Tag: Web Development

Categories
Accettura Media Internet SafePasswd.com Web Development

Introducing SafePasswd.com

SafePasswd

I don’t think I’ll ever get tired of tinkering. Way back when, I wrote a script to help me generate cool random passwords. I thought people wouldn’t mind one that didn’t suck… so recently I got to work on that.

The site is still in beta, and quite a few things aren’t quite done yet, and some things are still being tested out. There will be advanced options to further customize password creation, as well as some API’s for those who want to quickly plug in automated password generation into their “Web 2.0” applications. Those will be coming in the near future.

So check it out, and let me know what you think. It’s designed to be simple and helpful. It’s not Google and it’s not Digg. Just trying to make online life a little simpler.

Categories
Open Source Programming Security Web Development

Enhancing Security With Nonce

A little while back I read about how WordPress was implementing Nonce to help enhance security. What I like about this technique is that it doesn’t rely on referrer checking (which is faulty at best).

Today I implemented that on a project I’m working on, rather similar in style to WordPress. I think overall it’s a better approach to referrer checking. It seems the nonce approach is actually quite popular on the web looking at commercial sites, but not a technique often talked about.

Well done by the WordPress team. My implementation is pretty similar to theirs (my variables and salting is a little different based on the app) since it was pretty hard to improve upon. Not sure how long to make the Nonce, so I stuck with 10, which is what I believe they did as well. Not sure if I should go with something longer.

One of the great things about open source is the discussion of best practices and techniques. It also benefits closed source projects who can gain influence and knowledge from those discussions.

Categories
Internet Web Development

Good Sites Bad Design

This article tries to explain why some websites with really ugly designs do so well regarding usage. I think it dances around the reality of the situation. These sites are ugly because they weren’t professionally designed. They were implemented to be functional and to get into the marketplace (budget/time/resource limitations). The reason they are successful is because they were either: innovative, viral (word of mouth), or just plain useful.

Design doesn’t make or break a website, the ability to expose usability and functionality of your product in a way the user can grasp with minimal effort is what ultimately is important.

The sites mentioned (Craigslist, MySpace, and Google) all have rather humble beginnings. None were started by the big companies. They were created people with an idea, not a design.

I guess it’s all about how you view things. You can either be vein, or be functional. In my opinion the gifted are the ones who are rather balanced between the two.

Categories
Personal Programming

Quieter Times While Coding

Since school is done (just waiting for grades, and a piece of paper to make me an official college grad), I’ve been poking on job sites. I’ve also been coding away for a few days now making good progress, on a yet to be announced project.

So things may be a little quiet.

Categories
Blog

Words of Wisdom

I accidentally turned off my “words of wisdom” on the sidebar of the homepage a few weeks ago… it’s back in all it’s glory, plus a few new quotes.

Categories
Internet

Private DNS Address Space

RFC 1918 defines the following IP blocks as designated for private intranets:

10.0.0.0 – 10.255.255.255 (10/8 prefix)
172.16.0.0 – 172.31.255.255 (172.16/12 prefix)
192.168.0.0 – 192.168.255.255 (192.168/16 prefix)

I think it’s about time we have the same thing for DNS, for example:

.dev
.intra

The logic is as follows.

.dev for intranet based development instances of a site. For example this website’s dev instance on my intranet is robert.accettura.dev.

.intra for intranet URL’s such as yourdomain.intra. This can be used for any intranet purpose (internal homepage, email system, blogs, wiki, etc.).

This is a much more logical system than using intranet DNS servers to hijack a domain for internal purposes, or reserving subdomains for the purpose.

Someone should go pester ICANN about such a standard. Btw: .local is stupid, if it’s local, it’s localhost.

Categories
Google Web Development

Google Web Authoring Statistics

Google has some great Web Authoring Statistics. Very cool stuff.

Categories
Blog General

Site Maintenance

Like every good master, did a little site maintenance. Well, quite a bit actually. Most shouldn’t be visible (just yet). If you notice any problems let me know. I did correct a few pesky things, but you never know what may come up.

Had a problem with trackbacks not working, though that should be resolved now.

Categories
Web Development

AJAX is so much fun

Took a little time today to do some AJAX programming. So cool. I’ve got some neat stuff here. Hopefully in coming months I’ll be showing some of it off.

Well, that’s about it for now, a little busy with school work.

Categories
In The News Mozilla Tech (General) Web Development

Top 20 IT mistakes to avoid

From InfoWorld’s Top 20 IT mistakes list:

11. Developing Web apps for IE only

Despite the fact that mission-critical applications continue their march onto the Web browser and that Windows continues to dominate the corporate desktop, Web developers should avoid the temptation to develop applications only for bug-ridden IE. IT shops that insist on using IE for Web applications should be prepared to deal with malicious code attacks such as JS.Scob.

First discovered in June 2004, JS.Scob was distributed via compromised IIS Web servers. The code itself quietly redirects customers of compromised sites to sites controlled by a Russian hacking group. There, unwitting IE users download a Trojan horse program that captures keystrokes and personal data. Although this might not sound like a threat to corporate IT, keep in mind that employees often use the same passwords across corporate and personal assets.

Many enterprises may not be able to avoid using IE. But if you make sure your key Web applications don’t depend on IE-only functionality, you’ll have an easier time switching to an alternative, such as Mozilla Firefox, if ongoing IE security holes become too burdensome and risky for your IT environment.

I’m upset they didn’t mention that failure to be compatible on your website will get you on my naughty list. Oh well.

The whole list is very good, I’d strongly recommend anyone interested in IT read the complete article.