how (not) to market a branded debit card in a retail outlet
Submitted by greggles on
Submitted by greggles on
Submitted by greggles on
Brad Mccarty on The Next Web writes about the Simple Debit Card.
Their "unboxing" is pretty awesome! Definitely brings a new level of design and delight to the financial services industry.
Submitted by greggles on
A friend pointed out the relatively hilarious site devisgh.com where developers can commiserate about the stupid things they have to do. I noticed that the upvote mechanism was vulnerable to a Cross Site Request Forgery (it's the kind of thing I notice when browsing around, like on tumblr).
Submitted by greggles on
This might be the first nerd-blog post in a long time, so my apologies if I startle anyone. As a quick update, I wrote a book on security in Drupal and then founded a company focused on Drupal security services and then sold that company to Acquia where I currently work.
So....Tumblr is a big deal. They apparently have 120million users and are totally awesome.
I was trying Tumblr out for a site and noticed that many of their interactions relied 100% on Javascript for a "delete/cancel" confirmation. I fired up my handy-dandy browser tools and inspected the http headers associated witih deleting a message. Turns out that it's vulnerable to a cross-site-request-forgery. In general Tumblr uses the token-synchronizer csrf prevention (as documented on OWASP). I'm not necessarily saying they copiedOWASP or were inspired, just that it follows the pattern of using a second form token that is sent on all requests for a session. They do not use a different token per form/action: once you get the anti-CSRF-nonce it's the same for multiple different operations. Their token is called the form_key.
Want to see the problem in action? I even made this handy dandy movie of the problem:
Submitted by greggles on
So, a few weeks back my Kindle Fire arrived and I started jotting notes as I opened it and used it. Here's the collection:
Submitted by greggles on
I recently had to reset my entire phone deleting all contents (different story). In the process I wrote down the old apps I had that I liked so I could reinstall them after wiping it. I was surprised how easy it was to do that and how all my contacts/mail/calendar being associated with my Google account made the whole process simple.
So, in case you're interested, here's the list of apps I actually reinstalled:
Submitted by greggles on
I recently gave away an ugly backyard shed for free on CraigsList provided the person came to pick it up. Within minutes of posting the item I got 7 emails. I deleted the post immediately. I responded to the person who seemed best able to take it (she had a tiltable trailer with a winch on it) and set it up for Saturday. She failed to show saturday, so scheduled Monday. She failed to show Monday, but came Tuesday. I wasn't too worried about which day she came but did want it gone.
The 9.5 foot wide shed was at the end of a 20 foot long concrete pad that was 10 feet wide with a tree on one side and my garage on the other side. At the end of the pad was my alley. So she had to thread the shed down the pad between the tree and the garage without hitting anything, turn the corner at the end of the pad so it could be loaded onto her 20 foot long trailer. The winch on her trailer was broken. It took my battery charger, several screws and boards I had handy, and a few hours of my time to get the thing loaded on her trailer. Her truck hit my neighbor's fence and left tracks in the alley. I am not happy about that.
If you are giving something away for "free" as long as they pick it up, I suggest you keep the listed price at zero and keep the title as "Free" but then in the details and in your communication with the person strike a slightly different deal: they pre-pay you $100 for the privilege of taking it for free which you decide whether to keep or give back. If their removal of the item meets your standards then you promise to give back the $100. If they ruin something or break something or - worst - abandon the pickup you keep the $100 to help pay for whatever the problem is.
My theory is that this will reduce the demand to only serious people who will show up on time, with the right tools/equipment to get the item.