Launching FileZilla several times a day and getting this warning every time the app starts is very annoying.
I’ve checked the options and there doesn’t appear to be any way to turn the damn thing off, which is a total fail. Most of my file transfers are quite small, so this issue doesn’t affect me much and I don’t need to see this warning every time. Sheesh.
I’ve recently been unsubscribing from newsletters and other irrelevant email.
It’s surprising how many website have completely broken systems for unsubcribing from their email communications. One particular annoyance is having to sign in and click through several screens to change email preferences.
Here’s a completely broken message I came across recently when unsubscribing.
“If the box below is unticked then you are unsubscribed. If it is ticked then you are subscribed. To change your subscription please tick/untick as appropriate and click the Update button below.”
These types of messages show completely disregard for the user experience. There’s much easier and user-friendly ways of implementing email unsubscription, and if you need to include a paragraph of instructions to explain when to check or uncheck the box, it’s broken.
Don’t make me think: A common sense approach to web usability is a great book discussing these types of errors and how to avoid making them.
This Sprint commercial is very cool.
It tells us 233,000 people just posted something on Twitter… It seems like Twitter is unstoppable, though it’s been very slow the past few days, and I’ve been seeing the famous fail whale a lot more. Thought their scaling and performance issues were behind them, but apparently not.
As for Sprint… I’m not planning to leave AT&T anytime soon. Love my iPhone too much, though I’m keen to see if the Palm Pre lives up to the hype.
Smarta.com has a great interview with Theo Paphitis. I’m not sure if I believe the story about trying out the parachute idea with a sack of potatoes first, but he makes a good point about taking calculated risks.
Unfortunately, Smarta.com doesn’t offer any way to embed the video, so you’ll have to visit the site to watch it.
This is something I quickly created during a couple of hours this weekend. It’s an about page for ASP.NET web applications, which lists some basic application and dependency information. The dependency information is read by checking the bin folder for DLL’s, and then listing them. Clicking on a file lists the information.
It can still do with some improvement. For example, if there’s a long list of assemblies in the left hand pane, clicking on a pane will cause a postback and the scroll position is lost. Ideally, clicking on a filename should do an AJAX callback to get the assembly information and then populate the right-hand pane, which would get around this issue.
Download it [704k]
It appears that Monster.com has been hacked again, with all 4.5 million users of the website affected. They’ve been advising their users to change their passwords, so it appears that they’ve made the mistake of storing passwords in plain text.
As Coding Horror says, you’re probably storing passwords incorrectly, and offers the following advice:
In summary, if we’re storing passwords, we’re probably storing those passwords incorrectly. If it isn’t obvious by now, cryptography is hard, and the odds of us getting it right on our own are basically nil. That’s why we should rely on existing frameworks, and the advice of experts like Thomas. What higher praise is there than that of praise from your sworn enemy?
- Do not invent your own “clever” password storage scheme. I know, you’re smart, and you grok this crypto stuff. But through this door lies madness– and abominations like LMHash that have ongoing, worldwide security ramifications we’re still dealing with today. Take advantage of whatever password storage tools your framework provides, as they’re likely to be a heck of a lot better tested and more battle-proven than any crazy scheme you and your team can come up with on your own. Security vulnerabilities, unlike functionality bugs in your application, run deep and silent. They can lay dormant for years.
- Never store passwords as plaintext. This feels like security 101 and is completely obvious in retrospect. But not everyone knows what you know — just ask Reddit. Store the hashes, never the actual passwords. Educate your fellow developers.
- Add a long, unique random salt to each password you store. The point of a salt (or nonce, if you prefer) is to make each password unique and long enough that brute force attacks are a waste of time. So, the user’s password, instead of being stored as the hash of “myspace1″, ends up being stored as the hash of 128 characters of random unicode string + “myspace1″. You’re now completely immune to rainbow table attack.
- Use a cryptographically secure hash. I think Thomas hates MD5 so very much it makes him seem a little crazier than he actually is. But he’s right. MD5 is vulnerable. Why pick anything remotely vulnerable, when you don’t have to? SHA-2 or Bcrypt would be a better choice.
I’m sure we’re all guilty of building systems where we’ve stored passwords in plain text, but this is definitely something we need to stop doing. With ASP.NET, there’s lots of useful crypto functionality built in, and there’s no excuse to not be storing passwords in an encrypted format.
From a user perspective, it’s also becoming increasingly important to not use the same password, or even tiered passwords, with any web-based systems as the risk of one badly designed system being compromised can cause lots of problems and require lots of time and effort to resolve.
As it’s impossible to remember all different passwords, there’s lots of good password managers out there to help. KeePass is a good one, but doesn’t integrate with your web browser, which can involve lots of alt+tabbing between windows to copy and paste passwords. It’s got a form filler feature, but I’ve found it doesn’t work that well for me.
There’s also Roboform, which integrates directly with the browser. The free version is a bit limited, but the pro version is inexpensive at $29.95.
Similar to Roboform, there’s LastPass. This is a free alternative, and installs toolbars into Firefox and Internet Explorer, allowing easy login to websites. Passwords are also synchronized across all devices, making it useful for people using multiple computers (ie. PC and laptop, work machine, etc).
For those websites which require users to sign-up for no apparent reason, use bugmenot.com.
I’ve had the iPhone 3G for a week now, and despite a rocky start, I’m fallen in love with the device. First the bad parts…
iTunes sucks, really. Getting it to install on Windows XP x64 requires jumping through several hoops. Apple makes this even harder by trying to be too smart on the download page and only allowing you to download the version they autodetect – so you can’t even download the x64 version if they don’t automatically detect that you’re using an x64 OS.
Once iTunes is installed (on x64), there’s an annoying dialog box which pops up every time you launch the application, complaining about a problem with the CD ripping functionality, though this can be fixed by copying some drivers to a different location on the hard drive.
The first thing I did after hooking up the phone was attempt to update the firmware to 2.0.2 (the phone came with 2.0.1). After installing the update, the phone reboots and Windows was unable to recognize it. Attempting to manually set the driver resulted in no progress, and the phone was stuck displaying an image of a USB cable and iTunes on the screen.
Eventually, I had to resort to installing iTunes on a Vista x32 machine. Plugging in the iPhone and loading up iTunes allowed the firmware update to complete and get the phone back to a working state.
If you’re using XP x64, be careful. Without an x32 machine to hand to sort out the firmware update, I’d probably be in trouble and have a useless phone. In a virtual machine, windows wouldn’t even recognize the iPhone being plugged in, so that may not be an option either to get things working.
I’m generally not an iTunes fan, and haven’t used it in years, instead opting to use MediaMonkey to manage my iPod. Unfortunately, it’s not compatible with the iPhone (yet).
There’s also various other companies out there offering software to copy content to/from apple devices. Both Imtoo and Xilisoft offer such software, though these are not yet compatible with the iPhone 3G and will corrupt the device. Unfortunately, this information isn’t on their website and I ended up bricking my iPhone requiring a full reset. They are working on an update, so hopefully we’ll see something from them soon.
The battery life is also a little on the weak side, though I’ve found it’s greatly increased once push email and 3G are turned off. I’ve been using EDGE for the past few days and it’s perfectly usable for most tasks. Turning on 3G and WiFi is relatively easy and can be done when carrying out more data-intensive tasks like downloading apps, surfing the web for prolonged periods of time, etc.
Apple have also crippled some of the features. Unlike other phones, the iPhone doesn’t allow mp3’s to be used as ringtones, and there are some more hoops to jump through to get these working. Typically, this involves importing the audio into iTunes, limiting to 30 seconds, converting to AAC, browsing to the file in Windows Explorer, changing the file extension, and importing the new file into iTunes as a ringtone. Hopefully we’ll see some third-party software to streamline this process a little more and reduce the number of steps required to do this.
The Bluetooth functionality is also screwed up, with the only profile supported being the one for headset use. This means you can’t send contacts, pictures, audio, etc from your old phone or any other phone to your iPhone. If you’re not using any kind of PC synchronization and have a lot of contacts, you’ll need to do this if you want to avoid wasting a lot of time re-entering all of your contacts manually.
(There’s a free app and service called Funambol which allows you to sync your contacts over the air, if you don’t want to sync using iTunes).
Hopefully Apple will fix this in a future update, as it’s a software restriction rather than a hardware one, but I wouldn’t bet on it. Apple are notorious for locking down their devices, and this seems like a brute-force method to force people to use iTunes for everything.
I’m against Apple’s methods to force users into the iTunes ecosystem, and look forward to Google Android. As Fred Wilson says:
Android powered phones, like T-Mobile’s Dream, are really mind boggling to me. When you can put any software on them you want, when you can hack the phone, when you can connect it to any carrier, when you can connect to any other device, the potential for the mobile phone/computer is limitless. I think the iPhone pales in comparison to the disruptive potential of Android powered phones.
But back to the iPhone… despite all of these negatives, it’s still a fantastic device and a pleasure to use. It’s probably the most advanced mobile phone (if you can even call it that) I’ve ever used and sets a new standard.
The variety of third-party applications available is also fantastic, and adds tons of features to the phone that would otherwise be unavailable. I’m personally using 30+ apps and am very impressed with the quality.
The interface and on-screen keyboard takes some getting used to, but gets easier after a few days. I’m still not as fast on the iPhone keyboard as I was using that of the T-Mobile Dash, but given time, I’m sure I’ll get close.
I’ve also got the Invisible Shield from Zagg. This is a bit more awkward to install than the videos would indicate, but it’s definitely worth getting the screen coverage as a minimum. I’ve got the full body kit, and there’s still a few air bubbles on the back, but it’s better than getting scratches on the device. I’m still waiting for my CapsuleRebel case to be delivered, which should offer complete full body protection on conjuction with the Invisible Shield.
A couple of days ago, Google launched their new browser, Chrome. They also released a comic explaining a lot of the logic behind the new browser and how it’s different from others.
Although I managed to install it on my XP x64 machine, the browser was too unstable to use. Browsing was fine, but any attempt to do anything other than browsing – such as bookmarking a website, viewing the options dialog box, etc - would cause the browser to completely crash.
After uninstalling, any attempt to re-install now results in an error, and installation halts.
Like various other applications (iTunes, I’m looking at you), it seems like Chrome wasn’t tested on XP x64 and simply isn’t compatible with this version of Windows. Hopefully Google will address this issue soon, as it looked promising and felt a lot faster in the brief period that I managed to use it. Can’t see it replacing my primary browser, which is still Firefox 2, but with ajax-heavy applications like Gmail being significantly faster in Chrome, there could be some benefit in using it for these types of web apps.
Ca Phun has a little more info on Google Chrome.
This is amusing. Apparently, there are some developers using PHP who want to use the ASPX extension instead to make their applications look more ‘enterprisey’.
[Via Mike Borozdin’s Blog]
A couple of useful SVN things which helped me out today.
If you need to remove SVN folders, John Galloway has a good registry hack to add an item to the Windows context menu to do this using the command line. Quick and painless, and should be part of TortoiseSVN!
Alternatively, you can just download the reg file directly.
The other thing I came across is the TortoiseSVN global ignore pattern on Donn Felker’s blog. Useful for ensuring that your source control doesn’t get filled up with files that don’t need to be in there.
My name is Munsifali Rashid and I'm the President of mLogix inc, a web development consultancy based in Orlando, FL which works with interactive agencies providing development expertise and technical consultancy.
I'm constantly in awe at the volume and quality of jQuery plugins and the fantastic things they can do. Awesome stuff.
Not sure what I think about the new GMail changes yet... The label dragging stuff seems kinda awkward to use.
Fortunately the phone number won't change, but won't have phone internet or internet access at my new place until next Wednesday.
Would've really thought that number portability wouldn't be an issue nowadays.
Hmm, Brighthouse are telling me I might not be able to keep my home phone number when moving apartment. What a pain.
According to the WSJ, in the 4 days since his death, US retailers have sold 415,000 MJ albums and there have been 2.3m digital sales.