Naming and storing auction pictures and data

Posted on 27 May 2009 | by Aaron Traffas, CAI, ATS, CES | 12 comments

By far the most important part of advertising an auction is the item-level listing on the Internet. With that listing, a prospective bidder can find the items he’s interested in, not just a prospective auction that he may or may not have the time to investigate. One of the two crucial parts of listing an item for auction is the picture.

This article is the first in a series about how to handle auction pictures, from storing them to processing them to posting them on the web.

We’ve seen many cases where an auctioneer’s pictures for auctions were stored separately from the spreadsheets used to list the items. We’ve seen cases where one auction’s data was on one computer and another auction lived on a different computer. We’ve seen cases where it took an auctioneer 10 minutes to find the pictures of an item.

All data relevant to a specific auction should be stored in one place, be it a server in the office or a specific computer on a home network. This recommendation doesn’t mean that multiple people can’t work on data simultaneously, it simply means that when everyone is done they should store the files in a logical manner.

We recommend having a primary directory – a directory is the same as a folder – that contains all data relevant to all auctions. Inside this directory, create a folder for each year. Inside the appropriate year’s folder, create a folder for each day you have an auction. Most importantly, name this auction directory using the International date format. Before you wind up your propeller hat, here’s an example image that illustrates this hierarchy.

storing auction data

Naming and storing auction data

As you can see, this model is completely scalable regardless of the number of auctions you do. The benefit of using the international date format to name your auction directories is that they will always sort themselves chronologically. In order to find a file related to a specific auction, you’ll only have to know the date. This method is much better than some of the others we’ve seen, such as having a folder for each seller or naming the auction directory after the auction title, both of which require a better memory and better folder sorting skills. Do you have two auctions on the same day? Create a subdirectory within each day folder with the auction name.

We’re really big on organization, and so you’ll see in the image above a few folders inside the day directory. Each picture you post should be edited with picture editing software, and in future articles we’ll look at different programs and processes to perform on the images.

Originals
An important rule regarding picture storage is to always keep a copy of the original pictures you take for each auction.  You never know when you’ll want to use a specific picture for print advertising or when you want to re-process a picture to highlight a feature that you cropped out in your first pass. Once a picture has been properly processed and saved for the web, it’s no longer of high enough quality to use for much else.

Uploaded
We like to always keep a copy of the pictures we’ve uploaded to the web. That way, if something happens to our web server or if we overwrite the wrong folder or accidentally delete a directory, we’ll have an easy way to reupload the missing pictures from our local storage location.

Spreadsheets
The spreadsheet is still the clear leader in the way that item listings are generated. Sure, text documents are still widely used by auctioneers who don’t list at item-level (a big paragraph of items is NOT item level), but spreadsheets are the way to list items. We like to save many and save often.

You can have many other folders of file type such as marketing or video – or you can dump everything into the same folder. Find what works best for you. The important components to a data storing strategy is to find a logical system, store everything in one place, and do it the same way every time.

Do you have a better system? Let us know in the comments.

Posted in software | Tagged , , , , , |

Reading plain text email is safer and faster and preserves privacy

Posted on 26 May 2009 | by Aaron Traffas, CAI, ATS, CES | Leave a comment
screenshot of an email inbox filled with spam
Image via Wikipedia

We try to cover basic security best-practices as much as possible. We talked about the value of NoScript, a Firefox plugin that prevents JavaScript from loading on web pages unless specifically allowed by the user. Today, we’re going to examine why reading email as HTML is a bad practice from a privacy, security and usability standpoint. We’ll also look at how to fix your email client to read all messages as plain text.

HTML stands for Hyper-Text Markup Language and is the foundation of the modern Internet. It is the way web designers can specify that certain text should be linked to other web pages and how images can be displayed on websites.

Email was never intended to be anything other than a messaging system. At some point, email clients began using a browser or browser-like rendering system to display any HTML in emails graphically. As if this wasn’t bad enough from a usability and privacy perspective, it soon followed that they began to interpret scripting as well, thus bringing all of the security dangers of malicious websites to our email boxes.

Privacy
Reading HTML email is bad from a privacy perspective. There’s a great article at About.com by antivirus professional Mary Landesman called Why plain is better. It states the following.

HTML-rendered email can be virtually wiretapped through the use of invisible images, specially formed links, and other techniques that allow email to be tracked. For example, unique serial numbers are often assigned to invisible images stored on a remote server. Each time the email is read, those images are accessed, providing a record of whether the email was opened.

Imagine if each time you checked your post office mail box someone recorded which letters you opened and sent a report back to each sender. It’s amazing that the objections regarding government wiretapping and the privacy of medical records are made by the same people who haven’t secured their inboxes from such observation.

In addition to tracking image loads, many times the links themselves are coded so that the sender can know exactly which link you click. The link connected to the words website.com at the top of the email may be a different link than the word website.com at the bottom of the email.

The same tracking systems in HTML used by over-zealous marketers are also used by spammers to tell if inboxes are valid. An email address that consistently loads the HTML-included image means that spam sent to it is being read – or at least opened – and is a much higher-value target than an email address that never loads the image.

Security
Reading HTML email is bad from a security perspective. Phishing is a common practice wherein a user is tricked into providing login credentials, like a username and password, or other sensitive data such as credit card information to a malicious website. One of the many possible baited-hooks used in these attacks is sending an email that looks like an urgent and official email from your bank. The pretty picture says click here to login and takes you to a web page that looks just like your bank’s login page. What you don’t notice is that the URL is slightly different. When you submit the form with your username and password, the malicious page sends your information to the hacker who then can use it to login to your bank’s real website.

Scripting refers to the ability of a program to interpret commands given to it by the content of the document it’s rendering. It’s very common on web pages, but has begun to creep into other types of documents where it doesn’t belong. PDFs, spreadsheets and email are just a few of the types of content that now interpret scripting and now have the associated security issues.

Scripting allows documents to essentially run programs on your computer. Benign scripts may simply ensure that the data you enter into a PDF form is valid, triggering a pop-up if you try to enter a letter into the phone number field. Malicious scripts, however, can be much more pernicious.

Steve Gibson from Gibson Research Center explained one possible scripting use in episode 52 of the Security Now! podcast.

standard JavaScript with no bugs, no exploits, no buffer overruns, no mistakes at all, can be used to port scan your internal network, identify devices, take them over, reprogram them…

Unfortunately, many email clients that render email as HTML allow JavaScript to execute when the document is loaded, so even the simple act of selecting an email with an open preview pane may be enough to cause serious damage.

Even without scripting, email can make use of advanced HTML and CSS techniques to overlay links on parts of the document that don’t look like links so that an accidental click anywhere might send you to a web site in your browser that has the malicious scripts there.

Usability and speed
HTML email is bad from a usability perspective. If you accept that the purpose of email is simply to receive messages, then what faster way to read those messages than in simple text? The different images, font sizes and color choices can take seconds to adapt to, and content in different areas or columns can be difficult to prioritize. This extra time and confusion adds up substantially for those of us with a lot of email to parse and very little time in which to do it.

Benefits of plain text email
Reading email as plain text solves all of the problems listed above.

  • Plain text email doesn’t support images, so you can’t be tracked by the email senders
  • Plain text email lets you see the links you’re clicking so you can tell if you’re clicking on a link that goes to capitalone.com or one that sends you to capitalone.evilsender.com.ru
  • Plain text email doesn’t support scripting so your email doesn’t try to perform actions on your computer
  • Plain text email is easier and faster to read

Fix your email reader
In defense of email readers, recent progress has certainly improved the security of clients like Outlook and Thunderbird. While they’re improved, they’re by no means completely secure, as each regularly releases security patches and updates to prevent the latest vulnerabilities.

Even if the browser is completely secure and rendering HTML perfectly, a link on an image or anchor text could still send you to a phishing website. Even if you turn off images and scripting and have the latest and greatest anti-phishing software running on your computer, you’re still left with the annoyance of varying typography and colors that simply aren’t an issue with plain text email.

Outlook
Here’s how to fix Outlook 2003 from the Microsoft support article on the subject.

  1. Start Outlook 2003.
  2. On the Tools menu, click Options.
  3. On the Preferences tab, in the E-mail area, click E-mail Options.
  4. In the Message handling area, click to select the Read all standard mail in plain text check box.

Here’s how to fix Outlook 2007 from the Microsoft support article on the subject.

  1. Start Outlook 2007.
  2. On the Tools menu, click Trust Center, and then click E-mail Security.
  3. Under Read as Plain Text, click to select the Read all standard mail in plain text check box.
  4. To include messages that are signed with a digital signature, click to select the Read all digitally signed mail in plain text check box.

Thunderbird
Thunderbird is even easier to secure.

  1. Start Thunderbird
  2. On the View menu, click Message Body As and select Plain Text.

Remember that neither modification is permanent. Outlook will tell you that a message has been converted to plain text and if you’ve decided that it’s from a trusted source and for some reason you wish to view it as HTML, you can click the header of the message to do so. All Thunderbird requires is that you simply select view > message body as > original HTML.

HTML is for the web, text is for email. Reading email as simple text is safer, faster and protects your privacy. Soon, we’ll look at this issue from a marketing perspective and learn why sending email as plain text is better for your brand and better for your subscribers and customers.

Posted in software, Security, design | Tagged , , , , , , , , , |

Dimdim is viable free WebEx or GoToMeeting alternative

Posted on 23 May 2009 | by Aaron Traffas, CAI, ATS, CES | 17 comments
Image representing Dimdim as depicted in Crunc...
Image via CrunchBase

We recently had reason to search for an alternative to the overpriced [read: not free] web conferencing solutions such as WebEx and GoToMeeting. A quick Google search revealed a relatively new service that claims to be “the world’s easiest web conference” and 10 minutes into our tests, we believe it.

Firmly grounded on an open-source platform, complete with GPL source code, Dimdim offers an enormously robust service at no cost. While other companies offer a time-limited free demo, Dimdim offers the their service for free for up to 20 simultaneous users.

The biggest problem with WebEx was the download. We’ve been on meetings where participants using Macs were left out in the cold, and we never even hoped – much less tried – to get it to work on Linux. Dimdim offers its service based solely on Flash and claims to support Internet Explorer, Firefox and Safari. We usually have bad things to say about Flash, but this application is a perfect use of the technology.

Not content with simple presentation sharing, Dimdim offers desktop sharing, chat, whiteboard and document sharing. That’s not all. Also included in the free plan is VoIP and a free teleconference phone number. To top it off, the free version allows the presenter to share his or her webcam to provide video to up to 20 meeting participants.

It’s tough for us to remember the last time we needed meeting software to support more than 20 participants, but if that’s necessary, Dimdim can certainly scale up to large enterprise needs at a fraction of the cost of the competition.

The features aren’t exactly easy to find on the website. Here’s the hookup to see features offered and a comparison between the free and paid plans.

Are you stuck with WebEx or GoToMeeting? Have you kicked them to the curb in favor of Dimdim or another service? Let us know in the comments.

CrunchBase Information on Dimdim
Dimdim
Information provided by CrunchBase

Posted in community

Fourth Wave auction software

Posted on 21 May 2009 | by Aaron Traffas, CAI, ATS, CES | 14 comments

wave_extrude

Fourth Wave, LLC

Fourth Wave, LLC, a vendor of auction clerking and cashiering software, has apparently closed its doors.

On May 13, we received an email from an auctioneer claiming that he had purchased the software and needed to contact Fourth Wave but was unable to do so. We noticed that the website, fourthwave.net, was indeed down and we sent an email inquiry.

Later that day, we got another email from the same auctioneer who reported he had just received a letter from Fourth Wave. The letter allegedly contained a refund and stated that the company may be going out of business.

Now over a week later, we have additional reports of other Fourth Wave users receiving similar letters. We still haven’t received a response to our initial inquiry and fourthwave.net remains down.

We were approached in February by Fourth Wave with a request from them to be featured on the Auction Podcast. We agreed but couldn’t nail down a time. This chain of events seems fairly quick, and the strange twist is that their website recently went back up at a different URL with no announcement other noticeable change of content.

Do you have any more information regarding Fourth Wave? Let us know in the comments.

Posted in software, announcements | Tagged |

Traffas and Fine named national institute trustees

Posted on 19 May 2009 | by Aaron Traffas, CAI, ATS, CES | Leave a comment

Here’s a recent press release from the Purple Wave blog. Though it doesn’t mention it in the article, the other new trustee with term expiring in 2013 is Michael Fine, CAI, AARE, executive vice president at Sheldon Good.

at1

Aaron Traffas, CAI, ATS, CES

MANHATTAN, Kan. (May 19, 2009) – Aaron Traffas has been named a trustee of the National Auctioneers Association (NAA) Educational Institute (EI). The NAA Educational Institute offers opportunities for auction professionals to improve their skills and adapt to the rapidly changing industry. Traffas is currently the vice president of technology and auctioneer for Purple Wave Auction in Manhattan, Kan.

“We’re all very proud of and impressed by Aaron’s achievement. The expertise and dedication he’s brought to Purple Wave is sure to be an invaluable tool for the educational institute,” said Aaron McKee, president of Purple Wave.

Traffas is one of two trustees to be selected in 2009, and will provide guidance and oversight to all NAA educational offerings. According to Harlan Rimmerman, director of the NAA Educational Institute (EI), to become a Trustee individuals must be NAA members for not fewer than five years and hold a recognized designation. Trustees serve a four-year term as a member of the nationally recognized board of trustees.

“Aaron was chosen because he had excellent credentials and has been a very active and productive member of the NAA,” said Rimmerman, “He is the youngest Trustee since I’ve been involved with EI and possibly the youngest ever.”

mike_f_detail

Michael Fine, CAI, AARE, CCIM

Though young, Traffas already earned several of the industry’s most coveted professional designations. By completing the three-year Certified Auctioneers Institute (CAI) at Indiana University and also earning the Certified Estate Specialist (CES) designation, Traffas is part of an elite percentage within the auction profession. In 2007, Traffas served on the Auction Technology Specialist (ATS) curriculum development team. Currently, his is also one of two auctioneers involved in teaching the class to throughout the country.

“My experience with system development at Purple Wave lead directly to my involvement with the creation of the NAA’s Auction Technology Specialist designation course,” said Traffas, “The NAA has been very important to my growth as an auctioneer and to Purple Wave’s growth as a company.”

(obvious) disclosure: Aaron Traffas is the author of AuctioneerTech.

Posted in announcements | Tagged , , , , , , , |