Amazon App store is shooting itself

me: this is a discussion about the Amazon Appstore for Android.

Shailaja: Hello, my name is Shailaja and I’m from the Appstore Team.

me: Hello… I am in the process of deleting my apps from my amazon account, so that I can uninstall the appstore completely…
I do not like how the appstore on the device prevents me from using any “Amazon-bought” app without being signed into the app store.
Why you ask? because my Amazon account password is very long and secure, and it is very painful to type it into the tiny phone screen repeatedly. ouch, a lot of hassle. Why this roadblock?

me: and I do not have the pwd memorized, so I have to stop my attempt and wait til later. over 8 x this week I have tried to use an app — gasbuddy, etc. — and been stymied

Shailaja: I’m very sorry for the inconvenience Paul. It’s for your own account security issues.

Shailaja: If you wish you can change your Amazon password to a shorter one.
I’ve just sent you an email which will help you reset your account password

me: that is bad advice, i’m sorry. NO — this pwd requirement is only serving amazon… not me. it’s my phone and I’m responsible for its security… how could someone using Gasbuddy without an amazon pwd be a harm ?
why on earth can’t ANY app run without being forced to sign into amazon?
google PLAY does not force this… and the sky has not fallen

Shailaja: I’m looking into this, please hold Paul.

me: so why is Amazon so territorial and proprietary?? it’s causing me to leave.
I would rather rebuy everything from PLAY to avoid this issue with Amazon Appstore. AND, furthermore, this behavior is new, with last update it seems… it was not like this before.

Shailaja: Yes, I understand that there is a problem with the newer version of the software.

me: please either make the Appstore remember the pwd, or remove it completely…. yes I can understand that the APPSTORE itself requires a pwd to buy new apps…. but NOT to use the apps I already bought. Google does not do this, that I’ve seen. [ but they do have drm too]

Shailaja: Our technical experts are still working on this on highest priority to fix it as soon as possible.
I totally understand your frustration.

me: Really, there are teams of techies working to fix this? It’s been 3 weeks since I noticed this… Where is the tech note to all users? is there a public link available?

Shailaja: Yes Paul, there is an issue with the new Appstore update.

Shailaja is typing…

me: is it documented publicly in a bug list? so I can find it and review
it is helpful to know these things

Shailaja: Alternatively, please try installing Amazon appstore from any of the below links:
https://amznadsi-a.akamaihd.n…ublic/AmazonAppstore-2.6.apk
https://amznadsi.hs.llnwd.net/e1/AmazonAppstore-2.6.apk

Yes, I understand. Please hold while I check.

me: Reinstalling the appstore will fix this perpetual forced login in order to use any App?

Shailaja: Yes. Reinstall from any of the above links and it would fix the issue.
http://www.amazon.com/forum/amazon%20appstore%20deals
Above is the amazon appstore issues forum Paul.

me: hmm, i see… it’s being talked about.

Shailaja: It would be fixed very soon Paul. Please give our engineers some time.
The app developers include DRM restrictions.It’s not Amazon Paul.
me: Thank you, Shailaja… this is helpful.

Building your big idea

Great essay from Paul Graham…

Empirically, the way to do really big things seems to be to start with deceptively small things. Want to dominate microcomputer software? Start by writing a Basic interpreter for a machine with a few thousand users. Want to make the universal web site? Start by building a site for Harvard undergrads to stalk one another.

Empirically, it’s not just for other people that you need to start small. You need to for your own sake. Neither Bill Gates nor Mark Zuckerberg knew at first how big their companies were going to get. All they knew was that they were onto something. Maybe it’s a bad idea to have really big ambitions initially, because the bigger your ambition, the longer it’s going to take, and the further you project into the future, the more likely you’ll get it wrong.

I think the way to use these big ideas is not to try to identify a precise point in the future and then ask yourself how to get from here to there, like the popular image of a visionary. You’ll be better off if you operate like Columbus and just head in a general westerly direction. Don’t try to construct the future like a building, because your current blueprint is almost certainly mistaken. Start with something you know works, and when you expand, expand westward.

The popular image of the visionary is someone with a clear view of the future, but empirically it may be better to have a blurry one.

(Emphasis mine.)

 

The problem with DomainKeys Identified Mail

Wired has been discussing an emerging email security vulnerability this month.

The problem lies with DKIM keys (DomainKeys Identified Mail). DKIM involves a cryptographic key that domains use to sign e-mail originating from them — or passing through them — to validate to a recipient that the domain in the header information on an e-mail is correct and that the correspondence indeed came from the stated domain. When e-mail arrives at its destination, the receiving server can look up the public key through the sender’s DNS records and verify the validity of the signature.

Learn more from the article, and ask your hosting company if they use strong — 1024-bit — DKIM. Why?

A hacker who cracks a DKIM key can use it to send out phishing attacks to victims to trick them into believing that a fake e-mail is actually a legitimate e-mail from their bank or another trusted party. Such phishing attacks can be used to trick users into handing over the login credentials to their bank or e-mail account.

Multiple Authors with WordPress

You can easily add new authorized users (authors, contributors, admins) via the Dashboard.

Inviting Contributors, Followers, and Viewers

As for adding more than author to a post, see here for a plugin that can do this:
http://wordpress.org/support/topic/how-to-add-multiple-authors-to-a-post

And, this article has a more complete list and guidelines for multiple authors in general:

10+ Must have Plugins if You have Multiple Authors in WordPress

* * *
Also, it is imperative that your WP blog be current and have all updates installed.
Plus there are several plugins that are important to detect malware that might have crept in during time periods when older WP versions had vulnerabilities (since patched with v 3.4.2).

Is your smartphone vulnerable to the Tel URL attack?

A tech named Dylan Reeve has a test site to determine your phone’s vulnerability:

http://dylanreeve.com/phone.php

If your phone is vulnerable to the recently disclosed tel: URL attack then this website will cause your phone to open the dialler and display the IMEI code. With other USSD codes it could do any number of other things, including wipe all phone data.

You can find some more information and a simple workaround here: http://dylanreeve.posterous.com/remote-ussd-attack

What does it all mean?!
If visiting this page automatically causes your phone’s dialler application to pop up with *#06# displayed then you are not vulnerable. If, however, the dialler pops up and then you immediately see your phone IMEI number (a 14- or 16-digit number) then you are potentially vulnerable to attack.

A poster on the site made an app to solve the problem without changing dialers: Download his free, open-source app that can intercept these malicious URLs:

https://play.google.com/store/apps/details?id=net.thauvin.erik.android.noussd

https://lh4.ggpht.com/UF71xpCA3OVOD7yXnsyWduZHKOco47yjNP5J0r0sPjZ5pIr5yfUQUkkpqPeUkd6OEQ=w124

 

How to Send SMS messages from your Webapp

http://www.textmagic.com/app/pages/en/products/bulk-sms-gateway-api

Bulk SMS Gateway API: Integrate Text Messaging Into Your Applications!

Connect to TextMagic’s Bulk SMS Gateway using our HTTP SMS API or Email to SMS services.
TextMagic’s Bulk SMS Gateway API allows application developers to send text messages to more than 700 global mobile networks.

You can integrate bulk SMS messaging services into your applications, websites, software and back-office custom apps. With our HTTP SMS API, it’s quick and easy. If you don’t want to spend time and money writing code, use our ready-made SMS scripts FREE. Available in PHP, Ruby, Java, Perl and Python.

You need a shopping cart; here’s what to do

Here is a quick summary of the options available to you, and the decisions you need to make before a development cost can be established:

There are dozens of good solutions, and which to choose depends on a multitude of factors… do you have a site already with a CMS ? do you mind offloading visitors to a 3rd party “hosted storefront” like Shopify, which is a great service…  or do you prefer to keep them on your site throughout the checkout flow?

Is your site running as a self-hosted WP blog, and thus could use an on-site ecomm plugin instead? There are a few popular plugin options for this scenario.

Further, if you already use PayPal, do you want to simply add a Paypal checkout button?

See a site that does this:  http://depotpublishing.com
You can do this method on both a website or a blogging system.

If yes to Paypal, do you want to continue using PayPal but need a true cart, and want a seamless, integrated checkout flow where the user never leaves your site? Then, we use the PayPal Pro api to make any type of cart system. See my site  http://moultonfarm.com and go to the online store.

Or, you might want a full-featured shopping cart using a different payment processor, like authorize.net, and you want it hosted on your own site… ?
see  http://kieve.org
or  even http://choiceliteracy.com

And lastly, how do you handle the backend accounting and inventory management, if at all? Do you need QB integration? (troublesome!)  They need a store like bigcommerce that can send all sales data to QB on a synced basic. But setting up this scenario requires a true QB expert on hand.

The options go on!

In some cases, you may not want to use Paypal, and already have a 3rd-party gateway and merchant service. Therefore, you need a very simple “cart” that does only what you want, that talks to the API (interface) of the gateway.  A common gateway is Authorize.net. It has APIs with which you talk to their systems.

Or, you may not have a merchant account yet. In that case, you could use an all-in-one procider like:  e-onlinedata.com

And now, we get to the technologies with which your site is coded… php? asp? jsp? python? ruby? We here at PDG&Associates use only php and sometimes python.

For php, there are lots of choices.

For a simple and free one, here’s:  http://conceptlogic.com/jcart/
You could modify it as needed to make it work, and a programmer could use it as the basis for a custom solution. And there are probably 100 more carts like it this.

Or with custom programming, we could simply build a tailored solution. Give us a call to make sense of the options!

Never Search For Free WordPress Themes

Great article about risks of free wordpress themes found in the wild…

http://wpmu.org/why-you-should-never-search-for-free-wordpress-themes-in-google-or-anywhere-else/

A few months ago I wrote about WordPress Security. Now, armed with …  builtBackwardsTheme Authenticity Checker Plugin and Donncha O Caoimh’s Exploit Scanner, I’m going to take a look through the first page of Google to see just how safe pages ranking for “Free WordPress Themes” are.

Why you should use Google Public DNS

Why should you try Google Public DNS?

By using Google Public DNS you can:

https://developers.google.com/speed/public-dns/docs/using

Google Public DNS telephone support

  • 877-590-4367 in the U.S.
  • 770-200-1201 outside the U.S.

 

The Google Public DNS IP addresses (IPv4) are as follows:

  • 8.8.8.8
  • 8.8.4.4

The Google Public DNS IPv6 addresses are as follows:

  • 2001:4860:4860::8888
  • 2001:4860:4860::8844

You can use either number as your primary or secondary DNS server. You can specify both numbers, but do not specify one number as both primary and secondary.

You can configure Google Public DNS addresses for either IPv4 or IPv6 connections, or both.