
How not using Internet Explorer put me out of touch and cost me dearly - tghw
https://www.blurity.com/blog/2012/07/13/how-not-using-internet-explorer-put-me-out-of-touch-and-cost-me-dearly/
======
gmurphy
In general, not using the platform your users use is a path to trouble. For
example, because so many designers in the valley use Macs, we continually have
to fight an OS X bias in our design process; when designing something, you
tend to calibrate it against what you're used to, but when OS X is only 5% of
the market, OS X-based designers of client software end up with a massive
blind spot when it comes to understanding what comes naturally to the rest of
the world.

One example is font and font size choices - because the system fonts and font
rendering styles differ between platforms, it becomes very hard to tell what
looks broken or 'not quite right' on the platform you're not used to. It's not
uncommon to see sites launch with font choices that look rubbish on ClearType,
but if you're not used to ClearType, it's hard to tell whether the rubbish is
your fault or not.

Apple's excellent execution and Windows' (no-longer-deserved) poor reputation
also mean you frequently hear excuses for this behavior like "Windows users
won't care because they don't care about design" or "The Apple way is better,
so we should do it that way on Windows too". Both of these are infuriating and
lead to terribly designed products.

~~~
justindocanto
5% of 'the market' does not translate to 5% of users on your site.

Depending on the site's demographic, as a developer, I see approx 15% Mac
users making up traffic. Not to mention an ADDITIONAL 25% iPhone users. That's
an average of 40% of apple traffic on the sites I work on. Some of which are
getting 30k - 60k hits a month. Obviously this isnt the same stats across the
board on all websites... but It is by no means FIVE percent.

~~~
einhverfr
Indeed. According to Google, something like 39% of viewers on my blog are
running Windows and 9% are running IE. There are more Mac and Linux users
together than there are Windows users....

Somehow I don't think this translates to the general market.

~~~
josephcooney
Right. This was a few years ago, but a major web-site that I was involved with
(+1M visitors per day) had more people running windows 3.1 than Linux.

~~~
andreyf
Windows 3.1, really?

~~~
josephcooney
Yup, really. I was as surprised as the next person.

------
tomjen3
While that is nice to know, it still smells of Raketeering to me.

"that is some nice software you have there, would be a shame if users thought
it was dangerous"

"pay a little money to one of these approved companies and that warning will
go away"

If MS was serious about this only being for security they could issue the
certificates for free and prove me wrong.

On the other hand, why is it that about 20% of users click past BOTH of these
EXTREEMLY scary warnings? Don't they read them at all?

~~~
SomeCallMeTim
>If MS was serious about this only being for security they could issue the
certificates for free and prove me wrong.

Make it too easy, and the scamware software will just get a free cert and sign
apps.

It takes some amount of effort, possibly by a human, to approve you to receive
a cert.

Even the "free" certs I've applied for have taken time and human interaction
on the side of the registrar, and I'm certain those certs are offered as loss-
leaders for their other products.

~~~
hobin
I'm unfamiliar with many of these certificates, but is there any reason such
'scamware' woudln't be able to get one even though it costs money? Because, if
they still can, they the whole certification business definitely seems like a
big scam to me.

~~~
dennisgorelik
When you pay money - you are leaving money trace which is likely to bite you
if your product hurts people.

~~~
yuhong
Yea, the SmartScreen filter is based on the reputation of the publisher, and
the certificate is used to identify the publisher for this purpose.

------
dmethvin
If you are creating a Windows binary and expect a user to download it, you
should be signing the binary. Period. It's not just IE that considers unsigned
downloads suspect, many antivirus programs do as well. If you are proud of
your work, sign it.

~~~
tommi
You forgot one step: "If you are proud of your work, then buy a certificate
and sign your work"

~~~
evolve2k
Anyone have opinions on good SSL certificate providers or do you agree with
the authors recommendation of <http://startssl.com> ?

~~~
Karunamon
They do what they say they do at a decent price. However, their web interface
_sucks_. Absolutely and completely sucks.

~~~
MichaelApproved
This is one of those times I miss the upvote counter on HN. I think it's
important for the makers of StartSSL to see just how many people agree with
you that their interface completely sucks. Without the counter, it just seems
like one person's opinion while I bet many people agree.

~~~
chris_wot
HN is not there for the marketing purposes of companies.

~~~
antidoh
HN and all other web sites are there for whatever purposes their users wish to
use it for, within the constraints of whatever actions are implemented on a
site.

This is one of the things that infuriates me about StackOverflow and its army
of article closing moderators. A real community will change its practices and
perceptions over time according to the needs of the community. If you have a
subset of people who decide what a site is for, forever and ever without
change, then it's not a community, it's a cast. Or it's a system of castes.

~~~
jcbrand
So if the community (through an influx of new users) decides that the purpose
of HN is to spread cat pictures and memes, you'll be cool with that?

~~~
antidoh
No, I'd probably leave. Unless the cats were really interesting.

------
Hario
I'm no expert on these sorts of things, but it seems like the story goes
something like this:

1\. Dev checks out his site using IE

2\. Dev realizes that IE users were getting scary warnings about his software

3\. Dev has to pay up money to a third company to make the scary warnings go
away.

Seems like a bad state of affairs to me.

~~~
CamperBob2
I'd love to hear how this isn't grounds for a product disparagement lawsuit.
Are any attorneys familiar with SmartScreen Filter?

A couple of relevant points that may be overlooked:

1) Signing your code, even with an expensive class-3 Authenticode certificate
from Verisign that allows you to sign kernel drivers, is no guarantee that IE
will not accuse you of distributing potential malware.

2) Contrary to various postings by Microsoft, there appears to be no avenue
for appealing IE's poor judgement calls. This happened to me a few months ago
-- again, with a signed .exe -- and all of the links on microsoft.com that I
followed to submit my download to a whitelist went nowhere useful.

3) Mentioned in the article but worth emphasizing: the ridiculous "This
application is not commonly downloaded" criterion almost seems designed to
penalize smaller vendors who release frequent updates.

This SmartScreen bullshit is one of those cases where if you're not outraged,
you're either not paying attention, or you're profiting from the scam somehow.

~~~
ascendant
Do you have a better idea? Signature-based malware scanning is a joke and a
half. I know CA"s can be gamed but unless you're proposing a better solution
then don't complain.

~~~
CamperBob2
Yes; they can do what they're doing now, but drop the scary language. Scaring
users with non-specific threatening language does not enlighten them.

Since it's almost unheard-of for malware to be signed with a legitimate,
unrevoked certificate, they could also afford to give signed executables much
greater leeway when deciding what to report to the user. People seem to be
assuming that signing the .exe is enough to keep the dire warnings from
appearing. That is not the case, or at least it wasn't the case a few months
ago.

Finally, they can provide a standardized method for whitelisting URLs (and
_not_ individual executables) instead of what they're doing now, which is
apparently nothing.

~~~
yuhong
They are giving signed EXEs much greater leeway, since the publishers is
verified by a CA, providing a secure base on which the publisher's reputation
is determined.

------
krobertson
Better subject: "How not testing my website with all browsers, even IE, and
ignoring metrics for months cost me dearly"

------
alan_cx
Just generally, and very simplistically.... buy this or we scare away your
customers.

Errr, um, sort of.....well.... Mafia protection racket, yes?

Put it this way. What is the first thing that springs to mind when some one is
scaring off your customers demanding, sorry, politely implying a payment to
stop?

Yes, yes, yes, I know. Security, user safety, lots of lovely logical arguments
for it, Im sure there are plenty. But strip it back to basics and, well, there
it is. I presume since MS is a big huge "evil" business which probably funds
some political rodent its all cosy and legal.

Its more complicated, right?

~~~
Maascamp
Or maybe cost of doing business? I mean, I can self sign SSL certs, so why
does the browser give me warnings on https URLs? Mozilla must be arm in arm
with Verisign. I'm shocked an open source company could be this evil. I will
never browse the internet with Firefox again. I hope they get burnt for this.

 _NOTE: All of the above was sarcasm_

------
lini
In windows 8 the smartscreen filter is part if the OS and not just IE. Even if
you download unsigned code with another browser, trying to run it will result
in the same nasty warnings.

------
keithnoizu
Although ~half of your revenue came from the IE users the numbers may not
significantly improve after resolving this issue as the ie users that
completed downloads are also the IE users invested enough in the application
to download it despite the ie warning.

------
rwallace
Does it make any difference if you wrap the executable in a zip file, or does
IE look inside the zip file and raise an alarm anyway?

~~~
teuobk
That's an interesting question, so I gave it a try just now.

On Windows 7 with IE 9, there were no warnings presented when downloading the
zip file containing the unsigned installer executable. When the installer was
extracted from the archive and run after the download completed, I got the
standard Windows security warning about "The publisher could not be verified",
which was far less scary that the SmartScreen warning.

So yes, it looks like that could be a viable work-around.

------
fluxon
On the subject of conversion rates, the Download and Buy links are separate,
with no mention of an unregistered trial or watermarked demo mode. That
uncertainty might be affecting your tryout rate. If the "Download" button said
"Try it!", then the certainty that there is some usable trial would be higher.
Side note: I notice that the (watermarked) saved images lack EXIF info - is
that preserved in the registered version? This is very important for many
photographers...

~~~
teuobk
I've done some A/B testing with various download button labels, but I should
probably go back and do it again now that I've switched from a 30-day trial
model to a watermarked-demo model. As for preserving EXIF data, I think that
should be an easy change, so I'm going to add that one to the feature list.

Thanks for the suggestions!

------
wlesieutre
I know some people have voiced concerns about Gatekeeper in 10.8, but this
seems at least as bad. Especially from a normal user's perspective.

~~~
jasomill
Gatekeeper is not nearly as bad for small developers, though. Unless Microsoft
has started offering, as part of a $99 MSDN subscription, the ability to
generate a signed certificate that doesn't expire for five years automatically
from inside Visual Studio as soon as you've signed in with your Microsoft ID.

The problem with Microsoft's strategy has always been the reliance on
companies like VeriSign for whom recurring revenue from certificate renewal is
a primary revenue source. And when I've had to deal with VeriSign for code-
signing certificates in the past, it's easily cost more than $99 in _time_
("I'm sorry for the delay, but could you please fax that to us again, only
this time, on official company letterhead?").

~~~
redbeard0x0a
Last I checked, you didn't even need the $99 Mac Developer program to get a
signing certificate. You just needed an Apple Developer Id. The $99 program
allows you to submit apps to the app store and gives you access to pre-release
binaries, etc.

~~~
jasomill
Even better — I was already a member of the paid program when Mountain Lion
was announced, and this point wasn't clear from the original announcement.

Even more significant: as a registered developer, it took me less than ten
minutes on developer.apple.com to obtain a Developer ID, to use it to
successfully sign an executable and an installer package, and to verify the
resulting signatures.

In contrast, as an MSDN Universal member, Microsoft directs me to a list of
root certificates installed in current versions of Windows [1], leaving me to
puzzle out which are willing and able to sign third-party code-signing
certificates (as, presumably, organizations like the French _Secrétariat
Général de la Défense Nationale_ are not).

As an aside, the official copy of this list is posted on TechNet as an
unlocked wiki page I'm permitted to edit!?!

[1]
[http://social.technet.microsoft.com/wiki/contents/articles/2...](http://social.technet.microsoft.com/wiki/contents/articles/2592.aspx)

------
lisper
Is there a reason you don't offer deblurring as SAAS? I have a photo I'd
happily pay to have deblurred, but I use a Mac.

~~~
sp332
That sounds like a completely different product. He would need to maintain
infrastructure and an entire software stack under his deblurring program,
design an API and/or security-hardened web interface to upload and retrieve
photos, and consider bandwidth costs for every photo uploaded and downloaded.

~~~
teuobk
Pretty much spot on. Deblurring is extremely CPU intensive, so it would take a
lot of hardware on the server side. Or, I could do something like a CUDA port,
but then that would mean owning and grooming my own servers, since decent GPUs
are still rare beasts on leased dedicated servers.

The more likely route for Mac support is to release a native OS X version,
since the GUI is written in Python and the underlying deconvolution stuff is
written in portable C++.

~~~
fluxon
Back in May, Jeff wrote on his blog:
<https://www.blurity.com/blog/2012/05/01/blurity-is-back/> "What happened to
the web version? In short, the market happened: nobody wanted web-based photo
blur removal. A minor pivot, but a pivot nonetheless!"

This seems to be that effort: <http://fixblurryphotos.com/> Blurity is
mentioned after the deblur is performed.

~~~
teuobk
Yeah, fixblurryphotos.com was an experiment to see if people would be
satisfied with very simple photo improvements rather than the full deblurring
power of Blurity.

When I was experimenting with the SaaS version of Blurity, I found that many
of the people who did eventual make purchases were, firstly, interested in
only a single photo; and secondly, satisfied with the most trivial of
improvements. I lamented that those people would be just as satisfied with
auto-levels and unsharp mask as they were with Blurity, so my friend Tyler
threw exactly that simple service together in about 10 hours.

The results? Turns out that people aren't willing to pay for something simple
like that after all.

~~~
fluxon
Tell you what, if I was stuck without _my_ laptop, but had access to a random
web-connected computer, I'd pay for a day's worth of emergency access in a
pinch, to crop/deblur/resolution-enhance/color-balance some photos for a
deadline...

------
simonbrown
This reminds me of: [http://www.kalzumeus.com/2009/10/23/the-ie-css-bug-which-
cos...](http://www.kalzumeus.com/2009/10/23/the-ie-css-bug-which-cost-me-a-
months-salary/)

------
kuhn
Thanks for sharing the numbers. Great to see the process by which you worked
out how much it was costing you. Good wakeup call really. Shame it took you so
long to cotton on.

~~~
g-garron
I like how you found a good side to this story, instead of being criticizing
what the writer should or should not know.

------
qntmfred
I was browsing HN on my WP7 and this link gave me a "We're having trouble with
this site's security certificate" message

~~~
jasomill
That's probably because the news.ycombinator.com certificate is rooted an
Entrust certificate thumbprinted "‎50 30 06 ...", trusted by Windows [1] but
not Windows Phone [2].

Yet another reason Apple's "one and only one way to do it" approach to code
signing certificates may not be such a bad idea after all.

[1]
[http://social.technet.microsoft.com/wiki/contents/articles/2...](http://social.technet.microsoft.com/wiki/contents/articles/2592.aspx)

[2] [http://msdn.microsoft.com/en-
us/library/gg521150(v=VS.92).as...](http://msdn.microsoft.com/en-
us/library/gg521150\(v=VS.92\).aspx)

~~~
qntmfred
blurity.com gave me the cert error, not HN.

~~~
teuobk
Interesting. I had some initial problems with installing the certificate for
blurity.com when I got the intermediate cert chaining backwards, but this is
the first I've heard about problems since I fixed that a few months ago.

Could you drop me an email at the address in my profile? Thanks!

~~~
jasomill
A quick Google search turned up this [1], this [2], and this [3], all which
seem to indicate that StartCom certificates were unsupported on Windows Phone,
at least as of 7.0 RTM. So the problem may indeed be as simple (and
frustrating!) as an untrusted root.

[1]
[http://social.msdn.microsoft.com/Forums/en/windowsphone7seri...](http://social.msdn.microsoft.com/Forums/en/windowsphone7series/thread/3afb8283-6615-40e9-a663-d1877ba876dc)

[2]
[https://forum.startcom.org/viewtopic.php?f=15&t=1802](https://forum.startcom.org/viewtopic.php?f=15&t=1802)

[2] [http://stackoverflow.com/questions/8430849/app-using-
startco...](http://stackoverflow.com/questions/8430849/app-using-startcom-ssl-
certificate-possible)

------
jmboling
If you care about your product you have to draw a line somewhere. The more
developers that take a stance and don't support the criminal negligence of
IE's support of broadly accepted standards the sooner we can all eliminate
needless time costs of making sites agnostic to the point of stupidity.

~~~
dbattaglia
Huh? The issue was with an .exe not being digitally signed and IE's scary
warning that it might be malware. Very similar to what Apple are going to do
in 10.8 (Gatekeeper).

------
raam86
You have created the perfect layman meter. I can't of any of my friends or
collegues who would even consider searching for such a program since in
blurring can not be done. Didnt use your program but this can be proved
mathamatically. These people will never use explorer and even if they would,
They are the kind if crowd who actually reads error messages.

On the other hand you have my grandma,aunt. Random old folks who fall into the
red messege = panic & insta call super urgent call to me.

So yea far more layman are using IE Sent from android.

As for the cert. When you know about you simply explaon this on the page.

~~~
tghw
If I'm understanding you correctly, you think only laypeople would search for
such a thing because more knowledgeable people think that what the program is
doing is mathematically impossible? Sounds like a classic example of thinking
you know more than you do, and trying to look at the world as binary, black
and white.

In actuality, images have a wide range of sharpness. In this case, Blurity can
improve the image. (Using mathematics no less!) Will it be perfectly sharp?
No, not always, but it will be better. And that's something people will pay
for. Even experts.

------
scosman
Ahh the irony! (the linked article has a SSL warning on IE9 on WinPhone)
<https://dl.dropbox.com/u/9906763/IMG_7965.JPG>

------
lelele
Reworded: "How not putting yourself into your customer's shoes while you are
testing your software will cost you dearly."

------
drucken
Just zip it.

------
gubatron
yup, Microsoft and the companies issuing certificates have been at this for
over a year, we had to get a certificate last year when we saw this issue.

It's a nice money maker for them getting all those yearly certificates, some
charging several hundreds of dollars per year.

------
vegas
How not watching four hours of television a day put me out out of touch and
was really awesome.

~~~
vegas
Seriously, this gets downvoted?

