Sun Sep 30
I’ve been doing a bit of reading lately about the correct way to store passwords, normally in a database. Obviously keeping passwords in plain text (i.e. no encryption) is A Bad Thing for obvious reasons. We’ve all done it at some point, but now is the time to stop.
The secret to getting over the “dunce” level of securing passwords is to use more than just a hash of a password, and instead throw a little salt into the recipe. A salt is basically an extra ingredient that mixes up your hashes and makes them bitter to crackers. Am I taking the analogy too far? Yes, yes I am.
So, I suggest the following (this is in PHP):
md5(md5("password") . "password");
Why? Well, it’s really easy to understand and implement. It means you don’t have to store the salt for your hashes anywhere - the password generates it’s own. Plus every salt is different. Plus it’s a constant length.
I’m not pretending it’s the most secure way in the world to store passwords, but for a better-than-average method it’s pretty good. Or I think so, at least. Any comments?
Thu Sep 27
True to my musical roots I’m a subscriber to New Music Strategies, a blog written by Andrew Dubber who certainly knows his stuff about the way the music business is changing. And, more to the point, how it’s not changing fast enough.
A recent post from him had this great quote:
Customer loyalty increases exponentially relative to the degree to which you make them feel important.
Absolutely. A few of the ways you can make customers feel important are:
- When they ring up, have a human answer the phone
- Be courteous and helpful
- Respond to enquiries quickly
- Trust what they say
How many companies fail in these simple points? Too many. What other ways have you been made to feel special - or been made to feel awful - by companies you’ve dealt with? What’s your top example - and worst gripe - with companies dealings with you?
Sun Sep 23
It’s been increasingly obvious to me over the last few years that a lot of businesses fail to prosper because they get one major thing wrong: they hire the wrong people. That’s not to say they hire stupid or dishonest people (although of course some do) but that they hire for the wrong reasons.
There are lots of different types of people in the world. Some of them have talents in one area, some of them talents in another. Some of them have qualifications that say they can do something really well, some of them have years of experience proving that can do something really well. Some of them love to learn, and other prefer to be taught.
That last point is the key to hiring people. You see, the people that prefer to get taught won’t go out looking for answers, they’ll expect the answers to come to them. They may well have read the manual but they won’t be able to apply it’s principles in creative ways. They are, to put it bluntly, drones. These are the people you should avoid.
In technology we’re constantly trying to find new things; whether that’s new ways to do old things, or ways to do completely new things. While there are manuals and textbooks that will teach you how to use a particular tool it won’t show you how to make the thing you’re working on. You may know how to handle a chisel, but that doesn’t mean you’re going to make a Chippendale. That takes craftsmanship - a subject close to my heart.
You should look for the people that have a craftsman’s attitude to work. They love what they do, they are passionate about doing it right. They are the ones that love to learn, who will keep trying to push the limits of their own, and sometimes the technology’s, limits. Where they see something that isn’t as good as it should be, they say something. In short, they have an attitude of excellence and humility.
Excellence: because without it you can’t call yourself a craftsman. If you don’t aim to be excellent in what you do you’re a person that can’t be bothered. A “good enough” outlook isn’t the craftsmans way. Excellence is a mountain that grows as you climb, but every step brings a better view.
Humility: because arrogance is the nemesis of a good worker. Keeping an attitude of humility makes sure your ears are always open to new and wiser instruction. Arrogance is like a plushly decorated prison. You might think you’re living in luxury, but in reality you’ve lost your freedom.
As Seth Godin says:
I really believe that hiring for talent is not nearly as important as hiring for attitude. If you get the right attitude, you can teach the talent.
So talent, especially qualification-heavy arrogant talent, will not make your business stronger. Humility and excellence will.
Wed Sep 19
There’s not much more likely to raise a smile on the face of hardened Web-farers than the yearly, now International, Talk Like A Pirate Day. Every year on 19th September thousands of slightly mad people from all over the globe mutter things such as “Arr, Jim-lad” and “Avast there, ye scurvy wench”.
You may be asking why? Well, why not? It’s not often you can call your boss a “scurvy sea-dog” and get away with it. You have to take every opportunity you can get.
Tue Sep 18
Everyone knows I’m a fan of the Prototype JavaScript framework. But even I realise that for a novice getting the best out of it can be a daunting task. So I wrote a simple library called Performer to allow you to use some of the Prototype features without writing a single line of javaScript, instead using CSS rules.
There’s now another way for people to get started with Prototype using Protoscript, a simplified language that gives you lots of nifty features such as fading, drag-and-drop, toggling and much more. It looks good, although it like many JavaScript libraries (except mine, fnar fnar) it doesn’t provide you a way to separate JavaScript from HTML without some extra work. Still, the drag and drop thing is cool.
del.cio.us,
Digg,
Yahoo!,
Google
Nick Harper, 10th May 2007 (4)
Nick Harper, 10th May 2007 (3)
Nick Harper, 10th May 2007 (2)
Nick Harper, 10th May 2007 (1)
Whitby from the Hill
