The Toronto Star has an article about how some computer systems are programmed so badly, they choke on some people's last names. The article is about people with apostrophes, spaces, or hyphens in their names, and how some incredibly bad computer systems don't allow these characters. The article mentions that some systems interpret apostrophes and spaces as commands when storing them in the database. If it sounds incredibly dumb to you that a computer would interpret your last name as a command, you're right, it is incredibly dumb. But the Star is right on in this regard: there are a large number of systems that are vulnerable to this and it's a major problem, called SQL Injection.
Basically what happens is an apostrophe in the data is treated as the marker which indicates where the data ends and the commands begin. The problem is worse than mangled last names, though, because the stuff after the apostrophe is (as the article said) interpreted as a command and executed as such. Imagine writing a cheque for two hundred dollars. If you didn't write "Two Hundred Dollars" but instead wrote "Two Hundred", the recipient of the cheque can insert "Thousand Dollars" on the cheque. This would be bad for your bank account. Similarly if a person were to were to type into the last-name field of a website "Shiny'erase all data", the computer will think the last name is "Shiny" and treat the rest as instructions to erase all data (the SQL is paraphrased). Anyone could attack the system and manipulate the database in ways they wouldn't normally be allowed. The XKCD comic strip has a good comic illustrating this issue: little Bobby Tables. The comic is a little nerdy but it's completely accurate.
Frankly there is no excuse for such bad programming. Frankly there is no excuse in 2008 for most of the common computer flaws we see, but companies don't want to spend money doing proper development, QA, or usability testing. The problem with apostrophes, however, is worse than customer inconvenience. It's often a sign of a major problem with the system.
Money for Nothing
Charlie McCreevy, the EU Commissioner for the Internal Market, has proposed extending copyright for recordings to 95 years. His reasoning:
I wish I could have income for ever based on the work I did in my teens or twenties. Oh wait: I can, in the form of saving for my retirement.
"If nothing is done, thousands of European performers who recorded in the late 1950s and 1960s will lose all of their airplay royalties over the next ten years. These royalties are often their sole pension." People are living longer and 50 years of copyright protection no longer give lifetime income to artists who recorded hits in their late teens or early twenties.
I wish I could have income for ever based on the work I did in my teens or twenties. Oh wait: I can, in the form of saving for my retirement.
LEGO's prices do them in
Looks like I'm not the only one disgusted with LEGO's prices in Canada: Walmart has decided to stop carrying LEGO. I can only hope that this brings LEGO to their senses regarding the ridiculous prices. Either the US prices are artificially low or the Canadian prices are artificially high but Canadian customers deserve the same good deal the Americans get. I'm not usually a big fan of Walmart but I applaud this move.
Gift Registries done wrong
Someone I know has a gift registry at Sears, a major Canadian retailer. Now a gift registry is an idea of marketing genius: convince your customer to make a list of everything they want, all in one place, to ensure that their friends/relatives buy everything from you. Wonderful! It works because it is convenient for the customers too, and it's a totally one-sided affair for the business.
However, in this day and age a gift registry must be as easy to use as possible. The stores already use technology to their advantage; if you are in the store you can add items to your registry by walking around the store with a barcode scanner and scanning barcodes. You can edit the quantity or scan an item multiple times if you want two or more. Easy as pie.
However, Sears makes three major blunders with its registry. First, their website, catalogue and retail stores don't all have the same inventory, and what they do have may not always have the same price. This is confusing to the consumer. Howerver the gift registry compounds the problem because it doesn't show the up-to-date price for anything! The price shown is the normal price when the item was added. There is no excuse, in this day and age, for the price being out of date. At the very least it should be accurate as of 24 hours ago. But even worse, as a result of the separate inventories, some things are not available except when you buy by a certain method. I can understand that the catalogue doesn't contain the entire store's inventory, or that the stores don't stock certain items, but you should be able to walk into a store and order a special order item, and the website should contain every product, and should allow delivery of any product. Anything less is simply bad service.
Second, the gift registry doesn't give you the most up-to-date website price when you click "buy now" (I should also note that the registry pages look so bad I couldn't find the buy now link at first). Instead, if you find the item at a lower price on the website, say because of a sale, you have to add it to your cart on the product's page, not on the registry page. WTF? The registry has a big scary warning "explaining" this:
The third blunder is that the registry page itself is a fossilized relic from 1994; we're talking a plain, ugly HTML table, in monospace font, without a colour or graphic to be seen, but worst of all, without any links to a product description or picture or anything. Sometimes even the name of the product has been truncated so you can't tell what the item is unless you already know what it is. Great design, Sears.
Sears, do yourselves a favour, update your registry system. Maybe more people will use it, and you'll make more money?
However, in this day and age a gift registry must be as easy to use as possible. The stores already use technology to their advantage; if you are in the store you can add items to your registry by walking around the store with a barcode scanner and scanning barcodes. You can edit the quantity or scan an item multiple times if you want two or more. Easy as pie.
However, Sears makes three major blunders with its registry. First, their website, catalogue and retail stores don't all have the same inventory, and what they do have may not always have the same price. This is confusing to the consumer. Howerver the gift registry compounds the problem because it doesn't show the up-to-date price for anything! The price shown is the normal price when the item was added. There is no excuse, in this day and age, for the price being out of date. At the very least it should be accurate as of 24 hours ago. But even worse, as a result of the separate inventories, some things are not available except when you buy by a certain method. I can understand that the catalogue doesn't contain the entire store's inventory, or that the stores don't stock certain items, but you should be able to walk into a store and order a special order item, and the website should contain every product, and should allow delivery of any product. Anything less is simply bad service.
Second, the gift registry doesn't give you the most up-to-date website price when you click "buy now" (I should also note that the registry pages look so bad I couldn't find the buy now link at first). Instead, if you find the item at a lower price on the website, say because of a sale, you have to add it to your cart on the product's page, not on the registry page. WTF? The registry has a big scary warning "explaining" this:
Please note: Prices shown below were in effect at the time of registration. Our current selling prices may be higher or lower at the time you purchase. For retail store purchases, you will be charged the price currently in effect in our retail stores on the day you make your purchase. For catalogue orders and orders placed online from this Gift Registry, you will be charged the lowest current price in Sears printed catalogues on the day you place your order. Items that can be ordered online are indicated with 'Buy Now'. IMPORTANT: Some of these items may be offered at lower prices elsewhere on this website, but you must ‘Add To Basket’ directly from the website item page in order to receive the website price. Sears cannot guarantee that all items in this registry will be available at the time you shop.It's simply bad customer service in 2008 to offer a product at one price but only if the user clicks a certain link, because your other link doesn't support the current price. Basically the warning message is saying "don't use the registry to buy items".
The third blunder is that the registry page itself is a fossilized relic from 1994; we're talking a plain, ugly HTML table, in monospace font, without a colour or graphic to be seen, but worst of all, without any links to a product description or picture or anything. Sometimes even the name of the product has been truncated so you can't tell what the item is unless you already know what it is. Great design, Sears.
Sears, do yourselves a favour, update your registry system. Maybe more people will use it, and you'll make more money?
I don't want iTunes
For some reason Apple seems to really really want me to install iTunes. I don't have an iPod and I've never installed iTunes, but I did make the mistake of installing QuickTime. When you install QuickTime it installs Apple Software Update, which is good because there have been serious security bugs in QuickTime, but Apple uses the software update to try to force-feed you iTunes, so that they can maybe con you into buying their DRM'd products.
Please, Apple, stop trying to force me to install iTunes! Installing unneeded software on a computer is bad; it can make the computer slower or less stable, it can be a security risk (what if Apple Update stops working? now I have an insecure QuickTime AND and insecure iTunes), it can confuse users by changing their settings (gee, WinAmp used to load when I clicked on an MP3, now it's iTunes?), and it wastes disk space and clutters the Start Menu.
Equally annoying is that all the benefits iTunes supposedly bring me are tied to other Apple products: the iPod (don't have one), the iPhone (not available in my country), Apple TV (don't think it's available here), the iTunes store (music locked to your account, can't be easily backed up or sold or played on a non-iPod device)... iTunes doesn't really bring anything good to the table; it's more of a necessary evil if you use one of those other things. Which I don't, which is obvious to Apple because I don't have iTunes installed. If I needed iTunes, it would be there already.
What's worse about this situation is that Apple does two sneaky things to try to con you into installing iTunes: first, it calls the package "iTunes + QuickTime", which is maybe confusing because people think "Oh, I do have QuickTime, maybe I need this update", and also they prompt you to install it even if you've already declined before.
Apple lets you "ignore" updates, which makes them disappear from the list, but irritatingly they pop back into the list whenever the updates are updated. This means that even though you repeatedly tell Apple to screw off, they still insist that you install iTunes.
I've searched on Google and haven't found a way to stop this spamming short of shutting off automatic updates of QuickTime (and any other Apple software I might have, like Safari). I guess I'm stuck denying them again and again. Or maybe I'll just uninstall QuickTime and Safari and banish Apple from this computer entirely.
Please, Apple, stop trying to force me to install iTunes! Installing unneeded software on a computer is bad; it can make the computer slower or less stable, it can be a security risk (what if Apple Update stops working? now I have an insecure QuickTime AND and insecure iTunes), it can confuse users by changing their settings (gee, WinAmp used to load when I clicked on an MP3, now it's iTunes?), and it wastes disk space and clutters the Start Menu.
Equally annoying is that all the benefits iTunes supposedly bring me are tied to other Apple products: the iPod (don't have one), the iPhone (not available in my country), Apple TV (don't think it's available here), the iTunes store (music locked to your account, can't be easily backed up or sold or played on a non-iPod device)... iTunes doesn't really bring anything good to the table; it's more of a necessary evil if you use one of those other things. Which I don't, which is obvious to Apple because I don't have iTunes installed. If I needed iTunes, it would be there already.
What's worse about this situation is that Apple does two sneaky things to try to con you into installing iTunes: first, it calls the package "iTunes + QuickTime", which is maybe confusing because people think "Oh, I do have QuickTime, maybe I need this update", and also they prompt you to install it even if you've already declined before.
Apple lets you "ignore" updates, which makes them disappear from the list, but irritatingly they pop back into the list whenever the updates are updated. This means that even though you repeatedly tell Apple to screw off, they still insist that you install iTunes.
I've searched on Google and haven't found a way to stop this spamming short of shutting off automatic updates of QuickTime (and any other Apple software I might have, like Safari). I guess I'm stuck denying them again and again. Or maybe I'll just uninstall QuickTime and Safari and banish Apple from this computer entirely.
Judge shows common sense in face of insane prosecutors
I'm glad to see that there are still judges in the justice system who understand that crime needs to be punished. The recent case of a woman in Halifax who was beaten by three teenagers is one example: Both the Crown and the defense argued for short sentences for two of the girls, but thankfully the judge showed some good sense and imposed a stiffer penalty. Unfortunately this penalty doesn't go far enough but at least it's better than nothing.
Subscribe to:
Posts (Atom)