So I recently came upon this "publisher" of e-books. They seem to take 30 page articles written for dirt cheap and try and sell them as "books". From reading reviews, it seems like they don't take too much time to edit them, and will post up anything they think they can make a buck on.
The questionnaire they ask potential authors to fill out is quite telling. They seem to think that a $50 flat rate is a fair rate for something that they'll turn around and sell for $10 a copy, and then they proceed to never even disclose the names of the authors.
I guess this is what the democratization of publishing gives us. Content farms full of junk sold for as much as they think they can get away with.
Sunday, April 24, 2011
Tuesday, March 22, 2011
How not to respond to an accusation of distributing spyware
Take a look at this interesting android-security discussion thread.
Here's what I see happening:
1. Avast researcher finds someone who has a hacked version of the Walk and Text app, which caused their phone to send out a text message to their friends.
2. Avast posts a blog article about this, complete with screenshot and disassembly
3. App developer posts broken-english response and demands the blog post be taken down, while claiming that the app wasn't posted by them, and they didn't have a harvesting page up on their site
4. Avast responds that they confirmed that the harvesting page was up previously
Now the denial in step 3 makes no sense. The app in question was analyzed and determined to contain that URL, and the message was sent with that phone's sender information. So this developer, who should have just stayed shut about this now has basically ended up tossing what little reputation his company had into the toilet. Brilliant
Wednesday, May 26, 2010
User understanding of iframes
I was reading some comments about Facebook and privacy, and one thing that freaked people out was seeing their friends next to a "like" button strewn across the web.
Of course from a technical standpoint the like button is just an iframe coming from Facebook itself, and the same origin policy prevents the containing site from seeing the contents of the iframe itself, but how does a user know this? To them it's CNN knowing who you are, even though CNN never gets to see any of the traffic between you and Facebook (it just does iframe src= and then it's up to the browser to send cookies etc.).
Facebook can perfectly respect privacy here, and still many users will feel as if their privacy is violated.
Unfortunately I have no real solutions for this. Anyone have any ideas?
Of course from a technical standpoint the like button is just an iframe coming from Facebook itself, and the same origin policy prevents the containing site from seeing the contents of the iframe itself, but how does a user know this? To them it's CNN knowing who you are, even though CNN never gets to see any of the traffic between you and Facebook (it just does iframe src= and then it's up to the browser to send cookies etc.).
Facebook can perfectly respect privacy here, and still many users will feel as if their privacy is violated.
Unfortunately I have no real solutions for this. Anyone have any ideas?
Wednesday, February 10, 2010
Capital One: Don't train your customers to become ID Theft Victims
So I got a call from someone claiming to be from Capital one wanting to discuss how some changes in the law would affect my account. He proceeds to state the last 4 digits of my account number and that he'd need to confirm details of my account before proceeding. In other words, he wants me to give info that can be used to access my account to someone who called ME. If you need to send me information like that, use your web site, a letter, or an e-mail. Don't make me give out my personal information to someone who calls me, as I can't really be sure they are who they say they are.
Friday, August 14, 2009
Insecure Security
Chase Bank has decided to throw all common sense out the window with their username and password policy. Let's start with their username policy:
- Must contain 8-32 characters
- Must contain at least one letter and one number
- Cannot include special characters (&, %, *, etc.)
- Cannot be the same as your Password
Tuesday, June 23, 2009
Random thoughts on ballot-stuffing detection
Here's a random thought I had while musing about the controversy in Iran regarding its elections and possible ballot stuffing:
Consider a system which has pairs of unique stickers printed. Now when a voter finishes their voting, then the voting official will take one of the stickers and place it on the side of the voter sign-in logs, and place the other sticker on the ballot. Ordinarily this would cause voter-privacy issues. But if the voter sign-in logs are sliced in half beforehand (ideally cutting through the sticker leaving a non-unique portion attached to the name of the voter, the unique portion of the sticker separate from the name of the voter) and then each individual unique sticker-piece is also separated from all others and shuffled, then after the election you have a set of verified ballot IDs that are guaranteed to be issued to unique voters.
A couple notes:
Consider a system which has pairs of unique stickers printed. Now when a voter finishes their voting, then the voting official will take one of the stickers and place it on the side of the voter sign-in logs, and place the other sticker on the ballot. Ordinarily this would cause voter-privacy issues. But if the voter sign-in logs are sliced in half beforehand (ideally cutting through the sticker leaving a non-unique portion attached to the name of the voter, the unique portion of the sticker separate from the name of the voter) and then each individual unique sticker-piece is also separated from all others and shuffled, then after the election you have a set of verified ballot IDs that are guaranteed to be issued to unique voters.
A couple notes:
- There is theoretically nothing stopping someone from hijacking a bunch of pairs of stickers, and stuffing the ballot box that way and then attaching them to the voter sign-in logs right before slicing. However, this scheme reduces the time for that attack to "until the voter sign-in logs are sliced".
- This also allows for easy verification whether a particular voter voted.
Tuesday, March 03, 2009
On Prioritization in Software Development
I've been thinking for a bit about what makes software go from good to great. I realized something: the number of features is irrelevant. No, what makes software great is the little touches. Tiny little things that make your life easier. The itunes music player has a perfect example of this. On a feature-by-feature comparison with Windows Media Player, it probably loses big time, but it does the right thing more often. I can't exactly quantify what those are, but I know I enjoy using Itunes more than Windows Media Player.
The standard thinking about building a software product goes like this: You create a list of features. You sort the features by priority. Then you start writing specs. Each of those specs has subfeatures that each have their own priority. What ends up happening is that you end up selecting a large set of features due to optimistic scheduling. Then each of those features ends up having to cut back its scope or lose polish.
What happens next? Well now all those really neat things that would have made your product really awesome end up getting cut as they're "nice to have", instead of "must have" for the features.
Those "must haves" might be on a checklist for a business customer, but for an end user, those kinds of things aren't going to make them fall in love with your software. No, the "nice to haves" are what will make your end users love your software and tell all their friends.
The standard thinking about building a software product goes like this: You create a list of features. You sort the features by priority. Then you start writing specs. Each of those specs has subfeatures that each have their own priority. What ends up happening is that you end up selecting a large set of features due to optimistic scheduling. Then each of those features ends up having to cut back its scope or lose polish.
What happens next? Well now all those really neat things that would have made your product really awesome end up getting cut as they're "nice to have", instead of "must have" for the features.
Those "must haves" might be on a checklist for a business customer, but for an end user, those kinds of things aren't going to make them fall in love with your software. No, the "nice to haves" are what will make your end users love your software and tell all their friends.
Subscribe to:
Posts (Atom)
