

The hidden cost principle - drusenko
http://david.weebly.com/1/post/2008/03/the-hidden-cost-principle.html

======
rms
There's another flaw in the drive thru system...
[http://www.videosift.com/video/Free-McDonalds-via-
Questionab...](http://www.videosift.com/video/Free-McDonalds-via-Questionable-
Means)

------
run4yourlives
Although you make a good point, you missed something: Nobody tries to
intentionally break a taco bell drive through simply because they've got
nothing better to do.

On the internet, this is common place. The key is not to miss that "hidden
cost" while making your trade-offs. Remember reddit's plain text password
fiasco? One of those can kill your company, and cost you millions.

~~~
drusenko
Obviously, it needs to be included in the risk vs. cost calculation. The point
of the post: Don't assume the risk automatically outweighs any cost.

~~~
vlad
I want to add that software developers are not building a new type of
franchise on a plot of land. Often times, intuition, experimentation, logic,
and luck can help discover better alternatives that one wouldn't have found
out had they not been "in the game"; e.g., the peculiar idea that pricing
something too low can turn users off, and then finding out you have more
orders when you increase the price.

------
fleaflicker
You'd be surprised how frequently people forgot both passwords and E-mail. Or
more likely, forget the password to an account registered with a fake E-mail.

~~~
drusenko
In our experience, we've rarely run into scenarios where users forget their
passwords and have mistyped their email/faked an email after having spent time
on their account. If they haven't spent time on an account -- create a new
one!

Otherwise, how does someone who fakes their email expect to recover a password
anyway? It's kind of an assumed risk that if you fake your email, you won't be
able to recover your password. And requiring a confirmation won't help
anything -- they'll be forced to re-create another account with a valid
email... that is if they even want to use your service anymore. This user
apparently hated giving out their email so badly that they put in a fake
one... What makes you think they aren't just going to turn around and not use
your service when you require a valid email?

~~~
staunch
> If they haven't spent time on an account -- create a new one!

What if they've put time into the account when they first logged in post-
signup and are infuriated at having to re-do the work? Or they picked their
favorite username and now it's taken by themselves, so they don't get their
cool URL (like myspace.com/username)?

BTW: I think you should add a <label> tags to TOS checkbox on the front page
of Weebly :-)

------
jauco
The whole e-mail/password account verification is a hidden cost in itself. Use
openid/clickpass!

------
RichardPrice
Really cool post, thanks.

