Category Archives: General Observation

Cooking The Goose

iStock_000017259425SmallHere is a fact you won’t see on any company’s forward looking statements: “Nearly half of Americans would have trouble finding $400 to pay for an emergency

If you are an owner or stockholder in any company, this should terrify you.

The entire premise of capitalism is based on a strong middle class capable of purchasing goods and services.

The facts are clear: the middle classes around the world are under severe pressure and, here in America, $400 away from disappearing completely.

Meanwhile, Big Business continues an all-out effort to get that last $400 as if nothing was wrong.

It’s no coincidence that Big Business ranks very low on American’s confidence scale while Small Business ranks very high:


We can argue all day about who is at fault, but that’s not going to change the outcome. The system is spiraling out of control, meanwhile Big Business is allowed to pay legal bribes to politicians to make sure there are even less controls and even more tax breaks for them.

This unchecked system has allowed behemoths like Amazon and WalMart to monopolize vast portions of our economy, suffocating the goose that laid the golden egg. Enjoy it while you can, because the end is only $400 away.

GOPD Drops Software Ownership Claims

On April 15, 2016, Prop Solutions filed a Federal Copyright Complaint against GOPD and others claiming that Prop Solutions was the sole owner of software GOPD was distributing to independent office supply dealers.

On May 17, 2016, GOPD filed a Counterclaim asserting they were the sole owner of the software, or in the alternative, that GOPD was a joint owner in the software.

The case then entered the discovery phase where documents and testimony were produced.

On March 3, 2017, GOPD filed a Motion for Voluntary Dismissal of the May, 2016 counterclaims that GOPD owns all, or even some of the software.

GOPD has given up on trying to get a court to declare that GOPD owns all or even some of the software currently being distributed to independent office supply dealers.

Is buying from Amazon always a good deal?

amazon2016-1My business monitors prices across the office, janitorial, food service, safety and industrial markets in the United States and Canada. Every week I review the rejects from the latest pricing scan of the Amazon site. Every week I encounter a fresh batch of wildly misrepresented, contradictorily described and confusingly packaged products on the Amazon site. These are not bizarre products, but everyday common supply type items.

The most common problem is the ever changing unit of sale. On some items, the quantity you receive for your selected item depends on the seller you choose. On other items, the quantity is just deceptively wrong and unless you bother to read the reviews you can get taken to the cleaners.amazon2016-2


Poor Ms. Satterfield is blaming herself for Amazon’s misleading data. This is understandable considering the harsh consequences for daring to question Amazon. There have been multiple high profile stories regarding individuals being “banned for life” from Amazon for simply returning products. No one knows exactly what triggers this “lifelong ban” but the fear is real for those who feel they cannot live without Amazon. These ill-informed people continue to pour their hard earned money into the Amazon void.


amazon2016-5-pngThen there are just the out-and-out scams. Apple recently sued an Amazon supplier over fake iPhone chargers, claiming that 90% of the products Apple bought undercover were counterfeits. Apple goes on to say Amazon.COM directly sold counterfeit products.

It’s not just the obvious scams and phony Apple products either. Do you really believe you are getting a genuine top quality $400 HP toner for $25?


Don’t think that Amazon Business customers fare any better. The same data is shared between the two supposedly separate sites.

Regular office supplies can cost you an arm and a leg on Amazon Business! These “Amazon Prime” eraser caps list price at $1.25 and are commonly sold for a dollar or less. Amazon Business customers pay SEVEN TIMES this everyday price!


The poor Amazon customers have become so accustom to getting ripped off, they now just accept it as “okay.”


Well it’s not okay. Getting taken is not inevitable. While Amazon may be suitable for some purchases and can offer some great deals, it’s the notion that *EVERYTHING* is a great deal on Amazon that can get you into serious trouble.

These are just a few examples of the hundreds of issues with Amazon data that I have personally found. These examples were taken from one day’s scan, and they only took a few minutes to find. If you are a business customer buying on Amazon, you have a choice. Waste time and money by constantly being on guard for fraud, scams, rip-offs and overcharging, or bypass the headaches and hassles and just choose to buy from a reputable source.

My name is Rick Marlette. I have worked in and around the office and supply industry for over 40 years and have been employed as an independent pricing consultant to the supply industry for the last 18 years.

All is NOT Well

Hear, speak, and see, no evil  RM

ECI’s Andrew Morgan pretty much lost it over my Disaster in Dallas post. Now, he has changed the story from one of his original emails describing the incident shown below.

In Morgan’s latest story (here) I am of course uninformed by, and unconnected to, the ECI elites. I’m just mean ol’ Rick out to get the poor and defenseless ECI. This sounds familiar.

In case you forgot, this was the same excuse provided by Morgan and crew the last time I dared to criticize their pathetically transparent OPSA fraud. Rick just doesn’t understand. Rick is just a United mouthpiece. Rick does not have all the facts. Rick is a liar. Rick’s a meanie. Rick did not consult with us. Rick is not agreeing with us. And on and on. This pat-answer bravado from ECI can all be boiled down to: “We here at ECI are better and smarter than everyone else and are above all forms of criticism.”

While I may not be better or smarter than the ECI elites, I do know bullshit when I see it. The problem with these ECI spokesmodels is that they have become so encased in their own propaganda that they actually believe it themselves. So let’s have a look at what they have to say. You decide who is telling the truth.

In Morgan’s most recent story, (here) he states that a ransomware virus was detected on the DDMS hosted environment and traced back to a legitimate user.

In one of Morgan’s original stories (below), he states that “we are taking the DDMS hosted environment offline.” He goes on to tell DDMS customers, presumably all of them, that two days of orders “will likely need to be re-entered.”

One user, at one dealership, took the entire DDMS hosted environment offline resulting in the loss of two days of business. These are Morgan’s own words. Let that sink in for a minute.

Now, attempt to reconcile these statements with this bit of propaganda from Morgan’s latest spiel: “security and data protection is a top priority for ECI.” You can’t reconcile these two contradictory statements outside the ECI bubble. The event he so willfully describes is clearly a massive security failure caused by a catastrophic lack of priorities.

Was DDMS hacked like I said in my post? According to Morgan, yes it was. Was data compromised like I said in my post? Again, according to Morgan, yes it was.

Morgan wants to split hairs on this one issue claiming the hackers did not carry away your data so there was no data breach. But: “theft or loss of digital media” is the definition of Data Breach according to Wikipedia. In Morgan’s own words, there absolutely was a “loss of data.”

This is only what ECI is admitting so far: DDMS hosted was hacked, shutdown and there was a substantial data loss. What else happened? Who knows? We may never know. I do believe what the few dealers willing to talk about it have to say about the DDMS system. These are long time users of the DDMS system, not clueless presenters. Dealers, who by the way, are terrified of what Morgan will do to them and their businesses if he finds out they are talking to me. I have to be really careful. Morgan is obsessed with finding out who these dealers are. How dare they, after all.

This all confirms the broader point I made: “The ECI bankers only care about making money.” They don’t care about security and they don’t care about your business. You are just an asset to be stripped and flipped to the next banker in line. How many has it been now? Four or five? I lost count. A flip is due any day now, so keep that in mind.

Here is one of Morgan’s original stories regarding the incident:

Dear DDMS Customer,

We wanted to update you on the emergency maintenance being performed on the DDMS hosted environment this weekend.

As a recap of previous communications:

On Sunday we informed you that we were taking the DDMS hosted environment offline for emergency maintenance purposes. As part of our proactive monitoring procedures, ECi detected a potential security threat in one of our datacenters. ECi security and operations staff quickly responded and instituted emergency maintenance procedures to protect your data and ensure business continuity. Immediately upon discovering the potential issue, our IT staff isolated the case and at present we do not believe any dealer’s data within DDMS has been breached. ECi staff continues to work around the clock to resolve the issue.

At this point all systems have been restored and services are functioning.
If you encounter any issues with the hosted environment, please log onto the Support Portal or call Support and choose the option “Hosted”. For other inquiries, such as end-of-month or OPUS loads, please select the “DDMS” option on the Portal or when calling Support.

Due to the nature of the maintenance, orders placed on Saturday (5/28) and Sunday (5/29) will likely need to be re-entered. The ECi team will be proactively sending these reports to you to facilitate this process.

ECi is committed to supporting you and your business. We will continue to evaluate our policies, procedures and control mechanisms to ensure that your systems are safe and secure.

Andrew Morgan
President, Distribution Division

All is Well

Hear, speak, and see, no evil  RM

Below is ECI’s Andrew Morgan’s somewhat long winded response to the Disaster in Dallas post:

August 24, 2016

Dear Valued ECi Customers:

We are writing to set the record straight regarding the security and protection of our DDMS/DDMSPLUS hosted systems, your business management software and your data.  Please be assured that the security and protection of our dealers’ systems and their data is a top priority for ECi —thousands of dealers around the country trust us to protect their most valuable information, and this is not a task we take lightly.  ECi employs industry-standard best practices, tools and technologies to protect your valuable data and business systems and works diligently to try to stay one step ahead of those that seek to compromise our systems.

To provide some background, over the Memorial Day weekend, through ordinary event logging, ECi discovered a piece of unauthorized code on the DDMS hosted environment.  We traced this to activity by a legitimate user of the system who inadvertently spread a virus often referred to as “ransomware;” the code sought to block user access to certain files unless a “ransom” was paid.   In an abundance of caution, ECi’s IT Security team immediately initiated its security protocols, deactivated access to DDMS/DDMSPLUS, reset all data backups, ran security validations and worked around the clock to have the software up and running again in time for the opening of business Tuesday morning.  ECi also engaged a nationally recognized IT security firm to independently test the DDMS/DDMSPLUS hosted environment to assist in remediation.  We are happy to report that they concluded no data was breached as a result of this incident.

Recently, Rick Marlette of OP Software, LLC published a false and misleading article regarding the above incident. Marlette has made a habit of authoring defamatory articles in various media about ECi and his other enemies that we have largely chosen to ignore.  However, this article caught ECi’s attention because it was so replete with lies, misrepresentations, falsities and scare tactics that it might naturally cause angst among the dealer community and distract you from your business if it went unanswered.

First, don’t believe for a minute that Marlette is an unbiased “reporter” fighting for the welfare of the dealer community; he’s a typewriter bully with an axe to grind with ECi and his article is another self-serving attempt to damage ECi’s business.  Second, Marlette cites no sources in his article, provides no proof of any of the alleged activities, and seeks to capitalize on fear-mongering by offering conjecture, speculation and “what ifs” without any facts to back it up.  Third, he has not spoken with anyone on ECi’s leadership team regarding the incident to try to validate his claims.  His article refers to such things as “reports are starting to trickle in,” “it appears that …” and “I was told by a reputable source.”  If he really has credible sources to support his claims, why does he not cite any by name?

Marlette’s article also makes unsubstantiated claims about DDMSPLUS and PCI compliance, another subject about which he clearly lacks any credible knowledge.  DDMSPLUS utilizes a vault solution so that credit cards are not stored in the system nor does credit card data ever flow through the system.  By doing so, DDMSPLUS is purposely “out of scope” from a PA-DSS perspective and therefore allows dealers to be PCI Compliant.  PCI still requires dealers to meet the standards for PCI compliance regarding their own organization, but this is a typical solution that many software providers implement to ensure credit card security. It has been endorsed by numerous independent consultants that focus on PCI compliance and security.

We all know people like this and we fully expect that he will now try to engage ECi and our dealers with more lies upon being presented with the facts.  We want to be clear up front that this will be our only public response to this nonsense.  He has already wasted enough of the industry’s time with his calculated untruths.  We sincerely hope that if anyone wants the facts about data security and system integrity as it pertains to ECi’s software systems that they will contact ECi. Don’t get caught up in the fear-mongering of industry bloggers who seek to perpetuate lies and falsities about systems they know nothing about.

We have set up an email address – – to which you may submit any questions regarding your system’s security and our team will provide a prompt response.


Andrew Morgan
President, Distribution

Disaster in Dallas

Mature adult businessman smashing laptop on fire with hammer

Well it happened. Reports are starting to trickle in regarding the extent of the ECI hacking earlier this year. It appears the hackers got everything, credit cards included. We know for certain that DDMS cloud based systems got hacked, and you can bet that was not all.

I’m going to believe what I was told by a reputable source that DDMS is not PCI compliant. I’m also going to believe that ECI’s stunning answer to this problem was to convert to DDMS Plus, which they claim is PCI compliant. They failed to mention that, along with a multitude of other deficiencies, DDMS Plus will not even take credit cards.

So what does this mean to the typical cloud based DDMS dealer? Here is a warning from one of the many websites dedicated to PCI compliance about what can happen if you get hacked and are not PCI compliant:

Should you experience a breach and fail to prove your continued compliance with the PCI standard you will be forced to cover chargebacks, have your ability to process credit cards suspended, and escalation into a higher compliance tier, and tens of thousands in annual compliance auditing costs.

Now the question has to be what else did they get? Is your raw sales data already out there on the Darknet? Your customer name, every item they bought and the price, for how many years now? Do the hackers know the value of what they have?

My Analyst was the invention of Wilbur Reid who, after promising dealers the moon and stars, left SPR in disgrace when the inept SPR IT department could not hold it together. Then, in yet another stroke of brilliance, SPR dumped My Analyst, the dealers and all that confidential business data on the evil empire that is ECI. There you go dealers, the bankers will take care of you.

Well guess what? The bankers took care of themselves and the dealers are left holding the bag. Does this sound familiar? What started as an SPR scam to increase their profits may end up putting hundreds if not thousands of dealers out of business. Think Mason with ALL your sales history data and you’ll see what I mean.

Let’s don’t forget that your cost is in there too. So now your competition knows exactly where to strike, exactly where your vulnerabilities are. This takes the reckless disregard of confidential business data to an unprecedented level.

I’m going to go look on the Darknet for your data. I’ll let you know what I find.Understand that if I do find it, there is nothing I can do to keep others from getting their hands on it. Frankly, as valuable as this data will be to your competitors, and the fact that it could very well cost you your business, it’s hard to place all the blame on SPR and ECI.