So, how exactly do these sites operate?  How can anyone run a profitable business by selling $1,000 products for about $20?  The answer isn’t generous owners.  While we might like to think that there are people that generous in this world, it’s simply not a sustainable business model.  Click through to the rest of the post, and I’ll do my best to explain how these sites work, and why you shouldn’t (or maybe should) waste your time.

Where’s the Profit?

The first, and obvious, question when dealing with a site like this is where’s the profit?  How do you create a site that sells items for pennies on the dollar, and still make money?  It’s a simple trick, really, but most people will participate without even realizing what’s going on.  The trick is in what happens when a bid is placed.  When a bid is placed, a couple things happen:

1. The bidder loses some money.  For sake of argument, we’ll say $0.80.  Bids are purchased in “bid packs”.  More on this later.
2. The price of the item increases by $0.01.
3. The time to the end of the bid gets reset to anywhere from 10-20 seconds remaining.

Whoever wins the item then pays the final price of the item.  Now, let’s see this in action: let’s say there’s a 16 GB WiFi-only iPad2 up for bid (retails for $499).  The bidding starts at $0, and someone eventually decides to bid, boosting the price up to $0.01.  BUT, what also happens is that bidder loses one of their “bids”, which costs about $0.80.  Finally, the time remaining is set to 20 seconds.  After 15 seconds (there are 5 seconds remaining on the bid timer), another person bids.  The price is set at $0.02, this bidder loses a “bid”, and the remaining time is set to 20 seconds.  This process continues until the price of the item gets to… $18.47, the bid timer runs out, and the winning bidder pays $18.47 for the iPad2.  WOW! What a steal!  But, let’s look at how much money the website actually gets.

Remember that each bid costs the bidder $0.80.  If the iPad2 sold for $18.47, that means there were 1,847 bids placed.  Let’s do some math: 1847*0.80=$1,477.60!  But wait, there’s also the $18.47 paid as the final bid price.  That brings the total amount of money the site raked in for this iPad2 $1,496.07.  If the bidding site bought the iPad2 at the retail price of $499, that means the site made a profit of $997.07! That’s a $1,000 profit margin for one item.  Sites like this sell multiple items in a day.  That means huge profit margins, for little work.

What are these “Bid Packs”?

When you sign up for a site like Quibids, before you can start bidding, you’ll be forced to buy your bids, as outlined above.  When signing up for Quibids, you must buy a “starter bid pack” for $60 which gets you 100 bids (quibids charges $0.60/bid, other sites vary).  From this point, regardless of whether you win anything or not, you’ve spent $60.  You could easily spend all 100 of your bids without winning any items, which means you’re out $60 and have nothing to show for it.  If you finally do win an auction… congratulations!  How much have you spent buying bids?  Chances are, you’ve spent more than just the $60 on the initial bid pack.  Again, that’s if you win anything at all.

Unfortunately, I don’t have the $60 to spend on nothing right now, so I can’t tell what the bid pack options are after the initial buy-in.

So why isn’t it a scam?

It’s not a scam because QuiBids is very open about all of this.  Most people just don’t read all this information.  Additionally, it’s difficult to tell that you’re losing money when you’re just bidding, and, at that, only losing $0.60 each time.  By making the amount of money you lose each time you bid a trivially small amount, QuiBids is able to trick you into not realizing that you’re actually losing money and getting nothing.  This certainly sounds like a scam!  Again, though, people actually do win items off these sites, and they’re all very open about how this whole process works.

How can I beat the system?

Note: The following is complete speculation and guesswork on my part.  I take no responsibility for your actions following reading this.  This is an outside view of the process, and I could very easily be very wrong in this matter.

The trick to beating a site like QuiBids is simple, but lengthy: study.  Find an item you want, and look for similar items on the site.  Spend a month or two studying these items and figuring out how much they sell for.  With that information, you should be all site.  When the item you want is up for bidding.  Don’t bid until the item gets close to the average price you’ve found in the past month or two, and then bid to win.  If you study enough and save your bids, I figure you should be able to win an item.  Granted, you’ll spend $60 on the bid pack, then another $20-$50 for the item, so you’re still looking at around $100.  But, for an item that costs $600-$2,000, this is still a steal!  I figure a strategy like this should make you a winner.  Most people try to get in on the ground floor of these auctions, and hope they can get it cheap.  The trick would be to save your bids until the end, then bid to win.

Should I risk it?

This is a tricky question, and the answer is most likely no.  Odds are, you’re going to waste a lot of time bidding and get nothing in return.  If you have the patience to try my method outlined above, and can afford to spare $60, I would say go for it!  Best case scenario, you can get some item you’d like incredibly cheap.  Worst case, you’ve already said you have $60 to spare if things don’t work out.  For the average Joe, however, I would say it’s not worth your time.  Stick to paying full price for items you really want, or you’ll end up losing money without gaining anything.

For those of you who still haven’t heard, the bird is the word Google+ is Google’s new social networking experiment.  Their response to Facebook, if you will.  Google has more-or-less tried this before, with Buzz, but Buzz never really took off.  At this point, it’s difficult for me to tell what Google’s strategy is for how Google+ and Buzz will coexist.  Right now, they seem to be completely separate, yet strangely intertwined.  I have a feeling that as Google+ develops, it will eventually completely replace Buzz.

I hope this is helpful.  Unfortunately, I’ve left out screenshots for now.  I’ll try to get some in later this week to better illustrate what I’m talking about. Added screenshots July 4 @ 11:50 PM.

Now that you know what Google+ is, click through to read an overview of my view of the evolution of Google+, a review of the UI, and my general thoughts on things.

Evolution of Google+

While Google+ is an entirely new product at Google, it clearly combines past experiments to make for a more pleasant and combined experience.  This goes all the way back to Google Talk.  Granted, Google probably wasn’t thinking of leading up to Google+ all the way back when designing Google Talk, but Google Talk is still greatly integrated into the Google+ experience.  It has to be.  Social networking is all about communication.  My friends and I often complain about the poor quality of Facebook Chat, but I’ve never had a single issue with Google Talk.  From this standpoint, Google is starting on very solid ground.  Having a good instant messaging system is definitely a must for a new social networking website if it even remotely hopes to compete with the likes of Facebook.

However, Google was able to take this a step further than Facebook has.  Although there are rumors of Skype video chat being integrated into Facebook later this week, Google+ has video from the start thanks to Google Talk.  There are some good and bad points to this.  The good news is that Google+ handles video chat in the form of “Hangouts” which allow up to 10 participants in-browser, cross-platform.  The bad news is that this requires the installation of the Google Talk browser add-on (not just standard flash), but that’s a small price to pay.  Hopefully, this add-on won’t be required in the future with the help of WebRTC, but that won’t be for a while.

As noted above, Buzz also seems to influence Google+, but I have yet to determine quite how so far.  Right now, Google+ and Buzz do seem to operate as separate entities, but I wouldn’t be surprised if that changed by the time of official release.  When viewing a user’s profile in Google+, you have the ability to see their Buzz posts.  However, I have a feeling Buzz posts will soon be converted to Google+ “shares”, and that Buzz tab will disappear.

Another prevalent Google influence in Google+ is the “+1″ feature that has been around for a couple months.  +1 is Google’s version of the Facebook “like”.  You can +1 websites, posts, pictures, etc.  It’s a great way to quickly say “this is cool, check it out.”  Facebook users have been crying out for a “dislike” button for a while, and there is notably no “-1″ button in Google+.  Perhaps that’ll come in the future, though.

My last paragraph is much speculation on my part.  I believe Google Wave has and will have impact on Google+ also.  The only possible impact I see right now is the notification system, which now present in all Google products if you are signed in.  The bar at the top will instantly notify of relevant account activity.  I speculate that Google Wave had something to do with the code behind this notification system.  I’m also guessing that in the future, we’ll see more real-time communication and update ability in Google+ courtesy of what Google learned with Wave.

Relevant Concepts

Circles

How Google+ Circles Show Up

It’s difficult to write a Google+ post without talking about Circles, so I’ll start with that.  In Google+, circles allow you to organize your friends, and this organization is a basic idea of how social networking works in Google+.  This is something that Google has done right from the start, as opposed to Facebook, who have just recently implemented “Friend lists” that no one really seems to use and are a bit clunky.  The circles solution is elegant and beautiful: people can exist in as many different “friend circles” as you please.  The default distribution is: Friends — the people you know in real life; family — as much or as little as you want; acquaintances — people who you know, but might not want to share too many personal details with; and “following” — people you don’t know personally, but whose posts you find interesting.

But, you are not locked into this simple four-circle organization.  You can create as many circles as you want.  Perhaps, for instance, you want to separate high school friends from college friends.  Or have another circle for colleagues.  The organization is endless, but completely up to the user, and, to a point, enforced.  When adding someone as a friend, to use the Facebook terms we’re familiar with, you simply put them in a circle.  And by put them in a circle, I mean literally that: drag and drop their name into a circle.  The method is executed flawlessly, and is a great way to keep things organized.

Now, when posting content, you have a choice of who to share with.  Maybe something embarrassing happened that you’re happy to share with friends, but you’d rather not have your family know of.  Not a problem: simply only share that post with your “Friends” circle.  It couldn’t be simpler to share, but limit.

Hangouts

Hangouts are exactly what the name implies: virtual hangouts.  Creating a hangout is a way of saying “Hey, I’m bored.  Anyone want to hang out?”  This is the video chat feature of Google+, and, unfortunately, I really can’t say much of it because I haven’t had a good chance to try it out.  The feature definitely looks promising, though.  Hangouts can be limited by circle or by individuals.  From what I’ve seen, I’m not sure if Hangouts include IMing or not.  Unfortunately, the computer I’m using right now is old, slow, and lacks a webcam and microphone, so there’s little testing I can do in terms of the Hangouts feature.  It seems nice, though.

Sparks

Sparks seems to be a way to integrate Google Reader into Google+ — kind of.  Tell Google something you’re interested in, and it’ll bring up news relating to that subject.  From there, you have the option to share posts to your circles.  This seems to be a stripped-down non-customizable RSS reader.  However, it does give an interesting way to keep up on some topics from within your social networking site, and a good way to share news articles.  I haven’t found much use for it yet, though.

Profiles

What a Google+ profile looks like

Finding personal details about your friends is, of course, an important part of social networking, and it seems that Google has decided to make Profiles a big part of Google+.  Luckily, they’ve already created Google Profiles a while ago, so if you’ve filled out that, there’s not a lot of work you need to do to get Google+ set up.  Google+ also allows extended privacy controls for profile details.  Again, circles play a big part in this.

Privacy/Takeout

Take your data with you

Since many, many people have complained about privacy concerns with Facebook, Google has decided to let you control your privacy as much as you could possibly want.  Almost every aspect of Google+ can be privacy controlled by, you guessed it, circles.  This is a perfect way to do this, simply because of how elegant circles are.  There’s not much to say on this topic, because it simply works how you expect it to work — you can control who sees what.  There’s not much more you can ask for in terms of privacy control.

Along with Google+, Google introduced Google Takeout.  Takeout allows you to easily export your data from Google, in order to either back it up or take it somewhere else.  Google is very open about this: they want to provide you the flexibility to own your data.  This is something, again, that people have complained about with Facebook.  Finally, with Google+ and Google Takeout, you actually own your data — not Google.

The Interface

Google+'s left panel on the "Stream"

One word: elegant.  Google is working on a cross-service redesign of its user interface in order to make an overall more elegant, simpler experience.  Google+ is the glue that seems to tie all this together, along with the driving force behind it.  It seems that Google wants you to stop thinking about its separate services as separate services, and start thinking about them as one website.  I think that in the future, more and more services will start to integrate themselves into Google+.  The Google+ bar and redesign are just the beginning of this.

Right now, the Google+ bar (the bar at the top of Google) simply allows access to Google+ notifications from any Google service, but, again, I feel that we’ll see an overall more streamlined cross-service experience in the future.  Right now, Google+ notifications are awesome in the fact that you don’t have to leave the Google+ bar in order to see notification details.  This is another plus for Google.  Facebook notifications require you to go to whatever relevant page the notification is for in order to see what the notification is telling you.  The Google+ bar doesn’t require this.  Click the notification number, click the notification, and relevant details will slide into view in the top right corner of your screen, without having to leave the page.

At first, I wasn’t sure I liked the color choices in the new design — everything is very muted, orange and grey with some blue highlights — but it’s growing on me.  The whole interface is, in fact, very clean, and the color scheme works.  It’s Google’s way of drawing your focus away from the design, and towards the content.  It’s not the overall design of the website that’s important, it’s the content you’re sharing and that’s being shared with you.

Mobile Experience

Of course, no modern social networking site could ever become popular without some kind of mobile experience.  Currently, the Google+ mobile experience is limited to Android phones, but that will change in the future.  Luckily for me, I now have an Android phone, so I’ve been able to play with the Google+ mobile app a bit.  Let me first say this: it is way better than Facebook’s mobile app.  The app runs smoother and works better overall.  Here’s a couple key features from the mobile app.

Instant Upload

This is awesome.  The idea is that you can have your phone instantly upload any pictures you take to Google+.  Then, later, when you’re at a computer, you can choose which pictures to share, and organize your photos.  Take anywhere, deal with later is the motto here.  While cell phones are great for taking pictures on the go, computers often work better to do the heavy lifting of organization and describing.  Now, you don’t have to worry about choosing which photos to upload.  Simply upload all of them, and worry about which ones you want others to see later.

Huddles

Huddles are the mobile, text-only version of Hangouts.  This is where I’m slightly disappointed.  Hangouts and Huddles are two completely separate entities; Huddles are mobile-only, and Hangouts are computer-only.  From this standpoint, there is no cross-over between the mobile and the computer experience, which is extremely disappointing.  I hope this changes in the future, because there is no reason that some of your friends should be left out of a conversation just because of whether or not they’re sitting at a computer.  I really hope to see a bigger cross-over in this respect in the future.

The Review

The Good

Overall, I’ve come to like Google+ a lot more than Facebook.  From a cleaner way to organize friends, to a cleaner interface, to some new features that just plain work better than Facebook.  On top of that, the fact that it integrates with Gmail means that I need one less tab open when browsing.  I also like status sharing a lot better on Google+.  Facebook does let you customize sharing with friends lists, but this is a recent after-thought.  In Google+, this is built-in from the beginning.  On top of that, Google+ status seem more multi-purpose than Facebook’s in that you can location tag any status update: pictures, videos or links.

Circles are by and far the best feature of Google+.  Being able to categorize my friends is a great way to manage them, and the way Google enforces this categorization is elegant.  The notification system also works perfectly.  With a modern browser, there is no reason to leave a web page to get content from another page, and Google’s notification system does exactly that.  No matter what Google product you’re using, not only can you see notifications, you can see the content behind the notification without leaving the page.  This is something that isn’t implemented well in Facebook.  In order to view a notification, you really have to stop whatever else you’re doing in Facebook, and view the notification.  Not so in Google+, and it works beautifully.

I really like the workflow of Google+, but I will also admit that I’m still getting used to it.  Every now and then, I find something that might not work quite how I expect it to, but I haven’t encountered any unreasonable behavior.  There are a couple paradigm shifts I’m still getting used to, but, again, that’s not necessarily a bad thing.  Google+ has no wall to speak of, you simply restrict who you share a status update with.  Additionally, private messages have been done away with in favor of e-mail.  Events are non-existent due to Google Calendar.  Features that we take for granted in Facebook are hidden due to their presence in other Google products.  I predict that, over time, this integration with other Google services will become more and more transparent.  But, then, I’m stuck in the mindset that separate Google products are separate websites.  It’s obvious that Google wants me to stop thinking about them this way.

The Bad

I’ll admit: I don’t see much wrong with Google+.  On top of that, a lot of things I do see as “bad” are only “bad due to being different in comparison with Facebook”.  Although, this will be a large hurdle for Google.  It’s difficult to convince people that the way they’re doing things is wrong, and that you have a better way.  If Google is able to do this, they have a chance to take over, or at least make a dent in, the social networking market.  Until that happens, however, people won’t change their ways.

As stated above, I’m a bit disappointed in the separation in the mobile and web experiences.  I see no justification for Huddles and Hangouts being entirely separate entities, so I’d like to see these two drawn together more.  I understand that you might not want to allow video chat on mobile devices, but that simply means that you should allow text chat on browsers and integrate Huddles into Hangouts.  As it is now, Huddles are a mass text-messaging system, with “Reply All” being the only option.  This needs changed to Huddles being integrated with Hangouts so everyone can communicate regardless of location and device.

Overall

Overall, I’ve really enjoyed using Google+.  I’m really hoping that more of my friends will migrate to Google+, but I will also admit that I’ll be surprised if that happens.  There’s a possibility that the transition from Facebook to Google+ could be similar to the transition from MySpace to Facebook, but I think that would require Facebook falling behind in technology.  And, let’s face it, Facebook isn’t letting that happen.  Right now, what’s going to cause people to switch is how Facebook handles privacy, and that simply isn’t a big enough argument for most people.  At this point, I’m stuck using both networks, because most of my friends aren’t on Google+.  Unfortunately, that means I’ll keep using Facebook more than Google+, which means the switch will never happen.

Google+ does a lot better than Facebook, and provides a smoother, cleaner, more elegant social networking experience.  But, until Facebook actually falls behind, it will stay in the spotlight because people will see no reason to switch.

For now, if you want an invite, post your e-mail address and I’ll see what I can do

1. This is a semi-technical post.  It assumes some knowledge of programming and how software works, but I’ll try to keep it as simple as possible.
2. I’ve done my best to not give away what application I’m writing about.  This is on purpose.  While this is an interesting look into hacking software, getting around DRM is, to the best of my knowledge, illegal.  This article is actually about reverse-engineering, not cracking software.
3. If the author of this application finds this blog post and thinks I’ve given away too much, they should please e-mail me and I’ll take it down.  If you think this article is about your application and it is not, however, I will not remove the article.
4. If you like software, buy it!  Seriously… software developers need to eat, too!

Now, let’s get into the bread and butter of this article!

There’s a certain piece of software that I’ve used once or twice, each time with wonderful results.  It really is well-written, it’s just a bit expensive for how often I use it.  Luckily, it has a free 15-day trial, so I’ve been able to use that occasionally.  However, I wanted to see if I could do more than that.  I wondered if I could break open the licensing for this software, figure out how it works, and bypass it.  As it turns out, it was easier to just give myself a license, but that doesn’t come until the end.

The download page for this particular software notes that it requires Java to run.  Since I know of a java decompiler, and I’m familiar with Java, I figured I’d be able to decompile the source code and get to hacking.  However, the software installs to an exe.  So, my first question is this: where are the class files?  Those familiar with Java should know that one writes a .java file, then uses javac to compile that to a .class file, which is executed by the java interpreter.   Luckily, the class files I was looking for were hidden right inside the exe.  Even more, 7-zip had no problem opening the exe as an archive and exposing those class files.

So, now I’ve got the class files and a Java decompiler.  Let’s get to reading source code!  This part gets a bit tricky.  I discovered very quickly that the source code was run through an obfuscator before being compiled.  An obfuscator is an application that takes easy-to-read code, and makes it close to impossible to read.  There’s a couple tricks obfuscators generally use to do this.  Whatever obfuscator was used on the application I’m decompiling, however, only seemed to do one thing: it took all variables, class names, method names, etc., and renamed them.  It started with A and went to Z.  This makes code very difficult to follow, because classes and variables are usually named to describe what they contain.  For example, if there was a method to verify a license, it would be called… verifyLicense.  This would be an easy method for me to search for and change.  Now, instead of looking for something to do with licensing, I have to figure out what code executes, and go through it line-by-line.

So, I start looking through classes, thinking perhaps I’ll find something useful.  Lo-and-behold… I did!  There was a class staring right at me named “Startup”.  Looking inside that class, it had a “main” method.  Perfect!  So, I start looking through code.  Luckily, jd-gui is able to link to other classes where necessary.  So, instead of attempting to figure out which “A” a certain line of code is referring to, I just click on the “A” and I’m taken right to the relevant code.  This made my job a lot easier.

As I’m going through the code, I notice a lot of it is just initializing the program.  A couple threads created, variables populated, etc.  Then, I notice an if statement.  This if statement takes me to another class which I notice contains the code for creating the licensing dialog.  Perfect!  Essentially, this if statement checks for a valid license, and if false, displays the licensing dialog.  So… all I need to do is remove this if statement, compile the code, replace the class in the exe and I’m done right?

As it turns out, not so right.  I was able to change the code, but compilation was another problem in and of itself.  First off, since a package already existed with the name of the package this class belonged to, I had to leave out the “package” line.  I figured this wouldn’t be a big issue and moved on.  Next, I realized that the java compiler I was using had much stricter class-package name standards.  It wouldn’t let me have a class which shared a name with a package.  So, if I had package com.truejournals.D.E, containing classes A, B and C, I couldn’t have a class named com.truejournals.D.E.  This is a huge problem, as the entire obfuscation process seemed to ignore this.  In order to get around this, I would have to refractor almost all of the code.

I’m not sure how… but by removing an import or two, I was able to get the code to compile.  Replacing it, however, proved to be another challenge.  Using a resource editor, I found a jar file inside the exe.  I was able to extract that jar file, and was greeted with all the class files I found when opening the exe with 7-zip.  So, this is where I needed to replace the file.  After finding how to do this (7-zip won’t do it… jar uf will!), I was able to put my class file inside the jar.  Now, all I had to do was place the jar file back inside the exe.  However, the resource editor I was using wouldn’t let me do this.  So, I found another that would and was able to replace the jar file.

Now… the moment of truth… I open the exe and… nothing.  Nothing pops up on my screen, so I open task manager.  Turns out, the process is just sitting there idling.  Perhaps there’s another check somewhere, or perhaps the exe is just rejecting my self-compiled class.  Either way, it looks like I need to find a better way to do this.  What if I could, instead, create my own valid license?

By following the methods in jd-gui, I was able to actually find the code that checks the license.  Here’s an outline of how this process works:

1. When you open the application for the first time, it creates a file in your application data folder.  The name of this file is the md5 of your computer name with a couple more characters tacked on the end.  The content of this file is a bunch of random uppercase letters with a couple dashes thrown in.
2. When you enter a serial number, a string is created with a couple pieces of information, separated by ||| (three bars).  The information contained is: the serial from an older version of the program, the serial number you entered, the contents of the file from step #1, your computer’s host name, and the version of the application.
3. This string is encrypted by DES-ECB with the first eight characters of the md5 of a key stored in the program’s code, and sent to “license2.php” on the website the application is hosted on.
4. license2.php generates a response, which is read by the application.
5. The response is first decrypted using DES-ECB with the first eight characters of the md5 of the contents of the file from step #1 as the key.
6. This decrypted string is then decrypted again using the same key used in step 3.
7. The fully decrypted string is checked.  The first character is a key validity checker: 0, 1, 2, 3 or 5 seem to represent a valid license, perhaps some of these with restrictions.  0 seems to be a fully valid license.  The rest of the decrypted string must be the serial number sent to the server.  Although, this only seems to matter if the first character is a 0.
8. The encrypted response received from the server is stored in the settings file of the application for future offline license verification.

Since I now knew that a valid license string is stored in the settings file, all I have to do is generate my own in the right format with the right encryption.  At this point, I have two options.  Either I can run all the encryption once and generate a perfectly valid license for my computer, or I can create an application that will read the special file from part #1 above and generate a valid license.  I chose to go with option 2.

So I opened Visual Studio and went to work, coding in C# because it’s what I’m most familiar with from Visual Studio.  After a lot of coding, and a lot of debugging, I was able to create an application that writes the settings file with a valid serial number of 1234.  To be honest, I have no idea what a valid serial number for this application actually looks like, but that doesn’t matter — the program doesn’t care.  If the stored license works, it’s happy.

I’ve run this application on two computers now, with stunning results: it works!  A click of a button and a little waiting gives a valid license for this application.  Overall, I’m very happy with how this came out.  Normally, application cracks either patch an exe or generate a valid serial number, then disable online checking.  However, neither of these options seemed to work for me, so I came up with the next best thing: generate a valid license.  This was an intriguing look into a licensing method for a piece of software, and a great way for me to explore some code.  It’s unlikely that I’d ever be able to use this same methodology to crack another program, but I’m still glad I went through all the trouble to figure this out.

This brings up an interesting opportunity for some new domain uses we’ve never seen before.  Imagine, for example, that Canon bought .canon.  Sure, they would probably setup store.canon and support.canon, but what if we thought outside the box a bit more?  What could we do with an unlimited supply of .canon domains?

Here’s what I imagine: (serial number).canon.  What if instead of stumbling though a support site to find support for your product, you could just type in the serial number, followed by .(brand), and be given support information?  This is something we’ve never been able to do with traditional TLDs, buy company-oriented TLDs would make this simple.

What about tracking numbers?  Google makes it simple to get tracking information from almost any shipping company (just search Google for the tracking number and you’re given a link), but custom TLDs could make this even easier.  (tracking number).ups should take me right to the page to figure out where that book I ordered is.

How about finding out what’s around you?  It’d be neat to see some company snatch .gps, then allow some standard coordinate format to give a map and perhaps some useful information about what’s nearby.  Perhaps .gps could also allow city names.

Maybe you want to know the weather.  (City name).weather should be able to take you right to useful information.

Opening up the allowed TLDs allows a world of possibilities.  I’ve just listed a couple simple examples here, but I’m sure folks that are much more creative than I could come up with even wilder examples.  What would you like to see done with this new world of domain names?

Now, people who know a bit about the Internet and gaming might immediately claim that this is a bad idea because the lag would be HUGE.  Well, I have no idea how they did it, but OnLive has created a system where lag simply isn’t an issue.  Granted, it requires a good high-speed Internet connection, but as this becomes more ubiquitous, OnLive will be accessible to more consumers.  Another neat thing about OnLive is that you can play a free demo of most of their games.  Essentially, they give you (I think) 15 minute access to the game, so you can start to try it out, but your time will be up just as you get interested.  Finally, this should theoretically allow completely cross-platform gaming.  There is no Linux or Mac client currently, but as soon as one is created, you should be able to play any game in their catalog on any computer, with no extra work for the game creators.

Now, here’s what I think is wrong with OnLive: it’s DRM to the extreme.  One of the main concerns of DRM is what happens when the servers go down?  When the activation servers for popular games are finally taken offline, what will happen to people who own the game?  They simply won’t be able to install it anymore, and, therefore, the game will be useless.  Well, what happens when OnLive finally goes down (and I do believe that it will, sooner or later, die)?  All those games you paid for will be gone.  You’re not buying these games, you’re renting them.  And when OnLive is charging more for the game than it costs to OWN the game (compare Assassin’s Creed II — http://www.onlive.com/games/featuredgames vs. http://bit.ly/gvUQnY), it doesn’t seem right that you don’t actually OWN the game.

If OnLive can come up with an agreement with the creators of the game to give you a downloadable copy of the game IN ADDITION to the OnLive version, the price premium will be warranted (and they could even charge $5-$10 more for the game).  Until that time, OnLive just isn’t worth it.

What are your thoughts on OnLive?

Comcast’s caller ID encryption has been broken!  It’s actually a very simple AES256-CTS encryption.  The tricky part is getting the key and the caller ID information.  Getting the encrypted information is actually very simple: just connect to the right XMPP server.  Getting the key, however, requires decrypting a flash file.

Anyway, with the help of a guy who calls himself Henry (if you want any more credit/a link to your site/whatever, let me know!), I’ve gotten a small python script working which will connect to the correct server and listen for the encrypted info.  When it’s found, the information will be decrypted, and displayed in the terminal.  Basically, we can get the unencrypted information!  From here, it should be trivial to do whatever we want with it!  I plan on attempting to write a Network Caller ID server with the current code as the base, but I’m not sure how much time I’ll really have to work on that/how far I’ll get.

Anyway, you’ll need this zip file and the salt Comcast uses.  In the interest of not getting sued, I’m not going to post the salt here (I’m attempting to come up with a tricky way to generate the salt currently…).  You’ll need to grab the correct SWF file, decode it, and find the salt.  The air app can be downloaded from here.  This is actually just a zip file.  Inside you’ll find a bin folder, and inside that, you’ll find cid.swf.  Decompile this file with whatever flash decompiler you want.  In the actionscript in this file, you’ll see a package “com.machenmusik” and a class “CM_IM_Decrypt”.  In this class, look for the following code:

com.hurlant.util.Hex.fromString(theSalt != null ? theSalt : “(…)”)), arg1);

I’ve put a (…) where the actual salt is.

Last steps to get this working: open up decode.py and place the salt where it says “PLACE THE SALT FROM COMCAST’S AIR APP HERE”, and open test-combot.py and place your comast username and password in that file.  You’ll need the python twisted library, and the M2Crypto library installed, but that should be all you need!  Run test-combot.py and you should see caller id information coming in when you get a call!

Good luck!  Thanks to everyone who helped with this!  If you found this helpful, please consider donating something!  Just click the button on the right!  If you have any questions/comments, I’ll do my best to answer them!

[edit]Here’s a Comcast to NCID gateway, written in python… Complete with init script for Linux!  Thanks here goes to Feathers!  Just grab this zip file, set the correct variables in the python script, and place the other file in /etc/init.d!  Note that you’ll need the previous zip file to take care of the decoding work — this script is just the interface between Comcast and NCID.  Thanks to all who helped with this!

First, let’s go into some background on the Comcast case.  A year or so ago, Comcast decided that its network was being congested by too much P2P traffic; namely, traffic from the BitTorrent P2P protocol.  So, they decided that they would clear their network of this congestion by carefully denying BitTorrent connections.  They did this by looking into the traffic that BitTorrent was sending over the network, and sending back false information so that connections to peers would fail.  The actual details of how this was done is outside the point of this post.

After some outrage from Comcast customers who used BitTorrent, the FCC decided it would step in and tell Comcast to stop or suffer consequences.  As soon as this happened, there was some question about whether or not the FCC actually had the power to do this.  But, the case went to court and a judge decided that the FCC did have the power to do this, and that Comcast had to stop denying BitTorrent connections in this way.  This was a major win for users of the Internet: the court decision basically meant that your ISP can’t deny you from accessing information on the Internet.

However, the case was appealed by Comcast because that’s just the way the US legal system works.  The appeals court reversed the decision of the first court, and decided the FCC did not have this power, which is true.  Currently, the FCC does not have power to do anything about network management on the Internet.  Because of this, their decision to sanction Comcast for shaping the network was not allowed by any law.  So, the clear answer to this conundrum is to have Congress pass a law which would give the FCC this power, right?

In my opinion, yes.  This is the essence of Net Neutrality: give the FCC the power to force ISPs to be neutral, that is, to allow users to access any website, with any protocol.  This is the current spirit of the Internet: that anyone can access any part of it, and that it’s easy for someone to create a new site that becomes an overnight sensation.  The idea of an open Internet is not possible without Net Neutrality.  So, why hasn’t this been an issue in the past?

Probably because it’s never needed to be an issue.  As users start using more bandwidth, ISPs are looking for ways to get more money.  If there is no law forcing the net to be neutral, then ISPs can manage their network however they want.  Let’s say, for example, that your ISP partners with Google and Wikipedia.  Your ISP’s basic package will allow you to access these two sites.  Want to use Bing, or Yahoo!?  That’ll be an extra $20 a month.  Want to access any website you want?  It’ll cost you.  We’ve created a situation where innovation is stifled on the greatest frontier for innovation.

One of the great things that has come out of the Internet is small businesses.  A small business can easily create a website with a good product, and become big.  Without Net Neutrality, this becomes very difficult.  A small business would first have to give some money to your ISP in order for you to be able to get to their site.  But, remember that there are multiple ISPs, and the small business would have to pay all of them to reach all their potential customers.

It’s possible, however, that competition wouldn’t allow this to happen.  One ISP would have to be “the first” to implement a pricing scheme like this.  If consumers voted with their dollars and switched ISP if this happened, then ISPs everywhere would be sent a message that this is no way to run a business.  Unfortunately, however, I have a feeling that most people would just go along with it without knowing any better.  After all, the big sites that people actually use would be able to afford the fees an ISP would put on them to get to their user base.

So, what do we do?  Check out http://www.savetheinternet.com/ .  Find out what net neutrality really means, and join the fight to keep the net neutral!

[Note: I had originally written this post on April 11.  I think it's finished, and reading over it, it does seem finished.  I'm really not sure why I never published it.  Perhaps I was going to add more... I just don't remember now!  Oh, well... better late than never.  News since this post: Google and Verizon's Net Neutrality proposal has many outraged.  I haven't looked into it much, but I'll see if I can poke around it a bit more and write a post about my thoughts.]

Eventually, I decided it would be fun to go see Inception at the midnight premier.   The only other movies I’ve seen at their midnight premiers are Harry Potter 6, and Avatar.  Both were just awesome movie-going experiences.  If you’ve never seen a movie at midnight, it’s really something you should try once.

Anyway, I’m glad I went to see Inception, because it really is a great movie!  The problem is… seeing it so early left me no one to discuss it with.  So, I’ve been scouring the Internet for opinions and discussions.  After reading quite a bit, and fueled by inspiration from an article on CinemaBlend, I’ve decided to write my own small FAQ for the movie Inception.

DISCLAIMER: This article contains major spoilers.  Please, please, please do not read this until you’ve seen Inception.  The film is very enjoyable if you go in with an open mind.  Reading too much about it before seeing it could kill the whole experience.

What is limbo?
This seems to be a very confusing point.  I can’t claim the view I hold as my own, because I read it somewhere, but I don’t remember where, so I can’t give credit.  Let’s make this clear, though: limbo is not a description of a place. Limbo is a description of a state of mind.  Limbo is where your mind goes when you forget that you’re dreaming.  For most of us, this is the normal dream world (kind of).  You brain enters limbo when you, for example, die within a dream within a dream, you forget you’re dreaming, so your brain enters limbo.  Because you died, you expect to go back to reality, but really, there’s another layer of dream left, so you get stuck in limbo.

How does your brain get “burnt out” in limbo?
This is a tricky one, and I hope I’m getting it right.  You can only get burnt out by coming back to reality.  The problem is that your brain thinks you’ve experienced many, many years, while in reality, you’ve only experienced a couple hours.  The sudden realization that you’re not old can cause your brain to get confused and “burn out”.

How did Saito get to limbo?
Saito was shot in level 1, the van, but died in level 3, the snow fort.  So, his brain got stuck in limbo, where he lived until he became an old man and Cobb rescued him.

In the end — dream world, or not?
This is the trickiest question of the movie, and I really do believe it’s up to individual beliefs.  However, let me attempt to explain my viewing of the movie.  In the end, Cobb is in limbo, meaning he is still in the dream world.  I think that when he was put under the first time by the chemist, in order to test the formula, we never actually saw him wake up.  Evidence:

• After this, we never actually see the top fall once spun.  Right away, Cobb tries to spin the top, but it’s knocked off the table, so Cobb can’t finish his test.
• Cobb’s children at the end are the same age as in his mind.  Cobb has been gone for quite a while.  Shouldn’t his children have aged at least a bit?  At the young age they are, even a couple months should show a difference in appearance.

Just to be fair, though, here’s some evidence against this theory:

• Cobb never seems Mal unless we see him go into a dream.  Refute: perhaps Mal only appears once he’s two layers into the dream world.  Or perhaps his subconscious just doesn’t let her interfere.
• Cobb isn’t wearing a wedding ring at the end of the movie.  If you pay attention carefully, Cobb is always wearing his wedding ring when he’s in the dream world.  At the end of the movie, however, Cobb’s wedding ring is absent.  Refute: this could be a product of Cobb accepting his wife’s death.  Even though he’s still in limbo, she’s no longer bothering his subconscious
• We see the top wobble a bit at the end.  Refute: kind of hard to say on this one.  Although, there are some that claim the top didn’t wobble.  It was very subtle.  I think that even in the dream world, the top wobbles while it’s spinning forever.  We just didn’t see it long enough to balance itself out.

And that’s all I’ve got for now.  Something else confuse you?  Let me know, I’ll see if I can answer it.

Wait… WHAT?  The hardcover is actually CHEAPER than the Kindle version?  I’m going to ignore shipping for argument’s sake.  This means that it costs less to cut down a tree, turn that tree into paper, print words on the paper, and glue the pieces of paper together than it does to send you a bunch of ones and zeroes.

Can anyone explain this to me?  I mean, really.  I’m pretty sure writers type on computers in today’s world, and I’m sure Amazon has some software to automatically take whatever and turn it into a Kindle book.  Of course you’re in part paying for the development of such software, but there’s a LOT more to a hardcover book than there is to a digital copy of the same thing.

Don’t get me wrong, I think the Kindle is an awesome platform, and I hope we see more and more e-readers.  But, until the pricing scheme gets fixed… they’re not going to take off.