Cranial Soup

Google Accounts Are Restricted to People Age 18+

2011-09-01T10:56:00.001-04:00

It seems a lot of parents are very upset about their children under age 13 having their Google accounts deleted. They seem to think that since Google didn't explicitly ask for an age at the time the account was created, that their young children could have one. It wasn't until Google Plus was launched that they learned differently.

Children are having their Google accounts deleted, Picasa photos, emails to Grandma, school work in Google Docs, and all, for violating the age restriction, when they enter their age when joining the Google Plus social networking service.

The Google Terms of Service clearly states in Section 2.3

2.3 You may not use the Services and may not accept the Terms if (a) you are not of legal age to form a binding contract with Google, or (b) you are a person barred from receiving the Services under the laws of the United States or other countries including the country in which you are resident or from which you use the Services.

While most websites have a clause in their contract barring use by those under 13 years of age (there is a law restricting that), Google has chosen to word their Terms of Service in such a way that it bars any US resident under the age of 18, because minors under 18 can not legally form a binding contract with anyone.

Let this be a warning not only for those under age 13, but for those age 13-17, as well. Google may delete your account and everything in it, if they find out that you lied about your age by agreeing to their Terms of Service. If you are under 18 and have a Google account, yes, you did lie to get it.

Always read the Terms of Service. If you don't, it could come back to bite you later.

Creepy Service Wants Everyone That Can See Your License Plate to Be Able to Send You Unsolicited Text Messages

2011-02-21T09:31:00.001-05:00

Bump.com hopes that this video entices you to sign up for their service, tying your cell phone number to your vehicle's license plate. Please don't be stupid enough to fall for it.

First of all, if you see a baby left alone in a car, you should call the police...not send a text message to the parent guilty of child neglect that is putting that baby's life in danger.

And sending a text to the jerk in front of you to give him a piece of your mind for his bad driving is a really BAD idea. It just encourages road rage, which can have deadly consequences.

Reporting a break-in in progress to the owner of a vehicle instead of snapping a photo of the criminal & calling the police, can result in the possible injury or death of the owner of that vehicle if they should come running out and confront the criminal. You do not know if they are armed and dangerous.

And marketing? That's not marketing...that's spamming. It won't take long before you decide to change your phone number and/or plates, if this crap becomes popular. You'll have to, to get any kind of peace. It won't take very long for someone to start collecting license plate numbers and selling them to the highest bidder. The potential for abuse here is seriously high...worse than email because a license plate number is a whole lot easier to get than an email address.

If you want everyone in the world to be able to send you any kind of message they please, whenever they want, including some of the most vulgar filth imaginable, then just put your cell phone number on a bumper sticker and/or wear it on a T-shirt...or perhaps write it on the wall of a public bathroom. (no, I don't think you'd really want to do that, but using BUMP is just about the same thing.)

Finally, as Gail Gardner from Growmap pointed out, this service conditions people to spy on their neighbors and complete strangers, eroding both our privacy and freedom.

CaSe Matters

2010-07-28T18:14:00.002-04:00

Budding young web designers and developers usually learn this pretty quick, when creating a page on Windows and not using the same case as the files and folders they are linking to. They often will use lowercase in all the URLs, regardless of the case of the actual file and folder names. And this will work fine when viewed on their Windows machine. But as soon as they upload it to a server that is running something else, like Linux, it stops working. Their page is full of broken images and dead links, because they used something like mypicture.jpg in place of the actual file name of MyPicture.jpg and about.html in place of the actual file name of About.html.

Or they upload an Index.html and wonder why when they visit their site they still see the default index.html page provided by their web host and why when they check on the server there are now two index files and not one.

For the domain name part of the URL it doesn't matter. That part is not case sensitive.

example.com is the same as Example.com is the same as EXAMPLE.com

For the rest of the URL it could matter, depending on what operating system is being run on the server that is hosting the site.

If the server is running Windows, case doesn't matter. The reason for this is because you can only have a single file or folder of a particular name in a folder, regardless of the case used in that file or folder name.

index.html is the same as Index.html is the same as INDEX.html

All three will lead to the same page.

In Windows, adding a file or folder of the same name with a different case to a folder, overwrites the original. Only one can exist.

If the server is running Linux, case matters, as you can have multiple files and folders of the same name within a folder, each having a different case.

index.html is not the same as Index.html and not the same as INDEX.html

In Linux adding a file or folder of the same name with a different case to a folder, does not overwrite the original. Linux will allow all three to exist in a folder, and each are considered different. If you change the case of a file or folder in the URL path and the server is running Linux, and that variation does not actually exist on the server, it will result in a 404.

And if you upload a file of the same name but a different case, it will not overwrite the original. You will have both on the server, and lowercase is the default index file. This is the reason why the place holder index.html supplied by your web host is still seen, even though you have uploaded your Index.html file, and why you see two index files when you view it in your FTP client.

It is always best to assume the server runs Linux when creating links to pages on the web and when typing URLs into the addressbar of your browser. It is the only way to ensure that if case matters, that you are using the correct URL.

It is also best to use all lowercase in the folder and file names of your website when creating the files and folders, regardless of what operating system you are using locally. Always assume the site will be run on a server that is case sensitive. That way there is a set standard of practice you follow that leaves less room for error.

Step 1, before you begin coding, should always be to fix all your file and folder names so you won't have to worry about it later.

Bit.ly is Harmful to Your Reputation

2010-04-18T00:48:00.001-04:00

It all started with a simple innocent tweet. As Vivek Wadhwa was finishing up his excellent post on outsourcing he tweeted about it and I replied with a tweet of my own:

Note the URL I tweeted to him was shortened using the xrl.in service.

Now, Vivek is a TweetDeck user, and TweetDeck uses bit.ly to shorten links, even links that don't need shortening, like mine. So what do you think happened when he retweeted me and responded?

That's right, my already shortened link was reshortened with bit.ly.

Now what do you think you see when you click that link? The site I was trying to link to?

No, you see a warning page that implies that my original link leads to a malware, phishing, spam, or forgery site.

So my link to a reputable site is being called a bad site by bit.ly because I used a competing URL shortening service in my original tweet.

Note that there is an email link to report mistakes on bit.ly's warning page. What do you think happens when you click it and report a mistake? Do they check the link and remove the flag if the site is ok?

No, they don't. They told me to make a new bit.ly link and give it out to people, as if that would undo the damage that was done, change the links in other people's tweets, and prevent others from retweeting the bad reputation damaging bit.ly link that I never made in the first place.

Then they apologized and told me some day their service will be better, still not removing the reputation damaging flag from the link.

Can something like this affect you and your website? You bet it can.

If you or anyone else ever tweets a link to your site using a competing URL shortening service, and that link gets retweeted with any twitter client that shortens all URLs with bit.ly (whether they need it or not) the resulting link to your site will be flagged as a bad site.

What happens when the average person clicks that link and sees that warning page? Well, the average person believes it and won't visit your site. And if your name is on the original tweet, it will also be on the retweet, giving you the reputation of passing out links to bad sites.

Will a smart web savvy user believe the bit.ly warning page? Maybe, maybe not. But the average person probably will. As a developer I have seen the average person believe a lot of things that were not true, placing their complete trust in things like that bit.ly page and other false positives, and believing the worst, even spreading the word about it as if it were the truth, telling others that a website or application was harmful. They think that companies don't do things like this without ironclad proof, so they believe every word of it.

What alarms me the most is the attitude of bit.ly with regards to this problem and how they refuse to remove the flag from innocent links. They don't care if your reputation is damaged.

And it is in the best interest of bit.ly not to fix the problem, since it makes more people use their service, worried that if they use another service and get retweeted, they could end up with a reputation damaging link to their site. So this whole problem serves to make more people use bit.ly, out of fear, rather than convenience or because they have a better service.

I am not a bit.ly user because it is not convenient for me. I have a browser plugin that uses xrl.in, that with a single click of a button, copies the shortened link to whatever page I am on to my clipboard, ready to paste anywhere I want.

Other links in the stuff I tweet use ff.im, because they are cross-posts from friendfeed. I was pretty sure if I post something on friendfeed, cross-posted to twitter and it gets retweeted, reshortened with bit.ly, it will result in one of those warning pages, too.

But I was wrong, it doesn't. In fact, there are a few other shorteners that don't get warning pages either, probably because they are so popular that they would get noticed pretty quick if bit.ly decided to pick on them.

Bit.ly does white list the following shorteners:

ff.im
youtu.be
goo.gl

There is no reason why bit.ly can't white list the rest of the popular shorteners if they can white list those. But those others are competing services and they don't feel like being nice guys about it. They would rather ruin the reputations of innocent people like you and me.

So what can you do to ensure you won't become a victim of bit.ly's "bad site" interstitial page?

There are only 2 things you can do:

1. Always use bit.ly to shorten your links and make sure everyone else in the world does too. (highly impractical, because you can't control what other people do.)

2. Let bit.ly know this is unacceptable. Tell them to play fair and white list the other shorteners. The choice of url shortener you use should be yours and not theirs, and you should not be punished with a reputation damaging warning page because you use a competing service. (easy to do)

Send them an email: support@bit.ly
Tweet them: @bitly
Spread the word by tweeting this post
Share this post on social networking sites
Blog about it
Tell your friends

Don't stop making noise about this till bit.ly stops damaging the reputations of innocent people.

UPDATE May 8, 2010: Bit.ly has changed their interstitial page, slightly. Instead of the top banner saying "WARNING - visiting this website may harm your computer" it now says "Stop - there might be a problem with the requested link"

But it goes on to say

Some URL-shorteners re-use their links, so bit.ly can't guarantee the validity of this link.

Some URL-shorteners allow their links to be edited, so bit.ly can't tell where this link will lead you.

Spam and malware is very often propagated by exploiting these loopholes, neither of which bit.ly allows for.

The link you requested may contain inappropriate content, or even spam or malicious code that could be downloaded to your computer without your consent, or may be a forgery or imitation of another website, designed to trick users into sharing personal or financial information.

I still consider this unacceptable. If bit.ly can detect a shortened link at the time someone clicks, they can detect it at the time someone submits it for shortening, and just not allow it. That page is completely unnecessary and can still be damaging to someone's reputation.

Come on, bit.ly, just do the right thing! How hard is it to just not reshorten?

It started with a piece of string...

2009-12-09T10:35:00.001-05:00

Then evolved into a short elastic strap with a set of snaps at both ends. This was my solution to a problem.

What problem was that?

When my daughter was just a baby, back in the mid 80's, she kept throwing her pacifier out of the stroller and then would holler like hell, and I couldn't give it back to her to shut her up because it was now dirty. So I tied a string on it and attached it to the stroller. It didn't stop her from throwing it, but it did keep it from hitting the ground and getting dirty or lost.

But the string didn't work well for bottles, and untying knots was a real hassle, and something that couldn't stretch restricted her from being able to drink her bottle while lying down in the stroller. A string only worked well while she was sitting up.

Elastic and snaps...it was perfect. Other mothers saw what I had done and wanted one for their kids' bottles, too. I made a bunch and kept them in my purse, individually sealed in little zip-lock bags. They cost me less than $1.00 to make, and I sold them for $2.00 each.

Then a good friend of mine suggested I get a patent for it and find a company to mass produce them and make mad amounts of money on royalties.

He put me in touch with a company that supposedly specialized in helping inventors get their products patented and bringing them to market.

Word of advice: Don't deal with these companies. They will do nothing to help you. It will cost you a lot of money and you will get nowhere.

After paying $400 for a rather poorly written "market study report", they managed to talk me into paying another $5000 and entering into a 5 year contract with them, promising to contact manufacturers and pitching my idea to them, and if a company was interested, they would get them to pay the cost of patenting it in my name, and I would get a royalty on every single copy of my invention that they manufactured, regardless of whether they actually sold any.

They convinced me that it was far cheaper to let them handle it, since they had offices all over the world and could set up meetings with company executives. They said my cost in air travel alone would exceed the $5000 if I tried to do it myself, nevermind hotels, paying for expensive lunches, drinks, etc. They also said they were experienced and knew what to say, so I would have a better chance of getting a deal. And they had their own contract lawyers, specializing in royalty agreements, to protect my interests.

I fell for it, hook, line, and sinker. I took out a personal loan to cover the cost, from a financing company that turned out to be owned by them. It took me 2 years of high monthly payments to pay it off.

And what did they actually do for me? Did they contact all the big name baby product companies like Gerber or Fisher Price? No, they contacted publishers, like the one that produces Parents magazine.

They mailed out form letters to the editors of magazines targeted at the consumer that would be most interested in my product. They never contacted a single manufacturer. Those "inventors help" companies do this all the time, for any and every product idea that comes through their doors, no matter how good or bad the product idea is. The magazine editors are used to it and know it's all crap and toss every letter in the trash without ever opening them.

And they tied my hands for 5 years, preventing me from doing all the work myself, otherwise I'd still have to give them a large cut of my royalties if I succeeded in finding a company willing to manufacture it, on my own.

So I decided to wait till the contract expired. There was no way I was going to let these swindlers have another dime.

Before my 5 year wait was up, a conversation with someone made me realize that my great little invention had no hope and would cause the death of many innocent babies that had idiots for parents. The more popular my invention was, the greater the potential for it to kill, because stupid people that don't watch their kids properly and don't follow instructions, would end up using it in cribs and playpens and leaving their children unattended for hours, or using it in car seats while they were driving and unable to pay attention, resulting in strangulation deaths.

It was perfectly safe for use by parents that actually watched their kids and only used it in a stroller where they could watch what was going on.

If my invention had made it to market, I would have no control over it and no way to stop stupid people from buying it and killing their children with neglect. My product would be blamed and not the neglectful parents, and if it became a popular product the CPSC recall could have been huge, costing whatever company that produced it enormous amounts of money in recall costs and defending lawsuits, and ultimately, cost me a fortune, too.

And I would have these deaths hanging on my conscience for the rest of my life. I would never get a peaceful night's sleep ever again.

So that is why you can't buy my invention and why I never became filthy rich.

Photo credit: außerirdische sind gesund

OpenCandy: A New Kind of Adware/Spyware

2009-05-13T00:34:00.014-04:00

They claim to be doing something noble, but the only thing sweet about OpenCandy is the sales pitch to naive developers that might just fall for it, tricking them into thinking it is somehow different than the typical common adware/spyware.

A lot of developers do seem to be biting the bait, but no matter how you slice it, it's still adware/spyware, and to me it stinks worse than the old fashioned kind.

In OpenCandy's own words, this is what they do:

Recommendations are made to users during the installation process. Utilizing the install process creates a user-friendly experience and offers optimal engagement for making a software recommendation. The user is presented with a screen that describes the recommendation, at which time they may choose to install the recommended software.

That makes it adware!

We then provide analytics back to the creators, so they can see how their software and recommendations are performing. This way they can better understand how to build and recommend great applications.

That makes it spyware!

We've also provided our technology as a platform to a handful of software creators who are utilizing an offer screen during the install process as an advertising unit. Some creators are already monetizing their distribution by offering apps like browser toolbars, so we're helping them improve their user experience and optimize the effectiveness of their offers.

That makes it your typical spyware/adware we have always known.

Actually, this is much worse, because instead of big companies like Sun & Opera making some software and offering it for free and advertising Yahoo's toolbar in the installer, we have a lazy predator company backed by venture capitalists that doesn't want to bother with or take the risk in developing a ton of software of their own to push toolbars to make their millions. They want to use the software of naive developers to accomplish it.

An ad is an ad, and to me there is no difference.

There is no difference between showing an ad for some other product by some other developer in the installer of my software, no matter how much I might even like that software myself, and popping up an ad for CocaCola or Viagra on a user's screen during the install process.

Do you remember what you parents told you about not taking candy from strangers and why? Well, these guys are not really strangers, they are known preditors. The founders of OpenCandy are the same guys responsible for the inclusion of the spyware/adware in DivX.

Now, before you call me a hypocrite for bashing adware installers while having ads on my blog, let me explain the difference:

Any visitor to my blog can turn off Javascript and not be exposed to ads. Or they can use a noscript plugin, or an ad blocker. They have that choice before they land on my site.

I even offer an ad-free RSS feed.

If I want to recommend software to my users, I put it on a separate page of my site and not in my software or installers.

When the ads are in an installer, the user can't install the software without seeing the ads. They have no real choice. That's the difference. And I seriously doubt that developers are going to offer two different installers and give users the option to see or not see ads or be exposed to spyware.

So now that I have told you what I think, what is your opinion on OpenCandy, as either a software user or developer (or both)?

UPDATE Saturday, February 19, 2011:
The following applications have been found to install OpenCandy:

aMSN
Any Video Converter (last freeware, OpenCandy free version 1.21 available here)
ApexDC++
ATI Tray Tools
aTube Catcher
CDBurnerXP Pro
CrystalDiskInfo
DarkWave Studio
Dexclock
DoubleTwist
Driver Sweeper
Duplicate Cleaner
DVDVideoSoft products
eRightSoft products,including Super
ExtractNow
FL Studio
Free YouTube Downloader
Frostwire
IE7Pro
Image Tuner
IZArc
kantaris
Media Info
MediaCoder
MediaInfo
mIRC
Miro
Office 2010 Trial Extender
Orbit Downloader
PrimoPDF
PSP Video
RedKawa
SIW
Soldat
Startup Manager
StepMania
Super Simple Photo Resizer
TechTracker
Trillian Astra
True Burner
Unlocker
Veoh Web Player
Videora
Vistaglazz
WebShot
Winamp
WinSCP
Xfire

This is not an exhaustive all inclusive list. This is just what I have found with a quick Google search. If you know of any other applications that should be added to this list, leave a comment and let me know.

Fix: Can’t access HTML of my template after adding a frame busting script

2009-04-05T19:42:00.001-04:00

You do not want to use a frame busting script in the template of a Blogger based blog.

It will disable your ability to use the upper toolbar in the layouts mode, and you will not be able to access the HTML of your template without a bit of "URL hacking" to get to it.

If you have added it and can't access the HTML of your template, just change the layout URL, replacing the word "display" with "html".

Example:

change this: http://www.blogger.com/display?blogID=12345678
to this: http://www.blogger.com/html?blogID=12345678

Now you can find and remove the frame busting script and everything will work normal again.

PRODUCT RECALL: Dirt Devil Vacuum Accessory Tools

2008-07-23T18:54:00.005-04:00

If you own a Dirt Devel vacuum with "Power Brush" attachment tools, please stop using them until you check below to see if yours is on the recall list.

TTI Floor Care North America, of Glenwillow, Ohio has recalled about 987,000 Dirt Devil power tools, after receiving 140 reports of incidents involving the recalled vacuum tool, including 12 reports of injuries. Those consumers reported minor eye or skin injuries and one thumb injury.

Plastic pieces inside the vacuum tool can break apart and be ejected, posing a laceration hazard to consumers.

The recalled Dirt Devil Turbo Tool/Power Brush attachment was sold as an accessory with the following Dirt Devil vacuum models.

Only the accessories with date codes J7060 through J7365 and have a C-clip connector are affected by this recall. The date code is located on the underside of the accessory tool.

The Turbo Tool/Power Brush tools are about 6.5 inches long by about 5 inches wide and come in assorted colors that match the color of the vacuum. The housing of the tool was made in clear, red, green, or light blue with clear, light blue, dark blue, red, purple, or black turbine fans with matching brush rolls.

Dirt Devil Vacuum Models affected:

Reaction: M110000, M110000HD, M110001B, M110002, M110003, M110006, M110008, M110008CA, M110009
Purpose for Pets: M140000, M140000CA
Ultra Swivel Glide: M086020
Envision Wide Glide: M086700WCA, M086710
Swerve: M086030, M086030CA
Action Upright: M110020CAB
Royal Commercial: RY6100

Model and Date Code Location:

They were sold at mass merchandisers, home improvement stores, and other retail stores nationwide in the US, from April 2007 through April 2008, for between $60 and $170 for the vacuum cleaner, which included the accessory tools.

If you own one of these, you should stop using the recalled Dirt Devil accessory tool immediately and contact the company to receive a free repair kit.

For additional information, contact TTI Floor Care at (800) 245-2296 between 8 a.m. and 7 p.m. ET, Monday through Friday, or visit the company's website at www.dirtdevilturbotool.com

Parenthood

2007-12-20T13:51:00.003-05:00

If you have ever wondered what it is like to be a parent, just listen to this...

Now imagine years of that, over & over & over & over...

KB936357 = funky

2007-07-24T00:56:00.001-04:00

This is a Windows Update patch you have to watch out for and be careful.

It is microcode for the BIOS of certain affected systems.

Only systems with the following CPU's need this:

Mobile: Intel Core 2 Duo mobile processor.
Desktop: Intel Core 2 Duo desktop processor, Intel Core 2 Quad desktop processor, and Intel Core 2 Extreme processor.
Server: Intel Xeon processors 3000, 3200, 5100, and 5300 series.

The problem with this patch is that it is installing itself on systems not affected and causing problems.

If you have your Windows Update settings set to automatically download and install patches, you might want to change this to downloading, but asking before installing.

When a new update downloads and you are asked, do not select the typical or express install. Choose the advanced option and check for this patch in the list.

If you don't have one of the affected CPU's, unselect this patch and do not install it.

You will have to do this every time, so keep the patch number handy so you'll remember the name of it.

I know of at least 1 person that ended up with this patch that didn't need it.

For one guy with an older P4 CPU, it messed up his router causing him to have a problem with it disconnecting every few hours.

Another guy...I haven't heard from him since he rebooted after an update tonight(he has an AMD64 CPU). I suspect he ended up with this patch and it may have caused problems, but I can't be sure at this time.

So please be careful with this one. Don't install it if you don't need it.

But if you do have one of the CPU's affected, please install it...you do need it, even if you are not currently having problems. There is a flaw in the listed processors that creates an exploitable vulnerability and your BIOS needs this patch to correctly deal with it and protect you.

The alternative to installing this patch on affected systems is to install a BIOS update from your motherboard manufacturer. Not all manufacturers have released a BIOS update to address the issue, and some require your system to have a floppy drive to install it. It is just easier to use the update from Microsoft for affected systems.

Full patch info from Microsoft

Details on the vulnerability with select Intel processors

Time Bug

2007-03-05T04:04:00.001-05:00

Anybody that knows me knows I am obsessed with clocks and timers. So naturally I am going to tell you when there is a major bug that could upset how accurate your clocks are.

In 2005 a new law was passed that changed the start of Daylight Savings Time from the first Sunday in April to the second Sunday in March, in the US. This is 3 weeks earlier than it used to be. Canada will be following the US and will also be changing the date as well.

Software created before this law was passed has the potential for screwing up. And computers aren't the only devices that can be affected by this...your old VCR or wrist watch has the potential of having problems too. Any device that contains a clock that adjusts for Daylight Savings Time can be affected.

Some older operating systems that are affected (Windows 95, 98, ME, 2K) are not longer supported and there is no patch available to correct it (if you know of a good 3rd party one, leave the link in a comment). For these operating systems, you will have to turn off the automatic time adjustment and fix it manually when the change is supposed to occur.

For those running XP, there will be a patch available that will be sent out as an automatic update on Tuesday. You will need to have Service Pack 2 in order to receive this update.

Vista users are immune, as that operating system was created after 2005 and doesn't have this bug.

You can still be affected by this bug even if your operating system is patched, corrected, immune....other people may not have fixed theirs. Be very careful about trusting times for meetings and appointments from March 11 to April 1...confirm them and make sure everyone's clocks are synchronized, otherwise there could be problems with people showing up at the wrong time.

Also, avoid any type of transactions where the date is important within an hour of midnight, unless you know the system that will be recording the transaction is corrected. This means that your transactions could be recorded with the wrong date if you are not careful. Don't put off paying your car insurance till the last moment or you could find yourself with a lapsed policy.

Also be aware that any software that you use to update the time on your PC automatically, will need to be patched. Please check with the company that released that software for a patch or newer version. Most of these programs check with an official time server that gives the time in GMT and the software just subtracts time based on the date. If the date used in the software is wrong, your clock will be wrong.

PRODUCT RECALL: Did you buy your desk chair at Walmart?

2006-07-21T07:48:00.000-04:00

Office Chairs Sold at Wal-Mart Recalled for Fall Hazard

Hazard: The legs and backs of these chairs can break, and the chairs can easily tip over, posing a fall hazard to consumers.

Incidents/Injuries: Wal-Mart has received nine reports of chairs breaking and two reports of tipping. There have been seven reported injuries, including a broken wrist.

http://www.cpsc.gov/cpscpub/prerel/prhtml06/06208.html