Sun Sep 30
I’ve been doing a bit of reading lately about the correct way to store passwords, normally in a database. Obviously keeping passwords in plain text (i.e. no encryption) is A Bad Thing for obvious reasons. We’ve all done it at some point, but now is the time to stop.
The secret to getting over the “dunce” level of securing passwords is to use more than just a hash of a password, and instead throw a little salt into the recipe. A salt is basically an extra ingredient that mixes up your hashes and makes them bitter to crackers. Am I taking the analogy too far? Yes, yes I am.
So, I suggest the following (this is in PHP):
md5(md5("password") . "password");
Why? Well, it’s really easy to understand and implement. It means you don’t have to store the salt for your hashes anywhere - the password generates it’s own. Plus every salt is different. Plus it’s a constant length.
I’m not pretending it’s the most secure way in the world to store passwords, but for a better-than-average method it’s pretty good. Or I think so, at least. Any comments?
Tue Sep 18
Everyone knows I’m a fan of the Prototype JavaScript framework. But even I realise that for a novice getting the best out of it can be a daunting task. So I wrote a simple library called Performer to allow you to use some of the Prototype features without writing a single line of javaScript, instead using CSS rules.
There’s now another way for people to get started with Prototype using Protoscript, a simplified language that gives you lots of nifty features such as fading, drag-and-drop, toggling and much more. It looks good, although it like many JavaScript libraries (except mine, fnar fnar) it doesn’t provide you a way to separate JavaScript from HTML without some extra work. Still, the drag and drop thing is cool.
Mon Sep 10
I’m undecided whether to hail this as a breakthrough: the new WordPress Rewriter Plugin. In a nutshell it takes content and using "a thesaurus database of more than 40000 words" will rewrite the content to be completely unique. That supposedly leads to better search engine results, just as duplicate content leads to penalties.
So, will we now have thousands of quick-buck cowboys ripping off articles left , right and centre? Probably, especially as the $9 price tag is more than low enough for people to give it a try.
Apparently it also has a little trick that will increase traffic by a power of 3. Maybe it’s something to do with page titles (they are one of the most important bits of information that a search engine looks at) but they are coy on the matter. One thing I do know - there will be a lot of people trying this plugin.
Fri Sep 7
It seems that there will never be an end to to the world’s supply of stupid people. I use a wonderful add-on for Firefox called Adblock Plus which stops adverts from appearing. You know the ones; flashing banners inviting you to whack the mole and their ilk. Those things are the scourge of the web.
However, some people seem to think that is bad. They aren’t not going to get a link from me, but the people behind "whyfirefoxisblocked dot com" assert that:
Software that blocks all advertisement is an infringement of the rights of web site owners and developers. Numerous web sites exist in order to provide quality content in exchange for displaying ads. Accessing the content while blocking the ads, therefore would be no less than stealing.
Is that right? My using Adblock Plus to stop annoying, obtrusive and in some cases downright offensive (to the eyes) adverts from appearing on my screen is stealing? The developer of Adblock Plus links to lots of articles about this subject, one by the estimable Michael Arrington of Techcrunch which states about one such blocker-of-the-Fox:
… he objects to the fact that some of those Firefox readers are using an ad-blocking extension to block ads showing on the site. To counter the problem, he’s thrown the baby out with the bathwater and kicked 13% or so of the Internet off his site … in my opinion this is not a good strategy to build a blog. Users are solid gold. Even the ones that block ads.
Absolutely. You don’t have a right to force me to view your adverts any more than you have a right to force me to view your site in the first place. There is ALWAYS somewhere else to get the same information on the web, and blocking me from your site isn’t going to endear me to you, is it?
Be grateful I’m on your site at all. I could have gone to one of the millions of other sites, but I chose yours.
Let me tell you a fact. If I didn’t have Adblock Plus and your site had assailed me with garish and obtrusive adverts that get in the way of the information I want (you are providing useful or entertaining content, aren’t you? If not get off the web) I would have left. Immediately.
Another fact. I have never knowingly clicked on an advert in my entire time online (slightly more than a decade, I think). That’s with or without Adblock Plus. I will never knowingly click on an advert. So what good are they doing me? None, they are there just on the off-chance you catch out gullible people of which I am not one.
So who are you befittingly by blocking about 13% of your possible audience? It’s not your users and potential customers, that’s for sure.
Perhaps we should try the same thing with a bricks-and-mortar shop. You know, stop people coming in if they don’t want someone to walk around the store with them shouting things like "Buy that item now!" and "You need this product!". That would work, right?
Fri Jul 27
There’s a new online second-hand car site called Hotswap.com (hat-tip) which allows account holders to upload videos about their car. The design is good and there are some neat tricks thrown in with nifty AJAX (for instance filtering cars by colour). But there are two points to note which I think are indicative of the way the web is moving.
Firstly is the use of Jeroen’s Flash video player, a free Flash player for video. Just like his Flash MP3 player (which I’ve used all over BeatsBase.com) it makes it easy to provide good-looking media capabilities to a web page. HotSwap have certainly benefited from Jeroen’s generosity.
The second point is that hosting for the videos and images is handled by ,a href=”http://www.amazon.com/s3″>Amazons S3 service, the massively scalable solution I mentioned a few days ago. So HotSwap don’t pay directly for the bandwidth they use, and they also have the technology scalability of one of the worlds largest websites behind them. Good move.
So there’s two ways that a new start-up is harnessing the power of the web: using the high-quality free tools available, and using commercial services designed to scale. This, I believe, will be a model for a lot of new websites to come.
del.cio.us,
Digg,
Yahoo!,
Google
Mummy, can I have some credit crunch for breakfast
The Real Me: How I Learned To Embrace my True Inner Self
Nick Harper, 10th May 2007 (1)
Nick Harper, 10th May 2007 (4)
Nick Harper, 10th May 2007 (3)
