Hacker Name

Tuesday, May 19th, 2020 09:43 pm
flwyd: (bug eyed earl)
Your hacker name is the first messaging app you used and the speed of your first home Internet connection.

I'm ytalk 2400.

A Decade

Saturday, November 30th, 2019 02:25 pm
flwyd: (Akershus Castle cobblestones)
Ten years ago today I walked into the lobby. I got my photo taken and picked up my badge and a laptop. Or, as we say at Google, today is my tenth Googleversary.

Less than a month later Google's security team discovered Operation Aurora, an advanced cyberattack campaign conducted by China aimed at obtaining intellectual property from U.S. companies and, in Google's case, email data from Chinese dissidents. Before announcing this attack, Google instituted some fairly disruptive security requirements—Googlers around in 2010 probably remember entering OTP codes seemingly every time they wanted to interact with an internal resource. One of the things I've really admired about Google is that the security team didn't stop with a secure-but-onerous solution. They recognize that security and usability don't have to be in tension, and over the last decades internal security has increased while simultaneously being easier to use.

I've often felt like I joined Google at an inflection point in its history, and the history of the Internet. The Operation Aurora attack was one symbol of it: user data was quickly becoming the most valuable piece of the Internet. The early 2010s saw the decline of many open protocols—from CreativeCommons to OpenID to RSS to preventing Facebook from scraping contact data—as companies focused on capturing users in walled gardens and extracting value from user data. Internally, Google was adapting the scale challenges of tens of thousands of employees (in the early 2000s they'd shifted from hundreds to thousands and could no longer all be in the same place at once) and not long after reorganized from parallel org charts for engineering, product, and user experience to an org chart where each product-area was its own tree.

Google was also assessing its product strategy: for ten years they'd launched a lot of experimental products and features. Some had become wildly successful, like GMail and Maps, while others hung out in something of an unfinished state, not getting the investment to become truly useful. The Internet was shifting no longer was it email plus a world wide web of random interesting stuff. The iPhone was fairly new, and on my second week at Google everyone in the company got an Android Nexus One as a holiday gift. Social connections were also clearly a new important Internet dynamic, and Google invested heavily in addressing that gap.

User data, mobile, social, and security. And cloud computing. That's a good pass at the Internet themes of the past decade. Throw in some machine learning, because there's finally enough compute power to scale those algorithms. And while I wasn't at Google for the first ten years, it felt like I joined at the time of a big shift to play in this new sandbox.

Today, I think it's pretty clear that both the Internet and Google are undergoing another inflection point. Internally, Google's feeling the scaling crunch of a shit from tens of thousands of employees to hundreds of thousands. At quarterly engineering meetings we used to see detailed presentations on Search and Ads, and even folks who didn't work on those products were pretty well versed in their domain models. Today a meeting with a deep dive on every billion-dollar business would take all day, and most engineers don't have the context to understand everything that's going on in another product area. Google's also struggling with symptoms that are visible on the Internet at large: hostility towards perceived out-groups, lack of trust in institutions and processes, and a high-stakes focus on controlling the narrative.

Today when I hear about something on the Internet I'm a lot likely to say "ugh!" rather than "awesome!" which is a big shame. In the aught naughts and in the nineties the ratio was high on awesome, and a big slice of the ugh was for stuff that now feels trivial, like under-construction gifs and garish MySpace layouts.
flwyd: (copán ruinas stone face)
LiveJournal emailed me "What was on your mind 10 years ago?" because apparently #10yearschallenge is a social media thing. LJ then self-answered by quoting the post I wrote on Obama's inauguration day, "They Still Call it the White House, But That's a Temporary Condition" with links to thematic P-Funk and James Brown songs on YouTube (which are remarkably all still up and still have low-thousands of views, ten years later). The Obama administration was significantly less of a soul party than I'd been hoping, but that's a blog post for another day. My next post was on February 2nd to remind everyone of Shadow Boxing Day on February 3rd, a tradition I still try to keep.

I was already ahead of LiveJournal in the "What was I doing ten years ago" game, though.

I finally got the motivation to organize my decade and a half of digital photos into a modern web presence. This was instigated by Flickr's upcoming limits on free accounts now that they're part of small-internet-company SmugMug rather than we-somehow-still-have-loads-of-cash Verizon Oath neé Yahoo. [Ironically, the last time I was surveying the landscape of photo sharing options and wishing that Yahoo had invested in Flickr rather than letting it slide from "almost certainly the best online photo management and sharing application in the world" to "a social networking site for photographers that most people forgot about" several folks had suggested SmugMug.] After exploring the state of Flickr and reading the tea leaves about SmugMug's plans for the site, I realized that SmugMug itself was probably a better fit for "Here's all the interesting photos I've ever taken, organized into time and place" and a free Flickr account might be better suited to sharing photos I've taken that stand well on their own, distinct from a travelogue.

So thus it was that I found myself spending much of my January free time organizing fifteen and a half years of photographs. And thus it was that I noticed how much more focused on getting out and doing stuff I was in 2009.

Ten years ago this month I was working to improve the state of the entity name recognition code I'd written for Tyler-Eagle and handing it off to a coworker. I then quit my job (in the midst of the worst recession in over half a century, remember) to travel for two months in Central America, and hit three festivals and three national parks over the rest of the summer and then got a job at Google. And while it's easy to get nostalgic about that time you quit your job and spent six months having fun, the photos also provided evidence that even when I had a job, I spent more time hiking in the foothills, going for walks during the golden hour, snapping pictures of sunsets, and going to drum circles. Over the last nine years I haven't prioritized these as much, which made me sad. My social life over the last nine years has been dominated by work and Burning Man (and more recently climate activism), which are big and meaningful and fun, but also kind of exhausting. I need to change this.

I also got a feeling that the world is less fun than it was ten years ago, and not just because I'm in my late 30s instead of my late 20s. It feels like there's less cool stuff happening (though I don't use Facebook, which is probably where people find out about interesting events in the twenty teens). And the general sense of techno-optimism has turned into a collective future outlook of techno dystopia. I've long imagined running a Cyberpunk 2020 game in the year 2020. Now that we're almost there, I think it's interesting that the corporate dominance part of the story is more accurate than the technical advances that create the setting.

So hey, let's all remember some of the future we were hoping for in January of 2009 and see if we can't still create some of that.


Post script: Flickr was part of that techno-optimistic future vision ten years ago. Share your work with people around the world! Global search and discovery! Use a Creative Commons license if you want! Robust APIs and RSS feeds! Metadata and mashups! But then they missed the big future transformation: billions of people were about to have pocket computers with a camera and an Internet connection. Yet Flickr was stuck in a self-conception that most photos are taken by photographers because photographers are the primary users of cameras, so they didn't try to make a Flickr app that was "Almost certainly the best way to share what you capture with your phone." And they missed the insight that, for many people, who you share with is a more important axis than the media type you share. (I also suspect that MBAs at Yahoo! had already underallocated headcount to projects like Flickr with significant growth potential, so even if they'd seen this shift coming they would've been poorly resourced to adapt.)

LiveJournal also felt like part of that open techno future ten years ago. When I've occasionally gone LJ history digging, 2008/2009 seemed to be when LiveJournal hit its peak, at least in my friends network. I think most folks joined Facebook around 2009 and eventually stopped participating on LiveJournal by 2011. And the way Facebook has evolved is definitely not the optimistic techno future that I had in mind… though they'll make a good Megacorp in a Cyberpunk 2020 game.
flwyd: (transparent ribbon for government accoun)
Obama's speech about surveillance last week featured the following paragraph which gets modern cybersecurity totally backwards:
We cannot prevent terrorist attacks or cyberthreats without some capability to penetrate digital communications, whether it's to unravel a terrorist plot, to intercept malware that targets a stock exchange, to make sure air traffic control systems are not compromised or to ensure that hackers do not empty your bank accounts. We are expected to protect the American people; that requires us to have capabilities in this field.
This train of thought made sense during the cold war. Communication systems built by and used in the Soviet Union were different than those built in the U.S. So if the NSA could simultaneously find and keep secret flaws in a Russian phone system while ensuring security flaws in American phone systems got fixed.

On the Internet, that game doesn't work anymore. Tech companies, open source groups, and standards bodies sell and distribute hardware, software, and protocols globally. Countries and companies throughout the world use the same routers, the same operating systems, and the same secure communications protocols. Every undisclosed security hole and every undetected backdoor that the NSA has at its disposal to "penetrate digital communications" is a tool that attackers have to harm the targets Obama claims the NSA is trying to protect. The stock exchanges and air traffic control systems and banks are using the same networking gear, the same database software, the same VPNs, and the same web browsers as the plotting terrorists, hacking criminals, and enemy governments.

Even if the NSA only uses their powers for good, the more "capabilities in [the digital spying] field" they have the less safe American interests are from foreign spies, criminals, and terrorists. The nation will be more secure if our communications technologies are robustly secure than if we can listen in on all the world's chatter. And by making American communications more secure, the world's communications will be more secure.
flwyd: (mail.app)
According to additional details from Snowden leaks published by The Guardian, GCHQ, the UK's counterpart to the NSA, is wiretapping all or most transatlantic cables which terminate in Britain, i.e., most traffic between Europe and the U.S.

In a sense, this sort of traffic interception is well-known in Internet security, though the scale is new. Internet traffic often travels over untrusted links, from coffee shop WiFi to backbones owned by hostile governments. Good network security design doesn't try to ensure that every step your packet takes is secure. Instead, it focuses on end-to-end security of the data, such as encrypting the transmission and requiring authentication to access hosts. Intercepts can still learn what nodes are communicating (metadata like "you went to a Google web page"), but not the content of the transmission (like the budget spreadsheet you're editing).

Given news and leaks about spy programs in the last several years, we should assume that any internet traffic is monitored. Use https (the secure web protocol) whenever possible, and complain to websites that don't support https. Assume that a government spy agency can intercept any email you send, though emails with sender and recipient on the same system (e.g. gmail to gmail) may be safe. Unfortunately, email encryption like GPG isn't easy to use for most people. For secure communication, consider using an authenticated online document editor from a company you trust, like Google Docs or Office 365. Share the document with a generic title (like "Conversation with Bob, 2013-06-22") and type your message. I believe this approach is more robust to intercept-style snooping than email or phone conversations. However, a saved document (like an email) can be subpoenaed in an investigation or court case and can be read by anyone who gets your account credentials, like a hacker or a spy agency that installed a keylogger on your account.

The first filter immediately rejects high-volume, low-value traffic, such as peer-to-peer downloads, which reduces the volume by about 30%. Others pull out packets of information relating to "selectors" – search terms including subjects, phone numbers and email addresses of interest. Some 40,000 of these were chosen by GCHQ and 31,000 by the NSA. Most of the information extracted is "content", such as recordings of phone calls or the substance of email messages. The rest is metadata.
GCHQ taps fibre-optic cables for secret access to world's communications, The Guardian, 2013-06-21
flwyd: (raven temple of moon)
The problem with social networks is that they present the same context for all sharing, no matter what the content. Even with LiveJournal friends groups and Google+ circles, your heart wrenching post about inner demons might show up between two lolcats and people think you're a let down when they want a laugh. Or your flippant lolcat might show up between an article about child abuse and a video of an earthquake and you come across as an uncaring douche.

In real-life sharing the people in the audience aren't the only determinants of appropriate sharing. The context they've created is also key. The things we share with a couple friends at a rock concert–passion, dance, exhaustion–are different than what we share with the same people in a coffee shop–analysis, discussion, confusion‐even though they're both done in public.

I don think big social network sites are able to tackle this well. The goal of UI designers is to create a simple mental model for users interacting with the system and the goal of software engineers is the create a simple operational system for interpreting user actions. Neither goal is helped by a flourishing diversity of contextual social norms. I hope all the bulletin boards and topic-focused sites survive in an ecosystem dominated by the Twitbooks. Because humans do really well when they can use location and appearance as cues to social behavior.

AIM is on its last legs

Wednesday, March 21st, 2012 08:30 pm
flwyd: (dogcow moof!)
Apparently all the AIM developers have been fired by AOL.

I'm rather disappointed by this. I've had an AIM account since '97 or '98, which predates flwyd.dhs.org (1999), trevorstone.org (2002), LiveJournal (2001), and (of course) GMail. The communication systems I used before that -- bvsd.k12.co.us, colorado.edu, nyx.net, irc.undernet.org -- don't get my attention much these days, but I've been logged into AIM pretty much continuously (summers in college on dialup) since I was a freshman.

AIM really brought real-time internet communication to the masses. IRC and ytalk and other protocols had been around a long time, but getting your technically challenged classmate to install mIRC and find you on a channel was a way bigger hurdle than saying "Hey, install AIM and we can talk about this project tonight." Since then, a bunch of other protocols and clients have sprung up, with pretty much the same feature set: A small window with back and forth chat, a scrolling buddy list with with icons and groups, different noises for different event types.

I suppose most of the AIMers are using Facebook Instant Messenger or whatever they call it over there. But unlike Facebook and Google Chat and, to some extent, Yahoo! and MSN messenger, there never seemed to be an assumption or a desire to get AIM users to be "full" AOL users. Anybody could download a client, even written by someone else, and create an AOL account that was only ever used for AIM.

In the last year or so, most of my AIM messages were from the same sex chat bot, which was a lot less amusing than the salmon precursor to ChatRoulette. But there are folks in my Buddy list that I'd be interested in talking to, but who I don't know by any other contact means. So if I'm in your buddy list, pick your favorite alternate contact Trevor method. My most ubiquitous chat medium is trevorstone at gmail, but you can also find me at pinkflwyd on Yahoo, or [livejournal.com profile] flwyd@livejournal.com on Jabber/XMPP (you can even post by IMing [livejournal.com profile] frank). Adium also has me persistently signed in to OkCupid, so yeah.

Or maybe not. But I can still be disappointed.

Zits and Zips

Wednesday, November 9th, 2011 12:09 am
flwyd: (Trevor glowing grad macky auditorium)
A recent This American Life is all about that awkward period known as middle school. Near the beginning of the show, they state that middle-school-aged kids have more neuron development than at any other time after infancy. That period of our lives is thus, in large part, us becoming the us we will be in life.

Given that, I think my priorities worked out pretty well. Unsurprisingly, I was a nerdy middle schooler. While some of my classmates were learning how to flirt and switching their dating status every other passing period, I was learning how to use Unix and spending Friday afternoons at Computer Club (which is still happening, even though Scott Dixon retired). I also managed to get elected vice president of student council (probably because I was the only boy running) and competed twice in the state geography bee ('cause I'm a map nerd).

I didn't have anything resembling a date or a girlfriend until I was a senior in high school (summer 1997), but by the end of middle school (June 1994), I'd helped organize an international email pen-pal program via elm, found ASCII kanji instructions via gopher, had multi-way interactive discussions on ytalk before the term "instant message" had been coined, read erotic fiction on Usenet with trn, been confused by vi, and used two web browsers in an age when the computer teacher could still cut out and post every local newspaper article about the Internet. ("Whoa, check out this NCSA Mosaic thing! Unlike lynx, you can see pictures!")

I think it worked out pretty well. I got to put off awkward romantic fumbling until I'd learned what sort of person I'm attracted to. I got to use the Internet when it was still a text adventure. And while I helped the Unix-understanding neurons win the battle against the girl-flirting neurons, today my girlfriend gets excited by the fact that I work at Google. Oh, and in third grade when I gave up on cursive and penmanship and started typing all my school assignments? I totally have no regrets.
flwyd: (bad decision dinosaur)
Facebook announced this week that when you visit Pandora for the first time, they'll hand over all of your friend information so Pandora can set up your station with music your friends like. This is the sort of "What were they thinking!?!" news I hear about Facebook every six months or so. The frequency of such moments is the main reason I don't have an account on Facebook. For the most part, Facebook's march toward making all your social information public wouldn't be a big deal if it had started that way. Nobody gets upset about Twitter followers or LiveJournal friends being public because they've always been that way. But when people provide information on the assumption it's private and then all of a sudden it's public, they tend to feel betrayed.

Tech Crunch included a screen shot of my Buzz post referencing that link in an article about Google engineers concerned about Facebook privacy. I don't know if they also write stories about Microsoft employees blogging about iPhones or Qwest employees tweeting about their Sprint service or Subway employees declaring the Double Down is gross.

On the other hand, Facebook made some positive announcements at f8 (is their conference really pronounced "fate?"). With Open Graph, you'll be able to build a social network out of pieces that aren't all housed in one place. So if you decide you don't like Facebook, you can move to a different site, but people can still "friend you." And you can add a little HTML to your blog and then someone can "like" it on Facebook or any other site supporting Open Graph.

The following is a Slashdot comment I posted in response to the assertion
once something hits the internet its out there, no privacy promise by a huge corporation is going to protect it.

BS. People send millions upon millions of email messages a day and have a reasonable expectation that their email providers and any SMTP hops along the way are going to keep them private. If a webmail provider suddenly decided that everyone's email address and all the addresses of all their contacts were to be public (unless you opt out), that would rightly be perceived as bad behavior and a violation of users' sensible assumptions. The path of least resistance opt-in flow for Google Buzz had the end result of publicly listing the names of some of folks frequent contacts (who'd also opted in). It created a big uproar and Google quickly changed the wording to make it clearer what would be public and how to keep it private.

I access my banking records through the Internet on a regular basis. I use this convenient system instead of paper and phone calls precisely because I trust the privacy promise provided by my bank. A bank that suddenly decided to make everyone's financial information available to the world on the web by default would quickly lose a lot of customers and get a big fine from the regulators. I don't think we need a Federal Department of Regulating Facebook, but I do think we have a right to expect companies to stick to their privacy promises and suffer customer-based consequences if they fail to live up to them.

One thing The Cloud can do better is give users control of their data. Google's Data Liberation Front is a good model: If a user decides they don't want to use a cloud provider's services for whatever reason, it should be easy to get all their data out of that company's control and import it in to a different cloud provider (if desired). Take it a step further: As a user of service A, I should be able to select certain information to share privately with my friend who uses service B. Like telephone companies and the post office, the service providers should transmit and present that information, but they should have no option to change the parties who can see it.


Caveat: Court orders and other legal actions can force a provider to reveal private information without the approval of that information's owner. This is true of banks, cloud providers, and internal IT departments. So yes, if you're planning an elaborate murder scheme on the Internet, don't assume it will only be seen by your co-conspirators. But if you're closeted at work and out to your friends, you have a right to expect your social network won't suddenly decide to make "Orientation: Gay" the first thing people see when they Google your name.

WTFacebook?

Monday, December 15th, 2008 10:44 pm
flwyd: (dogcow moof!)
Even though I've been on the Internet for more than half my life and on the web for three quarters of its, I have some significant new tech and Web 2.0 luddite streaks. I don't have a cell phone, for instance, though that's as much because I don't want to pay lots of money to deal with the phone company's shenanigans as it is because I don't want to use the phone when I'm taking a hike.

I'm not on MySpace for pretty simple reasons: The site looks like all the amateur web designers from 1996 threw a huge party, got smashing drunk, and threw up all over my web browser. It's like Geocities got a whole bunch of money for a class reunion but still held it in the school gym. I may not be gung ho for every new netfad, but I have no nostalgia for mid-90s web design.

Facebook is another Web 2.0 phenomenon I haven't participated in, much to [livejournal.com profile] mollybzz's distance scrabble dismay. The site has struck me as a lot more professional than MySpace and it's probably got more of my friends from the past as users. But a few things bug me about Facebook:
  • People's profiles are mostly private by default. I've occasionally googled a name and found a completely uninformative Facebook page. At least a visit to MySpace can tell you if you've got the right person. As a non-impulsive consumer, I like to have a sense of a product or service before I sign up. For instance, I get the sense that a lot of Facebook posts aren't very insightful, but it's possible people I know put more thought into their content. But the site doesn't make it easy for me to figure that out.
  • As a result, most of what I know about Facebook is by reputation. And it hasn't done a very good job of maintaining that.
  • Nine months ago or so, all I knew about Facebook was that you could play Scrabble and you got lots of random undesired bits of marketing thrown in your face. I think that was when they were trying their "Broadcast to everyone what you just bought on Amazon even if it's How To Deal With A Venereal Disease or a present you were going to surprise your girlfriend with. Signing up for in-your-face advertising didn't sound fun.
  • I hear they realized the error of their ways on that one and made it opt-in. I also heard Facebook played an important role in getting people excited about and involved with the Obama campaign. So that's good and sociologically interesting, at least.
  • But even with in-your-face ads and automatic broadcasting of private activities gone, I'm not particularly excited about their approach to privacy. When they sign up, they ask for your passwords to web mail and instant messenger services. They then proceed to spam the people in your address book. (I hear you get to select who gets spammed, but it's still very impersonal spam.) Even if Facebook's address book combing is implemented perfectly and hasn't ever had a security breach, telling random Internet users that it's okay to give your password to third parties is bad virtual citizenship. If, when you joined a gym, somebody said "Can I have the keys to your house so I can look through your rolodex and phone all your friends," most people would say "Are you crazy?" But the majority intuition about cybersafety isn't very acute yet, so major players on the web have a duty to foster (or at least not undermine) good habits of online behavior.
  • This evening, I received an automatic Facebook invite (subject: "Check out my Facebook profile") from someone I know a little. I'm not a very popular person, so this is like my third ever. No biggie. Then within the course of three hours I got four messages from Facebook with the subject "XYZ has added you as a friend on Facebook..." Huh? Did Facebook broadcast who had found me in their address book? These messages give a very odd sense of privacy invasion and I haven't even given them any yet. Is Facebook going to be this annoying when I'm an actual user? Why would I sign up for that?
In Facebook's defense, I've gotten more annoying messages from other Web 2.0 sites. Somebody I'd had a brief argument with on a Dragonfest mailing list added me to her combination-blog-and-mass-mail site so I got a bunch of essays written by someone I didn't find interesting on topics I didn't care about. And some kid in Utah signed up for MySpace with my GMail address (which had not yet appeared in spiderable locations), so I got a bunch of unsolicited friend requests from sketchy groups. Something similar happened with some high school sports website, so I periodically got mail inviting me to vote in polls about Friday night football and stuff.

Am I wrong about Facebook? Is it totally awesome and it's just got a misleading representation? Would it provide significant value to someone like me? I've already got a blog and a website. I'm the first hit on Google for "Trevor Stone" and I'm on the first page for "trevor new vista boulder," so anyone who really wants to find me can do so easily. I don't feel the need to share the minutia of my life (do you really care that I ate leftover curry bratwurst tonight?), and when I have something substantial to say I tend to spend half an hour writing a post. So other than distance Scrabble, why is Facebook popular?

A Sly Stone

Sunday, January 20th, 2008 11:32 pm
flwyd: (Default)
The Great Firewall blocks LiveJournal and many blogs (perhaps even every URL that starts wit rss. or feed.). But I should be able to post through this handy proxy.

I make no promise of update frequency, though. I'd rather be having adventures than writing about them. The latter can come later.
flwyd: (farts sign - Norway)
This is a rambling description of my attempts at purchasing items online. It could probably be tightened up a bit for humorous effect, but my main interest was in documenting frustration so that I can refer back to it if some random charges appear on my card tomorrow. If nothing else, it serves as a reminder that nothing is quite as simple as handing some paper currency to a person and walking away with a bag of stuff.

Dear Visa,

You are, in many ways, in the businesses of electronic financial security and customer convenience. The following, therefore, should not happen:

  1. I select my online purchase and enter my credit card information and shipping address.
  2. I look away and look back to see a mostly-white window with a "Verified By Visa" logo and my credit union's logo and (as I recall) some text indicating that JavaScript wasn't enabled.
  3. I enable verifiedbyvisa.com and mycardsecure.com (IIRC) via NoScript.
  4. The page asks me to enter my security code, and the last four digits of my SSN and phone number.
  5. I submit such information.
  6. I am asked to create and verify a password.
  7. The next page shows the Verified By Visa logo and the logo of my credit union. And a message that a popup was blocked. And nothing else.
  8. I allow the popup window.
  9. The main Firefox window is no longer active, but no popup window is visible.
  10. I activate exposé and see the popup window and select it.
  11. I still can't see the popup window. I select Zoom from the Window menu and it sizes itself.
  12. The popup window has a submit button informing me that I should update my profile.
  13. Clicking the submit button does nothing.
  14. Back to the main window, there's still nothing but two logos.
  15. I turn on Firebug and start inspecting JavaScript functions and the DOM.
  16. I figure out which function was supposed to be run when the page loads and execute it through the console.
  17. I am redirected to an IIS error page at verifiedbyvisa.com
  18. I try the main page of verifiedbyvisa.com and receive another error page.
  19. I wonder what kind of credit card company doesn't maintain the home page for their security service.
  20. Um... have I made a purchase? Or am I in post-purchase/pre-receipt transaction limbo?
  21. I check my bank balance. My current and available balances are within two dollars, so the site hasn't charged me yet.
  22. I WHOIS verifiedbyvisa.com. Looks legit. I google verifiedbyvisa. The first page is on visa.com and has the same logo I saw before. It links to FAQs, "Solutions," places to shop, and more. Clicking on any of them leads to an error, though. What kind of credit card company has dead links all over their security system section?
  23. I return to the site and add my item again. Now it thinks I want two. Yay! Reduce quantity.
  24. I hit check out. Again.
  25. I enter my billing and shipping information again. Note that the credit card number and security code fields are not of type Password, so Firefox suggests them.
  26. I get redirected to a verifiedbyvisa page again.
  27. I note it has a "Personal Message" which reminds me that I came up with a different password for this service a few years ago when buying tickets for a concert.
  28. Based on the message, I try two variations on a password. It asks me for the card's security code, expiration date, and the last four of my SSN and phone number. Then it asks me for a new password.
  29. I enter what I thought my password was before and jot down a super secret note which has enough information for me to guess the password again.
  30. I am redirected to my original site of purchase.
  31. I print a copy of my receipt.


Internet Explorer is still used by over half of web users, but I think Firefox is around a quarter. NoScript is one of the most popular plugins for Firefox. Other browsers let you turn off JavaScript as well, just not as flexibly. Many users concerned about security browse with JavaScript turned off. It would behoove a credit card company to design their secure payment system in such a way that security-minded users don't have to disable enhanced security in order to make online purchases. This game is 12 years old. You'd think somebody would have figured it out.
flwyd: (what would escher do)
Every blog post, ever. If you're nerdy like me, you'll find almost every strip of this comic funny and/or a sad reflection of your life. Subscribe to [livejournal.com profile] xkcd_rss

Rock the Calabash

Saturday, October 14th, 2006 03:30 pm
flwyd: (asia face of the earth relief)
Terrasonic on KGNU 1390 AM today mentioned World Music dot National Geographic dot com. It turns out it's a collaboration with Calabash Music. Calabash's slogan is "The World's First Fair Trade Music Company," meaning that artists get 50% of sales, which is a damn good deal.

The site offers DRM-free mp3s from scores of world artists. Like iTunes Music Store, songs are 99 cents a piece, but only 75 cents a piece if you buy 20 credits at a time. They also provide a free single every day. I added their RSS feed to my Google Homepage, but Google doesn't show the artist's picture and the feed doesn't provide the artist or song name. The service is entirely browser-based, including minute-long song sampling. The UI for song sampling could be improved by enqueuing songs at the bottom of the list rather than interrupting the current song and playing it after the new song finishes.

I'm still not sure how I feel about buying music online. I've bought about 20 singles on iTunes, mostly for [livejournal.com profile] tamheals, but I've never bought an entire album online. I like the physical CD: album art, lyrics, easily transportable case. I typically buy music at local independent used CD stores. Not only does it support local businesses and keep money in the community, the average used CD price is about $7 or $8, so I usually get a slightly better deal than the $1 a song that most download services charge. Pricing by the album also means that an album by The Clancy Brothers (no songs longer than three minutes) isn't twice as expensive as one by Tabla Beat Science (average song length close to ten minutes).

On the flip side, buying used CDs doesn't directly fund the musicians. I don't think this is a big deal when buying albums by artists who are popular (does U2 care if I buy used instead of new) or dead (I wonder what Robert Johnson could do with $15 delivered by time machine). But bypassing production and distribution costs and having some group in Africa get 50% of the price sounds like a socially and environmentally responsible way to listen to good tunes. I don't get a glossy book, but I can stick a picture in iTunes and may be able to download the lyrics, allowing me to give the album as a DIY present.

WYSINWYG

Thursday, July 27th, 2006 09:18 pm
flwyd: (over shoulder double face)
Remember in the mid-90s when the Public at Large was learning about The Internet? One of the stereotypes is that the Internet was mostly about people in chat rooms having cybersex with 19-year-old virgin cheerleaders who were actually either 15-year-old virgin nerdboys, 37-year-old virgin nerdboys, or 52-year-old creepy old men?

Last week, I was on the computer and [livejournal.com profile] tamheals was not at home. I logged into AIM, but left her logged in to other chat networks. A man she'd chatted with on OKCupid sent Tam a message and I decided to play along. I had not previously encountered this person, and I think he knew only vaguely of my existence. I present, for your edification, what transpired that evening. Names have been abbreviated to protect the guilty.

J (6:58:30 PM): i think okcupid is busted
T (6:59:22 PM): Also there are busty people on OKCupid.
J (6:59:33 PM): as you've proved
J (7:00:41 PM): what size are those anyway?
T (7:01:23 PM): Supersized.
T (7:01:27 PM): Would you like fries with that?
J (7:01:48 PM): yes please
J (7:05:13 PM): so you've been good this year?
T (7:06:31 PM): Depends. What happens if I've been naughty?
J (7:06:40 PM): a spanking naturally
T (7:07:34 PM): I've been fairly naughty.
J (7:07:46 PM): followed by that old english school punishment, a good dicking
J (7:09:32 PM): so what are you doing? anything naughty?
T (7:10:12 PM): I'll leave that to your imagination.
J (7:10:35 PM): so no then :)
T (7:11:59 PM): You just need a more active imagination.
J (7:12:22 PM): i have a great imagination. i'm just too tired...
J (7:13:28 PM): what are you wearing?
T (7:13:57 PM): You can't imagine that either?
J (7:14:47 PM): if i could imagine everything i wouldn't need to talk to you :O
J (7:16:22 PM): ok, i'll start. i'm wearing nothing and i'm stroking my cock
T (7:17:13 PM): Where's the imagination in that?
J (7:17:47 PM): ok, i'm eating your pussy and massaging your breasts with my big hands
J (7:18:06 PM): i lick slowly up your slit and suck and lick on your clit
J (7:18:31 PM): i stick my tounge inside you and fuck you with it :)
T (7:19:48 PM): So your imagination says I'm wearing your face, I see.
J (7:20:13 PM): now i want you to sit on my face while i play with those beautiful breasts and pull on your nipples
J (7:20:27 PM): i want you to grind your pussy into me and moan for it
J (7:22:02 PM): i put my fingers inside you and lick your clit
J (7:22:07 PM): god you're fucking wet
J (7:22:36 PM): i spank you a little and suck on your clit when you push it into my mouth
J (7:23:22 PM): hm, this is a little one-sided...
J (7:23:46 PM): :P
T (7:24:05 PM): A one-sided tongue?
T (7:24:26 PM): A möbius mouthpiece could play an interesting tune
T (7:24:52 PM): Twisting and turning and making her come soon
J (7:25:25 PM): are you playing with yourself? one straight answer :)
J (7:28:32 PM): guess not
J (7:36:17 PM): i have to say i'm fairly impressed you knew möbius had an umlaut. Unless you looked it up, of course...
T (7:36:41 PM): I know many things. I contain multitudes.
T (7:37:27 PM): I am the lizard queen. I can do anything.
J (7:37:31 PM): very well, what famous painter/mathematician incorporated a möbius strip into a portrait?
T (7:38:00 PM): We must not eschew Escher.
J (7:38:46 PM): very well, but you don't need to be exceedingly weird to prove a point. just take it down a level
T (7:39:40 PM): In Escherland, taking it down a level merely gives you a new view of the same situation.
J (7:39:59 PM): is that a GEB reference?
T (7:40:12 PM): No, just E.
T (7:40:58 PM): (Now that we've moved from clit licking to stair climbing, I should mention that Tam isn't home; this is Trevor.
J (7:41:11 PM): haha
J (7:41:16 PM): well played
T (7:41:38 PM): I don't know if you're interested in what I'm wearing anymore.
J (7:42:39 PM): i was starting to be impressed by what seemed to be a fairly well educated chick. fucker
T (7:43:07 PM): Women can't grok topology?
J (7:43:32 PM): can but usually don't my friend
T (7:43:55 PM): Perhaps you should come to a firmer understanding of asymptotes.
J (7:45:09 PM): Perhaps I've spent more than enough years under the mathematical cloth already
T (7:45:28 PM): Your cylinder has graduated?
J (7:46:42 PM): ok, what the fuck did you study in school? these references are a bit too varied and quick
T (7:47:02 PM): Computer science and philosophy.
J (7:47:20 PM): oh, figures
J (7:47:27 PM): dork :)
T (7:47:34 PM): According to Moore's law, the speed of my puns doubles every 24 months.
J (7:48:10 PM): yeah, but eventually the lines will get too close together to be funny
T (7:48:59 PM): It just becomes more challenging to read between them.
T (7:49:16 PM): Most men find lines close to each other to be rather enjoyable.
J (7:50:30 PM): too challenging evidentally. let me get out the photolithograph
J (7:52:52 PM): well, gotta run. if you ever need a programming job in dc, let me know
T (7:53:28 PM): What about Marvel?
J (7:53:37 PM): what about it
T (7:53:47 PM): Do you know of any openings there?
J (7:53:59 PM): let me check
J (7:54:00 PM): no
T (7:54:24 PM): Programming Spider Man seems more challenging than programming Superman.
T (7:54:40 PM): (If I remember my intellectual property correctly.)
J (7:55:07 PM): now i have no idea what you're talking about
T (7:55:49 PM): http://en.wikipedia.org/wiki/Marvel_vs_DC
J (7:56:40 PM): i see
J (7:56:44 PM): no
J (7:57:28 PM): tell tam i said hi and, whatever else... :)
Yahoo (7:57:36 PM): J has logged off


Bonus pun: I met a girl at Möbius Strip Club, but she was one-dimensional.
May 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 2025

Most Popular Tags

Expand Cut Tags

No cut tags

Subscribe

RSS Atom
Page generated Monday, June 30th, 2025 02:18 pm
Powered by Dreamwidth Studios