www.webdeveloper.com
Results 1 to 12 of 12

Thread: Beta testers wanted

  1. #1
    Join Date
    Apr 2010
    Posts
    213

    Beta testers wanted

    We need some beta testers for LappyTrack.com. If you have a laptop you'd like to protect with a tracking and theft prevention system, we're giving away a limited number of free three month subscriptions to beta testers. All we want in return are honest evaluations. Register for free and leave a message in the forums if you're interested.

    If you don't want to try out the system, a website review would still be greatly appreciated.

    Thank you in advance.

    Chipzzz
    http://www.LappyTrack.com

  2. #2
    Join Date
    Aug 2006
    Posts
    89
    Not bad. The design is clean and easy on the eyes. I have to minus some points for the generic MS word-style clipart. And the banner below makes me wonder if this business makes any money that the webmaster has to support it with ads. Other than that, not a bad site at all.
    "It'll could only cost you your life--and you got that for free."
    Forgotten Games

  3. #3
    Join Date
    Mar 2010
    Posts
    672
    First off, i'd like it stated that i prefer to receive the harshest criticism myself, as its generally the most useful, and i carry the same sentiment when giving criticism, so i apologize if the following seems rude.
    With that said, i must say, the site feels amateurish to me. The main issue is that you're selling something, in this case a service. One large barrier to online purchase is the "trust" factor. And many individual items contribute to this factor. One such thing being the aesthetic value. If a site looks professional it ups the trust factor, if it looks like its been made by a guy taking his first web class, it will decrease trust. Your site not only flaunts pure aesthetic imagery, it also has lacking structure. Sure you have the larger text on top and work your way down to smaller text, but that is only one aspect of text structure. The other is contrast, with higher structure items having a higher contrast due to their relative importance. The issue then is your use of colors. One trick you can do is to take a screen shot of your site, then desaturated it entirely. This will give you a true sense of underlying contrast, without the colors to interfere with judgment. This will show you that you have a confusing mixture of structural elements that make it difficult for a first time visitor to find a location of focus.
    Next thing, red and yellow are the worst color combo's you can use (with rare exceptions, aka mcdonalds). Its not only worse for regular individuals, but its also the worst color combo for those with partial and/or full color blindness, they'll essentially see no text.
    Next item, is that your site design is too cartoony, not only lowering the professional aesthetic bar, but also sending confusing messages. If you want people to convert (aka eventually buy your service), you need to put them in the right mindset. In your case, it is fear, fear of their laptop getting stolen, however your cartoony design mitigates the initial fear associated with the subject, and actually downplays it. This is a bad move to make.
    You also do not want to have your version of "call to action" be large multicolored font, as stated earlier, that lowers the professional aesthetic.
    Well, thats all i have for now, hope that helps!
    Last edited by Jarrod1937; 04-18-2010 at 06:41 PM.

  4. #4
    Join Date
    Apr 2010
    Posts
    213
    Thank you both very much. It took so long to receive a review that I was beginning to think that the site was so bad that nobody wanted to break the news to me.

    Meinsla, I thank you for your assessment of the clipart, and I must admit that it is public domain art that I tidied up and modified a bit to suit my purpose. Also, your observation that the site has yet to make any money is correct, but mistaken in that the banner is there for the money. I suspect that mine is my host's first Drupal site, and an unusually demanding one at that, and they went to great lengths to provide me the most extraordinary technical support imaginable. I thought that a banner ad was the least I could for them. If it makes me money, that's fine, and if it doesn't, that's alright too, but that isn't really why it's there.

    Jarrod, if 1937 is your year of birth, please let me first congratulate you on your remarkable ability to keep abreast of the latest technologies and on your keen sense of design aesthetics in your golden years. I'm not that far behind you in longevity (1948), and am returning from a lengthy sabbatical from the technical field. I very much appreciate your "harshest criticism" in the spirit in which it is offered. A site entering its production stage would likely be a dismal failure without such stringent evaluation. I would point out, though, that Lappytrack is still in its beta stage, and consequently, I have yet to advertise it or to present it as a fully functional, production site. Thus, while some of your comments may have sounded harsh, they are hardly either unexpected or undeserved. Far from a dismissal, however, they have already awakened an awareness of several design considerations that I had either forgotten, not thought of, or in some cases (*blush*), was completely unaware. I thank you very much for them and will give each one, individually, considerable attention for the production implementation.

    I thank both of you very much for the reviews and would like to extend to you an invitation to test the system as my guest for as long as you like (if you have the time). Just sign up for the free trial, install the client, and let me know it's you in one of the review forums. I'll upgrade you to subscribers at the super-special beta tester introductory price of $0 per year , and when you have a minute, if you could give me your opinion of the client installation and any other thoughts you may have, I would very much appreciate it.

    Note: Quite frankly, I would be very reluctant to install software from someone I didn't know on any of my machines, but if you try it out in a virtualbox, Sandboxie, VMware, or similar host first, you can ensure that it is malware-free without any risk, and you will still be able to re-install the software and use the account on the laptop of your choice when you're comfortable with it.

  5. #5
    Join Date
    Mar 2010
    Posts
    672
    I'm sorry to say that the 1937 does not correspond to my age, the numbers have a long story behind them, i am actually 22. Though it is always funny when people think that on halo, as they think a 73 year old guy is kicking their butt
    Though i must say the same to you then, at 62 you are doing an excellent job with keeping with the latest technology. Out of curiosity, what technical field specifically were you in?
    As for testing out your software, you're right, right away i have that trust issue... and this is coming from a guy who knows you're probably legit. This carries over from my previous post, the trust of the user is key, especially when you're selling a service for which is installable software.
    As for comments about your software, especially info listed on your "what is lappytop", a few things:
    1.) You suggest giving a warning that lappytop is used on the premise, however i'd argue that is a very bad idea. Anyone stealing the laptop could easily lookup the software and thus easily disable it.
    2.) You seem to perform a trace route to help deter wan ip spoofing (which actually is not possible if you want 2 way communication, as far as i'm aware). However, this does not prevent them from using a proxy, in which case you'll be grabbing and locating the proxy server.
    3.) What is to stop the person stealing the laptop from wiping the drive right away? I'm sure even the most basic thieves would attempt this. And if they want to sniff for personal data first, they could simply open the laptop and login without going online. You may think this hinges on them knowing about the program, but i'd gather the first thing a thief would do is hunt for personal data, and then worry about connecting to the internet later (especially if they are using some sort of wireless security).
    4.) What is to stop the thief from simply removing the app?
    I haven't installed it myself yet but i'd bet its easily disabled through autoruns.

    I guess the program hinges on the thief not knowing and using the laptop in its current state. But this then assumes that all accounts, or at least the admin account is wide open, so they can use it without having to use a low level password cracker.
    I'm not trying to put down the program at all. If fact i think its a good idea, however i'd look into ways which one could too easily figure it out and/or bypass it all together, then see if there are ways to make that more difficult.

    p.s. as a side note, you may want to consider implementing geoip location. Its a perfect fit for your app, maxmind is one excellent source that we use.
    Last edited by Jarrod1937; 04-19-2010 at 02:50 PM.

  6. #6
    Join Date
    Apr 2010
    Posts
    213
    Thank you, Jarrod, both for the kind words to a geezer , and the extremely thoughtful comments. Let me take the liberty of correcting you about the name before you develop a habit that will be nearly impossible to break. It's "LappyTrack", not "LappyTop"... derived from the British slang "Lappy" for laptop and the obvious tracking function that the software performs. To answer your first question first, I've been playing with electronics since I was a radio amateur fifty years ago. I built digital projects when RTL (resistor-transistor-logic) was the state of the art, and a functioning 4004-based micro-computer. My first "real computer" sat on an S-100 bus and boasted a lightening-fast 4 Mhz Z-80 CPU and 16k of RAM. I've seen microcomputers come a long way. I've worked in many electronics and computer related fields, from repairing televisions to building smart computer terminals that were on the cutting edge of technology at the time. Most recently, I whiled away the hours delivering fast food and lounging in the proverbial fields of Elysium (which has evidently been transported to Massachusetts). Sadly, I'm beyond the age at which that is a viable career choice. But enough about me ... Let me address your reservations in order:

    1) As described on the site, a warning that LappyTrack is in use on the premises and may or may not be on any particular laptop found there would seem to me to be a more powerful deterrent to a potential thief than the certainty that it is somewhere on each an every laptop on the premises. During a standard installation, LappyTrack can be assigned to be any desired subdirectory in the Program Files directory and even the name of the exe can be changed to suit the installer. A custom installation would not even require it to be in the Program Files directory. Given that variability, if a laptop is configured to boot to a user with limited permissions without a login (instructions are provided), it would be virtually impossible to find and disable the software within the three minutes (max) it waits to contact the servers, even if the permissions could be obtained somehow.

    2) Only one-way communication is required, and as far as I know right now, examining proxy logs only slows down the process slightly and does not defeat it, although I am looking into this more closely.

    3) There is no way to prevent someone from defeating the system either by wiping the drive immediately or by stealing data from it somewhere where there is no internet access. Since Microsoft is constantly at work preventing bootlegging of their operating system, however, the first option is becoming increasingly difficult and the second is mitigated by creating the unprivileged user boot as described above. Good password protection and an encrypted disk would further complicate efforts to steal data in that manner.

    4) I think the unprivileged user, without access to the full disk or the registry (from which LappyTrack starts by default), and without even knowing the name or directory of the exe would have a hard time disabling the program.

    Thank you also about the suggestion of MaxMind. I've been thinking about geolocation and will be looking into it.

    Once again, thank you for your excellent and thoughtful questions, and if I have left anything unanswered or if you can think of something I haven't thought of, please let me know. No security system is perfect and there will always be a way to defeat it, but I'm trying to make that as difficult as possible. I really appreciate the time you have devoted to this and hope ultimately to be able to reward those who have contributed to the project with more than a "thank you" and a free subscription.

    Have a nice day,

    Chipzzz
    Last edited by Chipzzz; 04-19-2010 at 04:50 PM.

  7. #7
    Join Date
    Mar 2010
    Posts
    672
    Let me take the liberty of correcting you about the name before you develop a habit that will be nearly impossible to break. It's "LappyTrack", not "LappyTop"
    Lol, Sorry about that, not very good with names, people or otherwise

    I built digital projects when RTL (resistor-transistor-logic) was the state of the art
    That is quite a while back then

    2) Only one-way communication is required, and as far as I know right now, examining proxy logs only slows down the process slightly and does not defeat it, although I am looking into this more closely.
    TCP is a stateful protocol, and it requires an initial handshake for communication. As such one cannot spoof their wan ip if they wish to communicate over it, because of the initial handshake and continued communication:
    1.) You send a connection request (a SYN) to a server with your spoofed wan ip
    2.) The server receives it, sends a SYN ACK back... but to the ip specified, the spoofed one.
    3.) The end... the server never receives and ACK and the connection is aborted.

    Sure you can spoof your wan ip, but its not very useful.


    4) I think the unprivileged user, without access to the full disk or the registry (from which LappyTrack starts by default), and without even knowing the name or directory of the exe would have a hard time disabling the program.
    How much you want to bet?

  8. #8
    Join Date
    Apr 2010
    Posts
    213
    This is definitely food for thought! Thank you very much... I have a project for this evening and I'll let you know how it turns out. Also, you're right about the rtl... it was way back in the dim past.

    Anyway, thank you very much for your thoughts and comments. I appreciate them very much, and if you think of anything else, please let me know. Also, if you feel the urge to try the system out, you are more than welcome. Just let me know it's you and I'll upgrade your account when I see it.

    Thank you again,

    Chipzzz

    P.S. -
    Lol, Sorry about that, not very good with names, people or otherwise
    Don't sell yourself short . Thanks again.

  9. #9
    Join Date
    Apr 2010
    Posts
    213
    Jarrod,

    Thanks for that heads up about Windows security. I didn't realize that Micro$oft's only security measure before Vista was WGA (rofl). Now I have some more thinking to do .

    Have a nice evening,

    Chipzzz

  10. #10
    Join Date
    Apr 2010
    Posts
    213
    Quote:
    4) I think the unprivileged user, without access to the full disk or the registry (from which LappyTrack starts by default), and without even knowing the name or directory of the exe would have a hard time disabling the program.
    How much you want to bet?
    On a Win-7 box I'd bet Broadway & Park Place, too. The others aren't quite as thoroughly tested yet .

  11. #11
    Join Date
    Mar 2010
    Posts
    672
    Quote Originally Posted by Chipzzz View Post
    On a Win-7 box I'd bet Broadway & Park Place, too. The others aren't quite as thoroughly tested yet .
    Unless the filesystem is encrypted you can still easily disable it by loading an offline registry editor up and removing the system startup entries.

  12. #12
    Join Date
    Apr 2010
    Posts
    213
    Quote Originally Posted by Jarrod1937 View Post
    Unless the filesystem is encrypted you can still easily disable it by loading an offline registry editor up and removing the system startup entries.
    I'm reasonably sure you can't gain access without hacking into a privileged account, which is another type of security issue altogether. To properly secure the machine, however, I heartily agree that the disk should be encrypted. The remaining danger, the wiped disk, limits the damage to the price of the laptop and requires that the thief obtain a new OS for it. Window$ is becoming more expensive and harder to bootleg all the time. Looks like its becoming increasingly difficult to make a living as a computer thief .

    Thank you, by the way, for that exercise. I work mostly on XP machines (old habits die hard) and in trying Lappy on a Win-7 box, I installed it and it just worked. More recently, on a fresh install, UAC was turned on and the situation was quite different . I learned a great deal about Win-7 security this week (which is quite impressive in comparison to its predecessors). The solution to the immediate problem was quite simple but the journey there was full of interesting twists and turns .

    Have a nice evening & thanks for the feedback.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles