Siu Lun

I’ve been dealing with some development work lately that surrounds Flash and languages such as Chinese and Japanese.

One thing I’ve had to think about and attempt to tackle is the fact that to embed chinese or japanese fonts. It means embedding a 5mb+ file into Flash.

Even if internet speed is being ramped up by the second, this is still a burden to your average user. It would most likely mean waiting around for 2 minutes or more just to get the fonts downloaded.

So what can be done about this?

We must have a solution one day.

At the moment scouring through the internet yields no result.

There are work-arounds. Like embedding all textual data as images, but it’s not ideal, and it’ll only work to some extent as images are still data intensive. In a site that contains a lot of textual data, this isn’t going to work either.

I can almost garuntee you that most if not all, web development house do not perform security testing as part of the service to customers.

And

The reason being that this would drive the cost of the site up, and it is passed on to the customers. This means it would make their quote less attractive to potential customers.

But to be honest, unless you’re doing a simple html based website. You have to test for security. I know, a lot of it is actually down to the quality of developers to get it right first time.

The use of automated scanners are more and more common, but can they be relied upon? No. How would automated scanners be able to differentiate an unsuccessful $_POST / $_GET request? They can’t, they’re just programmed to do the testing based on most common methodologies. Therefore they’re not reliable.

Security scanners used in e-commerce sites like mcafee secure does help in detecting breaches of security, but does not prevent it from happening in the first place. It tries to by informing the administrators of potential security issues with software versions etc… used on the host, but if it happens, it happens.

Real security audit can only be done by the developers themselves having gone through or know of hacking methods. Even then, it is not 100% bullet proof. I guess that’s why there are companies out there that are basically formed by a group of hackers whom sole job is to attempt hacking everything.

These people unfortunately are far and few between.

The only thing that we web developers that cares can do is to quote like the nubins, then advice clients to take on security audits. There is so many security holes on the web. It’s practically a treasure trove for data theifs/pirates.

One common example: A member’s login/registration should always use SSL, but the number of websites that don’t do that is phenomenal. This means member’s passwords can be easily sniffed by intercepting network traffic.

Another example of the same problem: E-mails, e-mails are sent over the net in plain-text, unless you’ve encrypted it. Therefore they’re always interceptable. I have set up a PGP, but none of my clients know of it or would be able to handle using it, which means, I can’t use it.

I searched the net the other day for iPhone 3GS information in Hong Kong. Some people has posted some different information to what I was told today by a Three iPhone 3GS sales person.

Here is the information on their official website

I was told that for the top-of-the-range price plan (HK$398 p/m). The handset cost is HK$3580. Plus you have to pay a HK$1100 which is rebate to you over 12 months.

Now then I am on the $268 price plan. The handset cost for me is HK$4180. Plus I have to pay an extra HK$500 which is rebate to me over 12 months.

This basically means. Regardless of price plan, you have to pay HK$4680. It is just that over time, the guys with the high price plan gets more money back (roughly as you can see HK$500, which isn’t much).

PLUS. You have to sign up an additional 12 months contract AND a HK$28 “value-added services” to your price plan (it doesn’t matter if you already have VAS in your current plan the $28 is on top of). This would bump my plan to $296. Over a year it is HK$366 extra. (bear in mind this isn’t just over a year, this is actually over the course of your remaining contract).

I already have a 24 months contract and I’ve used about 6-8 months so far.

Any how..

Net Payment then is actually HK$3580+HK$366 for ($398 price plan) and HK$4180+HK$366 for ($268 price plan).

For me, this means I have to pay HK$4546 to get the upgrade, but the cost of the 3GS on the Apple Store HK is HK$5388.

HK$5388-HK$4546 = HK$812

For that price difference. I would much rather buy the handset standalone than to upgrade my phone and be forced into extending my contract. (I can see a release cycle of 178 days which is around about 6 months for the iPhone, if I keep doing this, my contract would be longer than my life expectancy -.-”)

I have either been told wrong, or the guy at http://hongkongphooey.wordpress.com/ has got it wrong. It isn’t HK$2,480 net price but HK$3946 for the HK$398 price plan.

The above information is all for the 16GB version