My Heart Bleeds for Internet Security

heartbleedIt has been less than a month since the announcement of a serious flaw in a software package used by many sites to keep information secure. The so-called “Heartbleed” bug took information that was supposed to be private on Web servers and made it theoretically available to a malicious user. The flaw has existed for 2 years, and so either everyone’s information has been available to certain malicious users for that amount of time, or the mistake was only discovered by the folks who fixed it and little to know information was compromised on systems that quickly patched. No one is sure which conjecture is true.

No matter what, here’s what we can learn:

  • People who properly patch their user and server computers will be more protected that those who don’t. Keeping up to date with new versions of software packages doesn’t fix everything, but it makes you more secure than if you didn’t. There are lots of uninformed people worried about the Heartbleed issue, but haven’t bothered to update past Windows XP, which no longer receives updates at all.
  • Having a multi-layered approach to security is the best: Relying on any one piece of technology to secure your data isn’t effective. We all need to use many different techniques. If you were securing an important government building from physical access, you wouldn’t rely on just a door lock — no matter how secure it is. You would “layer” a fence, a camera system and other tools to help the building. The same is true for Internet Security.
  • Beware of overly simplistic news headlines: I read many pieces during the initial roll out of the Heartbleed issue that were just completely wrong. Tech bloggers (such as Krebs on Security) were more likely to get the story right.

Curvine Helps the Seattle / Bellevue Community

In the past 8 years, Curvine has been privileged to help many non-profit organizations with sponsorships, donations and free or reduced-fee Web design work. We’re happy to be helping two great organization at the moment:


Eastside Baby Corner was founded in 1990 because Karen Ridlon, a local pediatric nurse practitioner, became concerned about the large numbers of babies in her practice that began life without adequate food, clothing, beds or safety equipment.

Her commitment to giving these children a stronger start grew from a idea and a few items gathered in her dining room, into an agency that in 2013 distributed 40,069 orders of absolute essentials, valued at $4,527,034*.

For 50 weeks each year, volunteers and staff at Eastside Baby Corner collect community donations, purchase and distribute children’s and maternity items to families in collaboration with virtually every organization helping families in our area. Case managers from partner agencies assess the needs of the family, request the items from EBC, pick up and deliver them to the family. Serving a broad area in east King County that extends to the Cascade foothills and from south of Renton to the edge of Snohomish County, EBC serves as a diaper bank, a clothing bank, and a food source for more than 500 kids each week.


 The Seattle Transit Blog is 501(c)(4) nonprofit organization that covers transit news for the the greater Seattle area. The blog also focuses on density and the urban form, and other forms of alternative transportation like bicycling and walking.

We’re happy to be helping both of these worthy organizations!

How to Increase Your Prices by 1900% and Keep Everyone Happy

ZerigoAnswer: You Can’t!

Last month, we received this missive from one of our vendors who helps us provide Web hosting services to our clients:

We are pleased to announce that the porting of all Zerigo DNS infrastructure to the Akamai platform will be complete by January 31st, 2014. As we have mentioned before, this move is part of a planned and systematic upgrading of our Zerigo DNS infrastructure. Zerigo’s DNS offering will now be backed by the full range of capabilities afforded by one of the largest and most advanced DNS name server networks in the world. All client-facing interfaces will remain exactly as before. You will be able to capitalize on the easy-to-use interface and API you already know, which will now be backed by Akamai’s cutting-edge infrastructure.

We have identified you as a customer with 50 or more zones currently supported. On January 31st, 2014, your account will be mapped to the smallest plan allowing for the number of domains you currently have in use.

Below, they explained how our DNS plan (which is an important part of a Web site, but not a costly or complicated part) would be increasing in cost by 19 times with 30 days notice!

How can you keep your clients happy while announcing such an increase in cost? You can’t. Social Media was filled with people complaining and giving tips on where to switch to. We spent much of January switching to a new provider, and we’ll never be sending business to Zerigo again.

There’s no way, no matter how positive you make it sound, that a dramatic price increase will keep clients happy. Best to avoid such increases!

Selecting a Web site Development firm is about Selecting Good People

Anita, one of our designers.
Anita is one of our designers. Our staff is the most important part of our business!

I was doing some research today on other Web site development firms in the area. I was surprised to see how many don’t list their staff and really have no information about who works there.

That’s a huge mistake, in my estimation. Every conversation I have with potential clients is about them trying to see if we have the talent and expertise to do the project. How much harder my job would be if I couldn’t say much about the people who work for Curvine. I’m so thankful that we have a great team in place and I’m proud to tell you about them on our Web site.

How to Make a Cartogram

Here's what Washington state's 2012 Governor's race looks like as a Cartogram. Darker shades mean wins my a greater margin. The blue is a Democrat win, red is a Republican win.
Here’s what Washington state’s 2012 Governor’s race looks like as a Cartogram. Darker shades mean wins my a greater margin. The blue is a Democrat win, red is a Republican win.

The Internet is filled with massive amounts of data. One of the struggles we all have is understanding all of that data. Using graphs and charts can be helpful, but they can sometime obscure the data behind them. As Web site developers, presenting visual representations of information is an important part of what we do.

As an example, take the Washington state’s governors race in 2012. If you looked at the statewide results, the vote was close (only 3% difference), but if you looked at the map of the state by county, you would see the winner Jay Inslee only won 8 counties of 39 (only 5 of those did he win convincingly), and many of the largest counties by land mass were won by his opponent. In this case, the map is deceptive.

A cartogram changes the size of things on the map to show their importance. So even though the winner only won 8 counties, he won the most important 2 counties in the state because they contain the most people. After some inspiration from a friend, I created the map above to show this visually. The large dark blue item in the middle is King County, which makes up a sizeable percentage of the state’s population (it contains Seattle). The dark blue shows he won convincingly (>60%).

Here’s how I made this Cartogram:

First, I loaded up ScapeToad, a free cartogram maker. It is several years old, and require an installation of Java, but it worked. It called for a shapefile of WA state by county, which I found on a number of sites, including here. I ran the Cartogram Wizard choosing the lowest quality available (high quality cartograms take forever to create). That created the map without the colors, but with the distorted counties. I saved the file to and SVG format.

Next I loaded up an SVG editor, such as Google’s SVG Editor. I then manually colored each of WA’s 39 counties with the appropriate shades. lighter for smaller wins, darker for more convincing wins. It was a little hard to figure out which county was which as the map became highly distorted. I then saved the modified SVG, and then converted it to PNG format, for easier viewing on the web.

Cartograms can be an easy way to show map related data in a new way. 🙂

How Saving 50% Can Make A Customer Unhappy

Suit Image From Wikipedia
Suit Image From Wikipedia

I recently went shopping for a new suit. I went to a local retailer, found a suit I liked that was marked down from $800 to $500. I was ready to buy, but first I wanted to do some online research to see if the brand was good and if I was getting a good deal.

I visited the retailer’s Web site, where they were advertising almost the exact same suit for $175 as an “online-only” offer. I revisited the retail store, confirmed the details and that it was an online-only offer which couldn’t be matched in the store and purchased the suit online.

You might think that I was thrilled at saving 80% off of the regular price, but in fact, I was disappointed. First, all of the shenanigans with the price made me uncertain whether I made a good purchase. Was the suit really a $100 suit marked up to $175, or was it really a $800 suit marked down to $175, or somewhere in between? Second, the salesman who was very generous with his time probably works on commission and won’t be compensated for the sale, even though he did all of the work. This left me with a bad taste in my mouth.

What’s the lesson?

  • Have consistent pricing: horsing around with a price by 80% seems like a great way to move merchandise, but it also leaves customers (particularly those who buy items infrequently) confused.
  • For stores with brick and mortar and online presences: be careful. Customers who shop on your Web site also shop in your stores. Pretending they are different groups will leave customers (and your brick and mortar stores) confused and disappointed.


An Important Lesson from Only Ask Questions You Need to Ask

The site has taken a lot of criticism for being down for many of the folks who visited the site in the past few weeks. Politics aside, there’s a critical design decision that was that has to have played a role in at least some of the disruption.

The is the healthcare exchange for any state that didn’t choose to set up it’s own exchange. Washington, as an example, setup Washington Healthplanfinder, but Florida use The sites are supposed to allow people to see rates, get subsidies and buy insurance plans.

Of course, the first step to most buying decisions is to see a list of services available and view the specifics and costs. Yet, the seems unprepared for such a process — before you can even see a list of plans, you have to register for an account, which involves providing your name, email, password and a list of secret question answers.

There are several reasons why this is a bad idea:

  • Technically, creating an account is a taxing process because it involves writing to a database and sending an email. A less taxing process is seeing a list of plans available, which involves no email sending and only reading of a database. By requiring an account to be created before viewing rates, you made a less technically taxing process more taxing. More taxing means less users can use the same servers at the same time. That likely aggravated other problems with the site which created site crashes and other delays.
  • The registration process is likely to create customer service questions, even if it was working properly. By requiring this so early on, you send more people to email and phone, likely overwhelming those resources.
  • Technical reasons aside, it isn’t a customer-friendly decision to require a login before browsing. Imagine two cell phone stores — one who shows you all of the plans and phones available when you walk in, and another who shows you all of the plans and phones only after you show them your driver’s license and take a fingerprint. Which would you like to shop at?

I doubt there’s a quick fix to this design flaw — but I hope it gets attention soon. Though, others can learn the lesson — only ask question you actually need to ask.


Why Macs are More Secure Than Windows PCs

The Power of Network Effects
Image courtesy Hiryuinthebox
Image courtesy Hiryuinthebox

It is common for computer users to say that Apple computers are more secure than Microsoft Windows powered PCs. The proof often cited is that Windows suffers from a never-ending barrage of viruses, and Macs don’t. Many articles have been written which supposedly prove or disprove this theory.

The fact is no one really knows whether PCs are more secure than Macs. The source code to Microsoft Windows is not available to the public (it is a closely guarded secret!) and the source code to Apple’s OSX (the operating system that Apple desktop computers run) is only partially available for review. So it is almost impossible to review the relative “safety” of these two systems.

But how is it that Windows had so many viruses and malware and Macs don’t? It comes down to the fact that malicious software writers are lazy. They would much rather infect an operating system that runs 95% of desktop computers than one that runs only 5% of desktop computers. They find and exploit vulnerabilities in Windows because it is more effective than doing the same for Apple’s OSX.

This is all related to why most people buy Windows PCs when they need a desktop or a laptop. “Network Effects” helps explain this — it is the effect that one user of a good or service has on the value of that product to other people. More people buy Windows PCs which means there is more training and more software available, which helps perpetuate the cycle. Likewise, more people mean more victims for malicious software.

Incidentally, the reverse is occurring to Microsoft in the phone and tablet market. More people are buying Android and iPhones than Windows Phones, which results in less software available for Windows phone, perpetuating a negative cycle.

The same plays out in Web based software. Many people use WordPress, so there are many plugins and training, and also malicious users who try and attack. Less people use other software, giving the impression that other software is more secure. All because of Network Effects.

How to Add Facebook Conversion Tracking to Magento

logo (1)

Most of Curvine’s e-commerce projects make use of Magento, which is one of the most popular e-commerce platforms. We recently had a client ask for help with adding some code to the client’s Magento-powered shopping cart to track the success of a Facebook advertising campaign. Here’s how you do it (big thank you to JXT Group‘s article on conversion tracking).

Step 1: Open the file: app\design\frontend\XXXX\YYYY\template\checkout\success.phtml (where XXXX and YYYY are the names of your theme directories.)

Step 2: Facebook conversion tracking needs the order’s total. You can put this code anywhere in the file you opened in step 1.

//Get Order Number & Order Total
$order = Mage::getModel('sales/order')->loadByIncrementId(Mage::getSingleton('checkout/session')->getLastRealOrderId());
$amount = number_format($order->getGrandTotal(),2);

Step 3: Add the Facebook conversion code. Be sure to substitute the ZZZZZZ below with the value form your Facebook conversion code.

<script type="text/javascript">
var fb_param = {};
fb_param.pixel_id = 'ZZZZZZ';
fb_param.value = '<?php echo $amount; ?>';
fb_param.currency = 'USD';
  var fpw = document.createElement('script');
  fpw.async = true;
  fpw.src = '//';
  var ref = document.getElementsByTagName('script')[0];
  ref.parentNode.insertBefore(fpw, ref);
<noscript><img height="1" width="1" alt="" style="display:none" src=";value=<?php echo $amount; ?>&amp;currency=USD" /></noscript>

Step 4: Save the file and test your checkout process.

Selling Internationally Using Your Web Site

Can you sell products & services on your Web site to anyone anywhere? Image credit to DeviantArt user “Haveacookie”

It is apparently International Products & Services week at Curvine. Three of our Seattle-based Web design clients have asked us about how to sell products and services on their Web site aimed at an international market. On the surface, this seems easy — Web sites are on the Internet which is in almost every country, so you should be able to, in theory, sell anywhere!

In reality, it is much harder than it sounds. Here are a few issues that routinely slow down international roll outs. They aren’t insurmountable barriers, each is fixable if you want to put the time and money into it.

Local Laws, Taxes and Customs: Let’s say you have a product you wish to sell in Zambia. In the US, you are used to selling products and paying taxes here. When you sell products in Zambia, is there a business license you need to pay for? Customs duties for when product is imported? Are there rules for how you do business? Is your product or serviced prohibited by law? Every country is different so it is best to consult an expert on the country or countries you wish to transact business with.

Currency: You sell your product in US Dollars, but the country you are selling into uses Pesos, Yen, Shillings, Reals, Euros or something else. When users in that country make a purchase, they are likely accustomed to making purchases in the local currency and might be confused about making a purchase in US Dollars. You can approximate the purchase in the local currency, but the actual transaction will be in dollars which will be slightly different than your estimate. You may wish to open a local merchant account that can accept payments in the local currency. Also, be sure that the folks in the country have access to credit or debit cards, or you may have a hard time transacting business over the Web.

Language: English is the dominant language in the US, but that isn’t the case in most places in the World. There are “automatic” translation services available, but they won’t be effective in flawlessly describing your business. To transact in a foreign language, you need to have every page of your site (or perhaps a limited version of your site with less content) translated by a human and you need to be prepared to handle customer service inquiries in the languages you service. This includes the text on your site, the graphics and even the prompts in your shopping cart.

Bon Voyage!