Buying Lotion on Amazon.com

Posted on 11 June 2017 in Asides • Tagged with amazon.com, finance, online shopping

Amazon.com's Aveeno purchase options.

I was recently shopping online for a specific type of lotion (my skin seems to hate all other types). I am somewhat predisposed to avoid Amazon.com because its size and increasing dominance of online shopping concerns me as it moves closer and closer to "shopping" (in the sense that "searching" means Google to most people). However, my biggest reason for avoiding Amazon.com is simpler: it has become incredibly confusing to shop there. Searching for just about anything will yield thousands of results and it takes (me) a lot of effort to determine which one is appropriate. This can be a great thing in a lot of cases, but more often than not it feels more like navigating a minefield of deceitful listings than comparing competing products.

This lengthy post evaluates one example - Aveeno "Daily Moisturizing" lotion. As with most personal care products, when searching online I pull up a couple of websites to compare prices. In this case I pulled up Amazon.com last, searched for "Aveeno" and was impressed to see just what I was looking to compare (the 18 oz., non-SPF version) as the first result. I clicked through and, curious to figure out the price per ounce, looked to the "add to cart" area. What are are my options?

  • Sizes select list with 37 sizes.
  • Styles (??) select list with three styles.
  • "Subscribe & Save" (pre-selected) and "One-time purchase" radio buttons.
  • "Qty" select list.
  • "Delivery every" select list (2 months pre-selected).
  • "Subscribe now" button.
  • "Add to List" button.
  • Three "Add to Cart" buttons with different prices.

Well, this is going to be complicated...


Continue reading

Yes This Is A Really Long Request URL

Posted on 20 April 2017 in Asides • Tagged with apache, logs, security, vulnerabilities

Yesterday, while reviewing some logs I came across a curious entry in an Apache error log:

[Wed Apr 19 08:51:48.119666 2017] [core:error] [pid 29210] (36)File name
too long: [client 137.226.113.7:40907] AH00036: access to
/YesThisIsAReallyLongRequestURLbutWeAreDoingItOnPurposeWeAreScanningForR
esearchPurposePleaseHaveALookAtTheUserAgentTHXYesThisIsAReallyLongReques
tURLbutWeAreDoingItOnPurposeWeAreScanningForResearchPurposePleaseHaveALo
okAtTheUserAgentTHXYesThisIsAReallyLongRequestURLbutWeAreDoingItOnPurpos
eWeAreScanningForResearchPurposePleaseHaveALookAtTheUserAgentTHXYesThisI
sAReallyLongRequestURLbutWeAreDoingItOnPurposeWeAreScanningForResearchPu
rposePleaseHaveALookAtTheUserAgentTHXYesThisIsAReallyLongRequestURLbutWe
AreDoingItOnPurposeWeAreScanningForResearchPurposePleaseHaveALookAtTheUs
erAgentTHXYesThisIsAReallyLongRequestURLbutWeAreDoingItOnPurposeWeAreSca
nningForResearchPurposePleaseHaveALookAtTheUserAgentTHXYesThisIsAReallyL
ongRequestURLbutWeAreDoingItOnPurposeWeAreScanningForResearchPurposePlea
seHaveALookAtTheUserAgentTHXYesThisIsAReallyLongRequestURLbutWeAreDoingI
tOnPurposeWeAreScanningForResearchPurposePleaseHaveALookAtTheUserAgentTH
XYesThisIsAReallyLongRequestURLbutWeAreDoingItOnPurposeWeAreScann failed
(filesystem path '[...]')

Formatted to plain English: Yes, this is a really long request URL but we are doing it on purpose. We are scanning for research purpose. Please have a look at the user agent. Thanks!

What does the user agent for this request have to say?


Continue reading