Category: Tech

Posted on
by

Sorry for the lack of updates this past week. I was just way too busy prepping for our move this weekend.

A couple of interesting news bits I noticed when I got into work this morning:

It looks like I’ve been lucky with installing Windows XP Service Pack 3. I’ve had no problems with the one machine I installed it on. According to Information Week, a lot of people are having serious problems with SP3, including BSOD on AMD-based systems.

Also, NetCraft has a screenshot of a PayPal page with both the green bar of an Extended Validation (EV) SSL certificate and a cross-site scripting (XSS) vulnerability. It’s a step or two beyond the standard lock icon, but there are still limits to what an EV cert can tell you. Unfortunately PayPal and others are really trying to drum “green bar = safe” into people’s heads.

Posted on
by

Wow… you know gas is expensive when the spammers start hawking gas cards.

Our support contact address received a message touting “Finest List of Nurses Including Email Addresses – Free $50 Gas Card” I had to wonder what the heck it was, so I took a look at the message. They were trying to sell “sales leads” — i.e. names and contact information — of nurses, and were offering to throw in the gas card if you spent enough on “leads” to do your own spamming.

Posted on
by

Andrew Gregory points out that some browser detection scripts might have trouble when Opera 10 eventually rolls around. (Edit: Hallvord also comments.) Why? Because one of the easiest, ways of testing for a version number is to do look for the the “Browser n” or “Browser/n” patterns. The problem is that this strategy only grabs the first digit of the version number. That works fine for 1–9, but once you hit 10, suddenly it looks like 1 again.

Firefox and Safari, currently at just before and just after 3, are likely safe for now, but IE is creeping up on 8, and with their new, faster release schedule, IE10 may only be a couple of years away.

I’ll admit, I’ve written code like that myself (not the specific example, but I’ve done regexp matches that only look at the first digit), but always on sites that I expect to be able to maintain. Of course, one of the lessons to learn from Y2K is that shortcuts get entrenched, and code you thought you’d have time to clean up long before it became a problem has a tendency to stay in use far longer than you expected. And we’ve seen the same thing with web script archives, where someone’s example code that mostly worked in IE4 gets enshrined as “the” way to accomplish something, even though there have been better ways that work more consistently for years.

Posted on
by

It’s clear that a lot of people don’t actually read web pages before they respond to them. They’ll do things like…

  • Contact someone with a similar name, even when it’s clearly the wrong sort of organization — say, a student writing club and not the bookseller that’s been causing them problems.
  • Ask a blogger for a job application for a company mentioned in the post.
  • Ask unrelated tech support questions on a blog post because they used the wrong search terms for their problem.
  • Ask for help creating Flash animations on a forum dedicated to the Flash super-hero, then get indignant when people have the gall to point out that they’re in the wrong place.

Now, usability guru Jakob Nielsen reports on a study showing just how much people don’t read. In the average visit, users only read 28% of your text if you’re lucky. You have to drop way down — to 111 words — just to count on visitors reading half of it.

Depressing, but it explains so much. And it suggests there’s a benefit to highlighting key phrases. If they’re only going to read ¼ of the text, you may as well make sure it includes the important stuff.

Posted on
by

Mark Pilgrim, in The Day the Music Died, points out what happens when DRM meets market failure.

On August 31, Microsoft will turn off the servers that validate their “PlaysForSure” DRM system (this predates the system they use for the Zune). This means that anyone who has bought music that uses PlaysForSure will not be able to transfer it when they upgrade or replace their computer, or get a new music player.

It won’t be an instantaneous death like DIVX was, or like a subscription system, because it doesn’t phone home whenever you try to play a track. But it’ll be a lot faster than simple technological obsolescence. I can still play my old VHS tapes until my VCR breaks down (and then I could probably still get it fixed if I really wanted to), even though I don’t think I’ve seen a pre-recorded tape in a store in years.

This is also why I prefer to check Amazon’s MP3 store first, before going onto the iTunes Music Store, and then prefer DRM-free iTunes Plus to standard iTunes tracks. Given their current position, Apple isn’t likely to get rid of iTunes anytime soon, but if they ever did, I’d be in the same boat as people who purchased PlaysForSure tracks. (Though I’m hoping they’ll move the entire catalog away from DRM long before that happens.) Whereas since Amazon’s tracks are plain, ordinary MP3s, they could abandon the business tomorrow and I’d still be able to play the tracks for as long as I can find software that plays MP3s.

(via ma.tt)

Posted on
by

Following up on the PayPal anti-phishing discussion of a few weeks ago, I see that PayPal is promoting a service called Iconix. You install the program on your system, and it looks at your inbox for messages that claim to be from one of its customers. It tries to verify them “using industry-standard authentication technologies such as Sender ID and DomainKeys.” Messages that pass get a lock-and-checkbox icon attached to the sender’s name, and in some cases the name is replaced by the sender’s logo.

On the tech side, it’s similar to SpamAssassin’s whitelist_from_spf and whitelist_from_dkim features. Both allow you to specify a sender to whitelist, and it will only give a message special treatment if it can verify the sender.

On the user-interface side, it’s similar to EC certificates, in that it tries to highlight a “good” class of messages rather than flag or filter out a “bad” class.

It’s not a bad idea, actually, and now that I’m surprised I haven’t seen something similar in other email clients. It’s sort of like setting up custom rings or images for images on your cell phone address book

They seem to be focused on webmail and Outlook so far, and only on Windows, but it looks like the perfect candidate for a Thunderbird extension. They do have a sign-up form to notify you when they add support for various programs and OSes, and I was pleased to see not only Thunderbird and Mac OS listed, but Linux as well. Too often, Linux gets forgotten in the shuffle to ensure compatibility with every Windows variation.

»All pages site-wide with this tag