
# greets and thanks to Dim Bulb, Dr. Springfield, Jawn Doh!, B-r00t!,
# the fbsdrk & fbsdrootkit teams for inspiration.
#

This is the initial Public Release of the OS X RootKit. This type of rootkit should be easy to defend against if you really care about your computer. Keep your system up to date and patched.

A quick method of telling if this rootkit is on your system is to run the command id LDAP-daemon on your OS X box. The output you're looking for is

Another test is telnet localhost 31337. You should get a couple of lines, the last of which is telnet: Unable to connect to remote host. If not you've had better days.

Recovery - If you find your machine infected the only rational thing to do is to shut it down, boot from the OS X CD and reinstall your operating system. You can't trust running find commands, or the ls command because if somebody owns your machine they will replace them.

There is a note on Macintouch today about somebody being hit by the opener rootkit on OS X. The rootkit is available for download from a .mac account as osxrk. This kit has been in the 'wild' for over a month now. The opener file says it will move itself to /System/Library/StartupItems. The script is aware of LittleSnitch and kills it before making network connections to download tools for wiping out logs and gathering of passwords.

From the readme "rootkit that has a lot of standard tools included, adds a TCP backdoor via inetd, does data recon, and more."