Corporate policy gone wrong

Quarterly inventory – 2025 Q4

Dear FutureMe,

Today would be a good day to do a quarterly inventory.

How is your personal life going?

How is your work life going?

How is your Volunteer Service life going?
Future Me

Personal Life

This quarter gave me the opportunity to attend two weekend conferences out of town, and I enjoyed both of them.

I’m a little depressed because cold-and-overcast season is here again. I can see why people like living in the desert. I have relatives who live in the Pacific Northwest, on the coast, and man, that would be depressing nine months out of twelve.

A walk to remember

Mildly amusing, I needed to get some car work done, so I took it to the dealer I bought the car from. This is probably not the best idea because they don’t treat me as well as I would like. No matter, I dropped off the car first thing in the morning, went to a little cafe and got breakfast, and then texted a retired friend in town that I’m in town, and would he mind if I dropped by for a visit? He said, Sure, did I want a ride? No thank you, I’ll walk – I need the exercise; it will only be a 25 minute walk from downtown to his house.

I was about five minutes into the walk when the gastric distress kicked in.

I successfully did not poop my pants. Let’s get that said right up front. But man, it was an excruciating walk: go some number of feet, stop, pause, clamp down, and wait for the spasm to pass. Nowhere along the walk was a public park with a public restroom. I wasn’t going to walk up to a random house (if anyone is even home) and request to destroy their bathroom. Anyway, the mildly amusing part was that at some point, I paused, crossed the street, and paused again right behind a small pickup truck sitting in front of a house. I look up, and on the back of the pickup truck was a sticker that was essentially this:

(click the + sign to reveal the spoiler)

Thank you, God, for reminding me You have a sense of humor. 😉

Public sector Uber / Lyft

Another thing that happened is that I became miffed with the City of Visalia for using my tax dollars to play the big shot. Visalia Connect

You see, I have friends who supplement their income by driving for Uber and/or Lyft. I’m 100% in favor of people who want a side hustle getting out there and doing the work – in the private sector. I despise when the public sector tries to undermine them, because they are doing so with your and my tax dollars. If the city wants to spend tax dollars on police and fire, I’m 100% in favor of that. If the city wants to spend tax dollars on a bus system with fixed routes, okay, that’s not the worst spend of tax dollars. It’s not a great spend of tax dollars, but sure, when someone gets so elderly that they cannot drive anymore, that there is a bus system they can use is a public good. Walking would probably be better exercise for them, but sure, it’s not the worst spend of tax dollars.

But Uber and Lyft? Why the hell should the city be trying to compete with that?

WORSE – the City of Visalia contracted with a French company to provide the service.

You can barely make it out on the photograph, but the side of the van says “Operated by RATp Dev USA”. RATP Dev USA is the North American subsidiary of RATP Dev, the international arm of the Paris-based RATP Group that operates public transportation systems worldwide.

My USA tax dollars are enriching a French company to undermine local taxpayers trying to improve their lives with a side hustle.

What the hell‽

Microtransit is a luxury, not a necessity. Let the people who want to bask in luxury pay their own way at private sector prices. Let local people make some money. Let Uber and Lyft, both based in California, make some money. Don’t be taking money away from our local police and sending it off to Paris, France.

Cynical me thinks that really, some corrupt official at the City of Visalia pushed through the idea to get kickbacks. I have no proof of it, but it wouldn’t surprise me. We’ve had lots of corruption in other areas. But yeah, I wouldn’t mind seeing the officials and bureaucrats behind this tarred and feathered.

Amazon shopping this Christmas (not)

I did just about zero Christmas shopping with Amazon this year. Their “Black Friday” prices are not better value than the rest of the year. I did buy a large Christmas gift from Costco.

Personal mail server

For about nineteen months now, my personal mail server has been rebooting. I just replaced it with a different installation here the third week of December. I expect that it will be rock-solid now.

Way back when, I built it as a combination WordPress (this blog), Dovecot/Postfix, and Nextcloud server. On Ubuntu. Well, the machine I was renting was too small, so I started splitting things off. Nextcloud I moved in-house onto bare metal. WordPress I moved to a different machine, but on Debian. I left Dovecot and Postfix on the Ubuntu box, because it was probably going to be the most painful to move.

When I built my personal mail server before, I used the excellent guide by Christoph Haas (workaround.org) to build it. Back then, I’d struggled a little bit with the difference that Christoph’s instructions were for Debian, and I was installing on Ubuntu, but I made it work okay. Let’s Encrypt certbot was a little tough because I wanted a wildcard certificate for multiple domain names.

But then the server started running out of memory. I built a script that checked for an out-of-memory condition, and if so, I rebooted the box automatically.

That was twenty-seven months ago. Initially, it would go three or four days without rebooting. Nineteen months ago, it was rebooting one to three times per day. Last month, it was rebooting at least three times per day and up to six times per day. I knew I wanted to work on it, but I also expected it to be a big job. Being ruled by a hundred forms of fear, I made it into a larger problem than it was – go figure.

I’d scheduled some vacation time for Christmas and even took off the Friday before Christmas week. Then my mom called me and changed my plans on when we were going (to later). Suddenly I have four days off before I need to be on the road, and that should be plenty of time – no matter how hard the migration went. It actually took about a day.

One thing Christoph doesn’t go into is fail2ban for the webmail. I did have that on the original Ubuntu box, although it was more for WordPress than anything. But for all I know, that was the source of the memory leak. I had also done a sort of funky disk layout, so I was running Restic for local backups. Maybe Restic was the source of the memory leak? I don’t know. But the new box has the email-on-reboot script in place, so I’ll see if it doesn’t reboot on its own any time soon.

Since I re-enabled comments on this blog with the spam protection coming from hCaptcha, I thought I’d try it with my webmail client. It is working great.

KDE Donation

I’ve donated to the EFF and Internet Archive for close to a decade now – I’m happy to support projects I think are worthwhile. I started donating to the Thunderbird project two years ago in November.

This quarter the KDE project did a request for donations, and I have really liked KDE, so I signed up for a small, $5 monthly contribution. Not very long later, over on the KDE mailing list, their community manager called everyone on X/Twitter Nazis. Maybe I’m the one off-kilter here, but I thought a community manager was supposed to grow their community. The exclusionary stance ends up alienating normal people and stunting the growth of the community instead. Later, the KDE community said they supported their community manager being a bigot.

Yeah, I’m out.

If these people are so infected with TDS that they don’t see the damage they are causing, I’m certainly not going to be an enabler and continue donating to their project. It is sad because I was first exposed to KDE back in 2006, and I like the desktop environment. But perverse behavior should not be rewarded. I’ve cancelled my donation going forward. If a different desktop environment shows up that is as good or better, I’ll switch.

Work Life

Well, I found out I’d miscalculated my retirement date; the pay period ends one week later than I’d thought.

It is mildly amusing to me that February 2026 has perfect alignment, with the first Sunday being on the 1st and the last Saturday being on the 28th. On the calendar, February takes the space of exactly four weeks. May and August 2026 have the worst alignment, spanning six weeks. I did a post this quarter about programming in RPG II under the heading Helping Sales make promises they could keep. May and August were the sorts of configurations that RPG II was not naturally a good fit for.

I got (probably my last ever) Performance Appraisal and my boss was kind. I’ve been feeling guilty about how much work I’m not doing, but my boss said this is a good thing. Proper succession planning means I must train everyone else what to do when I’m not here, and the best way to test my training is to let them do the work.

Volunteer Service Life

The Events Calendar Pro (TEC)

Well, I added TEC to the website for the fellowship, but it has bugs. I’m having to watch for errant behavior and then run a MySQL statement on the server:

DELETE FROM wp_options WHERE option_name LIKE '_transient_tribe_views_v2_cache_%';

DELETE FROM wp_options WHERE option_name LIKE '_site_transient_feed__%';

Still, TEC is remarkably better than Sugar Calendar, so overall it is a win. We might try out ticket sales next.

Flyers for events

One thing where AI has been a blessing and a danger is in adding events from outside sources. I uploaded a flyer for an event to an AI and asked it to convert the flyer into WordPress-compatible HTML. In one minute it did the job that would have taken me an hour or two. So that was great.

Then for another event, I pointed the AI at a series of pages the organizing committee had put up. That went great.

Then for a third event, I did the same, but the information was wildly off. I went to the web page, copied the URL, and prompted the AI to read that web page and create HTML from it suitable for pasting into WordPress. It looked okay, but… the event is at a Sheraton hotel, and this says Hilton… and the Hilton is 25 miles away! Oof. I asked where the information it gave me came from, and it said the web page, “This is what it says”. I put into the AI prompt “No it doesn’t” – and of course, then it apologized and actually read the website and created correct content. Apparently, it had pulled information from ten years ago and had simply run with that. AI is not intelligent (yet).

Contact Form 7 and Captcha

Our office manager is a part of a community of other office managers. One of them did a demo of their website, and that office had an email contact form. My office manager requested we do the same. I’d tried Contact Form 7 back in 2018, but the spam was immediate and incessant – I quickly deleted it.

So now I need to add it back in, but not subject my office manager to the onslaught of porn, supplements, and cheap junk email. The nature of the fellowship is not a great fit for ratting out people to Google as members of this fellowship. Well, if reCAPTCHA is off the table, how about hCaptcha?

I implemented hCaptcha for the contact forms on the website, and it has worked great. I was happy enough with it that I signed up for a personal account and added it to this blog’s login form for user comments. Later I used the same account to protect webmail on my rebuilt personal mail server.

The only thing I’d like better is if there were a pricing plan between Free and Pro. I do believe in paying my own way.¹ But for the month of December, I’ve used it twenty times (their dashboard tells me this). I cannot justify the Pro membership at $99 per month ($1,200 per year). The fellowship also believes in paying its own way, but also, we cannot afford $1,200 per year. $60 per year would be ideal – and I don’t actually want any additional features. I know that serving up their images and comparing the results takes CPU cycles. I just don’t want to be a freeloader.

Unless you’re going to be an asshole and call me a Nazi for my choice in social networks (duh!) ↩︎

Google chooses misandry

I recently got a Future Me email (an email sent to my future me):

Dear FutureMe,

Today is International Men’s Day. Every year, Google celebrates International Women’s Day with a Google Doodle. And every year, Google gives the finger to International Men’s Day. Can you spell misandry?

I deleted my Google account today. I don’t need misandrists in my life.
Me, November 22, 2024

I also deleted my Google account on the theme Make Orwell Fiction Again. I have a hat I bought for myself and as gifts. It seemed hypocritical to have a Google account and be promoting Make Orwell Fiction Again.

Google might have recognized their own misandry and decided to treat men with as much respect as they treat women with a Google Doodle on November 19. But I would not bet money on 2025 being that year.

pfSense 24.11 is not good

I had purchased the Netgate 3100 from the company because I thought that would get me the best compatibility and support. Well, an update was made available: 24.11-RELEASE (arm) and I made the mistake of applying it six days ago. My whole router/firewall has crashed thrice since then.

I’ve been pretty unhappy with Netgate for a while now, so a couple of days ago I pulled the trigger on purchasing a Protectli Vault V1210 Mini PC. I’ll install OPNsense on it and duplicate what I have in the Netgate. Then the Netgate 3100 will go to the landfill.

When I bought the Netgate appliance, I didn’t know about the shenanigans the Netgate owners were doing with their staff. I wish I had known that; I would have started with something other than Netgate.

In the Make Orwell Fiction Again category, I remember reading several articles about how the Netgate owners screwed a former employee, and it ended up in lawsuits. Those stories have now been memory holed. Sigh.

Later, I found a definite bug in their SMTP over TLS implementation, in the initialization routine. Mind you, I’ve been doing SMTP for more than twenty years. I know how to do SMTP via telnet, and can do really low-level commands with it. Everyone with that particular version of pfSense would be affected by not being able to do SMTP over TLS to an outside mail server because of this initialization bug.

I wrote up the bug with the steps to duplicate it, and I tried to submit it to Netgate technical support.

Their answer was “You don’t have a current support contract. Buy a support contract, and we’ll work on it.”

I am not paying you to fix your shit. You should be paying me for so clearly identifying where your software fell down.¹ The pfSense user interface under System > Advanced > Notifications has a checkbox to Enable SMTP over SSL/TLS. This should work, and it did not. I went through the steps at the command line level, and everything was there and workable. The certificates validated, and email flowed like it should – if I did it manually.

That they wanted me to pay them to fix their broken software is galling.

I do miss the days of Novell, where their published policy was “Yes, you need to pay to open a support ticket, but if this turns out to be our bug and not something you could have fixed on your own by RTFM², then we will refund you your money.” I think in the twenty years I was a GroupWise admin, almost every support ticket I opened with them ended up being zero cost for us. Once, the support technician said that yes, they had already known about the bug, but the Technical Information Document (TID) was only a day away from being published. Heh. If I’d waited a day, I could have RTFM’d the TID and not bothered with opening a ticket. Yes, he refunded us the support ticket cost. Sure enough, the next day the TID was published, with exactly the same steps the support technician walked me through to solve the problem.

I’m pretty sure it was an extra carriage-return character when calling OpenSSL. ↩︎
The Novell folk were always nice and polite, so in this case it is Friendly manual ↩︎

Expedia Untrustworthy: my frustrating encounter at a Holiday Inn Express in Gridley, California

My stay at the Holiday Inn Express in Gridley (Oroville Lake) wasn’t particularly terrible. However, during the checkout process, something incredibly bothersome occurred: they adamantly refused to provide a printed receipt (folio). The counter agent simply refused, conveniently attributing it to management’s decision.

It’s possible that this nonsensical decision stemmed from misguided management. I don’t hold the agent responsible for following instructions. Nonetheless, two aspects make this situation particularly irksome:

Firstly, I understand why financial departments require receipts: scammers exist. Secondly, they lied about sending me an email receipt.

Anyone can make a reservation, receive the email confirmation, print it out, present it to the finance department for reimbursement, and then cancel the reservation. Financial departments are aware of this, which is why they rightfully demand proof of actual hotel stays. The receipt (folio) contains the final charges and the checkout date.

The Holiday Inn Express in Gridley, California, flat out refused to provide me with the receipt/folio: all because someone wanted to save a penny on a piece of paper.

This would have been less troublesome if they had actually sent me the email receipt as promised. However, they failed to do so. I highly doubt that the agent knew for sure—she was probably instructed to inform customers that they would receive an email.

To clarify, the email receipt did not end up in my junk mail folder. I’ve been an email administrator for twenty years. I ought to be able to figure that out, no?

This ordeal frustrated me to the point that I decided to leave a negative review on Expedia. That’s when I discovered that Expedia allows property owners to censor the reviews they display. Each time I submitted a review, I received a rejection message claiming it was unacceptable. I tried toning it down and making it friendlier, but it still didn’t meet their standards. Only after significantly revising it did they finally accept it.

The most valuable lesson I learned from this experience is that Expedia’s review system is untrustworthy. I have no intention of ever using their service again.

The Rocket Mortgage web site is privacy hostile

If I have any sort of privacy controls enabled, the Rocket Mortgage web site does not work. They have some sort of cross-site scripting going on where they throw something at https://streaming.split.io/ (which is actually a ably.com )

Even when I tell Firefox to keep everything together in the same container, Rocket Mortgage fails it. My only choice to get it to work is to disable all privacy controls.

Thanks, Rocket Mortgage. I simply love you for pimping out my data to advertising johns. Not.

The year 2022: Late stage 2021 but with new, higher prices

h/t to one of Scott Adams Twitter followers, responding to a challenge to summarize 2022 in the snarkiest way possible.

The whole thing is a psy op run by incompetents at behest of elites inflicted upon the aimless. It came about through sixty years of indoctrination: “Buy this shit from our advertiser; that will make you happy.”

Amazon disappointment – I’ve removed my Echo (Alexa) devices

There was a recent policy change at Amazon which I hate, and as a result, I have removed the Amazon Echo (Alexa) devices and app from my life. It does mean I’ll be carrying my phone with me more.

A part of the Vision Statement for Amazon is “Our vision is to be earth’s most customer-centric company”. Well, this change in policy belies that; trying to annoy their customers for more money is the new practice. That’s the nice way to put it; predation is the stark reality.

So, what happened?

Amazon Music started inserting audio advertising into my morning music play. This happened four days ago.
Amazon raised their prices on Prime membership, and I opted-out at the beginning of October (about one month ago).

I’ve mentioned before that I hate bullies, and dislike advertising. I also really liked setting up my morning wakeup routine to start the day with inspirational music. This change by Amazon crossed all three lines.

So if my morning wakeup routine is spoiled anyway, what really do I need these devices for?

Other than as voice controlled light switches, they are sometimes a convenient voice controlled timer. I don’t need this – it’s a nicety at best.

The bargain was they would listen in, the app on my phone would do tracking, and Amazon would do (whatever) with that data. I assumed they were monetizing it somehow; that was fine – that was the bargain. But now that they’ve crossed the line and spoiled my morning wakeup routine, I’m out.

Really, the only power consumers have is the power of money; either the boycott or favored trade.

Part of the annoyance is that I purchased the .mp3 files outright. I made my playlists out of only these files. Yes, I wanted the artists to get paid for their work, and thought is was only fair that Amazon also got paid for doing the work to set up the deal, import the files and handle the transactions to the artists. My point is that I paid for these files. Anyone that would wrap my files inside their advertising is a bully / predator.

This morning, the advertisement specifically said “Buy Amazon Music Unlimited and you won’t get advertisements”. Or, I can just completely opt out. Spotify costs the same as Amazon Music Unlimited, they do have Joe Rogan, and they have an API I can use to create my morning playlist programatically.

In that way, Spotify is better: I can write a Python script to classify songs into lists, and pick two from the spirtitual category, one from the energetic category, build today’s list and program Spotify to play that. I could even then put the songs in a FIFO queue (perhaps with some randomization). Much better than anything I could get with Amazon Music.

It’s not lost on me that the Open Source community has a project, Mycroft, which would let me connect to my IoT devices without the data tracking which was the part of the Amazon Echo bargain. I’ve already got one Raspberry Pi. All it really needs is a microphone. Guess what I’ve got on order?

Maybe I don’t even need Spotify. Maybe I can just get Mycroft or Home Assistant to play .mp3 files on various Bluetooth connected devices.

Until I get that set up, I’ll have to use my phone apps for controlling the lights and keeping timers. This is a minor inconvenience at worst. And if eventually I hook Mycroft up to a Home Assistant and a Magic Mirror, the better.

“Free” apps for your smartphone

There has been a long standing piece of knowledge in the computer industry that if you are not the customer, you are the product being sold. That is to say that advertisers are the customer, and the data that the “free” services harvest from you is what is being sold to them.

There’s a reason why you get offers for a free hamburger if you order is from their app (and the like). If you use the app, you collect reward points and get discounts and such.

Oh By The Way

TANSTAAFL

Do be very selective in what apps you install. They are all pretty much data harvesting machines.

Man, Imprivata sucks

I need the administration manual for Imprivata (they do hardware based single-sign on). If I search for Imprivata onesign administrator guide I get a document on the Imprivata web site which is a marketing fluff piece.

Really, Imprivata? This is how you want to “help” me?

Turns out to get the actual administration manual, I have to go to manualzz.com

That doesn’t look sketchy at all.

Seriously Imprivata: how can you be that stupid?

And, by the way, the documentation my co-worker wrote says that their administration web sites don’t work with anything other than IE (Microsoft Internet Explorer, which is in hospice care, and has been since last summer).

I get it, software is hard, and upgrades can be tricky. It takes time to not break things.

But hiding your user and administrator manuals is downright customer hostile.

Sigh. Everything would be fine if only Imprivata would do as I say. (But seriously, I wouldn’t be the only person helped if they didn’t try to make it difficult for me to figure out how it broke this time).

I did not join Planet Fitness, because of their payment policy

Update: user K replied with what I think is the best insight so far:

Just happened to me today when I went to sign up after a year since I was a member. Noped right out of there. You’re right about the merchant fees but I suspect the real reason they are not billing with cards anymore is because of the high volume disputes they have. I used to work for a bank in the claims department and gym memberships and credit scores were our bread and butter. Visa and Mastercard have set rules in regards to merchant rights and would almost always return the funds back to the customer. An ACH transaction does not have the same protection and NACHA regulations does not cover product and services therefore if a customer disputed the transactions the likelihood of receiving the funds back is slim to none.
(emphasis added by me)

I did join a different gym. I was ready to join Planet Fitness; I took the tour, a pleasant young man explained the membership plans, and they sent me a link to sign up at. The facility seemed good, and it was closer to my home than the one I did end up at. But their sign up process demanded that I hand them my checking account number and routing number. That’s a nope, and we’re done.

I even found the Contact Us part of their web site and sent them an email asking what other options were available. They never bothered to respond.

The gist of the problem is computer security; Planet Fitness internal IT security isn’t that good. Well, no-one’s internal security is all that good – just ask T-Mobile: their 2021 data breach was T-Mobile’s fifth incident in four years. Worse, when T-Mobile was asked about the potential for security problems, their answer was “What if this doesn’t happen because our security is amazingly good?“

I can’t help but think that Planet Fitness feels the same way.

Why can’t I have the membership fee charged to my credit card? When their IT infrastructure gets breached (not if), I can easily get a new credit card number from my credit card company – if Planet Fitness would allow me to use a credit card. I’ve actually had to do that before; I got a physical letter in 2016 letting me know of a breach with a particular company that I did business with every couple of months. Changing the credit card number was pretty easy. Slightly annoying, but if that was the worst thing to happen to me in 2016, I’m leading a pretty charmed life.

But what happens when Planet Fitness loses my checking account number (and routing number)?

That would be a disaster.

Sure, I could close the compromised account, and open a new one; but my paycheck gets deposited there. Everything funnels through there. I even had a need to get paper checks printed up a year ago, and that expense of the rest of the paper checks would go in the shredder. Is Planet Fitness going pay me to get new checks printed? If I sued for it, I’m pretty sure I’d win – unless their defense was “well, if you are stupid enough to give us your checking account number, then that’s on you.” Maybe that is the way they think about their customers. 🤷

It also bothers me that Planet Fitness is only being somewhat truthful about why they want to pull the money directly out of my checking account. From their web site:

The method in which members are able to pay for their monthly membership varies by location, but many Planet Fitness clubs accept payment through checking accounts only. We require an Electronic Funds Transfer (EFT) through checking accounts for your convenience: This allows us to be able to continue your membership without interruption or the hassle of updating your payment information if your credit cards are lost/stolen, invalid or expired.
https://www.planetfitness.com/about-planet-fitness/customer-service/billing-faqs

I have a problem with “… for your convenience ….”

This is flat out falsehood. It’s not for my convenience, it’s for Planet Fitness’ convenience.

Also, Planet Fitness doesn’t have to pay the credit card company their commission. That’s the real reason they are willing to risk my security; they are being cheap. My security versus a tiny bit of extra profit? SELL ‘EM OUT BOYS!

It’s also important to note that there’s a major discrepancy in ACH vs. credit card fees. Broadly speaking, ACH transactions have the lowest costs associated with any payment system. On the other hand, credit cards typically charge 2.5% of the transaction value in fees, plus an additional processing fee. So, when it comes to ACH vs. credit card fees, ACH is the clear winner.
https://gocardless.com/en-us/guides/posts/ach-vs-credit-cards/

So, I found a gym that lets me pay by credit card. It is farther away from my home. It doesn’t have as many locations. But it does let me subscribe with a credit card, and it doesn’t lie to me about why they prefer to have my checking account number. They did ask; but they were honest and said it was because they wanted to avoid having to pay the credit card merchant fees. If I was willing to pay more to cover that, they’d let me use a credit card for billing. Yes, I am, because I know that no company’s IT security is all that good. I’m paying now for for easier recovery later. That gives me peace of mind.