Publishing noob

Notes and observations from the world of book publishing

Archive for the category “Information technology”

Integration, innovation and the swedes

English: This image is a reproduction of an or...

Image via Wikipedia

This winter has been the worst in my short life when it comes to common colds. I guess this is my fifth so far, this time with fever. I have tried to wash my hands, eat properly and exercise. That is the downside of the otherwise enjoyable finnish winter. While being sick for the past couple of days I had plenty of time to read. So I got my hands on Isaac Asimov‘s Foundation series. I found it interesting that Asimov visioned e- and audio books back in 1952 by describing “bookshelf with cards, which you can then read or listen aloud from a television like machine”. Close enough for me.

Now back to more current issues. The Federation of the Finnish Media Industry announced an innovation competition back in november called ThinkInk.  The target was to innovate new products and services that would benefit the printing industry. I am a keen supporter of so-called open-data and Service Oriented Architecture in general. What I noticed when working in the printing industry, it was not utilized much as it could have been. So my application was about creating a general interface for all the parties that would like to turn their digital content to a printed form. The main idea was that creating an easy and cost-effective API to print service providers. Digital content producers could then monetize their content by selling physical products and print service providers would get some completely new revenue. We will see how it goes in March.

Other interesting things have been happening as well, that is the main reason I have been not updating the blog lately. As all following the scandinavian publishing industry know already, Bonnier has now finalized the acquisition of WSOY. A new Bonnier Books Finland will be formed, which will provide core services like HR, financial services, IT and so on to the actual publishing companies. I will be working there so it is going to be interesting and rather busy year.

iTunes Partner Program for publishers aka iBookstore

I was happened to be involved in the process of acquiring an publisher account for the iBookstore since they are now expanded to Finland as well. And boy it was not was easy. First of all, you cannot use your existing Apple Developer Account, but instead use another one already registered in iTunes. For this I had to use my personal account.

Another woe is the requirement to obtain an U.S. Tax ID called Employer Identification Number or EIN even for foreign entities that have no business in the United States. They use it for the sign-in process and it has nothing do with actual taxes, since all payments will come through Apples subsidiary located in Luxembourg. The process took quite a while, since foreign entities cannot receive the EIN instantly over the phone. Not to mention faxing documents all over, that is so 90s.

This makes it interesting for European publishers, since in Luxembourg e-book taxation is way lower than most of the EU countries. I have wrote about this European taxation issue earlier. Seems like now in things are happening around this issue, since Luxembourg will drop the VAT rate for e-books to 3% and in France it will drop to 8% from the earlier 20%. is registered in Luxembourg, so we might even see this reflecting to the e-book prices. In any case this means better margins for the authors and publishers.

There was also an interesting set of questions presented for the publisher during the registration process. They asked non-binding information about the amount of active titles in the print catalog, how many e-books we have published so far and how many e-books we have not published, even though we have the rights. This was probably just to give  some idea about the publishers potential, but probably also to promote their Apple-approved aggregators who do ePub conversions and so on.

Now after I have registered to the Apple AppStore and iBookstore, I would ask Santa that those backend services would have the same great UX as in Apples consumer devices.

Amazon usability woes

I did some shopping again at the Amazon website and once again I was facing some major and minor usability flaws. I mostly get my books from elsewhere so there might be something between six months to a year between visits. I always secretly hope that they would improve meanwhile, but no.

My biggest complain is the clutter in the layout. For example look at the Books category page. Amazon is probably lying more on brand and all the long time customers know from their heart where all the relevant stuff is, but for a casual visitor like me, it’s very confusing. There a hundreds of links and around twenty or thirty buttons scattered all around.

Generic product category pages. I was trying to check if I could find a proper reading lamp to the bedroom while I was at it. But the Lamps & Fixtures section was so tedious to navigate, so I finally gave up. I pretty much knew what I was looking for, but could not effectively use the search & filtering functions provided.

Non-SEO optimized URLs. Here is the link to the e-book version of The Hunger Games, I think this is kind of self-explanatory.

Plain text only confirmation emails. The order confirmation emails are boring looking, messy looking and is way too long. Where is the “track your order here” link? Why not make it visually appealing and use it for up and cross-sell?

Maybe I have been harsh on the big boy, because there are some things I actually like. But that is an another topic.


Password security through obscurity

Lot of buzz has been around computer security lately. Steam just announced that their forums had been hacked and now in Finland, AnonFinland has released snippets of email addresses, social security numbers and passwords they claim to be legit. The story might go on if they happen to release combination of these lists. I just happened myself to start a better password policy couple of months ago, so I decided to write little about how different services store passwords and how you can get little more security by using simple and free tools. Skip the technical part, if it is not your thing.

About passwords and encryption (technical part)

Traditional way of storing password was plain-text, so anybody who got unauthorized access to the database had all the passwords in their plain sight. Basically it would need zero effort for the attacker to utilize the passwords. This is considered a very bad practise now days as all systems should store all sensitive information in encrypted form.

The next best thing are hashed or one-way-encrypted passwords. Hash is a string of characters, that is formed from your original password through an encryption algorithm. Only this hashed string is used, so the original clear text password is never saved to the database. After you input the password, hash is calculated on the fly and a match is made to the database. If the hashes match, you are granted access. This encryption works in a way that the encrypted password cannot be reversed back to the original password. For example, the MD5 hash of the password “password123” is “482c811da5d5b4bc6d497ffa98491e38”. MD5 is name of one encryption method, SHA being one another.

This method is not secure because now days we have a lot of computational power in our reach. WIth a typical home PC, one can try millions of different passwords per second. So let’s assume you got the database though a security hole, you could try all different passwords, calculate a hash and check them against the database until you find a match. This is called brute-forcing, since it is not a very advanced method. To make brute-forcing even easier, people have created ready-made list of hashes for a large set of different passwords. These are called the “rainbow tables“.

Also the encryption methods themselves have flaws in them. For example MD5 has been proved to have a flaw called “hash collision“, where two different strings would produce an identical hash. This means, if the users password was a certain string, you could as well use the one that creates an identical hash.

One method to get around these flaws is for services to add extra string to your password, one that only the authenticator knows. This is called a “salt”. For example you might add a salt “z9G=p/\jum_Z;mg-y9cPqhfN-” to the user input. So the hash would be created then from the string “password+salt”. If this salt is kept secret and secure, it nullifies most of the brute-force and rainbow table methods mentioned before.

Password essentials

  • Use different password in different services
  • Choose a complex password (long password with special characters or password phrases that are easy to memorize)
  • Use two-factor authentication when possible
  • Change your passwords periodically

I cannot emphasize the first point enough. My Steam account might now have been compromised and they have my credit card information. But because I use different password in different services, at least the crackers cannot get access to any other services with the same password. So my damages are limited.

I can hear a lot people saying that it is just not possible to remember complex password. That is the main reason to reuse the same passwords over different services. One option would be to create easy to remember pass phrases instead of short passwords, which are more secure just with their length. I preferred to store all my passwords in a centralized password management software. It stores all my passwords in an encrypted form and it is unlocked by one “master password”. This master password has to be really secure, so I use a password phrase with combination of special characters. Please note that of course if someone cracked the master password, it would mean access to all the login information I have stored there. You can add two-factor authentication also here, meaning that you could create a separate key file stored only in your memory stick. It would mean that the cracker would need physical access to this file with your username and password. I use KeepassX, but there are lot of different options.

Services that are potential targets for people after personal information, like Facebook and Google (Gmail) offer two-tier authentication. It means that addition to the username and password there is an additional method to prove your identity. This is usually a one time or generated password list (Google) or a text-message authentication (Facebook). This means that if somebody had my Facebook password, they would still need to get access to my mobile phone somehow. Makes the difficulty factor to get access to my account exponentially. I really suggest you to enable the two-factor authentication in Google and Facebook, because it is really is not a nuisance. In both services, you only have to do it when they detect that you are logging in from a new or otherwise unknown computer. You can find the instructions from the Related articles below.

These steps will not make you 100% safe, but I am pretty sure you at least made somebody’s cracking attempts a ten fold harder.

SOA and the art of coding

There was interesting bit of news that was caught by almost all news sites. It was a Google Developer who accidentally posted a public rant about Google’s architectural designs not in a very nice way. It was supposed to be seen only by co-workers, but as we all know, soon as you post something in the internet, it is stuck there forever. I read the lengthy post and was pretty surprised how Steve Yegge managed at the same time burn bridges also behind him, but probably a few in the front as well. Calling your previous boss (Amazon CEO Jeff Bezos) a terrible leader and taunting your current employer about incompetence does not seem proper behaviour to me. Even though the post was not supposed to be public. But the post mostly contained how both of the big names are incorporating Service Oriented Architecture.

I have to admit, for a while I have been a big fan of Service Oriented Architecture or SOA and agile methods. To put it simply, instead of programs keeping all the logic and functionalities to themselves, in SOA they can be used as interoperable services. These services can be then utilized by any other programs. The benefits are quite obvious, like reuse and easier integration. Where as API is more an interface to a certain tiny function, SOA in its best can define the API of the whole organization.

In Steve’s post, he told how Jeff Bezos back in 2002 decided that all Amazon services should be built on the SOA principle. The execution might not have been perfect, but in the end it offered Amazon a very big competitive edge. Because Amazon already used SOA to provide basic infrastructural services, like computational power, databases and disk space internally, why not also sell it to outside customers as a trendy cloud service? And it has been a huge success. And if you happened to stumble upon the Facebook Developer page, you can see how much they have placed effort on making sure that  apps utilizing those APIs are popping up everywhere.

But if you choose this open path, I have to agree with Steve that you have to be ready to eat your own dog food. The two past posts have been mostly about IT, I promise to come back to book publishing next time!

Growing Up Geek

Commodore 64 computer (1982). Post processing:...

Image via Wikipedia

Engadget has run this series of post called “Growing Up Geek“, where the editors tell their story about becoming a geek. It has been interesting to read those stories, because they have a lot of resemble to mine. So here it goes.

I was just around five years old (1985) when a local appliance chain in my home town decided to sell “real computers” for a really cheap price. For reasons unknown, by parent decided to get one. Maybe because my mother had worked with hole cards and mainframes in the 70’s. The computer was called “BASIC 2000“, which had a 3,25 MHz processor with 1 kilobytes of memory. Just to give some perspective to non-technical persons, I have a memory stick in my pocket, which can store 32 billion times more information and my iPhone has probably over one million times the calculating power.

The computer’s operating system was only a simple BASIC-interpreter, which meant that only thing you could do was simple  programming. As you can imagine, this was quite hard for a five-year old who could barely read and write. Somehow I managed to copy the code listings that came with the manual. One of them was a racing game, which took few hours to type in and even the smallest  typo could mean that you would lose of hours work. At one moment I had an eureka moment, noticing that the track was repeating itself and I found it hidden somewhere in the code. Then I made the track completely straight to get perfect score. But the learning curve was a bit deep.

Then two years later, Commodore 64 came to the markets in Finland and I got it as a christmas present. It was technical leap. External tape or disk drive, more powerful processor and a separate SID chip to produce sounds. It had the same BASIC interpreter. But the games, oh my god they were amazing. I remember waking up early on weekends to put in the game cassette in, typing LOAD “*”,8,1 and watching the hypnotic loading screens. Eventually you would spend the loading times reading comic books like Donald Duck.

Then around 1990, I got the Commodore Amiga 500. It was another leap in home grade computing. It provided my first experience with a window based user interface, called the Workbench. It had some cool tools for drawing, like Deluxe Paint which resembled Photoshop of the early days. Mostly it was gaming again, but I learned managed to create my tool diskettes with necessary utilities with disk copiers and antivirus tools. Somehow the computer started to feel a useful tool, in which you could write documents, spreadsheets and do creative stuff like music and graphics. I really do not know what happened to Commodore. Maybe I should get this book about it.

Rest of my geekdom is boring PC stuff with some Mac on the side. I was not much of an Apple fan, but the first iPod Touch kind of impressed me. It happened to be today when Steve Jobs passed away. I would say that Apple has clearly been the absolute trendsetter since releasing the first iPod and Mac OS X back in 2001. My guess is that Apple will have some hard times ahead, because lot of the products culminated to Steve Jobs and his visions.

During my 17 years playing around with computers I have also quite radically changed the way I see information technology. Before I would interested in technology itself but now when I see something new, I immediately start to think “what is it good for” or “what useful things you could do with it”. I think that information technology in general should help people to do mundane tasks efficiently to let them concentrate what they are good at, not wasting their valuable time.

Post Navigation

%d bloggers like this: