Fog Creek Software
Discussion Board




Token

If I got it right, this thing starts something like a file server on my machine.
The only thing that will spread like wildfire here appears to be potential security issues...

whatever
Wednesday, October 29, 2003

That and...why? If I want to give someone access to a file on my computer, I have several options:

- email the file. It has to pass through the ether anyway.
- start a FTP/HTTP server, mail the location. SSL- or SSH tunneling for bonus security points...
- if on windows or using SAMBA, giving someone restricted access to a file *should* be straightforward, if (maybe) insecure. Also, just post the location.
- or, even better, if I have a server (which is not the computer I work from), I can upload it there and assuming the other person has user access on the server, just post the location.

Why mail a few kilobytes when you can just mail a few bytes? And if you think it's the UI, the solution would be to have an option to do one of the above things with one click, instead of creating new wheels.

Andre Kloss
Thursday, October 30, 2003

> email the file. It has to pass through the ether anyway.

If it isn't too big. Many email accounts have limits to the size of individual messages, as well as total mailbox quotas. If your attachment is, say, 100mb, this option won't work.

> start a FTP/HTTP server, mail the location. SSL- or SSH tunneling for bonus security points...

Yeah, my Mom sure would be able to do that. Scratch that for any person who isn't above-average comfortable wil computers.

> or, even better, if I have a server (which is not the computer I work from), I can upload it there and assuming the other person has user access on the server, just post the location.

Again, my Mom would never be able to do that. Also, you're missing a lot of steps if you want to send a folder structure of files: you need to compress them (with, say, WinZip). You need to upload it. You need to figure out what the URL is, then paste that into the email. The person at the other end needs to click on it, or, in many email clients, they need to copy and paste the link into a web browser. They then download the file, and then have to unzip it (or, if it's self extracting, they need to understand that they need to specify a place to extract it that isn't the temp folder before hitting "UnZip".

All of this to too much work and too much hassle for the target market of Tokens. Like I mentioned to someone else, if you think that the above is easier than using tokens, you need to define "easier" for me, because you're not talking about the same thing that I am.

Big crazy note: YOU are not the target market. MY MOM is.

Finally, yes, there is the potential for a security hole, but that doesn't mean there is one for sure. Everything you use from Notepad to VI to Excel to Windows to Mac OS X to Linux to FreeBSD all have potential and actual security holes. That doesn't stop you from using them, does it? Geez... FUD much?

Tim Sullivan
Thursday, October 30, 2003

There is quite a difference between some app that is insecure like notepad (haven't heard of any in that but I wouldn't be surprised...) or vi or Excel or whatever and starting a whole _service_ on your system. See, you can exploit a security hole in an application only once you alread have some sort of access to the machine. But a service will offer you the chance to hack into a machine in the first place.
I won't argue that this toke thing is somehow a good idea (I won't hold my breath, but I cannot discard it either), but it is targeted towards our Mums and Dads - and they might be happy to use it, but will never ever understand what kind of a risk it adds to their boxes. So after you have spent hours and days to make their windows box secure and shut down all unsecure services, they will start this thing and 'are back in business'...

whatever
Friday, October 31, 2003

Tim: You're right. Thanks for your not so crazy note. Your mom would not even want to *know* what an ftp server is.  My mom would not even want to think of it.

However, the target group wants to *Send a file*. Nothing less, nothing more. I still think that adding a function in your preferred mail client to send only a link to the file (and transparently open a "share" to give access to the person) would solve the problem with less hassle.

Andre Kloss
Friday, October 31, 2003

Oh, and to clear further misunderstanding, by a "link" I don't mean something like "http://miside.org/myfile.doc", but one of those ".lnk"-files that you can click on. That way, the difference could even be made transparent to the "person on the other end".

Andre Kloss
Friday, October 31, 2003

Tim,
      I don't know if you're selling the program, or maybe you've got shares in the company, or maybe your Mum developed it :)

      However you're sales spiel is muddying the waters. First of all as Andre pointed out, the target is the person that wants to send the file, not the person that wants to receive it.

        This comment of yours --"(or, if it's self extracting, they need to understand that they need to specify a place to extract it that isn't the temp folder before hitting "UnZip"."---- is just plain wrong. When the sender packages the seflf-extracting file he can package it to run, open the folder in an explorer window, save itself the the MY Documents folder, or My Pictures or my Musio folder, or whatever. Unless the program you're hasking allows the file to download itself to your Mum's sofa, and make her a cup of tea while it's at it, she is still going to have to decide on a location to save the file.

Now there are going to be users for whom it is worth $50 to send the file; small software companies and graphics companies spring to mind - but in general the sender (who is the purchaser of the program) is going to be techncally proficient

Stephen Jones
Friday, October 31, 2003

Stephen,

I don't work for the company, I just think that people are missing the point. This is a cool idea that does a simple thing really well, and is, no matter what anyone else says, easier than the alternatives.

Also, I use my mom as an extreme example. However, when it comes to sending files, I know an awful lot of people who, while they can use MS Word and Excel like a master, they cannot figure out moving, copying, or arranging files. I suspect that there are a lot of people who need to send large files that usually have to call in an IT savvy person to help them when the file they try to send gets rejected because of size.

Point: Not everyone who needs to send files has any idea what they're doing. The target market is THESE people. That's wonderful that you can send a URL. Good for you! But you're not in the majority, not by a longshot.

Tim Sullivan
Saturday, November 01, 2003

Are these guys going to pay out $50? Is it stated clearly that the system is for home users with 24/7 connections only?

My experience most time people want to send large files it's from work, so the program won't work. And those that are doing it from home to home can use IM.

The market appears to be pretty small to me.

Stephen Jones
Saturday, November 01, 2003

Stephen: Yes. My company is seriously considering purchasing the server-based system for our office because we're tired of talking people though unzipping things at a support level, and it also makes life easier for us than sending URLs. And we're a company of software developers.

Now, if we were a graphic design firm, this would be a no-brainer.

Also, you've mentioned this "24-7" thing frequently, but I don't see that as a problem. Most people I know already have their computers on 24-7, and in the case of the server setup, you don't need your personal machine on 24-7 at all. Only the server, which should be on all the time anyway.

Tim Sullivan
Saturday, November 01, 2003

---"MY COMPANY is seriously considering purchasing the server-based system for our office---

Tim, you keep shifting the goalposts. You were talking first about your mother receiving files, then about your brother (or some other tech guy) sending files, and now we've got to your company as the customer.

I've never denied that many SME's with specific needs, (Joel and Albert's for example) would find the software well worth the $50. I just doubt very much that there are enough to justfiy the phrase "take off like wildfire".

Stephen Jones
Saturday, November 01, 2003

Actually, I was talking baout my mother sending the files, but not in this thread, admittedly.

Will people pay $50 to use this? Sure. Though I suspect more would if there were other companies other than Creo offering it. If, for example, it was a standard, in the way that ZIP is a standard.

For the record, I never said (or agreed) that it would take off like wildfire. All I said was that it's easier than any other way to do it, hands down, and that it's worth $50 to be able to do it this way.

Tim Sullivan
Saturday, November 01, 2003

Hi again, folks. Had a good weekend? ;)

If your company wants to putchase this stuff, feel free to do it. I, however, will not use it, and I think that my alternative (see my last comments) is still better.

That said, I wanna spread some more FUD:

a) What if the recipient runs on some *nix (for the tech) or Apple (Apple IS gfx, isn't it?) - does this token thing run there, too? If this company really has a self-porting programm, it would be worth more than 50 bucks, because writing a program to be binary compatible with all systems is fairly impossible.

b) If you are a non-tech-person, you'll not gonna have your PC running 24/7. What does the token do if the file is unavailable?

c) If this spreads like "wildfire", can we expect a "token" worm sometime soon? ;)

Andre Kloss
Monday, November 03, 2003

*  Recent Topics

*  Fog Creek Home