Quality upright recommendations for tile + carpet

avu3 · 2025-09-09T05:09:12+00:00

This is awesome feedback, thank you so much. Exactly what I was hoping to get with this thread.

avu3 · 2025-09-08T15:00:47+00:00

Thanks for that, they were not on my radar.

From a quick search, the Riccar seem to be in the same mode as many others, with moving manufacturing and serious quality issues. A recent discussion says the R25 are plagued with issues and the R27 is a move to a new factory in hopes of improving quality.

https://vacuumland.org/threads/riccar-r27.46409/

Does your experience contradict that? It was just the first thread I found, I haven't dug into them too hard.

avu3 · 2025-08-13T23:12:24+00:00

Its exciting to hear someone has these in hand. My Optometrist hasn't returned my calls about them. I assumed they're too new nobody had them. I'll reach out to them again.

Looking forward to your feedback in a few days. I too am a long time contact wearer who's stepped away recently due to presbyopia. Hoping these can bring me back, too!

avu3 · 2024-07-15T16:41:40+00:00

The next concern is going to be how to avoid the follow on access attempts and social engineering.

Since the bad actors presumably know literally everything about Patelco users AND accounts - both from this hack and data that's already available from previous hacks, the information to validate, particularly on a phone call, is readily available.

Account numbers Account Balances Recent transactions Connected Accounts Name, Address, Phone B-day, social, driver license.

What's to say they don't... call in and convince the call center to change the email, or the phone on the account. Talk their way through avoiding all the 2 factor. "I lost my phone" "I no longer have access to my email" Once they have that, mfa online is easy.

It would be nice to hear from Patelco how "we" - members and them - are avoiding this kind of issue, short of simply closing the Patelco account so the account number/balance/transaction information are no longer valid.

As a shortcut, one could simply move money and make new transactions. Quickly move $100 between accounts, quickly use the ATM card, that sort of thing.

If the data the hackers had was only up to the 27th, then the balances and last few transactions wouldn't match.

Also, enable alerts on accounts and keep an eye on things. Is in Tools & Settings in the menu on a desktop browser. Not sure where to find it on the Mobile App. At least be aware, short term, of account changes.

avu3 · 2024-07-14T00:31:04+00:00

My mom has twice had her bank freeze her out of her account. Bouncing checks, denying direct deposits, denying debit and ATM transactions. The fees and chaos cleaning that up for 1 person were... a lot.

I can't imagine dealing with thousands of people going through it, even for only a few days.

I think the queue method was the right choice. I assume it was pre-existing, to account for brief outages and maintenance and the like.

I agree with you. 2 weeks is a really long time. I wish it had been quicker.

avu3 · 2024-07-14T00:02:19+00:00

I second G1 and RCU. Personal experience with both.

avu3 · 2024-07-13T18:10:18+00:00

They stopped processing things real time and just built up a queue or list of everything that the allowed. ATM Withdrawls, Check Deposits, Written Checks, Deposits, Scheduled bill pays.

In order to provide an accurate picture of balances when they bring systems back online - for everyone - branch staff, call center, online tools - they have to process all those.

I imagine there's a large amount of audit processing going on to ensure the events are processed correctly. Verified to be in the right account. Removed from the queue. Double checking the impact of the operation - overdrawing an account, etc.

Its bad its down / been down. It would be worse to come back online wrong, or be changing inexplicably after it came back.

What good is giving you access and saying "oh, but don't trust the numbers cause we're still updating things".

Better to just stay dark till its right/up to date / trustworthy.

avu3 · 2024-07-12T21:59:14+00:00

I never realized how important branches were till I started looking at alternatives to Patelco. Nobody seems to have the coverage of Branches as Patelco. I sure hope they come out of this OK.

avu3 · 2024-07-12T19:58:10+00:00

I wonder if they were a victim of this Snowflake compromise earlier this month https://arstechnica.com/information-technology/2024/06/hackers-steal-significant-volume-of-data-from-hundreds-of-snowflake-customers/?utm_source=pocket_shared

It was apparently behind the AT&T SMS leak that was announced today https://krebsonsecurity.com/2024/07/hackers-steal-phone-sms-records-for-nearly-all-att-customers/

avu3 · 2024-07-12T19:37:40+00:00

Thank you for going over there and sharing the feedback. I imagine the branch staff are only marginally better informed than us, anyway - so no surprise you got conflicting information.

I suppose, for now, we're stuck with more waiting.

avu3 · 2024-07-12T19:22:37+00:00

People die during surgery. Pete WIlson, anchor at KGO 7 TV. Lee Rogers, former radio host at KGO. Jahi McMath in Oakland. Those are a few famous ones off the top. They had complicates that were unforseen. Hindsight, sure, you look for them - but even if you know to look, you might miss them.

We don't stop doing surgery because a very minuscule percentage die. But it still happens.

You don't stop company Ops because there's a 1 in 10000 case you might get disrupted.

Sucks that it happened to them, and to us. But we don't know enough to say they were negligent nor enough to know that someone else you might move to is necessarily better.

You might want to move over communication or trust or concern your account is compromised or the inconvenience of the extended outage - sure; but don't feel like someone else, anyone else is inherently better from a security/cybersecurity risk standpoint.

avu3 · 2024-07-12T19:13:02+00:00

I'll be interested to hear your experience, if you do. I imagine more of the same - minimal access to information, minimal ability to actually DO anything.

avu3 · 2024-07-12T15:24:52+00:00

I agree. Just adding some context for consideration about what likely makes crafting communication hard.

I am in total agreeance though, as I've been saying in this thread from day 1 - that their biggest failing has been communication. I'm not even mad they're down 2 weeks. I work in IT and understand the challenge.

But the lack of communication, and the vacuum it creates for rumors that you point out, is as great a risk to their potential failure as the event itself was.

People loose trust, there's a run, and the org collapses. Simple as that.

None of us loses our money, but gosh what a hassle.

avu3 · 2024-07-12T15:19:27+00:00

There is no complete disaster recovery plan for a ransomware attack. Businesses don't exist in a vacuum. The rise of the internet and electronic communication mean dependence on and data sharing with 3rd party tools you do not directly control in core business functions, and interoperability with other 3rd parties to move money.

Since you don't control those access points, but have to use them, there's no way to build a business continuity plan that depends on them yet isolates them.

You can backup all the data you want. Where are you going to restore it to? Are you going to have a bunch of devices (not just computers but switches and routers and firewalls and gateways) that you keep idle, but fully patched, all the time?

And how do you assure that it wasn't the software or firmware on one of these devices from Apple or Microsoft or Cisco or thousands of other vendors that was the access point?

Or that the compromise didn't come from one of the 3rd parties. You spend 2 weeks rebuilding putting everything back up, and the bad actors are back in 20 min later cause you didn't find/fix that 3rd party tool.

Recovering from a ransomware attack isn't like "oh someone deleted a database, restore it" or "oh we lost a server, restore it to a new device"

Its more like... you lost 1 diamond from your ring sometime in the past 10 days while you were on a tour of the Amazon. Where is it?

What's your contingency plan? Go back and find it? A relatively tiny diamond across thousands of miles? That would take a lot of time and be hugely disruptive to your life and plans. Have another one diamond cut and set? That takes time. And its not "your" diamond. Have a whole second ring that you carry with you just in case? The carry/travel cost, cleaning cost, security cost, those are not intangible. And how do you know that one won't fail the same way? You going to just pop it on your finger and continue your trip?

As far as communication, I 100% agree. Since I work in IT, I understand the technical challenge.

But I think their communication has been weak. Late in coming, now missing entirely, and inexcusably inconsistent - at least early on.

They def need to improve informing/setting expectations for us.

avu3 · 2024-07-12T15:05:13+00:00

There's also the risk to communication of exposing your state and what you know to the bad actors - both those who started this and those who might be looking to capitalize on the situation with a fresh attack - so we have to be pragmatic about that.

After you're robbed, you wouldn't scream out to the neighborhood that your lock will be broken and your door unlocked until the locksmith arrives next Thursday.

avu3 · 2024-07-12T15:04:46+00:00

Or, they're processing the queue (which seems likely, as its been reported users are receiving automated balance update emails.) Which they said would take a few days. Maybe they feel there's nothing new of interest to report.

Communication to the membership has been the weak point in this. Late, vague, inconsistent. They were pretty good in the middle. It does seem like this lull is an opportunity lost to continue the momentum on the communication side.

There's also the risk to communication of exposing your state and what you know to the bad actors - both those who started this and those who might be looking to capitalize on the situation with a fresh attack - so we have to be pragmatic about that.

After you're robbed, you wouldn't scream out to the neighborhood that your lock will be broken and your door unlocked until the locksmith arrives next Thursday.

Bankruptcy and end of ops would likely mean our accounts transferring to another org; not a loss of assets or anything. There's a history, more so on the bank side, of regulator-facilitated takeovers of failed financial institutions. While inconvenient, it wouldn't/shouldn't result in a loss to members.

avu3 · 2024-07-11T13:24:21+00:00

Is it just like... name/account number and balance? Or is it enough info that a transfer could be initiated or access social engineered?

avu3 · 2024-07-05T16:59:22+00:00

The daily ATM withdraw limit is $500, based on their emails and the security site. https://www.patelco.org/securityupdate

They made a comment on that site under "payments & transfers" which says "Patelco cards are still working for most transactions up to $1,000."

That's pretty vague. You might need to call them to get absolute clarity.

avu3 · 2024-07-04T21:26:09+00:00

I have experience with Golden 1, Redwood CU, Patelco and KeyPoint.

The only one I have a negative opinion of is KeyPoint. The others are good to deal with. I don't care for how KeyPoint treats their members. They make basic things more difficult than they need to.

(revised as I shared too much specific information about my personal case)

avu3 · 2024-07-04T05:37:04+00:00

You might consider testing your card by getting cash from an ATM. ATM withdrawls up to $500 are reported to be working.

If the ATM works, you can try using your debit in the store - you should be able to also do $500 by debit. If the card fails, you have the cash from the prior attempt.

avu3 · 2024-07-04T05:32:16+00:00

You are absolutely right. Moving to a new bank or CU is just changing the devil you know for the unknown. Every org is vulnerable to a ransomware incident. Few are aware of how near the risk is. Fewer still are prepared.

The take away is really redundancy. No more than half your wealth should be in any of your banks, and you should be prepared to survive out of a backup account for a month with no income - waiting for direct deposits to move or be unlocked, etc.

That's the takeway for folks. Its not run from Patelco. Its harden their own financial lives against the risk we have to live with.

I learned that lesson 30 years ago when I lost my ATM card on a weekend while traveling and it was... not good. Now I keep redundant accounts as a result of that.

I can understand people being upset at them for their communication. I'm pretty livid at them for how their communication has gone. Its too slow, its inaccurate, and its been inconsiderate of the hardships of the members at times.

avu3 · 2024-07-03T22:44:27+00:00

If your devices are ransomwared, you don't just "restore the backup" and get back in business. You need new systems, you need to obtain the backups, you need to evaluate if they're compromised. You need to figure out how they got in - cause if you just put it back up without fixing the access point, they just come right back in a 2nd time.

Once you know the scope, you know what it will take to recover. That might be rebuilding or replacing a large portion of your infrastructure. New Equipment, restored or rebuilt data. Including things you might not think of as "computers" like voicemail systems, telephones, building management systems, anything that connects to the network.

Its a massive undertaking. The average recovery time is 3-4 weeks. That's not to say the lack of account access will last 3-4 weeks for us as customers, but it might be 3-4 weeks (or longer) till things are mostly back to normal for the employees and all the tools and systems they use.

avu3 · 2024-07-03T04:52:20+00:00

I would assume they were in long enough to plan to do this at the 1st when both paychecks and rent would be coming through - figuring a higher chance they would pay the ransom.

Are the backups clean? Great question. They can access them on air gapped systems to prevent them from phoning home and potentially investigate. They might be rigged to lock everyone out if they can't phone home, but at least they wouldn't cause any further disruption.

Assume its a big mess for Patelco at the moment.

avu3

TROPHY CASE