If I'm looking for a company that offers a specific service, I use Google's natural listings.
Sometimes, though, a really effective ad will earn a rare click. I've clicked top banner ads on Slashdot for ServerBeach. Some Flash ads are practically full-blown interactive games - and I've been interested enough to click 'em and play. Note that I've never actually bought anything from any of these ads, but I know people who have.
Before you start criticizing, you should really read the posts and understand the point.
I said that because:
1. By using a self-generated SSL certificate, your users will see a browser warning.
2. Using a certificate from a "Trusted CA" - that is, one that is already approved by your OS/browser by default, will not display a warning.
3. If you have a site without SSL, I won't send you an sensitive information. I understand the other weaknesses in the system, but this is such a basic step to take.
4. There are many steps to take in creating a secure e-commerce transaction. Unfortunately, we can't see or check most of those steps. We definitely can check if the connection is secure via SSL. I believe a company that's willing to take that step is more likely to be concerned about security and privacy than a company that doesn't.
I expect SSL to do one thing - encrypt the communication between my computer and the server. After that, I have to trust the receiving site owner to be smart and ethical enough to provide security measures on their side. I have to trust the credit card company to protect my account from fraud. I have to trust the CA to have checked out the certificate holder and verified that they are, indeed, a legal entity that can be held accountable. All of these things add up to trust - if you don't trust the other party, then you shouldn't be doing business with them.
Which brings me back to my original statement - if the company doesn't have an SSL certificate, can you really trust them to provide security on any level?
Exactly. If their product is spyware, then they can't exactly win a libel suit. My original point was sort of that the "is/is not" determination might be done in court. A legal precedent of "this is what makes something spyware" could be good or bad for users.
I think it boils down to "we prefer the term 'Non-Optional Information Mining and Advertising Software'"
They don't want to be labeled Spyware because "Spyware" sounds bad. (Probably because it is.)
Don't be so drawn in by the knee-jerk reactions to think that "acquisitions and mergers" are always a bad thing. You buy other companies to gain market share, brands, add to your own line of products and services, etc.
Such a move is often good for consumers, too. Imagine what would happen if all of the cell phone companies were small, local businesses. Not only would your service be crappy, but support and prices would probably suck too. By combining into a few major players, you get national service, a sturdy support system, and longevity - they're less likely to fold and leave you hanging.
You don't get to be the richest man in the world by letting your competition win.
Sort of. It's really just a matter of libel - you can't just say whatever you want about someone. If Microsoft could prove that Windows was 100% secure (it's obviously not, but it's also not a realistic goal) then they might bring a libel suit against someone that claimed there were security holes.
In some states, it's illegal to make false accusations for certain crimes - rape, for instance. The accusation alone is so damaging to reputation and livelihood that the state recognizes it to be a crime in and of itself.
If you wrongly claim that Slashdot installs Spyware, they might sue you for libel. I think they have to prove malicious intent, btw.
IANAL, but I did do quite a bit of research on this topic a while back.
Of course I don't. I personally run sites where I use SSL without any financial incentive. For those kinds of environments, you can either pay for the ability to secure your site without a browser warning or you can suck it up and ask your users to trust you.
There's a lot more to trusting a website than SSL, but the inconveniences of an unsupported Certificate Authority will do little to gain the trust of your users.
1. Getting an SSL certificate can require that you fax a copy of your articles of incorporation, public contact information, etc. Someone ends up doing some legwork to ensure that you are who you say you are and that you can be tracked down in the event that there is a complaint.
2. Virtual hosts often share a single IP among many websites. You can't just authorize a name; SSL requires (from my understanding) a unique IP. That would make the IPv4 system even more strained.
3. Certification pricing is partly based on trust. Anyone can generate a free certificate. But it won't work with every system because it wasn't created by a "trusted provider."
If you can't afford a $200US/year fee for conducting "secure" business online, I probably wouldn't want to do business with you anyway.
Eventually, you will either give up on supporting those users or you'll sacrifice your ability to do some of the things we're describing.
In a previous job, I had to support NS 4.7. When users started calling to complain that they couldn't get to ESPN's website, I discovered that even the big boys will leave customers behind if it means slowing the train down.
Support as many users as you can. When you want to raise the bar of what you're putting on your site (or how you're putting, I suppose) then make 'em upgrade or tell 'em to bugger off.
If it did get into the court system, the court may end up legally defining spyware. Think of it in terms of libel, slander, defamation, etc. If you call the software spyware, it can damage their business and reputation. You could be held liable for their losses, even. But that would require that the claim was false. To prove it was false, the court would have to officially declare their software one way or another.
Gator became Claria, as I recall, right around the time they started using these tactics. I wonder if someone can find an update on the outcome of their C&D orders. My guess is there wasn't any - it was just hot air.
It could detect when you were misspelling the domain name and suggest an appropriate replacement:
You asked for slashdpt.org, but that domain is now owned by domain-snatching, spam-feeding liars that get rich because people like you can't spell/type.
According to this, Indiana (my oh-so-flat state) has killed the proposed legislation.
"On Feb. 16, the Local Government Committee killed House Bill 1148. The bill, championed by SBC Communications, would have prohibited Indiana cities and towns from providing municipal broadband services."
At least someone sees the danger. That, or maybe my congressman is paying too much for broadband like the rest of us.
I'm sure you're aware of this (your post seemed pretty well informed) but: Michigan Use Tax
As far as I know, every state has something like this. Most folks don't pay tax for Internet purchases, but some companies (Best Buy, for one) already applies tax based on where you live. You are supposed to report and pay tax on all goods purchased from out of state.
Given the costs of shipping (and the time it takes to deliver), I think Internet shopping can only survive if there is no sales/use tax. If I have to pay tax and shipping, I simply won't buy online.
On the other hand, it's in the state's best interest to apply that tax - not only for the immediate tax revenue, but also creating incentive for people to shop in-state.
No, that's not a dupe. Yes, US Agencies have earned low "grades" for security for years. Considering that many of them were started for the purpose of increasing security, this begins to qualify as a complete FAILURE on their part (regardless of whether it's an F or a D+ or whatever).
Well, if you were the judge and it was a jury case (which it certainly will be) then you wouldn't have so much power over it. As a judge, your job is (as my understanding goes, not being a lawyer or anything) is to uphold the law. So if the case is being made properly, it's up to the jurors to make that decision. As a judge, you'd simply be overseeing things.
Judges are supposed to be impartial and fair, but juries are easily swayed by a convincing lawyer. That's why people use character, sympathy, the press, etc. to make their cases.
You raise a very good point. In this case, it is the court's job to establish that the video game companies are NOT at fault - and that it is not a valid defense. The lawyer, by using that as a defense, is playing a part in this responsibility.
If the kid loses, then the defense isn't going to be very useful for future cases. If he wins, however, it will open the door for hundreds of other "video games did it to me" cases.
Violent movies and video games have been around for a long time. They've played a part in crimes for almost as long. It's still not an effective defense. I don't think he'll win.
Content is important (it's usually the downfall of a brochure site project). But you usually get what you pay for.
If you want a content-rich website with poor design, you can get that for cheap. And design itself does count for something. Potential customers see your design as reflective of your company - and a poor design (especially when your competitor has a great site) reflects poorly. It's a first impression.
There are other things that drive up that cost when you hire someone with the experience, knowledge, and ability to do it right.
Accessibility... Reach more people without really doing more work.
Project management... This keeps a project on schedule, everything under budget, and communication flowing. Without the ability to manage a project, the chances of failure increase dramatically.
Documentation... If you've ever had to support or update a web application with no documentation to help you, it can be a nightmare. They say that good code doesn't need documentation... too bad there are so many examples of bad code.
As I tell my clients, you can hire a high school kid or you can send your secretary to a web design class. There are ways to get a website for cheap. And it will show in the design, the search engine placement, the amount of money you spend making minor changes, etc.
And that's just for a brochure site. Don't get me started on all the insecure web applications out there...
A post on Slashdot a while back pointed out a hash table of 7-character passwords... because some version of Windows took passwords and broke them down into 7-character chunks for storage. That meant that your 42-character password (from Hitchhiker's Guide, no doubt) was really just six passwords all seven characters in length.
It might take you a while to build that hash table, but once it's done you can find the password pretty damn quickly.
"...have I stolen the costs that it took to make the CD, or the suggested MSRP? Why does the RIAA assume that the MSRP is what is stolen?"
You are stealing the cost that it took to create the product overall - recording, production, marketing, packaging, distribution, etc.
I think that's part of the whole thing. When you steal a chair, there is a value to the tangible materials involved. Sure, there's value of time (design, development, production). If you steal a CD, you're also stealing a chunk of money that should be going to cover much more than the physical production of the CD.
My personal experience was the opposite - they needed a web-based project management system, and I simply didn't have enough time to do it. In the end, it was cheaper, faster, and easier to use Basecamp.
A very insightful post. Unless there's serious downtime and unused manpower, developing things inhouse can often be more expensive than buying something pre-packaged or contracting it out.
On the other hand, developing inhouse can also translate to improved skills for developers, potential marketing bonuses (if it's open source, for example), and cheaper-than-outsource support once it's done.
That all has to be weighed against the cost of keeping someone employed that has nothing to do. If you can outsource it, perhaps you don't need everyone working there. Given that the original post indicated that they were understaffed, maybe layoffs aren't the answer... outsourcing software development might be enough to remove that "understaffed" label.
Slashdot Mirror
If I'm looking for a company that offers a specific service, I use Google's natural listings.
Sometimes, though, a really effective ad will earn a rare click. I've clicked top banner ads on Slashdot for ServerBeach. Some Flash ads are practically full-blown interactive games - and I've been interested enough to click 'em and play. Note that I've never actually bought anything from any of these ads, but I know people who have.
Before you start criticizing, you should really read the posts and understand the point.
I said that because:
1. By using a self-generated SSL certificate, your users will see a browser warning.
2. Using a certificate from a "Trusted CA" - that is, one that is already approved by your OS/browser by default, will not display a warning.
3. If you have a site without SSL, I won't send you an sensitive information. I understand the other weaknesses in the system, but this is such a basic step to take.
4. There are many steps to take in creating a secure e-commerce transaction. Unfortunately, we can't see or check most of those steps. We definitely can check if the connection is secure via SSL. I believe a company that's willing to take that step is more likely to be concerned about security and privacy than a company that doesn't.
I expect SSL to do one thing - encrypt the communication between my computer and the server. After that, I have to trust the receiving site owner to be smart and ethical enough to provide security measures on their side. I have to trust the credit card company to protect my account from fraud. I have to trust the CA to have checked out the certificate holder and verified that they are, indeed, a legal entity that can be held accountable. All of these things add up to trust - if you don't trust the other party, then you shouldn't be doing business with them.
Which brings me back to my original statement - if the company doesn't have an SSL certificate, can you really trust them to provide security on any level?
Exactly. If their product is spyware, then they can't exactly win a libel suit. My original point was sort of that the "is/is not" determination might be done in court. A legal precedent of "this is what makes something spyware" could be good or bad for users.
I think it boils down to "we prefer the term 'Non-Optional Information Mining and Advertising Software'"
They don't want to be labeled Spyware because "Spyware" sounds bad. (Probably because it is.)
Don't be so drawn in by the knee-jerk reactions to think that "acquisitions and mergers" are always a bad thing. You buy other companies to gain market share, brands, add to your own line of products and services, etc.
Such a move is often good for consumers, too. Imagine what would happen if all of the cell phone companies were small, local businesses. Not only would your service be crappy, but support and prices would probably suck too. By combining into a few major players, you get national service, a sturdy support system, and longevity - they're less likely to fold and leave you hanging.
You don't get to be the richest man in the world by letting your competition win.
Sort of. It's really just a matter of libel - you can't just say whatever you want about someone. If Microsoft could prove that Windows was 100% secure (it's obviously not, but it's also not a realistic goal) then they might bring a libel suit against someone that claimed there were security holes.
In some states, it's illegal to make false accusations for certain crimes - rape, for instance. The accusation alone is so damaging to reputation and livelihood that the state recognizes it to be a crime in and of itself.
If you wrongly claim that Slashdot installs Spyware, they might sue you for libel. I think they have to prove malicious intent, btw.
IANAL, but I did do quite a bit of research on this topic a while back.
Of course I don't. I personally run sites where I use SSL without any financial incentive. For those kinds of environments, you can either pay for the ability to secure your site without a browser warning or you can suck it up and ask your users to trust you.
There's a lot more to trusting a website than SSL, but the inconveniences of an unsupported Certificate Authority will do little to gain the trust of your users.
1. Getting an SSL certificate can require that you fax a copy of your articles of incorporation, public contact information, etc. Someone ends up doing some legwork to ensure that you are who you say you are and that you can be tracked down in the event that there is a complaint.
2. Virtual hosts often share a single IP among many websites. You can't just authorize a name; SSL requires (from my understanding) a unique IP. That would make the IPv4 system even more strained.
3. Certification pricing is partly based on trust. Anyone can generate a free certificate. But it won't work with every system because it wasn't created by a "trusted provider."
If you can't afford a $200US/year fee for conducting "secure" business online, I probably wouldn't want to do business with you anyway.
Well, I was not-so-secretly hoping that they were harming movie critics.
Eventually, you will either give up on supporting those users or you'll sacrifice your ability to do some of the things we're describing.
In a previous job, I had to support NS 4.7. When users started calling to complain that they couldn't get to ESPN's website, I discovered that even the big boys will leave customers behind if it means slowing the train down.
Support as many users as you can. When you want to raise the bar of what you're putting on your site (or how you're putting, I suppose) then make 'em upgrade or tell 'em to bugger off.
If it did get into the court system, the court may end up legally defining spyware. Think of it in terms of libel, slander, defamation, etc. If you call the software spyware, it can damage their business and reputation. You could be held liable for their losses, even. But that would require that the claim was false. To prove it was false, the court would have to officially declare their software one way or another.
Gator became Claria, as I recall, right around the time they started using these tactics. I wonder if someone can find an update on the outcome of their C&D orders. My guess is there wasn't any - it was just hot air.
It could detect when you were misspelling the domain name and suggest an appropriate replacement:
You asked for slashdpt.org, but that domain is now owned by domain-snatching, spam-feeding liars that get rich because people like you can't spell/type.
Perhaps you meant slashdot.org?
According to this, Indiana (my oh-so-flat state) has killed the proposed legislation.
"On Feb. 16, the Local Government Committee killed House Bill 1148. The bill, championed by SBC Communications, would have prohibited Indiana cities and towns from providing municipal broadband services."
At least someone sees the danger. That, or maybe my congressman is paying too much for broadband like the rest of us.
Because we all know that most homeless people are laid-off programmers.
Damn you India!
I'm sure you're aware of this (your post seemed pretty well informed) but: Michigan Use Tax
As far as I know, every state has something like this. Most folks don't pay tax for Internet purchases, but some companies (Best Buy, for one) already applies tax based on where you live. You are supposed to report and pay tax on all goods purchased from out of state.
Given the costs of shipping (and the time it takes to deliver), I think Internet shopping can only survive if there is no sales/use tax. If I have to pay tax and shipping, I simply won't buy online.
On the other hand, it's in the state's best interest to apply that tax - not only for the immediate tax revenue, but also creating incentive for people to shop in-state.
Dec 10, 2003: U.S. Agencies Earn "D" For Computer Security
No, that's not a dupe. Yes, US Agencies have earned low "grades" for security for years. Considering that many of them were started for the purpose of increasing security, this begins to qualify as a complete FAILURE on their part (regardless of whether it's an F or a D+ or whatever).
I think that's a miniskirt.
Well, if you were the judge and it was a jury case (which it certainly will be) then you wouldn't have so much power over it. As a judge, your job is (as my understanding goes, not being a lawyer or anything) is to uphold the law. So if the case is being made properly, it's up to the jurors to make that decision. As a judge, you'd simply be overseeing things.
Judges are supposed to be impartial and fair, but juries are easily swayed by a convincing lawyer. That's why people use character, sympathy, the press, etc. to make their cases.
You raise a very good point. In this case, it is the court's job to establish that the video game companies are NOT at fault - and that it is not a valid defense. The lawyer, by using that as a defense, is playing a part in this responsibility.
If the kid loses, then the defense isn't going to be very useful for future cases. If he wins, however, it will open the door for hundreds of other "video games did it to me" cases.
Violent movies and video games have been around for a long time. They've played a part in crimes for almost as long. It's still not an effective defense. I don't think he'll win.
Content is important (it's usually the downfall of a brochure site project). But you usually get what you pay for.
If you want a content-rich website with poor design, you can get that for cheap. And design itself does count for something. Potential customers see your design as reflective of your company - and a poor design (especially when your competitor has a great site) reflects poorly. It's a first impression.
There are other things that drive up that cost when you hire someone with the experience, knowledge, and ability to do it right.
Accessibility...
Reach more people without really doing more work.
Standards...
Do I need to explain this?
Search engine optimization...
Think images-as-navigation-without-alt-tags.
Project management...
This keeps a project on schedule, everything under budget, and communication flowing. Without the ability to manage a project, the chances of failure increase dramatically.
Documentation...
If you've ever had to support or update a web application with no documentation to help you, it can be a nightmare. They say that good code doesn't need documentation... too bad there are so many examples of bad code.
As I tell my clients, you can hire a high school kid or you can send your secretary to a web design class. There are ways to get a website for cheap. And it will show in the design, the search engine placement, the amount of money you spend making minor changes, etc.
And that's just for a brochure site. Don't get me started on all the insecure web applications out there...
Obviously, NetFlix is buying all those DVDs.
Bah. The first thing I do when I install Windows is to install vi over Notepad and Wordpad.
A post on Slashdot a while back pointed out a hash table of 7-character passwords... because some version of Windows took passwords and broke them down into 7-character chunks for storage. That meant that your 42-character password (from Hitchhiker's Guide, no doubt) was really just six passwords all seven characters in length.
It might take you a while to build that hash table, but once it's done you can find the password pretty damn quickly.
"...have I stolen the costs that it took to make the CD, or the suggested MSRP? Why does the RIAA assume that the MSRP is what is stolen?"
You are stealing the cost that it took to create the product overall - recording, production, marketing, packaging, distribution, etc.
I think that's part of the whole thing. When you steal a chair, there is a value to the tangible materials involved. Sure, there's value of time (design, development, production). If you steal a CD, you're also stealing a chunk of money that should be going to cover much more than the physical production of the CD.
That's an excellent example of the downtime.
My personal experience was the opposite - they needed a web-based project management system, and I simply didn't have enough time to do it. In the end, it was cheaper, faster, and easier to use Basecamp.
A very insightful post. Unless there's serious downtime and unused manpower, developing things inhouse can often be more expensive than buying something pre-packaged or contracting it out.
On the other hand, developing inhouse can also translate to improved skills for developers, potential marketing bonuses (if it's open source, for example), and cheaper-than-outsource support once it's done.
That all has to be weighed against the cost of keeping someone employed that has nothing to do. If you can outsource it, perhaps you don't need everyone working there. Given that the original post indicated that they were understaffed, maybe layoffs aren't the answer... outsourcing software development might be enough to remove that "understaffed" label.