Press "Enter" to skip to content

Month: December 2007

Coding: Password Security in Cookies

December 22, 2007
Leave a Comment

Via boren.nu, I came across a nice detailed section on how to create a secure cookie and password system (which will be implemented in WordPress 2.4):

Cookies will be based on the secure cookie protocol described here. The cookie is structured like so:

user name|expiration time|HMAC( user name|expiration time, k)
where k = HMAC(user name|expiration time, sk)
and where sk is a secret key

The new cookie protocol will allow us to enforce expirations server-side, mass invalidate all cookies, and offer high-level confidentiality. Read the Liu paper for details on the protocol… …In conjunction with the new cookies, password hashing will be improved by moving to phpass. phpass provides password stretching and salting. These make brute-forcing your password hashes impractical should someone get access to your database.

Net: Paypal Fee Calculator

December 21, 2007
Leave a Comment

Do you trade on Paypal at all? If so, you may find taking into account the transaction fees Paypal charge into your product price difficult. Not to fear though – I’ve come across a Paypal Fee Calculator site which will do it all for you. It’ll calculate the different fees in affect in the different countries Paypal operates – and even which level of “Merchant” you are in Paypal: and it’ll tell you how much you need to charge (or will receive) to take into account the fees.

It doesn’t do currency conversions yet, but it’s a good system to use (if you don’t mind all the complaints about Paypal.

Techy: 10 Absolute Nos! For Freelancers

December 20, 2007
Leave a Comment

Wake Up Later has a list of 10 Absolute “Nos!” for Freelances which include (with my comments):

  1. Can you show me a mock-up to help us choose a designer/developer?
    When I worked for a web hosting company, we did waste a lot of time doing web site designs for people as “mock ups” and a few times we did see the ideas “recycled” in their finished design even though they hadn’t paid us. The percentage of “mock ups to completed projects” was quite low as well – meaning wasted time. Oh – and the number of people that said “I don’t like that mock up, can you do another”… Grrr… On the plus side, I’ve just realised that an insurance company that I wrote the billing system for nearly a year ago whilst at my previous employer is still in use, despite the pet insurance company having very little (if anything) to do with my previous employer now. Go me!
  2. Can you give us a discount rate?
    Am I the only person in the world that thinks “The price you see is the price you pay”? You don’t expect Tescos or Sainsburys to “haggle” the price of your food do you? Well, don’t expect web designers, programmers, hosting companies etc to do the same!
  3. Will you register and host my site?
    I slightly disagree with this one – the designer will be able to register the domain name and host it with a third party: but as long as they make it totally clear they are just performing the “payment side” of things and the client needs to contact the appropriate company if there is any “non-design/code” issues then it should be ok.
  4. Can you copy this site?
    Straight coping is a “no-no”, but trying to get a “similar look” to a site isn’t too bad. I.e. if you are doing a shopping cart: do you like the look of Amazon, Tesco, Play will help speed the design work along.
  5. Can I pay for my e-commerce site from my website sales?
    A big no from me here as well! If the designer/freelancer says to the customer “I’ll do it cheaper if you’ll split the sales” that means the designer/freelancer thinks the customer has a very good ideas. However, if the customers asks for it – then the customer must think it’s not such a good idea and hence doesn’t really want to risk their money.
  6. I have a great idea. Do you want to…?
    To me, this’ll depend on the circumstances. If they came to me (as a programmer) and said they’d like to partner for me and they can supply the design and backend content, and I’ve got to figure out how to get the content online and handle the promotion of it – then I may do. However, if it’s a case of “I want a shop to sell books via Amazon. I can design the site, can you do the back end…” then IMHO they won’t be contributing that much to the project. If they added their own book reviews then that’s another kettle of fish.
  7. Do you have an IM account?
    I’ve practically given up on IM clients (such as Yahoo, AOL, MSN Messenger and ICQ) mainly because of the Spam (Yahoo especially) and the fact that when I am logged in I’m not always available to chat (away from the machine) or I’m busy working on something. I tend to have my PC on a “always ready” state (i.e. text edit, browsers etc already loaded and positioned) so opening and closing Trillian (which I used to use to log me into all the different networks) will be an extra thing to remember…
  8. Can I just pay the whole amount when it’s done?
  9. Is there any way you could get this done tonight or this weekend?
  10. Can I be sure you won’t use this work in anything else?
    I tend to do the same as Samuel (the other of the original post) in that “(1) their code has utilized code from other projects which I haven’t charged them for, and (2) I will probably use code from their project on other projects, and (3) they own the code and implementation of the project (finished website), but not the actual code pieces (login system, image uploader, etc.). I pride myself in productivity and speed, and I need to use other code all the time to accomplish this.”. However, in most circumstances I do “copy my own code” but in a slightly different manner – so the “jist” of the code may be the same, it’ll be slightly different for each implmentation.

Techy: The Season To Do Tech Support

December 19, 2007
Leave a Comment

From my current webhost’s blog – an article about it “being the season to do tech support and how we techies do seem to spend our “downtime” (such as weekends, Christmas, Easter etc) fixing other peoples computers.

I can guarantee that any weekend I go around to see my parents, I’ll spend an hour “optimising” my Dad’s PC (antivirus checks, Windows updates, spyware removal etc etc) – and the only reason I don’t think I’ll be doing the same this Christmas is as I’ll only be doing a “flying visit” for around an hour before I go off to my Partner’s parents.

Joke: Airlines and Operating Systems

December 19, 2007
Comments closed

Tension Not.com has some very funny analogies of how airlines would operate if they were ran the way operating systems (such as Windows, Linux and Mac) do. Here’s just two examples from their list:

Mac Airlines
All the stewards, captains, baggage handlers, and ticket agents look and act exactly the same. Every time you ask questions about details, you are gently but firmly told that you don’t need to know, don’t want to know, and everything will be done for you without your ever having to know, so just shut up.

Windows Vista Airlines:

You enter a good looking terminal with the largest planes you have ever seen. Every 10 feet a security officer appears and asks you if you are “sure” you want to continue walking to your plane and if you would like to cancel. Not sure what cancel would do, you continue walking and ask the agent at the desk why the planes are so big. After the security officer making sure you want to ask the question and you want to hear the answer, the agent replies that they are bigger because it makes customers feel better, but the planes are designed to fly twice as slow. Adding the size helped achieve the slow fly goal.

Once on the plane, every passenger has to be asked individually by the flight attendants if they are sure they want to take this flight. Then it is company policy that the captain asks the passengers collectively the same thing. After answering yes to so many questions, you are punched in the face by some stranger who when he asked “Are you sure you want me to punch you in the face? Cancel or Allow?” you instinctively say “Allow”.

After takeoff, the pilots realize that the landing gear driver wasn’t updated to work with the new plane. Therefore it is always stuck in the down position. This forces the plane to fly even slower, but the pilots are used to it and continue to fly the planes, hoping that soon the landing gear manufacturer will give out a landing gear driver update.

You arrive at your destination wishing you had used your reward miles with XP airlines rather than trying out this new carrier. A close friend, after hearing your story, mentions that Linux Air is a much better alternative and helps.