Last month, Ars Technica decided to run an “experiment” in which they denied site access to browsers that employed an “ad blocker”, followed by an impassioned plea to turn off your ad blocker. The impetus for doing this was that an estimated 40% of site visitors were using ad blockers, and since Ars uses ad views (as opposed to click throughs) for their ad metrics, users with ad blockers were denying Ars ad revenue, thus ’stealing’ site content.

Even by Ars’ own admission, the reaction to this act was “mixed”. Many people whitelisted Ars, some even subscribed. However, there were some commenters in Ars’ original announcement (which, unfortunately, are no longer online), who weren’t too happy about it.

The reason may have been the way in which content was denied: Ars simply served a blank page. There was no indication as to why, or what could be done to remedy the problem. It wasn’t until Ars published their plea that it became known what was happening.

Perhaps if only Ars swapped the order of events, things would have turned out better.  Had the post explaining how ad blocking was affecting the company come before the “experiment”, then active visitors could have prepared to avoid the blank pages, or at least known why the blank pages were being served. According to comments in Ars’ post-experiment post, all some needed to whitelist the site was to just be asked to do so.

I do enjoy Ars’ content, and read their RSS feed daily. I reluctantly decided to run my own experiment and whitelist arstechnica.com, and continue to do so to this day. I find that their advertisements aren’t distracting (for the most part, there is the occasional animated Flash ad), but I feel as if I was guilt tripped into doing it.

In the month since whitelisting, I haven’t regretted doing so. The ads served by Ars do not detract from the content for the most part, and are usually related to what I’m reading (they’re usually tech focused). I  As long as the substance AND STYLE of the ad matches the article. I don’t mind seeing animated or video advertising if I’m on a site that provides video content, but if I’m reading a article with static text, then the ad should be static as well, not Flash or an animated GIF.

How many animated advertisements do you see in a newspaper or magazine? Unless you’ve been dipping into Timothy Leary’s personal stash, the answer is “none.” Put simply, Ars Technica is an online version of a magazine. The advertising present on arstechnica.com should basically follow how advertising works in print magazines and newspapers. Print ads don’t flash or jiggle, make sound or appear in the middle of the page like magic; neither should ads serving static content.

Print ads also don’t have the ability to see what magazine or newspaper I read next, providing you ignore the possibility of following the trail of filler cards that fall out of a print magazine. There are some online ad purveyors that do like to follow where you go, much like a cyber stalker.

After whitelisting Ars, I noticed I wasn’t seeing ads on every visit. On some visits there would be a banner ad, usually in-house references to other Condé Nast sites, in the header; on other visits the banner area would be blank. I confirmed my whitelist settings, then realized I was still blocking JavaScript. Ads served from the nefarious doubleclick.net were being blocked because I specifically do not allow JavaScript from that domain to be executed because of their aggressive use of tracking cookies.

I don’t mind a web site tracking my visits. I very much mind when a third party, such as an ad server, tracks which sites I visit, and for how long. This is what Double Click did prior to their acquisition by Google. In the days prior to ad blocking extensions, I avoided doubleclick.net by using the host file trick to redirect doubleclick.net references to localhost, so nothing would appear, JavaScript and cookies wouldn’t be downloaded, and my actions wouldn’t be tracked. I’m still not convinced they’re behaving like a good net citizen, and I refuse to whitelist them.

Unfortunately, Ars uses Double Click. And being that Double Click just doesn’t serve ads, but JavaScript as well, the NoScript extension in Firefox blocks the JavaScript download, which prevents the ad from loading. (The fact that the ad won’t even display if JavaScript is disabled is troubling to me, and it should be troubling to Ars as well) Even more unfortunate, NoScript will not allow you to whitelist scripts for only a single site. In order to view the Double Click ad on Ars, I would need to allow doubleclick.net JavaScript on all sites I visit. I’m not willing to do that.

Shortly after the Ars “experiment”, I started having troubles accessing some stories on my local newspaper’s site. Most of the time, visiting sacbee.com (The Sacramento Bee) would result in seeing a story. However, every now and again, I would get a very confusing message about needing to be logged in to see a story:

Note that further down the page it says that I am, in fact, logged in. Regardless of what I did, including logging out and back in, and a forced refresh (control-F5), I would get this message, and then only on certain stories. Then, one day, completely by accident, I used a browser without any JavaScript or ad blocking (it was Internet Explorer, which I use only by accident), and stories that had previously been showing the above error were showing fine.  I tried with Firefox again, and the very same story I’d just been viewing was still being blocked.

It turns out that sacbee.com also uses Double Click, and it appears that either Double Click or their clients (in this case, sacbee.com) are “pulling an Ars” and refusing content to browsers with ad blocking.  I was able to confirm this by turning off the ad blocking and JavaScript blocking software in Firefox, and the previously blocked article suddenly started appearing.

I’m willing to work with sites and whitelist them if their ads are relevant and not distracting, but don’t expect me to start practicing unsafe browsing practices just so I can see your ads. There are some newspaper sites (ahem) that trigger XSS (Cross-site scripting) alerts when JavaScript blocking is turned off. That is a security risk, and I’m not willing to allow that risk just to see ads. If the Sacramento Bee, or any other site serving potential malware, doesn’t want me viewing their pages unless I allow my malware defenses to be lowered, then I won’t view their pages.

Aside from showing advertising in dissimilar media, I don’t like advertisements that slow down page loads. The next time you find yourself waiting for  a page to complete downloading, look at your browser’s status bar, and see if it’s waiting on an advertiser. I find that most page “hangs” are due to advertisements. Having content blocked by waiting on a overloaded ad server is infuriating, even more so if you’re being told it’s bad to block ads.

I certainly want the sites I use and enjoy to continue producing content and services, and if that means viewing advertisements, I’m all for it as long as my guidelines are met. Ars appears to be meeting those guidelines (for the most part), so I’m willing to help them out. A great example of how I believe advertising should be done can be found at Instapaper. Instapaper is an offline web reader that offers excellent Kindle integration, and I find it an invaluable resource. Instapaper displays a single, small, relevant ad, served by The Deck, an advertising company I find to be reputable (check out their web site to understand what I mean by ‘reputable’). Any site thinking of using advertising should look to Instapaper (or any of The Deck advertising clients) as an example.

The Windows 7 Whopper (Wikimedia commons)

As with many great discoveries, I some interesting Windows 7 window behaviors by accident. I was trying to move the cursor by word (control + right arrow), when I accidentally hit the Windows key instead of the control key, and the active window went flush with the right side of the screen, and expanded to fill the right half of the screen.  This is much like the behavior when dragging a window to the right side of the screen, except that it works even when you have two monitors.  Here’s a recap of the key combos I found:

Windows key + right arrow key: Right side of window becomes flush with right side screen, expands to the top and bottom of screen, left side of window is in the horizontal center of the screen.

Windows key + left arrow key: Left side of window becomes flush with left side of screen, expands to the top and bottom of screen, right side of window is the horizontal center of the screen.

Windows key + up arrow key: Window fully maximizes to the screen.

Windows key + down arrow key: Window minimizes.

If you want to transfer via wireless, you can use Dropbox, the online file syncing service, to do just that. If you have a Dropbox account, you can use the Kindle’s built-in (experimental, and only in the U.S.) browser to get to dropbox.com, log in and start downloading files.

A word of warning though: The Kindle only supports certain types of files. I’ve used this method to transfer .mobi and .prc files, and it should work for .pdf  and text files. But don’t expect your PowerPoint slides to magically appear.

The most time consuming part of the process is the initial set up of the browser. The Kindle wasn’t built to be an Internet tablet (oh, if only somebody would make one, that would be so cool), and the browser is a bit clunky. It’s about as fast as 40 degree molasses. But it does work, supports JavaScript and cookies, and will do the job. Eventually.

Open the browser on the Kindle by selecting ‘Experimental’ from the menu, and then select the ‘Basic Web’ link. Select ‘Enter URL’ from the menu and go to dropbox.com. What you get is difficult to read:

Those two small boxes near the top of the screen are the email and password fields. They do not render correctly on the Kindle, and you will not be able to see everything you’re typing, so be careful as you enter your registered email address and password. Be sure to check the ‘Remember me’ check box so you only need to do this once.  Once that’s done, go to the Login button and click it.  After a successful login, you’ll see your Dropbox home page that’s…blank. Fret not. Since the Kindle’s screen isn’t wide enough to show the full page, you’ll need to click the Kindle’s ‘Next Page’ button to get to a page that’s…mostly blank. Still don’t fret.

I believe this happens because the Dropbox home page uses Ajax to display your files, and the Kindle just can’t handle it. But you can still get to your files by clicking on the ‘Recent Events’ box (in reality, it’s a tab). This is more or less a static HTML page that shows the most recent changes made to your Dropbox.

When you click on one of the links, it will start downloading in the background, provided it’s one of the supported types of files. When it’s completed, you’ll be able to see the downloaded file on the Kindle’s home page.

Why would you want to do this?

This method is slower than transferring files via USB, but if you don’t have the USB cable handy when you need to transfer something, it works in a pinch.

Personally, I use Instapaper to save longish web pages, and use their Kindle export feature to read them when I have time. I save the .mobi files generated by Instapaper in my Dropbox folder on either my desktop PC or laptop (and since Dropbox synchronizes both, it doesn’t matter which), and then download the .mobi files as I have time to read them.

A better e-mail app, at least better notifications. As a former Blackberry user, I miss the ability to assign different notification ‘ringtones’ to each email address, and then a separate tone for high priority emails. I cannot believe that your only choice for an email tone is the default, or none. Yes, I realize this can be done with a jailbroken phone, but I actually use my phone for semi-important things, and don’t want to run the risk of bricking it.

And that’s it. I love my iPhone, and the two items above are the only blemishes I could find.  Here’s hoping there really is an iPhone 4.0 lurking out there that solves these issues…

If a paper book is printed with errors, it stays that way. Publishers do not recall books to fix their errors, as it wouldn’t be economically feasible, just as it’s currently not economically feasible to do a full QA on e-books.  But the economies flip for correcting errors in e-books. Being software, e-books can be updated, unlike paper books, and, as a result, they can be corrected and updated in an economically feasible way. In fact, since we know Amazon can do things to books without our knowledge, it would be easy to update the errors in e-books on-the-fly.

Because some books are scanned (older books, mainly), there are scan errors that do not go corrected (A personal experience is with Robert B. Parker’s Promised Land, where the word ‘me’ is substituted for ‘the’ liberally throughout the book). And because publishers are getting much less revenue from e-books than printed books, they’re not interested in applying the QA necessary to correct the errors. When print starts bringing in less revenue that e-books, watch for the error rate trend to reverse.

Update Jan. 8, 2010: Well, this is embarassing. Yes, books DO get recalled (source: New York Times).

1. 

   Honou / flickr

   It’s unwieldy. No offense to the paper version (because there’s no way you could fit Franklin’s life into 100 pages), but it’s much easier to kick back on the couch or read in bed with the Kindle.

2. It’s harder to make notes. Given how quoteworthy Franklin is, this could very well be the reason that pushes me over the edge and buy the Kindle edition.  I’m only 50 pages in, and there have been three quotes I’m planning on using in email signatures.
3. The hardcover book won’t speak to me in a robotic voice.
4. The hardcover book doesn’t need to be charged. In the Kindle’s defense, though, it will probably keep a single charge through the period it takes to read the book.
5. Regardless of how hard they try, Amazon will have absolutely no (legal) way to revoke the ownership of the hardcover book.

Undoubtedly, there will be more to add to the list…stay tuned.

Frapestaartje / flickr

One of my new year’s rituals is to change my passwords.  All of them.  Personal PC’s, work PC’s, servers, and all the websites I visit that require a password. The hardest part of this for me is to actually choose a new password.  It has to be secure, but also easy enough to remember.  Additionally, each of them has to be at least a little different, in the event that if one of them becomes compromised, I’m not totally screwed.

Passphrases

There’s a trick I learned a few years ago that made creating passphrases (a password made of multiple words) much easier.  Did you know that the space character is a valid password character on most systems? That allows you to create an easy to remember short phrase or sentence to log in, instead of trying to remember a sequence of random characters.

The one drawback to this is that typing the space key sounds a little different than all the other keys. This might provide an intruder that has physical access to you a little more information about cracking your password, but I believe that if you make the words in the passphrase long enough, and type it quickly enough, that “hearing” the space key(s) shouldn’t matter.

How to create a passphrase

You want it to be easy enough to remember, but not easy enough to guess. For example, if you’re a well-known fan of Tiger Woods, you don’t want your passphrase to be “in the hole!“, as that would be very easy to guess.  The goal here is to be random.  And, if you’re like me (and, for your sake, I hope you’re not), you might have a problem thinking about random things.  That’s where a random word generator comes it.  My favorite is the Random Phrase Generator (that same site also has random words, sentences and paragraphs).  You can create a random phrase up to four words long, with the ability to select the type (noun, verb, adjective, etc.) and the obscurity (from Very Common to Obscure), and it will spit out a phrase for you:

The Creativity Tools from watchout4snakes.com

The phrase itself may not satisfy all systems’ password complexity requirements.  Many systems may require the presence of at least one character from a certain character set, such as capital letters, numbers and punctuation. Try to mix it up a bit.  Instead of using a space, use a punctuation character or number. Or, although it’s frowned upon, you could use 1337 speak; replace l’s or i’s with the number 1, O’s or o’s with the number zero, etc. The reason it’s frowned upon is that it’s a well known substitution cipher, and may not provide much more security than without the substitution.

Using hashes

I read about this concept a few weeks ago on Lifehacker; it pointed to an article on cybernetnews called “How to Remember Secure Passwords Without Writing Them Down“.  The gist of the article is to create an apparent random string of characters using the MD5 hash tool. If you’re technically savvy, you may already have MD5 (as well as SHA) hashing tools already on your computer. If not, there’s a web site for that: the Online MD5 Hash Generator. Enter a word or phrase of your choosing, then press the “Calculate MD5″ button, and you’ll see a long string of characters generated.  All you need to do is remember the first eight or so characters in the hash, and use it as your password.

If you do have the tools, you can use the same technique, but use your favorite mp3 or favorite photo to hash and use the beginning sequence of digits as your password.  At first, I thought this was a crazy way to come up with passwords, but after trying it in a test, I found that you do start naturally remembering the password after entering it several times.  If you forget the password, just redo your hash.

Making them unique

I mentioned earlier that I make all my passwords slightly different to avoid having all my accounts breached if one password is cracked. When creating passwords for seriously sensitive sites (like your bank account, for instance), it should probably be entirely different than your Twitter password, so your financial information remains safe if (or should it be when) Twitter’s password information is breached. Your work passwords should also be completely different than your personal passwords for similar reasons. However, for those not-so-sensitive services, such as the aforementioned Twitter or Facebook, try simply modifying the password in such a way as to personalize it for that site. Perhaps add the first few characters of the site’s domain name to the beginning or end of your password, or somewhere in between.

So, get to it! Happy password changing!

Well, that’s not so new. That’s been going on in Finland (home to Nokia) for quite some time now.

But, unlike those earlier attempts, this Next New Greatest Thing actually has an add-on to the iPhone to make payments. It’s really a shame (Bluetooth) that there wasn’t something (wi-fi) that came with the phone (3G) that could communicate with a vending machine (SMS) without an add-on.

The teller didn’t spot it, and went ahead and put both the deposit slip and the checks into that horseshoe-shaped MICR reader…except that it wasn’t just a MICR reader, but a handwriting recognition scanner that realized I’d added wrong, and rejected the slip! The teller corrected it, and both went through just fine.

If you’ve ever seen my handwriting, you’d realize just what an accomplishment that was…