Archive for June, 2006

So much going on…

Thursday, June 22nd, 2006

There’s so much going on lately that I really can’t keep up. To make matters worse it’s also damn hot around here. So these are some of the links missed in the last couple of days:

There’s actually more but…

@media2006 report (part 1)

Sunday, June 18th, 2006

As I already said in the blurps I was at @media 2006 this week. It was absolutely amazing. I had that ‘5-year-old-kid-rush’ seeing all these people I read about and respect. Then I managed to take it all in and actually talk to some. I met a bunch of people who were really nice. Even though there was 800 attendees it was quite cosy on the parties. All in all it was a great experience.

The conference itself was great too. Amazing speakers with great topics. Mostly what I got was a confirmation that I am on the right path and I also got some new information. I’m sorry I missed Nate Koechley’s Yahoo! vs. Yahoo! – I hear it was amazing. Hopefully the presentation will be online soon.

I guess I should start off at the first day. Not the first day of the conference but instead with the pre-party. It was held in The Feathers on wednesday evening. Parties are where it all happens.

At first it was a bit weird – I knew nobody and most of them were grouped up in what seemed to be company based groups. After some wandering around and a pint of Stella I met Christoph from Germany and another guy from the Netherlands (sorry, I forgot your name, didn’t get your card). We chatted for a bit and as I was about to leave I met more interesting people outside. One of them, Ken Himschoot, actually took a picture of me and posted it on Flickr.

Ken introduced me to Glenda and they were both trying to convince me to come to Texas for the next SXSW conference. We’ll see, but it’s still in US. Maybe after I get fingerprinted by my own country. At the party I also saw Eric Meyer, Richard Rutter, Peter Paul Koch and a bunch of other great people.

To be continued…

@media

Tuesday, June 13th, 2006

I’m off to @media to win my Playstation 3. If you’re there say hi (and act like you know who I am). I’ll be wearing these.

This page contains both secure and nonsecure items

Friday, June 9th, 2006

Sometimes creating a secure page is easy – you just change the http to https and you’re done. On other times you open the page in Internet Explorer and it starts complaining about unsecure items on the page. It’s annoying because many users get scared away thinking something wrong is going on. Or it’s just annoying since you don’t want to click ok every time you load a page.

To remove this alert follow these simple rules. After you do something reload. If there’s no more alerts you succeeded. Otherwise go on. If you get in a jam leave a comment and I’ll try to find one and add a rule.

  1. Change all http:// resource links to https://. The doctype is not a problem. All others (images, css, javascripts, iframe pages) should be https://.
  2. Change all about:blank links (yep, these are unsecure) to a blank file that exists and is a https:// link.
  3. Install Fiddler and check if there are any hidden requests to http:// (it won’t show https:// requests with the default setting). Change them to https://
  4. Check if any iframes have # for src or the src is left blank. Change them to something that is a https:// link and exists. Looks like # is actually an alias to about:blank.
  5. Find any resources that return an error (404, 500). This one is tricky since it’s not really easy to set up an SSL proxy. Try checking the server’s access logs.

The trick behind these is that any data that comes from an unsecure source triggers the alert. Unsecure data might come from a http:// link OR a built in page. Built in pages are for example about:blank. BUT what you wouldn’t expect is that also Explorer’s built in error pages are unsecure. So if you get a 500 or 404 error and Explorer decides to display its internal error message you will get an alert.

This might not be all but I think it should be enough.

Abstracting passwords

Wednesday, June 7th, 2006

Joel was saying something about the abstraction that goes on in a company that most people don’t see.

Recently we had some decisions made at the company I work for that show some people here have no idea how to make things easier for developers. One of the things that cost a few minutes on every login (and I do it quite often since I lock the computer often) is changing the password on a certain time interval. This never works and I have no idea why administrators really insist on this. Either they have no idea what people are doing about it or they’re just ignoring it.

Let’s see how it works. You get an alert that tells you that you’ll need to change your password in the next week or so. You decide to do it now. First thing most people try is to add a number. If this works we have a number added to the old password that doesn’t make it any more secure. If the system does not allow similar passwords we have a few other scenarios.

  • The first option is to change the password many times so that the system forgets what you’re actually changing and then go back to the old password. Not secure.
  • Another one is to use things you see from your workplace as a password (for example monitor model name, poster in the back,..). This is not secure either but might work if the cracker doesn’t know where you work.
  • The next option is that you try to think of a new strong password. You’re going to forget it or you’ll have to write it down. At best you’ll write it down on your phone or PDA. Not that secure either.

There are of course other options – you might actually be able to remember the new password. Congratulations, you’re a rare kind.

Whatever the argument for this I still can’t remember the password and I’m losing time, concentration and nerves everytime I enter my previous password instead of the new one.

A different inspector

Monday, June 5th, 2006

This is so amazing I have to post it here. It’s an HTML visualizer that looks good and can give some information about the structure of the selected page. Found via Em3r10 via /devel.