Original Mad Dog,
Fair questions. Here are my answers…
1. How many times did the username disclosure problem occur?
BB - I believe this one has already been asked and answered, and I've already eaten my crow for not getting it exactly right, so I'll defer this one to a my previous post…
Message 13999159
2. What testing was performed on the database changeover before it went live.
BB - Apparently, not enough. :)
3. You have said that the changeover went live in a small way on the morning of June 29 and in a big way on the evening of June 29. Was there an internal deadline to accomplish this in the second quarter?
BB - Late Wednesday (into very early Thursday morning) was a minor test rollout on a couple of servers, i.e. not the entire system. Yes, there were internal target rollout dates, but frankly we missed those. Had we been able to anticipate these problems, we would not have rolled out. There was no "hard" deadline.
4. Did anyone on GNET's technical staff oppose the second quarter deadline, if there was one, on the grounds that the rollout had not been sufficiently prepared for or tested?
BB - We made the call to go ahead with the rollout, as a team.
5. Did Jill Munden actually say what she was quoted as saying in the Wall Street Journal on June 30? ("We immediately fixed the problem and have technology teams in place to ensure the continued performance of Silicon Investor," etc.)
BB - I don't know exactly what Jill's words were, but we did have the engineers working round the clock (and we still do) to fix the errors on SI.
6. If the answer to #5 is yes, was her statement true or false?
BB - See answer above.
7. Given the fact that many userids are in fact the real names of people who post under an alias, do you consider SI's repeated posting of userids to be a violation of the commitment made to SI users in the GNET and SI privacy policies?
BB - There is no commitment that we take more seriously than protecting our customer's privacy. At this point, we can only apologize for the error, and reassure that no other private customer registration information (i.e. address, credit card, etc.) was compromised in any way.
8. What was in the first draft of John Busby's June 30 post that he removed? (see posts Message 13980809 and Message 13983371, the latter post indicating that the first post was not exactly what Busby had in the first draft).
BB - John did not, in fact, post something and then edit the post. The "first draft" that he was referring to was simply his "working draft" that he edited himself before posting it the first time. As John indicated in his second post (above - msgid=13983371), he had intended to be more apologetic in his first post.
9. If Busby removed anything, who ordered or asked him to remove it?
BB - As stated above, John did not remove anything from a posted message, ergo no one ordered him to do so.
10. Was Busby's statement in the June 30 post ("While the database upgrade is now complete, we will continue to monitor the site very closely to help ensure that our upgraded system continues to improve the performance of the site.") true or false?
BB - As I stated in a previous post, the new Oracle database is humming along just fine.
11. When Busby issued his statement on June 30 that the database upgrade was "now complete", had SI completed all testing of the reliability of the upgrade, including testing to ensure that the compromising of userids would not happen again?
BB - To be honest, I'm not exactly sure what you're asking on this one, so this may not exactly answer your question, but here goes... We fixed the initial occurrence of the "alias" bug, but we were not sure that we had solved the root cause (which is why we didn't issue a statement at that time, by the way). When the problem surfaced again on July 4, we were able to identify the root cause (because we were watching for it), and we resolved it completely.
12. When Busby issued his statement on June 30, had the database upgrade improved the performance of SI up to that time (22 1/2 hours after the upgrade), so that any additional improvements could reasonably be termed a "continuation" of the performance improvement?
BB - The new database has definitely exceeded our performance metrics vs. the old database. Unfortunately, that database performance improvement has been mitigated on the site, as a result of the other issues that we've been dealing with. As the site gets back to normal, we absolutely expect overall performance and site stability to improve.
13. Do you personally think it was appropriate for SI to wait nearly six full days before issuing a statement to its members about the problems associated with the upgrade?
BB - Boy, that's a tough one. There's an old saying, "When you're knee-deep in alligators, it's tough to remember that your original mission was to drain the swamp." We didn't issue a statement, because we didn't have complete information. In hindsight, we probably should have at least said, "We aware of the problems, and we're working our butts off to fix them." Again, my apologies.
14. Do you believe that SI should refund its members' money for the past week?
BB - We have something in mind along these lines and will be sending another Mass PM shortly.
15. Has SI done anything to permit userids (including those on past or closed accounts) to be changed so that they do not reflect the true identity of members? (Members who have requested this so far have been refused).
BB - To my knowledge, we've only had a handful of requests along these lines, and we've acted on them. If your request has not been handled, or you would like to change or correct your (non-public) User ID, you may do so by sending your request via PM to SI Admin Bob.
Important: For verification, the PM must include your current User ID, the *new* User ID that you want instead, and your e-mail address. In order to make the change, we also have to temporarily change your password, so we will e-mail you a notification when the change is made, along with your temporary password. Then, you can log in and change your password back to whatever you want.
A couple of additional notes here: 1. For those who don't know, your User ID is the name that you use to log in. 2. For new members (those who have joined within the last year or so), your "Username" and your public Alias are the same, and your actual name is stored elsewhere in the database. 3. Our policy does not allow you to change your public alias, although with extenuating circumstances, we have done so occasionally in the past, e.g. a long time ago, our system used to allow duplicate aliases, so we changed one of the duplicates.
16. Has SI taken any steps to allow members to disable the "personal question" route to obtain a new password (Those armed with a userid but not a password could more easily use these questions to obtain the true password.)
BB - Yes, we have temporarily suspended this functionality.
17. Does SI believe that it would be appropriate to devote more resources to its programming staff in light of this past week's problems?
BB - We are always on the lookout for talented programmers. If you know any, send their resumes my way.
18. How long can members expect the remaining problems to linger? (Such as dropped characters at the end of messages, unalphabetized bookmarks in some places, and html garbage in messages)
BB - We are working to fix these as quickly as possible. We've put a two-week feature freeze on the site, i.e. no new development for two weeks. I hope it won't take that long to resolve all of the remaining issues.
19. Were any management financial incentives or performance review milestone achievements contingent upon the database upgrade being implemented in the second quarter?
BB - No. No one was held accountable for getting it done by June 30. Individuals are and will continue to be held accountable for getting it right. If anyone wants to point a finger, point it at me.
20. Does SI owe its members an apology and an admission of the errors that were made?....
BB - Yes. I've apologized several times in this and other posts, and a more formal apology is forthcoming, along with the offer I alluded to in Question #14.
Thanks,
Bryan |
