MindlessCode.net

Wow, I haven’t posted here forever. I’ve been buried under the bureaucracy of the DMV and school system. Here in Oregon, you can’t get your “Learners Permit” (a kind of semi-drivers license that lets you drive, but only if you have an adult in the car) unless you are enrolled in a school, have a high-school diploma, or a GED certificate. Being home schooled, it’s a little hard for me to prove that I’m enrolled in school, so we decided that I might as well just take my GED and get it over with. However, you can’t take your GED until your 16! So, this April, we started slogging through all the bureaucracy. First, we went to LBCC and got my GED authorization form. This we filled out, then sent in, they screwed with it, sent it back to us, we filled it out some more, and then sent it back to them. They then sent me my “Authorization to test for the GED”. Then, we went to the DMV to get my Photo ID, so I could prove that I was actually Taj Morton when I went to fill out more GED forms and take my test. However, we didn’t have my “real” birth certificate, only the one from the hospital (which apparently isn’t legally valid). So, after getting my real birth certificate from vital records, I got my ID. Then, we headed out to LBCC, where I filled out and signed a million forms. The result? I’ll be able to test in July.

Anyway, here’s something that I found pretty cool: GUIs on ToastyTech. All those old OSes that you weren’t alive to see. I found it very cool…finally I know what Microsoft Bob looked like–ugg!

Yay, we’re going to all 3 fiddle camps. They’re all in July, 2 of them are back-to-back. Fun!

I just updated the Wild Garden Seed website to contain the 2006 catalog. Net increase of products: 5. Probably something like 10 new intros, and 5 dropped products, but I forget. Whatever.

I got an email from TrustCommerce, our credit card gateway provider–e.g., the guys who sit between us and our merchent account and take money. Heh, basically, when someone enters their credit card number into our website, TrustCommerce verifies that the info is correct and lets the order proceed (that’s what we pay them for, anyway, but this morning they were telling a customer that we didn’t take cards that started with the first 4 digits they had on their card. It was a MasterCard, which we do take. I ran the card through manually, and it worked fine).

Anyway, I got an email from them yesterday:

Valued Client -
In accordance with the Payment Card Industry Data Security Standards of Visa, MasterCard, American Express and Discover, Please be advised of the following:

Effective February 14, TrustCommerce will initiate a new password security feature that will require Vault passwords to be changed every 90-days. This card association mandate applies to all Members, merchants, and service providers that store, process or transmit cardholder data.

We apologize for any inconvenience that this may cause, however we are required to enforce this policy on behalf of the card association.

First, they didn’t exactly make me happy by calling it “a new password security feature”.

Basically, instead of using the 1 strong (very!) password which protects the interface now, I need to change it to a new password every three months. Or they lock our account and we can’t accept cards. Ugg, another thing for my TODO list.

Now, what is the rational behind forcing people to change their password every 90 days (or 30 days, as it is in some places). From how I see it, it can’t possibly make your account any more secure–in fact, it probably makes your account less secure (people writing down their passwords, making them simple words, etc).

I guess the idea is that if evildude cracks your password, he only can mess around with your account for 90 days or whatever before he’s locked out. Not that that makes any sense. If someone gets access to your account; a) They’re likely to do all the damage they can right away, and b) they can change your password to lock you out. Great!

Oh well, I guess I’ll have to live in a world where I don’t get to set the password rules. *sigh*

Woah, it’s 11:30PM, maybe I should GOTO bed (laugh, it’s a joke, I don’t actually use GOTO).

…marches on.

I think Planet Autopackage is far too full of intellegent posts from Mike and they should be pushed down the page, replaced with unintellegable jibberish from me. NOT! Well, I guess I’ll add more jibberish anyway, sorry.

Yesterday was pretty good, although I had a dental cleaning thingy and sat around in their office for about 2 hours listening to LugRadio and reading Abyss, the book based off of this movie. Boring, but at least I know my teeth aren’t going to fall out.

After that we went to downtown Corvallis where the Van Buren Bridge was closed because it was flooded (!!!). I’m kicking myself because we didn’t have our camera with us, but it was pretty amazing. The river was at about 6.5 meters (21 feet), and the road had tons of water running over it. One lane was completely covered in water that must of been about 30 cm deep (or, 1 ft), and another was covered in a little water. Also, the golf course was completely flooded, and the OSU college students were rowing in the pond/river that the course had become. The GT has one little dinky picture.

We walked around for a while, crossed both the East and West bridges, and read the signs. Apparently the Van Buren bridge is one of the last bridges built in Oregon that can be disconnected from the mainland and rotated on the pier to allow boats to move up and down the river.

Enought about yesterday, onto today. Great things that happened today:

• Notified by our bank today that our debit card number has been stolen, and someone rang up $1000 at a knitting shop in Chicago.
• Became aware of the fact that the invoicing program that we’ve been using (that I wrote about a year and a half ago), has been randomly not inserting invoices into the SQLite database. This means 2 things; a) We are missing invoices (although we do have printed copies), and b) we have multiple invoices with the same invoice number (some of which went to the same company).

Apparently someone got the number from some place where we placed an order online. So, yeah, it sucks, but all we really have to do is cancel the card and get a new one. Two things amaze me, though:

• The stupidity of the credit card industry
• The fact that they know almost immediately when your card is stolen based of where it’s used

By stupidity, I mean “Why haven’t they introduced two-phase authentication, or whatever it’s called?”. I mean, where you actually need to confirm that you want to bill that amount to your card when you use it on the phone, on the web, or by mail. For example, when you place an order, you would get a “Confirmation Number”, and you would then call a 1-800 number, enter your confirmation number, the amount that could be billed, and a number similar to your PIN. Heck, you could make a web interface too. I don’t think that phising would be a problem, since you would only be entering your “PIN”, but never your card number.

There’s obviouly something wrong with the above, otherwise somebody would have already done it. Although I don’t know what it is.

Instead they introduced CVV, which doesn’t seem to do much except confuse people. It’s susposed to prove that you’re holding onto the card when you call or use it online, but if you physically get ahold of the card (e.g., while working at a restaurant), then the CVV is no good. Same thing if you steal it off of a website (e.g., you work at the company) or take it down when you phone in an order. I won’t even talk about sending your card number by mail–that’s just scary.

But, it is pretty amazing that they can tell when your card has been stolen almost right away–I do have to give them some credit for that.

Now, I had better get back to seriously working on the new QuickI–the old one is currently working like a type-writer.

I asked SupremeCenter (our web host) tech-support today why they could not provide scp/sftp services, even though they provide SSH. Here is the reply:

Hello Taj,

our administrators have informed me that we cannot provide scp/sftp at the moment because the architecture of our system doesn’t allow it.

In case you would like to inquire about something else in the future, please let us know.

Umm…huh? /me smells lazy sysadmins
I am formulating a reply now.

In other worlds, I have been working on rewriting QuickI (our custom invoicing app) in C++ and Qt. Qt is an awesome library, and C++ is an OK language, I guess. I mean, what kind of language doesn’t come with a decimal data type? No, not a floating point data type, a decimal for storing money and weights… I looked around on Google a bunch, but couldn’t find ANY that were open source or public domain. IBM sells one for $3,000. So, I’m having to write one…it’s a good exercise, but I wish I could spend my time actually writing code instead of screwing around with decimal number…

Autopackage CVS (which will turn into 1.2) is chugging along nicely–but as always we could use more testers! Please swing by IRC of the forums for instructions on testing. Thanks!

This letter I wrote them says it all:

Hello,
I have been using the USPS Shipping Assistant software for just over a year now to print labels with delivery confirmation for our small home business. The software has always worked well, and delivery confirmation on all packages is a huge bonus for us and our customers.

A few days ago I received an email saying you were going to discontinue the USPS Shipping Assistant software in favor of your web based “Click-N-Ship” software. I assume this means that I will no longer be able to print labels from the Shipping Assistant.

In light of that information, I decided to try the web based Click-N-Ship program. My simple review: “Miserable Failure”.

First off, the web interface is unusably slow. Either the files are huge, the server is on a very slow link, or the server is overloaded. The second problem was the amount of time it takes to produce on label. I clocked it (inclusive of network time):
Time Required to produce one Label:
Shipping Assistant: 45 seconds (Copy in address, enter weight, select ship date, submit label, load up PDF file and print.)

Click-N-Ship: 2 minutes (Load website, sign in, hit create label, enter in return address, enter in shipping address, enter in weight, enter in ship date, post office zip, answer is this package 85 inches or more, click next. Wait 7 seconds for page to load. Select service type. Click next. Wait 5 seconds for page to load. Repeat for next label. Click Continue to print labels. PDF is generated and loads up in my PDF viewer. Click print.

It is impossible to tell Click-N-Ship not to create a receipt in the PDF. This is a problem because we are using the labels from Label Universe, and wasting a label for a useless receipt is too expensive for us. So, now we are printing the labels onto plain paper, cutting the paper in half, throwing away receipt, and taping the label onto the package.

I cannot view history right after I create a label. This means that I don’t know the tracking number of the package unless I copy it out of the PDF while it’s still open. If I don’t remember to do that, I need to manually type in the number from the label. Ugg.

And other such gripes. Click-N-Ship has obviously not been well tested under Firefox, it feels much too clumsy. I am on a 786kbps DSL connection, and Click-N-Ship feels slow to me–I pity the poor people on a 56k dial-up connection.

What do I want you to do? Don’t discontinue Shipping Assistant. It works well for me any 100,000’s of others, and we don’t need any sort of broken web interface. Why did you decide to discontinue the Shipping Assistant, anyway?

Looking forward to your reply,
Taj Morton, Wild Garden Seed

Grrr… Sounds like a good project to learn Qt/C++ in. Maybe I should write something open source and see what happens.

DRM ‘manages access’ in the same way that jail ‘manages freedom.’

Slashdot Signature

Great point. (* tmorton, who is frustrated by ATRAC3 on Sony’s MiniDisc.)

A beta of Autopackage 1.2 is slated to be released sometime this weekend and we are going to need lots of testers! Swing by and let us know you want to help test. Thanks!

…and other marketing photos:

UPS Tracking Page. Portland is 2 hours north of Albany, *not* 1 minute.

And Amazon being smart, as usual.

Fall has finally come here. The trees are bare, it’s COLD, it’s raining all the time, and it’s freezing every night! Ahh…fall–that means that winter comes next!

You’ve probably already heard about it, but this has more info on it, and also about how it does “phone home”. There’s also a comment from “xcp support”, the company who wrote the program.

As if the bozos who give away money in Washingtion DC (I’m sorry, make laws) making “Daylight Savings Time” longer wasn’t enough, the British are going to try something even worse:

However, the Royal Society for the Prevention of Accidents has suggested the introduction of Single/Double Summertime in a bid to reduce road accidents.

Under this system, clocks would no longer return to Greenwich Mean Time in October but would remain one hour ahead until March, when another hour would be added.

Oh, that sounds awful. I don’t believe one word of it.

I don’t know very much about politics in the UK, but if it’s anything like it is in the US, then it will probably go though. Ugg.

According to the BBC, businesses who don’t pony up money cannot use the words Olympic, 2012, summer, and others together in one phrase. Slashdot example: “Pubs could not advertise that they have they’re TV tuned to the Olympics on chalkboards.”

Why? Because “It’s worth a lot of money, hehehehe!” –Douglas Adams. But seriously, this is insane. Anybody remember when the BBC was forced to block its internet streaming to the US of coverage of the 2004 Olympics because NBC “owned” the right to broadcast Olympic coverage to the US? Same thing here.