Archive | Rants RSS feed for this section

Why is your recovery email address

5 Feb

gmail.pngEach year I receive angry or confused messages from a person who  found as the recovery email address in their Google account.  This post is intended to explain why. Continue reading


Let’s Both Pretend I Read the Agreement

18 Nov

By clicking the "I Agree" button, I acknowledge that I want this message box to go away and that I don't give a hoot about the rules you're trying to put on my use of something you created.The EULA. It’s an interesting beast. On one hand, software makers have the right to say you cannot decompile their code and resell parts of it on your own. On the other hand, the rights granted to software makers and the limitations placed on end-users are often egregious, ludicrous, contradicting, and at the very least inscrutable.
Continue reading

Return of the Rum Runners

4 Aug

Liquor bottlesLast weekend Washington state just upped its liquor prices an average of 13% per bottle in a bid to help fill its 6 billion dollar budget gap. The estimated proceeds from the increase in liquor tax should cover about 1.3% of the budget shortfall. The problem is, I don’t think they will take in nearly as much as they have estimated.

It hasn’t even been a week and I’m already hearing several people talking about making booze runs down to Portland, Oregon. A casual web search reveals some insightful advice suggesting there is no peril in shuttling copious quantities of booze across state lines, but I remain dubious. However, with over 75% of the cost of a bottle now profits to the state, it will become harder for people to resist a little bit of sales and use tax evasion.

I hate to say it, but it will probably take a horse’s ass to spearhead an initiative to reduce state liquor taxes. It can’t be many more years before people start whining about the ever-increasing rates in general and I know someone will come riding in on their white horse to rescue the taxpayer’s hard-earned dollar once the general consensus agrees that the economy has sufficiently recovered.

Photo credit Thomas Hawk

Web Developers: Don’t Be Password Idiots

22 Jun

loginformAs a follow-up to my last post, here are a few tips to help keep you from driving your site users away with misguided password restrictions.

#1: Consider Context

Your tweets may be precious to you, but as a web developer, you should understand the differences between password security for Twitter and for online banking. Consider the monetary and legal damages that to both you and your customers if their account were compromised and plan accordingly.

Continue reading

Web Developers: Don't Be Username Idiots

18 Jun

Just a quick note to any developer, site owner, or project manager who is in charge of developing a user login system:

Don’t put unreasonable restrictions on usernames.

It is sensible to prevent people from creating names containing certain characters or names of extreme length. However, some sites go too far by requiring all user names be 7-12 characters in length. Other sites forbid user names that begin with numbers.

A more reasonable approach would be to allow user names from 3 to 16 characters, with a limited set of punctuation allowed, and the first letter cannot be whitespace.

Remember that user names are generally public information so you don’t need to apply the same protections you do to ensure strong passwords. Do the right thing and your users will thank you by not abandoning your account creation form.

10 Rules to Protect User Passwords

1 May

loginformMost programmers take a pragmatic approach to security and scale their efforts based on an estimate of the sensitivity of the data they are storing.

The unfortunate truth is that password security is frequently underestimated, making it easy for credentials to be sniffed or stolen.  Users often keep a very small collection of passwords, with many people memorizing a small collection and using them on almost every site and service they use. A password compromise on one site can lead to a compromise on many.

Continue reading