Recently in Online Commerce Category

Google recently released a SSL enabled version of their main page, which is no bad thing. However it turns out there's a bit of a nasty side effect for companies doing search analytics. When you go from an SSL site to a site without SSL, most modern browsers will stripe out the referrer data. In the case of going from an SSL enabled Google to a normal non-ssl site, it means that the non-ssl site will have no idea of what search terms were used.

Of course there is a way around this. The simplest is just to SSL enable the site. If you go from one SSL enabled site to another SSL enabled site, the referrer data is retained. There are other such as Google appending something like ?query="search term" to each url it returns, however even if this is implemented I can see it being an optional for the user.

Of course the problem with SSL certs is that you need a dedicated IP Address for each SSL enabled site. There's extensions to TLS which would mean that you could host multiple name based virtual hosts on one IP, see Section 3.1 of RFC3546, but I have yet to see significant support for this. As it stands at the moment, IPV6 is probably better supported than the Server Name Indication extension of TLS.

So, if a company wants a fast way of getting the referrer from an SSL Google query, the handiest method is probably to SSL enable their site, which means a dedicated IP address. Anyone who has got this far in the post probably already knows that IPv4 addresses are slowly running out. If every SEO in the place suddenly wants to enable SSL on their customer's sites, there's suddenly going to a lot of pressure on the IPv4 address space.

I know that if a relativity small percentage of shared hosting sites at work wanted to SSL enable their sites in the morning, we'd run out of available IPv4 addresses in a flash. However, we do have ~4,000,000,000 IPv6 addresses available which should be sufficient! It's just a pity that most ISPs wouldn't be able to get to them at the moment.

The big winner in this would be the companies selling the SSL certs. People could use a self signed cert, but do they really want customers/potential clients to have to click through the various warnings. There's other options such as CACert, but not all browsers will recognise them as a valid cert.

My own opinion is that the lack of referrers is no bad thing. It might force sites to stop using under hand tricks and just put up proper content.
It would seem that random pie in the sky figures about server virtualisation is one of my berserker buttons. I work in IT, hence I know that everything in IT is a compromise. So when someone on twitter quoted figures from a Sunday Business Post article stating that the HSE were using 200 servers, and then immediately proclaimed that virtualisation would reduce that number by 75%, I had to respond. Anyone on twitter is free to look it up.

At work we use virtualised servers extensively. Our whole shared hosting/VPS platform is built on Virtuozzo. We have numerous other services which are virtualised in the the background using other technologies such as Xen, KVM, Hyper-V etc. It is a brilliant tool when deployed properly and has plenty of other benefits such as being able to move an virtual server to new hardware in a hurry.

However, if you are to believe the marketing hype, virtualisation will immediately save you X% where X is ridiculously large number like 70 or 80. What they always seem to fail to mention is that they're presuming that you're massively under utilising your current hardware.

This leads to a lovely self fulfilling prophecy. The people who move over are the ones underutilising their current hardware and they will see massive savings. These savings are due to bad planning and over speccing the hardware in the first place though, and virtualisation is the ideal technology to consolidate the hardware while keeping the outward facing infrastructure looking the same. This means there's a massive selection bias in the figures which virtualisation vendors quote, as they seem to only use these customers as examples.

If we then look to the other end of the spectrum, people properly utilising their existing infrastructure. Here virtualisation will still give plenty of benefits. For example, being able to move a virtualised server from physical server to physical server, often with no downtime. However, then you have to consider virtualisation overhead. As virtualisation is simple abstracting away the hardware, there is going to be an overhead in the translation. Depending on the technology used the overhead might be minimal or it might be large enough that new hardware is required to account for it.

There will also be no savings due to less hardware in this scenario as the virtualisation isn't being used for consolidation, but for ease of management. If it's a commercial virtualisation product such as VMWare, there's going to be extra cost involved. This cost might be offset in deceased administration time, but it's not going to be anything near the figures normally quoted for savings.

To go back to what started all this off, the 200 servers in the HSE. We have no way of knowing what the utilisation is like on these servers. For all we know, it's a fairly heavy Java based app running on them and the systems are well utilised. It's also possible that they are underutilised, but without knowing what they're actually doing, it's not possible to pull random figures like 75% out of the air.  

Enhanced AIB Security?

Just after logging into my AIB Internet Banking account, and I spotted the following security notice:

From June 23rd you will be required to enter two codes from your AIB Code Card in order to complete the following actions on AIB Internet Banking:

This is only required for certain transactions, but it still seems to be a useless change. If someone has one code, the odds are extremely good that they have the code card. If not, the second code can probably be obtained using exactly the same method as was used to get the first.

If they really wanted to enhance their security, they might be better off deploying something like Rabo Direct's Digipass. I believe they already have something similar for their Business Banking. Unfortunately, this probably won't be done due to cost.

To go slightly off topic, the new AIB Internet Banking site is a vast improvment over the previous incarnation.

DHL Tracking Madness

| 1 Comment
I ordered a nice new toy from Komplett over the weekend and got a email with a "Track And Trace" code for DHL Europlus. I went to, saw a nice DHL Fast Track search box on the top right and entered my code. I got a page entitled "Tracking Good Afternoon" (at 6 in the evening) and search boxes all over the place. Besides not looking well in Firefox, it didn't show the code I had just entered anywhere.

I put my code in the top search box (Air Express), pressed search, and up popped a box saying entitled "DHL Road Express Shipment" telling me:
You may have entered a DHL Road Express Licence Plate Number / Identcode Number.

Please use the European Road Express Parcel Tracknet below to track this shipment.
The main page also had a section entitled "DHL Road Express Parcel Tracking", so out of interest I tried the code there and got the same popup. I then clicked the European Road Express TrackNet as they wanted, and figured out how to add my code and submit as needed. The tracking as it turns out is pretty dire. According to them, my package is in Tilberg, NL since yesterday morning. It better be wrong!

The point of this rant? Their system was smart enough to realise that the code I entered was a European Road Express TrackNet code. Why didn't it simply redirect to the proper page from the main page rather than carrying me into a page with multiple search boxes? Instead of a popup explaining where I need to go, why doesn't it redirect to the right page? Or even a link to the right page in the popup? Was there any UI testing done at all on the site?

I was talking to someone who once worked in a company bought by DHL. I was told that their biggest problem is that as they are buying up smaller local companies to do local deliveries, they are aren't integrating the new IT systems properly. This does explain why the tracking mightn't as great as it should be. However it doesn't explain why they can't add a small bit of intelligence to their site.

Copyright Fun And Games

Michele posted about the fun and games with Domainnews and copyright two months ago. Domainnews seem to have finally realised  and their "Chief Editor" has replied claiming innocence. Unfortunately he still does not seem to realise what he has done wrong, and he still hasn't as much as apologised yet. In fact Michele had to send a DMCA Takedown notice to Google before anything was done. For fun and giggles I had a look at the Domainnews site and spotted a post attributed to "press" which is a copy of the press release here. According to Domainnews: "press is one of our editors and not someone we are trying to credit this to". What's even more fun is that the DotAsia press release is covered by a Creative Commons Attribution License (look at the icon at the bottom left of DotAsia's press release) which probably means that DotAsia would at least like a link back. Even if they didn't have the CC license, it is just a common courtesy to link back to the originating site, even for a press release. There is no point posting about DotAsia starting a new program, if the reader can't click on a link and have a look around to get more details. The whole whole point of the Internet was/is to share information.

Carlow Wifi Followup


Due to the lack of online information about the Carlow Wifi project, I did a quick drive around Carlow with a laptop and USB GPS dongle. Using Kismet I was able to pick up six networks with the essid of "Carlow Town low cost WiFi Access".

I was lacking an external antenna for the laptop wireless so I could have missed more than a few, however I did manage to pick up eighty three wireless networks in a ten minute drive around town!

I have created a quick Google Map with the locations of the six Carlow Town access points which can be accessed here. When I manage to find my wireless card with external antenna, I'll do a proper drive around the town and put up the results.

As Damien has already mentioned, E|Net announced a new Wifi network in Carlow today. According to the article Brisknet, Aptus and Bitbuzz are going to be the initial providers of Wifi access in the town.

I have been fairly unimpressed with the details available online about the wireless network though. There is absolutely no information on the E|Net site that I can see, not even a mention in the News sidebar.

Brisket's coverage maps only cover Roscommon, Mayo and Galway. There is no mention of Carlow on their site at all.

Bitbuzz is a bit better. They mention the Fairgreen shopping centre in their list of hotspots, but that's it.

Aptus (What a site!!) have nothing on their site about coverage in Carlow, or about anything for that matter!

The whole project to get Wifi in the town is a great idea, and I look forward to when it is actually useful. However the announcement that it has gone live seems to be very premature, one hot-spot in a shopping center is not a municipal WiFi network.

One of my pet annonyances when browsing around on the net is sites where you have to register for no good reason. I have enough useless accounts as it is. What's even more annonying is when they return a different result to the search engine bots so that more than just the registration page is indexed.

A prime example of this is When searching for current Irish news it usually ranks fairly high on Google, however all the pages require you register first before you view them. The registration gives no advantage to people like me who just want to a quick look at the latest news. I suspect that I'm not alone and that lots of people will just go back and look for another site.

Unison's simple user agent checking makes it very easy to get in unmolested though. The User Agent Switcher Plugin for Firefox allows you to easily set exactly what user agent you want your browser to appear as. The GoogleBot isn't in the list of Useragents available, but it is easily added. Switch to GoogleBot as your useragent, and magically you will have full access to the Unison site.

I know that Unison will probably close this hole within a few days now, but it's nice to be able to make a point. According to Google's Webmaster Help Center "crawler only" pages are a thing to avoid. I would class pages that react differently to GoogleBot as "crawler only" pages.

If Unison want to require people to register in order to get nice features such as customization, then grand, I have no problem with that. However, how much traffic are they missing out on by having the register page for everyone? And how many advertising impressions are they missing out on? I know that if I go to the BBC News site I will usually end up going to other stories which interest me, which means more page impressions on the BBC site. More impressions, more chance of clicking on ads, more money!

In this day and age it is senseless to have such stupid restrictions on a site like Unison that has enough content to be a massive earner on advertisments alone.

Update: I somehow managed to forget the user agent I'm using, it is:

Googlebot/2.1 (+

Adam has pointed out that SEC are planning on planning on taking action to combat the pump and dump spams doing the rounds. So far trading in 35 companies has been suspended in the aptly named "Operation Spamalot".

It is a logical step to take in order to curb the amount of such spams going out, however you would have to wonder how long before spammers twist the situation to their advantage?  Blackmail anyone?

Last January, I headed to the Godfather Pizza website to view their menu and order my uber-healthy supper. When I attempted to call the number for Godfathers Carlow on their website, I got nowhere. I checked a " Take-Away Express" booket that was in the house and got the right number. The number on the website is (059) 941 6666 while the actual number is (059) 914 6666. Being a nice lad :) once I ordered the Pizza, I emailed the only email contact I could see on the site (info@....).

I got a reply back saying that the information had been passed to Marketing Department, and I promptly forgot all about it. I'm just after going to the site to see the menu again, and the number is STILL wrong. I would have thought that something as simple as swapping 2 digits could be accomplished in 2 minutes, never mind 2 months.

I have no idea how much traffic Godfather Pizza get to their website, but seeing as Dominos have recently started taking orders online, I'm betting that the internet using public is a sizable percentage of their customer base. Godfather Pizza don't have the facility to order a pizza online, so the only contact you can have with them if you want a delivery is by phone. How much business have they lost by not having proper contact details on their site?

Update Mar 22th: Looks like the number has been changed. I'm not sure when, but the current last modified time for the page is: 03/20/2007 11:20:18 AM

About this Archive

This page is an archive of recent entries in the Online Commerce category.

Nokia is the previous category.

Random is the next category.

Find recent content on the main index or look in the archives to find all content.


OpenID accepted here Learn more about OpenID
Creative Commons License
This blog is licensed under a Creative Commons License.
Powered by Movable Type 5.02