Hacker News new | comments | ask | show | jobs | submit login
How not using Internet Explorer put me out of touch and cost me dearly (blurity.com)
330 points by tghw on July 13, 2012 | hide | past | web | favorite | 136 comments

In general, not using the platform your users use is a path to trouble. For example, because so many designers in the valley use Macs, we continually have to fight an OS X bias in our design process; when designing something, you tend to calibrate it against what you're used to, but when OS X is only 5% of the market, OS X-based designers of client software end up with a massive blind spot when it comes to understanding what comes naturally to the rest of the world.

One example is font and font size choices - because the system fonts and font rendering styles differ between platforms, it becomes very hard to tell what looks broken or 'not quite right' on the platform you're not used to. It's not uncommon to see sites launch with font choices that look rubbish on ClearType, but if you're not used to ClearType, it's hard to tell whether the rubbish is your fault or not.

Apple's excellent execution and Windows' (no-longer-deserved) poor reputation also mean you frequently hear excuses for this behavior like "Windows users won't care because they don't care about design" or "The Apple way is better, so we should do it that way on Windows too". Both of these are infuriating and lead to terribly designed products.

5% of 'the market' does not translate to 5% of users on your site.

Depending on the site's demographic, as a developer, I see approx 15% Mac users making up traffic. Not to mention an ADDITIONAL 25% iPhone users. That's an average of 40% of apple traffic on the sites I work on. Some of which are getting 30k - 60k hits a month. Obviously this isnt the same stats across the board on all websites... but It is by no means FIVE percent.

Indeed. According to Google, something like 39% of viewers on my blog are running Windows and 9% are running IE. There are more Mac and Linux users together than there are Windows users....

Somehow I don't think this translates to the general market.

Right. This was a few years ago, but a major web-site that I was involved with (+1M visitors per day) had more people running windows 3.1 than Linux.

I suspect it depends on your audience. My audience is not consumers, but PostgreSQL and Perl folks, so Windows is going to be under-represented.

Windows 3.1, really?

Yup, really. I was as surprised as the next person.

The point isn't whether there are 5% or 15% Mac users -- it's that you're ignoring 85%+ of non-Mac users.

Your Mac number is not far off from Apple's Mac percentage in the US - 12%.

A good example of this can be found on SoundCloud. They load a placeholder image that represents the common sharing widgets and then let the real widgets load over them. The problem is that the font rendering makes it look weird on any platform except the dev platform: http://i.imgur.com/lejjI.png

Oh yeah, that's an annoying one and we have that problem too. We have sharing controls that reload as you cycle through images - but the delay / iframes reloading for the share widgets looks terrible. To get around it we use fake versions like soundcloud.

Really depends on how you divide up the market. Mac users will pay a lot for perceived quality, and they will buy upgrades. I'd point you at Wil Shipley's arguments. It might be a lot easier to get $50 from a mac user, or it might be easier to get $5 from 10 windows users. They're just very different. Doing a half assed job on either side isn't going to win you any fans.

But, yeah, if half your money comes from windows, you should really focus on windows, The growth potential there is just staggering.

> font and font size choices

Agreed. I don't know if it's just me, but Helvetica looks rather bad on Windows. I've found that Segoe UI almost always looks more pleasing, and yet Helvetica is omnipresent on the web (partially because of Twitter bootstrap).

I can't verify this, but unless you installed Helvetica manually, windows installations won't have it and will fall back to whatever is specified next in the family (usually Arial or the default Sans Serif).

Which is even worse; Arial looks terrible compared to Segoe UI or Calibri.

Some printer drivers install Helvetica, usually badly hinted (I'm looking at you, HP).

Platform choice and fragmentation is a pain in the ass.

I develop and maintain a bunch of sites. Majority of visitors are on Windows (Many using IE/WinXP).

Servers run Linux and I can never seem to get an accurate dev environment under Windows (some libraries don't seem to behave differently there).

Also a bunch of the front-end tools that I would like to use only run on Mac.

I don't really want to keep 3 uptodate computers.

Why would you need to run a dev environment on Windows? Keep running your dev environment on Linux and SSH to it using Putty/Chrome secure Shell. Works like a charm :)

Because I like to be able to use graphical tools and VNC etc feel laggy.

I have an android 3. Never updated it, never customized anything.

This phone is so terribly broken and nonfundtional at times you wouldn't believe me.

I decided against focusing on android mobile dev (although I'm a gnu/linux gguy because the experience is so friggin terrible, and Google is just letting the carriers molest the users at this point.

Considering that Android 3.0 was never on phones...

If you mean Gingerbread (2.3), it was always rock solid when I used it. So no, I don't believe you.

Hah meant droid 3

I use android 2.3 and it works perfectly.

While that is nice to know, it still smells of Raketeering to me.

"that is some nice software you have there, would be a shame if users thought it was dangerous"

"pay a little money to one of these approved companies and that warning will go away"

If MS was serious about this only being for security they could issue the certificates for free and prove me wrong.

On the other hand, why is it that about 20% of users click past BOTH of these EXTREEMLY scary warnings? Don't they read them at all?

>If MS was serious about this only being for security they could issue the certificates for free and prove me wrong.

Make it too easy, and the scamware software will just get a free cert and sign apps.

It takes some amount of effort, possibly by a human, to approve you to receive a cert.

Even the "free" certs I've applied for have taken time and human interaction on the side of the registrar, and I'm certain those certs are offered as loss-leaders for their other products.

I'm unfamiliar with many of these certificates, but is there any reason such 'scamware' woudln't be able to get one even though it costs money? Because, if they still can, they the whole certification business definitely seems like a big scam to me.

When you pay money - you are leaving money trace which is likely to bite you if your product hurts people.

Yea, the SmartScreen filter is based on the reputation of the publisher, and the certificate is used to identify the publisher for this purpose.

The certificate authority should revoke their signing certificate if their binary is found to contain malware, returning them to the big warning state.

Apple gives out free developer id certificates. There's no reason Microsoft couldn't do the same.

Where does Apple give out free developer id certificates? Last I saw I had to purchase the $99 developer program ...


"Buy this cd boxset and you will get this wonderful christmas album FOR FREE!"

Okay, "free" was poor phrasing. I should have said "no extra charge". Compare this to the situation described in the original article, where the developer had to buy a separate $59 certificate from a third party, on top of what Microsoft charges you for Visual Studio (which looks to be $499 for the cheapest non-evaluation version).

Express isn't an evaluation version. Also, it's trivially easy to get setup with BizSpark if you're a small startup and get free copies of Visual Studio.


No mobile apps, no conventional desktop apps, no command line apps... looks pretty "evaluaty" to me. Also: "private developers will have to pay $49 a year, corporations $99 a year."

So, on the one hand we have (from Apple):

Xcode (free or $5.00, depending on what kind of mood Apple is in that week) Developer program with store access: $99/year Code-sigining certificate: included.

From Microsoft we have: Non-crippled Visual Studio: $499 Developer program with store access: $49-$99/year Code-signing certificates: must be purchased separately from a third party.

What a bargain!

Sorry, but Microsoft backpedaled after the bad press. You can download Windows 8 development tools for free now. [1]

Your info about "no command line apps" is also outdated. It USED to be true, but I have VS2010 Express, and it came with the command line tools:

    Setting environment for using Microsoft Visual Studio 2010 x86 tools.

    Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 16.00.40219.01 for 80x86
    Copyright (C) Microsoft Corporation.  All rights reserved.

    usage: cl [ option... ] filename... [ /link linkoption... ]

I also use XCode, and it's ... not nearly as good as Visual Studio, though I am liking the new Eclipse-like "compile your code as you're typing it" real time error markup. A friend tells me that XCode can be configured to be sane, but I haven't given it a try yet.

[1] http://msdn.microsoft.com/en-us/windows/apps/br229516

>it still smells of Raketeering to me.

Congratulations - you have been enlightened to the state of PKI as it stands today. (I.e. a complete fucking scam).

I'm afraid I haven't been enlightened. How else can the PKI be structured while providing the same amount of security?

Is public/private key cryptography itself fundamentally flawed? What's the alternative?

Some combination of distributed notaries, warning for unusual certificate conditions (e.g. certs changing when they have lots of time until expiration -- Dear Google, please stop doing that), and other ideas.

Convergence http://convergence.io/ (notary)

Perspectives http://perspectives-project.org/ (notary)

CertPatrol http://patrol.psyced.org/ (cert checking)

TACK http://tack.io/ (only one cert per organizational group would need signing or notarizing)

When given the option to choose who to trust, the vast majority of users will stay with the defaults, which are chosen by Google, Microsoft, and Mozilla. That's not fundamentally different from what's currently in place.

Tack is much more interesting. I'm too sleepy to fully understand the proposal, but what I've gathered so far looks promising.

Note that many of these are only usable for SSL.

It could be structured based on kittens and be at least as secure. I could steal a guys wallet, copy his id, slip it back or just throw it out, buy a certificate, slip virus laden software and it would get a huge seal of approval.

That's not much of an argument. It's not very easy to mug someone from Nigeria. Eliminating a remote attack is a big deal.

Of course, the sheer number of certs given out guarantees that some bad guys will be able to get one using fake id. But the point is to make malware rare and easier to investigate, not to eliminate it completely.

Most people care less about assurance and more about encryption. I.e., unless you're subject to a MITM DNS attack, you're a lot less likely to be directed at the wrong paypal.com than you are to say, have your password sniffed off the wire, or by a keylogger on the local machine.

And that identity assurance is where most of the scam comes in. Encrypting communication securely is dead simple (from an implementation standpoint - pick a cipher and go), making sure server X actually represents who they say they do, that's a whole different can of worms.

Many users have figured out that if they click the OK button (or maybe the Cancel button), the dialog goes away. In this case, they know that they get what they want (downloaded file) if they hit the right buttons; they've probably hit exactly this before, on innocuous programs, and don't trust the warning messages.

Or we might just have a bunch of reasonably-savvy users that have realized that lack of a signature is not the same as untrustworthy software.

>> it still smells of Raketeering to me

Racketeering indeed! I am sure that was the goal of the SmartScreen filter in IE. Cert vendors and MS must have colluded to add this feature so that developers of all binaries are forced to buy certs. Right?

As the saying goes, "The road to Hell is paved with good intentions." Welcome to the 'law' of unintended consequences.


If not, why not include the option of a free cert for each windows/compiler download?

That way even those who ship free software would sign it and thereby make windows safer.

But of course MS isn't interested in that when they can get paid for it.

I'm sure a large part of the reason Microsoft wouldn't offer it for free is that, at the time, any effort on Microsoft's part to enter a new market off the back of an existing market would be scrutinized pretty heavily by the DOJ. They couldn't even add virus scanning functionality to Windows because of anti-trust concerns.

Uhh.. Microsoft security essentials?

He said "at the time", which I guess refers to the difference between Smartscreen's release which was apparently 2006 with IE7; and MSE's 2009 release.

If you are creating a Windows binary and expect a user to download it, you should be signing the binary. Period. It's not just IE that considers unsigned downloads suspect, many antivirus programs do as well. If you are proud of your work, sign it.

You forgot one step: "If you are proud of your work, then buy a certificate and sign your work"

Anyone have opinions on good SSL certificate providers or do you agree with the authors recommendation of http://startssl.com ?

They do what they say they do at a decent price. However, their web interface sucks. Absolutely and completely sucks.

This is one of those times I miss the upvote counter on HN. I think it's important for the makers of StartSSL to see just how many people agree with you that their interface completely sucks. Without the counter, it just seems like one person's opinion while I bet many people agree.

HN is not there for the marketing purposes of companies.

HN and all other web sites are there for whatever purposes their users wish to use it for, within the constraints of whatever actions are implemented on a site.

This is one of the things that infuriates me about StackOverflow and its army of article closing moderators. A real community will change its practices and perceptions over time according to the needs of the community. If you have a subset of people who decide what a site is for, forever and ever without change, then it's not a community, it's a cast. Or it's a system of castes.

So if the community (through an influx of new users) decides that the purpose of HN is to spread cat pictures and memes, you'll be cool with that?

No, I'd probably leave. Unless the cats were really interesting.

Welcome to how so many social sites died.

It wouldn't be HN anymore at that point.

This is true. Their prices are good but their web interface is horrible. I felt like I was driving something built in 1999.

That said, their customer service has been very good and very prompt.

Decent price?

It is at least 55 dolars too high.

It could be a bit cheaper, but I'd hope SSL certificate vendors would be putting some work into identity verification. You know, making sure the person with an @gmail.com e-mail is the right person to send the gmail.com SSL certificate to. That could mean manually checking scanned copies of legal documents, making some phone calls, maybe even faxing or sending some things by post. Look at all these requirements Mozilla have to include your CA certificate! http://www.mozilla.org/projects/security/certs/policy/Inclus...

$60 sounds a little high to me, but if you think you could do it for substantially less, why not set yourself up in competition with them?

Because I was commenting on the price for a dev certificate. There are already free ssl certificates for https that doesn't cost anything, or only 10 usd/year.

In that case, it is harder to provide. As far as I know, most SSL certificates just validate the domain name, while code signing certificates validate the developer/company identity.

I've been buying Comodo authenticode certs for years through KSoftware - http://codesigning.ksoftware.net/. The prices are much lower than buying directly through Comodo and the service is excellent.

If you're on Windows, one thing to keep in mind is to use IE or Firefox when buying the cert. After the purchase is approved, you need to navigate to the site in the same browser that you purchased it, and only IE and FF are supported.

I totally agree that maybe people shouldn't be HAVE to buy certificates for their binaries. In that case you should be making moves towards eliminating that process, ignoring the fact that it's necessary in the current market and then being upset when you're missing 50% of your profits is a whole other story entirely.

Maybe I'm too proud of my work to give in to certificate blackmail??

That's nice, but you can't eat dignity. :P

But you can hold yourself to higher standards.

My family taught me to always do the right thing, which, most of the time, is neither the most convenient nor the most profitable.

It should be trivial to provide a free binary signing service that required some steps to prove the person (or website) is the person asking the binary to be signed (much like Google asks me to upload a file or setup a DNS record) and match the file signature to the URL of the download. Let's not forget every one who would rely on it already paid for a license of Windows.

Of course, this would probably kill download sites, but the internet would be better off without them anyway.

It's possible that the reason Authenticode doesn't work like this is legal rather than technical: it was deployed at a time when Microsoft was already subject to considerable regulatory scrutiny for a wide variety of alleged anticompetitive practices, so, independent of motivation and technical merits, scary warnings about third-party code not "certified" by Microsoft may have been legally ill-advised.

That's exactly my point. This is clearly an issue of business and not "pride", so the whole "pride" argument to shame someone into a business decision is really questionable.

Well, clearly it would be an issue of "pride" if you'd be too proud to cave in to "certificate blackmail" as you call it.

I read that as a response to the parent - "If you are proud of your work, sign it" - pointing out that "pride" could reasonably cut either way, so it's a spurious argument in the first place.

Hope you're proud enough to see 50% dropoff rates like this guy then.

True. Part of the problem was simply not knowing that signing was a thing that needed to be done.

It's obvious in hindsight, but since I hadn't released many Windows applications in the past, I didn't realize what I didn't know.

I've been a vocal supporter of the "don't worry about Internet Explorer" crowd. However, in this case if you have a Windows app that you want people to use, your target market is indeed Internet Explorer users.

Often it's what you don't know that you don't know that bites you in the ass. As long as you know that you don't know it you're on the right track.

I'm no expert on these sorts of things, but it seems like the story goes something like this:

1. Dev checks out his site using IE

2. Dev realizes that IE users were getting scary warnings about his software

3. Dev has to pay up money to a third company to make the scary warnings go away.

Seems like a bad state of affairs to me.

I'd love to hear how this isn't grounds for a product disparagement lawsuit. Are any attorneys familiar with SmartScreen Filter?

A couple of relevant points that may be overlooked:

1) Signing your code, even with an expensive class-3 Authenticode certificate from Verisign that allows you to sign kernel drivers, is no guarantee that IE will not accuse you of distributing potential malware.

2) Contrary to various postings by Microsoft, there appears to be no avenue for appealing IE's poor judgement calls. This happened to me a few months ago -- again, with a signed .exe -- and all of the links on microsoft.com that I followed to submit my download to a whitelist went nowhere useful.

3) Mentioned in the article but worth emphasizing: the ridiculous "This application is not commonly downloaded" criterion almost seems designed to penalize smaller vendors who release frequent updates.

This SmartScreen bullshit is one of those cases where if you're not outraged, you're either not paying attention, or you're profiting from the scam somehow.

The "commonly downloaded" criterion seems especially odd. "We only stop unsuccessful malware"?

Do you have a better idea? Signature-based malware scanning is a joke and a half. I know CA"s can be gamed but unless you're proposing a better solution then don't complain.

Yes; they can do what they're doing now, but drop the scary language. Scaring users with non-specific threatening language does not enlighten them.

Since it's almost unheard-of for malware to be signed with a legitimate, unrevoked certificate, they could also afford to give signed executables much greater leeway when deciding what to report to the user. People seem to be assuming that signing the .exe is enough to keep the dire warnings from appearing. That is not the case, or at least it wasn't the case a few months ago.

Finally, they can provide a standardized method for whitelisting URLs (and not individual executables) instead of what they're doing now, which is apparently nothing.

They are giving signed EXEs much greater leeway, since the publishers is verified by a CA, providing a secure base on which the publisher's reputation is determined.

So what's better? The App Store model, where you pay 30% + $99/year to sell your apps? Or paying for a certificate to prove your software's originator identity? Even OSX will likely soon make buying outside the Mac App Store cumbersome. About the only "free" market is Android or the Web.

I suppose if you're selling to the Windows market, the App Store will be required in a few years as Metro becomes the dominant Windows UI (and Metro apps have to be sold in the Microsoft App Store).

Or desktop linux.

Certification costs money, and certification is a thing in many industries. I notice nobody is banging pots about ASE certification for automotive techs?

I mean, it's true, there is a difference here- the active "This software isn't certified" notification- but is that a critical distinction?

The difference is that ASE techs don't have to pay to certify each car they fix.

Bogus analogy. One ASE mechanic, one cert. One dev, one cert.

Fto extend even further, one auto shop AES certification for most techs, one development shop, only one signing certificate.

Better subject: "How not testing my website with all browsers, even IE, and ignoring metrics for months cost me dearly"

Just generally, and very simplistically.... buy this or we scare away your customers.

Errr, um, sort of.....well.... Mafia protection racket, yes?

Put it this way. What is the first thing that springs to mind when some one is scaring off your customers demanding, sorry, politely implying a payment to stop?

Yes, yes, yes, I know. Security, user safety, lots of lovely logical arguments for it, Im sure there are plenty. But strip it back to basics and, well, there it is. I presume since MS is a big huge "evil" business which probably funds some political rodent its all cosy and legal.

Its more complicated, right?

Or maybe cost of doing business? I mean, I can self sign SSL certs, so why does the browser give me warnings on https URLs? Mozilla must be arm in arm with Verisign. I'm shocked an open source company could be this evil. I will never browse the internet with Firefox again. I hope they get burnt for this.

NOTE: All of the above was sarcasm

In windows 8 the smartscreen filter is part if the OS and not just IE. Even if you download unsigned code with another browser, trying to run it will result in the same nasty warnings.

Although ~half of your revenue came from the IE users the numbers may not significantly improve after resolving this issue as the ie users that completed downloads are also the IE users invested enough in the application to download it despite the ie warning.

Does it make any difference if you wrap the executable in a zip file, or does IE look inside the zip file and raise an alarm anyway?

That's an interesting question, so I gave it a try just now.

On Windows 7 with IE 9, there were no warnings presented when downloading the zip file containing the unsigned installer executable. When the installer was extracted from the archive and run after the download completed, I got the standard Windows security warning about "The publisher could not be verified", which was far less scary that the SmartScreen warning.

So yes, it looks like that could be a viable work-around.

On the subject of conversion rates, the Download and Buy links are separate, with no mention of an unregistered trial or watermarked demo mode. That uncertainty might be affecting your tryout rate. If the "Download" button said "Try it!", then the certainty that there is some usable trial would be higher. Side note: I notice that the (watermarked) saved images lack EXIF info - is that preserved in the registered version? This is very important for many photographers...

I've done some A/B testing with various download button labels, but I should probably go back and do it again now that I've switched from a 30-day trial model to a watermarked-demo model. As for preserving EXIF data, I think that should be an easy change, so I'm going to add that one to the feature list.

Thanks for the suggestions!

I know some people have voiced concerns about Gatekeeper in 10.8, but this seems at least as bad. Especially from a normal user's perspective.

Gatekeeper is not nearly as bad for small developers, though. Unless Microsoft has started offering, as part of a $99 MSDN subscription, the ability to generate a signed certificate that doesn't expire for five years automatically from inside Visual Studio as soon as you've signed in with your Microsoft ID.

The problem with Microsoft's strategy has always been the reliance on companies like VeriSign for whom recurring revenue from certificate renewal is a primary revenue source. And when I've had to deal with VeriSign for code-signing certificates in the past, it's easily cost more than $99 in time ("I'm sorry for the delay, but could you please fax that to us again, only this time, on official company letterhead?").

Verisign is a massive scam. Their SSL certs, for example are several hundred dollars. They get away with it because the big corporate-types have "heard" of verisign and "heard" they need security.

Last I checked, you didn't even need the $99 Mac Developer program to get a signing certificate. You just needed an Apple Developer Id. The $99 program allows you to submit apps to the app store and gives you access to pre-release binaries, etc.

Even better — I was already a member of the paid program when Mountain Lion was announced, and this point wasn't clear from the original announcement.

Even more significant: as a registered developer, it took me less than ten minutes on developer.apple.com to obtain a Developer ID, to use it to successfully sign an executable and an installer package, and to verify the resulting signatures.

In contrast, as an MSDN Universal member, Microsoft directs me to a list of root certificates installed in current versions of Windows [1], leaving me to puzzle out which are willing and able to sign third-party code-signing certificates (as, presumably, organizations like the French Secrétariat Général de la Défense Nationale are not).

As an aside, the official copy of this list is posted on TechNet as an unlocked wiki page I'm permitted to edit!?!

[1] http://social.technet.microsoft.com/wiki/contents/articles/2...

I keep hearing that all I need is a developer ID to get a signing certificate, but nowhere on the developer website for Apple do I see where I can get this certificate without first forking over $99 for the mac Developer Program...


That's incorrect. The copy is:

"1. Getting your Developer ID. Mac Developer Program members can get their Developer ID now. If you’re not already a member, join today."

"Join today" links to https://developer.apple.com/programs/mac/, where they politely ask for their $99/year software development tax.

Apple Developer IDs are free, as are the certificates.

I was under that impression as well--perhaps something has changed since the initial announcement--but certificates are not free. I just went through this process with my free, non-App-Store Mac app, and there was no way to do it without paying $99.

Is there a reason you don't offer deblurring as SAAS? I have a photo I'd happily pay to have deblurred, but I use a Mac.

That sounds like a completely different product. He would need to maintain infrastructure and an entire software stack under his deblurring program, design an API and/or security-hardened web interface to upload and retrieve photos, and consider bandwidth costs for every photo uploaded and downloaded.

Pretty much spot on. Deblurring is extremely CPU intensive, so it would take a lot of hardware on the server side. Or, I could do something like a CUDA port, but then that would mean owning and grooming my own servers, since decent GPUs are still rare beasts on leased dedicated servers.

The more likely route for Mac support is to release a native OS X version, since the GUI is written in Python and the underlying deconvolution stuff is written in portable C++.

Back in May, Jeff wrote on his blog: https://www.blurity.com/blog/2012/05/01/blurity-is-back/ "What happened to the web version? In short, the market happened: nobody wanted web-based photo blur removal. A minor pivot, but a pivot nonetheless!"

This seems to be that effort: http://fixblurryphotos.com/ Blurity is mentioned after the deblur is performed.

Yeah, fixblurryphotos.com was an experiment to see if people would be satisfied with very simple photo improvements rather than the full deblurring power of Blurity.

When I was experimenting with the SaaS version of Blurity, I found that many of the people who did eventual make purchases were, firstly, interested in only a single photo; and secondly, satisfied with the most trivial of improvements. I lamented that those people would be just as satisfied with auto-levels and unsharp mask as they were with Blurity, so my friend Tyler threw exactly that simple service together in about 10 hours.

The results? Turns out that people aren't willing to pay for something simple like that after all.

Tell you what, if I was stuck without _my_ laptop, but had access to a random web-connected computer, I'd pay for a day's worth of emergency access in a pinch, to crop/deblur/resolution-enhance/color-balance some photos for a deadline...

Also, people might be worried about uploading private photos.

Thanks for sharing the numbers. Great to see the process by which you worked out how much it was costing you. Good wakeup call really. Shame it took you so long to cotton on.

I like how you found a good side to this story, instead of being criticizing what the writer should or should not know.

I was browsing HN on my WP7 and this link gave me a "We're having trouble with this site's security certificate" message

That's probably because the news.ycombinator.com certificate is rooted an Entrust certificate thumbprinted "‎50 30 06 ...", trusted by Windows [1] but not Windows Phone [2].

Yet another reason Apple's "one and only one way to do it" approach to code signing certificates may not be such a bad idea after all.

[1] http://social.technet.microsoft.com/wiki/contents/articles/2...

[2] http://msdn.microsoft.com/en-us/library/gg521150(v=VS.92).as...

blurity.com gave me the cert error, not HN.

Interesting. I had some initial problems with installing the certificate for blurity.com when I got the intermediate cert chaining backwards, but this is the first I've heard about problems since I fixed that a few months ago.

Could you drop me an email at the address in my profile? Thanks!

A quick Google search turned up this [1], this [2], and this [3], all which seem to indicate that StartCom certificates were unsupported on Windows Phone, at least as of 7.0 RTM. So the problem may indeed be as simple (and frustrating!) as an untrusted root.

[1] http://social.msdn.microsoft.com/Forums/en/windowsphone7seri...

[2] https://forum.startcom.org/viewtopic.php?f=15&t=1802

[2] http://stackoverflow.com/questions/8430849/app-using-startco...

If you care about your product you have to draw a line somewhere. The more developers that take a stance and don't support the criminal negligence of IE's support of broadly accepted standards the sooner we can all eliminate needless time costs of making sites agnostic to the point of stupidity.

Huh? The issue was with an .exe not being digitally signed and IE's scary warning that it might be malware. Very similar to what Apple are going to do in 10.8 (Gatekeeper).

You have created the perfect layman meter. I can't of any of my friends or collegues who would even consider searching for such a program since in blurring can not be done. Didnt use your program but this can be proved mathamatically. These people will never use explorer and even if they would, They are the kind if crowd who actually reads error messages.

On the other hand you have my grandma,aunt. Random old folks who fall into the red messege = panic & insta call super urgent call to me.

So yea far more layman are using IE Sent from android.

As for the cert. When you know about you simply explaon this on the page.

If I'm understanding you correctly, you think only laypeople would search for such a thing because more knowledgeable people think that what the program is doing is mathematically impossible? Sounds like a classic example of thinking you know more than you do, and trying to look at the world as binary, black and white.

In actuality, images have a wide range of sharpness. In this case, Blurity can improve the image. (Using mathematics no less!) Will it be perfectly sharp? No, not always, but it will be better. And that's something people will pay for. Even experts.

Ahh the irony! (the linked article has a SSL warning on IE9 on WinPhone) https://dl.dropbox.com/u/9906763/IMG_7965.JPG

Reworded: "How not putting yourself into your customer's shoes while you are testing your software will cost you dearly."

Just zip it.

yup, Microsoft and the companies issuing certificates have been at this for over a year, we had to get a certificate last year when we saw this issue.

It's a nice money maker for them getting all those yearly certificates, some charging several hundreds of dollars per year.

How not watching four hours of television a day put me out out of touch and was really awesome.

Seriously, this gets downvoted?

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact