Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re:I work in online advertising (Score 3, Interesting) 259

No, the ads just move out of ad spaces into 'native' space, embedded with content and interspersed into feeds and streams. That's what all those sponsored articles and stuff are, and it's really terrible. Don't get me wrong, I'm not particularly pro-advertising, but I see polite, safe ads that are placed into their own corner of a page as a good compromise in order to avoid the corruption of actual page content. I've seen (and run) enough high quality content sites that can't pay for their own hosting or bandwidth, and it sucks to see them go away.

Comment I work in online advertising (Score 5, Informative) 259

But I agree with the general premise. It's just that the picture generally gets complex - let me explain.

The way an ad gets served is this. Places that show ads (websites, mobile websites, in-app ad spaces) are inventory. Inventory is of varying quality - an ad on the front page of the NYT is costly, whereas an ad on housewiferecipes.com or something is dirt cheap. Small sites sell their inventory to brokers, who pack it up with other sites to sell on advertising exchanges (the firm I work for runs one of these exchanges).

On the other side of the issue, advertisement costs money. A firm wanting to run ads will contract with an online media agency, which will create an ad and then find inventory to place the ad in. The firm commits to spending X amount of money for Y amount of impressions (hits), so if the agency can find inventory that performs (hits whatever ad metrics required, such as 'time in ad' or 'number of clicks') while being dirt cheap, it pockets the rest. If multiple agencies bid on the same inventory, the price of that inventory goes up (and the website runner makes more money), so it's a game of scooping up cheap inventory on random sites at the times they're cheap.

Typically, a given source of inventory (a site) will contract out to a large number of brokers in order to guarantee that at least one of them will, upon request, be able to serve an ad in the space. 90% of ad networks vet their ads to run clean, because running a malware ad is essentially a death sentence if you ever want to run any kind of premium ad (the ones that make you a lot of money) or buy premium ad space (lots of premium advertisers will specify they only want premium space, like the front page of the NYT). Above-the-board ad networks will run clean, vet their stuff, and charge a higher exchange fee, whereas unscrupulous networks (many based in eastern europe) will charge a lower fee and let all sorts of shit go through.

What does this mean? An attacker with a crafted ad that can beat cheapo mal-detection can buy cheap inventory on a shady network, intentionally outbid other people and pay a minor premium for that cheap inventory, and get their ads wherever they want. The ad network will get shut down if it was really egregious (since running a malware ad can theoretically open you to litigation from other advertisers on your network), but for every network that shuts down there's another that can pop up promising minimal overhead and minimal vetting.

The only real market solution is to whitelist a certain number of ad networks, and have sites commit to only running ads from those ad networks, but this segments the internet into the haves (premium inventory, high quality sites, premium ad networks, premium ads, all expensive) and the have nots (mom and pop sites with mediocre inventory that nobody visits because of the chance of getting cancer from the shit networks they have to run). Beyond that, this problem is unlikely to go away - it's simply too easy to game the system and put whatever you want into many adspaces.

Comment Re:Insecure ads (Score 2) 199

Third party certification, mostly. There are a number of ad mediation networks (the middle-men who accept ads to distribute to end-sites, and sign contracts with both), and some of them are dirty, others are squeaky clean, because the clean ones will lose all of their high-end clients if they run a malware ad as well as get dropped from most of the high end sites. The only way to even try to fix this is a broadly distributed whitelist backed up by certs, but experience shows certifications are generally not even close to providing enough reassurance.

The person with the real answer to that problem is sitting on multiple millions of dollars. The stopgap (closed garden mobile environments) is unpleasant for everyone involved because of how crazy limited it is.

Comment Re:Insecure ads (Score 1) 199

My firm actually specializes in ads that use javascript calls to webgl to render 3d content. But no, high end brands (i.e. not unscrupulous fly by night credit rating vendors or mugshot extortionists) like luxury cars or fashion control very carefully how their brands are placed in advertising, and everyone realizes by now that pop-unders and similar serve only to destroy brand value, not add to it.

Comment Insecure ads (Score 5, Insightful) 199

Unfortunately, I work in the ad industry, though my firm's clients are premium brands that specifically avoid the undesirable ad types (banners only, no pop unders or bullshit. Those types of ads actually hurt brand value more than anything else). That being said, by far the worst ads are the ones that have been compromised to deliver malware. That really blows the other options out of the water.

Comment "there's not much to indicate difficulty" (Score 5, Insightful) 278

Only complete idiots/tools think this way about any profession. Brick laying looks easy, but I wouldn't trust someone who's never picked up a trowel in their life before to put up a brick wall. Anyone 'outside the profession' should only be concerned that the code works, is maintainable, and is to spec, along with passing a security audit.

Comment What's the problem? (Score 3, Interesting) 188

If you use your card online, you're telling the retailer who you are and where you generally are, and having them do their homework is nothing but a good thing. Making people go through more verification steps if red flags are thrown is nothing but a good thing. If you use Tor and then buy something with a personal credit card or debit card, you're doing it wrong.

If you want to stay anonymous, load a pre-paid debit card and jump through the anti fraud hoops. Nobody said staying off the grid was going to be easy.

Comment Won't work. (Score 2, Interesting) 119

I was at a 'technology literate' middle school when Lego Mindstorms came out, and the school bought a few of them for the school computer club so people could 'program' and 'debug' the RCX robots. It was good fun, but all it taught to kids was a very rudimentary concept of program flow.

If you want to make kids tech literate, you deconstruct something they use in their every day lives, when they're old enough to be capable of it. A good example would be a high school course focusing on high level full-stack design - here's twitter, here's how their servers look like in a very simple way, here's their API, let's do a 2 month project to make a frontend. Or let's make our own mini twitter just for our class, here's a sql server and we can write the backend together over a month or so. That sort of thing would both engage kids and give them useful experience.

A freelance is one who gets paid by the word -- per piece or perhaps. -- Robert Benchley