20 Questions
Bryan,
The questions are many, the answers remain few. Here's a few questions that many of us, I believe, would appreciate answers to:
1. How many times did the username disclosure problem occur?
2. What testing was performed on the database changeover before it went live.
3. You have said that the changeover went live in a small way on the morning of June 29 and in a big way on the evening of June 29. Was there an internal deadline to accomplish this in the second quarter?
4. Did anyone on GNET's technical staff oppose the second quarter deadline, if there was one, on the grounds that the rollout had not been sufficiently prepared for or tested?
5. Did Jill Munden actually say what she was quoted as saying in the Wall Street Journal on June 30? ("We immediately fixed the problem and have technology teams in place to ensure the continued performance of Silicon Investor," etc.)
6. If the answer to #5 is yes, was her statement true or false?
7. Given the fact that many userids are in fact the real names of people who post under an alias, do you consider SI's repeated posting of userids to be a violation of the commitment made to SI users in the GNET and SI privacy policies?
8. What was in the first draft of John Busby's June 30 post that he removed? (see posts Message 13980809 and Message 13983371, the latter post indicating that the first post was not exactly what Busby had in the first draft).
9. If Busby removed anything, who ordered or asked him to remove it?
10. Was Busby's statement in the June 30 post ("While the database upgrade is now complete, we will continue to monitor the site very closely to help ensure that our upgraded system continues to improve the performance of the site.") true or false?
11. When Busby issued his statement on June 30 that the database upgrade was "now complete", had SI completed all testing of the reliability of the upgrade, including testing to ensure that the compromising of userids would not happen again?
12. When Busby issued his statement on June 30, had the database upgrade improved the performance of SI up to that time (22 1/2 hours after the upgrade), so that any additional improvements could reasonably be termed a "continuation" of the performance improvement?
13. Do you personally think it was appropriate for SI to wait nearly six full days before issuing a statement to its members about the problems associated with the upgrade?
14. Do you believe that SI should refund its members' money for the past week?
15. Has SI done anything to permit userids (including those on past or closed accounts) to be changed so that they do not reflect the true identity of members? (Members who have requested this so far have been refused).
16. Has SI taken any steps to allow members to disable the "personal question" route to obtain a new password (Those armed with a userid but not a password could more easily use these questions to obtain the true password.)
17. Does SI believe that it would be appropriate to devote more resources to its programming staff in light of this past week's problems?
18. How long can members expect the remaining problems to linger? (Such as dropped characters at the end of messages, unalphabetized bookmarks in some places, and html garbage in messages)
19. Were any management financial incentives or performance review milestone achievements contingent upon the database upgrade being implemented in the second quarter?
20. Does SI owe its members an apology and an admission of the errors that were made?.... |
