Dear Nashbar: Get a competent IT team
For the second time in a couple months, I've noticed Nashbar's site is impossible to navigate. Categories don't display and product pages are only accessible directly.

Now, with any online store, shit breaks from time to time. That's fine, it should be expected and planned for from a business standpoint - usually so these types of issues can be resolved with a minimum of downtime.

But that's not the problem here. This is the problem:



Why would Nashbar, which otherwise appears to be hosted in Chicago, be loading a script from a sketchy Chinese domain? It's simple: they got hacked. I'm assuming the back-end code their site runs on does not adequately protect against SQL injection, as that's a fairly common attack vector. As such most e-commerce back ends (assuming theirs wasn't developed in-house) should have had patches released to protect against this type of attack long ago.

There's only one conclusion here: Nashbar's IT team is unable to keep their site secure. And while this particular issue is not likely to compromise credit card data on the Nashbar side (most browsers will generate a big scary warning if an unsecure script is loaded on a secure page, or if it attempts to load a secure script which doesn't have a legitimate certificate), it does appear to be designed to exploit PCs which access the site, with a likely end result of being added to yet another giant botnet. At that point there may be risk of credit card data theft - or worse, identity theft - due to keyloggers on the system, as well as botnet operators having direct access to any files on the PC (tax returns, bank statements, financial records, etc.)

In any case, it's completely unacceptable for a high-traffic online store such as Nashbar to be affected by such an exploit - even just once. But the fact that I've seen this exact issue on their site twice recently (visiting once or twice a week) indicates that they are unable or unwilling to resolve the root cause, and similarly unable or unwilling to fix the resulting problems within a reasonable timeframe when they do occur. At my employer, a 'reasonable timeframe' is a matter of minutes in most cases - here, my observations suggest these issues have persisted for days at a time.

My business is going elsewhere, and I would urge any of you who may have considered purchases from Nashbar to avoid them as well until they publicly address the issues I've outlined and confirm they have resolved the root cause.
- posted by vcmc @  8/17/2008 02:25:00 PM  |  0 comments

 
I would not put this on my bike. Ever.


Yeah, yeah, regular bike seats cause penis issues. But this thing is a) fugly, b) lame, and c) slow - how the fuck are you supposed to stay on it unless you sit compeltely upright on your bike? which, again, is b) lame, and c) slow.

http://www.healthandmen.com/2008/08/07/no-nose-bicycle-saddles-improve-penile-sensation-and-erectile-function-in-bicycling-police-officers/

Maybe we need some sort of elaborate rock-climbing-type harness suspended from front and rear. Only I suspect that would look more 'wtf' than the latest mountain-bike monstrosity from Target:

- posted by vcmc @  8/08/2008 11:54:00 AM  |  0 comments

 
protest at the Fed
Some of these signs are pretty awesome.

http://cunningrealist.blogspot.com/2008/07/bens-noisy-lunch-hour.html

But this raises the question: why aren't more people pissed off enough about this to do something? Is it because it takes a little knowledge of econ and finance to understand what's going on - vs. the relative simplicity of anti-abortion (stop killing babies!) or animal rights (omg they hurt bunnies!)?

Since when do people care less about billions of dollars than they do about research involving rats or rabbits? BILLIONS OF DOLLARS. seriously.
- posted by vcmc @  8/05/2008 02:18:00 PM  |  0 comments