sa110 (+2.0)
22/4/08 10:15PM |
Is this a Ghostscript based offering? Or something completely new with it's own PDF engine? |
fylfot (+6.3)
23/4/08 2:41AM |
I'll be interested to hear more about this as it's a complete mystery what this offers over Steve Fryatt's wonderfully elegant PrintPDF, which does exactly what the above does in a very user friendly way and without a price tag. R-Comp's web site talks of "install[ation] in just four clicks" which might be what you're paying for. If it turns out that this is the advantage, I'd recommend people read Steve's very simple installation instructions and save themselves £20.
Is R-Comp trying to make life easy for non-techies? If this is so, it is inexcusable that it continues to put its customers at risk of fraud - and especially its non-techie customers who perhaps are less aware of the dangers - by allowing people to submit banking information via an unsecure connection. I don't mean to appear grumpy, but having mentioned this before, knowing a victim of fraud, and the fact it's 2008, I just had to. |
hzn (+5.2)
23/4/08 6:05AM |
Yes, I'd like some more details too since creating PDF is by now not hard anymore - be it using Ghostscript, or PrintPDF. I usually use Ghostscript since with that I can first use psnup and psbook to rearrange the pages for booklet printing or the like. On the other hand R-Comp tends to offer good software so I assume that it does offer more than PrintPDF and some PDF viewer put together.
As for an ordering page with no https I suggest to order by e-mail:
1. put down the credit card details as draw
2. convert it to paths
3. store the file in a password protectd spark-archive (not a zip)
4. send order, the sparkive and the password in separate mails
That's not as secure as https but much better than http. |
VinceH (+1.0)
23/4/08 9:36AM |
When I spoke to Andrew (I think it was Andrew) by email about the non-secure ordering some time ago, he told me that they did experiment with secure ordering at one point, but it resulted in a drop in sales.
I'm not sure why that would be and it did surprise me (which I said to him in reply), but that's why they continue to have insecure ordering pages for many of their lines. |
rjek (+5.2)
23/4/08 10:15AM |
I'm mildly surprised that his bank hasn't chastised him about it: it's utterly and unforgivably lax. It would be much more responsible of him to accept any "drop in sales" (which I doubt would occur these days given all the browsers support SSL) simply for giving his customers (and himself) more security. There's simply no excuse. |
hEgelia (+2.0)
23/4/08 10:53AM |
Well, isn't that interesting? It strongly reminds me of their Audio CD to MP3 rip application 'MusicMan', which is based on freely available software (the Shine encoder, I believe). But if there's a market, if people want to buy it, then why not. However, there are some very real software gaps in this market and I'd prefer R-Comp would invest its time to try to fill some of them.
As for the insecure ordering page - I'm pretty amazed about that. Indeed I remember this very issue being discussed before at Drobe. I really wonder why R-Comp hasn't fixed it yet, since this is gravely irresponsible. Their site could do with an overhaul anyway, but a secure ordering page is the bare minimum. Like fylfot said, it's 2008! |
arawnsley (+1.0)
23/4/08 11:05AM |
A lot of commerical online systems end up sending details by email, which is insecure. So really, this thread is pretty stupid. We've had secure ordering for RCI products for a while now, and sales went down, as Vince said. Plus, web sales (even secure) account for, what, virtually NONE of business in the RISC OS market any more. But hey, you guys all know that, right? |
arawnsley (+5.2)
23/4/08 11:25AM |
Oh, and now there's an SSL version of the ordering page if you want it. I'll expect a flurry of orders. Cough. |
rjek (+5.7)
23/4/08 12:16PM |
In reply to arawnsley:
You seem to be missing the point. All the commericial online shopping systems (and the free ones) I have worked with have functionality to encrypt emails, or allow autheticated users to download them over HTTPS. Even the really rubbish ones. Infact, many banks these days require the retailer to have the information encrypted right up until it reaches their hands. Many banks won't even let you handle the information, and instead require to you use a payment gateway (such as Protx, Worldpay, etc) that your site redirects customers to, and they wire the money directly to you - you never have the secret information.
If you're so sure that virtually none of your business comes from your online sales, why you do insist on having such a dreadfully unsafe system to allow people to do so?
I suggest you talk to your bank ASAP about what requirements they have on your card handling with respect to where you get the details from: all the major banks in the UK have very strict requirements which your site currently disregards. |
fylfot (+5.2)
23/4/08 12:37PM |
In reply to arawnsley:
"A lot of commerical online systems end up sending details by email, which is insecure."
Which? I'd like to avoid these.
"Plus, web sales (even secure) account for, what, virtually NONE of business in the RISC OS market any more."
I always upgrade Artworks and Techwriter with Paypal payments. Very easy to use, secure, and quick for developers to set up. Mike and Martin both created similar pages:
http://www.mw-software.com/paying2.html
[Link: www.iconsupport.demon.co.uk]
I bought RiScript using a similar method which gave me instant access to the software (although, if I remember correctly, the manual part of this was a software key being e-mailed to me once the developers had checked they'd received the payment). !Organizer was also sold to me in this way. It cost something like £10 and I got immediate access once I'd paid online.
I think, actually, people are more likely to buy software (or anything, for that matter) if you make it really easy for them to do so and they get immediate access through an automated process.
Anyway, I've found your secure page at https://homepages.plus.net/rcomp/order/rcomp.htm The page before says "Alternatively, if you have trouble with SSL connections on your browser, you can visit our older ordering site". Could you change this to recommend people phone or send payment by post? We'd be making progress.  |
cables (+1.0)
23/4/08 12:38PM |
In reply to R:
Comp have an excellent track record of producing good-quality software, so I will have a look at this (can't come on Saturday). At first glance it's difficult to see what it offers me that I haven't already got with Techwriter and Artworks2, both of which I use to create PDFs. |
cables
23/4/08 12:39PM |
Strange formatting on my last post! I'm sure I didn't write it lake that! |
adamr (+1.0)
23/4/08 1:57PM |
In reply to arawnsley:
"Plus, web sales (even secure) account for, what, virtually NONE of business in the RISC OS market any more"
Um, yeah but there's a bit of a catch22 - if you don't have a half decent website (as you don't) it's hardly surprising that you don't get much business through it  I bet someone like mwsoftware have a different story to tell.
In reply to hzn:
I don't think you should be recommending "security by obscurity" as a solution.
Adam |
arawnsley (+0.6)
23/4/08 2:03PM |
You'd have got 404 errors earlier, so if you tried to order via the SSL page, please try again. This is what happens when people start hassling when I'm trying to finish 5 different products/projects for Wakefield.
PS, don't even get me started on the Paypal - those guys are... well... mother always said if you can't say something nice, don't say anything at all. |
hzn (+0.1)
23/4/08 4:02PM |
In reply to adamr:
True, it is kind of "security by obscutiry" but it's better than a completely unsecure http to order - me I'd never leave CC card details or such on there. And calling on the phone is a bit expensive with me not living in UK...
*In**reply* to *arawnsley*:
I agree with the odd suggestion here: offer http and https pages with links from one to the other and to esure no drop in sales make the http one the default and offer the https one near the top so it can be found easily. |
hzn
23/4/08 4:03PM |
oops somehow highlightin with somethig doesn't quite work ... sorry! |
liquid (+1.0)
23/4/08 5:45PM |
It is a legal requirement to have secure ordering now - both by the banks and the card companies. This is why I've invested in the online shopping resources I now have available.
Andrew's new products aren't on there yet - I'll wait until after Wakefield and update things then so if people want to order securely then go to www.liquid-silicon.com |
martin (+1.0)
23/4/08 9:44PM |
Re : don't even get me started on the Paypal
I added a few paypal buttons to the mathmagical website, which was remarkably easy to do, and have had a steady trickle of sales since. Best of all, I never see or have to handle any of my customers bank details etc.
I rate paypal highly.
The main annoyance with paypal is that amazon do not accept it.
Regards,
Martin. |
solrac (+1.0)
24/4/08 7:46AM |
If you want to know which PDF engine is used in PDFmaker, open the sample PDF with an editor and search for "Producer".
Nice after all this years, to have a secure order page. But it's true, you need also a secure way for the mail that is send by the page. One step is the secure configuration of Hermes (the reaon I bought NetFetch). The other step is between the web server and the mail server. The last is not in the hands of R-Comp. |
DS1
24/4/08 8:59AM |
In reply to martin:
A few years ago, before ebay too paypal over, paypal tried to rip me off. Long story. You couldn't pay me to use paypal any more.
Dave |
arawnsley
24/4/08 9:29AM |
In reply to DS1:
that actually happened to me last Sunday Early morning phone calls from bank/card company were not appreciated. However it is more the ethics of PayPal that I have issue with - some of their practises have left me down right disgusted, and I just don't want to do business with them. I know ethics and business have a rough time co-existing, but I have a clear choice on this one. |
rjek (+2.0)
24/4/08 9:37AM |
solarc: There is of course no need for mail to carry the insecure data at all. For example, given they're most likely using a CGI to drive the form anyway, the CGI dumps the sensitive information on the web server somewhere (if you're really clever, it does this by communicating to another process that writes the data as a file unreadable by the web server), and sends an email simply saying there are new orders waiting. Now, that data can be retrieved securely over SSH or SFTP, another web site with its own SSL, etc - there are dozens of perfectly secure possibilities that work with almost all commercial webhosters. |
fylfot
24/4/08 9:21PM |
In reply to arawnsley:
There are alternatives to Paypal, and most options will be far more secure than allowing your customers to submit highly sensitive information over insecure links.
"However it is more the ethics of PayPal that I have issue with"
It's hard for me to understand this because I've only ever had a reliable service from them, but I'd be interested to know what the ethical issues are so that I can reconsider things myself. |
fylfot
24/4/08 9:30PM |
In reply to arawnsley:
Okay, I googled Paypal and I've come across the "ethical issues".
Interesting stuff, because I wasn't aware. Still, there do seems to be credible alternatives. |
DrWhich
26/4/08 7:32PM |
It is true that PDFs can be produced via Ghostscript/PrintPDF. However, I remember that combo didn't work for me when I had a RiscPC. (Something to do with long filenames: I couldn't get !raFS and the like to function properly.) So R-Comp's new app could make life easier for some people. |
| Please log in to post a new comment |
A new program that can create PDFs on RISC OS hit the platform today in the form of PDFmaker by R-Comp. The application is part of the new PDFsuite, which was released this week and also includes a PDF document viewer that can print out documents. The collection costs just under 20 quid and will be on sale at the 