Arjan's World: April 2006
You are now being redirected to the new housing of Arjan's World. Click here in case nothing happens

Sunday, April 30, 2006

Keeping Up: Maybe We Should Just Stop Reading

The myth of "keeping up"
Read it first, you won't regret it. Then *do* come back please :)

Or, if you're really short on time, the gist of the article follows here. It's that we think we need to keep current on all important fields in our lives (tech, personal, gossip, news etc.etc.) but actually we can never do that. It will drive you crazy if you just keep on trying. Sometimes I joke to my wife: 'I'm almost done reading the internet, but please let me finish it because something new was just added'. The article's advise is acutally quite comforting, because I still DO think I need to know a lot about a lot of things. But in the end it's not. You do need to know what you need to know at this moment to get your job done: "Just In Time" Learning

via numerous sources, Kathy Sierra has an substantial readership.

PS: The ironic thing is that I unsubscribed from her feed some time ago in order to bring the total number from 140+ to a mere 90. Maybe I shouldn't have unsubscribed, because following her wise advice would have bought me more time than just throw a lot of stuff out the door.

You are now being redirected to the new housing of Arjan's World. Click here in case nothing happens

Thursday, April 27, 2006

LINKBLOG For April 27, 2006

You are now being redirected to the new housing of Arjan's World. Click here in case nothing happens

Friday, April 21, 2006

Does Microsoft Get It?

Jeff Atwood seems to think not: in Windows Vista: Security Through Endless Warning Dialogs he describes, referring to Paul Thurrot's Vista article 'Where Vista Fails', how Microsoft - using an understatement - did not so good a job on the security model in Vista. In the struggle to be as secure as possible, even real Administrators are normal users by default, leading to an endless display of security warnings which will make you click the 'yes' button all to eagerly when the first virus comes around asking for permission to destroy your file-system.

On the other hand I see Dana Epp who is Educating his grandma on the security of her home computer. He sees very good use in some excellent videos Microsoft made on the subject of worms, viruses and other dangerous creatures. The point here of course is: how do we get Grandma to actually watch those videos? She probably rather skypes with her grandchildren in Australia, or order some novels on Amazon. Security is not really on her radar, as long as the internet connection is working she really couldn't care less (and she's right: suppose every time I'm driving through a tunnel, I would have to think of the possibility that it falls apart, or that it can even be dangerous to drive at all...)

Bottomline: security is hard.
Bottomline2: maybe we shouldn't judge Microsoft too quickly. It's not that they have this conspiracy going on like "hey, let's give all Administrators a Repetitive Strain Injury". I've seen enough effort from them to know that they take security seriously (now), but the more complex your projects get, the more advanced everything that's related to it, security included!

PS: on a completely different note, but the same subject not *getting* security: Bruce Schneier has read the Pittsburgh Post-Gazette and makes a very short blog post which does not need any further comment

You are now being redirected to the new housing of Arjan's World. Click here in case nothing happens

Default Input Validation In ASP.NET

Working with a Context.Handler I tried to input HTML comments from page1 to page2. This was before I added any validation controls whatsoeve.Didn't expect the following run-time error:

A potentially dangerous Request.Form value was detected from the client (txtValue="<b>bla!</b>").
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.

A nice way to prevent malicious input just in case you forgot (eh, ..?) to do any validation. Must be a no-brainer to you but for me this was the first time I noticed this....

You are now being redirected to the new housing of Arjan's World. Click here in case nothing happens

Saturday, April 15, 2006

LINKBLOG for April 20, 2006

  • Disable Flash or Uninstall Flash I was tired of Flash ads consuming all my CPU on my 5-year old laptop. The ads also blank annoyed me, time to do something about it. Choose for yourselves: kill Flash completely or just disable it. I choose the latter one, then you can always view a flash thingie if needed.

  • Welcome to the new world of Web 2.1. There's really no end to the amount of fun you can make about web2.0 and it's elk ... here's a guy who transfered the <BLINK> that the younger ones among you won't even remember to server-side AJAX-ie code. Very useful - to be introduced to how AJAX like requests work, that is - :)

  • Remote Desktop Tips and Tricks by Jeff Atwood A wealth of key command you can use on a Remote Desktop. I actually never took the time to fond them out myself, so this came in handy. I'm working on remote desktops every day. The first one was already enough, as it always bugged me that I found myself moving the mouse around *a lot* on a non-maximized desktop to get to other windows. Not anymore:
    Alt + Page Up
    Switches between programs from left to right.

You are now being redirected to the new housing of Arjan's World. Click here in case nothing happens

Wednesday, April 12, 2006

Some Inspiration To Make Your Site More Secure

Just came across Design Flaw in Human Brain Prevents Detection of Phishing Websites via (Dutch, sorry).

A study was performed, yielding the idea that the overwhelming majority of people will fall for carefully constructed phishing sites, resembling their valid counterparts for a great deal. Therefore the suggestion is done that people should be able to personalize the pages of e.g. banking sites. Once a phishing site comes around they won't see the personal picture they're familiar with and they'll know something is going on...

Well yeah, seems OK on the surface. Don't know about you, but I'm definitely logging out of my online banking environment after I'm done, meaning, obviously that my personal environment is not available anymore. I probably won't see the picture once I've logged out, only when the site makes use of persistent cookies to still recognize me. Hmm, alright, that seems reasonable. At least, my online banking site also remembers my user-name after I'm logged out, so why should it not show a personal picture.

The central idea behind it might be the bottleneck in the end: obviously for us tech /power users the concept is clear. But is it for your aunt paying her bills online? Who might be so overwhelmed by everything coming towards her on the big bad internet that she probably still will fall for the trick. What do you think?

You are now being redirected to the new housing of Arjan's World. Click here in case nothing happens

LINKBLOG For April 13, 2006

  • How to build a game in 40 hours

  • Sam's objects. Some Swedish guy thought you can't start learning the principles of OO programming young enough. And he's right, these principles are *that* difficult to grasp. And because programming takes ten years to learn your toddler can start the real work at age 13!

  • If I remember correctly, both via reddit, where else?

  • How to design a single method - level 200 via

  • Multitasking and Conflict You always hear people moaning about how multitasking is detrimental for productivity. That was wat the author of this piece was also pondering: he adds quite a fresh argument to the scene:

    The real purpose of multitasking is not to finish work faster. The real purpose of multitasking is to avoid conflict.

    In order to please everyone for we have work to do, we start to multitask like crazy to continuously be able to report progress to all parties.

You are now being redirected to the new housing of Arjan's World. Click here in case nothing happens

Joel Invents The "Development Abstraction Layer"

Go read The Development Abstraction Layer. Key quote according to me:

A programmer is most productive with a quiet private office, a great computer, unlimited beverages, an ambient temperature between 68 and 72 degrees (F), no glare on the screen, a chair that's so comfortable you don't feel it, an administrator that brings them their mail and orders manuals and books, a system administrator who makes the Internet as available as oxygen, .... etc

This is *so* true. All to often programmers, but of course -to be politically correct- all other knowledge workers included are viewed as resources who can be exchanged at will. Some disgruntled employee leaving the company? Let's just get another! Let me assure you: I don't think we as programmers are the only important employees for our companies. But please let us do what we're best at: programming. And while I don't need an Aeron chair, please let me have quiet working place conditions with at least the possibility to work undisturbed for a substantial amount of time, if I think it's neccessary. I'm happy to help every other collegue out (even think that's one of my positive skills, helping other people), but sometimes I just need that 2 hours to finish a target...

You are now being redirected to the new housing of Arjan's World. Click here in case nothing happens

Tuesday, April 11, 2006

LINKBLOG For April 11, 2006