When Good QA Goes Bad

Adam Kalsey has a good write-up of some usability mistakes for an ecommerce site. Good stuff.

His write-up reminds me of the time we were testing the very first Borders.com Web site way back in 1998. The Quality Assurance department had a couple of credit card numbers they used to test the ecommerce pages. These cards were authorized so that the fraud check would allow them through, but the fulfillment (and actual shipping) was not supposed to happen.

One day, one of my peers in the QA department asked me to run some tests against the new ecommerce system to see if I could break it or find some holes. One of the first tests I came up with and ran was to find the most expensive item in the database. This happened to be a set of 50+ encyclopedias that retailed for $1395.99 each. Of course, you know I had to try it. Yup, I ordered 9999 of these suckers for a before-tax total of $13,958,104.05 just to see what would happen. Would the fraud department catch it?

Thinking nothing of it I went home, assuming my job for the day was done. The next day I was at work running more tests and my boss called me into his office. He said he'd gotten a call for the Fulfillment center in Tennessee asking if someone at the corporate office had placed an order for 10,000 sets of encyclopedias. I laughed out loud and explained to him that the QA team and I were just running some tests and that the order should never have made it to the Fulfillment center.

I can imagine a semi truck with pallets and pallets of encyclopedias pulling up to the building trying to deliver them. The only thing more funny would be the look on the CEO's face for a $14 million Mastercard bill.

More Statistics on Spam

Since the middle of March I've been saving the spam file that SpamAssassin writes to. Here are the latest statistics I've culled from it:

Amount of spam received per day:

The statistics above show that since the middle of March I've received over 43,000 pieces of email that SpamAssassin has markes as spam. The number of spam received has risen from about 200 per day to about 500 per day in just four months.

We Now Return You To Your Previously Scheduled Life

At about 2:36 PM I walked out of 55 Broad Street where I was finishing up a job interview (it went well) and decided to go back to Brooklyn instead of going uptown to see a freelance client.

I had just missed an R train back to Park Slope, and ended up waiting 20 minutes for the next one. The only thing that was different from an ordinary wait at the subway platform was a voice over the loudspeaker saying "Due to an incident at City Hall the Brooklyn-bound R train is running slower." If you've lived any time at all in NYC since September 11, 2001 you know that this is now more common than not. Waiting longer for our trains is just another inconvenience we've come to expect.

Back in Brooklyn, it wasn't until about 4:00 PM that I looked at Google News and saw the news that there were shootings at City Hall. After a minute of reading I realized it wasn't another terrorist attack and commend Mayor Bloomberg for being quick to the microphones to assure the city (and the country, and the world) that it wasn't a terrorist attack and that the situation was under control.

Homeland Security Irony

I'm not the only person to notice the obvious irony of these two news articles:

• Microsoft chosen as exclusive Homeland Security contractor
• Microsoft admits critical flaw in nearly all Windows software

It's astonishing how few people remember that just a few months ago Howard Schmidt, the former chief security officer at Microsoft left his position as deputy to Richard Clarke, the guy who ran the cybersecurity initiative in the federal government.

With the position of cybersecurity czar left unfilled, it makes me wonder how such contracts can be awarded. Who is making the decisions? The cynic in me thinks Microsoft bought their way into that contract, but since I have very little choice in the matter I'll shrug my shoulders and wait for the news reports announcing the Homeland Security computers have been compromised.

Current Reading List

Here are the books that currently holding down my bedstand:

• Siberia Bound: Chasing the American Dream on Russia's Wild Frontier, Alexander Blakely
• Six Red Months in Russia: An Observer's Account of Russia Before and During the Proletarian Dictatorship, Louise Bryant
• The Siberians, Farley Mowat
• Ice Station, Matt Reilly
• From a Buick 8, Stephen King
• My Samoan Chief, Fay Calkins
• Get Your War On, David Rees and Colson Whitehead
• Steeltown, USSR: Soviet Society in the Gorbachev Era, Stephen Kotkin
• Fleeting Memories: Cognition of Brief Visual Stimuli, Veronika Coltheart
• Visual Intelligence: How We Create What We See, Donald D. Hoffman

Interesting notes about the above books: Blakely, who wrote Siberia Bound, was the business development manager at KnowNow, where a bunch of people I know work or have worked. Bryant's book was written in 1919, but much of what she writes about Russia is still relevant today. Matt Reilly's book is pure "trash fiction". As long as you can sustain your suspension of disbelief to the end of the book, you'll finish it - it reads like a bad Hollywood blockbuster movie plot. The Coltheart book (Fleeting Memories) is beautifully printed and stuffed full of excellent essays about cognitive psychology and is a must-read for any designer who wants to understand the psychology behind why logos and typography work the way they do.

Beyond the Blog: Using MovableType as a CMS

Matt Haughey has written an excellent article about how to extend MovableType so that it serves as a more traditional Content Management System. The funny thing is that I was going to write this exact same article after I finished building out WatchBlog. I may still write mine since I learned some things that Matt does not mention, and it may be a great complimentary piece to Matt's article.

I'm also using MT to build out some of my clients' Web sites, which are definitely not blogs but have regularly-updated content similar to blogs.

Coming Up For Air

Sorry about the lack of new posts. I have an incredible amount of projects to finish in July. Here's a short list:

• Build web site for new company I am forming
• Finalize paperwork to incorporate this company in New York
• Bid on 1U rack servers at eBay
• Work with sysadmin on installing server at Above.net
• Build prototype for new blog idea (not WatchBlog)
• Finish converting freelance client site to PHP/MySQL
• Re-file taxes for 2000, 2001, and 2002
• Finish site design for tax-firm client
• Build HTML prototype for sports-related client
• Write functional spec document for my back-end programmer in Russia

Also, I just moved (again!) and it took weeks to figure out why my wireless network was so hosed (thanks Damien). After determining that it wasn't the Apple Airport, the power supply, or my Airport Extreme card I ended up buying a Linksys 2.4 Ghz wireless router to get past the interference problems I was experiencing. I guess one of my neighbors or someone in the office building next door has a cordless phone.

Portland was fun, but tiring. The OSCON was great, as expected, but I ended up missing the sessions on Friday because Thursday night I busted my nose open at Aaron's apartment (long story involving a printer, a stupid metal magazine rack, and Aaron's girlfriend looking up directions to the ER at midnight). Luckily, no broken nose-bones, just a lot of blood and nice big cut across the bridge of my nose that may or may not leave a scar.

I'm very intrigued by Portland. I like the fact that Oregon has no sales tax, and Washington has no income tax. So you can live in Vancouver, Washington (just over the state line) and your cost of living drops by thousands of dollars a year. I wonder why more people don't know about this nice little tax-free vortex. Or maybe they do and that is one of the reasons why Oregon's unemployment rate is 8.5%, the highest in the nation.

OSCON: Bill of Rights for Web Services, Panel

Tim O'Reilly, O'Reilly & Associates, Inc.
Jeff Barr, Amazon.com
Jeffrey McManus, eBay

Tim O'Reilly: What is Open Source trying to accomplish? Bill of Rights is an agreement between multiple parties.

Jeff from eBay: When there was a bug in our web site last month, it was good to be able to communicate directly with the developers.

Jeff from Amazon: It was a pretty cool thing to watch them migrate Amazon.com from a Web site to a platform. I work with developers to let them know what our Web Services are for. We're a commercial business, and we're there to make money but at the same time we're an open company and want external developers to manipulate our data in ways we've never thought of.

Tim: How do you feel about sites that actually direct traffic from your site, but still actively use your data?

Amazon: As long as at some point during the data presentation it sources Amazon and references back to Amazon with a link, we don't necessarily care.

Audience: What happens if developers are using your APIs and data and then you suddenly take this technology away/

Ebay: The eBay API is not experimental, and will not likely go away. 30% of listings come through the API.

Dave Winer (Audience): Tim, whose rights are you worried about? Users? Developers?

Tim: We need to identify early on where the lock-in points are. If Ebay were to turn into a Microsoft example, then some squeezing is going to happen.

Ebay: Paypal is a good example. I have to go to our competitors and evangelize our technology to them.

Amazon: You cannot re-sell our data. We don't allow that. You can't run a bot against our entire site and take all of our data and then republish it or re-syndicate it.

Tim: One thing that is grabbed regularly is book covers. Amazon does not own those. How do you feel about people taking those images?

Amazon: We have to work with the publishers and assure them that providing their book cover images to us is a good thing.

Tim: What if a blogger wrote an Amazon review? Wouldn't it be cool if that data could be sent to Amazon's servers in a syndicated format? It needs Creative Commons license because Amazon says they own all the reviews on their site.

Ebay: We're getting rid of using email addresses as a unique ID through the API, because it causes security issues.

Amazon: We are not in the business of selling shrinkwrapped software. We focus on fulfillment and behind the firewall. The logistics of shipping 1.5 million Harry Potter books in one day is phenomenal, but we figured it out.

Tim: Ebay has actually shipped client-side tools, but Amazon has not.

Amazon: The Amazon store builder site is an example of a developer using our APIs to leverage the data and hooks we provide. The Associate Shop.

Audience: How do we prevent getting screwed by the platform vendor? The CDDB thing is an example. How do we stop Ebay and Amazon from doing the same thing?

Dave Winer: Amazon is not a great company, they are a patent abuser.

Amazon: I'm not the patent spokesman for the company so I cannot answer your claims.

Tim: While Amazon has continued to file patents they have not used them offensively since the incident a few years ago.

Audience: Are you guys a marketplace or a content provider? If you decide that the content is valuable then you could end up screwing the developers who are building services around it.

Ebay: I think it's possible to be both.

Tim: There are a lot of things about open source that just work, and that's why it's going to succeed. We did a pretty good job of shaming Amazon during the one-click patent situation.

Audience: Why isn't the code that runs Amazon and Ebay open, if the data is what is the value?

Audience: I have no interest in the back-end code, but rather am interested in the quality of the data. I can't compete against you. I'd rather leverage your data.

Amazon: As long as it's in our best interest to provide the data via an API we will ocntinue to do so.

Audience: We just don't want to get screwed.

Conversation With a Coffinfish

One of my former coworkers Leonard has a clever story called "Conversation with a Coffinfish". It's quite funny.

News You Can Bruise: Hello.
Coffinfish: Hello.
NYCB: Is it true that you can walk on the ocean floor using your fins?
CF: You'd better believe it.
NYCB: Where do you usually walk?
CF: Just around.
NYCB: But like where? Like to the store?
CF: There are no stores in the depths of the ocean!

This reminds me of a story I wrote about 12 years ago called "Conversation Between Two Mountain Goats on the Side of a Mountain." I had forgotten all about it until the other day when I was looking through an old box of stuff and found some of my papers from the fiction workshops I took in college. I'll transcribe it when I get back to NYC.

Internet Alive and Well in Russia

This Pravda article is a bit ridiculous. It claims that because 88% of all Russians have never used the Internet that therefore Russians are not interested in it.

First of all, it completely ignores the fact that Internet access in Russia is nowhere near as available as it is in a more developed nation. And for those cities that do have reliable dial-up Internet access, the cost ranges from about $.50 to $1.20 an hour -- mostly bought in 30 or 60 hour phone cards that have unique numbers that you must authenticate with the provider before use.

Considering that the average Russian makes about $100/month in income, using the Internet just 10 hours a week would equate to them spending a full 40% of their income just for Internet access. For an American earning an average $2500/month, this would equal spending $1000/month -- or $25/hour.

No matter how you do the math, it is clear that the cost of Internet access, even dial-up access, is much more prohibitive in Russia than in the United States - not to mention the additional cost of owning a computer, something most Russian families would have to save for years to be able to afford.

Lastly, I am in regular communication with some of my Russian friends -- all of who use it at least on a daily basis. If asked I am sure that most of them would laugh at this survey's results but would acknowledge that much of the older generation do not understand the draw and fascination of the Internet, which in hindsight isn't all that different from the trends we see in the United States.

OSCON: Microsoft Office 2003 and XML

Microsoft Office 2003 and XML, Simon St. Laurent

2:34 PM: Jean Paoli and his Microsoft team generated real excitement at the XML 2002 conference with his announcement that XML would be at the heart of future Office development, and the demonstrations - which ran badly overtime - convinced a lot of us that this was real.

2:35 PM: Reaching the Desktop: XML has done really well for a lot of people in a lot of circumstances, but it's primarily been a server-side technology, hampered by relatively weak desktop implementations and programs that didn't speak XML at all.

2:37 PM: Building the foundation: Microsoft has talked for years about how crucial XML was to their plans.

2:38 PM: Freedom at last? As both Microsoft and the OpenOffice team were discussing...

2:39 PM: Backpedaling on the core: It's still unclear whether saving files in Standard will strip XML features from files created in Professional.

2:40 PM: Xdocs to InfoPath to Enterprise-Only: Xdocs, which seemed to be Microsoft's answer to form wars, has faded from a great demo to an Enterprise-only technology.

2:41 PM: Word now has WordML. Excel has SpreadsheetML. Powerpoint has no XML functionality (yay!). Access ahs some XML support but it's rough. InfoPath is a new form-building and processing toolkit that uses XML, XSLT, etc. FrontPage adds a lot of tools for generating HTML-generating XSLT.

2:44 PM: Users may never encounter WordML directly. A basic understanding of WordML is necessary to create Word XML solutions of any flavor.

2:46 PM: XSLT serves as a buffer between Word's own data structures and those of the rest of the world.

2:47 PM: A new markup interface provides access to writing schemas.

2:48 PM: Documentation of WordML is terrible but experimentation has proven that consistent results are possible, which is good news.

2:49 PM: Microsoft has been using a processing instruction to distinguish
Word .xml files from Excel .xml files.

2:50 PM: Looking at a WordML example: Produces some very interesting xpaths, convoluted. But the good news is that at least it's consistent.

2:51 PM: How does WordML store graphics? Basically it encodes all of its binary information into Base64. Yikes! (Audience whistles and laughs).

2:52 PM: Word and XSLT: WordML should be of interest to anybody who has to deal with Word in a programmatic way.

2:58 PM: SpreadsheetML: Problem is that it does not include charts or Visual Basic for Applications.

2:59 PM: Excel lets you separate the spreadsheet data from the spreadsheet logic. This is an excellent practice and other competitors should follow.

3:00 PM: Can easily import standard XML-structured data.

3:02 PM: Access XML Features: Relational databases and XML share one key feature - they both let you name your own data fields.

3:03 PM: Creative use of XSLT is probably your best bet, and it is relatively easy to automate into Access applications.

3:04 PM: InfoPath is basically a GUI front-end that lets you create forms- basically a reinvention of XForms.

3:06 PM: The guts of InfoPath are Javascript, XML and CSS. Designed as a workflow application.

3:07 PM: This is very much a version 1.0, therefore you can't rely on it much and should expect it to change. It's going to take a few revisions to sort out the details.

3:09 PM: It's not clear who all of these things are for because Microsoft has not clarified its marketing. Developers? Writers? Editors? Or is Microsoft just trying to make us upgrade our licenses?

3:10 PM: OpenOffice! OO files are zipped-up XML with supporting binary files (for images, etc.) when needed. Uses a standards-based process, going through OASIS.

3:12 PM: Everyone should be using XML, even Microsoft the great "locker of data". It is the end of the "desktop island" moving us towards an interoperability.

OSCON: Web Services in PHP

Web Services in PHP, Adam Trachtenberg (Slides will be at this URL later today)

Have you used Web Services? What is a Web Service?

Adam: Normally, I would say what company I'm working for, but since I'm unemployed, I can't. (Audience laughs nervously).

1:45 PM: A Web Service is a network accessible interface to application functionality built using XML and usually HTTP. Tim O'Reilly this morning mentioned companies like Amazon and Google that are using Web Services.

1:50 :Where's my FedEx package? Sort of a manual procedure. Going to FedEx.com - It's a manual process. Amazon can automate this and includes this data on a per-user basis, and this makes it nice. Stock data is another example.

1:52 PM: Why do we care? These interfaces work regardless of the client's and server's platform and language. It is platform-neutral.

1:54 PM: Three forms of Web Services: SOAP, XML-RPC and REST.

1:55 PM: This talk covers: SOAP client, SOAP server, XML-RPC, REST client and querying Amazon.com.

1:56 PM: the dirty little secret about Web Services is that there's a lot of type, but very few companies that actually have APIs that you can use. There's basically Amazon and Google, and Amazon...and Google. And Amazon...

1:57 PM: SOAP: Uses XMl, but you never need to touch it. You just call functions and manipulate arrays. A few PHP implementations: PEAR::SOAP, PHP-SOAP, NuSOAP.

1:58 PM: Dirty little secret: Nobody uses SOAP.

1:59 PM: A lot of people like NuSOAP. PEAR::SOAP is easy to install.

2:00 PM: First you build your request. 1. Load the SOAP client. 2. Generate the client proxy. WSDL is a machine-readable description (XML) of a web service, used here to define server's methods and parameters.

2:02 PM: Technical discussion. Refer to slides.

2:06 PM: What we get after processing: SOAP-based data, yuck. What we see: a nice simple PHP object; much better.

2:08 PM: Now, how do I parse it? Just do a simple foreach loop.

2:09 PM: Boom: nice HTML output. Nice WSDL object is about 7 lines of code.

2:10 PM: $server->addObjectMap($soapclass , 'urn:SOAP-Server_rot13');

2:16 PM: That was a basic two-slide SOAP example (refer to slides for code).

2:17 PM: Moving on to XML-RPC.

2:18 PM: Similar to SOAP but less complex, which is its biggest advantage and also its biggest disadvantage. Written by Dave Winer.

2:19 PM: SOAP has better buzzword-compliance than XML-RPC.

2:20 PM: REST: Representational State Transfer (Roy Fielding)

2:21 PM: Data is returned as XML, and you do need to touch it, which is good because it is not complicated.

2:22 PM: Many ways to parse XML: SAX/DOM/XSLT

2:23 PM: See slides for REST example of Construct Query String

2:24 PM: Use cURL to make get request. Or use any query utility.

2:25 PM: XML Results: like SOAP, but cleaner. Create SAX parser, Instantiate Object, Configure Parser....(see slides)

Playing Zendo

For lunch I tagged along with a group of people who had plans to play a neat little game called Zendo that involves little plastic colored triangles, sets of logic-based rules involving patterns and shapes, plastic chips and blue and white marble stones. The game is too difficult to explain in a short paragraph but it's highly addictive since it involves inductive reasoning and logical thinking, two characteristics that have long been a part of games geeks love. Playing this game with anyone but a group of highly-intelligent geeks would likely be dreadfully boring. There are a bunch of web sites that have sprouted up to serve the Zendo game community. Check it out, it's a fun game.

O'Reilly Open Source Conference: Tuesday

For a conference full of geeks you'd think they would have the WiFi problems figured out in a matter of minutes, but apparently this is not the case. The wireless network at the conference has been up and down all day, apparently caused by either a rogue network called "oreilly" that is causing a conflict or a hosed DHCP server. No one is sure exactly and I've been unable to track down someone who knows the whole story. All I know is if they don't have the problems sorted out by tomorrow when most of the people show up there may be a spontaneous riot as email withdrawal sets in. It's even more disturbing that I can't even get the DHCP server to assign me an IP number from the hub in the Press Room. Most likely the blame will eventually be pointed to the IT people the hotel hired to set up the network, who likely have little experience dealing with hordes of laptop-wielding geeks demanding WiFi access points.

The Spammiest Spam

Inspired by Evhead's note I looked at all the spam I've received since May 13, 2003 (a whopping 124.4 MB worth) and this is the spammiest spam of them all (out 18,298 pieces of spam), weighing in with 59.5 points scored against it using SpamAssassin's rating mechanism. Be sure to check out the X-Spam headers.

The crazy thing is the spammer wrote the spam in Microsoft Front Page and then encoded it using Base64 encoding. No one claimed spammers were very intelligent.

Those 18,298 pieces of spam total 2,615,718 lines of text. Whew, almost enough to make a piece of Microsoft software.

The RSS/Echo Fiasco

A few days ago I wrote up a long post about the RSS/Echo syndication format fiasco, but I didn't post it. It's not that I don't care about what's going on, it's just that I do not want to take sides or become a part of the debate.

I am building some web sites right now that take advantage of syndication in a very big way, and I realize that if those sites are going to be successful that I need to support all the various syndication formats that are being used by all of the mainstream blogging tools. As long as the format is open it's not that much harder to support it than it is to support a single format. Some people worry that RSS and Web site syndication is going to be taken over by industry giants like Microsoft. It's a valid concern because if Microsoft does come out with their own proprietary version of RSS, they may close the format so that only Microsoft-centric tools can read and write it.

So if Echo (or whatever it comes to be called) turns into a successful syndication format and the vendor tools for blogging and web publishing build in support for it, then I will in turn support it with the sites I'm currently building. In the meantime, there are perfectly valid syndication formats like RSS 0.9 and RSS 2.0 that work perfectly well and can be safely used to build prototype tools and collaborative web sites.

Call For Editors

I'm still looking for more editors for the Third Party and Republicans WactchBlog. The Democratic editors are outposting the other two columns on a 3-to-1 basis and it's becoming too lopsided. If you want to write for either Party's blog, fill out this application and I'll review it. Feel free to pass this request on to your politically-minded friends.