Category Archives: Oops!

Microsoft Teams privacy bug: the cat and the camera

As longtime readers probably know, I have a cat. As cats do, he will sometimes jump on my desk.

Pancake, looking majestic

Pancake the cat on his royal pillow

Some of you may know that, because my job entails working with a worldwide team, I often have early-morning conference calls. To make this easier, I have a small workstation in my bedroom where I can work and be near the coffee machine. This machine is set up with a Logitech c920 webcam and a Blue Snowball USB microphone.

Most of you probably don’t know that I tend to pace when on telephone calls.

So picture the scene. I’ve straggled out of bed to grab a cup of coffee, yawn and stretch, and get on a call. I’m pacing around and speaking. Suddenly the gentleman I’m speaking to (my long-suffering counterpart, Tony Sterling, who owns our customer experience team) starts cracking up. “Dude, turn your camera off!”

Sure enough, somehow the Teams app had started showing Tony video of me pacing around in my boxers and T-shirt. Thankfully it was only him. I apologized deeply, turned off the camera, and removed Pancake from the keyboard. After the meeting, I scoured the Teams documentation to find out what the keyboard shortcut for controlling the camera was.

There isn’t one. This made me a little nervous, nervous enough to put a Post-It note over the camera lens so Pancake didn’t accidentally turn on the camera one night when I was asleep or something.

Today I was in a Teams meeting. The cat jumped on the keyboard and… voila… I got a macOS permissions dialog asking me whether Teams should have permission to use the camera. He’d done it again!

It turns out that when you’re in a Teams meeting, hitting a key will act like a mouse click on whatever control currently has focus. By default, the camera on/off button has focus. Try it yourself: join a meeting, switch out of the Teams app and back into it, and hit a key.

This is, shall we say, not a great design. I appreciate that the Teams team has provided keyboard focus selection, which is great for accessibility, but having focus default to camera on/off is a recipe for unpleasant surprises.

Lesson learned: since I can’t keep my cat off the keyboard, I’ll keep my webcam covered.


Leave a comment

Filed under Office 365, Oops!

Training Tuesday: that one time I ran a marathon

[n.b. edited to add “pros and cons” section at the end…]
I’m a triathlete, and I’ve never run more than a half-marathon distance, even in training. So of course I ran my first marathon this weekend, three days after deciding to do it. Finish time was 5:09:53, well under my goal time of 5:30:
The marathon course in all its glory

The marathon course in all its glory

“See, what happened was…”
The annual Rocket City Marathon is a big deal in Huntsville. 2016 marks its 40th year, and I knew a ton of people who were running. It has a reputation as a well-organized, well-supported race, and the RD is co-owner of the local Fleet Feet, so it is well sponsored too. After seeing a couple of “who’s running the race?” posts in various Facebook groups, I started thinking (always a dangerous endeavor). “If I can run a 70.3, that’s about 6-7 hours of steady effort– so I bet I could handle the workload of a marathon.” When I suggested this in the Complete Human Performance discussion group, my fellow complete humans all said “that’s a terrible idea and you should absolutely do it.”
Then I made the mistake of mentioning to a few of my local friends that I was thinking of running it. A few were horrified, a couple were supportive but skeptical, but the majority were positively gleeful at the thought of having a new victim join their ranks.
I went to the pre-race expo on Friday, paid my $100 registration fee, and got a clear plastic bag containing a race shirt (a nice Brooks tech shirt, with their coarse-looking mesh weave), a course map, a race bib, and a few other local information sheets. The expo had several assorted vendors selling stuff– shoes, clothes, and so on– but nothing that I wanted or needed. Critically, they were selling race finisher shirts, but I didn’t buy one because why would you want a finisher shirt until you’d finished? (Hold that thought…)
Friday night’s dinner was Chick-Fil-A, always a good pre-race choice. The boys and I hit Fleet Feet, where I bought a Nike jacket of some description because I was assured it would be warmer than what I had.  I got about 7 hours of sleep and woke up to see that the outside temperature in my backyard was a balmy 23 degrees. I dressed accordingly: a merino wool base layer (top and bottom) from good old Costco, with CW-X tights and a pair of running shorts on the bottom and a local race tech shirt plus the Nike jacket. An old wool hat, a pair of Costco gloves, and my trusty ballistic sunglasses rounded out my kit. (Oh, and my ancient but much loved Fitletic belt, which I’d loaded with BASE Salt, lip balm, and snacks.) I drank a cup of coffee, ate 2/3 of a Tri-O-Plex protein bar, and headed to the Von Braun Center. I got there a good 45 minutes beforehand and had plenty of time to find a bathroom and say hello to various local folks who were running.
The plan and the start
My plan was to hold a steady 11-12:00/mi pace and to do a 3-minute run / 1-minute walk interval.  I figured that would put me around 5:30 or so, depending on my walk pace. For nutrition, I’d brought a bunch of Bonk Breakers and Gu chews; I knew the course would have water and Powerade but wasn’t expecting any on-course nutrition. I figured that I wouldn’t need to eat a ton on the go, though.
Right before the race started, I found Dana and her kids for a pre-race hug and, hooray, some hand warmers for my gloves. All suited up, I found the 5:15 pace group, put in my headphones, and waited for the start gun. My neighbor-friend Ashley was also running the race and we decided to stick together since, like me, she hadn’t trained for this race. (Unlike me, she had run RCM twice before, so she had that going for her.)
I was able to stay with the pace plan with no problem for the first 13, with occasional misfires when I didn’t hear my Garmin beep to tell me to switch intervals. Even without headphones, and even on quiet residential streets, it just isn’t loud enough to consistently get my attention. I was really worried that I’d go out too fast in the first few miles, as is my habit, but the combination of running with someone at the same pace and my nervousness about being able to finish the distance kept me in check. About mile 9, we caught up with the 5:00 pace group and stuck with them for a while.
Along the way, I saw this delightful sign and couldn’t pass up the opportunity to capture it for posterity. WAKE UP SHEEPLE!
Chemtrails: not just for breakfast any more

Chemtrails: not just for breakfast any more

Mile 13.2 and beyond: terra incognita
At the halfway mark, the Panera Pounders, my local running tribe, had a spirit station set up, with everyone dressed up as Santa Claus. Seeing my friends was a terrific morale boost, especially because my neighbor-friends Erica and Rese had brought me an ice-cold bottle of Coke. Normally regular Coke is too sweet for me, but on long runs and bike rides I love the stuff. I drank the Coke, had some SportsLegs and Advil, ditched my jacket, hat, and gloves, pulled up my pants again, and headed out for the second half. It was a little weird realizing that every yard I ran past this point was contributing to a distance PR for me. However, I felt good and was sure that I’d be able to continue holding my target pace.
Interlude: mental race management
Coaches hate this one weird trick! Not really; I learned this from a coach. One effective strategy for managing long endurance events is to break them up into chunks. Instead of saying “oh lord, I have a marathon to run,” you say “I have a half marathon, and then another one.” When you finish the first half, you say “oh, I only have 2 10Ks to run now,” and so on. This sounds stupid, but it’s a remarkably effective way to focus on what you need to be doing for the next little while instead of the immensity of the whole task.
The first half of the back half
The back half of the race course is very different than the front half. First, it’s arguably more scenic, since it runs through some projects, past Lowe Mill, then on to Huntsville Botanical Garden and the Space and Rocket Center, whereas the front half is mostly through residential areas. Second, to the extent that there are any hills, they’re on this part of the course. There’s about a 2.5mi stretch on 9th Avenue westbound that turns into a long-ish hill; it’s not very steep but there’s a lot of it. I was able to hold a decent pace through this section. It was motivating seeing the Saturn V off in the distance and watching it get closer, and closer, and closer, silhouetted against the stunning blue of the sky. Mile 19 was even more motivating, as I ran through the SRC parking lot and back through the “Rocket Garden,” one of my favorite places to visit in Huntsville.
Who doesn't love a good rocket?

Who doesn’t love a good rocket?

 It’s hard to say exactly where I became sure that I was going to finish the race. I’d guess it was somewhere around this portion of the course– I felt good, I was holding the pace I wanted, and barring an injury or mishap, I knew I’d be both physically and mentally able to cross the line.
Interlude: pants
The two-handed pants yank

The two-handed pants yank, with bonus levitation

I spent a distressing amount of time hiking up my compression tights during this race. I was wearing them over a thin and smooth merino wool base layer, and the drawstring in the tights had come out of one eyelet so they weren’t really tied. As a result, the motion of my legs would pull the damn things down and every mile or so I’d have to hike them back up where they belonged. I’m sure glad the photographer caught me in the act.
The second half of the back half
I thought I felt myself slowing down about mile 20, and the evidence bears that out– from mile 20 onwards, I only had two-sub-12:00 miles. I wouldn’t say it was the famous wall we’ve all heard about– I wasn’t in any danger of falling out, just a progressive dragginess, coupled with increasing discomfort in my hip flexors and my left Achilles tendon. About mile 23, I also started feeling some pain in my right instep, just forward of my heel. I walked a good bit of miles 25 and 26; I didn’t think the few minutes I might gain by running through the pain would be worth the possible downside of a lingering injury. One thing I liked about the race course: they had mile flags every mile, with an extra “25.2” flag one mile from the finish line.
The finish
The RCM course has you run into the Von Braun Center and finish on the arena floor. This is a neat idea, and it’s probably a lot of fun when there’s a big crowd… but by the time I got there the crowd had largely dissipated. Luckily Dana and a few other stalwarts were still there cheering. Through the chute, a volunteer handed me my finishers’ hat and medal, plus one of those nifty Mylar blankets (a space spinoff, so definitely appropriate for the venue).
The best thing about the picture below is also the worst thing: the official picture timing clock broke, so everyone who finished after 3:57:28 got the wrong time in their finish line picture. I wish I could run a marathon that fast; perhaps someday…
The time is a lie

The time is a lie

Not all heroes wear capes. But most marathoners do

Not all heroes wear capes. But most marathoners do

I hung out in the arena to cheer on more finishers with Dana, the kids, and a few other finishers for half an hour or so, munching contentedly on a really excellent PB&J. When it was time to go, I hobbled over to the Fleet Feet booth to buy a finishers’ shirt, only to find that they’d sold out of my size the day before. This really, really pissed me off. I am still angry about it, in fact. I’d much rather have the cost of the shirt included in the registration fee, but, failing that, the race organizers at least should have bought enough shirts to ensure that all finishers would be able to buy them. Making them a scarce commodity is a terrible idea.
After the race, I went home and relaxed for a while. I was pretty sore, but not debilitatingly so. I purposefully hadn’t planned anything for the rest of the day. Sunday morning I woke up with moderate stiffness in my quads and some tenderness in my left Achilles; by Monday those were both pretty much gone. I still get pain in my right instep when I put my running shoes on, so the short shakeout run I planned for after squats and deadlifts last night didn’t happen, but overall I am much less sore than I was after running my first half-marathon. In fairness, I was racing that one, while this time I was just running to finish.
Pros and cons
  • Pros: great race course, with excellent markings and signage. Free professional race photos. Superb volunteer support. Heavy police presence for traffic management. Clear and effective communications from RD team. Lots of aid stations and plenty of port-a-potties. Great support from the spirit teams.
  • Cons: poor shirt inventory management; very limited food at aid stations.
Overall, it was a great experience and I’m glad I did it. I’m happy to have RCM, my hometown event, be my first, and I am grateful for all the support, encouragement, and love from friends and family. I’m not in any real hurry to do another one though.


Filed under Fitness, Oops!

Divorce and taxes

I am neither a tax professional nor a divorce lawyer, and I haven’t stayed at a Holiday Inn Express in years, so don’t take this post as advice. Rather, consider it a cautionary tale.

As far as our friends at the IRS are concerned, your marital filing status is whatever you are on 31 December. That is not what I thought; my understanding was that you could file as either married or single if your status changed during the year. With that in mind, I now face a much larger tax bill than I expected, or budgeted for, because now I am being taxed at the single rate for the entire year’s income… while simultaneously having had taxes withheld at the married rate.

So, a word to the wise. If you’re getting divorced, from a tax standpoint you will probably be best off if you have the divorce become effective as early in the year as possible. Don’t take my word for it, though. Read IRS publication 501, and consult an accountant. I wish I had.

Comments Off on Divorce and taxes

Filed under Musings, Oops!

Oracle failed to produce CEO’s e-mail

Cue the tiny violins: a federal judge ruled that Oracle “destroyed or failed to preserve Chief Executive Larry Ellison’s e-mail files sought as evidence in a class-action lawsuit filed in 2001 against the software maker.” The alleged destruction (or failure, depending on how you look at it) happened in 2006– well after Oracle touted archiving features in Oracle Collaboration Suite. Ooops.

Comments Off on Oracle failed to produce CEO’s e-mail

Filed under General Tech Stuff, Oops!, Security

Newsgator outage explained

I posted about NewsGator’s outage on my personal blog, and got a comment pointing me toward the official explanation. If you’re interested in messaging and collaboration HA, it’s worth a read. The money quote:

Frankly, this was a pretty frustrating experience. We have a lot of redundant systems – pretty much any piece of hardware in our data center could fail, and we can absorb it without a significant outage. For example, if an entire SQL box would have lost power, fallen on the floor, and broken into pieces, no problem, we’d have an approximately 10 second outage. But this case, where the database gets into an inconsistent state, wasn’t helped by the redundant systems.

Comments Off on Newsgator outage explained

Filed under FAIL, General Stuff, Oops!

Exchange 2003 SP2 and MSFP

So, I wrote an article about Exchange 2003 SP2’s new mobility features. Unfortunately, there’s a minor editing error: the article says you need Windows Mobile 5.0 or the MSFP to take advantage of the new features. If only that were true! You actually have to have both WM5.0 and the MSFP to get the tasty new feature goodness. Sorry to my readers for the mixup.

Comments Off on Exchange 2003 SP2 and MSFP

Filed under Oops!, UC&C

System Center Capacity Planner @ Exchange Connections

Microsoft was handing out beta refresh bits for their very cool new System Center Capacity Planner (SCCP) tool at Exchange Connections this week. Unfortunately, they made a minor error that results in the bits not linking to the community support site as intended. Jonathan Hardwick explains here.

1 Comment

Filed under Oops!, UC&C

Comments disabled

My hosting provider reports that their hosts– or, more precisely, my blogs– have been under a comment spamming attack. They’ve disabled my comments executable until further notice; I’ll probably have to either rename it or figure out some way to prevent drive-by comment spams before they’re willing to turn it back on.

Update: we’ve applied some prophylactic changes that will hopefully tamp down the spammers. Comments are now back on.

Comments Off on Comments disabled

Filed under FAIL, Oops!

Apology to Dave Whitney

I wrote a column last week on the public folder management improvements in Exchange 2003 SP2. As a guide, I used Dave Whitney’s post on the improvements, since none of the other SP2 documentation has been made public. Unfortunately, I didn’t include a link to his original article in my column. I always do this when I link to the Exchange blog, because it’s a terrific resource, but this time I plum forgot. This is unfair to Dave, who wrote the original post, so I’m posting this apology. Sorry, Dave; it won’t happen again.

Comments Off on Apology to Dave Whitney

Filed under FAIL, Oops!

Morgan Stanley fumbles e-disclosure, gets hammered

Ouch! This story from yesterday’s Wall Street Journal details how problems with Morgan Stanley’s e-discovery process are going to end up costing them a lot: perhaps $360 million, or even more. The judge in the case labeled their actions as bad faith, and that’s going to cost them.

Morgan Stanley is in serious trouble because of the way it mishandled an increasingly critical matter for companies: handing over email and other documents in legal battles. Lawsuits these days require companies to comb through electronic archives and are sometimes won or lost based on how the litigants perform these tasks. Morgan Stanley kept uncovering new backup tapes, couldn’t perform full searches because of technology glitches and gave material to the other side that was sometimes incomplete or late.

The Morgan Stanley folks made a number of poor decisions and mistakes– ones that you should be sure not to duplicate in your own environment.

Update: this WSJ story says that the jury hit Morgan Stanley for $604 million. As the story also points out, the jury was instructed by the judge to put the burden of proof on Morgan Stanley, not the other way around, so it’s reasonable to expect that this will be appealed, and that it might be overturned. Still, $604 million is a high price tag.

Update: the WSJ just reported that the jury awarded Perelman another $850 million in punitive damages. That brings Morgan Stanley’s total tab to $1.45 billion.

Comments Off on Morgan Stanley fumbles e-disclosure, gets hammered

Filed under FAIL, Oops!

Ouch: BlackBerry devices causing thumb problems

I hate it when this happens: “Orthopedists say they are seeing an increasing number of patients with similar symptoms, a condition known as ‘overuse syndrome’ or ‘BlackBerry thumb.'” I guess I’d better worry about using my Treo with SnapperMail.

Comments Off on Ouch: BlackBerry devices causing thumb problems

Filed under FAIL, Oops!

SHA-1 broken

Bruce Schneier is reporting that the SHA-1 hash algorithm has been broken:

The research team of Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu (mostly from Shandong University in China) have been quietly circulating a paper describing their results:

• collisions in the the full SHA-1 in 2**69 hash operations, much less than the brute-force attack of 2**80 operations based on the hash length.

• collisions in SHA-0 in 2**39 operations.

• collisions in 58-round SHA-1 in 2**33 operations.

This attack builds on previous attacks on SHA-0 and SHA-1, and is a major, major cryptanalytic result. It pretty much puts a bullet into SHA-1 as a hash function for digital signatures (although it doesn’t affect applications such as HMAC where collisions aren’t important).

Comments Off on SHA-1 broken

Filed under Oops!, Security

I just hosed my calendar

So, on the Treo 650, when you enable a mail account for Exchange ActiveSync, it warns you that creating the account will empty your calendar– if you use EAS, you have to use it to sync your calendar. I knew that, and had been manually forcing my desktop to overwrite the handheld calendar. This worked fine until (drum roll) I forgot to set the “desktop overwrites handheld” flag as a default. This morning, I synced the device and– oops– almost all of my calendar data is now gone. This is not the end of the world, since we’re coming up to a slow time of year. I still have all of my contact and task data, but it’ll be a hassle to re-enter the events I do have (including kids’ holiday parties at school and my regular weekly team concalls).

1 Comment

Filed under FAIL, Oops!

DoS attacks against BlackBerry devices

From the “I hate it when that happens” department: there’s a vuln in the BlackBerry software (at least in the 7230 model) that can be used to cause the device to reboot on demand. The problem is triggered by >128Kb of text in the “Location” field of a meeting request. As RIM points out, Outlook limits that field to 255 characters, so you’d have to hand-craft attack messages. However, these messages don’t do permanent damage; they just cause annoying reboots.

Continue reading

Comments Off on DoS attacks against BlackBerry devices

Filed under Oops!, Security

LANL has a little email problem

Inaugurating a new category for security mistakes, we have this story from Computerworld. Seems that the Los Alamos National Laboratory has had a little email security problem, on top of their other recent problems:

In the latest incident, lab spokesman Kevin Roark late yesterday confirmed a Los Angeles Times report that the lab recently discovered new incidents of classified information being sent through a nonclassified e-mail system.
“We have had occurrences recently, yes,” Roark said. “We have had them in the past. It’s anticipated we will have them in the future.”

Continue reading

Comments Off on LANL has a little email problem

Filed under FAIL, Oops!