Keeping Up: Maybe We Should Just Stop Reading

The myth of "keeping up"
Read it first, you won't regret it. Then *do* come back please :)

Or, if you're really short on time, the gist of the article follows here. It's that we think we need to keep current on all important fields in our lives (tech, personal, gossip, news etc.etc.) but actually we can never do that. It will drive you crazy if you just keep on trying. Sometimes I joke to my wife: 'I'm almost done reading the internet, but please let me finish it because something new was just added'. The article's advise is acutally quite comforting, because I still DO think I need to know a lot about a lot of things. But in the end it's not. You do need to know what you need to know at this moment to get your job done: "Just In Time" Learning

via numerous sources, Kathy Sierra has an substantial readership.

PS: The ironic thing is that I unsubscribed from her feed some time ago in order to bring the total number from 140+ to a mere 90. Maybe I shouldn't have unsubscribed, because following her wise advice would have bought me more time than just throw a lot of stuff out the door.

LINKBLOG For April 27, 2006

• ComputerZen.com - Scott Hanselman - Open Source versus Source Out in the Open
  Scott hits the hammer on the nail: it's safer to borrow code from Open Source projects that have proven themselves over time, than to just copy/paste code you found in some Google Group thread
  


• John Wood - Is OOP Bad for Business?
  Not everyone is convinced OOP is the way to go in all situations...
  
• More Dynamic-er Than Yours - The Daily WTF.. or how to completely dynamify your web site


all via Interesting finds - Jason Haley

Does Microsoft Get It?

Jeff Atwood seems to think not: in Windows Vista: Security Through Endless Warning Dialogs he describes, referring to Paul Thurrot's Vista article 'Where Vista Fails', how Microsoft - using an understatement - did not so good a job on the security model in Vista. In the struggle to be as secure as possible, even real Administrators are normal users by default, leading to an endless display of security warnings which will make you click the 'yes' button all to eagerly when the first virus comes around asking for permission to destroy your file-system.

On the other hand I see Dana Epp who is Educating his grandma on the security of her home computer. He sees very good use in some excellent videos Microsoft made on the subject of worms, viruses and other dangerous creatures. The point here of course is: how do we get Grandma to actually watch those videos? She probably rather skypes with her grandchildren in Australia, or order some novels on Amazon. Security is not really on her radar, as long as the internet connection is working she really couldn't care less (and she's right: suppose every time I'm driving through a tunnel, I would have to think of the possibility that it falls apart, or that it can even be dangerous to drive at all...)

Bottomline: security is hard.
Bottomline2: maybe we shouldn't judge Microsoft too quickly. It's not that they have this conspiracy going on like "hey, let's give all Administrators a Repetitive Strain Injury". I've seen enough effort from them to know that they take security seriously (now), but the more complex your projects get, the more advanced everything that's related to it, security included!

PS: on a completely different note, but the same subject not *getting* security: Bruce Schneier has read the Pittsburgh Post-Gazette and makes a very short blog post which does not need any further comment

Default Input Validation In ASP.NET

Working with a Context.Handler I tried to input HTML comments from page1 to page2. This was before I added any validation controls whatsoeve.Didn't expect the following run-time error:

A potentially dangerous Request.Form value was detected from the client (txtValue="<b>bla!</b>").
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.

A nice way to prevent malicious input just in case you forgot (eh, ..?) to do any validation. Must be a no-brainer to you but for me this was the first time I noticed this....

LINKBLOG for April 20, 2006

• Disable Flash or Uninstall Flash I was tired of Flash ads consuming all my CPU on my 5-year old laptop. The ads also blank annoyed me, time to do something about it. Choose for yourselves: kill Flash completely or just disable it. I choose the latter one, then you can always view a flash thingie if needed.


• Welcome to the new world of Web 2.1. There's really no end to the amount of fun you can make about web2.0 and it's elk ... here's a guy who transfered the <BLINK> that the younger ones among you won't even remember to server-side AJAX-ie code. Very useful - to be introduced to how AJAX like requests work, that is - :)


• 
  Remote Desktop Tips and Tricks by Jeff Atwood A wealth of key command you can use on a Remote Desktop. I actually never took the time to fond them out myself, so this came in handy. I'm working on remote desktops every day. The first one was already enough, as it always bugged me that I found myself moving the mouse around *a lot* on a non-maximized desktop to get to other windows. Not anymore:
  

  Alt + Page Up
  Switches between programs from left to right.

Some Inspiration To Make Your Site More Secure

Just came across Design Flaw in Human Brain Prevents Detection of Phishing Websites via (Dutch, sorry).

A study was performed, yielding the idea that the overwhelming majority of people will fall for carefully constructed phishing sites, resembling their valid counterparts for a great deal. Therefore the suggestion is done that people should be able to personalize the pages of e.g. banking sites. Once a phishing site comes around they won't see the personal picture they're familiar with and they'll know something is going on...

Well yeah, seems OK on the surface. Don't know about you, but I'm definitely logging out of my online banking environment after I'm done, meaning, obviously that my personal environment is not available anymore. I probably won't see the picture once I've logged out, only when the site makes use of persistent cookies to still recognize me. Hmm, alright, that seems reasonable. At least, my online banking site also remembers my user-name after I'm logged out, so why should it not show a personal picture.

The central idea behind it might be the bottleneck in the end: obviously for us tech /power users the concept is clear. But is it for your aunt paying her bills online? Who might be so overwhelmed by everything coming towards her on the big bad internet that she probably still will fall for the trick. What do you think?

LINKBLOG For April 13, 2006

• How to build a game in 40 hours
  


• Sam's objects. Some Swedish guy thought you can't start learning the principles of OO programming young enough. And he's right, these principles are *that* difficult to grasp. And because programming takes ten years to learn your toddler can start the real work at age 13!
  

If I remember correctly, both via reddit, where else?


• How to design a single method - level 200 via


• Multitasking and Conflict You always hear people moaning about how multitasking is detrimental for productivity. That was wat the author of this piece was also pondering: he adds quite a fresh argument to the scene:
  
  The real purpose of multitasking is not to finish work faster. The real purpose of multitasking is to avoid conflict.
  
  In order to please everyone for we have work to do, we start to multitask like crazy to continuously be able to report progress to all parties.
  

Joel Invents The "Development Abstraction Layer"

Go read The Development Abstraction Layer. Key quote according to me:

A programmer is most productive with a quiet private office, a great computer, unlimited beverages, an ambient temperature between 68 and 72 degrees (F), no glare on the screen, a chair that's so comfortable you don't feel it, an administrator that brings them their mail and orders manuals and books, a system administrator who makes the Internet as available as oxygen, .... etc



This is *so* true. All to often programmers, but of course -to be politically correct- all other knowledge workers included are viewed as resources who can be exchanged at will. Some disgruntled employee leaving the company? Let's just get another! Let me assure you: I don't think we as programmers are the only important employees for our companies. But please let us do what we're best at: programming. And while I don't need an Aeron chair, please let me have quiet working place conditions with at least the possibility to work undisturbed for a substantial amount of time, if I think it's neccessary. I'm happy to help every other collegue out (even think that's one of my positive skills, helping other people), but sometimes I just need that 2 hours to finish a target...

LINKBLOG For April 11, 2006

• A Pretty Good Way to Foil the NSA. Encrypt your phone calls so even the NSA can't listen in
  via the Privacy Digest



• Always wanted to hack a website, but were afraid to...?Note: no illegal activity here, this is a Microsoft endorsed workshop where you can learn the technical backgrounds of web security



• Keep Your Job by Changing It. As they say in Ducth "Stilstand is achteruitgang". Keep on improving yourself or you will find yourself irrelevant in the future.
  
  
• Debugging Resources Quote: " It's my opinion that the difference between good developers and outstanding ones are the way that they debug applications ".
  Ignore at your own peril. Nuff said

all above via Jason Haley


• MagicAjax, another open source AJAX Framework. They have some nifty examples, with source code inline here
  via The Daily Grind