Category Archives: Business

Allow more JavaScript, maintain privacy

I’ve long regarded JavaScript in the browser to be one of the biggest security holes in web-browsing, and at the same time the Internet works less and less well without it. In 2008 Joel Spolsky made the observation that for some people the Internet is just broken:

Spolsky:   Does anybody really turn off JavaScript nowadays, and like successfully surf the Internets?

Atwood:   Yeah, I was going through my blog…

Spolsky:   It seems like half of all sites would be broken.

Which is not wrong.  Things have changed in the last five years, and now the Internet is even more broken if you’re not willing to do whatever random things the site you’re looking at tells you to, and whatever other random sites that site links off to tell you to, plus whatever their JavaScript in turn tells you to. This bugs me because it marginalizes the vulnerable (the visually impaired, specifically), and is also a gaping security hole.  And the performance drain!

Normally I rock with JavaScript disabling tools and part of my tin-foil-hat approach to the Internet, but I’m now seeing that the Internet is increasingly dependent on fat clients. I’ve seen blogging sites that come up empty, because they can’t lay out their content without client-side scripting and refuse to fall back gracefully.

So, I need finer granularity of control.  Part one is RequestPolicy for FireFox, similar to which (but not as fine-grained) is Cross-Domain Request Filter for Chrome.

The extensive tracking performed by Google, Facebook, Twitter et al gives me the willys. These particular organisations can be blocked by ShareMeNot, but the galling thing is that the ShareMeNot download page demands JavaScript to display a screenshot and a clickable graphical button – which could easily been implemented as an image with a href. What the hell is wrong with kids these days?

Anyway, here’s the base configuration for my browsers these days:

FireFox Chrome Reason
HTTPSEverywhere HTTPSEverywhere Avoid inadvertent privacy leakage
Self Destructing Cookies “Third party cookies and site data” is blocked via the browser’s Settings, manual approval of individual third party cookies. Avoid tracking; StackOverflow (for example) completely breaks without cookies
RequestPolicy Cross-Domain Request Filter for Chrome Browser security and performance, avoid tracking
NoScript NotScripts Browser security and performance, avoid tracking
AdBlock Edge Adblock Plus Ad blocking
DoNotTrackMe DoNotTrackMe Avoid tracking – use social media when you want, not all the time
Firegloves (no longer available), could replace with Blender or Blend In I’ve have had layout issues when using Firegloves and couldn’t turn it off site-by-site

Please make it okay for KITT to drive itself around

Driverless vehicles are coming. A clear legal framework will make them come all the sooner, and there’s an opportunity to make autonomous vehicles as safe as passenger aircraft.

Don't drive a car like a smuck, get the car to drive you!

Don’t drive a car like a smuck, get the car to drive you!

Make the manufacturer(1) solely responsible for all liabilities incurred by the vehicle, driverless or not. Transfer this liability to anyone who modifies the vehicle without manufacturer approval(2) – covering up sensors, adding systems, modifying software etc. While autonomous, fines for driving infractions are the responsibility of the manufacturer; demerit points are treated as unidentified and the fine for failing to identify the driver is payable by the manufacturer. Annual vehicle registration fees(3) remain payable by the vehicle owner, but third party insurance costs – personal and property – are remitted to the manufacturer, who could be expected to pay you to… not drive the car – if you drive the car, that creates an uncontrollable liability, but if the car drives itself then the risks are only those that are those due to the product, which presumably would lead to product improvement to decrease crashes and injury.

How would you force owners of cars that are the liability of someone else to properly maintain them? Simple; you make the manufacturer cover maintenance costs too – tyres, servicing etc. So now we’re getting to the point where we ask: what are people paying for cars that they only have to cover the running expenses for? How does the manufacturer recoup the cost of maintenance? Doesn’t really matter, but I think you’ll see that driverless cars will only be able to be leased, or hired, or rented, or some other such model. They’d basically be taxis – paid for by time and distance.

Every driverless crash will be investigated by a federal body – the Australian Transport Safety Bureau. To aid investigations, vehicles will be required to detect crashes and refuse to function after them; extensive data logging like on aircraft will be mandated. Because of the lack of humans involved, crashes come down to systems failure and the crash rate should be highly controllable.

 

Fly, KITT, fly

(1) Autonomous vehicle manufacturers might baulk at these plans to make them directly fiscally responsible for their products. Fine; they could instead put an insurance/finance company in as the responsible entity, but whomever is responsible would have to prove to the government their capability to meet their contingent liabilities.

(2) That is, you can hack your car if you want. But if you do, you wear the (potentially quite substantial) risks associated with having done so. Find an insurance company that’s willing to cover you (ha!).

Have you played thePopulation: Tire game? If not, you haven't lived.

Have you played thePopulation: Tire game? If not, you haven’t lived.

(3) Why do we charge registration fees? Owning a car doesn’t impose any costs on society. Driving it does; parking it does. There ought to be taxes on… tyres. The consumption of tyres by a vehicle is roughly correlated to the wear and tear on infrastructure and other externalities. Motorbikes, two tyres; semis eighteen or more. There are already taxes on fuel, again because of externalities – and presumably, because they’re easy-to-levy taxes that are hard to avoid. But infrastructure wear is not a function of fuel consumption, but it is a function of using tyres. The problem with a tyre tax is that people will naturally buy tyres that last a long time, rather than other considerations – for example braking efficiency; to address this some wear factor ought to be applied too.

Australian electoral fraud

An undamaged security cable tie

If the security cable tie isn’t pulled tight engaging the teeth, it can be pulled right off. If it was secured, it would have been damaged while being removed (with scissors).

I did scrutineering at the last Victorian state election, and apart from the shocking level of informal voting and above-the-line voting, there was another shock.

Electoral fraud – or the possibility of it.

The nice thing about living in Australia is that we take our democracy seriously, and we balance being able to prove that what the outcome was with ballot secrecy. Nobody, no level of government or industry, no individual, will know how you voted without you telling them. Yet at the same time we can have confidence that our electoral system is not being rorted; our governments change back and forth, and each time it does representatives of both sides keep a close watch on the activities of the employees of the AEC and VEC, eyeballing each individual vote and knowing that they are all distinctly different from the others in spite of being a collection of handwritten marks on a slip of paper.

To minimize the risks of ballot box tampering, at the start of voting the ballot boxes (just big cardboard boxes here in Australia) are sealed shut with serialized cable-ties. An independent somebody witnesses this when an Electoral Commission employee does this (typically the first voters who wandered into the polling station), and their details are recorded (by details, I think that means signature, but it could be actually enough to track the person down afterwards) and they sign the form that records the sealing of those particular ballot boxes.

So how come they use cable ties that can be “done up” and yet the teeth don’t engage – thus leading to an unsealed ballot box? Is it too much to ask for a cable tie with teeth on both sides?

I should have kicked up a fuss, but it was a safe booth in a safe seat, and who needs the hassle?

Anyways, the reason I relate this story is that I’ve been seeing comments along the lines of “this is the 21st century, why they hell are we using pencil and paper?”  Because, dickwads, computers don’t leave a fucking audit trail.  There’s no scrutineering of electrons.  How the hell are you meant to verify that Clive Palmer didn’t in fact get 98% of the vote?  You can’t.  Interesting that Clive Palmer owns the company that supplied all of the (suspiciously cheap) voting machines to the AEC, but that hasn’t got anything to do with it. And the cost! Pencils are 10c each, paper is about a cent a sheet.  A shitty computer is $500, and requires a bunch of electricity. “Do it on the Internet, or use smart phones!” I hear you say. No, because while nearly everyone can move a pencil around, significantly fewer can use their computer to vote. And there’s no connection between how you voted, and the counting of votes. The announced result could be anything, and there’d be absolutely no way of proving it wrong.  So, yes, computers are shiny and clearly the best way of implementing a voting system, if you want an electoral system you can’t actually trust.

Grumpy Duck has a nothing

There was some massacre in the US (again) and the pundits are trying to explain why the perp did it. Closest they got is “well, he did like violent video games. Said it was like he was actually there, doing it”. I predict calls to ban violent video games. I’ve reached the point where I’ve given up caring about massacres in the USA; I’ve researched why they can’t make laws controlling gun ownership and it turns out the Supreme Court has taken a very pro-gun interpretation of the US Constitution in some recent key cases. The decisions made have cast gun availability in stone, so to alter that in any way now it’s a simple matter of changing the constitution if they want safety. Which they’re not going to do, so screw ‘em. Massacres are the price the USA pays for having those laws of its land.

If you’re not going to change your laws, quit whining.  Either you love gun massacres and stay in The Greatest Country On Earth, or you sod off to a proper country. Why not celebrate these massacres as a beacon to the rest of the world, a sign that your country loves freedom – and that the occasional mass killing is just a timely reminder of how valuable those freedoms are?  Besides which, those shot in mass killings deserved it – they failed to exercise their constitutional right to bear arms. Increase your personal safety and that of those around you – go buy a gun, right now!  Buy two: one for each hand.

Kids in the USA get Grumpy Duck has a gun.

Aussie kids get Grumpy Duck has a nothing.

The Roast can be seen on ABC2 at 19:30 three weeks out of four.

This is why retail is in such trouble

To our surprise, we’ve discovered our youngest has terrible vision due to dud eyes.  He’s proven a superlative example of the brain’s ability to work around systems failures – his parents didn’t have the slightest idea his vision was as stuffed as it is.  The discovery that something was wrong was made at his 3.5 year overhaul child health check.  We got a recommendation to an optometrist who was reportedly good with youngsters; and she determined the exact problem and quantified it (without using any lasers at all, which seriously disappointed me). Medicare covers the entire cost of this testing.

Neither Cathy nor myself wears or has ever worn eyeglasses (I recently complained to my doctor that my vision had deteriorated, and after testing he told me to quit bitching because my vision has dropped to  20/20), so we were lost at sea when it came to acquiring and purchasing.

With a prescription in hand we went shopping, with prices ranging from $350 to $550 for a single set of eyeglasses that will need replacing in six months.  These prices seemed dramatically above what the cost ought to be; I’ve bought sunglasses before and paid between $1 and $100 a pair.  “To the Internet!” I cried. And lo, the Internet said that if we were willing to wait three weeks instead of one to two, it would hand over the same kinds of vision correction devices for $90 $78; actually that was USD, so it was going to be less again.  Not only that, all the stores on the interwebs had memory metal eyeglass frames, whereas the physical stores often didn’t carry that vital (in a three year old) option, hoping instead that arms that were double-hinged might be able to survive (or, given the warranties involved, perhaps even hoping they wouldn’t survive).

Australian retailers are in trouble and want GST charged on all imports into Australia, rather than with the $1000 limit that currently operates; the GST is the least of the problems with retail in Australia.  And the cost of collecting GST on imports is high:

The Productivity Commission said that reducing the threshold to $100 would raise an additional $472 million, but, based on the current customs processing charges, this would cost consumers and businesses approximately $715 million.

So that’s not taxing everything, just anything where $10 of tax could be collected.  An efficient way of taxing imports would be just to tax everything based on the cost of posting it into Australia; one could argue that if someone’s willing to pay $50 postage on something, the goods must be worth something more than… say $50… to them.  So charging Australia Post $5 for the parcel will collect some tax on the thing that we don’t know what the price is, but can make some guesses about its value.  AP will just pass on this charge to the postal services it operates with, pushing up the price of posting to Australia.  People receiving gifts would be able to fill out paperwork to claim this tax back.

The 55m parcels imported into Australia below the $1000 threshold account for a guessed $5.8b of value, that’s an average of about $100/parcel.  My proposal would collect… perhaps $200m, with a very low administration cost – 40% of the tax for 1% of the cost.

But none of this is going to save retail, because the problem retail has with eBusiness is that the fixed costs are so much higher.  Once property prices – and rents – drop to a reasonable level, retail will have a chance.  And for that to happen, many retail businesses are going to have to fail.  Until then, retail is going to need a 50% markup on everything, and will continue to struggle against competitors that don’t need that margin.

Interestingly, our optometrist probably has the right model for a business – they are a service provider providing a service that can only be performed in person, with an adjunct retail business selling glasses etc, ready to mop up consumers who don’t baulk at $550 for a pair of glasses.  They can justify these prices because have the right kind of warranty – two years, no question, anything happens and we’ll fix it.  Accidentally drove over them?  No worries, we’ll replace them.  Try getting that from the intertubes.

Of course, this whole discussion assumes capital and materials mobility, and low labour mobility.  If fuel costs skyrocket, or immigration becomes just a matter of getting on an aeroplane, the whole ball game changes.

Update: Ten days (six business days) after placing the order, the glasses have arrived from China.  That’s right in the delivery window suggested by local providers, and half the delivery time promised by the online eyeglasses retailer we used.  Everything looks great; I’ll whine if anything isn’t right, but with my limited knowledge, all seems well at the moment!  On the downside, our health insurer says that we choose poorly if we wanted a refund; the cheap Internet places they pay out with want $200 for the same glasses, so screw ‘em – our out-of-pocket’s the same whichever way, and this way has less paperwork.

Skype: will it stay multiplatform?

So, as of today, Skype is available for:

Computer:

  • Windows
  • Mac
  • Linux

Mobile:

  • Android
  • iPhone/iPad
  • Symbian (some Nokia and Sony Ericsson)

Now that Microsoft has bought Skype, it’ll be interesting to see which platforms are supported in, say, 6-12 months time. I bet Windows Phone 7 will be there, but will any disappear?

As Office Watch speculates:

Skype has benefited from being independent of any operating system or platform. If there’s sufficient users for an operating system, Skype made the necessary software. Windows, Mac, Linux, iPhone, Android etc, all have Skype downloads because it was in Skype’s corporate interest to have broad based coverage.

Now, that corporate interest has changed. Any Skype development will go through the filter of serving Microsoft’s broader corporate agenda. Despite Microsoft’s assurances, that will gradually change Skype into something that gives preference to Windows, Windows Phone and other Microsoft products.

Wired also has a good piece pondering why MS bought it.

How not to run a corporate web site

I’ve noticed that Transport For London do this irritating thing: they move (“archive”) their corporate media releases content each month.

So this:
http://www.tfl.gov.uk/corporate/media/newscentre/19678.aspx

– which has been quoted widely as the press release for the Royal Wedding Oyster Card, for instance on the popular Going Underground blog — gets moved to:

http://www.tfl.gov.uk/corporate/media/newscentre/archive/19678.aspx

The old link returns a 404.

WHY? It just seems utterly pointless.

The other thing they do is fail to show, or even link to pictures on their media release pages, even in cases like this where the picture is of prime interest, as the story is “Mayor unveils design of the royal wedding Oyster card”. Instead they make you ring the TFL press office.

Perhaps they haven’t noted the rise of social media, where the messages you put out can be spread by bloggers, Tweeters, Facebookers — none of whom will have the time or motivation to ring your press office to get hold of a photo.

If you hide the official information too much, people will end up relying on the unofficial information out there. Less detail, less reliability, and you’ve got less control of the message you want to put out.

Seems an odd way of doing things in the 21st century.

(I only had this rant because I was looking for a picture of the special Royal Wedding Oyster Card.)

New York Times paywall

The New York Times will shortly introduce a paywall. It won’t include front and section pages, but will include most other articles.

But it’ll include a feature whereby most users can read up to 20 articles a month without subscribing, and will include free access when following links from social media such as Twitter and Facebook.

We’ve set the limit high enough that many readers won’t encounter it. But if you’re a regular reader, we hope you’ll consider subscribing.
NYT web site

For many non-US readers, 20 articles per month is reasonably generous I suspect.

But I wonder how they count up your tally. By IP address could cause issues with people behind corporate firewalls. By cookies could be circumvented.

Subscriptions will be USD $20 per month. Will be interested to see how this goes. I reckon it’s the sort of model the Australian Financial Review should switch to… its current paywall is all locked up, and provides almost zero access to casual readers.

(via The Australian’s media blog)

Advertisers impersonating Facebook ON Facebook

This “Mailbook” advert appeared on Scrabble, just below the normal Facebook toolbar.

"Mailbook" ad seen on Facebook

Seems dodgy to me. It’s a quite misleading way to try and get you to click on the ad.

Surprised Facebook would allow something that appears so similar to their own navigation.

Maybe they haven’t spotted it yet. I wonder if the icons are pixel-for-pixel copies?

Josh has something even simpler than budgeting

Just write down what you spend your money on. At the end of the month, review.  You might want to classify things, graph total expenditure and other fiddling around with the numbers.  But that’s all you’ve got to do: just monitor things. If it turns you on, the monitoring etc can be done via a spreadsheet or personal finance application, but a sheet of paper marked out with every day in the month will do just fine.

When you become aware of what you’re spending your money on, and look at it as a proportion of your monthly spending, the awareness alone may be enough to change your behaviour to be more fiscally responsible.

Facebook Scrabble unstoppable advert

Oh Scrabble, you bastards.

Facebook Scrabble unstoppable ad

This new advert appears when opening up Facebook Scrabble (the international version).

Gripes:

  • Total advert length might be 45 seconds or more
  • Sometimes it’s a video advert, sometimes it’s a moronic Flash game or one of those stupid “You have a new message!” mock emails
  • Looks like you can’t stop it until there’s only 15 seconds left. After that it seems a Continue button appears
  • For videos, once advert has buggered off and the game fully loaded, the player details don’t appear properly. The video advert has stuffed it. Everybody remains “Anyone”

Apparently we weren’t paying the adverts enough attention, now they want to shove it in our faces.

Way to piss off your users.

Looks like I can stop recommending Scrabble on Facebook to people.