~ web ~


iTunes store usability FAIL!

Earlier today, we submitted v1.1 of Notespark to the iTunes store, using iTunes Connect, which is the web UI that application authors use to access the App Store.

Apple is the design expert, right? So this UI has got to be, like, awesome, right?

Now take a look at this screen.

iTunes store UI

What do you think happens when you follow these steps:

* click on “edit information” underneath the 1.1 version of Notespark
* set the “availability date” to 1/29/2009

Possible answers:
A) It sets the availability date of version 1.1 to 1/29/2009
B) It sets the availability date of BOTH version 1.0 and 1.1 to 1/29/2009

If you guessed (B), you are way smarter than I am. And because 1/29/2009 is in the future, it immediately removed version 1.0 from the iTunes App Store. ARRGGHHHH!!!! Setting the date back didn’t seem to help any.

Let’s just hope the app comes back tomorrow.

[Late update] Yes, the app is back. Whew!


Ack! I’ve been blocked by Google! (and what to do about it)

A few weeks ago, I got an email from Google saying that my site was full of spam, and that my site was being removed from the indexes. The email contains a sample of the spam words (in my case, it was viagra, cialis, etc) Sure enough, it turned out that my blog had been hacked to include lots of words/links that were made invisible via CSS. Pretty distressing stuff.

For those of you in the same boat, here’s what I did to remedy the situation:

1) Most of the damage was in the form of obfuscated code that made use of base64_decode(xxxx). To find this code, go to the root of your site and do a grep base64_decode -Rl ./* It should be pretty easy to use your judgment about what code to remove. This code was inserted into my theme files (found in wp-content/themes/ThemeName).

2) To be extra sure, do a Google search for the offending words on your site. (e.g., viagra site:kuwamoto.org). For me, this turned up another problem with the site, which was that URLs of the form http://kuwamoto.org/?aff=1234 were being redirected to a different site (selling pharmaceuticals, natch). This code wasn’t obfuscated with base64, so I didn’t catch it in step 1. In my case, it was an extra file, so I just blew it away.

3) Look through your posts, pages, comments, etc. In my case, one of the links on my blogroll had been compromised.

4) Upgrade your WordPress installation. As recommended in the WordPress documentation, I used the automated upgrade plugin which worked like a charm.

5) Follow the recommendations at http://www.noupe.com/how-tos/wordpress-security-tips-and-hacks.html and http://sitening.com/blog/2008/04/08/wordpress-security-vulnerabilities/.

6) If you are using a hand-rolled theme (as I was), make a copy of it somewhere so it is easier to restore if it ever gets hacked again.

7) Change your passwords, and make a promise to yourself to be good from now on (keep WP and other software updated to the latest version, use SFTP instead of FTP, etc).