1

review of Australian car web sites

|

It seems that Toyota isn’t alone in having non-functional web sites. In fact it’s better than some, the basic information on the cars is available and it is possible to get contact information for car dealers, also they have a feed-back form on their web site (to which I submitted my previous blog post). Incidentally the Lexus site had much the same problem as the Toyota site (hardly surprising as Lexus is the luxury marque from Toyota). But I expect that if I phoned Lexus to ask about their vehicles I would get a better call-center experience which would make me less inclined to blog about them.

Daihatsu vehicles are sold by Toyota. Their web site doesn’t use Flash, but it has so little content that it doesn’t count.

I decided to quickly review the web sites of car manufacturers that sell in Australia for a fair comparison. I found three sites worse than Toyota, two sites that were equal (counting Lexus), and six that were better than it.

Holden has the worst site, they don’t display any information if you don’t have flash, they don’t even display a phone number! I wonder how much Adobe pays web programmers to pull this sort of stunt. I can’t imagine Holden management saying “if a customer comes to our web site and doesn’t have Flash then don’t display our phone number or any other contact information, they can use Flash or buy a Ford instead”. Obviously some web monkey has run amok and done their own thing without following directions. Probably some people need to be sacked in the Holden web development group.

Volvo Cars has a very bad site. Most of the content is involved with Flash in some way and refuses to load. There is a mailto reference that is broken, and the overview page for the S60 seems to have a JavaScript loop (I aborted the load after it loaded 245 pictures and was still going). The Volvo page for their other business is quite functional although minimal.

Hyundai has a bad site. The front page works OK, but some of the sub-sites to display information on vehicles redirect to sites such as evolveddriving.com.au which are “optimised for 1024×768” and require Flash and Quicktime while others do strange things like changing the size of the browser window. Overall it’s a very bad site, but at least I could find the contact details for my nearest dealer, and it has a feedback form.

Subaru has an OK site. The only thing I couldn’t access without Flash is information on their AWD (All Wheel Drive) technology. Unfortunately they provide no email address and no form for sending feedback.

The main Ford web page claims that Flash is required, but their site just works without it. In a quick test I was unable to find any functionality on the Ford site that is missing because of not having Flash. Ford have a well designed site.

The Volkswagen site makes no mention of the fact that I don’t use Flash, it does however have some strange unused spaces in the middle of the screen. I guess that it recognised that I don’t have Flash and made a semi-successful attempt to work around it. I could get all information I wanted including dealer contact details.

The main Mazda web page displays a message about Flash not being installed and offers a link to a non-Flash version of the site. The Flash section is at the center and the buttons at the sides work if you don’t have Flash. This seems to be a well implemented site.

Citroen has an OK site, no flash that I noticed (although there were large blank areas on the screen at times indicating that something was missing), the information was all available and browsing was reasonably easy. One thing that annoyed me was that there were movies available but only through some sort of JavaScript that tried to play them in my browser. I have never bothered setting up my web browsing machine for playing movies (among other things it has no speakers) so this is a problem for me.

Peugeot has a good site. No apparent flash and it’s reasonably easy to use. It has more pictures than Kia but the JavaScript navigation stuff is fancy. One nice feature is a single page with pricing summaries for all models. If you have $X to spend on a Peugeot you will easily discover which ones you can afford.

Kia has the best site I saw! Not only is there no flash, but it’s well designed, easy to navigate and it loads quite quickly. Please review the Kia site as an example of how to do it properly!

Let me know if I’ve missed any makes and I’ll post an update.

Related posts:

  1. open letter to Toyota When I visit the toyota.com.au web site it does not...
  2. why I joined the Australian Greens In 2004 I was browsing the web sites of the...

open letter to Toyota

|

When I visit the toyota.com.au web site it does not display any information on the new Camry, instead it displays a message saying “Unfortunately you do not have flash 8”.

A well designed web site will display information for all users, including those who don’t have flash installed.

The Toyota web site should be aimed at selling Toyota products, however it seems most effective at selling Macromedia products. Anyone who visits the Toyota site is forced to install a product from Macromedia (the Flash viewer) but is not forced to purchase anything from Toyota.

Are your web designers representing Toyota’s best interests or the best interests of Macromedia?

http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&c2coff=1&q=flash+security+cve&btnG=Search

If you visit the above URL you will see information on some of the security problems related to flash. Anyone who has security problems on their computer after being compelled to install Flash by the Toyota web site would have reason to blame Toyota for any damage or loss caused by such security problems.

Flash is often prohibited by corporate security requirements (the instructions on the Toyota web site could get a potential customer sacked – and therefore unable to purchase a car). It is not usable by many visually impaired people (while people with extreme vision problems are not able to drive a Toyota cars they should be able to read information about them). It is also disliked by people who want their computer to run all free software, which includes a large number of people who like the Prius.

Related posts:

  1. big and cheap USB flash devices It’s often the case with technology that serious changes occur...
  2. IT companies and toxic waste Greenpeace has an interesting article about how IT companies rank...

started growing a beard

|

day 1 of the beard

At LCA in January this year there was an auction at the end (an LCA tradition), and most people were feeling very relaxed and happy after plenty of good food and drink and bid with reckless abandon (another LCA tradition).

To help things along a few of us volunteered to do various things if various amounts of money were reached. The full list is here.

Anyway my contribution is to grow a beard for the next LCA. Recently I had been thinking that it was about time to start, and this morning I discovered that I had misplaced my shaver, so I start today. I had wanted to get a clean-shaven picture for the first blog entry, but things didn’t work out for that. The above picture is two days of growth (members of my local LUG are probably used to seeing me look like this).

I will strart by blogging a picture every day, and then start to space them out as it grows. The apparent results of beard growth should exponentially decrease over time so the rate of pictures would best be based on the log of the time.

No related posts.

working all night

|

Last night I worked until 5AM on a magazine article. Upon review the later stages of my work weren’t of my usual quality level, and today I did nothing significant because I was too tired (fortunately it’s a Saturday).

I’m now going to cease all really late-night work except when supporting 24*7 production systems for clients. When I feel that my productivity starts to slip due to being over-tired I’ll cease work unless I am being paid to get an outage fixed quickly. The real problem in productivity seems to be throughput not response time. So if I occasionally miss a deadline but overall get more work done it should be a net positive thing.

Related posts:

  1. Supersize Me I recently watched the movie Super Size Me. Due to...

Virgin – no free water and renewable energy

|

When returning from Ruxcon I took a Virgin Blue flight.

The Virgin web site has a FAQ with the following advice regarding DVT:
Drink plenty of water and other fluids during and after the flight, limiting alcohol, tea and coffee.

However Virgin provide no free water on the flight and charge $2 for 350ml of water! This is a strong incentive to buy caffeinated drinks and/or alcohol, after all if you are going to pay then you want something better than water!

They should provide free tap water as a basic health measure.

On the positive side there was an interesting article in the Virgin Blue magazine about alternative sources of fuel. It covered bio-Diesel (renewable and produces less toxic smoke), and producing Diesel from waste plastic (saves space in land-fill as well as providing fuel). It wasn’t as technically detailled as I would like and it didn’t mention some of the methods being developed for producing Diesel fuel from algae or the work on using bio-fuel for jet aircraft (which would be appropriate for an airline magazine).

But it’s a good start, hopefully some travellers will learn that there are environmental problems and ways that we can fix them.

Related posts:

  1. clean energy There are many people claiming that nuclear power will solve...
  2. more on clean energy One new technology for saving fuel in cars is the...
  3. more security foolishness Dutch police arrested 12 people for acting suspiciously on a...

dunc-tank and motivation

|

The dunc-tank project was established to raise money to compensate some Debian developers who are essential to producing a timely release of Debian. There has been a lot of acrimoneous debate about whether this is a good or bad thing. The positive side of it is that the release managers will get to spend more time working on Debian, the negative side is that some volunteers will lose motivation.

However I have felt more motivated to do my unpaid Debian work. During the time that I was employed by Red Hat I was fairly slack about my Debian development work (incidentally Red Hat management were happy for me to continue Debian work so there was no pressure from Red Hat in this regard). Since leaving Red Hat I have been busy doing paid work.

Recently I have started getting involved in Debian work again. I am about to upload a new version of Postal for the first time in three years, I have set up a Xen server for Debian SE Linux development, and I am about to start serious Debian SE Linux development work again.

One factor in this has been my impression that other DDs are taking the release seriously. In the past schedules for release have slipped repeatedly without end. Now there is a schedule and this gives me more motivation to get bugs fixed!

No related posts.

3

Lack of privacy in Amcal

|

Recently I visited my local Amcal pharmacy. When I was waiting to pay I noticed a large pile of cards on the country, they were customer loyalty cards with the names of customers printed on them. Also on the top of the pile was a Medicare card. The cards were placed face-down presumably to avoid customers seeing them, but as they were on the counter where customers waited to pay there was nothing to prevent a customer from turning them over or even stealing them.

I brought this to the attention of an Amcal employee who agreed that the medicare card should not have been there (such carelessness is probably illegal) but who thought that a huge pile of customer loyalty cards (which among other things is connected to a database entry with the customer’s phone number and postal address) is something that should be left within reach of customers. When I left the store another customer was being served within convenient reach of the card pile (which may have contained more Medicare cards).

If you have a cold then it’s OK to go to Amcal to buy your medicine. If you have the clap then you might want to go somewhere else as they don’t seem to care much about privacy.

No related posts.

Ruxcon and SLUG

|

This weekend I was in Sydney for Ruxcon. Ruxcon is a computer security conference with a focus on penetration testing and related skills.

The presentation on Unusual Bugs by Ilya van Sprudel was particularly interesting. He spoke about a number of issues that could do with some improvement in Linux, I will file some bug reports shortly.

There was a chilli eating contest. I was one of six people to enter. I survived the first two rounds and got onto the middle-strength chilli before giving up. There were 100 tickets to the Google party for the ~200 person conference and everyone who entered a contest got a ticket. My aim in the contest was to eat more chilli than I enjoy eating but less than the amount required to make me sick, with a secondary goal of tasting at least the second level of chilli. I achieved my goals and left the contest after tasting the second chilli.

One man appeared to be impressed by my chilli eating and was telling everyone that I am famous for eating chilli. It’s good to be famous for something in the computer security community. :-#

At the end of the conference there was a panel discussion that I was invited to attend. I had to leave early to catch my flight, at the time I left everyone who was on the panel had each finished a few drinks and a couple of new guys had just joined. I think I missed the most exciting part of the panel discussion.

Thanks to whoever paid for the drinks for panel members. Things were a little hectic when we were given the drinks and I forgot to thank whoever paid for them.

In other news Sydney trains are slow and unreasonably expensive, $13 to get from the airport to the SLUG meeting at St. Leonards seems excessive. With all the problems with Sydney roads they really need to get a better public transport system!

While in Sydney I attended a SLUG meeting and gave a short talk about Postal (my mail server benchmark suite). I will present a paper about Postal at the OSDC conference later this year.

Related posts:

  1. car-pooling I am constantly amazed at the apparent lack of interest...

SAK, ctrl-alt-del, and Linux keyboard mapping

|

A common problem with Linux systems is when Windows users press CTRL-ALT-DEL at the login prompt and reboot the machine.

To fix this some people change the ^ca line in /etc/inittab to just disable the reboot function. However this is not desirable because sometimes you want to reboot a machine with a simple keypress.

Another problem that has not been widely considered is the use of fake login prompts by attackers. This can be implemented in either text mode or graphics mode. All the fake login prompt has to do is display something that looks like a real login prompt, accept a user-name and password, verify the password (a localhost ssh connection is a good way of doing this) and then abort. In the case of a text-mode login the user will think that they entered the wrong password, in the case of a GUI login via an XDM program the user will think that the login program just crashed. Then the attacker has access to their account.

The solution to the fake-login problem is the use of the Secure Attention Keyboard (SAK) feature. When invoked this feature makes the kernel kill all processes that are on the virtual console in question. If you make CTRL-ALT-DEL the SAK combination then pressing those keys will cause the kernel to kill any processes that are attached to the current virtual console and preventing the ability of hostile programs to forge a login prompt (which is the same as it’s purpose in Windows).

The next thing to do is to make another combination used for system boot. A reasonable combination seems to be CTRL-ALT-BREAK as those keys are widely separated and the combination is not used for anything else.

If you put the following in a file named sak.map (or whatever you want to call it) then the command loadkeys sak.map will apply the change. Note that when creating a keyboard map you should do it on a machine for which you don’t mind being forced to perform a hardware reboot. It’s easy to make a mistake and give yourself a keyboard mapping that is not usable. Another possibility is to do such testing on a machine that allows ssh logins, you can then login via ssh and run loadkeys -d to correct any errors you might make.

control alt keycode 119 = Boot
control alt keycode 83 = SAK
control alt keycode 111 = SAK
control altgr keycode 119 = Boot
control altgr keycode 83 = SAK
control altgr keycode 111 = SAK

Note that the above covers both ALT and ALT-Gr keys as well as the numeric keypad and regular versions of the delete key.

dumpkeys -l gives you a list of all possible keyboard combinations. showkey will display the number matching any key you press and will exit after 10 seconds of inactivity.

Related posts:

  1. Debian SE Linux Yesterday Erich Schubert blogged about reducing Debian SE Linux work...

tcpdump and ps

|

Today I was doing some network tracing and figured out how to track the start and end of TCP connections. The following tcpdump command will get all SYN, FIN, and RST packets on port 80 and all ICMP packets:

tcpdump -i bond0 -n “port 80 and tcp[tcpflags] & (tcp-syn|tcp-fin|tcp-rst) != 0 or icmp”

Also recently I was tracking down some minor security issues related to programs that call setuid() to drop privs but never call setgid() and therefore always run with GID==0 which gives them a lot of access to the system. The following ps command gives the real, effective, saved, and filesystem UIDs and GIDs mapped to names. Note that with some versions of ps different fields have different truncation lengths.

ps -eo pid,user,euser,suser,fuser,group,egroup,sgroup,fgroup,comm

The next thing I have to do is to patch PS to show the supplementary groups.

No related posts.