« Posts by Laslow

Ad Company Apologises for Justin Bieber Ad

February 3, 2012 / posted in "It's a Feature", Twitter / No Comments

The other day, I was happily using my free (ad-supported) version of MetroTwit when I noticed this ad:

This prompted me to finally bite the bullet and buy a license for MetroTwit Plus, as well as post the following:

.@metrotwitapp If this was your plan to get me to buy MetroTwit Plus, mission-fucking-accomplished.  [link]

A few hours later, I received this reply:

@laslow sorry we don’t review all the ads that are delivered. :(  [link]

I replied again, and then sort of forgot about it. Later, though I was retweeted, and that prompted the following reply (again from the @metrotwitapp account):

@Rob_Aarts @laslow if you guys have feedback about the ads, the guys at @140ProofAds are listening [link]

And indeed they were! A few hours ago, 140 Proof, the ad company themselves tweeted:

@laslow Thanks for the feedback on the ad you saw. Sorry, we never intend to annoy. Will pass along the feedback to the team. @metrotwitapp [link]

 

Clearly, the lesson to be learned from this is if you want to sell licenses for ad-free versions of your software, sign a contract with Justin Bieber and only push his ads.

The State of Desktop Twitter Clients One Year Later

January 6, 2012 / posted in Twitter / No Comments

In January, I posted a list of complaints I had about desktop Twitter clients, and how they stacked up against mobile clients and the official Twitter website. Several months ago, Twitter user MrBretticus reminded me of that post, and I figured it would be fun to check up on some of the popular clients and see how they’re doing now. I started writing this post then, and ended up forgetting about it. I’ve dusted it off to start the new year, though, so here’s where we are today.

Blu
Wow. Despite having a new version available, Blu really hasn’t changed at all. It still only has four settings (none of which are an SSL toggle), doesn’t let you customize/disable toast notifications, has annoying UI animations, and refreshing bumps the tweets in the timeline making you scroll around to find where you left off. Yep, still crap.

blu

All four of Blu's settings

Seesmic Desktop 2
Basically, SD2 has the same issues as Blu. Not enough settings, screws with your timeline position if you’re scrolled to the top, no in-app media previews, and doesn’t know where you left off when you relaunch the program.

MetroTwit
There have been a few improvements since I last used MetroTwit. The client has always had a wide selection of settings, but now there are options for forcing the use of SSL, disabling Toast notifications, and even allowing you to choose which services to shorten URLs and expand them with. Nice! However, there are still two concerns I have with the program: The unread count is annoying, there still isn’t an in-line image preview, and the UI is noticeably slower to respond (not to mention that going in to Settings, changing something, and then saving results in your columns blanking, forcing you to restart the program to see any older tweets). Happily, clicking on a link to a service like yfrog, twitpic, or most other image/media hosting services (including YouTube) now results in a small in-app popup with a preview of the media!

MetroTwit now also remembers your timeline position after you close the program (sort of)! When you reopen MetroTwit, it will automagically refresh and marks the last read tweet from your previous session with a mark line on the tweet itself and on the scrollbar. Given, it still starts you at the top of the timeline, but this makes it very easy to scroll down and start reading where you left off. You can also toggle a setting that allows the timeline to stay where it is when MetroTwit refreshes.

A fair word of warning, though – MetroTwit does include an ad. Yes, just one. By default, it sits at the top of your Direct Message column and is very subtle. I rarely notice it, but even when I do, I find the ads to be nothing objectionable. If you want to remove them, you can pay a one-time fee of (currently) $16.11CAD ($14.95AUD).

With all of the improvements that have been made, and with the release of New New Twitter, I’ve officially switched the MetroTwit as my full-time Twitter client. It really is that good.

MetroTwit

 

Twitter’s #NewLook Bothers Me, So I Fixed It

December 10, 2011 / posted in "It's a Feature", Twitter / No Comments

I’m not exactly a fan of Twitter’s #NewLook – I like my content on the left, and nav/other crap on the right. Twitter, apparently, doesn’t.

Ugh

So after seeing @Kosh post about a script available on Stylish for Chrome I installed the extension and then loaded the script. Success! But I wasn’t really happy with it.

I actually wanted something that would not only move the dashboard over to the right again, but I wanted the dashboard fixed, so that even if I scroll it stays there. After brushing up on my CSS, I modified the script like this:

Section 1:

.dashboard{
    margin-left:10px !important;
    position: fixed !important;
    right: 28%;
  }
Section 2:
.content-main{
    position:relative !important;
    right: 38%;
}
(Note: You may have to adjust the right: percentages depending on your screen resolution.)


Perfect: Now it's exactly how I like it!




Notice how even though I've scrolled down the page, the dashboard on the right is still visible.

			

		

		

			
Mythbusters and Damage Control

			
December 7, 2011 /  posted in Non-Tech / 39 Comments

			


A story ran on Slashdot today about how an experiment the Mythbusters were running went out of control and they ended up firing a cannon ball through a house and in to a minivan. I laughed, and then remembered that yesterday I saw several pictures posted on Grant, Kari, and Tory’s Twitter accounts. When I went to check, though, I found the tweets had been removed.


Update: Kari, Grant, and Tory have just posted apologies on Twitter.

Further Update: Jamie and Adam have posted apologies as well.




Yet Another Update: Adam has confirmed that no, Mythbusters has not been suspended/cancelled.


Fortunately, I use Plume for Android and it doesn’t remove deleted tweets! Here are the removed pictures:


Tory and his Cannon


 


"Cannon Envy"


 


"Heavy Artillery"


Edit: Sorry for the slowness – my little VPS is struggling to handle the load after being linked on Wired, Techdirt, and Fark (can’t find the link at the moment). Did some conf tweaking and the site should be more responsive now.

			

		

		

			
Adventures in Craigslist

			
October 29, 2011 /  posted in Apple, Hardware, Non-Tech, Rants / No Comments

			


Recently, after a friend of mine showed off his nice new HP Touchpad (running an early alpha of CyanogenMOD) I decided it was time to make the jump and get a tablet as well. The only problem was, being a broke bloke, it was hard to justify the purchase of one when I really didn’t need it. To solve this dilemma, I decided to sell my laptop, a Late 2009 Unibody Macbook (the 6,1 model) and purchase an Asus Eee Pad Transformer (and the dock).


After checking with friends (who laughed at the prospect of owning a Mac), and spamming the global distribution list at work (no bites there), I restored to posting ads on Craigslist and Kijiji (the latter of which brought in zero perspective buyers). The Craigslist ad, though, prompted a number of replies.


The problem, however, was out of all of the replies I received, only four of them were people who were genuinely interested. I won’t post those replies, but instead, the ones that were almost certainly scams.


So a little background information – when I posted the ad, under all of the specs I very clearly wrote “Cash only – must agree to meet me in person, in a public place that we both agree on”. The ensures that not only do I not have to worry about shipping the thing, but it assures me that I won’t get any fraudulent cheques, money orders, etc…. Unfortunately, the people who tend to perpetrate these scams tend to ignore these warns, as outlined below:


This first example was actually “Sarah”‘s second email to me – the first one was a generic “Do you still have the item for sale?” inquiry.


Hello,


Thanks for getting back to me on time,i will like to buy this item and


Am quite comfortable with the condition of the item since i wont be


making any repairs on it,and i will be very more than happy if you can


help me get this item shipped, and am willing to offer $770 to include


the shipping fees through the USPS Express mail service,and i will be


paying you through my PayPal account so send me your PayPal email


address so i can make instant payment get back to me


…….ASAP….Thanks and GOD bless


Note the “GOD bless” at the bottom – I would imagine they were thinking “If I put that in, they’ll think I’m a god-fearing Christian and they’ll be sure to make the deal!”.


    

  1. So what was wrong with this offer? Several things:
    2. 

  2. They ignored my Cash Only – Local Only warning. Never a good sign when they don’t even say “Hey, could you make an exception?”
    3. 

  3. The sentence structure/grammar are…well…horrible and far too formal. Definitely someone trying to sound on the up-and-up a little too hard.
    4. 

  4. Offering to pay more than the listed price. I listed the laptop for less than that. All four of the legit, local enquiries first offered less (in one case, far less) than my asking price. By offering to pay more, the scammer is hoping that you’ll be greedy and jump on the offer.
    5. 



So why wouldn’t I try, take the money, and send it anyway? Well, the problem is that most of these involve stolen Paypal accounts. The person will get the account, not use it, and wait for something like this to come along (a relatively high-value item). They’ll then use that account to pay for it take the item, which they’ll then sell themselves. Meanwhile, the rightful owner of the Paypal account discovers the new unauthorized charge and files a dispute with Paypal. The money gets pulled from my account, and now I’m short both the money and the laptop. Pretty sneaky.


Another “Sarah” (which seems to be a commonly used name for the scammers) contacted me, asking a few more questions (“Do you still have the box”, and “What condition is it in”), before inevitably asking for my Paypal details to send the Payment. I politely replied that as the ad stated, I would only deal in cash and locally because of the chance of a stolen account being used. To this, she replied (in full):


my account is not stolen


Really? Well in that case, sure! I mean, I wasn’t positive, but you’ve managed to convince me!…Not.


Another one (again, the second email after the first “Is it available, what condition, etc…”):


Hello, thanks for your reply. I’m glad you still have the item for sale. Your asking price sounds OK to me. Payment will be make via money order with the shipping fee included. Payment will be deliver to you within 3 to 5 working days. Then pick up will commence immediate by my shipping agent once you have clear the payment in your bank. I will add extra 50$ to your last asking price if you agree to sell this item and hold it for me till you receive my payment. Kindly fill the below data for payment to be mail out tomorrow morning.


FULL NAME :

PHYSICAL ADDRESS :

CITY, PROVINCE :

ZIP/POSTAL CODE :

PHONE/MOBILE NUMBER :

ITEM AGREED PRICE :


I hope to hearing from you soon with the payment information in order to complete the sales asap. Thanks.


Regards,

Edward Parker.


Nope. Sorry.


There were a bunch more, but all were basically the same. In each instance, my typical reply is this:


As you appear to be illiterate, I well try to phrase my payment requirements in a simpler manner – a haiku:


Cash. Only. I mean it.

Must. Meet. In. Person. Okay?

No Exceptions. Thanks.


So that’s about it. I ended up getting a little less than I asked for it, and now I’m the proud owner of an Asus Eee Pad Transformer. Hopefully it’ll be a long time before I decide to sell anything online again.

			

		

		

			
Streetview Comes to Town

			
September 28, 2011 /  posted in Google / No Comments

			


Google Streetview CarI missed them the last time they were in town, so I was right chuffed today to catch them when I was out for lunch. I…may have followed him down a dead-end street to get this picture….

			

		

		

			
Sparkies

			
September 23, 2011 /  posted in Hardware, Makes Sense / No Comments

			


This morning, I was called over to the building we keep our Off-Site Backup NAS at. The new tentants had the local Cable Co. over to do an install, and they needed access to the secure room with all the networking kit in it.


I went over to let them in, and explained where the network drops terminated, where their cable run came from and went to, and answered a few other questions. They looked like they had things under control, so I left.


About twenty minutes later, I was called back over. The techs needed to unplug our UPS so they could put one of those dual-plug splitters in (has six outlets on the front and uses the two in the wall), however they ran in to a problem. At some point in the past, the screw had fallen out of the metal faceplate on that outlet.


When they went to unplug the UPS, they bumped the faceplate and it made contact with one of the legs on the UPS plugs, shorting it and causing lots of sparks.


I got there a few minutes after this happened, and the two were trying to figure out the best way to proceed. One of them had a pair of plyers in his hands, and was saying that he was going to just use those to grip the UPS plug and pull it out quickly. I asked if they’d thought of shutting off the power.


Silence.


So went over to the (of course, unlabeled) breaker panel and told them to yell when the UPS switched to battery power, then I started throwing breakers. After making it through all of them, they hadn’t made a sound. Knowing that the wiring in the building was kind of sketchy, and that there were a few other breaker panels, I told them I was going to go try another one. The one with the plyers then said, “Naw, I’ll just try this again.” and then proceeded to rip the plug out using the plyers. Sparks flew, and then the plug came out. He then used the plyers to knock the faceplate off (which was now scortched and had a chunk burnt out of it), and plugged the UPS back in. It showed “0″ for input voltage.


“I think I killed it.”


On a hunch, I walked over to the breaker panel and, sure enough, one of them was tripped. After resetting it, I heard the UPS go back online. Apparently, when I was throwing breakers, they weren’t paying attention.


So now I’m looking to relocate our Off-Site backups.

			

		

		

			
On Labeling

			
September 21, 2011 /  posted in "It's a Feature", Hardware, Makes Sense, Networking / No Comments

			


Plug
What is this? I don't even...

			

		

		

			
James May Rocks Out

			
September 4, 2011 /  posted in Non-Tech, Tomfoolery / No Comments

			


In Season 13, Episode 2 of Top Gear (staring Jeremy Clarkson, Richard Hammond, and James May), the trio each buy and insure cars for £2500, with the catch that they have to do so under the guise that they’re 17 year olds. Hilarity obviously ensues, and along the way Clarkson and Hammond replace James’ Bach CD with…something else…and glue his stereo controls so he can’t do anything about it. Later in the episode, we see that James has apparently grown to enjoy this new style of music.


James May Rocking Out

			

		

		

			
Followup: Staples.ca and Plain Text Passwords

			
September 1, 2011 /  posted in "It's a Feature", Makes Sense, Rants / No Comments

			


I posted an article the other day when I discovered that Staples.ca stores customer passwords in plain text. After a lot of prodding through email, I finally received a reply with some technical detail about how Staples actually stores the passwords:


We do take this issue very seriously.  I contacted another department for a technical explanation of the issue.


Staples.ca stores user profile information in a commerce Binary large object that cannot be selected using SQL and cannot be queried without knowing the actual hash key to parse the XML object. When a password is being requested using the ?Forgot password? feature, the email address and the security question is asked to validate the user and then a backend processing is performed on the request to retrieve the password and send it to the email address on file. The site is on a monthly schedule to be scanned by Qualys (a third party security provider that provides on demand vulnerability management and policy compliance solutions to Staples) which scans for SQL injections, security vulnerabilities, firewall issues etc. We are 100% compliant by Qualys and from the RSA PCI standard institute. In no way you can SQL inject to this website and get any data from the database that is not authorized. The underlying architecture is very secured and strict procedures are in place to not compromise PII information.


Please do not hesitate to contact us if you require further assistance.


Joan, E-commerce Communication Specialist

e-mail: bd.support@orders.staples.com

phone : 1-877-360-8500

fax   : 1-800-567-2260

url   : www.staples.ca/contactus




So there you have it. They are completely convinced that it is impossible for someone to get your plain-text password.


…That is, unless your email account is compromised. Or their server is exploited (Staples.ca runs IIS5 on Windows 2000, according to Netcraft) and someone gains higher-privilege access. Or a staff members rages, dumps the db, then quits.


Unfortunately, I can’t find a way to delete my account, so I’ve nuked all of my personal data (replaced with fake stuff), and then entered a random password. I didn’t bother writing it down, because if I ever do want to get back in to my account, they’ll be more than happy to send it right to me. I don’t even have to choose a new one!

			

		

		

			« Older Posts