Josh Russell

update: The developers have now changed this on the site, email addresses are not revealed. However it is still revealing the domain of the email address, which, while not quite as bad, actually isn’t necessary and still leaves a hole. The pattern skitchusername@emaildomain.com, in my opinion, has a good chance of being a valid email (especially on privately owned domains that have catch-all aliases). Why reveal *any* part of the address? Users will either get a reminder email or they won’t!
–

In this day and age, it’s 2000 and f*cking 8 FFS!

So what’s happening here..

As I finally got around to signing up for a Skitch alpha/beta/whatever (Thanks Jimk) I thought I’d just check to see if I already had. I tried my usual login details that I pretty much use everywhere for non-critical accounts. Both the usual usernames/nicknames were taken. Now this isn’t unusual, but as an early adopter this is rare for me.

I then decided to go and try and retrieve a password for one of those accounts (it’s possible it was me). Providing a username or email address should confirm that the account exists or not and then send the password reset instructions to the registered email. If this was my account, I would receive the email.

Skitch’s lost password form

In Theory, that’s a relatively ok way of doing that process. What went wrong was this.. Having entered just the usernames, I was then shown a screen that contained the email address for that account. It was not my email address.

Recap:

• email addresses are shown by providing any username
• usernames are used as personal URLs, thus easily found
• this is possible without being logged in, thus untraceable

Why is this a bad thing? Well apart from the obvious reason, it wouldn’t be very hard for someone to script up something that could systematically discover usernames, and thus email addresses.

Please, Please fix this!

There are surely other examples of this behavior, how long will it go on?

P.s. I really actually like Skitch, it’s a great tool. I’ve been using GrabUp more though, it’s much simpler.

Seriously, WTF?

What you see above you on the left is a feature listing for the “Dolphin” set of tariffs from Orange. On the right is the “detail” of those tariffs. Do you see the problem?

I want:

• unlimited mobile internet
• unlimited anytime, any network texts
• 600 anytime, any network minutes

Is that £30 or £35?

Not to mention that the tagline at the top reads “..weekend..” texts. Gah!? (Oh, and the typo on the left-hand £25 too, “unlimited anytime text”, not “texts”, oh no). And why do they repeat themselves directly under the same copy?

I lack any confidence in these people. And I haven’t even touched on bloody “fair use” clauses.

Now I suspect that the confusion may be because I’m an existing customer, I’m logged in, and it’s showing me the relevant content. That’s no excuse for contradictions. I also suspect that these prices may reflect different contract lengths. However, there is no mention of that. Plus I already have a contract, and do not need to extend it to change my tariff.

Send them (and all the others (and all the banks)) to the School of WTF, and get them to make sense. This reinforces my theory that most businesses make their money by confusing the customer or taking advantage of ignorance or stupidity. This is why we don’t like you. Are you listening?

Flash might be coming to the iPhone, Silverlight is coming to the mobile (and Java’s already here).

Shantanu Narayen:

We have a version [of Flash] that’s working on the emulation. This is still on the computer and you know, we have to continue to move it from a test environment onto the device and continue to make it work. So we are pleased with the internal progress that we’ve made to date.

read the article..

Well, Flash so far in emulation only. Implications?

(note that there is nothing in that quote that implies it will be Flash or Flash Lite)

I don’t know about you, but i’m loving the iPhone, as soon as ActiveSync is on there that’s me done, no more phones.

Will flash *work* on the iPhone conceptually is the real question, flash (as it is) works on the web, but similar ui/ux/interface paradigms have to exist/be created as have to be for other iPhone/mobile apps and sites. Just having flash on the iPhone (presumably in-browser) is not enough. Even though that will enable users to see the flash, does that mean that the flash will be usable on this platform in the same way it is in a desktop browser. I think that the very fact that there are iPhone specific web sites proves that it won’t just *work* in terms of ui/ux in the way that current flash sites do in a desktop browser. This will require developers and designers to do similar interface rethinks and detection as they’re already doing for html sites.

Not to mention touch, multitouch, scaling, frame rates (timeline based actions and animation), performance, player version, webcam/microphone access, uploads/downloads, video codecs available.

So if we can assume that (mobile) bandwidth will increase, handsets will get more powerful, have more storage and screen real-estate, does this mean we can expect better experiences as a result?

Website owners (or designers/developers, whatever..) are very quick to consume a users bandwidth. By that i mean the thinking that if there is more bandwidth then it can be used. Surely if there is more bandwidth then it means current things can be quicker! Downloaded faster! Download sizes of sites and their elements should still be efficient, video streamed should be realistic. Why not enhance the experience through performance rather than what is effectively just more data transfer in the form of more graphics, higher quality video, or even just more code. The best mobile apps and sites are the ones that let you use them quickly for the function that you need right there and then. And are designed with the end medium (essentially the small screen form-factor) in mind. And not forgetting, right now, also at a good data cost. For most users there is still a cost per kb, let’s not use data size as a barrier to use at all.

Brian sums a lot of this up very well for the Mobile Web 2.0 Summit blog.

Luckily the iPhone has inspired people do make websites that take advantage of the form factor, and so far to not just push the limits of every aspect of it, making it unusable. The experiences are mostly good, because they are fast, low-fat, and have familiar interfaces instantly taking cues from the basic native apps.

Let’s go about this in the right way, help the users to take the leap to the mobile web by creating things that are genuinely useful and that work. Let’s not go back to the frustrating early days of pretty much every new step forward of the web, mobile or otherwise. Don’t make me compare this to WAP, please! We were young, ignorant, but excited and creative, and we learned a lot.

[This article has been reposted on the Mobile Web 2.0 Summit blog]