Studying For the JLPT

Posted on September 7, 2006 by in Japanese, marketing

Note to readers: This post is off the beaten path for this particular blog. You can safely ignore it if you aren’t interested in Japanese study. Its a proof-of-concept for the blog series Writing A Customer-Focused Blog, where you can see the motivation for doing this. In this post, I plug a piece of software called ReadWrite Kanji. I have received neither permission nor compensation for doing so. I am a happy registered user, and am using it to pass a certification exam this December, God willing. Everything which follows this disclaimer, including my representations as to my opinion of the quality of that software, is true. Apologies in advance if it breaks your RSS reader because it contains Japanese characters.

The Japanese Language Proficiency Test (JLPT, 日本語能力試験) is coming up in December and I’m busy studying for it. I currently hold level 2 (2nd highest of four ranks) and am aiming for level 1, the ikkyuu, the bane of my existence. Lots of the folks I know are currently preparing to try for their very first credential (generally 3kyuu or 2kyuu — taking level 4 is a waste of your time and money, because nobody cares that you have a piece of paper that says you can order a beer). And many of them ask me how I study. So here’s my lazy-programmer-no-Mountain-Dew for you way of passing the JLPT.

Objective: Secure a passing grade on the JLPT. For 1kyuu, this is 70%. For level 2, level 3, and level 4 this is 60%.

Sections to the test: All four tests are scored out of 400 possible points. The points are divided as follows: 100 points for kanji/vocabulary, 100 points for listening comprehension, 200 points for reading comprehension and grammar.

The key to passing the JLPT: The listening comprehension section is a joke. If you can speak Japanese with any proficiency at all relative to your level, expect to pick up 80 points there without batting an eyelid (the only exception is if you are a heritage Chinese speaker who is aiming at a level above your genuine ability and hoping to get through on the strength of your kanji skills: you probably have things well under control, but are outside the realm of my experience).

Thats 80 points out of the 240 you need for levels 2 through 4, which means you need to average a whopping 160 out of 300 on the rest of the test, which is slightly better than 50%. You can do this. (If you’re studying for 1kyuu, you need 200 instead: still easily possible if you’re willing to devote a lot of time and effort.) The key is to master as many kanji as possible.

What does it mean to master a kanji? There are four skills for studying a kanji: you need to know what it means as a general concept, which isn’t specifically tested by any question but will certainly help you out on reading comprehension (particularly the comprehension of a sentence-in-isolation questions, since in the passages you can generally get by on context cues). You need to be able to associate the kanji with its readings, both on-yomi (Chinese reading) and kun-yomi. And you need to be able to be able to take the readings and work back to the kanji, not a kanji which kinda-sorta looks like the kanji, but the correct kanji.

There are a lot of ways to achieve this level of mastery. One is to be born in Japan. Missed the boat? Well, you could read a lot of authentic Japanese texts. Of course, odds are if you’re taking the JLPT you a) can’t read anything of importance yet and b) if you can, it won’t be testing words that are on the JLPT (sorry, anime/manga fans, the intersection between 3kyuu and your favorite series is probably about 3 words). And then there’s rote memorization.

People hate rote memorization, and they hate getting up every day and doing 20 minutes of kanji practice. But if you do it, and if you start early enough, you’ll steamroll the JLPT. Sure, study your grammar books so you’ll be able to impress people with your writing ability later on in life, but you can be batting 25% on those questions (random guessing, essentially) and you’ll still squeak by if you know the kanji.

Note, master is not the same as “Yeah, I’ve seen that one”. Let me give you an example of one type of question the JLPT asks:

山田さんは明日から出張へ行きます。(This one is level 3, incidentally.)
Your mission, should you choose to accept it, is to pick the correct reading for the underlined kanji. No problem, shucho, right? Ahh, but see, the Japanese test writers are tricky, because your four answers for this question WILL be:

しゅうちょう、しゅっちょう、しゅうちょ、しゅちょ

Yep, this is designed to screw you up if you don’t understand long Japanese vowel sounds versus short ones, or if you can’t hear the glottal stop. The test takers know these are difficult for most foreign learners of the Japanese language, thats why this problem (and about a dozen that are going to ask you the same thing except with different kanji) are on the test.

So how well do you know your kanji really? You know your kanji well when you can wake up every day for a week and nail that problem. No hesitation, no fudging, no peaking at the other side of your flashcard and saying “Oh, yeah, I knew that”: you look at that problem for 3 seconds and say BAM its しゅっちょう and none other. Achieving this level of mastery can be done with flashcards, but since flashcards require some complicated system for sorting them into “mastered”, “not seen yet”, and “iffy” I used to end up wasting as much time sorting or studying old kanji as I did studying new ones. Amazing I passed the 2kyuu at all, really. And really, all the books in the world (I think my collection approaches $200 at the moment, not counting general purpose dictionaries and textbooks — $200 on books I bought just to pass my exams) can be useful for learning the kanji the first time, but for mastering them you can’t beat daily practice with a set of flashcards.

Until now, anyhow. This year, for getting the 1kyuu, my inside track on the kanji is this program called ReadWrite Kanji. Dumb name, great stuff. Its like flashcards on your PC (or Palm, which would be great for a train ride if I actually owned a Palm — guess I’ll have to “study” on my DS instead on next week’s 3 hour trip to Tokyo). Every day when I wake up, I check my email, put on a pot of tea, and then practice kanji for 15 minutes. ReadWrite Kanji runs me through a half dozen different types of drills for each kanji, and remembers all the ones I flub up. And it asks me them the next day, and the next, until I get them all perfect. Then it replaces that kanji that I just learned with a new one from the pile (handily organized in the order Japanese schoolkids learn them, which is more-or-less the same order you need to know them for the JLPT).

Don’t take my word for it, though, try out their trial and you can practice the excercizes with a set of kanji you probably already know. If you want to get all the kanji (enough to study every level of the JLPT), it costs $120. Whoops, sorry, that was my freshman year Japanese textbooks. No, its actually $16. Yeah, I know, a heck of a lot cheaper than failing a test with a $80 admission fee and having to wait until next year to take it again.

Oh, and if you’re studying for level 3 and the kana are still giving you trouble, the same company sells ReadWrite Hiragana and ReadWrite Katakana. Their inventiveness in naming stuff amazes me. Anyhow, if you buy all three in a bundle its only $32. If for some reason you only wanted the two kana things its $19.20 but come on, you’re in Japanese for the long haul (or should be, for the amount of work you’re putting into it) and with only kana you’re not even good enough to be called functionally illiterate.

I think later this week I’ll post some more about the different types of grammar questions. Good luck on studying everyone, and a big ganbatte come December. Anyhow, try out that kanji software, you’ll be glad you did.

Editor’s note: There will not actually be another installment.

Comments Off

Kanji of the Day: 任

Posted on September 7, 2006 by in Japanese, marketing, Uncategorized

Note to readers: This post is off the beaten path for this particular blog. You can safely ignore it if you aren’t interested in Japanese study. Its a proof-of-concept for the blog series Writing A Customer-Focused Blog, where you can see the motivation for doing this. In this post, I plug a piece of software called ReadWrite Kanji. I have received neither permission nor compensation for doing so. I am a happy registered user, and am using it to pass a certification exam this December, God willing. Everything which follows this disclaimer, including my representations as to my opinion of the quality of that software, is true. Apologies in advance if it breaks your RSS reader because it contains Japanese characters.

Kanji of the Day: 任

On-yomi(音読み): にん

Kun-yomi(訓読み):任(まか)せ-る, 任(まか)-す

Basic meaning: To leave something up to someone else, to charge someone with responsibility

JLPT(日本語能力試験) level: Level 2 (2級)

Words you’ll want to know for the JLPT: 解任 かいにん(to dismiss from a post), 主任 しゅにん (the person in charge of something, an official — note the short yu! 主 is a perinneal favorite of the test writers because there’s about a zillion different ways to flub up its reading ), 任せる(to leave something up to someone)

Words you might find fun to know: 任務 にんむ(the mission one is entrusted with — shows up about 3 times a Naruto episode, along with 任せて! being the catchphrase of one of the major characters), 任天堂 (see below)
Cool trivia: there is a poetic expression 運(うん)を天(てん)に任せる, which means literally to “Leave one’s fate to heaven”. Figuratively it means to take a gamble on something, to “let the chips fall where they may”, etc. This association of submission before heaven and gambling probably had something to do with the naming of a certain playing card company 任天堂 (にんてんどう), “the house of leaving one’s fortune to heaven”, which is probably better known as the company which went on to make two Italian plumbers household names in every nation on earth.

More kanji to study: You can continue studying 任 and 1,944 other kanji which you need to know to be considered literate in Japanese by trying out ReadWrite Kanji, a lovely little computer program which is like kanji flashcards for your PC. There is a free trial available and the price is less than you’ll pay for a single kanji study book.

Be sure to come back tomorrow for our next kanji of the day! You can bookmark us by hitting Ctrl+D or add us to your RSS reader.

Editor’s note: there won’t be a kanji of the day tomorrow. Its an example of an effective call to action. I’d also hyperlink both “bookmark us” and “add us to your RSS reader”.

Comments Off

Yo Ho, Me Hearties, Yo Ho

Posted on September 6, 2006 by in piracy, Uncategorized

[Edit: This post originally included a quirky joke with me linking the words “Bingo Card Creator serial” to a funny video on YouTube for SEO purposes.  i.e. if someone searches for it on Google, they get the video instead of actually getting a crack of my software.  Then I thought, wait,  here’s a Seth Godin moment: why not make this an ideavirus?

If you are a shareware author, an uISV, or if you just want to take a stand against software piracy, you can do so in thirty seconds. Pick three software programs you enjoy, and write a blog post saying how easy it is to find Visual Studio keygens or Adobe Photoshop serialz or what have you. And link our happy pirate friends to that video on YouTube (why? Because its an insanely catchy tune, thats why!). Blam, instant Google bomb — or should we say, Google Cannon. Arr, pass the rum. Just a few people linking a small program will get that as the #1 result, and a few more people will cause it to rank highly for any query including words like keygen, serial, etc, because our poor pirate friends don’t typically get trusted links from anybody.]

It seems like that cracker group finally got around to realizing that their old keygen didn’t work anymore (the comments I saw were priceless — unrepeatable, but priceless), so they went ahead and cracked version 1.04. *yawn* Guess I’ll have to wait a day or two and then break their keygen again, since this time at least one of them actually does show up on Goooogle.

In the spirit of sticking it to pirates everywhere, I heartily support the #1 Google result for “Bingo Card Creator serial“, which is SharewareConnection’s excellent page on the subject. I think every download site should implement similar language (check the waaaay bottom of the page for why that page ranks for those search terms), because doing so would make it impossible to find the needle in the haystack. After all, its not like anyone is hotlinking the Bingo Card Creator keygen directly.

Comments Off

My Next Piece of Software

Posted on September 6, 2006 by in Uncategorized

I just got an idea for it yesterday and I’m quite excited, although I still have some design and thought to do before I greenlight the project.  Ah, its nice being my own boss.  As opposed to Bingo Card Creator is, well, radically different in just about every way.

Its much more ambitious than Bingo Card Creator, and would probably take 2+ months of development if I go ahead and do it — likely more, as there is no possible way I can or would do the “full time job on top of a full time job” deathmarch for that long (it nearly hospitalized me the first time).  The budget is still hyper-low, since I get to reuse a lot of what I learned on (and bought for) Bingo Card Creator: I think I can do this for probably $500 for the first 6 months.

This is aimed at a much less price-sensitive customer (although its primarily B2C rather than B2B, although some of my prospects are chucking around close to $500,000), and the target user belongs to a community of 4,000 which is currently experincing a Web 2.0-type growth curve, so I’m guessing by the time I start writing there will be 10,000 prospects or thereabouts.  I’d probably start writing in January, since I’ve got a major ongoing time commitment between now and December (I’m going to get JLPT level 1 this year or perish in the attempt*).

Speaking of Web 2.0, this application screams “Make part of me a web service and charge by the month”, so I’ll probably release a couple of versions targetting various segments within the community: free forever, freemium (free trial for paid version), premium, and premium + subscription.

If course, given that I’d be scarily dependent on a third-party not totally wrecking me by either a) failing or b) radically altering their own software/business to eliminate the pains I’m going to solve, this might not exactly be a sedate experience.  Ah well, its so fun breaking out ye olde project management package (I’m a big fan of Paper v1.0) and sketching out some specs.

Maybe I’ll do this one in Visual C# .NET.  It would be great to add another skill to the list before I go back on the job market at the end of my current contract.

* Explanatory note for the peanut gallery: JLPT stands for the Japanese Language Proficiency Test.  I already have a sufficient oral skill and certifications of oral skill to work pretty much anywhere I darn well please, but I’m functionally illiterate.  I can get myself around a train system, buy a cellphone, navigate Visual Studio, and understand a letter from the apartment super about the water being off on Wednesday… but a memo about the recent accounting scandal in my prefecture might as well be written in Ancient Greek.  (At least I think it was about the accounting scandal… might have been someone’s favorite cookie recipe.)  Note only do I really, really hate it when I get a memo passed around the office and actually have to look at the individual words to understand the meaning (try to recall what it was like for you reading when you were 7 and had to sound out words like “dif, diffy, difficult — what does difficult mean, Mommy?”, now try imagine doing the same as a grown professional in real time with the boss standing over your shoulder), but it will greatly increase my chances that my next job will be one I really enjoy.

Anyhow, the JLPT comes in four flavors, level 4 (“I can order a beer”) through level 1 (“I can read Kirin’s annual shareholder guidance and scoff at their inadequate protection against currency fluctuations”).  Currently, I hold the level 2 certification (“I can tell a hostess that I can’t order a beer because a hereditary condition would make that potentially fatal”
).

Comments Off

Everything You Need To Know About Registration Systems

Posted on September 5, 2006 by in marketing, piracy, support

… but were afraid to ask.

One of the most common questions asked on the Business of Software board by a new aspiring uISV is “How do I protect my software?” This post is meant to be a comprehensive answer to that question, so folks can point to it and say “Alright, now get out of my hair!”. Kidding, kidding, we were all there once.

First, a brief discussion on why you want to protect your software. The only reason you want to protect your software is to enforce the limitations you have put on the trial version. Many people mistakenly come to the table with the assumption that protecting the software will somehow, magically, “protect my intellectual property” or something to that effect. This might be theoretically true but you will have an easier time conceptualizing your registration scheme if you think of it as primarily a marketing, rather than technical, measure. Its your salesman that encourages folks to pay you money.

Why is it important to remember your registration scheme is a salesman? Because salesmen do not typically kick their prospective customers where the sun doesn’t shine, and many registration schemes do. Aside from some clubs in Tokyo (and the less you know about them, the better, really), people generally don’t pay money for the privilege of being kicked. Yet many software developers keep including Nutcracker Suite protection systems, such as Starforce, which severely harm the user experience, out of the mistaken belief that this will eventually increase profits.

If you will permit be a bit of amateur psychoanalysis, I think this is because software developers in general, and uISVs in particular, feel violated when someone is using their software illegally. I know the feeling, it has happened to me (and, mark my words, it will happen to you). Someone who downloads your software and cracks it hasn’t cost you any more money than someone who picks your door and walks around your apartment for 20 minutes without touching anything, yet the feeling that your rights have been violated is the same. And perhaps in a fit of less-than-rational anger you might demand your apartment upgrade its security system to include dead-locks, pitbulls, a batallion of US Marines with shoot-to-kill-orders, and some cleverly disguised booby-traps involving acid or flaming oil, or perhaps just flaming acid. Of course, the local Girl Scout troop selling cookies will probably not react too well to the fortifications (aside from the “cute wittle puppy!”), so if you like having cookies delivered to your door this is probably not a good idea.

So lets talk about four classes of users and how they interact with your registration scheme.

The first type of user is perfectly honest and will always comply with your licensing scheme to the letter, even if ways to circumvent your registration scheme are obvious. Approximately everyone thinks they are this kind of user. To this kind of user, your registration scheme (a salesman for your software) can be only a hindrance in getting to use the software which he happily paid for.

The second type of user is mostly honest. He’s not a pirate, after all, he has a wife and kids and works at an insurance company. He scoffs at the kids on Napster who feel entitled to free music. And yet he also will happily buy one license of your software when your license tells him he really requires five, install and uninstall a time-limited trial version every two weeks, and perhaps even reset his system clock to get around a time limitation. But he won’t download a crack, no. A crack would be stealing, and stealing is wrong. This second type of user is where your protection (a salesman for your software!) will make most of his keep. How many of these users relative to totally honest users you have depends on your market, but sadly, they’re a lot more common than most non-developers would think.

The third type of user wants to use your software, but will pirate it given half the chance. Its too expensive, it doesn’t do quite what he needs, he doesn’t have the money, for-profit software development is evil, piracy is wrong but oh well… he has a lot of mental excuses. Some of this user group is very technically adept at finding cracks — they know what IRC channels to go to and what shady connections to excercize. Some of them rely on Google searches. You can potentially wheedle a small number of sales from this group with your protection scheme, and they’ll hate you for every minute of it.

The fourth type of user… “Do what you want ’cause a pirate is free, YOU ARE A PIRATE!” He flies the Jolly Roger and you will never, ever make a legitimate sale to him. Even if he does “buy” your software it will be with a stolen creditcard or chargebacked within 24 hours. You’ll find that there are countries on earth (*cough* China *cough*) where there are few users from any other type. Your protection system is not really relevant to this type of user, since he’ll be using the crack anyway.

Oh, yeah, lets talk about cracks a little bit. You. Will. Be. Cracked. I really strongly recommend you read that post, because its true: no protection scheme will survive indefinite contact with the adversary. Your goal in instituting a protection scheme is not to achieve 0 utilization of your software by the Jolly Rogers of the world. It is primarily to keep circumvention methods obscure enough that it will take dedicated effort to discover either a way around your software or find someone who has found a way around your software.

There are several varities of cracks which you have to worry about. We are now crossing into the technical portion of this article, and will be discussing implementation details rather than philosophy, so pay attention.

1) A single good key. The cracker discovers, either via a “legitimate” purchase or analyzing your code, one single good key, and publishes it. This is the least damaging type of crack, because you can just ban that key in further updates to your software, and because if you use keys which are tied to other user data it will prevent someone from using the good key without otherwise impersonating the user it is tied to.

2) Keygen, or “key generators”. You have one of these lying around on your PC or server which generates good keys for your software. The cracker’s goal is not to replicate your system, but instead write one which produces at least some subset of the keys your system will produce. Many crackers prefer to write keygens because they get a psychological thrill out of “beating” you, but to most user groups there is no difference between one download and another.

3) A patch/crack which strips off your protection. For example, if you leave in a debug mode (if (!debug) {checkRegistrationKey();} else {registered = true;}), all the patch has to do is modify your executable to flip the debug bit and then your software is locked into the registered version. Creating a patch requires that your executable be a stable binary, as if the offsets of the bits to flip change applying an old patch will be impossible.

4) A cracked executable. This is the cracker’s least favorite method, because then he has to spend non-trivial amounts of bandwidth hosting the executable, and since he wants to host literally tens of thousands of executables this is irksome to him. However, remember, bandwidth is cheap — this is a speed bump, not a security mechanism.

In general, it is to your advantage to force the adversary to use countermeasures which are higher up that list. This means that your protection scheme should:

1) Require user-specific data so that a single good registration key does not break your software everywhere. The most obvious choice is username, but this is not very secure. Other popular choices include hard drive serial numbers, MAC addresses, GUIDs, etc. Remember, this will inconvinience legitimate users — you will have users who spell their name differently on their Paypal accounts versus in your software (example: McKenzie != Mckenzie has gotten my mother a few times, Bob Smith versus Robert Smith), you will have users who expect (and are perhaps, depending on your license, entitled) to use the software both at work and at home, you will have users whose hard drive dies and your software will cease to work on the new one. All of these become support issues for you, because your salesman is busy trodding on the toes of people who have already given you money. Consider carefully how much pain you will authorize him to inflict. For myself, I thought the risk of a serial key leaking was less than the amount of difficulty I would have policing unique serials, so while I ask folks for their name to generate my keys they’ll actually work for any name you put in (Shh, don’t tell the crackers :) ).

2) Obfuscate your code. Especially if you are using an interpreted language, such as .NET or Java, decompilers exist which will print out your protection routines in their entirety. This was how my very first hacked in version 1.0 happened, and that resulted in a keygen (i.e. total tactical victory for the bad guys). I’ve since started using ProGuard, a lovely OSS utility which takes your nice, easily decompileable JAR file and returns gibberish which still executes. This plus a (partial, backwards compatible) fix for the earlier keygen has kept me from getting hit with another wave of me hearties from China, although I know of at least one functioning keygen out there — but its buried beyond the reach of my casual pirate customers, which is a total strategic victory for me. Obfuscation is nice in that unless you need reflection or debugging stack traces it can’t hurt a legitimate user.

3) Change binaries early and often . Frequently changing your binary, via any method you want (obfuscation utilities can often do this — so can minor patches to your code), forces pirates to either host the executable themselves or deal with “customer support” requests like “Waaaaaah your patch doesn’t work anymore lol”.

OK, now, finally, on to license key generation algorithms. Some design considerations:

1) Are you going to run this offline, or are you going to run this on a server?

2) How much information from your customer does the algorithm require? How are you going to get this? e.g. if you require their hard drive serial number, you suddenly add the requirement “Customers can only purchase my application through my application”, which may be less than desireable.
3) Are you going to roll your own, or use an off-the-shelf system like Armadillo? In general, you’re not paying for security (although its likely that their system is more secure than yours, its not totally secure), you’re paying for convinience. Armadillo has been broken before and will be broken again, like every other security system.

4) How do you get the registration key to the user? Do you want to display it on a website, display it on an email, or update the application directly (sometimes called “automatic key injection”? A lot of the payment processors (including e-Sellerate, as I recall) promote systems that have this as a feature. Its quite nice, as it reduces customer support headaches (what was my registration key? How do I input it again?), particularly with non-technical customers. I didn’t do this myself, primarily because it required more development effort than my schedule had time for.

OK, if you’re still with me, lets talk some strategies for key generation if you want to do it yourself.

1) Public key encryption. Basically, your registration key sends a message: “Bob Smith, I hereby give you the right to use my software, in exchange for the consideration you have given me”. The problem is that Jolly Roger wants to be able to forge the message and replace Bob Smith with Jolly Roger, thus bamboozling your program into functioning for him. Luckily, there is a solution to this: public key cryptography. Public key cryptography works like this: you have a pair of keys. One of them is public and you can give it out to everybody, including the adversary. One of them is private and you guard it with your life. Since your trial version will be in the hands of the adversary, the only thing the trial version can know is your public key.

Practically speaking, you first take the hash value of all the identifying information you have. Then, you encrypt this with your private key: the output of this encryption is your “registration key/serial number”. Your software then performs the same calculation of the hash value in parallel, and decrypts your serial number using your public key, which results in a hash value. If the two hash values match, you unlock the software. If not, you display a nicely worded message to contact support (remember, your protection mechanism is a salesman).

If you are interested in the math behind encryption, which gets kind of heady, Wikipedia has a nice article on RSA. I’ll give you my dirty little secret: I’ve got a very incomplete understanding of a lot of the number theory involved, and I don’t trust myself to implement encryption. Neither should you. Really, trust Bob Schneider, you’ll probably just end up breaking something. Instead, take the crypto library which comes with your package of choice, and USE IT. Look for “MD5 digest” or “message signing” in your documentation if you’re unfamiliar with the whole field and just want to be done, quickly.

2) Everything else. Any other mechanism is insecurity which you’re tolerating for the sake of preserving your time as a developer. With that in mind, for preventing casual piracy you don’t need to go as far as public key crypto, although I would oh-so-strongly suggest doing so. I ignored my own advice though, and did something similar to the following: take two random constants A and B, which are “secret” in the sense that you have to actually decompile my program to find them (“But Patrick, thats not very secret is it. After all, the program is in the hands of the adversary.” EXACTLY). if (serial ^ A) % B == 0, then the serial is good. Note this doesn’t allow for any use of identifying information, and was chosen totally because I could implement it in 30 seconds. If I did another product today, I would spend 30 minutes instead and use Java’s excellent crypto libraries. The weaknesses of my approach are obvious: with access to the code breaking it takes a matter of seconds, one serial number will work for any number of computers, etc etc. But it was sufficient to my purposes because my target customer has enough difficulty getting a legitimate version installed, to say nothing of navigating the dark corners of the Internet where the keygens flourish.

Where/when to check the serial number: I check once on startup. A lot of people say “Check in all sorts of places”, to make it harder for someone to crack by stripping out the check. If you want to be particularly nasty to the cracker, check in all sorts of places using inlined code (i.e. DON’T externalize it all into SerialNumberVerifier.class) and if at all possible make it multi-threaded and hard to recognize when it fails, too. But this just makes it harder to make the crack, not impossible, and remember your goal is generally not to defeat the cracker. Defeating the cracker does not make you an appreciable amount of money. You just need to defeat the casual user in most instances, and the casual user does not have access to a debugger nor know how to use one.

Alright, that about wraps it up. This article is a work in progress, so I might beef it up some more, perhaps with code samples or techniques to impose, e.g., time limitations. Someday. In the meanwhile, I hope you learned something.

[Edit: Yo ho, me hearties.  If ye be wantin’ to stick it to a pirate without having to program a thing, cast yer glass over this way.]

Comments Off

Yay, 1.04 Out The Door

Posted on September 3, 2006 by in Uncategorized

Its actually going out right now (go go gadget Robosoft!  I love not having to submit to half a zillion places by myself)

New features of note:

  • Mac version (side note: make one PAD file for Windows, one for Mac.  It will make submitting with Robosoft a lot easier for you.  Trust me on this.)
  • Beautiful new look and feel courtesy of stock icons
  • Word wrap within cells
  • Font family and size are now selectable
  • Ability to center a single card on the page (Remember Sally?  She asked for this.  What Sally wants, Sally gets.)
  • A few minor bug fixes (all display related).

If you want to try out Bingo Card Creator 1.04 why don’t you mosey on over to my website or check your favorite download site over the next couple of days.

Comments Off

What Should Starbucks Do

Posted on September 1, 2006 by in advertising, marketing, support

I spotted this on Seth Godin’s blog.  Starbucks had an incredibly ill-conceived promotion where they mailed some fraction of their employees with an email coupon for a free iced drink, then told them to mail friends and family members.  Oh boy, a chain letter, no possible way that could get out of hand, right?  Well, it did, and as a result Starbucks canceled the promotion.

Seth opines that, were it his call, he would have notched the driver’s license of anyone who used the promotion and given them the free drink.  The business problem this solves is that it prevents someone from going to the 46 Starbucks within walking distance from, say, the Sears Tower and getting 46 free ice lattes or whatever it is Starbucks sells.  His rule #3 (“We never accept online promotions.  However, if you were scammed by one, have *a free premium which the company can give out almost at will*.”) is, in my opinion, a brilliant solution to this problem for a chain which doesn’t have it yet.  But it doesn’t help Starbucks since they can’t force the cat back into the bag.

Here’s my solution: for every customer who comes in asking for their free iced fraparamadingdong, tell them “We’re very sorry, that promotion has been abused so we have to ask you this: what’s your first name and the last four digits of your telephone number?”  Then make a show of writing it down, and give them the product.  The only purpose of this system is to keep honest men honest and to remind folks that there is no presumptive right to free Starbucks, the way that many college students have come to believe that there is a presumptive right to free music.  The information collected can’t be enough to make a person hesitate for fear of their privacy, but that plus the fact that it is recorded is just enough to make them remember “Oh, thats right, I’m being watched”.

Here’s the rationale: the impact of one scammer who realizes he can beat the system (and, if you think of it, there is no system to beat here) is one ice drink per store.  The stores are franchises so you basically evaluate the damage to their profits on an individual level, where 1 or a 100 ice drinks is pocket change (here’s the secret to Starbucks: no matter how much they charge you, making the drink didn’t cost more than 10 cents!).  The damage to the brand from having to put that sign up everywhere, on the other hand, is at literally many orders of magnitude above the individual store.

Comments Off

How NOT to do your license key checking

Posted on September 1, 2006 by in Uncategorized

Proving once again that encryption/hashing by itself will not make your system secure.

Comments Off

August Numbers

Posted on August 31, 2006 by in stats

First, a disclaimer: Due to my own lax recordkeeping, the issues with running a business with the International Date Line between me and most of my customers/suppliers, currency exchange issues, and other reasons, these numbers may be off by a little bit.  I’m sorry to give you analog accuracy in a digital world, but its the best I can do without spending too much time playing accountant.  And, after all, I have a release to finalize :)

There’s a recurring issue here: do I count expenses based on when they are charged or when they are incurred?  i.e. if I prepay for 3 months of GoDaddy, like I did, do I count that whole expense in August or spread it out?  Where possible, I’m going to divide out recurring costs over the length of the term.  While this means you can’t see my exact bank statement/cash flow, suffice it to say that it stays positive and thats all you really needed to know, right?

Sales:

Through Paypal: 13 (+1 return)

Through eSellerate: 1 (didn’t trust Paypal)

Gross sales:  $349.30

Net sales:  $333.54 (subtracted out payment processor charges: $1.02 for each Paypal, $2.50 for eSellerate)

Expenses:

Recurring expenses:

Web site hosting: $10 (Linux hosting + Traffic Facts through GoDaddy)

e-junkie (payment processing): $5

Yahoo Search Marketing: $30 (since canceled)

Google AdWords: $90

Subtotal recurring expenses: $135

One-time Expenses:

Stock icons from icons-icons.com: $29.95

RoboSoft Registration: $99

2 postcards to RoboSoft authors: $1.50 (the first got returned today due to my atrocious handwriting, so I have to resend one)

Allume’s Stuffit: $29.99 (thought I would need it for shipping Mac orders.  My mistake.  Whoops.  Ah well, I feel better about using their Stuffit Expander for the last 10 years now.)

Rentacoder port to Mac version: $40 ($25 bid + $15 tip)

Subtotal for one-time expenses: $200.44

Total expenses: $335.44

Profit: -$1.90 (Wahoo!)

Well, honestly, I thought I was going to post a minor paper profit.  Hmm, I guess thats why we write things down.  In terms of cash flow, as mentioned above, I am minorly positive, because this shows me booking about $50 of AdWords expenses many weeks ahead of being billed them (weeks in which I will, obviously, have additional sales).

If I knew earlier what I do now, I would have gotten the Mac thing done for free by an microISV contact, and not paid for the Stuffit registration.  Ahh well.  Small beer, in the opinion of somebody who can’t drink for fear of killing himself.

OK, back to the fun statistics:

I’m going to discontinue giving the Yahoo stats.  I just don’t find them credible after doing the auditing for the last month, which is the proximate cause of me discontinuing my subscription with them.  That plus the fact that I’ve finally succeeded in pushing my AdWords spending down to my target.

As with last month I have two AdGroups.  The first is pitching vocabulary bingo, the second Bingo Card Creator itself.  I’m going to show you the full monthly stat summary and also the last week’s stat summary so you can see an indication of how things are improving through periodically shifting bids, ad texts, and landing pages.  Unfortunately I can’t tell you exactly how effective they were at driving sales because I just realized the last time I touched my thanks-for-your-purchase page I borked the Javascript on it, costing me the last week work of data.  D’oh.

Incidentally, results for the vocabulary group are heavily depressed by the long experiment with that “give teachers free lists” thingee. It worked great for getting me inbound links but not so great from a conversion perspective (that one add has like a 10% CR and 20% CTR, costing me a lot of money for not a lot of gain.  Basically it ended up being $30 given to charity for PR value.)

This Month / This Week:

Vocabulary Bingo:

Impressions: 27,000

CTR: 2.54%

Avg. Position: 2.7
CR: 16.86%

CPA: $.34

Bingo Card Creator:

Impressions: 7,700

CTR: 5.80%

Avg. Position: 2.0

CR: 22.76%

CPA: $.45

 

Although you can’t tell it from the whole month’s stats at a glance, recently I have made my $.30 a download target.  Yay me.  The secret: continuous improvement of ad texts and landing pages, plus a recent ruthless culling of every keyword which wasn’t performing well enough to justify keeping.

Alright, how about some website stats:

Visits: 4,175

Trial downloads (from site):670

Trial downloads (download sites which hotlink, so they show up in server logs — this is a guesttimate at best due to the cruddiness of my logging): 500

Confirmed trial downloads (someone selected a link within the application): 100

Download.com trial downloads: 150

Major sources of hits (trial demo CR in % following):

Google CPC:1,000 (21.6%)

This blog:  894 (5.7%) — N.B. I was Slashdotted once, which accounts for most of them.

Google Organic: 587 (16.18%)

Microsoft Organic: 526 (17.3%)

Single Post On Teacher Bulletin Board: 150 (27%) — I love my adoring fans.

Major Download Sites:

Download.com: 130

AllApp: 40

SurfPack: 40

FreeDownloadCenter: 25* (also sent a good deal of traffic directly to site — in the hundreds)

FreeDownloadManager: 25

Incidentally, the next 40 download sites on the list sum to about 60% of the total of these.  Yep, Long Tail in action.

Comments Off

How much content does your website have?

Posted on August 31, 2006 by in advertising, SEO

Sometimes I visit uISV websites which are very minimalist: they have about 5 pages total.  One page about the product, one for ordering, one for support, one about the company, etc.  My website isn’t exactly a monster (probably on the order of 25 pages at the moment), but I have significantly more content than websites organized like this.  And it makes me probably $50 a week, which is not a bad return for writing a few extra pages about elementary school bingo variants.

Why do these free articles and free resources make me $50 a month?  Because they bring in traffic and, more importantly, they bring in my niche on generic search engine terms.  I currently do obscenely well on MSN and Google in terms of organic search traffic, and the overwhelming majority of it is for Long Tail queries which you just won’t get if you don’t have the content to justify it.

For example, I wrote about 200 words on one of my pages about icebreaker bingo.  That content was picked up by 12 searchers in the last seven days and generated 4 downloads.  Four downloads is worth in excess of a dollar to me (at my current CPC prices, about $1.20 actually), and that content keeps paying me a dollar week after week.  (Yeah, minor niggle: if folks never buy, then its not really worth a dollar.  But they do.  I got two sales this week from customers who came in from organic search traffic.)  However, without the search engine being told a couple of times that icebreaker bingo is a use case for Bingo Card Creator, it won’t infer it on its own.  Which is why programs which trounce me on the search engine rankings for generic queries like “Bingo Card Creator” (grr, Google, how long until I can be the #1 result for the name of my company?!) show up exactly nowhere.

Another thing content does is that it performs SEO for keywords you haven’t thought of yet.  In the last 7 days, I got approximately 400 hits and 80 downloads from organic Google and MSN.  The most common search term there was Bingo Card Creator, with approximately 5% of the total queries.  The rest were, in general, a veritable deluge of once-in-a-lifetime queries… the kind that natural English snaps up like hotcakes and all the SEO in the world won’t get you.  You know, queries like “free download word bingo literacy” (sidenote: she evidentally cared a lot more about “word bingo literacy” than “free”) or “dolch preprimer home cards”.  (Quick comparison: I also spent approximately $20 for 260 hits and 50 downloads from AdWords.  Which has not generated a sale yet this week, I think.  D’oh.)
Content also has a nice property called linkability.  Very few people are going to say “Wow, check out this trial demo download” (if they do about your software, mazeltov, you are going to be rich like a king).  However, if you put up, say, a page about how to use bingo to assess reading difficulties, teachers will swap it via email, link it on their blogs, and chat about it around the water cooler.   Which brings in more eyeballs, more PageRank, and more downloads.  Yay, a positive cycle.  Plus you’re providing a service of use to people and thats always a good thing, even if they don’t end up buying from you.

A suggestion, though, since you do want to encourage people to eventually buy from you: aside from the obvious Download Free Trial link that you should have on every page of your website, have the text of your content plug your product wherever it is natural to do so.  If its not natural to do so, maybe you should be writing different content.  I like plugging Bingo Card Creator once early in the text (“If you don’t have a set of bingo cards, you can generate one in seconds with the free trial of Bingo Card Creator”) and then once after the end (“Looking to do something else with sight word bingo?  Why don’t you make yourself some cards with the free trial of Bingo Card Creator”).

So, if you’ve got a website which looks spartan at the moment, consider sprucing it up with some content of use to your target user.  More of them will come visit your page, and hopefully some of them will stick around to see what you have to offer.  (And remember, serving pages is essentially free at the margin.  For the 80% of folks who visit my Dolch sight word lists and leave without viewing another page on my website I pay, well, absolutely nothing.)

Comments Off
Older posts
Newer posts