Why you don’t want a curated app store

Some web sites are bad. Just clicking on a link in an email can send you somewhere that looks like PayPal, asks for your login details and will then instantly automate the emptying of your account. Some web sites prompt you to download software which will encrypt all the files on your computer and then try to charge you for a decryption key. Some web sites are bad, m’kay?

Well, the great news is that Google have solved this problem. Rumour has it that the next version of Chrome will limit your web access to a predefined list of “known good” web sites. Sites can easily apply to be added to that list and, as long as Google approves them, they’ll be available in your browser the next day. Isn’t that great? I don’t think any other browser is going to be able to compete with Chrome once they get this out.

Of course, Google aren’t doing this. Because it is a terrible idea. The reality is that the existing security systems build into browsers actually do a pretty good job of preventing access to malicious web sites. Don’t believe me? Visit http://winsetupcostotome.easthamvacations.info/answered-polynomial-eccentricity-unserviceable/029287718218614814 . It contains malware that will install on your computer. Go on!

The site was first reported as malicious just today, but opening it in Chrome I see this:

capture

Browsers, operating systems and the interconnecting web technologies have a bunch of mechanisms built into them to keep you safe online. And they work. How many times have you actually been caught by a phishing email, or installed apps that empty your bank account? How many people do you know who have?

Apple’s marketing around the app store is centered around the fact that it protects you from malware. Which is true to a degree – there’s almost no malware on the Apple app store. F-Secure estimates that 0.1% of apps on Google’s Play Store (which has no approval process) are malicious. But a whacking 10% of web sites are malicious. So why don’t you want a curated web site list?

I don’t want a curated web site list either. I also don’t want a curated app store – even one regulated by some sort of independent nonprofit would become a horrendous mess of inconsistencies, but one regulated by a corporation is even worse. Let’s take a look at a few of the actual Apple app store requirements. You can download the whole lot of them here and read them yourself if you like. What, you say? There’s 25 pages of them?! Oh, yes…

Let’s start with the easy ones.

3.15 Apps with previews that display personal information of a real person without permission will be rejected

Fair enough. That seems sensible and reasonably measurable.

4.1 Apps that do not notify and obtain user consent before collecting, transmitting, or using location data will be rejected

Seems fine to me.

14.1 Any App that is defamatory, offensive, mean-spirited, or likely to place the targeted individual or group in harm’s way will be rejected

Okay, I guess we don’t want people to be put in harm’s way. But offensive to one person isn’t necessarily offensive to another. What about Charlie Hebdo?

14.2 Professional political satirists and humorists are exempt from the ban on offensive or mean-spirited commentary

Oh okay. Am I a professional satirist?

2.18 Apps that encourage excessive consumption of alcohol or illegal substances, or encourage minors to consume alcohol or smoke cigarettes, will be rejected

I… hmm… what is excessive? And alcohol is legal – what’s wrong with me consuming plenty of it?

And here is the crux. A gatekeeping system that involves humans making judgement calls is almost impossible to keep fair and consistent. App developers know that the best way to get your app through these requirements is just to change something minor, resubmit it and hope you get someone different in whatever offshore team is reviewing these. I had one app that was just for submitting data to another system and required the user to log in. It was rejected due to 17.2 Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected. I resubmitted it with the same login screen and an “about” page but with a bug whereby it displayed an alert saying “[object object]” every time you ran it. It was immediately approved. My fix to remove the bug unfortunately took two weeks to make it through.

As well as making requirements that are hard to consistently measure, you’re making censorship calls on what your users may look at. Do I want to view anti-Jewish websites? No. Do I want to be prevented from viewing them? No, I do not.

18.2 Apps that contain user generated content that is frequently pornographic (e.g. “Chat Roulette” Apps) will be rejected

What the heck is “frequently”? I don’t know about you but I once shared a hotel with the crew of an aircraft carrier on shore leave and they were all sitting in the lobby on quite eye-opening Skype calls to their girlfriends. Also Skype is owned by Microsoft, a competitor of Apple’s. So probably a great idea getting rid of that. FaceTime doesn’t have to get store approval. Oh yeah, that reminds me:

3.1 Apps or metadata that mentions the name of any other mobile platform will be rejected

This was the requirement that recently started Apple blocking apps which mentioned Pebble support (the Apple Watch’s most viable competitor). Don’t worry, though, after some negative press coverage they eventually decided to stop paying attention to that requirement and instead hold the Pebble iOS app in review for a curiously long time.

And this, to my mind, is where the curated store really starts to leave a bad taste in the mouth. While some of these requirements are mechanically measurable and undeniably beneficial, the great majority of them range between ill-defined judgement calls and downright anti-competitive practice.

2.16 Multitasking Apps may only use background services for their intended purposes: VoIP, audio playback, location, task completion, local notifications, etc.

This is why your favourite mail app can’t actually download email in the background. It’s not that the platform can’t do it. It’s that only apps that Apple themselves made are allowed to do that.

2.17 Apps that browse the web must use the iOS WebKit framework and WebKit Javascript

You know what this means? This means the only web browser you can use on iOS is the Safari one. You installed Chrome for iOS? Well that’s not actually the Chrome browser. That’s just some Chrome icons and the default browser. You thought it was faster? You were wrong, my furry friend.

Apple takes a 30% cut of all revenue from apps. In 2014, that was $3Bn. While the app store purports to protect Apple’s customers from themselves, what it mainly does is prevent anyone making money in apps without giving Apple 30% of it.

11.2 Apps utilizing a system other than the In-App Purchase API (IAP) to purchase content, functionality, or services in an App will be rejected

11.13 Apps that link to external mechanisms for purchases or subscriptions to be used in the App, such as a “buy” button that goes to a web site to purchase a digital book, will be rejected

Ever wondered why the iOS Amazon app doesn’t have the ability to purchase things? It’s because Amazon don’t want to give Apple 30% of the money. Apple also blocked any updates to Microsoft’s SkyDrive app because they wanted their cut from users who paid for storage.

It’s almost hard believe but, in the 1980s, Microsoft was the darling of the tech world. They disrupted a near-monopoly on software and hardware and made a brand new technology available to a huge mass of people. They spent the next decade destroying their competitors via any means available and are still paying the goodwill price of that behaviour twenty years later. Let’s hope everyone can learn from that lesson.

Questions people ask when they find out you do Lemons

“How fast do you go?”

Credit: myrideisme.com

Credit: myrideisme.com


You
: Erm, well, I don’t really know. There’s no speedo. Maybe a hundred and ten at the end of the straight?
Them: My brother did a hundred and thirty between Dead Squaw, Arizona and Coleslaw, Nevada
You: Uh-huh?

“How long do you each drive for?”

Lemons 2010 089

You: The serious teams can put a driver in for a whole tank of fuel, which is usually about two hours.
Them: I drove from San Francisco to Los Angeles once without stopping.
You: Mmm.
Them: Also I only used two tanks of fuel the whole way.

“Do you all have to be in the car at once?”

Credit: missedshift.com

Credit: missedshift.com


You
: No. It only has one seat.
Them: But how do you get to the race?
You: I think this is a more involved procedure than you’re imagining.

“Do you wear your costumes when you’re driving?”

Credit: 4theriders.com

Credit: 4theriders.com


You
: That would be kind of dangerous.

“What do you do if the car breaks down?”

Credit: murileemartin.com

Credit: murileemartin.com


You
: It doesn’t.
Them: Really?
You: Sorry, that was a joke. Actually we call AAA.
Them: Really?
You: That was a joke too.

“I love driving. I might get a team together!”

IMG_20130718_123950

You: Great! Do you love reading instructions, filling in forms, looking after children, organising other people’s vacations or taking days off work to drive around fire extinguisher companies looking for a metal mounting bracket?
Them: No.
You: You probably won’t like it then.
Them: Then why do you do it?
You: By the time I realised what it actually involved, I had a car that couldn’t be used for anything else.

How to shop for an unusual car

Image courtesy of Wikipedia Commons

I find that car advertiser web sites are pretty well-geared towards finding a blue Honda Accord, but not so great if you’re trying to find a pink Borgward Isabella. Which probably makes sense from the point of view of the web site owners, but can be somewhat irritating if you’ve got your heart set on a particular car but don’t want to sit every morning looking at fifteen “no results found” pages.

What I really want is to set up some searches and then wait for an email saying a car’s turned up, and here’s how I go about doing that. I’m going to group these tips by type of solution – please bear in mind that this is going to be heavily skewed to North America, although with a bit of tinkering you can easily apply these techniques to searches in other places.

eBay

Capture

eBay’s an easy one, so let’s do it first. Once you’ve searched for the car you want, there’s a button at the top saying “Follow this search”. If you then visit your My eBay page, you can turn on email notifications for that search. One tip: the checkboxes for options will filter based on the current search results. So if you want a purple Gilbern Invader you might have to first search for any purple car, and then narrow your results to the exact make and model. Although frankly if that’s what you’re looking for you might be better trying to buy some purple paint, a bunch of fibreglass and a rusty MG.

AutoTrader

Much like eBay, Autotrader lets you save searches and have it email you when new cars turn up. You have to create an account, but once you’ve done that it’s pretty easy to use.

 Craigslist

This one is a bit of a nuisance but I did come up with some sort of a solution. I wrote a whole blog post about it. Off you go and read that.

Classified ad sites

After a lot of digging around, these are the only sites that I now bother searching (in approximate order of best to worst):

These sites are all geared toward you searching every day for new results. But we can change that! All you need is a free account on ChangeDetection.com.

For each of these sites, here’s the process to follow.

1. Search for the car you want.

 2. Tweak the search to be exactly right. 

Sometimes the user interface allows you to get the exact search you want but, if it doesn’t, don’t despair. You can start to look at the URLs that the search generates. These URLs contain the set of parameters that are being passed to the search engine, usually in the form “parameter=value” and separated by ampersands (&). For example, I gleaned that you can search for green cars just by adding &clrId=27128 to the URL. Don’t like the dollar ranges they suggest you want to filter by? Look in the URL – more than likely you’ll see something like prMx=6000 which you can just edit.

Screenshot 2014-01-13 14.09.39

Sometimes the clever filters on these sites stop you from filtering results when nothing’s going to be displayed – you can get around this by expanding the search to a larger area or larger selection of models, and then contracting it again (as I mentioned in the eBay item above).

Another URL trick – when you narrow down a search by type of car, Yahoo autos doesn’t actually change the URL. But you can add two parameters manually to the URL to do this – as far as I can see it’s the make and the model with spaces replaced by underscores. So something like make=bmw&model=3_series. I only know this because they used to put those in the URL, and they still seem to work.

Make sure that the maximum number of pages are being displayed – as we’re going to monitor this page for changes, we don’t want new cars to suddenly appear on page two.

Once you have a URL you like the look of, try it in a different web browser (or a private browsing window). This stops the site from using cookies it’s stored, and allows you to see how ChangeDetection will see the page.

3. Monitor the page on ChangeDetection.

Once you’ve got a URL you’re happy monitoring, head over to changedetection.com and click “monitor a page”. Put that full URL into the box and click “next”.

Capture

ChangeDetection now has a few extra options to tweak:

  • only send if sizeable change” – I always check this. They’re pretty vague about what it does, but in my experience a new car being listed counts as a sizeable change.
  • only send if text added/removed” – I always check this and select “added”. ChangeDetection is a little finicky with car sites, just because the removal of a 2004 Bentley Continental and the addition of a 2008 one is often seen by ChangeDetection as only the changing of “2004” to “2008”. But either way this counts as text added, so I check this.
  • Only send alert if added text contains x” – you’ll quite regularly get spurious alerts just because advertisements changed on the page, and you can use this option to avoid that. If your search is generally returning no cars at all, just put something like the colour or make of the car you’re after in there. When a car finally appears for sale, the addition to the page is bound to contain the colour of it, and the change detection is much less likely be triggered by advertisements. However… if your search is often returning several cars, don’t use this trick – as I mentioned above, the removal of a 2000 green car and addition of a 2005 one will not be regarded by ChangeDetection as involving the addition of the word “green”.

Get all these set up and, hopefully, you can sit back and wait for cars to appear. It’s not a fail-safe system – sometimes sites change the way they work, and sometimes you’ll get email alerts just because advertisements have appeared or changed. So every so often you ought to go to ChangeDetection and just click on the URLs manually to make sure they’re all working and you’re seeing the results correctly. But it sure beats going to the same sites every day.

Hope this has been some use – if you’ve got your own ideas, please feel free to share them in comments.

Renaming “Christmas” – next steps

jjvjpg

As a non-religious person, I applaud the renaming of various things which once had religious significance. Until last year, “Christmas” in my house involved singing hymns, praying, nailing ourselves to crosses and drinking the blood of bats.  Now, with the invention of the new “holiday yuletide snow fun” period, the event has been completely transformed. We buy a tree, give each other gifts – and this year we didn’t even sacrifice anyone!

I’m equally pleased about the abandoning of the archaic term “AD” (“Anno Domini” – in the year of our Lord) in favour of “CE” (“Common Era”). Previously, every time I wrote down the date I was caught up in a terrible misery over the death of Jesus, the son whom I doubt existed of a god I don’t believe in. As I write dates quite regularly for my job, this was causing me a lot of anguish and I’m very pleased it’s being painstakingly stamped out.

My only complaint is that these changes don’t go far enough. The next things to approach are:

  • The word “enthusiast“, as I’m sure you know, means a person possessed by a god. This is out of touch with modern reality. We should use “fan” instead.
  • The term “OMG” currently stands for “oh my god”. Do we all live in the fourth century now? Let’s stop this nonsense and make it stand for “oh my goodness” instead.
  • Somehow the term “milky way” and its Greek equivalent, “galaxy“, continue to see regular use. We need to stamp this out – although we can’t be sure of exactly where the galaxy came from, we can be confident that it did not come from breast milk sprayed into the sky after Zeus’ baby son woke up during feeding. I recommend we use “distinct universe area”.
  • I don’t believe in the Norse god of strength, Thor, and every Thursday this riles me up into a frenzy. I propose we rename “Thursday” to “Beyonceday” to reflect more current thinking.

These are quite common terms, so making the necessary changes will no doubt take a while. Rewriting the history books will probably be the most time-consuming part, but I think we can all agree that it will be a useful investment.