Category Archives: Smackdown!

Bad experience at Larry’s Pistol and Pawn in Huntsville

I’m not really a complainer by nature (thank goodness), and I don’t tend to have problems with customer service at most of the businesses I deal with– in part because I am picky about who gets my money. Having said that, I had a bad experience with Larry’s Pistol and Pawn in Huntsville that I wanted to document.

Larry’s has been in business for a long time; when I moved to Huntsville in 1991, they had the only indoor pistol range in town. As long as I’ve lived in the area, I’ve shopped there, and I’ve never had a bad experience. Yesterday, though, I had a salesman who was both discourteous and uninformed about the law. He refused to sell me a rifle because I am a dual resident of California and Alabama– “I won’t sell you this because it’s not legal in California,” he said. 

I explained that I’d just gone through the same process at another local store, which had called the local Bureau of Alcohol, Tobacco, Firearms, and Explosives (BATFE) office to confirm that it was legal. According to 27 CFR 478 § 11, it is in fact legal for a US citizen who resides in more than one state to purchase a long gun in any state of residence. I meet the legal residency definitions for both Alabama and California, and if you read Example 2 in the definition for “State of Residence” it’s clearly applicable.

Rude Guy wasn’t in the mood to listen; he told me that the other store where I’d made a previous purchase had broken the law. That didn’t seem likely; gun stores tend to be terrifically careful to follow the law and ATF regulations because failure to do so can get them shut down and their employees jailed. I politely thanked him and left. Then I called the local ATF field office myself and spoke to a very helpful ATF employee. I explained my situation, she cited 478§11 to me, told me I was good to go, and gave me her phone number to have Larry’s call her if they had any questions.

Armed with this information (ed.: see what I did there?) I went back to Larry’s, stood in line for the same guy, and explained my phone call. He was even ruder than before: “I don’t care what she said,” he said angrily; “I still won’t sell to you.” Clearly there was no point in arguing, so I left.

I’ve sent Larry Burnett, the owner, a detailed letter explaining what happened, so we’ll see what action, if any, he takes. Until I hear back, though, Larry’s is off my shopping list. If you’re in the market for firearms, ammunition, or supplies, I suggest you go elsewhere.


Filed under FAIL, General Stuff, Smackdown!

Don’t use Symantec security software

You may know that Symantec recently admitted that its network was compromised and that the attackers got the source code to pcAnywhere, Norton Internet Security, and a few other products. Buried in their acknowledgement, however, was the fact that the source code leaked in 2006 and has thus been floating around in the community for quite a while.

Jonathan Shapiro’s response on the IP list seemed to hit the right note for me:

The pcAnywhere source code leaked in 2006, and in all that time nobody thought to do a serious security review to assess the customer exposure that this created? And now after five years in which a responsible software process would have addressed these issues as a matter of routine, they are having people turn the product off?

This is the company that ships the anti-virus and firewall software that you are probably relying on right now. A version of which, by the way, has also leaked. Do you want to be running security software – or indeed any software – from a company that fails to promptly report critical vulnerabilities when they occur and then ignores them for five years?

You can argue about whether Microsoft’s disclosure policy is perfect or not. I cannot, however, imagine a circumstance in which Microsoft became aware of a potential vulnerability and then didn’t fix it for five years.

So: if you’re running Symantec security software on your personal machine, your company’s workstations, or your servers… time to get rid of it and replace it with software from a more responsible (and, one hopes, more security-conscious) vendor.


1 Comment

Filed under FAIL, Security, Smackdown!, UC&C

Don’t buy from

Long story short: their customer support is poor, they don’t stand behind their products, and they aren’t honest about either.

I bought two electric Airsoft rifles for Dave and Tom for Christmas. Tom’s was fine; David’s was poorly designed and built. I got an RMA for it the day after Christmas, then had to fight with them for months before getting a partial refund. First they ignored me, then they claimed that the rifle had been damaged in return shipping (but couldn’t produce a UPS claim), then they claimed that it was damaged before shipping.

I eventually had to dispute the charge with my bank. The whole thing was a big hassle and not worth the few bucks that I might have saved by buying from them instead of a more reputable vendor.

Avoid them.

Comments Off on Don’t buy from

Filed under California, FAIL, Smackdown!

Hurricane on the way to Miami


Comments Off on Hurricane on the way to Miami

Filed under Friends & Family, Smackdown!

New York Times surrenders to Marines

Well, not really. They did, however, overturn their longstanding style rule that says that “Marines” shouldn’t be capitalized. The Marine Corps Times has the whole story, drawn from the Times’ Philip Corbett’s blog entry here. Semper fi, Old Gray Lady!

Comments Off on New York Times surrenders to Marines

Filed under General Stuff, Smackdown!

Queuing system FAIL

I’m trying to sign my oldest son up for the Church of Jesus Christ of Latter-day Saints’ summer youth program, Especially For Youth. Frankly, I’m jealous that he gets to go. It’s sort of a combination summer camp and mini-seminary, and everyone I know who’s attended it (or whose kids have been) has raved about it. However, the signup process is giving me a headache. Here’s what’s on my screen right now:


So let me count the ways that this reeks of FAIL.

First, it doesn’t tell you what your queue position is. Having a queue length is meaningless; all it does is tell you the total number of people who may (or may not) be waiting for the service. Without some estimate of where you are, knowing the number of people in line or the wait time isn’t helpful.

Second, what does “the average wait time for the entire line” mean? If it’s for the entire line, is it really a total time, or is it the average time that someone has to wait in the queue? It can’t be the latter, because it keeps bouncing up and down. I’ve seen it as high as 130 and as low as 85– during the 240+ minutes that I’ve been waiting.

Third, how about an estimate for when it will be my turn? Is that too much to ask?

Here’s the best part: the registration isn’t first-come, first-served! There’s no hurry to register, but that little detail is several clicks beneath the actual registration screen.

Managing signup queues for high-demand events like EFY is a well-understood problem. If you’ve ever used Disney’s FastPass system, you know about one possible solution (and one that would certainly apply here). The LDS Church does such a good job with its use of technology in general that it’s a real disappointment to see this kind of junk.

Comments Off on Queuing system FAIL

Filed under FAIL, Smackdown!

Oracle gets hammered on security

It’s like a joke that never gets old. I’ve written about Oracle’s terrible approach to product security before (here, here, here, and here are a few examples… bonus: this). Now security legend Jericho has written this outstanding timeline of exactly what Oracle has failed to do in the security arena. He should have subtitled it “Bring Me the Head of Mary Ann Davidson”. Well worth a read.

Comments Off on Oracle gets hammered on security

Filed under Security, Smackdown!

Key Bank, you’re gonna get it

I am so mad right now I could just spit. Key Bank has been slow-rolling me at every turn as I attempt to get them to pay off on one of Dad’s insurance policies. The latest: I asked them to fax a piece of information to the insurance company. After multiple requests, they finally sent in the necessary form… and left most of it blank. Naturally, the insurance company was not amused, and now I’m essentially back to square 2.

My immediate urge is to write a paint-scorching letter to several of these folks. However, I’m going to give them another two business days to get all their socks in the same basket. If they haven’t squared things away by then, it’s hammer time.

Update 8/25: a supervisor at Key was able to get the documentation problems solved, although it took longer than it should have. I’m debating whether to drop a dime on the incompetent, slow, and generally unfriendly person I had to deal with. On one hand, everyone has periods where they’re less effective than usual, so maybe she was just having a bad day. On the other hand, it’s amazing how a crisp letter can help snap people out of those kind of bad days.

1 Comment

Filed under Smackdown!

Hilton Garden Inn, Albany Medical Center, Albany NY

We recently stayed at the Hilton Garden Inn attached to Albany Medical Center. I felt it necessary to write a letter to Hilton Hospitality’s CEO. See below.

Continue reading

Comments Off on Hilton Garden Inn, Albany Medical Center, Albany NY

Filed under Reviews, Smackdown!, Travel

Publisher beatdown

I like to think that I can write a decent smackdown letter, but Michael Rakusin, director of Australia’s Tower Books, puts me to shame with his response to a bookseller’s demand that Tower pay extra fees to help the bookseller be profitable. Mr. Rakusin, my hat is off to you.

Comments Off on Publisher beatdown

Filed under Smackdown!

McAfee: yes, we changed our FAQ

So, via this article from Computerworld, confirmation that McAfee’s SiteAdvisor FAQ did say that it included anti-phishing features, as I said it did the day our phishing tool report was released. I am pleased to see them owning up to it, and I look forward to seeing how the new and improved Site Advisor Plus does in a head-to-head test.

Update: Sandi says it better than I could, since she’s a disinterested third party.

Technorati Tags:

Comments Off on McAfee: yes, we changed our FAQ

Filed under General Tech Stuff, Smackdown!

26 million veterans at risk

Wow. This is hard to believe: someone stole personal data on 26.5 million US military veterans from the home of a Veterans Affairs employee. What the devil was the employee doing with that data at home? “Working on a department project,” according to the NYT. This FAQ from the VA says, basically, nothing: veterans should monitor their financial accounts for unusual activity (hey, great idea), and employees are getting training so that this doesn’t happen again (training? how about some public floggings pour encourager les autres?) Thanks a lot, guys.

Comments Off on 26 million veterans at risk

Filed under Smackdown!

“Complete failure of Oracle security response”

David Litchfield delivers some very strong medicine to Oracle in his open letter, “Complete failure of Oracle security response and utter neglect of their responsibility to their customers“. I wrote about Oracle’s bad attitude a few months ago, and it doesn’t seem to be getting better. His conclusion:

What is apparent is that Oracle has no decent bug discovery/fix/response process; no QA, no understanding of the threats; no proactive program of finding and fixing flaws. Is anyone in control over at Oracle HQ?

A good CSO needs to more than just a mouthpiece. They need to be able to deliver and execute an effective security strategy that actually deals with problems rather than sweeping them under the carpet or waste time by blaming others for their own failings. Oracle’s CSO has had five years to make improvements to the security of their products and their security response but in this time I have seen none. It is my belief that the CSO has categorically failed. Oracle security has stagnated under her leadership and it’s time for change.

I urge Oracle customers to get on the phone, send a email, demand a better security response; demand to see an improvement in quality. It’s important that Oracle get it right. Our national security depends on it; our companies depend on it; and we all, as individuals depend on it.

Comments Off on “Complete failure of Oracle security response”

Filed under Smackdown!

A Rocket to Nowhere

Wow. This essay is a stinging, and entirely accurate, assessment of the current state of the Shuttle and ISS programs. Too bad NASA won’t do anything about it. Excerpt:

In the thirty years since the last Moon flight, we have succeeded in creating a perfectly self-contained manned space program, in which the Shuttle goes up to save the Space Station (undermanned, incomplete, breaking down, filled with garbage, and dropping at a hundred meters per day), and the Space Station offers the Shuttle a mission and a destination. The Columbia accident has added a beautiful finishing symmetry – the Shuttle is now required to fly to the ISS, which will serve as an inspection station for the fragile thermal tiles, and a lifeboat in case something goes seriously wrong.

This closed cycle is so perfect that the last NASA administrator even cancelled the only mission in which there was a compelling need for a manned space flight – the Hubble telescope repair and upgrade – on the grounds that it would be too dangerous to fly the Shuttle away from the ISS, thereby detaching the program from its last connection to reason and leaving it free to float off into its current absurdist theater of backflips, gap fillers, Canadarms and heroic expeditions to the bottom of the spacecraft.

1 Comment

Filed under Smackdown!

Oracle: if you can’t say something nice…

Boy, this is worth a read: Oracle’s chief security officer, Mary Ann Davidson, has an op-ed piece on CNet in which she attempts to blast some security researchers (in particular, she links to this story on Alexander Kornbrust, so I assume he’s target #1). I don’t think I would have taken her approach, for two reasons. One is that it’s going to inflame the BlackHat crowd, and will undoubtedly result in Oracle’s vulns getting much more press than they would otherwise– remember, the tech press loves controversy.

The other reason is that, given Oracle’s recent security troubles, she would have been better off to talk about how Oracle is addressing the legitimate concerns its customers have. She’s right that fixes to even simple vulns still have to go through a full test and release cycle, but she’s being disingenouous in claiming that Oracle has been responding in a timely manner to the notifications they’ve received. They haven’t (and this is not new behavior).

Fearless prediction: Oracle will get publicly spanked by Kornbrust, Litchfield, and probably some others during BlackHat. Davidson will be unrepentant.

Leave a comment

Filed under Smackdown!