Archive for the 'Web' Category

Canada is not part of the united states

October 28th, 2008

Weird Tales are offering a free PDF copy of their July-August 2008 edition, as a promotion and a way for people to properly sample the magazine without having to gamble on the money to buy it.

The subscription price varies dramatically based on whether you are subscribing from within the US, or internationally. And by “dramatically” I mean the price doubles[1] for international shipping.

And if you look at the subscription option for US addresses, they want to really make sure you are from the US. They have this sections under “fine print” (all emphasis in the source):

This offer is only for addresses within the United States. Other countries, please use our discounted international subscription options:

Which, well, makes sense. But immediately bellow that, they also have:

CANADIANS PLEASE NOTE: YOU MUST USE THE INTERNATIONAL SUBSCRIPTION OPTION. CANADA IS NOT PART OF THE UNITED STATES. WE CANNOT SEND BULK MAIL TO CANADA, MUCH AS WE WOULD LIKE TO.

Which cracks me up. Are there really any Canadians out there who think that Canada is a part of the US? Real people, living in Canada, who actually believe that? And enough of them to make it an issue that justifies adding this to the page? That’s a weird tale right there.

And that’s not all. They also have a similar bit on the page for international subscription orders:

CANADIANS PLEASE NOTE: YOU MUST USE THIS INTERNATIONAL SUBSCRIPTION OPTION. CANADA IS NOT PART OF THE UNITED STATES. WE CANNOT SEND BULK MAIL TO CANADA, MUCH AS WE WOULD LIKE TO.

For anyone who wants to play spot-the-differences, in the US page the text says “You must use the international subscription option”, while in the international subscription page it says “You must use this international subscription option”. I guess it’s accurate enough, if also a bit amusing.

Apparently Canadians also either have much easier time reading in all-caps than the rest of us, or they generally enjoy being shouted at. Nothing else on those pages (except some very short headers, or “BUY” links) is in all-caps. HINT TO WEIRD TALES: DO NOT WRITE TEXT IN ALL CAPS. IT’S EXTREMELY HARD TO READ. AND IT’S RUDE. IF YOU WANT TO MAKE IT MORE OBVIOUS, USE A BIGGER OR STRONGER FONT. OK?

So, just to make it absolutely clear: Canada is not a part of the US. You might have been tipped by the fact that it has a different government, their own military force, a border, their own military force, independent legal system, their own military force, their own ambassadors and foreign relations, their own military force (it bears repeating, in case someone failed to notice), and so on and so forth. But if not, well, I’m glad I could join with Weird Tales and help to clarify matters.

On an unrelated issue (well, related to Weird Tales, not related to Canada), Weird Tales need to update the site link they print in the magazine. The free copy has in it at least 5 place where it asks you to go to www.WeirdTalesMagazine.com. That site just automatically redirects to their current actual address of WeirdTales.net. An address which was registered in Nov 2007, so it’s not quite a last-minute surprise, I should add. It’s not broken, but it looks unprofessional.

And it’s not just the old printed magazines (though, frankly July-August 2008 isn’t that old), the old address is still listed on the site used to order the subscriptions. That’s an online copy, easy to change.

---
  1. $30 USD to $59.95 USD. That’s for 6 issues of Weird Tales, and apparently two special issues of H.P. Lovecraft’s Magazine of Horror[back]

1=0

August 23rd, 2007

I have a lot of good things to say about Google and their services.

No errors, total count is 1But Math doesn’t seem to be a strong point with them lately.

Their Webmaster tools service just let me know it found an error crawling my site.

On the overview I got 1 error under the Unreachable URLs category.

I went to see the details. And was surprised (though a good surprise, given the situation) to discover that they found no errors with the site.

The same page reports one Unreachable URLs error, and says they found no errors to report. Good counting. Hey, that’s 1 error right there, so maybe they’re on to something…

Some Israeli news sites object too loudly to being included in Google News

March 15th, 2006

This is actually a too-common problem with quite a few news sites around the world. They see their pages being included in a search engine, or a news portal, as someone stealing their content. Instead of seeing it as someone helping them get more readers.

And now a few of the big Israeli news sites are joining the fry, making a lot of noise, a lot more than they need to, about this.

The letter went on to say that collating news items from leading sites in Israel crossed boundaries. “All over the world, the issue of copyright infringement is gaining momentum, with an emphasis on the Internet. We believe there is no place to injure original Israeli content, which, to the contrary, should be encouraged. I am confident that the other leading sites in Israel will not lend a hand to injury of their property and will demand that Google refrain from using their content.”

Dimwits. Being included in a search engine index, or in a popular news aggregation service, doesn’t injure anyone’s property. It doesn’t hurt anyone. On the contrary, it helps them.

They don’t want their content copied, because they want readers to go to their own sites to read it. That’s fine. But that’s exactly what will happen. Sites like Google News don’t usually show the full stories anyway, they show headlines and briefs. Anyone who wants to read the story will have to go to the site which published it.

And a lot more people go to places like Google News, Yahoo News, etc, than directly to the news sites. And for a very good reason.

If someone is searching for a story, or for coverage of an issue, they originally don’t know which paper covered it best, if at all. So option one is to go to one news site, search there, go to another, search there, go to a third, search there, etc. And to go on until something good enough was found, or until the searcher is tired.

But if there are sites that allow to search for the story in a few of the papers at the same time, and show enough of of the story to decide which is the most interesting or relevant version, or even to directly open all the stories, that’s a much more appealing destination.

So true, if the story is bad, people won’t go to read it. But any paper which believe they’re in the business of writing bad stories probably can’t expect too many readers to go to them directly anyway.

By being excluded from the index a newspaper just assures that less people will come to them, because they will only get the readers who wanted them specifically to begin with. Anyone else will not find them, will not stumble upon their stories, will not discover that they covered the issues. That’s an attitude that doesn’t make much sense.

Additionally, search engines have covered some of these Israeli news sites for years now. It’s possible to run a search on a general search engine, in Hebrew, and get news results. Not from all of them, some Israeli sites don’t play for a long time now, but from the rest.

So this new outburst is because of the localized Hebrew version of Google News which is coming up. But it’s not all that different from what was available before, beyond presenting a page dedicated to news in Hebrew. It does make for a more obvious entry point for people looking for news, but it won’t index any content which Google didn’t index anyway.

The way these protests were made is also telling. There’s a very simple way to ask for civilized search engines not to include your pages in their index. And all the big players, Google included, are civilized this way. Put a robots.txt file on the site, and exclude either all web crawlers, or the ones you specifically object to.

Most page crawlers, of the types search engines use to go over sites and index them, look for the presence of this file, and check in it what parts of the site they’re asked not to index. It’s very simple to do, and it works.

Feder said that the Ynet site manager, Yacov Netzer, had written to Google Israel manager Meir Brand asking that the site refrain from using Ynet content.

One of the news sites mentioned in the article, Ynet, already have that file:

User-agent: *

Disallow:

This file explicitly says that all crawlers and web robots are allowed to access each and every page of the site. They’re saying that explicitly. Come index us, they say. It’s right there.

All they need to change is to add a single character:

User-agent: *

Disallow: /

This would be different, it would be blocking access to the entire site, news section included, by all crawlers. This means that their content will not appear on Google News. It’s that simple. Not only that, it’s nearly done. They don’t have to do anything else but adding that slash character. They don’t have to appeal to Google directly. Their manager doesn’t need to waste his time writing to the manager of Google Israel. There’s no point to it. They’re making the wrong choice, but they made it, and Google will indeed refrain from using their content. Problem solved before it started.

The letter on Walla!’s behalf was sent by the prestigious law firm of Herzog, Fox & Neeman. The letter said that as Google knew, articles appearing on the Walla! Web site were Walla!’s exclusive, copyright-protected property. “Therefore, unauthorized use that your company is making of these items on its Web site constitutes a grave infringement on my client’s property rights, by infringing copyright,” the letter said.

And that letter from a law firm on behalf of Walla!, what about it? I bet it took a lot of time, and money, to draft and present. Lawyers charge for consulting with them, for their work, for writing letters. Getting the site designer to write a robots.txt file would have been much simpler, much cheaper, and much quicker. As of right now, however, the Walla and Walla! News sites do not have it.

On today’s Internet, not having a robots.txt file is the equivalent of saying, but implicitly instead of explicitly as Ynet is currently doing, “Please come, index me, and allow to search my content, thank you” to the entire world. So Walla! are doing that, while at the same time having their lawyers billing them for talking with Google’s lawyers.

Brilliant. Just brilliant. And we’re supposed to trust these guys as our news source. Newsflash, people, robots.txt file is an old, old, standard by these days. And Google also respects newer meta tags that do the same thing, which can be (but are not, in Walla!’s case) embedded on individual pages.

They’re all so clueless that it’s quite staggering…

Partial interface modification

November 28th, 2005

I was checking out some program, and in order to download it was required to fill a personal information form (Which I didn’t do, as the program didn’t seem to justify all the info they wanted, but that’s beside the point of this post).

The form contains all sorts of field, including the usual name ones, and so on. The first field was a drop-down list labelled “Title”, without a default value.

I tried to press the submit button anyway, to see if maybe the form is optional. It wasn’t, of course. But the error message I received indicated that I have to fill in the “Gender” field.

I scanned the form, and while there were many fields there, there wasn’t anyone labelled “Gender”. At all.

So I made the assumption the check is done by order. And decided to open the drop-down list of the “Title” field. True enough, there were only two options – “Mr” and “Mrs”. So this was their way of differentiating gender.

I guess it started as a proper gender field, done the usual way with the two normal options. And then some executive decided they need a title field, thinking about all those titles and honorific they’re missing out of because the field is empty (Some sites have scary title lists with dozens of items, making it really complex for the people who are both princes, judges, and doctors at the same time, for example).

Only it appears that after changing the field to “Title”, and making it so that it could contain more options, the oversight must have ended. And it got reassigned to the gender job by someone who failed to realize that not all males want to be called Mr., nor are (a much bigger problems) all females properly described as Mrs.

Combine that with the lack of synchronization between the person doing the change, and the person in charge of doing the validation code for correct data (or at least the one in charge of writing the error messages), and you get exactly what I saw. Not filling a title, and being told I have to fill in the gender.

Funny, but it does not inspire much confidence in the technical, or design, abilities of the site operators and the company behind it.

Odd pointless spam

November 15th, 2005

Not that spam ever has much of a point for me, beside being a huge bother, but it usually does serve some purpose for the spammer. They want to get people to buy stuff from them. Or they want to con people into thinking they’re buying stuff from them while shelling out money for nothing. But it servers a purpose, and the spam message has some way for the recipient to get in touch with the spammer to give him (or her, women can spam just as well as men can) the money.

And yet over the last couple of weeks I received two types of trackback spam1 that did not fit into the mold. They were, from the sender’s perspective, totally pointless. Or at least appeared to be so, though there may be possible explanations for each.

One kind were a couple of messages with links pointing to the official SPAM site. The site of Hormel’s Foods Corporation, who are making SPAM for many more years than those annoying unsolicited sales messages are running around. And who have nothing to do with spamming.

In fact, they’re so not amused by the whole different meaning their product name obtained, that it’s clearly not possible that those were… Spam about SPAM.

It wasn’t theirs, but it pointed to them. Pointless.

It could have been someone’s idea of a joke, sending SPAM spam. I can see the humour. What I can’t see is investing the necessary resources, and going through all the bother. Because those message were, by all technical purposes, spam. Someone had to either get a list of blogs from somewhere, or set up random guesses and searches. And someone had to dedicate computers (Those trackbacks came from two seemingly unrelated IP addresses, meaning from two probably far away computers) to go and post trackbacks on them. It’s spamming technique with spamming tech. And is technically spamming as far as any possibly related laws would look at it.

The second type of trackback spam was more popular, and I received more of those. They started at a high rate, but very quickly (before I disabled trackbacks) slowed to a trickle of once a day, and then disappeared.

They all came from different IP addresses as well, spread all over the US. They seemed to target posts that included the word trackback, or just the word back in the title. So someone was especially trying to target trackback spam at people discussing trackbacks. Go figure.

These ones were more complex, the URIs they used were written as if to different pages, that contained in the address words from the post they were trackbacked (can I verb that?) to.

But all those links, from all those trackbacks, were worthless. Because the site, under which all the pointers went to, was down. Just a general notice from a hosting company that this is an unused domain and is on parking. Nothing there.

So why go through the effort (and with this amount of different IP addresses it may have been a bot net of zombie computers, so somebody invested work and money on this) just to point people to pages that don’t exist, on a site that doesn’t exist, where they can’t make any money out of it?

Although here I have not one, but two, possible yet unlikely explanations.

The first is that this is some sort of whacko tech evangelist trying to warn everyone about the dangers of trackbacks. This would explain the targeting of posts talking about trackbacks, but is pretty stupid otherwise. Usually even the crazies in those minor tech battles are better civilized than that, and don’t invest more than a lot of typing time.

The other option is that this was some sort of busted operation. Maybe the site was live, and real, at some point. Some law enforcement agency may have caught them. Or someone may have complained to their host who decided to shut their site down (Though not likely, I’d expect that these people would usually have their own servers and won’t depend on hosting).

But given the amount of spammers out there, and how little is done about the large majority of them, I don’t buy that either. I didn’t find (Though didn’t look too hard) anything about that, or them, anywhere else, except for similar trackbacks from the same date range. So this would have had to have been one quick operation. Nobody closes down spammers so quickly, ever. Not without it making headlines. All of that spam was sent and posted when the site was already dead.

Most peculiar.

1. Here’s the ultra-quick explanation of what trackback spam is: Trackbacks are a feature on many blogs that allows another blogger to signal that they have a post on their own blog which is relevant to the trackbacked post. This appears on the target post, in a manner similar to a reader’s comment, and includes a link to the second blog post. This allows several people, on several blogs, to keep a discussion on a same subject and keep everyone notified that they posted on the issue. A sort of easy version of going and manually writing an “I wrote about that too” comment. And as everything else, this is used by spammers, who post trackbacks that point to their own sordid sales pages instead of to anything relevant to the post they’re putting the trackbacks on.

Online banking

November 12th, 2005

My bank has a website allowing to perform most (though for some reason not all) activities in the account, and see the current status.

Since my income is more or less the same each month, and I have my regular deposit instructions, I rarely have the need to go straighten things out at the site. I do get over to the bank occasionally, so it’s simpler to just step in and talk with the investment consultant (or whatever the official term is) in person.

All this to say that I haven’t used that site in quite a few months. But now I did have a somewhat larger amount of money sitting in my checking account, and I figured it would be simpler to put it on something bearing interest rate through the site, instead of going to the bank in person.

I entered the site, put it my user name and password (OK, it’s a bit more complex than that, I’ll get to it soon), and was surprised to see that they’re not valid. I checked, and it turns out my bank is a believer in the idiotic concept of password expiration. In their opinion just because a few weeks have passed, never mind actual uses of the password or what I did with it, the password is suddenly less secure. And since I wasn’t on the site at the time frame where they would have asked me to replace the password, they just expired it.

Well, off I went to the bank to deal with the money, and while there I also asked them to reset the password. There wasn’t any problem with that, and they gave me one of those automatically printed sealed envelopes with the newly generated password inside. Which like all such bank password is the absolute best (yes, I’m being ironic) in secure passwords, being a short string of numerical digits only. Funny, that.

At home, I tried to log into the site again. Now, most anything password protected has a user name, which is supposed to make sense and be easy to remember, and a password, which is supposed to be non-obvious and secret. They don’t.

They have a user name, but that user name is assigned from the bank, and seems like a short random string of letters and digits with no obvious relation to my name or bank account (and it would have been a better password string than the auto-generated one they gave me).

They have a password. The one I was given, which after signing in I would be prompted to change.

And they have an “identifying field”. Which in my case is my account number, zero padded. I have no idea what’s the point in that, since the whole concept of the user name is to be uniquely identifying per user. Why would anyone need both the user name, and the identifying field? Plus, if the identifying field is so obvious then it serves no practical security purpose.

So I filled in my details on the simple web form, which was, as it should be, SSL encrypted. And I pressed the submit button. Which did nothing whatsoever. Their Javascript sucks, and doesn’t work in Firefox. Effectively the whole site doesn’t work in Firefox. Just in IE. Because banks want to be as secure as possible, and what browser is more secure than IE? Practically all the rest of them, these days, but apparently my bank doesn’t know that.

So I switch browsers, and login. What I expected was to be asked to replace the temporary password with a new one, and this is indeed what happened. Except the form I received wasn’t one for replacing the password. Instead it was titled as new user creation, which is a bit confusing since I was using the exact same user name, and accessing the exact same bank account. Not only that, but I had to enter my same user name and identifying field here, or it wouldn’t accept them. So it was a password change screen, but very wrongly titled and labelled.

I entered my details, and new password. And wanted to log in into the site. I was transferred to a page telling me the site was generating a new key, and then it asked me to install and run an ActiveX control. I refused, and received an error that the key could not be generated, and I cannot access the account. Why would they need an ActiveX control running on my side in order to allow me secure login in beyond me. As I mentioned, their site already supports SSL. Implemented correctly, than more than good enough. Certainly better than whatever proprietary scheme they and their ActiveX control are implementing, which can contain a large number of bugs and weaknesses they don’t know about.

But I did need to access to site, so I tried again, this time giving permission to run an ActiveX control on the page. After a few seconds it happily told me everything went fine, and I was redirected to the main page of the site.

And was confronted with a very large web form, titled as new user registration. Only unlike the previous one that contained only the user-name/identifying-field/passwords, this one contained fields for my real name, address, and lots of other personal details, all on its first part. Its second part had a list of areas of interest, with a field for email address to receive news from the bank about them. The third part allowed me to enter an email address or cellular phone number (for SMS messages), and had a EULA. This legal agreement started off by stating that I’m interested in the bank’s service for receiving various publications on financial services.

I don’t want their news, and I don’t want their services. The whole form, all three parts, had just one “Next” button. Meaning that I either accept everything, or nothing. I could potentially enter my personal details, and leave all the other items unchecked and unselected, to indicate I don’t want them. But that EULA prevents that, as I have to agree to it before proceeding. And I wasn’t willing to do that.

So was I in a problem? Were I unable to register to the site? Not at all. The site menus (Two of them, both at the top of the screen, and at the side) were already there, and I could navigate to other pages without a problem. I could see my account details, and manage my account and money, no problem. Which to me strongly indicates that I’m already registered to the site. So why do they give me, every time I logged in since then, a form titled “Site Registration”?

I went away, to tour the site. Lots and lots of requests, on nearly every page, to run ActiveX controls. And do you know what they seem to do with those controls, that was so complicated that it couldn’t be done with plain HTML, or with some Javascript? Tables. Yep, all those simple data showing tables, they were implemented using an ActiveX control. Idiotic. Stupid. Moronic.

They also use some VBScript on the site, intermingled with the Javascript, but that’s a whole different problem. And since the thing won’t even let you enter if you’re not using IE, then it doesn’t really matter by this point. Except that they also didn’t quite do all that VBScript well enough, as evident by helpful messages I received such as:

Microsoft VBScript runtime error ’800a0009′
Subscript out of range: ‘[number: 0]‘
/Premium/SPECIFICFILES/Premium/AM_MyAsset1.asp, line 85

The site, BTW, is extremely slow. Very very very slow. Page loads can be in the range of 10, or sometimes double that, seconds. And because it’s all done with those controls, and with frames (Yes, frames. Frames are getting very unpopular everywhere, but this site still loves them dearly), it means that the browser indicated that the page has finished loading rather quickly, with the page still being totally blank, or with gaping white holes. There is no way to know that it’s still getting the page, except to wait in the hope that it’s working and not stuck. Very bad design, that. It’s bad for a quick site, but it’s terrible for a slow site where you have this dilemma on every single page load. And some of the times it really did die (either that, or I was just too hasty in refusing to wait more than a whole minute for page load), so it’s not as if every time I waited enough the page eventually came through.

This is Israel here, and the language is Hebrew. The site was in Hebrew as well. And most of the time everything went fine, giving the browser no problem. The characters were in the correct code page, and in the correct writing direction (Hebrew is RTL, not LTR like English). Except that some page weren’t. Not entirely critical, since it’s possible to select a different code page through the browser, but it’s very unprofessional. And can be quite confusing to computer illiterate users of the site.

And while most of the functionality was there, some pages were clearly broken. Some of the pages, showing certain types of deposits, has a disabled drop-down list of the bank accounts, and no details. This despite the fact that I have deposits of the relevant types. So some parts of my account are not accessible from the site, even though the site is visibly designed to deal with them.

More amusingly, these drop-downs are badly designed. Usually they work simply enough, defaulting to the main account, and allowing to select another one, or some relevant subset. But some pages gave it as a selection, with a “next” button, and the default item was “All Accounts”. Which sounded fine to me. But the “next” button didn’t want to go anywhere. I had to open the drop-down, and select one of the other options, for a specific account. I assume “All Accounts” was not so much an option as the name of what the drop-down list showed, and they should have either eliminated it as an item, or named it “please choose…” like all those standard web forms wanting you to choose a value without a default.

Another interesting design decision was to put access to preferences/settings/options both on the top menu, and the side menu. The one on the top menu even had this cute little icon next to it, and accessible everywhere (the side menu changed based on the area on the site). Naturally I tried the one on the top first. Which, regardless where I pressed its link from, just redirected me to main account details page. The one on the side menu worked well enough, though.

Not that it turned out to be interesting. There was an option to change the password. There was an option to change the identifying field (Did I mention already that I have no clue what is the point of that field?). There was an option to see the system details (running about 3 different ActiveX controls, which do complex things like check if the browser supports Javascript and VBScript). And there was an option to change the disk settings.

What are disk settings, you ask? Good question. In the long long past, when they just went on-line, they also didn’t trust SSL. So they had this external program used to encrypt (hopefully) the communications to the bank. And it kept the encryption key on a diskette. The idea was that you could take the diskette with you, so nobody could access the account without you, and yet you could access it from everywhere. Yes, whoever designed that wasn’t too bright, I agree. But that’s the way it was.

These days they don’t really use those disks any more, but the terminology still involves them (When getting the password, I had to sign a form saying I received a disk, and am agreeing to keep the disk secure. Yet no disk was involved. Seriously). And this page seemed like it allows to choose to actually require the usage of the disk for some sorts of transactions. I didn’t try to make the change, not having a disk and all, so I don’t know whether it actually does something, or just there since they hated to lose the screen after working so hard to design it.

Oh, they also had a page there stating that the site is best viewed under a 800×600 resolution. This may be a good time for me to state, in case anyone doesn’t know it, that most people use 1024×768 or higher. 800×600 is so passée.

Which leaves us just with the fascinating subject of “mail”. See, they have two totally different things. One is messages from the bank (Of which I had none, despite not checking them for months and months). The other is “mail”. Which, as it turns out, includes messages from the bank.

I think the term “mail” refers to the fact that these are the same message they send you in the post if you don’t get to check them in any other way. Since it would eventually become mail if they have to send it, they decided it must be mail in any case.

It did make me hope that maybe they will allow reading them like mail message. Getting them through an encrypted mail server would be both secure and comfortable, since I could easily set my mail program to check it automatically, and to read it comfortably. But no such luck, any relation to Internet mail standards is totally non-existent.

The main menu page shows in the corner the amount of unread “mail” messages. When I logged in there were four. After I read them there were, obviously, none. Yet as I kept navigating the site the number there kept changing. Sometimes I saw there weren’t any unread mail messages, and sometimes it showed there were four. Excellent refresh there.

I went to see the mail. There was this table, with the subjects of the message, the date they were sent at, and the date they were “downloaded” to the computer (which was blank at the first view). It was possible to click on one in order to open a new browser pop-up window with it. And there was an option to mark some of the messages (no “select all”, I had to go one-by-one through the lot of them) and download them to the computer. Downloading them seemed like a good idea, since according to the text on the site if I read them on-line then they won’t send them in the mail, meaning that I’ll have no confirmation of ever seeing those messages. It also means that from now on I’m not checking “mail” on the site.

I pressed the download button, and got to a screen with some explanations on how to read the downloaded messages. Apparently it requires a password. The password consists of the number of the branch of my bank I’m using (not secret, and in the bank’s listings), the digit 0, and my account number (also non-secret, and printed on about any interaction with the bank whatsoever) padded with 0s to eight digits. This is presumably the exact same way a password would be built for any other user on the system. So it doesn’t serve security against any attacker who is even half-serious.

I pressed the download link again. At which case IE showed a message that it blocked downloading an unsafe file. This is IE’s nice way to say that it doesn’t let me download executables, even if I want to, unless I approve them specifically. So I navigated on the short menu to where I can select to allow downloading this file for this time. Except by the time I done that I got redirected back to the main account page of the site, and didn’t get the file.

After a few such futile attempts I realized that the only way to download it would be to add the bank’s site to my secure sites link. Because I totally trust the people who design a site so well, requiring me to run their code on every turn, and even have me download an executable just to read some textual messages.

But that’s the only way to get the file, so that what I temporarily did. I then went to the mail area again, selected all the message again (they all had a downloaded date by now, the site didn’t notice my browser never asked to actually download the file it generated), and went to download them. I read again the password instructions, and pressed the second download button (the password instructions are all you get after the first one).

Stopping to read the instructions may have been a mistake. I started the download, and most of the way though the download hanged. Either they have a really bad connection, or they want to (for security reasons? Such as what?) expire the file quickly after generating it, assuming everyone would download it very fast. In any case all I ended up with was a corrupt file I could do nothing with. I had to clear the browser’s cache and download it again (without clearing the cache I just got back the same corrupt file, since the generated file had the same name).

Finally I downloaded the executable file. It was a self-extracting zip archive. Which, if you run it, is set to automatically create a folder of the same name inside the current folder, open everything into it, and run an exe file inside there. No questions or confirmations asked. Very rude.

The internal executable has the original name “Decrypt”, which had the internal name of “CPExplorer MFC Application”. No request for downloading the MFC libraries was made, so I guess on many computers the thing will just refuse to run. It also shows that possibly the bank didn’t write it, and didn’t think to change the name to something containing their own.

It also came with a DLL file called “DES3dll.dll”, so I guess the encryption they’re using is triple-DES. Though why send their very own implementation is, again, beyond me. Very odd.

In addition, the directory contained lots of HTML files and image files. Just what the site showed when reading those “mail” message. Except that the HTML files were encrypted, and appeared like junk at first glance. Though that didn’t stop them from keeping the html file extension, instead of naming them something else.

When the program was run, it opened a screen asking for the password. This password window did not appear in the task bar (So it’s not as obvious to some people how to switch to it), and did not have a title bar (so couldn’t be moved from the centre of the screen).

If instead of entering the password I pressed the “cancel” button, it closed down, leaving the created directory and files intact. Same if it was run with the password, and later closed. So many of the bank’s users must have lots of these leftover junk files still on their drives.

After entering the password, a window opened with the main html file of the index. A simple table of the messages. Clicking on the link to any of those caused the program to copy it into a temporary folder, decrypt it, and show it.

Except that it didn’t. The file names of the messages were in Hebrew. And since apparently their program isn’t UNICODE, it couldn’t find the Hebrew file names. All I got was an error message that the files cannot be found, with a garbled file name of how the Hebrew name looks like in Western characters.

The solution for that on Windows XP is to change, under regional settings, the default code page of non-UNICODE programs to Hebrew. I have no intention whatsoever of doing that at the moment. Not for this stupid “mail” reader of my bank, in any case.

Bad, bad, bad programming and design all around…

Why can’t PayPal handle basic credit card number format?

July 27th, 2005

Just a minor rant.

A short while ago I updated the credit card number I have on my PayPal account. There was a standard text box to enter the credit card number into, and since it didn’t specify any limitation I did it with the separating dashes.

It’s pretty standard, after all. Most listings of the number group each five digits separately by placing a space or a dash between them. It’s much more readable, and so much easier to verify you didn’t enter any wrong number.

Yet the PayPal page refused to accept the number, complaining that it’s invalid. Entering the same number as a long consecutive string, not broken up, worked fine.

This is very pathetic. This format of writing credit card numbers is common, and done a lot. Stripping the dashes from the number on the server side, after the user posts it, is extremely easy. So why haven’t they done so?

And it must have been going on for a long time. After all, PayPal are dealing with credit cards from pretty much day one, years ago. Forcing me to enter the number like that myself, doing their own very basic data entry formatting, is not impressive at all.

TV.com – What CNet did with TV-Tome

June 20th, 2005

TV-Tome was pretty much the site for information on American/British TV series. Actor information, episode information, broadcast times, and so on.

Unfortunately it seems that they didn’t do such a good job on the financial front, and the site kept showing more and more ads, to no avail. Around last week it went away, and now redirects to TV.com (What is it with site operating companies feeling the need to have the “.com” as a part of their names? I thought everyone already realized this was a bad idea, no?), which seems to have all the TV-Tome content.

TV.com is a part of the ever growing CNet conglomerate. I never visited TV.com before, so I don’t know what they did with it before TV Tome died. Right now it seems to be aligned along very similar lines. The most obvious difference is the high amount of screen area taken for community activities, like comments, forums, and ratings.

Saving the content and functionality that TV Tome provided is good, and CNet is in no danger of going broke in the near future. That said, they felt the need for a redesign, which is perfectly understandable, and some of the things they did were not so good.

The new design itself is probably supposed to feel slick and modern. Which it does, but that’s very different from the more warm and friendly design that TV-Tome had, and the drastic change is a bit alienating. Just my own initial impression here, and YMMV.

The fact that they seem to have totally missed the concept of putting content in the page, and design in the CSS, doesn’t help much either, if you know a little about web design. They have plenty of elements whose class/ID do not represent function but style, such as class=”f-bold f-medium f-white”. And take a look at a just a few bits, from long lists in the same vein, inside their CSS files:

.ml-5 {margin-left:5px;}
.ml-10 {margin-left:10px;}
.p-0 {padding:0px;}
.p-5 {padding:5px;}
.ls-1 {letter-spacing:1px}
.ls-2 {letter-spacing:2px;}
.f-off-white {color:#ffc;}
.f-lt-gray {color:#ccc;}
.lh-12 {line-height:12px;}
.lh-14 {line-height:14px;}
.f-xbig {font-size:16px;}
.f-xxbig {font-size:18px;}
.f-normal {font-weight:normal;}
.f-bold {font-weight:bold;}
.f-verdana {font-family:Verdana;}
.f-arial {font-family:Arial;}

Makes you want to cry when this is in a big site, from a big company that specializes in computer related stuff, isn’t it?

Anyway, I’m not really concerned about the colour scheme, that’s just eye candy, and as long as they don’t do something horrible like put tons of huge pictures, or turn the site into Flash, I’m good with it. Having the information easily accessible is more important.

And they missed a few on that front as well. Two problems are with the episode list feature. Formerly this was a single page containing the order and titles of all the episodes in all the seasons of a series. An excellent thing if you were looking for an episode by name, or wanted to quickly locate several episodes in the series’ timeline. Now the list is broken by seasons. Each season is in a seperate page. And that drastically reduces the functionality of episode list. Unless this was a way to ensure people will go to epguides.com instead, I have no idea why they did that.

In addition, the episode list which was previously directly accessible through a link on the main show page, now requires two steps to get to. I’d say this makes it less comfortable to use, but since it’s no longer useful, maybe that doesn’t matter

Another bad design idea was on the episode guide page. This is a page that lists information (guest actors and their characters, plus a plot summery) on all episodes in a season. Seperating these into individual seasons does make sense, it’s plenty of information, and is also the way it was before. But now there is a maximum amount of episodes which are shown in a single page. So now a full American season may be split over two pages. This is again highly annoying, and makes it much less simpler to do things like search for a guest actor across a season (yes, following to a second page is not just a minor annoyance, because it effectively doubles the time it takes, and requires searching inside a page twice). Plus, the page links on the top, for a series with 1-2 seasons, look similar enough to how you’d expect a season link to look, and I personally saw someone going to the second page of the first season, thinking it was the second season. Not fun, and very easy to mistakenly do in the current design.

Another problem is with the main show page. The new one is built to show all sorts of information at a glance, but it comes at the expense of not showing a complete anything. The previous design had at least included the full show summary. Now seeing a summary for an unfamiliar show requires one extra click. I know that this is a trade-off, people who already know the show do want the page as an index, and do not need the summary. Yet practically every single viewer who is not yet familiar with the show will want to see the summary, to know what the show is about. And this way requires more work, or gets people to decide based on less information.

The uniformity of the design of the main show page is also a problem . The first few sections are textual ones, and look exactly the same, but the kind of sections change from series to series. The uniformity is alright if you can get used to it, knowing that summary will always be followed, for example, by previous episode (their name for recently aired episode, I think). But it’s like that on some shows, while other shows have first episode followed by last episode, and yet other shows something else. This forces you to read the headers in order to know what’s there. Not terrible, but poor design. The visual cues should be clearer than that.

That said, I do like that the main page directly link to actor pages, and to recent news article relating to the show. I’m not sure how the headlines are selected, though, since I did see plenty of relevant news articles out there which were not on the list. I also don’t like that they open the articles in a frame inside the TV.com site, and not providing actual links.

The search results page is clearer, and the new version provides a short exerpts from show summaries, which can help when confronted with a list of several similarly named shows. On the other hand, an upper limit of 10 results per page is very limiting. And now the results for shows and persons are intermingled, which makes no sense, since usually a searcher only wants one of those. Luckily it’s easy to filter for only one kind, but for most seaches it does mean a little extra work, which a simple grouping of the results would have spared. The results also seem tweaked to show the more popular/likely hits on top, which is good, and very useful for common searches. Yet for cases with many results, the ability to choose alphabetical sorting would help tremendously.

TV-Tome, and now TV.com, also allow users to add and edit content. This makes a lot of sense, since there are plenty of people who care about series that they watch. But the new design puts “edit” button everywhere, which are only relevant for registered, and logged in, users. Pressing the button takes you to a registration page, which do not contain a special area for logging in as an existing user. This is alright, since a login form is placed near the top of every page, but if I were a registered user this would have annoyed me. As someone who isn’t a registered user, I think it would be a lot better to simply not show the edit buttons to anyone who isn’t logged in. That’s not critical, though, since currently the buttons blend well with the background colour, and are not very conspicous. Hiding them would also prevent the pages from being simple static pages, so will probably incur a lot of work for the web team.

Another advantage of the old design was that the TV-Tome URIs often had a simple structure, consisting of the show name, and page name. It was sometime easier to navigate by entering the address directly, or changing the one of the existing page, instead of searching and clicking links. The new design contain things like numerical IDs in the URIs, which removes this possibility.

As an interesting note, the redirects from old TV Tome pages sometimes work well enough to deliver the matching page on TV.com, and sometimes just go to the home page. This applies to pages of the exact same kind and same structure, so I don’t know what’s the rule.

As a second interesting note, and a bit of sheer speculation, a new TV.com Mycroft search plugin for FireFox became available recently, just at the switch was taking place. Since getting something to show up on Mycroft can take a long long time, this was either a very lucky coincidence, someone planning ahead, or someone maybe using money or connections. For the speculation part, the search plugin is made by a web design company, Matt Austin, which does not strike me as a regular FireFox enthusiast user. Are they related to CNet, and maybe did the design for them?

The little air conditioner that couldn’t

June 16th, 2005

The people working with me can be distributed into three groups: Those who like cold temperatures and want the AC working on hot summer days, those who do not enjoy cold temperatures and want the AC off (My boss’ secretary), and those who don’t care (my boss).

Quite often I turn the AC on and set it to a low temperature, only to find it later at a higher temperature. Sometime the culprit is obvious, since our secretary complain about being cold. Sometime it’s not so obvious, but we always assume it’s either her, or my boss (He doesn’t care, so won’t mind at all setting the thermostat to a higher temperature to save some on the electricity bill).

Other times it seems a bit odd, since we never notice anyone reaching the AC control panel. Still, we all have better things to do than stare at the AC all day, so we often dismiss the slight mystification with a shrug, and a claim that someone must have changed the temp when we didn’t notice.

Until yesterday. At a relatively early hour everyone else went home, and I was left alone in the office. It was a bit warm, so I went to the AC, and set the temperature lower. Later, when I was closing down and getting ready to leave, I went to turn off the AC. And lo and behold, the temperature that the thermostat was set to on the AC‘s control panel was higher than what I set it to earlier.

Just to be absolutely clear, the temperature shown there is not the measurement, it’s the destination temperature that the AC unit is supposed to maintain. So now I know for sure that it creeps up all on its own.

We have a lazy AC that tries to avoid working hard by pretending we asked it to do an easier job. How pathetic is that?

Email at birth

June 2nd, 2005

Personally I think making sure kids have braincells at birth is a lot more important than making sure they get an email address at birth. Just to prove my point, as a fine example of what happens when you don’t make sure the newborn has any braincells, one of those in Malaysia decided that all babies in the Malaysian state of Perak will be issued with email addresses when they are born.

I’d say it’s a bloody idiotic idea, but I just don’t think the idea is good enough to warrant this compliment.

Email addresses are not hard to come by. Plenty of free email service providers out there, and as a general trend this will likely continue. It’s very unlikely that by the time these kids will grow up there won’t be any way for them to get an email address. Even if for some reason all free mail accounts will disappear, surely the ISPs would be able to keep providing an address as a part of the Internet connection package.

Giving an individual email at birth, state issued, also runs a large risk of this address becoming a mandated one for all official interactions. Government services, at least, could refuse to work with other addresses. This is a privacy issue. Not only that, but it is a huge risk of identity theft. Anyone compromising the official address could very easily pretend to be the holder. And these addresses could be incredibly hard to discard or change.

There is also the matter of getting tied to a legacy system. The chance of a single web service provider, even a state/government run one, being active in exactly the same way for the lifetime of an individual, is small. Things change, technologies change, features change. If you have an account from some random provider, you can switch and move. If it’s government issued, you can’t. And governments are notoriously bad at keeping up with the forefront of technology, so it’s likely that very soon the email services they provide will be out of date, and will never catch up.

And I expect it will be many years between birth time, and the time a child will actually be able to use an email account. So why issue something like that so many years in advance?

They seem to be making a large investment, that will probably cost a lot of time and money, in order to solve a non-problem using very inferior methods. Don’t they have anything better to do over there?

Via Loose Wire. Jeremy Wagstaff also quotes the entire article in his post there, so if the above link is dead, check this.

Mailbox sizes for webmail providers

May 7th, 2005

It’s pretty safe to claim that storage space for email account is no longer a selling point. Or at least shouldn’t be. Many free email providers offer paid services as well, and until not too long ago more storage space was an important part of the package. These days they have to find other things, even though some of them apparently still don’t get it.

This is all of course due to the crazy, and somewhat odd, competition by Gmail, Yahoo! Mail, and Hotmail.

The latest change was recently, when Yahoo announced their intention to raise their mailbox sizes of free email accounts to 1GB, catching up to the offer of Gmail. They did that, but not before Gmail all of a sudden increased their own size to 2GB+ . Which is nice, but at this point I expect for most people this is really rather moot.

Gmail, apparently as part of the idea of always staying ahead in this particular game, did not just raise the storage quota to 2GB, but are still increasing it all the time, following claims to keep going ad infinitum. Which is fine by me, and should be fine by anyone with a Gmail account. Even though most people will take a lot more time to get to the current quota than it will take Gmail to get a lot beyond it.

What is very annoying about this, though, is that they keep this counter of mailbox storage space on their homepage. This is maddening. Text on a page shouldn’t keep moving and changing all the time, it just shouldn’t. This is the same reason that makes the HTML <blink> tag evil.

Yahoo just completed the upgrade from 250MB to 1GB. And they passed it rather quietly. There is a What’s New link on the mail pages, but apart from that they pretty much went on like every other day. I like that. I didn’t even notice that they did the upgrade for some time. No fanfare. They did however went a little bit into the other direction, by not removing their occasional self-ad where they promote their large mailbox size of 250MB. It’s funny to see such an ad over a 1GB account. I guess that’s what happens when you’re a part of a very large company, with different divisions in charge of different things

Hotmail in the meantime is way behind, giving 250MB to people from the US and Puerto Rico, but keeping a measly 2MB mailbox sizes for the rest. Which is their right, it’s a free service, and no one can complain not getting what they pay for (Although for the same amount of ad viewing, which is the payment, we can get more elsewhere). But it’s utterly ridiculous when they keep telling people about their pro service (paid), where the email size (which they still present as a major benefit) is not more than the free competitors’ offers.

Web’s Biggest incompetent and sleazy search engine

May 2nd, 2005

I have a couple of domains, the main one is the one holding this blog, ordinarynothing.org . In the last few days all of them got an email message, sent to info@ of the domain. This is the one sent for this blog’s domain:

LISTING: ORDINARY NOTHING – Usually I use services like Dictionary.com, since they collect definitions from a large number of dictionaries, increasing the odds of finding the right word. http://www.ordinarynothing.org

Could you please update the ORDINARYNOTHING.ORG directory listing by Thursday so we can continue to list you, if you don’t mind? There is no charge to update your listing. Simply go to:

http://www-goto.com/update.cfm?[removed by me]

Thanks.

To unsubscribe: http://www-goto.com/cancel.cfm? [parameters removed by me]

Media LLC, 1158 26th St. #528, Santa Monica, CA 90403 USA

My first thought was that this is some very odd spam message. But the pattern, it being sent to several domains, to the same address, and that’s that, seemed odd. So I decided to check a bit more.

The sender, and the reply-to addresses, as the links in the message body, where to the www-goto.com domain. I went in to take a look. The first thing that happened, I get prompted to add them to my favourites/bookmarks. And that’s a big warning sign, people. The only sites that try to make you bookmark them without requesting, are usually questionable porn sites and the like. Well behaved sites don’t do that. Especially considering that in their case this was in a script that always loads with the main page, so even someone who actually wants to use their site, may grow too tired of this and leave.

The site itself is a search engine. There’s a big logo saying “World’s Biggest”, a click on which takes you to the exact same page, but on the websbiggest.com domain… And there are various links on it, all to the dirs.org domain, which’s home page gets you to… you guessed right, the same search engine page. And worldbiggest.com domain does the same.

But that’s alright. Serious companies do it all the time, holding several totally different domain names that all point to the exact same place. No, wait, they don’t… Hmm…

A bit more digging, and these fellows claim to have the world’s biggest search engine because they license the entire whois database (That’s the list of all registered domain names, and the contact information of the people registering them), and search all of the sites from there. Now, ignore for a moment the fact that this doesn’t by itself make them biggest, and certainly not best. No, what’s more important is that they used the whois information to spam me. It’s not allowed to use whois information for things other than contacting domain owners for technical problems, or for general verification of data. Certainly not to spam people. And here they were allowed to license the whole thing, and are sending everyone email messages encouraging them to list themselves in their directory. That’s called spamming.

And yes, I think I’ll find out who am I supposed to complain to, and do that. This is not a legitimate usage of the whois info.

And the funniest thing, they claim that one of their advantages is that their crawler bot can extract information from the site in order to figure out what the site is about, and keep the important data. Apparently, that bot software is so sophisticated that it decided the thing that best describes this blog, and the thing that need to be kept as a description of it, is that first paragraph they sent me on the mail, from an old post of mine. Because, hey, this blog is totally and completely all about how I use dictionary.com, of course. Not.

Which makes them sleazy, criminal, and totally incompetent. But apart from that I’m sure they provide a really nice service.

Bloglines search problem

April 26th, 2005

Well, I think it’s fresh news. Tried to run a search on some feeds in Bloglines, and got back the following:

There is a problem with the database. Please try again later

This happens both when searching only on the feeds I’m subscribed to, and when running a general search. I do hope they’ll sort it out soon, they provide an excellent service, and it’s a pity that they have such problems.

Good luck on sorting it out.

Technical specs please

April 26th, 2005

Sometimes PR speak is so bad, that it prevents any actual info from showing. Well, alright, that sometimes was a bit gentle, it happens a lot with PR speak. But still , this is one of the more amusing cases I encountered lately.

My boss was checking possibilities for a new computer, and noticed a very cheap option from some seller. So he asked me to take a look at the spec. The computer was a barebone Asus Terminator C3. As a barebone system, it has the CPU as an on-board component, and is pretty weak, but I wanted to see exactly what is it and what can it do.

Which brought me to this amusing paragraph from their site:

Instead of meaninglessly looking for high frequency processor, ASUS Terminator C3 brings you into a new world – it is strong enough to do your office/school job as well as fulfill your multimedia needs. ASUS Terminator C3 is built to be silent, space-saving, and cost effective.

Or in other words: Instead of looking for something that can prove it’s good, trust us, this one can do what you want it to, and we don’t even need to ask what you want to do with it in order to know that.

Very reassuring, isn’t it? Why check for specifications? Why check how fast a computer is. This one would do the job. It’s a wonder the big companies are releasing different kinds of processors, isn’t it, if you can just make one that always fit…

And that’s not even the best part. I found another site selling it, which had even more to say:

Confused about all those CPU naming rules? Do you really have idea about
530, 540, 550, 560 or the difference from them to 2600+, 2800+, 3000+?
With on-board CPU, ASUS Terminator C3 offers you enormous DIY fun while
sparing the trouble over CPU selection.

Yes, you read that right, they just plain go out and say: Confused about the names and models that big CPU manufacturers use? Don’t worry, we don’t give you any name or model details, so you have nothing to be confused about.

Which is the same thing, but put even better. How does this solve the problem? If getting names and models of CPUs doesn’t help their intended audience avoid confusion, why would no info at all be better? With no info at all (except for trust us of course), I’d expect people would be even more confused, no?

And what about poor people like me, who are actually not confused with all these name? People who want to know what their computer is. Are they saying this one is bad for them? Because, you know, if it has to be bad for the people with technical knowledge, it doesn’t inspire the rest that it would be good for them. And, well, DIY fun?! That surely isn’t what people who don’t get these names and models would be interested in, doing it themselves.

Odd.

Hotmail junk folder and mailbox size

April 25th, 2005

Recently the spam messages reaching Hotmail accounts turned into large messages with large attachments (100k-350k).

I know this isn’t only my problem, since when mentioning this to other people with Hotmail accounts, they knew about the large spam messages straight away.

And it definitely has something to do with Hotmail, since my other email accounts (of which I have far too many already) don’t get these sort. Other sorts of spam, yes, sure, but not these ones.

Their spam filter does catch all these messages, and transfer them to the Junk folder. But unlike some other email providers, their junk folder counts toward the account limit.For a mailbox size of 2MB (Since I don’t live in the right places), this means that it’s quite possible to leave an empty mailbox, and come back a day later to find out you maxed out… Not fun.

In any case, in the automatic message sent, notifying me that I maxed the account, they gave an email address for questions. So I decided to ask about that. The process is interesting, you start by sending an empty message (or not, I didn’t pay attention to that as first, since it’s so uncustomary), and they send you a link to a page where you can fill the comment/suggestion/complaints…

So, I sent a message about it. The women answering said several things (apart from the excessive formal politeness):

  • She will pass it over to the development team.
  • I can set my junk filter to automatically delete messages.
  • They intend to convert everyone to 250MB mailboxes. They do it in batches, so it will take time, but they will.
  • The message came with a notice (inserted inside the text, like it was a personal message) that I can upgrade for a paid account to get eight times my current account size.

Which is all fine and good, except that I still may lose messages until then. They say that there are five days grace period until the actively delete messages, but they may bounce incoming messages even during that time.

And the junk filter is far from perfect. So it’s lose message if it doesn’t delete, and lose messages if it does.

The idea of paying for 8 times my account (That would be 16MB), on the same message telling me I’m going to get a lot more for free, is especially ludicrous.

So I sent back a reply with these concerns. And got a reply back from a different person, saying basically the same things, and including similar commercials inlined in the personal message. I was impressed by how much they all really cared deeply about what I had to say, and would give it the utmost priority. Yes, I didn’t take that too seriously either.

But in any case, that’s it. Annoying, but hopefully will improve soon.