Michael Eriksson's Blog

A Swede in Germany

Posts Tagged ‘internet

Email addresses and the abomination of a display name

leave a comment »

A strong case can be made that various Internet standards created before the Eternal September, the commercialization of the Internet, the (once) dominance of Internet Explorer, … where superior to what came later.* One interesting counter-point is the “display name” of an email address, which has annoyed me for ages. This idiocy appears** to be present as far back as RFC 822 in 1982, possibly even earlier, depending on what implementations predated this document. (My own history on the Internet “only” goes back to 1994.)

*Of course, allowing for deficiencies due to a smaller amount of practical experience and a changing world.

**RFC 822 gives “mailbox” as “addr-spec” (i.e. a proper email address) or “phrase route-addr”, which seems to match the idiocy under discussion. Its 2001 replacement, RFC 2822, actually uses “display name” in its descriptions.

In effect, instead of using an email address like “john.smith@example.com”, senders are allowed to use e.g. “donald.trump@whitehouse.gov <john.smith@example.com>”.* Here “Donald.Trump@whitehouse.gov” is the display name, which has no actual impact on the email handling. Of course, John could equally use “Trump”, “Hillary Clinton”, “mermaid lover”, or “info”.

*There might be cases where additional escaping or use of quotations marks is needed. I have not investigated this in detail, and I deliberately do not wish to include quotation marks in the examples, even at the risk of a slight inaccuracy, due to incompetent handling by WordPress.

Here we see the first problem: The display name is highly unreliable. Not only can it be used to try to fool the email-illiterate user into making incorrect assumptions, but major confusion can arise when one party switches* display name between two emails, or when several parties use the same** display name. This problem is made the worse, because some email clients rely very strongly on the display name, e.g. in that only the display name is present in overviews of a mailbox (at all or per default). Indeed, even when the email address is displayed, the display name can make it less accessible, e.g. through pushing relevant parts out of sight.

*Say that someone started with “John” and switched to “John Smith”, because there were other Johns; or that someone went with “John Smith” professionally and “Johnny Boy” when writing his family, and that some recipient was both a family member and a professional contact.

**With “info” being the paramount example. In contrast, the email address proper is unique. (But note potential complications like equally ill-advised attempts to allow generic Unicode characters, which might cause e.g. an apparent Latin “A” to be exactly that in one address and and a Greek capital alpha in another.)

A particular complication is mailing lists: Because the sender determines the display name used for the mailing-list address, the eventual recipients can receive dozens of display names for the same mailing list. I can still recall trying to automatically put emails from one or two mailing lists into different folders at work—we were stuck with Outlook, Outlook only allowed filters* based on display name, and even with half-a-dozen alternative display names appended to the filter I regularly found emails that by-passed the filter… Of course, if emails to two different mail-lists used the same display name, filtering would be done incorrectly… (But, in all fairness, these were more Outlook issues than email-specification issues.)

*With reservations for terminology. I have not used Outlook in a good long while.

Another issue is that this feature is mis-designed (even its existence aside): now parsers need to handle two inconsistent formats, writers of emails need to understand two formats, etc. Indeed, because the display name can be empty, a parser needs to handle both “john.smith@example.com” and “<john.smith@example.com>”—and if faced with “john.smith@example.com”, it can only conclude that this actually is an email address (not a display name) after having noted that a “<>” expression does not follow. Absolutely amateurish… A better solution would be to put the display name in angle brackets, which allows for easier and more consistent parsing, and is less likely to cause misunderstandings (i.e. “<Johnny Boy> john.smith@example.com”, not “Johnny Boy <john.smith@example.com>”).

A minor potential advantage is the ability to replace a non-descript email address with something easier for the recipient to recognize. I note e.g. that my own first email address (provided by my college and based on my user name in its systems) was something like “f94-per@nada.kth.se”*. However, the advantage was very minor even back then, very few are stuck with such addresses today,** and that “john.smith@example.com” is named “John Smith” does not need additional mention. If worst come to worst, the (claimed) identity should be clear from the email body, even if at some loss of comfort. Schemes like allowing several people to use the same email account with different pseudo-identities are highly disputable, and it is better to either give them separate accounts or to not use pseudo-identities with the one account at all, because they are likely to do more harm than good. (As an example, a customer-service department should not use the names of individual co-workers as display names for one common account.)

*Do not try it. Chances are that I misremember the details, my last log-in was likely in the late 1990s, and I have no idea what my password might be—even should the account still be functional… The local part, should anyone be interested, comprises a program-of-study identificator (“f”, in my case), the year of enrollment, (a hyphen,) and some letters from the student’s name.

**Or they have only themselves to blame for registering using the likes of “ahf38js” (instead of e.g. “john.smith384”) when a name is already taken.

Unfortunately, display names see heavy use and I very often even receive email back, where my sender address has been abused as a faked display name (i.e. if someone uses just the email address proper, e.g. “john.smith@example.com”, he receives a “john.smith@example.com <john.smith@example.com>” back). This is utterly pointless on two counts: firstly, it adds no information compared to just using the address proper; secondly, it unnecessarily forces the use of one format when the other would have done just fine. Outlook, as already mentioned, seems to consider the display name more important than the actual email address. Certainly, the display names picked by the sender, especially in a commercial context, are often quite poor—as with “info” (why not include the company name?!?) and other very generic phrases.

Advertisements

Written by michaeleriksson

July 9, 2019 at 7:08 pm

Problems with YouTube content

leave a comment »

Spending some time on YouTube, I find a lot of annoyances. Spending some time looking through my drafts, I find that I had already started to write something on the topic. The below is a slightly polished version of the draft, with the reservation that I do not always remember the exact context of some complaints. The footnotes were all added during polishing, in lieu of editing the main text. The formulation as “do not” was almost certainly an error, but I am not keen on a re-write.

There is a lot of crap on YouTube, which is neither surprising, nor necessarily a problem. What is problematic: Even when the content is good, the presentation is often very poor—and in some cases showing an immense contempt for the viewers. Sadly, the more “professional” the poster or channel tries to be, the worse it tends to perform in these regards. In many ways, it is as if they have taken the worst sins of incompetent TV productions and raised them to virtues.

YouTubers (and TV producers!), please do not:

  1. Waste the viewer’s time with long intro sequences without content. There are plenty of five minute videos that start with a thirty second intro, with nothing but logos or generic information about the poster…* This is the worse when viewing several videos by the same poster one after the other.

    *In a parallel, where movies of old might have started with a brief clip for the studio, e.g. MGM’s roaring/yawning lion, many modern movies have half-a-dozen such clips for various entities, which can postpone the start of the actual movie for minutes. Result? I am annoyed and skip forward…

  2. Add background music for no good reason—but if you still do, pick something of quality and with a bit of variation. Save us from those endless repetitions of the same ten seconds of unimaginative drum beat or synthesizer cords.* Either the video has dialog and background noise that is of interest and then there should be no music at all; or not and then I would much prefer to listen to the music of my choice. Half the time, I end up having the video on mute…**

    *I have the impression that there is some repository of fairly second-rate free-for-use music provided by YouTube it self, and that many posters just pick something from this repository based on the first hearing sounding “cool”. After five minutes of repetition, it is a different story altogether. Note that this can apply to even far higher quality music: I recall being driven up the wall by the DVD “extras” for “Pirates of the Caribbean”, which all played the same portion of the movie score over-and-over-and-over-again.

    **Here I probably had my eyes on videos that relied mostly on the actual video part, e.g. wild-life scenes, pets doing weird things, or “fails”. The claim does not apply to more talk-centric videos, e.g. skits or discussions of training tips. (If in doubt, because they are less likely to be infested with poor music…) More generally, the original text is often a bit indiscriminate when it comes to type of video.

    Bad music is worse than no music!

  3. Prioritize the contents lower than the moderator/narrator/whatnot: The latter should only be seen and heard when they bring value to the content, not use the contents to attempt* to make themselves look good or cool. If you have the content, let the content speak; if you do not, pretending that you do just makes you look like an idiot.

    *They usually fail…

  4. Pollute the content with irrelevant animations, over-sized logos, or gaps between e.g. items on a list*: Use animations only when it helps clarify the content, not because you want to “pep up” the video or draw attention to yourself. Keep logos discreet, un-animated, and informative. Let the content flow; in particular, do not make a ten second pause between every item on a list or count-down.

    *A great many videos are of the type “Top-10 X of all times”, “20 ways to Y”, etc. These often take a break between the actual contents of the items to play a sound, show the number of the following item, say the number (“Secret tip number niiiine!”), or similar. The break is often so long as to be boring—and to raise the suspicion that the main purpose is to artificially increase the run-time of the video…

  5. Add unnecessary sounds and visual effects.
  6. Attempt to sound “cool”, excited or exciting, whatnot when speaking. Ideally, the contents should (metaphorically) speak for themselves, without weird manipulations. (The fact that they might need a literal speaker to help them is not a reason to change this.) A typical sport-reporter is a negative example.
  7. Add padding around the video to make it fit a certain format (e.g. 1600×900). By doing so, you prevent offline media players that automatically scale the image to match the display (i.e. virtually all modern players) from doing so, while bringing no benefit whatsoever to online/in-browser players. In fact, the latter can even get into problems because they have too little view space available. In effect, you make the file larger in order to deliver an inferior product…
  8. Add replays of what just happened. Users are perfectly capable of re-winding and re-playing, with or without slow-motion.* Avoid multiple replays of the same scene especially.

    *As a minor reservation, there might be rare instances where such a replay can be justified through higher picture quality. This, however, requires both that the scene benefits non-trivially from the higher quality (most do not) and that the result actually has a noticeably higher quality. The latter will often be the case when the video draws on an original source of a higher quality than its own (e.g. through a higher frame-rate, a less lossy encoding, or a higher resolution); however, will not be the case e.g. when the video and the original use the exact same format.

  9. Abuse YouTube for non-video content. If you have sound without picture, put it somewhere else—do not add artificial images (usually stills) to make it appear like video content. Ditto photos: There are plenty of services to host photos. Making a “video” out of them just to use YouTube is idiotic and user unfriendly.
  10. Pan around a still image. It is annoying and distracting, and makes it harder for those who actually want to study the image.
  11. Use the same or similar names for all own movies, or something used by others all the time. “Top-10 fails”, e.g., is a lousy name that makes it very hard to determine what one has already watched and what not. If nothing better can be found, something along the lines of “[your name]’s fail choices for 2016” at least gives the viewer a chance. Similarly, use a name that is actually compatible with the contents: “Fail”, for instance, does not mean* “generic YouTube video”—it means that someone screwed up, usually in an entertaining manner.

    *The word “mean” was not present in the draft and I am not certain that this was my original intention; however, it is the easiest correction that makes the sentence plausible.

  12. Re-hash the same fail (or other borrowed content) that ten other compilations already have. Some overlap is unavoidable, but please try to be more original and to pay attention to the competition.
  13. Insult the viewers intelligence with demands that he “like”, recommend, subscribe, … Viewers are adult enough to make up their own minds and this type of intrusive commands are more likely to turn him away than to entice him. Explicitly calling the people who do not “like” a video losers, as at least one video did, is almost guaranteed to have a negative effect. You see less subscribers than you want to? Your best bet is to increase the quality or quantity of your contents—not harass your viewers.

    As a general rule, the imperative has no place whatsoever in advertising or material of an advertising character. Most likely the effects are neutral to negative—and in as far as they are positive, this makes the use grossly unethical!

Additionally, I quote a text on naive links written in the interim:

Youtube provides many examples of making too specific assumptions. For instance, a video that asks the users to “comment below” might become misleading even through a minor Youtube redesign. Others, e.g. “please ‘like’ this video” might survive even a drastic redesign, but would still be irrelevant if moved to or viewed in another context, e.g. after a manual download.

Written by michaeleriksson

June 12, 2019 at 8:35 pm

Posted in Uncategorized

Tagged with , , , ,

The problem of new trumping good

with one comment

There is an unfortunate tendency to focus too strongly on the new, notably within the Internet and regarding e.g. entertainment (even outside the Internet). Consider movies: If there is a benefit to watching a movie in a cinema (compared to e.g. on the own computer), then that benefit applies not only to the latest box-office hit but roughly equally to a comparable movie from the past.* Why then is the cinema landscape so dominated by newer releases? Why do even new releases usually see their best returns in the first week and then drop of rapidly? Why this obsession with the new?

*There might be some differences, e.g. in that a more modern movie might have more spectacular special effects that benefit more from a larger screen. For similar reasons, the larger differences between different genres limit what movies are reasonably compared to each other, irrespective of the time aspect.

To a part, these questions are rhetorical: I am well aware of the money-making interests of the movie industry (where the newness factor can be quite rational) and e.g. its influence on interest through marketing and how non-niche cinemas naturally show what the industry currently pushes—and the consequence that someone who wants to visit a cinema for the experience, not a specific movie, will have limited choices outside the new releases. However, there is an aspect of irrationality among the viewers, who could equally well be watching an older movie for the first time and/or wait for a better opportunity to watch a specific movie than in the week after its cinematic release—for instance, to watch it in a smaller crowd one or two weeks later or to wait for a cheap DVD. This even with the current box-office wonder, “Avengers: Endgame”: yes, it continues another movie that ended on a cliff-hanger, but would it really hurt to wait another one or two weeks, having already waited for up to a year for the release? Notably, the same applies to other areas where there is no equivalent to the difference made by the cinema, e.g. the purchase of DVDs shortly after release when the same DVDs can be had for a fraction of the price at a later time. Ditto CDs. Ditto the purchase of overly expensive hard-cover books, because the cheaper and better* pocket edition is only published at a later date. In effect, the customers pay a premium to enjoy what is new, as opposed to what is good. This is the odder, as there is no dearth of entertainment and no need to sit around rolling one’s thumbs while waiting for the better opportunity—if anything, we are flooded with entertainment to the point that perfectly good movies/books/whatnots have to be foregone through lack of time to enjoy more than a minority of them…**

*The lesser weight and size make the typical pocket book easier to read, easier to store, vastly superior during travel, and, indeed, possible to carry in a pocket. For most people in most circumstance, this makes it the better product.

**Which is a co-reason why the respective industry pushes the new: They want to avoid the competition with older works at lower prices. Incidentally, I suspect that this is one of the largest reasons for extensions of copyright terms—not to protect the owners of rights to older works but to reduce the competition for newer works.

Looking at this from the view of e.g. a musician or an author, he can often not just put out a few quality works, build his reputation, and see a steady or even increasing stream of long-term income. Usually, the income that does arise will disproportionately do so from the early days after publication/release/whatnot—and the failure to put out further works can make the old works be forgotten that much faster.

The same need to be current is present on the Internet—even to the point that SEO recommendations include* making sure to regularly publish new material and to update pages for a better rating. But: Unless a site actually deals with news**, a reasonable reader should be more interested in quality than newness. What is interesting is the benefit of reading a certain text. This benefit is usually*** only weakly dependent on when the text was written—let alone when the same author or the same website last published something else.

*At least they did when I looked into the matter, possibly ten years ago. I have not verified that this still holds.

**News is almost tautologically an exception to much of this discussion.

***Circumstances change with time, new information can be revealed, new events take place, whatnot, which can leave even the best older discussion outdated. Texts dealing with concrete laws and regulations are particularly noteworthy, due to the frequency and arbitrariness of change, as well as the potential consequences of a violation. Still, quality texts often retain great value for decades—or longer.

For instance, looking at statistics* for my WordPress blog, it took me a single month of 2010 to build up twice as many page visits as I have at the moment (Mai 2019)—with just a handful of posts and very little value to the world. The historical peak was in June 2011 at roughly five times the number of visits of June 2018. Soon after, I had a lengthy break, followed by only rare posts for another lengthy period. During this time, the count dwindled to the point that a few months had less than one hundred page visits. This despite my having accumulated more posts and, with the old posts still there, almost necessarily providing more value than at the peak—let alone the first few months.

*I deliberately do not give specific numbers, because they somehow (possibly, irrationally) feel like a private matter and were never “brag worthy”. To boot, my website proper always had considerably higher numbers during my days of comparison, which would make the implication about readership misleading. Also see an excursion on visitor statistics.

Since writing more extensively again, my counts have improved, but vary very strongly with publications. Notably, there is often* a short boost the day after a publication, but the lasting effects seem to be weak. As for the difference in visitors compared to the pre-break era, it likely goes back to the many comments that I used to leave on other peoples blog, e.g. in that readers or other commenters might have followed a link back to my blog to see who I was. Most** of these comments are probably still there, but since the posts they were made on are no longer new, they no longer have a major effect.

*This varies, especially based on the text and/or the tags that I use. For instance, a text with a tag like “blogging” tends to have a handful of visitors marked as “WordPress.com Reader” in the statistics, while most others do not.

**There is bound to be some loss over time, e.g. because a few blogs have been deleted or made private (as opposed to merely abandoned).

To take a different perspective: To “go viral” appears to be the popular perception of the Holy Grail of Internet success—to see a temporary explosion in readers/viewers/whatnot of a single item. (To “be trending” is similar, if typically on a lesser scale.) This simultaneously shows a negative attitude among content makers and the problems of the new. To the former: having enormously many temporary readers (or whatnot) of a single item is of less valuable than having a decent number of readers of many items sustained over a long period of time.* To the latter: Here we have people jumping on the latest new bandwagon, only to have forgotten it a few days later.

*In their defense: this attitude might partially arise from the knowledge that sustained success is rare and that “a one-hit wonder” might be a more realistic hope. To boot, that which goes viral does not always require a lot of skill. (For instance, a video of someone doing something weird might merely require being at the right place at the right time and having a lack of respect for the privacy of others.)

The problem is made the worse through mechanisms such as “likes”—something that I spoke out against as early as 2011 (and which I, possibly to my long-term detriment, have disabled on my WordPress blog): We can now see an item receive a few likes, be given a better listing due to the likes, find more readers due to the listing, get even more likes from the new visitors, etc. It is made the worse by the superficiality, non-comparability, whatnot of a like—an image of a cute kitten is pre-destined to receive more likes than an insightful scientific article on feline neuro-chemistry. At the same time, a single like of the scientific article by a leading scientist in the field might be more telling than all the kitten-likes from people like school-children, bored house-wives, truck-drivers, …—but this difference in value of opinion does not show if the two items are compared by e.g. a typical ranking mechanism.

Excursion on page-visit statistics:
The value of such statistics is limited in general, because it tells nothing about what amount of reading took place. For instance, a single visit to certain page could result in someone reading every last word—or to someone reading two sentences and then leaving. Without looking e.g. at comments left, other pages visited by the same someone, subscriptions started, whatnot, these numbers are fairly useless for other purposes than spotting trends and comparing authors of similar style and areas of writing. The situation is even more complicated on e.g. WordPress, due to both subscriptions (which imply that a text might be read by many who have not visited) and archive pages (which contain a number of texts from the same time frame, but will only register as one page visit, even if the visitor read them all).

Excursion on the “wrong” texts having staying power:
There are some texts on my blog that have had a considerable staying power (relative the others—the numbers are still nothing to brag about). However, these have often been the “wrong” texts from my point of view. For instance, the most successful text in the last few years has been my discussion of Clevvermail—a complaint by a disgruntled customer. These visitors are gratifying insofar as I have the hope of having diverted a few people away from Clevvermail, but I would have preferred to have more visitors on a text that is, in some sense, more important and/or dealing with one of my core topics. Similarly, one of my most successful texts in the early days was a discussion of the movie “Doubt”

Of course, this relative success is likely only weakly related to my own efforts, and might depend on factors like what the broad masses want to read, what the competition for certain search terms is, what texts are classified as what by a search engine, and how the “raw” search terms match up with my text. For instance, if Clevvermail pushes advertising, some potential customers are likely to look for experiences by others on the Internet, they might not find that much written by other sources (excepting Clevvermail, it self), the use of “Clevvermail” (as a distinctive and rare string of characters) makes it easy for a search-engine to see that my text deals with Clevvermail—and the user is likely to have included that very string. In contrast, the current text is not on a topic that many will go looking for, it would require a deeper analysis by a search-engine to find a proper classification, and an interested searcher might have to be lucky to stumble on the “right” search terms. (On the upside, the competition might still be low.)

Excursion on main-stream vs. niches:
There is a considerable overlap between the above and the problem that a sizable portion of the population consumes the same information, entertainment, whatnot, without looking into more diverse sources—and that many content producers focus solely on the main-stream. A good example of the latter is how sports have been “dumbed down” again and again over the last few decades, in order to entertain the casual spectator, but also leaving the knowledgeable fan with a reduced enjoyment and often infringing upon the ability to pick a worthy winner*. This type of main-streaming puts niches in trouble, makes it harder for small players, and generally leads to less diversity (in the non-PC sense). At the end of the day: We do not all have to pick what is new and popular just because it is new and popular—some of us might want to pick based on quality and value.

*Often by trying to shorten competitions or creating an unnecessary uncertainty. An outright tragic example is a recent experiment by the IAAF (an ever-recurring sinner), by which a throws competition should be determined by the best effort in the last round and the last round only—the previous rounds merely served to decide which two (?) athletes were allowed to participate in the last round. Throwing events, however, have a large element of chance, which makes the reduction to one throw a virtual coin-toss—except that the athlete who goes second actually has considerable advantage… Why? There is also a large element of risk management, where a thrower can get a bit further by taking a larger risk of fouling. If the first thrower goes high risk and fouls, the second can just make a security throw. If the first thrower goes low risk, he risks a too weak mark. Etc. Of course, the winning mark will often fail to be the best mark of the competition…

Written by michaeleriksson

May 19, 2019 at 9:38 am

Follow-up: Further Firefox screw-ups

leave a comment »

Since my original text, I have read some of the comments on the main Mozilla* page dealing with this issue.

*Mozilla develops Firefox. For convenience, my earlier text just spoke in terms of Firefox.

These comments show how dire the situation is—to the point that Firefox might disqualify it self as a serious browser candidate:

  1. There are many users who have been very hard hit. One commenter mentions how his password manager* with (IIRC) roughly 150 passwords has been disabled, which might be even worse than the NoScript issue. It is easy to imagine a user being cut off from email, blogging, social media, …, through such an issue. Worse: If this happens in a commercial setting, an entire business could be temporarily crippled.

    *However, I would advise against using an in-browser password manager (at least, where important passwords are concerned). This for reasons like the above, the greater risk of hacking, problems that can ensue when switching computers or trying to run several browsers in parallel, whatnot.

  2. The attempts by Mozilla to fix the issue appear to be slow and have not been met with enthusiasm.
  3. Mozilla’s preferred work-around, awaiting a proper fix, is to enable “studies”.

    This work-around has the side-effect of allowing Mozilla to run various spy-on-the-user functionality that many users have disabled for very good reasons—and that more-or-less everyone else should have disabled. This, obviously, amounts to Mozilla screwing up and then gaining an unfair advantage over its users through the screw-up…

    Further, this work-around can take up to six (!) hours to take effect, without an additional workaround (specifically, manual manipulation of the “app.normandy.run_interval_seconds” key). Mozilla’s stance: Wait, without attempting further work-arounds. Depending on timing, however, six hours can amount to an entire day lost, including for some who need the Internet extensively for professional reasons.

    Further, it is not even available on all Firefox instances, including those that use or are based upon the ESR*.

    *An older version with long-term support that is suitable for those in need of greater stability and/or who develop off-shot browsers, e.g. the Tor Browser.

    Further, some users who believe that it should work in their browsers report that it does not. (I have not kept tabs on the details and could be wrong, but I am under the impression that some of them were on the latest version—and, thus, correct in this estimate. There are some murmurings about some other key that might need to be manipulated, but, again, I have not kept tabs on the details.)

From a Tor-Browser perspective, there is an additional* complication through NoScript being used by the Tor Browser internally to implement some security features. The disabling of NoScript implies e.g. that the “security slider” will be highly misleading or malfunctioning. As some mention, such errors could cost someone his freedom or even life…** This, obviously, points to issues with the Tor Browser, including that it has chosen a dangerous path to implement security (dependent on the efforts of third parties) and that it has failed*** to protect it self against the risk of this type of deactivation.

*Which I had not realized when writing the first text, but which is clear from the page I linked to.

**Tor Browser is used by many dissidents in hostile regimes—not just regular surfers who value anonymity.

***In my understanding, such a protection and a protection mechanism is already present for some other plug-ins that come installed with the default Tor Browser, including “HTTPS Everywhere”. Correspondingly, an awareness of the possibility must have been present.

Written by michaeleriksson

May 6, 2019 at 3:04 pm

Further Firefox screw-ups

with one comment

And Firefox does it again:

A few days ago, my Firefox* suddenly claimed that the NoScript-plugin had been deactivated—and left me no means to reactivate it. There was precious little to be found on the topic on the Internet (at the time, cf. below), but I did find the tip that setting the “xpinstall.signatures.required” key to “false” might solve the problem. It did—but at an increased security risk** and after I had wasted a fair amount of time.

*The modified Tor Browser to be specific; however, the problems all originate in or surrounding the vanilla Firefox. Indeed, in the vanilla Firefox I might have been worse off, because the discussed key might not function…

**This key relates to signing and verification of plugins. Setting it to false could allow the installation of malware-plugins.

Today, it happened again in another browser installation*. Going back on the Internet to re-find the key to change, I found many more relevant seeming hits, e.g. [1] and links on that page. Apparently, the Firefox developers have screwed up severely, causing perfectly legitimate, signed, and previously verified plugins to be marked as non-verifiable during the last few days… (I have not looked into the exact details.)

*I have several different installations for different purposes.

However, this screw-up is not the main problem here (bad, yes; but not the end of the world—shit happens). Far more problematic—and further proof of a user-despising attitude:

  1. The plugin was deactivated without querying the user. Correct behavior would be to inform the user and request his decision as to what should be done with the plugin.
  2. There was no non-trivial and well-documented way to re-activate the plugin. However, such a way should have been present, e.g. through a “re-activate” button in the plugin view—if need be, with a big warning sign and a “Are you really sure?” query.
  3. An already installed plugin, which was previously deemed safe, was de-activated without the plugin it self having changed. Normally, such judgment should only be passed during the original installation.* On the outside, it might be sensible to allow a manual override by the developers due to new information, e.g. in that something that was previously considered secure and friendly has since proved dangerous or hostile. This could take the shape of e.g. (depending on the feature/software/whatnot under discussion) a manual key revocation or a manual blacklisting.

    *For this type of check. Other checks, e.g. virus scans, might legitimately allow for later re-evaluation. There might also be other types of files, installations, programs, whatnot that might legitimately be treated differently (but no obvious example occur to me, off the top of my head).

  4. The deactivations took place during on-going browser sessions and (at least, the first time) the notification of deactivation was belated: The first sign that something was wrong was that pages behaved differently than they should; the notification came a little later. This opens security and other risks; e.g. with NoScript,* that the user visits an untrusted or unknown site believing that JavaScript is off, while it actually is on—which is a much, much greater security risk than that posed by an already installed plugin. To boot, NoScript comes with quite a few security protections other than JavaScript on/off, e.g. relating to “click jacking”—these, too, are disabled with the plugin.

    *It is hard to give general examples, because the exact consequences vary from plugin to plugin.

  5. This could only happen because Firefox makes connections behind the user’s back, giving him no say and no transparency. (In particular, I have my browsers set to manual updates only. If this had been a side-effect of a user-allowed security update, it would have been a little less problematic.) No application, browser or other, should make such connections without having informed the user and having received his permission. This for a number of reasons, including the principle of having the user in control, the risks to the users privacy, the added amount of data (which can still be an issue on e.g. a smart-phone), the possibility that the application misbehaves or malfunctions when no Internet connection is present, ditto when a company goes bankrupt/turns off a server/is blocked by an ISP, …

    (Unfortunately, very many other software-makers also do make such connections.)

Written by michaeleriksson

May 6, 2019 at 4:25 am

Concluding observations around eCommerce

leave a comment »

Preamble: The below, minus an excursion, was written some days after [1], and was intended to round out the discussions in that series of texts. Unfortunately, various delivery issues ensued, resulting in another text series. A considerable delay in finishing and publishing resulted from related and unforeseen “real world” efforts and the time for these additional texts. The below is a polishing of the state at the time of the interruption, possibly without some sub-topics that I had not yet included (I do not remember my intentions), and with the section on advertising et al. well short of the intended scope. Relative time references are still based on the original time of writing—not the time of polishing and publishing.

There is an enormous amount to write around the topic of eCommerce—most of it negative, including poor web-design, a customer despising attitude, and absolute amateurity. While I will try not to do this writing, I have a few observations to conclude my recent discussions:

  1. These issues do not just cause problems for the customers. On the contrary, there is a significant loss of business involved for those who have too slow or buggy websites, do not provide reasonable payment methods, try to dictate too one-sided terms, …* This in form both of customers who interrupt their (own) attempted purchases or product searches and of negative “word of mouth”.

    *I am tempted to explicitly mention deliveries here, especially in light of my experiences between draft and polish. See an excursion below, however.

    Note that this applies not just to problems with no upside, e.g. a slow website; it equally includes those with a purpose, e.g. attempts to reduce non-payment for delivered goods. Whether the latter, as a specific example, outweighs the lost custom will depend on the individual circumstances; however, I do have a strong impression* that the aspect of loss and the opportunity cost of these attempts are not considered sufficiently. Moreover, when the attempts are too poorly implemented, the loss will very often be greater than the gain. (For instance, to let a customer find his products, put them in his shopping cart, add an account, enter all address-and-whatnot information, and only then to tell him “no, you look like a risky customer—advance payment only” or even “[…]—take a hike”, will risk considerable ill will.)

    *Based not only on my own experiences as a customer and what I have read, but also from inside knowledge from working at e.g. an online auction-house and an “ePayment” service.

    As usual, those not in the naive mainstream are hit worse than others, e.g. in that many websites offer PayPal and see their job as done at that point—but, considering PayPal’s track-record and reputation, many informed users will deliberately not have a PayPal account.

  2. Buying online is often more effort* than buying in stores—and much more likely to fail**. This is quite contrary to the original claims around eCommerce as a great time saver and convenience. Factor in the offline advantages of being able to investigate an item in person*** and having immediate possession after the purchase,**** and offline is often the better bet. Online can still score through a larger selection or better prices, but this is rarely enough.

    *Including e.g. the need to enter considerable amounts of information or create accounts even for a one-time purchase. Queuing and travel can still result in even larger time waste; however, these can be avoided by at least city people by going to the store when in the area for other reasons and choosing the appropriate time of day,

    **E.g. through errors around payment methods.

    ***Most notably with clothes and similar, but the range of products where this is an advantage is enormous. Consider e.g. test-typing on a keyboard before buying it, reading a chapter from a book, checking how something fits in the hand, looking at a decoration in real life (not just a photo of it), etc.

    ****Note that this is not just a matter of a delivery delay through an online order. Other factors include the risks of non-delivery, of delivery of faulty items, and of not having the items delivered to one’s home—just to the local post office, DHL subsidiary, or whatnot. (An exception to this disadvantage is, obviously, when the goods would be delivered even when bought in a store, which might be the case for e.g. furniture.)

    In the past, eCommerce might have had the considerable advantage of easier price comparisons (with the competition); today, most people have smart-phones and can compare prices even when in a physical store.

    Paradoxically, eCommerce was better in the past—through better websites, a less degenerated attitude towards the customers, and greater ease of payment. I note e.g. that twenty years ago I could easily* pay with a credit card online—today, it is a fifty–fifty proposition. Indeed, back then, eCommerce was the sole reason that I even had a credit card… (Note that credit-card acceptance was very rare in physical German stores back then, and is still unimpressive by e.g. U.S. standards.)

    *To the point that it was too easy. I can recall my first few credit card payments, where I entered my credit-card number and a faulty “valid to”—and still saw my order processed correctly. (I had no idea what “valid to” was, guessed incorrectly that it was a some upper limit on the individual payment set by the customer, and entered a value of the current or following month—and because no-one complained, I did not research the topic further.) The institution of 3D-secure, however, is too much—the immense increase in effort needed and the many technical failures are not in proportion to the gains.

  3. The commercialization of the Internet has made it much harder to get information on certain topics, because search listings that once were dominated by pages intending to inform are now dominated by pages intending to sell. With a bit of luck, one of the first links will be to the corresponding Wikipedia entry, but Wikipedia will not include e.g. forum discussions, will not always cover a topic with enough depth, and will rarely have information on individual products.

    For instance, I just made a “startpage” search for “coffee maker”.* The first link is to Target, the second to Amazon, and the third to a review** site. The rest have a similar proportion of sellers and reviewers. Wikipedia is not present and neither is, for instance, the highly informative home page of a private coffee enthusiast***.

    *For purposes of demonstration. In a real search, I would almost certainly, depending on my intentions, have gone directly to Wikipedia or added some further search terms (e.g. “principle of function” or “forum discussion”).

    **See below for more on review sites.

    ***I cannot guarantee that such a page exist, but it does seem highly likely. There have definitely been other searches where I have found corresponding pages in the past.

  4. Another manifestation of the commercialization is how the web is drowning in comparison sites. In theory, these might be a good thing; however, in reality, most are near useless and the sheer number takes space away from more valuable sites—do we really need 1001 different sites to tell us what coffee maker to buy?

    Common problems include rankings that are bought; a too large focus on the best-selling brands/models/whatnot;* descriptions that read like advertising material (and might sometimes be provided by the manufacturer…); too little information and too much focus on making it easy for the visitor to buy the product;** and product details that are only available through a link to another website (e.g. the manufacturer’s or Amazon’s). In a twist, other comparison sites appear to want to prevent the reader from reaching the manufacturer’s site,*** by not linking there at all (or only in well-hidden places) and by providing lower-value own information (e.g. in that a link on “Braun” does not lead to Braun’s homepage, only to a local page with a profile of Braun).

    *With the side-effects that smaller brands see their chances diminished and that customers miss the opportunity to find superior products out of the mainstream.

    **There is nothing wrong with earning provisions, but the blatant manner some sites go about it is inexcusable. To boot, this gives incentives both to not write negative things even about poor products and to focus on more expensive products. More generally, the wish for provisions leads to a large number of suboptimal links from the visitors point of view, e.g. in that many blogs that mention a book do not link to a Wikipedia entry on the book, the author’s homepage, or similar—instead they link to Amazon…

    ***If the user leaves to the “wrong” website, he might end up buying somewhere where the comparison site does not receive a provision…

    This entirely apart from “natural” problems with comparisons (e.g. different tastes), more general Web problems (e.g. poor web design), truly general problems (e.g. low competence), etc.

  5. A third the excessive amounts of advertising of various kinds, including so intrusive adverts that surfers install ad blockers, search and review results that are bought, and, of course, spam.

Excursion on merchants and poor deliveries:
While poor deliveries hurt the customers the most, the merchants are not impervious to negative effects, e.g. through canceled orders and negative word-of-mouth. The major hitch on their end is that there is little that they can do in most cases, because the delivery service is to blame. If the delivery service screws up, what can the merchant do? In the end, the sole realistic recourse might be to switch delivery service—which will often amount to replacing the one cheating/negligent/incompetent/whatnot partner with another… To boot, while research can help with ruling out the worst-of-the-worst (notably, DHL), it will not necessarily give helpful information, because the problems often vary from area to area and time to time, often down to the level of the individual employee or sub-contractor, and does so both on the sender’s and the recipient’s end. The merchant can now see scenarios where deliveries to Cologne work well and those to Düsseldorf do not, or where deliveries to Cologne worked well last year and are a horror show this year.

That said, the merchant should try to minimize the risks and complications as far as possible, even if it makes deliveries a bit more expensive. This most notably through not splitting a single order into multiple deliveries “for logistic reasons”, unless the customer has explicitly* allowed it.

*As in e.g. “please do split the deliveries so that the projected delay of two weeks for item A does not delay item B, too”—but not as in e.g. implicit-consent-through-fine-print.

Written by michaeleriksson

May 1, 2019 at 9:08 pm

Follow-up II: Deliveries

with one comment

As a probably final follow-up on Hornbach ([1], [2]), I have just canceled the remainder of my order. Even now, and even after contacting Hornbach directly, my shelves have not been delivered and no guaranteed date for delivery has been set.

This is the more annoying as the one part that has been delivered is something that I only ordered on the assumption that there would be one single, joint delivery of all items in one go. With a separate delivery, the order of this item (a smaller shelf) borders on being pointless, and I would probably not have ordered it all. (And, cf. [2], this item turned out to be damaged…) What I actually had my eyes on, the actual purpose of the order, has not been delivered.

As a general observation, there is a strong tendency for German companies to not in any way, shape, or form try to reduce the customers’ problems or to compensate him for them. On the contrary, the general attitude towards contracts seems to be that they are an obligation for the customer to pay—while the product or service that is to be provided is left to good fortune. In particular, it is considered acceptable by businesses that a customer spends more time on trying to resolve something directly or indirectly caused by the business than the product, the fixing of the issue, or the intended recompense is worth.* In as far as a recompense takes place, the business presumes to unilaterally decide what it is to be, the sum is usually an absolute trifling, and the form is almost invariably some type of coupon “to use with your next purchase” (yeah, right). This is demonstrated e.g. by IDS’ refusal to deliver on a Saturday, despite having had the audacity to dictate a date and time for delivery and then not show up… To me, it would have been a given that if I screw something up for a customer, then I go the extra mile for the customer to get things corrected, including that I work on an unusual day or at an unusual time. Similarly, in a last effort, I gave Hornbach a final opportunity to deliver with the if-all-else-fails suggestion to just have one of the regular employees of the local physical store drive-out the same product to me—something entirely reasonable (unless out-of-stock), seeing that it were poor choices by Hornbach that led to the situation, including a spurious split of the delivery and the hiring of severely incompetent or negligent service providers.***

*As a specific example, this shelf cost 69 (?) Euro. Assuming that the damage lowers the value by 20 %, we have 13.80 Euro. Now, consider the effort and delay (especially in light of recent events) of arranging to send the shelf back and getting a new one in return. Unless I am compensated for my actual efforts, it makes more sense to live with the damage. Similarly, I did demand a refund of 20 %, which Hornbach refuses to honor without photographic proof—but photographic proof implies that I have to search for my (not used since I moved) camera, hope that I have compatible batteries (or new ones must be bought), take photographs, transfer them to my computer, and then email them. Again, hardly worth the trouble. (But, in all fairness, the photographic evidence is one case where I do not consider the requirement undue in principle, seeing that someone could claim a damage for an undamaged product. Indeed, I demanded the refund more in the hope of getting a message across than of getting money back.)

**Note that this is not a hypothetical: I have run a small business for several years, and that I e.g. have spent a few hours extra to clean up something has happened. Indeed, I have stayed late, come early, or similar to help with situations not caused by me…

***But I was not the least surprised that this did not happen. Again, this was more of an attempt to get the message across than something I actually expected to happen.

I note that it would be highly beneficial if businesses did take or were forced to take such responsibility: Things will only change for the better if the costs of errors land with the actual source of the errors. This applies in particular to deliveries, where the sender sees its job as done when a package is given to the delivery service, after which it is the problem of the recipient to arrange for actually getting the package—but where the recipient is more-or-less powerless against the delivery service, because there is no contract between them. The delivery service, in turn, does what saves costs, even if it falls well short of a reasonable expectation of performance—-the sender will not complain and the recipient is powerless. Also see a text on force majeure for a more general discussion of this principle.

Another interesting thing is the refusal to deliver on Saturdays*, per se: A delivery service worth its salt should deliver when it can expect to find someone at home. Refusing to deliver on Saturdays is absurd—just like the stubborn insistence on trying to deliver at times of day when most people are at work. The result is, again, that the effort lands with the recipient, who has to make arrangements, go out of his way, take a day off from work, go in person to the post-office, whatnot.

*Note that a Sunday delivery is probably ruled out by antiquated German legislation—just like supermarkets are still, in the year 2019, forced to be closed on Sundays.

As a personal conclusion, I will probably forego eCommerce entirely in the foreseeable future—there is simply too much that goes wrong. If I deviate, I will do my darnedest to keep to my own advice and never pay per “Vorauskasse”—as long as the seller already has the money, I have no bargaining chips. Cf. the problems around deliveries already discussed in [1] and [2]; around payment methods, web-design, etc. in e.g. [3] and [4]; and some other aspects in an up-coming text.

As a correction to my previous texts: It appears that the package that I did receive was the IDS package, which shifts the blame (cf. [2]) from DPD to IDS. On the other hand, DPD is guilty of causing a complete non-delivery of the other package. To boot, it is odd that the larger package was sent by DPD (in my understanding, a “postal package” delivery company), while the smaller was sent by IDS (in my understanding, a “bulky goods” delivery company).*

*A possible explanation could relate to weight: I believe that I at some point saw a weight of 26 kg for DPD, vs. the 31 kg from IDS. If so, it could be that some cut-off was used in the decision. However, the difference is fairly small, the volume difference remains, and the fact that IDS was used anyway would have made it reasonable to just deliver both packages at once by IDS. To boot, I am not certain that 26 is a reasonable number, as this would imply less than 13 kg per shelf (subtract weight of packaging, divide by two), while a similar-but-considerably-smaller shelf purchased earlier (in person) weighed 16 kg.

Written by michaeleriksson

April 18, 2019 at 12:13 am