Listening to Black Eyed Peas– Don't Funk with my heart on the radio the other day, I was disappointed to notice they had in fact replaced the title (which is present in the chorus) with "Don't mess with my heart". Channel surfing today I saw "Wheatus– Teenage Dirtbag" on Much Music (MTV(2) for Americans) where they bleeped out the line "he brings a gun to school".
I think we're going a little far
Why doesn't my PSP function in a nifty WiFi finding mode? Turn it on, hit a few buttons, and get some nifty looking WiFi detector, giving all the relvent details. The software required isn't that hard, all they need is a little software tweak.
There's some talk about some improvements in an upcoming firmware, this wasn't listed though. The new firmware will doubtlessly make it even more difficult to run homebrew apps. If they want me to make the change they're going to need to offer some juicy little tidbits. This might do it for me.
Something that just came as a little bit of a surprise to me, in php the ctype functions return TRUE if they are passed an empty string.
So cype_digit("") is true.
This isn't really what I expected, I wanted the test to return TRUE IFF the string contained a digit, and nothing but digits.
But if you read the docs carefully I guess that's what I should have expected:
Checks if all of the characters in the provided string, text, are numerical.
Technically if given nothing, everything present is numerical.
is_numeric() however does what I was looking for.
IFF = If and only if
Ilia Alshanetsky of FudForum fame is looking for a new layout for the forums. If you're a web designer looking to get your work out there this is a great opportunity, and there are glittering prizes.
Get to it.
Get to it.
Those two words should be familiar to all the programmers out there. To those not "in the know" they (or something very similar) generally are the output of a student's first programming endeavor.
The eBay API equivalent is successfully sending a request for "eBay Time", and parsing the response.
<eBay>
<EBayTime>2005-07-23 23:32:33</EBayTime>
</eBay>
I wonder if one day eBay rules the world (having taken over Google, and beaten down Microsoft) we will stop measuring ourselves in comparison to GMT, and instead use eBay time as the basis for time zones.
For the curious, the code required to perform that trivial request was 41 lines long
I'm not sure exactly how to go about it, but I think somehow this message needs to get out to all the women out there:
Sex makes people healthy, cheerful, strong, beautiful and sleepy
Maybee I can get the article on a T-Shirt... Or some boxers
Pop Quiz Readers!
Question 1: What is the most relevant piece of information to be returned with search results when searching a library catalog by item title:
A) The title of the book
B) The author of the book
C) The books call sign or physical location
D) The year in which the book was published
Choose nowÂ… No Cheating!
If you chose C or D, you must work for the Windsor Public Library, since those are the two items listed on the first line of a search result, and in a larger font than other things, like the title of the book:
This makes absolutely no sense to me, the location of the book (which is what a call sign, or Dewey Decimal Number gives you) is useless until you know if it's the book you want.
When planning search result pages, try to make the information the user searched under that most prevalent piece of information presented. There are two main ways to accomplish this: First, you can present all search results using the same template, and make the relevant information more visible by making it bold, highlighting it, etc. This is the method Google (and thus GMail) and most other search engines use (notice that the word serendipity is slightly bolded).
The second method is to use different templates depending on what search criteria was used. For example: If a user searched for books by "brown" published between 1942-1947, it would be appropriate to display both the authors name, and the year published at the top of each search result. While a different search for books with a title containing the words "metal fatigue" would more appropriately display the title first, author next, and publishing information towards the end.
This alternate layout scenario does have drawbacks, users must re-learn the template with each new search type, but it does have a place in situations where searches are likely to be complex, and the user is likely to be quite computer literate (imagine med students searching medical journals, they have an idea what they are looking for, will probably use a lot of search criteria, and are well educated).
The correct answer is (IMHO): A
Question 1: What is the most relevant piece of information to be returned with search results when searching a library catalog by item title:
A) The title of the book
B) The author of the book
C) The books call sign or physical location
D) The year in which the book was published
Choose nowÂ… No Cheating!
If you chose C or D, you must work for the Windsor Public Library, since those are the two items listed on the first line of a search result, and in a larger font than other things, like the title of the book:
This makes absolutely no sense to me, the location of the book (which is what a call sign, or Dewey Decimal Number gives you) is useless until you know if it's the book you want.
When planning search result pages, try to make the information the user searched under that most prevalent piece of information presented. There are two main ways to accomplish this: First, you can present all search results using the same template, and make the relevant information more visible by making it bold, highlighting it, etc. This is the method Google (and thus GMail) and most other search engines use (notice that the word serendipity is slightly bolded).
The second method is to use different templates depending on what search criteria was used. For example: If a user searched for books by "brown" published between 1942-1947, it would be appropriate to display both the authors name, and the year published at the top of each search result. While a different search for books with a title containing the words "metal fatigue" would more appropriately display the title first, author next, and publishing information towards the end.
This alternate layout scenario does have drawbacks, users must re-learn the template with each new search type, but it does have a place in situations where searches are likely to be complex, and the user is likely to be quite computer literate (imagine med students searching medical journals, they have an idea what they are looking for, will probably use a lot of search criteria, and are well educated).
The correct answer is (IMHO): A
I've been planning on purchasing either a Power Book or a MacMini for the past while, and as my book comes to a close, the time when I can afford it approaches, but I don't think I want one anymore. Mac is switching from the IBM chipset to an Intel chipset, and plans on releasing their laptops and desktops early to mid next year. So I was already questioning buying a Mac, thinking it would be smarter to wait until the chipset change.
That, plus apparently the new Intel architecture is faster.
Make sure you go register for PHP|Arch's upcomming conference:
So you can hear me give my first talk!
I often rant to friends and anyone else who will listen about my lack of understanding with the current craze of disposable products. We need less waste not more, what are these companies thinking?
But the new Glade Wisp has me more stumped than usual. It's an air freshener that sports a built in smoke generator, so you can see it working. Pardon me, but shouldn't my first hint that my air freshener is working properly be the great scent invading my nostrils, not some chunk of smoke coming from the piece of plastic on my table?
As I have become increasingly aware of what security is, I am also finding myself noticing large security holes frequently, during my day to day life. These security holes are usually not the result of a poorly designed system, but a lack of training or effort from the front line staff. I will present a few examples of my point, then rant a bit more about what I feel should be done.
Example 1:
When I purchased my PSP at a large box retailer, I was not allowed to remove the box from the glass display case, nor was I allowed to carry the box from the display case to the cash, an employee dutifully performed both tasks on my behalf "for security reasons". That same employee also rang up my purchase at the cash register, where I paid with credit cart. He scanned the purchases, swiped my credit card, returned the card, bagged my purchases, then handed me my receipt. He effectively prevented me from fleeing the store with an unpaid item, but did nothing to confirm that the card I used to pay for my purchases was indeed mine.
Analysis:
The employee effectively prevented me from physically grabbing the product and running, but did nothing to ensure that the card presented for the purchase belonged to me. Security must be approached comprehensively, preventing one type of theft, while doing nothing to prevent another (which is only marginally more difficult) is nearly useless.
Good Example:
At least in my experience, Wal-Mart employees have been decently trained in terms of remembering to check the signature each and every time.
Best Practice:
Train employees not only to compare the signatures, but what to look for. A thirty minute CBT (Computer Based Training) module would do wonders. Also ensure you back up your employees when they challenge a cardholder, they must feel empowered to make those calls.
Example 2:
At another retailer I selected several items from the electronics department, and paid for them at the electronics desk. On my way out of the store the alarms went off, and I dutifully returned to the nearest cash to have my purchases checked (I doubt the teenager behind the cash had the desire or the training to chase me). The cashier dutifully removed each item from my bag, demagnetized the security tag, placed them back in my bag and wished me a good day.
Analysis:
This exercise was pointless; at no point were the items in my bag compared to a receipt. It would have been trivial to purchase something in electronics, then add additional items to the bag while walking around the store (one item I was carrying was from another department, this should have garnered extra attention), though admittedly, this would have caught me had I placed a tagged item in my clothing. Again, the system here is decent, there is a single public exit from the store, and all of the doors are alarmed, and generally staffed. The staff however need to be taught the reasoning behind calling the customer back to a cash register, it is not to stop those darn alarms from going off, but to ensure that all items leaving the store are accompanied by a receipt.
Good Example:
Toys-R-Us briefly dabbled with special bags for their electronics department. The clear bag was heat sealed across the top, with a sticky strip along the bottom. The cashier would place items into the bag, and then seal the bottom. This way it was supposedly impossible to add additional items to the bag between the electronics department and the store without visible tampering. It wasn't perfect, the system could have been improved by also sealing the receipt in the bag in an easily visible location, or by using a no-tampering seal on the bottom. But it was a decent attempt.
Best Practice:
Employees tasked with security must understand why they are doing something, not just what. The goal of asking a customer to return to a cash is to ensure that each and every item on their person obtained within the store was paid for, to do this you will need not only the items, but the corresponding receipts.
Example 3:
Finally, the example that delves into the digital realm
Last year, at about this time I was attempting to set up some new billing options for my then employer. I had logged into the system provided by our merchant bank, and had gone through the steps that seemed to be required to add an additional price point, however all my work was for naught as the changes I made were not reflected elsewhere within the system. I phone technical support and asked them to walk me through the process over the phone, I would actually be doing everything, and they would just be there to ensure I followed the proper procedure. They refused, it turns out that there was a second password associated with our account, which was only used over the phone, and no one in the office had any idea what it was. They would continue to withhold support until the primary account holder (who was out of the office) got on the phone, identified themselves through some security process, and reset the password. The information that the merchant bank required to authenticate the primary account holder was: full name, social security number, birth date, and driver's license number. All of that information was visible via their online system.
Analysis:
Several things went wrong here, I shall examine them each in turn.
1. There would have been no appreciable security risk for the tech support person to assist me in using a system I had already logged onto. This is an instance security through obscurity, where obscurity was the only layer between me and accomplishing my goals. (It turns out I was doing everything correctly, there was just a 72hr delay between anything you did, and it actually happening)
2. The authentication process for a password reset was fundamentally flawed. The entire point of having two distinct passwords for a single account is to ensure that compromise of one does not compromise the second, without that there is no additional benefit in adding the second password. The information required to reset one password should not be made available to anyone who possesses the first.
Note that I am not faulting the firm for not allowing me to reset the password, password resets should be difficult. I am faulting them for requiring information visible from within their online system.
3. Presenting detailed personal information from within the online system was a bad decision. Not only did they make available all the information required to reset the phone password available to anyone with access to the online system. They also presented all the information required to perform identity theft to anyone in my firm assigned tasks as menial as credit card refunds, and presumably anyone within the merchant bank. Identity theft is all the rage on the evening news these days, this information should be protected. There is no reason to show the account holder the information, either they know what it is (it's their information), or should they require it, they can ask the individual directly.
Good Example:
When viewing your payment options at Amazon.com only the last few digits of your credit card number are shown, not the entire card.
Best Practice:
First, when multiple passwords are associated with an account for security reasons, ensure that the information required to reset a password is not visible to one who possesses the other. Second detailed personal information should be write only (not read/write), once an identification number has been entered and accepted by the user show only a few digits of the number or none at all. Finally, there is no appreciable gain in security in refusing to instruct someone in the use of a system to which they have already gained access.
Finally:
When being educated in the ways of security we are taught that it is a trade off, generally the trade-off between ease of use and security ends up being the balancing factor (other issues such as development time or methodologies are usually (and rightly) balanced against the value of the item being protected). In each of these cases security could have been increased without a corresponding decrease in ease of use. All that was required was some additional training for front line staff: In the first case handing back my credit card back a few moments later (after checking my signature) would have required no additional effort on my part. In the second case asking me for my receipt would have required minimal effort on my part and would have actually made the security process worth while (and reasonably secure). In the third and final case removing the personal data from the web system would have had no bearing on the user experience, but would have made the secondary phone password much more secure, and helped to protect the primary account holder from identity theft.
When implementing any security system it is insufficient to hire a high priced security consultant to design the system then call it a day. Each and every member of your team who will be involved in implementing the security system must understand the system as a whole, how their role fits into it, and exactly what their role is supposed to accomplish.
