How I know to avoid a technology company

Stock Model -- What??

Stock Model -- What??

I saw an ad today on a city bus for co-location hosting. It said the name of the company, what it did (like “[Something] Co-located Hosting”), and to the left had a picture of a guy standing with his arms folded, turned slightly, and smiling at me.

Besides being creepy having a grown male man smiling at me…

I want to go to the PR person for the company and ask:

“What does the stock model have to do with your business?”

“Are you assuming the market understands what your business is about, or is turned on by strange smiling men?”

“If your advertising department is incapable of portraying your business, how can I trust that your management team sufficiently understands the business enough to explain it to employees in the advertising department, let alone prospective customers?”

“And if your management team lacks an understanding of the business, how can I place my trust in buying your services?”

I think poor advertisements go beyond this. I personally think that any medium-large-sized companies should have their ads reviewed by a member or subset of the management team, since they do, and the ad will, be representing the company to people that may have never heard of it. How can they expect to get away with stuff like this and still be effective? Perhaps it’s time to re-think your marketing plan.

UPDATE: Oh yes, it was “Colocation with Confidence” — Utah-based Fibernet.

Posted May 27th, 2009 | No Comments »


The Launch of Wolfram|Alpha

Watching Wolfram|Alpha launch right now — this is pretty cool. Looks like they’re having some performance/logging problems, but I watched the little red dot in Utah appear!

Posted May 15th, 2009 | No Comments »


How to hide all those dumb quizzes on Facebook

Drag a filter to the top of the list and replace "News Feed"

1) Drag a filter to the top of the list and replace "News Feed"

While this isn’t a perfect solution, it gets the job done, and it’s just a little trick that I don’t think many people know about.

Make sure "News Feed" is not the default filter.

2) Make sure "News Feed" is not the default filter.

To hide all the annoying quizzes that fill your news feed, you can just click “Hide” when you hover your mouse over it, and click “Hide [Application Name]” and do each one individually -or- you can hide them all the thousands of them at once. On the left side of your home page, there are a bunch of filters. You can see more if you click the “More” link below them. You can re-roder them how you want; just drag a new one to the top and then click on it.

Every subsequent Facebook homepage load will show that as the default. I choose to do “Status Updates” — but you can pick your own or create a custom filter (a friend list) and put that first.

When you’re done dragging, be sure that you click on it.

Posted May 10th, 2009 | No Comments »


Beware the sites with authentication system flaws

It has come to my attention that numerous popular websites and established businesses make one huge and critical oversight… either:

  1. they don’t tell users of a maximum length for their password, or
  2. they don’t know that their system has a maximum length restriction.

This is dangerous! If you’re a developer, you need to understand how your passwords are stored, and what the qualifications are for passwords! If there is a maximum length, it better be LONGER than 25 characters, especially if your system doesn’t allow special characters.

Let me give you a quick rundown on all the sites — that I can remember right now — that I’ve had severe password problems with:

First let me disclaim: I cannot recommend that you sign up at any of these sites for their services until their severe password flaws are fixed. I do not, nor should you, trust sites or businesses that let a component as critical as the authentication be fatally flawed. Let me explain each situation I had. NOTE: RackForce has fixed the issue as far as I can tell and I do recommend them to others.

NameCheap’s Stubbornness

In a support issue with one of my domains, I was required by the support rep to supply the last 4 characters of my password. (They have a “20 character” limit, which they do state on their site, and which I do follow to exactly 20 characters.) I immediately became concerned and inquired of my account’s security. Is the password hashed? Encrypted? If so, how come they can view it? What kind of permissions are there for that? Can they view the whole thing?

Despite these concerns, I opened KeePass (my password manager), copied the password, and supplied just the last 4 characters of my password. Their response was, “I’m sorry, but that’s not correct.”

” … ”

“… yes, it is. That’s the end of my password.”

“I’m sorry, no it’s not.”

Eventually this was taken up with their fraud department. Their email was:

“The passwords in our system are absolutely safe and secure. However, our representatives can view and check them for the verification purposes only. The amount of people who are authorised to do that is very limited and this information is *never* given up to the third-party, so there is nothing to worry about. We have carefully checked the chat log and found that the last four digits of the password which you provided in chat really were incorrect, seems that you confused something.”

Not possible, I said! I just logged in with that password. Something is wrong in their system. Unfortunately I cannot trust it now. I don’t know what to do about all my domains, yet. It’ll be pricey to transfer them away.

The issue remains unresolved.

Moniker’s Lack of Initiative

I registered a domain at Moniker (a big mistake) and was going to go manage it, but I couldn’t login. They had this strange login schema for the username and password. You had to login to a separate panel to manage this particular extension. So I typed my username and password as it instructed, but the password was incorrect.

No it wasn’t. I copied+pasted from the same source that logged me in to Moniker a few moments ago (like the NameCheap issue).

I emailed support. After a week I got one response: “Oh, sorry, the login process was slow and buggy for the first few days. It’s working now. Also, please remember that if your Moniker Password has any special characters such as !@$%, the system will not accept it and you will need to reset it to have only letters and numbers.” … so now they tell me that I can only have letters and numbers. They didn’t state that at registration, but good thing I chose not to use any special characters this time. Well the login still didn’t work. “It still is not working,” I replied, and after a week they replied automatically and said “Please respond to this ticket or it will close for inactivity.” — I was waiting for them! Grrr.

The issue remains unresolved.

DomainTools Blatant Lack of Basic Security

The issue here is simple. I went to register at DomainTools (shortly after whois.sc became DomainTools) and as I did, I noticed my password displayed, in plain text, in the URL bar, over a standard HTTP connection.

I quit the registration, cancelled my account, and informed them to find the incompetent developer that did that.

The issue seems to be resolved. I haven’t tried, though, and won’t be trying any time in the next 100 years.

RackForce Overlooks Password Restrictions

I’ve been a RackForce customer for a while, but have to move away from them to lower my costs. I’m pretty satisfied overall. However, their Customer Support Center (CSC) has an issue that the development team overlooked. I know exactly what the issue is, but they apparently have no idea.

I recently did a password change that appeared to be successful. I tried logging in later with it but could not. I double checked the username, password, and the fact that I copied it correctly from my password manager. Indeed everything was correct. So I sighed and just did “Forgot your password?” — sure enough, an email came with my plain-text password.

Not exactly a secure way to store passwords for a billing interface that manages your business account…

What’s more interesting is that the password was only about half my password’s length. It was cut off after the 16th character. It has special characters that didn’t seem to cause a problem, but it would have been nice to know that there’s a 16-character limit on RackForce CSC passwords. I informed them of this and cancelled my account.

Update: They have added “Max 32 chars” next to the password input fields. I guess they increased the maximum length too. I’m glad they resolved this.

Mint.com… where do I even begin… what a mess!

This whole Mint.com thing was a mess. You can take a gander at both of my complaints if you want. Basically, it was a huge disaster. Initially my password was fairly long and complex. I couldn’t login from the homepage, but I could from the “Log in” page. I couldn’t log in from my iPod Touch either (with their app). Once my password was shortened and simplified to a highly insecure level, I was able to fully access Mint.

After discovering this, I basically decided I can’t trust them with my financial information, so I pulled my data and closed the account.

The issue appears to still be unresolved.

Posted April 11th, 2009 | No Comments »


“Kudo” to Internet Explorer 8

Yes, you read that right: “Kudo to Internet Explorer 8.” — just one, though. It doesn’t deserve much more than that for now.

At work, we’ve been trying to push out some updates to the Javascript implementation of one of our product’s APIs. It’s a few thousand lines of Javascript, and the enhancements we added changed the way a lot of little things work “here and there.” I started primarily using Firebug, and was satisfied for the first 45 or so seconds.

My conclusion? Firebug has got to be one of the buggiest, slowest, most difficult Javascript debugging tools. I’ve never really had a problem with Firebug to analyze styles, basic Javascript, and AJAX requests. But add a couple thousand lines of code and Firebug loses its appeal pretty quickly. I was frustrated with how often I had to debug the debugger. “Wait, what? My file doesn’t look like that.” or “Where did the breakpoint go?” and “How did it step into that Javascript line? It’s commented!”

Frustrated, I moved on to use Venkman’s Javascript debugger. It’s a little more archaic, but seemed worth a shot. This time I was impressed for a full 10 minutes. That is, until I reloaded the page and it started, literally, breaking the page load. Even pages without any Javascript would send the debugger into “Pause” where I have to hit the “Continue” button to continue loading the page, but then a moment later it goes back to the “Continue” button. I have to close the debugger to reload the page, set it up, then I can re-open it to start debugging Javascript. The “Watch” window was really buggy too. It would seem that watches would magically disappear, but still be visible, if that makes any sense. Venkman has some bugs of his own to work out.

I had hit rock-bottom! Two debuggers that needed more debugging than my incomplete Javascript project — not acceptable. Finally, I upgraded to IE8 and decided to try its new “Developer Tools” window, which includes a Javascript debugger.

I must say, I’m impressed. Microsoft carried over their Visual Studio methodologies and you can notice the similarities between its debugger and the one bundled with IE8. Why do I like it? It’s elegant, easy-to-use, and it works. So one kudo to Microsoft for their new IE8. Granted, it still renders the Javascript slowly (heck, IE6 ran the product faster in our testing than IE8 by almost 2x) — but its debugger is nicely done.

My recommendation? If you need to debug some Javascript, bite the bullet and just use IE8’s debugger. It’s worth saving the time to do that than to spend all of it debugging non-functional Javascript debuggers.

Epilogue

The product that I was developing is now rolled out. You can see a demo of it at Qualified Address’ LiveAddress product page. The demo is in the sidebar on the right. Try validating an address. If you get it close, it should suggest a perfectly-tuned, certified, and standardized address. If users butcher it really bad and our system can’t figure it out or verify it, they now have the ability to be notified of this and to go back and fix the spelling, or “just use the address [they] entered.” We think it’s pretty slick and you’ll like it. Give it a shot.

Posted April 11th, 2009 | No Comments »


« Older Entries


BLOG von mir is proudly powered by WordPress
Entries (RSS) and Comments (RSS).