Category: Computers/Internet

Posted on
by
Banner: Comic-Con International

If you’re trying to get a message out, or provide a service, analytics are great. They tell you what’s working and what’s not, so you can focus on what does work. Unfortunately, when it comes to email, a lot of organizations use a third-party click-tracking service, which registers which mailing the user clicked on, then redirects them to the real website.

Why do I say unfortunately?

Because it’s what phishing does: Sets up a link that looks like it goes one place, but sends you somewhere else instead. In the case of a legitimate email with a click tracker, you end up at the real site eventually. In the case of a phishing message, you end up at a fake login page that wants to capture your username & password, or a site with drive-by malware downloads. Using this technique in legit mail trains people to ignore warning signs, making them more vulnerable to the bad guys. And it makes it harder for security software to detect phishing automatically.

Now add another reason: You don’t control that click-tracking service, so it had better be reliable.

That’s what happened with Comic-Con registration today.

Getting tickets to San Diego Comic-Con used to be a breeze, but last year the system broke down repeatedly. It took them three tries, with multiple handlers, to open a registration system that didn’t melt in the first few minutes.

A few days ago, Comic-Con International sent out a message with the date and time registration would open, and a link to where the page would be when it went live. They went to a lot of trouble to make sure their servers could handle the load, as did the company handling registration. They built a “waiting room” to make sure that people trying to buy tickets would get feedback, and get into a queue, when they arrived, but could still be filtered into the registration system slowly enough not to overwhelm it.

The weak link: The click tracker.

Continue reading

Posted on
by

Imagine that a group of people who don’t drive much, don’t understand how cars work under the hood, and have never studied traffic engineering decide that they’re going to stop speeding by requiring that cars automatically slam on the emergency brake and lock the controls the moment they exceed the speed limit — or the moment someone reports that the car has exceeded the speed limit.

Note that I didn’t say anything about turning the engine off, or putting it in neutral. Or only doing so in places where the speed limit is properly posted. Or worrying about whether there’s a car behind them that will have to slam on their own breaks to prevent a pile-up. Or actually checking that the car really is speeding before acting on the report.

Now imagine that criticisms and objections raised by actual drivers, the auto industry, traffic engineers, highway planners, and city planners are all dismissed as speeder propaganda.

That’s basically what’s going on with the “anti-piracy” bills being discussed in the House (SOPA) and Senate (PIPA/Protect IP).

Posted on
by

After a list of companies publicly supporting SOPA (the censor-the-internet-in-the-name-of-stopping-piracy bill) went public last week, the complaints started rolling in…but the biggest target, at least in the circles that I frequent, was GoDaddy. People organized a boycott, transferred their business elsewhere, and GoDaddy eventually reversed course, but it was too late to stop a massive outflow of customers.

But why was GoDaddy such a target? And for that matter, why did so many people follow through, rather than just rant about it on the internet?

I think there are several reasons.

  1. The tech industry is mostly opposed to the bill on technical reasons. Pick a random hosting provider and chances are they’re officially against it. That made GoDaddy stand out in a way that a random movie studio doesn’t.
  2. They provide a service, not content, and there are many competitors who provide the same kind of service. (And it seems like they all came out with discount codes to encourage people to switch to their company.) With content, you can choose to read a book from another publisher, or watch a movie from another studio, but if you want to watch a particular movie, you can’t get it somewhere else. There are lots of comics publishers out there, but if you want to read Spider-Man, you can only get it from Marvel.
  3. Public opinion of GoDaddy was already low. For some it was their sexist ad campaigns. For some it was the CEO bragging about shooting elephants. For some it was their incessant email marketing, or focus on upselling unneeded services to people who didn’t understand what they were, or the fact that their website is such a %^$^@#%& pain to use. They’re cheap, and they’re well-known, which means a lot of people used them…but they weren’t that well-liked. Supporting SOPA ended up being the last straw.

As a result, you had a company that was tolerated at best painting a target on themselves, and a relatively easy way for people to vote with their wallets and not actually give anything up other than the time and money needed to make the transfer.

Full disclosure: I used to have about 10 domain names registered through GoDaddy, plus a few at DreamHost and one at Network Solutions. (Yes, Network Solutions.) GoDaddy was annoying, but cheap, and it was easier to renew than move. This week I consolidated them all at DreamHost, where I’ve had my websites hosted for the past year. DreamHost is offering a discount code for new customers who want to switch: SOPAROPA. I don’t get anything for telling you that, but if you sign up and list me (kelson – at – pobox – dot – com) as the person who referred you to DreamHost, I’ll get credits that I can apply to my hosting bill.

Posted on
by

Klout’s methodology confuses me. When I first signed on with two profiles — one personal, the other for Speed Force — they classified my personal profile as an “explorer,” and Speed Force as a “specialist.” This makes sense to me. Speed Force also had a higher score for quite a while (it certainly has a bigger audience on any given network).

Sure, there were oddities like their conviction that I was influential about Washington DC rather than DC comics, or Reading Pennsylvania rather than, well, reading, and so on. But at least the overall classifications made sense.

Recently, that’s flipped. My personal profile is scored as having more influence, which I guess makes sense because it’s associated with more social networks (Flickr, Google+, etc.) and I actually do interact more through my personal profiles, especially on FB.

But the weird thing: Now my personal profile is a “specialist,” while Speed Force, which I use exclusively to discuss comics and plug blog posts about comics, is a “socializer.” Huh? Did I post too much about SOPA or something?

Notes: 1. Originally posted on Google+. 2. Klout was a service that tracked your social media influence across multiple networks. You could link Twitter, Facebook, Google+, etc. to one Klout account and it would try to analyze how you interact with other people on all those networks.

Posted on
by

If you live in the US and you use the Internet, you need to know about this. There are two proposed laws, SOPA and Protect IP, that would set up a system to block access to websites deemed to be “infringing,” in the name of stopping piracy. Of course, “infringing” could refer to the actions of one user on a large site, like, say, Facebook or Wikipedia. Imagine if someone at Warner Bros. filed a complaint about someone’s fan art on DeviantArt, and the government blocked access to the entire site. Sort of like shutting down an entire mall because one shopper was accused (not even proven!) of wearing a counterfeit Rolex.

Of course, once a system like this is in place, we all know it’ll never be abused, right?

And that’s not even getting into the technical implications of the bills, which would put an extra burden on tech startups and actually undermine efforts by the US government itself to make the internet more secure.

████, the ████ ████ █████ ██████ the ████████ ██████ the US in the ████ of ████████ ██████ (█████ it ██████’t), isn’t ████ yet. In ████, it’s █████ to a ████ ████ ████.