Monthly Archives: August 2011

NoFollow not working?

Nofollow attributes were added to the web in 2005, with major search engines and blog/CMS vendors providing support.

I find it interesting that it clearly hasn’t stopped comment spammers, who continue to bombard blogs. I can only assume they don’t care about Pagerank etc, but just want their links to be seen by humans, though I would have assumed most blog owners use spam detection of some kind, and most spam comments which do make it through are unlikely to get clicked on.

But that’s always been the issue with automated spam. Only a tiny number have to be acted upon to make them profitable.

Please allow approximately 10 working days…

For school work young Owen needed a photo of his family celebrating something, so a suitable photo from a recent birthday party was selected.

I figured I’d upload the photo to BigW photos the night before, to give them a chance to print them out before I arrived the next day.  I noticed the disclaimer “Delivery Times: Please allow approximately 10 working days for your order to arrive in the mail or to be ready to be picked up in store” but figured this was just legalese arse-covering, applicable to weird things like coffee mugs etc.

I fully expected to get an email five minutes after submission.

I wondered to myself how it is that they can make any money from a single 10c photo, paid for via PayPal.  I figure my order must be costing a buck or two in direct and indirect costs; the PayPal fees alone would be the entirety of the payment.

I didn’t get an email.  It’s been four days now, and the order is still “In production” leading me to believe that the order is going to be printed somewhere that isn’t my local BigW, and is then being shipped there.  Needless to say, I shan’t be collecting it; the day after the photo upload I went to Bunnings for a hinge and some storage boxes, and popped into Officeworks beforehand anticipating some delay in printing – alas, there was a sixty second delay, so that prudence wasn’t required.  Of course, I could have gone to Harvey Norman for the photos but it was an extra 100m walk and another 5c, even if their printing seems to be of a higher quality, a classroom of Prep students isn’t going to appreciate the difference.

Riddle me this: if my photos aren’t printed out at my local BigW, why would I upload them to BigW photos when I could drag myself there in person and collect them within the hour?

PIN no longer required: Costs externalized as personal endangerment

Australian consumers can now use their Visa cards to pay for small value transactions of $35 or less without entering a PIN or signing a receipt, Visa announced today.

This requires the retailer to actively persue this strategy, but the payment network no longer demands identification for these “low value” transactions. They claim that security isn’t compromised by this. Their logic goes like this:

  1. $35 isn’t much.
  2. If someone steals your card, they can only obtain $35 worth of goods and services per transaction until the card is shut down.
  3. Your card issuer will eventually notice all of these transactions and phone you to make sure everything is okay.
  4. The retailer wears the risk of these unauthorised transactions

So what’s to stop your teenager borrowing your card to go buy snacks at McDonalds (one of the early adoptors of this security-flexibility) whenever they’re hungry? The card company’s logic goes like this:

  1. $35 isn’t much.
  2. If someone borrows your card without your knowledge, they can only obtain $35 worth of goods and services per transaction.
  3. The retailer wears the risk of these unauthorised transactions

So why would a retailer run the risk of a month’s worth of Coles supermarket purchases (another early adopter) – which could easily exceed $1000 with one or two purchases a day – being fraudently run up? Because when you compain to your card issuer, they require a police report. The police, being a diligent lot, will follow up these $35 thefts, go to the stores, look at the video footage, realise they don’t know what you look like, come around to your house and compare the picture against you and decide it’s not you. Then they’ll think “How did this person who isn’t the cardholder get hold of the card and the cardholder didn’t notice until they got the bill?” and they’ll suspect an inside job, and ask you if you recognise the person in the video footage. If you want your teenager to have a crimal record with 30+ theft convictions you’ll scream “Sarah! Come here!” and that will be that; otherwise you might stay quiet.

Of course, it might not be your teenage daughter with the munchies; somebody at work might borrow the card from the wallet on your desk to buy lunch when they’ve run out of cash, or friends when you’re out “dining” at McDonalds.

Worse yet is the organised criminals who can easily prove their expenditure is not their own – it was in another state!  Because there’s no motivation to Express Post your card to an interstate confederate for them to have a quick run around with it before Express Posting it back. In short order it can become quite a bill too – at Apple Stores it’s up to $150 without a signature being needed.  These expenditures can be book-ended by legit local purchases, leading the card holder to say “well, I never authorized that, I’ve still got the card, so you figure it out”.  The costs of these thefts, which all the video footage in the world isn’t going to connect to the cardholder, and with some precautions the confederate either, goes onto the general costs of running the retail operation, pushing up prices.

Retailers always had the option of skipping the need to sign for a transaction – be it on their own heads.  So presumably they think that the video footage will reduce the level of experienced loss.

Now, presumably this fraud will cost less than the expenditure saved – assuming a check-out chick costs $25/hour to employ it implies at least 1.4 person-hours are saved per fraud, and assuming a saving of four seconds per transaction, they’re expecting no more than 1 fraud in 1280 transactions.  But I ask: isn’t it better to pay $35 to Aussie Battlersworking Aussie families… our most valuable assets rather than hand over, say $30, to criminals through lax security?

With contactless payments finally with us, there’s even more reason to fear unauthorized transactions, per this video of a guy stealing the identifying information off a smart card:

It appears that in addition to annual fees, international conversion fees, interest charges and so forth, the price of a credit card is the same as freedom: eternal vigilance.

All of this is lovely and academic, but the activity by retailers and card issuers has the effect of turning every card in my wallet into many unchallenged $35 purchases. This acts as a motivator to steal my cards from me.  If my wallet is stolen, I can immediately cancel the cards, so no risk there. So to get at the lovely $35 goodness, the thief needs to stop me doing that – clonking the victim on the head is a good way of preventing reporting. I like my head. I don’t mind spending 4 seconds a transaction to prevent a increase in people getting brained.

The worst part is there’s no way to opt out of this reduced security; I can’t say to Visa: “No, for my card, only pay money when a PIN is supplied.”  It’s forced on everyone. I remember when these PIN things came out, and I was repeatedly assured that they were more secure than a signature, and I could assure them that it wasn’t – the damn PIN is encoded on the mag strip of the card (precisely copied in seconds!), and any fool can see you keying your PIN in. Now another layer of security has been whittled away, leaving… video investigation.

I feel so safe!

Census night is coming

The census delivery chick turned up and offered us the option of paper or electronic form.

Two programmers looked at each other, thought about how they value their time and the response was a no-brainer:

“We’re programmers,” I explained, “we’ll take the paper form.”

“There’s a phone number you can call if you have any trouble filling out the electronic form” reassures the collector.

Cathy thinks: “Sure, that line won’t have any trouble when twenty million Australians simultaneously log into the web site to fill in the forms via a broken SSL link, using IE specific controls (that only work under some versions Windows assuming they’re correctly patched and have the right libraries loaded), demanding full round-trips to the underspec’d Windows servers to populate unnecessarily complex custom controls, some of which will no doubt demand Flash or COM. Come to think of it, it probably won’t even be web based, and we’ve only got two Windows boxes, one of which is tucked under a table (Yay! Census night on the floor swearing at the ABS’s programmers!) and the other has a screen resolution that went out with buggy whips (I’ve had programs barf and refuse to run because the resolution was unacceptable).”

We chose paper. For another view of the world, I’m looking forward hearing to how census night worked for Daniel…