A few weeks ago I purchased a product online called Texture Packer Pro. The purchase went completely smoothly and without a hitch.
Imagine my surprise, then, when I received an email about my purchase the other day. To be honest, I was a little concerned.
Opening the email was a pleasant surprise. Simply put, the email was a timely reminder about the fact that I should expect a certain payee on my credit card statement, telling me how much it was for, who the payee was and, especially, what the purchase was for.
Such a simple little thing, at the right moment, and there will no longer even be a second of doubt when I look at my statement. I loved it, and intend to do a similar thing as soon as I start selling online, too.
And for what it's worth, if you're looking for a tool to resize and place images into a texture map (and let's face it, who isn't looking for one?) I can totally recommend it!
Wednesday, February 13, 2013
Tuesday, January 29, 2013
How FLOSS Software Became More Easily Accepted at Work
This was a long time ago now, but it was at a time when things were really starting to get big in the place where open source / free software and the Internet collided. It was also the time that we were looking to replace our in-house built, desktop based, bug tracking system.
It wasn't great, but it did the job. Even so, I started looking at a web-based bug tracking system that just happened to be licensed under the GPL.
I understood the requirements that were on us. I knew what it meant for us to use and change the code, and I knew what our obligations were for doing so.
Even still, a few people had concerns and I wasn't able to persuade them that we were OK. I suggested that we run the license past our (very technical) legal guy: if he knew what we intended to do, he would also know what was expected of us. My theory was, if he approves the license for our use case, then who really could argue differently?
The use of the GPLed software was approved and we went on our way. If the story ended there, it wouldn't be much of a story, though.
As time went on, we found ourselves gravitating to software licensed under GPL. But why? Quite simply, we knew two things: (a) legal had approved it; and more importantly (b) because the GPL itself is copyrighted, the very fact that legal had already approved that license meant that we didn't have to worry about fine print anymore!
All of a sudden, we didn't have to wonder "does this randomly drawn license for this particular software package allow us to do what we want?" and we didn't need to get 're-approved' to use the GPL (assuming we stayed within the parameters that we were given to begin with).
It was a weight off of our shoulders: almost overnight, we were confident that our understanding of the license requirements was correct, as we knew exactly what that license represented. We no longer had to try and understand hundreds of lines of legal terminology... we'd already done that once!
As time went on, we got a better understanding of a few more licenses (especially LGPL and MIT) and with that, we were able to make better and faster decisions about the libraries of code that we were looking at using.
It all really came down to the simple fact that because the licenses we were looking at were themselves copyrighted, any project that claimed to be using that license was not going to have some strange 'twist' to the license.
Yes, there were the odd times that the project tried to add a rider to the license, but even then, we were no worse off as legal would have had to look at it anyway.
To cut a long story short, these licenses made our lives easier because we all knew what we were able to do without ever really having to specifically analyse the license, simply because we knew that it couldn't have been modified from what we already understood.
And that made us happy.
It wasn't great, but it did the job. Even so, I started looking at a web-based bug tracking system that just happened to be licensed under the GPL.
I understood the requirements that were on us. I knew what it meant for us to use and change the code, and I knew what our obligations were for doing so.
Even still, a few people had concerns and I wasn't able to persuade them that we were OK. I suggested that we run the license past our (very technical) legal guy: if he knew what we intended to do, he would also know what was expected of us. My theory was, if he approves the license for our use case, then who really could argue differently?
The use of the GPLed software was approved and we went on our way. If the story ended there, it wouldn't be much of a story, though.
As time went on, we found ourselves gravitating to software licensed under GPL. But why? Quite simply, we knew two things: (a) legal had approved it; and more importantly (b) because the GPL itself is copyrighted, the very fact that legal had already approved that license meant that we didn't have to worry about fine print anymore!
All of a sudden, we didn't have to wonder "does this randomly drawn license for this particular software package allow us to do what we want?" and we didn't need to get 're-approved' to use the GPL (assuming we stayed within the parameters that we were given to begin with).
It was a weight off of our shoulders: almost overnight, we were confident that our understanding of the license requirements was correct, as we knew exactly what that license represented. We no longer had to try and understand hundreds of lines of legal terminology... we'd already done that once!
As time went on, we got a better understanding of a few more licenses (especially LGPL and MIT) and with that, we were able to make better and faster decisions about the libraries of code that we were looking at using.
It all really came down to the simple fact that because the licenses we were looking at were themselves copyrighted, any project that claimed to be using that license was not going to have some strange 'twist' to the license.
Yes, there were the odd times that the project tried to add a rider to the license, but even then, we were no worse off as legal would have had to look at it anyway.
To cut a long story short, these licenses made our lives easier because we all knew what we were able to do without ever really having to specifically analyse the license, simply because we knew that it couldn't have been modified from what we already understood.
And that made us happy.
Friday, January 11, 2013
Where's Lad Vampire and Muguito When You Need Them?
Another week, another call from "Windows IT Support" trying to get me to download some malware. I do my best to keep them on the line for a few minutes at least, but all it does is upset me, which leads to me calling them names and then fuming for a bit :)
Artists Against 419 is an awesome site that maintains a database of fake bank sites. Along with actively reaching out to the hosting companies etc., trying to get them to take the sites offline, they also used to have an application called Lad Vampire that was (I believe) replaced by another application called Muguito. These applications participated in what were called "virtual sit-ins". Basically they continually downloaded images and so on from the websites, helping to diminish the available bandwidth to the site and therefore making it less likely that a victim will actually be able to use it.
Some people may call it a DDoS, and to be perfectly honest, I might too. It didn't stop me running it though.
After my last call with "random IT support company" I wondered: at some point in the process of them 'helping' you, there must be something downloaded from somewhere. I'm not talking about the remote access software, but the malware that is intended to run in the background.
So where is the list of the servers that are hosting these files and where's the tool to continually download them? Unfortunately I'll never have the self control to get far enough into one of those calls to find out, but I tell you right now: if there's one use of my fibre-op connection I could get behind, it's downloading that malware as often and as quickly as possible.
For what it's worth, I know that random three letter acronym agencies are trying to deal with these companies, but in the meantime, surely there's something else we can collectively do?
Artists Against 419 is an awesome site that maintains a database of fake bank sites. Along with actively reaching out to the hosting companies etc., trying to get them to take the sites offline, they also used to have an application called Lad Vampire that was (I believe) replaced by another application called Muguito. These applications participated in what were called "virtual sit-ins". Basically they continually downloaded images and so on from the websites, helping to diminish the available bandwidth to the site and therefore making it less likely that a victim will actually be able to use it.
Some people may call it a DDoS, and to be perfectly honest, I might too. It didn't stop me running it though.
After my last call with "random IT support company" I wondered: at some point in the process of them 'helping' you, there must be something downloaded from somewhere. I'm not talking about the remote access software, but the malware that is intended to run in the background.
So where is the list of the servers that are hosting these files and where's the tool to continually download them? Unfortunately I'll never have the self control to get far enough into one of those calls to find out, but I tell you right now: if there's one use of my fibre-op connection I could get behind, it's downloading that malware as often and as quickly as possible.
For what it's worth, I know that random three letter acronym agencies are trying to deal with these companies, but in the meantime, surely there's something else we can collectively do?
Monday, December 17, 2012
On Using Javascript to Block Spam... Or Not
A while into one of my previous positions, I was reviewing some of the code behind our main web site, all hand coded by one of my colleagues.
As I came to the contact us form, I noticed the typical spam blocking technique of asking the user to do a small mathematical equation... you know, the normal "What's 2 + 5?" type question.
Interestingly, the form's submit button was not enabled to begin with. As soon as the equation was answered correctly, however, the button became active and the user could submit the form.
Taking a quick look at the code in the browser, it was obvious that this form was entirely using JS to 'enforce' the spam protection. That is to say, JS was required to enable the submit button, and there was no actual server side validation of the spam protection.
Knowing that this is really not the way to do this at all, I asked the developer about it. His answer was that "of course it works... we haven't been getting spammed, have we?"
The answer reminded me very much of Homer Simpson buying Lisa's tiger repelling rock.
Anyway, I tried to make headway with the developer, trying to discuss bots not usually running JS, and so on, but it made no sense to them... as far as they were concerned, it worked as expected.
I finally realised I was just hitting my head against a brick wall and continued with the rest of my work. It was true, we weren't being spammed, and if worse came to worst I could resolve it quickly myself if ever we began to be spammed.
The developer left us not long after, but it was before another colleague and I discovered Google's Skipfish. Without thinking too critically (though we were sure to make sure we weren't going to try anything destructive!) we set it on the site. Things were going really well, until it found our contact us form... and hit it with 100s of different tests. That was the day that we found out that the contact us form also did something else interesting: it sent the email to about a dozen different staff members. By the time it was stopped, I think they each got around 1000 emails, which was really embarrassing.
But at least, I guess, we weren't attacked by any tigers.
As I came to the contact us form, I noticed the typical spam blocking technique of asking the user to do a small mathematical equation... you know, the normal "What's 2 + 5?" type question.
Interestingly, the form's submit button was not enabled to begin with. As soon as the equation was answered correctly, however, the button became active and the user could submit the form.
Taking a quick look at the code in the browser, it was obvious that this form was entirely using JS to 'enforce' the spam protection. That is to say, JS was required to enable the submit button, and there was no actual server side validation of the spam protection.
Knowing that this is really not the way to do this at all, I asked the developer about it. His answer was that "of course it works... we haven't been getting spammed, have we?"
The answer reminded me very much of Homer Simpson buying Lisa's tiger repelling rock.
Anyway, I tried to make headway with the developer, trying to discuss bots not usually running JS, and so on, but it made no sense to them... as far as they were concerned, it worked as expected.
I finally realised I was just hitting my head against a brick wall and continued with the rest of my work. It was true, we weren't being spammed, and if worse came to worst I could resolve it quickly myself if ever we began to be spammed.
The developer left us not long after, but it was before another colleague and I discovered Google's Skipfish. Without thinking too critically (though we were sure to make sure we weren't going to try anything destructive!) we set it on the site. Things were going really well, until it found our contact us form... and hit it with 100s of different tests. That was the day that we found out that the contact us form also did something else interesting: it sent the email to about a dozen different staff members. By the time it was stopped, I think they each got around 1000 emails, which was really embarrassing.
But at least, I guess, we weren't attacked by any tigers.
Wednesday, December 5, 2012
Medium vs Regular?
"Run Lola Run" is an awesome movie. It's one of very few films I've seen more than once at the cinema. It's definitely the only one I've seen 5 times in one week.
The funny thing is, of all of that movie going, only one thing sticks out in my mind: my "discussion" with the owner of the place.
Firstly, understand that this was not at some mega-chain-cinemaplex... it was a small, privately run place. The owner was known to be quite self righteous and the only being more important than her was her little dog, that used to walk around the place and snarl at anyone it didn't like. Secondly, being in Australia, know that there are a certain number of people that dislike any form of Americanisms.
Anyway, it was the middle of the movie and I was sorely in need of a refreshment. I briskly walked to the counter and asked the person behind it for "a regular Coke". Note that the cashier behind the counter was not the owner... the owner was at the other side of the foyer at this time.
Apparently my request got the owner riled up, as not a split second after I asked for this "regular Coke", she called out (no doubt over the head of the dog but still down her own nose) "Regular? What size is regular? In Australia, we only have small, medium and large... I have no idea what size you are asking for".
A lot of the time I ignore this kind of useless banter. Other times, I bite. This was one of those times.
I looked at her in disbelief and said "firstly, it doesn't matter if you know what size it is, as I wasn't asking you for it. Secondly, regular would be whatever size is most regularly ordered here... I also don't know what size regular is, as I don't know what size is ordered most, but that's the size I want. I want whatever size is most regularly ordered."
The short "fine then" meant that I was free to continue the transaction apparently.
The best part of the whole interaction was the look on the cashier's face as they tried to stop laughing at their boss.
Every now and again I am reminded of this discussion, generally when I hear one of two phrases... both of which are relatively common in the software industry. The first is any reference to the Robustness Principle ("Be conservative in what you send, liberal in what you accept"). The second thing I hear a lot that reminds me of this incident, of course, is "Shut up and take my money".
Anyway, it only slightly soured the night. Thankfully, I had the rest of "Run Lola Run" to make up for it...
The funny thing is, of all of that movie going, only one thing sticks out in my mind: my "discussion" with the owner of the place.
Firstly, understand that this was not at some mega-chain-cinemaplex... it was a small, privately run place. The owner was known to be quite self righteous and the only being more important than her was her little dog, that used to walk around the place and snarl at anyone it didn't like. Secondly, being in Australia, know that there are a certain number of people that dislike any form of Americanisms.
Anyway, it was the middle of the movie and I was sorely in need of a refreshment. I briskly walked to the counter and asked the person behind it for "a regular Coke". Note that the cashier behind the counter was not the owner... the owner was at the other side of the foyer at this time.
Apparently my request got the owner riled up, as not a split second after I asked for this "regular Coke", she called out (no doubt over the head of the dog but still down her own nose) "Regular? What size is regular? In Australia, we only have small, medium and large... I have no idea what size you are asking for".
A lot of the time I ignore this kind of useless banter. Other times, I bite. This was one of those times.
I looked at her in disbelief and said "firstly, it doesn't matter if you know what size it is, as I wasn't asking you for it. Secondly, regular would be whatever size is most regularly ordered here... I also don't know what size regular is, as I don't know what size is ordered most, but that's the size I want. I want whatever size is most regularly ordered."
The short "fine then" meant that I was free to continue the transaction apparently.
The best part of the whole interaction was the look on the cashier's face as they tried to stop laughing at their boss.
Every now and again I am reminded of this discussion, generally when I hear one of two phrases... both of which are relatively common in the software industry. The first is any reference to the Robustness Principle ("Be conservative in what you send, liberal in what you accept"). The second thing I hear a lot that reminds me of this incident, of course, is "Shut up and take my money".
Anyway, it only slightly soured the night. Thankfully, I had the rest of "Run Lola Run" to make up for it...
Thursday, November 1, 2012
My Unfortunate Fraud Check
Every now and again I have an idea, and with that idea come thoughts of domain names. I like to think that I'm a positive guy, so I always hope against hope that I can use a 'word hack' to score a fun and useful domain.
Today I had one of those ideas, and that idea revolved around salaries. With my fingers crossed I gave the domain "salari.es" a shot in my browser address bar, but it didn't resolve to anything. That was definitely a start, but it didn't mean it was actually available. A quick search for ".es whois" and I was able to see if it was registered. To my amazement, it wasn't! I was super excited and ran (via my keyboard and browser) to my registrar of choice... which, it turns out, doesn't do .es domains. Ouch. Using the ".es whois" I was pushed to a particular site to register the domain, but for some reason I didn't feel comfortable using that site for registering the domain I wanted, so I kept looking.
I wondered if now was the time to try out another registrar I knew of: from everything I had heard, they were definitely trustworthy. I looked around, saw that they supported .es domains and quickly created an account.
I have to admit, I was super excited about this domain. It just seemed cool. I pulled out the first credit card I could found in my wallet, mash in the numbers and click 'Buy'.
Then I wait. And wait. And wait a little longer. This new registrar just kept telling me it was waiting for something... but I didn't know what. Until the phone rang. It was my credit card company in Australia calling to ensure that I had authorised payment to this new registrar, located in a country that is neither Australia (where my card "lives") nor Canada (where I live). Finally! I knew the hold up and so we were on our way again.
Or so I thought.
I'm not quite sure what the hold up was between then and there, to be honest, but suffice to say that it wasn't for at least a few more hours before things started to move again, and promptly failed. Turns out, someone else had registered it.
Now admittedly, I normally do these things a little differently. If I'm looking for a domain, I normally always use the search application in the registrar that I use. That way, if it's available, I buy it then and there. This time, however, they didn't support .es and I didn't feel like finding another registrar to sign up with, just to see if this seemingly awesome domain was already registered.
Don't read that the wrong way, though: I don't mean to imply that the initial site I was pushed to to register had anything to do with someone else registering the domain. It's just one of those things that make you question yourself.
Even if I hadn't done that, it still wouldn't have helped, as my credit card company was being fantastic, watching for and following up on possible online fraud. I can't fault them for that, either. If I had used the other one in my wallet, well, let's just say they don't seem to ever call me about these sorts of things :)
So I lost my first ever (cool) word hack domain name. At the end of the day, I got an account with a different registrar, and I don't expect I'll have any problems with the credit card company and them again. So that's a plus.
And to the new owner of "salari.es": I owe you a beer for being so lucky, and you probably owe one to my credit card company, too, for them being so particular. I hope you use it for something as awesome, ground-breaking, earth-shattering and paradigm-shifting as I was planning to...
Today I had one of those ideas, and that idea revolved around salaries. With my fingers crossed I gave the domain "salari.es" a shot in my browser address bar, but it didn't resolve to anything. That was definitely a start, but it didn't mean it was actually available. A quick search for ".es whois" and I was able to see if it was registered. To my amazement, it wasn't! I was super excited and ran (via my keyboard and browser) to my registrar of choice... which, it turns out, doesn't do .es domains. Ouch. Using the ".es whois" I was pushed to a particular site to register the domain, but for some reason I didn't feel comfortable using that site for registering the domain I wanted, so I kept looking.
I wondered if now was the time to try out another registrar I knew of: from everything I had heard, they were definitely trustworthy. I looked around, saw that they supported .es domains and quickly created an account.
I have to admit, I was super excited about this domain. It just seemed cool. I pulled out the first credit card I could found in my wallet, mash in the numbers and click 'Buy'.
Then I wait. And wait. And wait a little longer. This new registrar just kept telling me it was waiting for something... but I didn't know what. Until the phone rang. It was my credit card company in Australia calling to ensure that I had authorised payment to this new registrar, located in a country that is neither Australia (where my card "lives") nor Canada (where I live). Finally! I knew the hold up and so we were on our way again.
Or so I thought.
I'm not quite sure what the hold up was between then and there, to be honest, but suffice to say that it wasn't for at least a few more hours before things started to move again, and promptly failed. Turns out, someone else had registered it.
Now admittedly, I normally do these things a little differently. If I'm looking for a domain, I normally always use the search application in the registrar that I use. That way, if it's available, I buy it then and there. This time, however, they didn't support .es and I didn't feel like finding another registrar to sign up with, just to see if this seemingly awesome domain was already registered.
Don't read that the wrong way, though: I don't mean to imply that the initial site I was pushed to to register had anything to do with someone else registering the domain. It's just one of those things that make you question yourself.
Even if I hadn't done that, it still wouldn't have helped, as my credit card company was being fantastic, watching for and following up on possible online fraud. I can't fault them for that, either. If I had used the other one in my wallet, well, let's just say they don't seem to ever call me about these sorts of things :)
So I lost my first ever (cool) word hack domain name. At the end of the day, I got an account with a different registrar, and I don't expect I'll have any problems with the credit card company and them again. So that's a plus.
And to the new owner of "salari.es": I owe you a beer for being so lucky, and you probably owe one to my credit card company, too, for them being so particular. I hope you use it for something as awesome, ground-breaking, earth-shattering and paradigm-shifting as I was planning to...
Saturday, May 5, 2012
Farewell HealthcareIT.SE
So I know that I've been absent lately as far as posting is concerned... new jobs always tend to push me underground for a little while. I'll be back up to breathe again soon, but I daresay I might end up with less 'tech' and more 'life'. But we'll see.
I did want to take a quick moment though and just give a shout out to the now closed 'Healthcare IT Stack Exchange' site. This SE site got as far as public beta, but was closed yesterday due to essentially a lack of support.
Going in I knew that it would be a hard fought battle for that site to get traction, but I hoped against hope that it would. Yes, there are other support sites out there for healthcare IT providers. Maybe I haven't looked hard enough but from the few ones I've found, they seem to be either targeted at one particular aspect or product or their not free. Yes, there are other IT support sites out there and I use them regularly. In fact, the reason I knew about the healthcare IT Stack Exchange was because of the regular usage I make of Stack Overflow and other Stack Exchange sites. But don't be fooled: healthcare IT has a lot of nuances, acronyms and assumptions that mainstream IT does not. A normal IT support site cannot do what the dedicated healthcare IT SE site did.
I don't consider this to be a rant. It's just an observation. I find it hard to believe that there's not enough people to make a go of a site like that. I have no doubt, though, that getting enough people to know of it's existence is another problem altogether.
There are a lot of healthcare IT workers. Deep down, I wonder if the lack of support of this site is a reflection on the demographics more than anything. I get the feeling that in healthcare, you're almost always a massive conglomerate and yet I've always felt that Stack Overflow and it's SE offspring are more 'startup-y' than other support sites.
To me, at least, healthcare IT requires some startup shake-up. That's why I am where I am at the moment. It's why I'm also rooting for companies like Drchrono.
Anyway, back to the site: it was a great thing to see that site start up and it's a shame that it never materialised into what it could have become.
Let this just be my public thanks to Steve Wranovsky for proposing the site in the first place, and to all of the people that tried to make a go of it. I did my best to make it active, even if it was just an answer or two and an off topic question :)
Whatever the outcome, I know that there is a need for a site like this and hopefully it will come into existence at some point in the future, once we get enough startups focused on this well deserving industry.
I did want to take a quick moment though and just give a shout out to the now closed 'Healthcare IT Stack Exchange' site. This SE site got as far as public beta, but was closed yesterday due to essentially a lack of support.
Going in I knew that it would be a hard fought battle for that site to get traction, but I hoped against hope that it would. Yes, there are other support sites out there for healthcare IT providers. Maybe I haven't looked hard enough but from the few ones I've found, they seem to be either targeted at one particular aspect or product or their not free. Yes, there are other IT support sites out there and I use them regularly. In fact, the reason I knew about the healthcare IT Stack Exchange was because of the regular usage I make of Stack Overflow and other Stack Exchange sites. But don't be fooled: healthcare IT has a lot of nuances, acronyms and assumptions that mainstream IT does not. A normal IT support site cannot do what the dedicated healthcare IT SE site did.
I don't consider this to be a rant. It's just an observation. I find it hard to believe that there's not enough people to make a go of a site like that. I have no doubt, though, that getting enough people to know of it's existence is another problem altogether.
There are a lot of healthcare IT workers. Deep down, I wonder if the lack of support of this site is a reflection on the demographics more than anything. I get the feeling that in healthcare, you're almost always a massive conglomerate and yet I've always felt that Stack Overflow and it's SE offspring are more 'startup-y' than other support sites.
To me, at least, healthcare IT requires some startup shake-up. That's why I am where I am at the moment. It's why I'm also rooting for companies like Drchrono.
Anyway, back to the site: it was a great thing to see that site start up and it's a shame that it never materialised into what it could have become.
Let this just be my public thanks to Steve Wranovsky for proposing the site in the first place, and to all of the people that tried to make a go of it. I did my best to make it active, even if it was just an answer or two and an off topic question :)
Whatever the outcome, I know that there is a need for a site like this and hopefully it will come into existence at some point in the future, once we get enough startups focused on this well deserving industry.
Subscribe to:
Posts (Atom)