Skip to content

Blog

Bad web application design

I’ve recently come across probably the worst web application I have possibly ever seen. I’ll keep the application anonymous for now, partly because it’s on accessible via an intranet, and because it’s literally peppered with security holes.

The interface is awful and looks like it’s just come out of the early 90s era of web design, with tables with those terrible pseudo-3D table look (you know, the default style that tables look like?). The login page also extremely rudely finds it acceptable to resize your browser window for you to the maximum possible size and due to the browser configuration on this local network, I’m unable to stop it from doing so.

It violates every single usability guideline for the web I’ve ever found, making the common mistake of navigating when a combo box’s selected index changes (not when a button is clicked, how it should be) and therefore making it very difficult to make the application accessible and providing no user feedback after submitting forms.

But worst of all, there appears to be no validation on returning data from this application. So if you look across at someone else’s screen and take their ID from the location bar, you can view (oh, and edit too!) their data. It’s also potentially vulnerable to SQL injection (although I believe it uses an Access database, so I’m not sure).

Please – don’t make these mistakes when you’re developing, whatever technology you’re using. Have a bit of experience before you get something rolled out. Please, for my sake. I hate manually resizing my window all the time.

Megaphone page is up!

Megaphone is now officially a project.

Why?

It has its own special page on my site.

Get visiting!

Lots of news…

Sorry for the lack of postings here for a couple of days, I’ve been busy with lots of stuff.

First of all, I’ve implemented a new download system on this site. Any stuff you download through /files goes through this new system. The new system helps me track and monitor downloads and make sure everything is going just great in regards to bandwidth/downloads.

The consequence of this new system means that every time you download a file from /files, the following information will be recorded:

  • Your IP address
  • Your browser’s identification
  • The time you made the download request
  • Which file you downloaded

Note that this is no more information than my server logs would tell me anyway, so it’s not really a privacy issue. However, if you do feel uneasy about that, don’t download files from this site. The purpose of storing this information, as I said, is for me to easily track what’s being downloaded so I can optimise the site and to make sure one person doesn’t abuse the download service for everyone else.

There are a couple of issues still unresolved with the new download engine, mainly concerning the WPGet old archives, but I’m addressing them and the archives will be back up pretty soon.

Second up, it’s Megaphone news. I’ve been working on it again, and we’re making good progress. I can’t give another source dump as there’s some ported stuff from other projects that is too messy and useless to open, so once I’ve been through and optimised that and of course, done a bit more, there’ll be a new release.

Also, I’ve been busy blogging at Gizbuzz and FOSSwire (both part of the Oratos Media network). I do hope you’re subscribed to them and of course all the other Oratos blogs and podcasts!

Flash Player 9 Beta 2 for Linux

It’s here. I’m going to test it out shortly, but Flash Player 9 Beta 2 for Linux is here according to Adobe.

Download it.

Mammoth review of Mandriva Free 2007 – read!

I’ve just finished a mammoth sized review of Mandriva Free 2007.

Get reading!

Linux includes Microsoft patented stuff? Whatever you say, Sir Ballmer…

Steve Ballmer says:

“The fact that that product [Linux as an OS] uses our patented intellectual property is a problem for our shareholders. We spend $7 billion a year on R&D, our shareholders expect us to protect or license or get economic benefit from our patented innovations. So how do we somehow get the appropriate economic return for our patented innovation, and how do we do interoperability. The truth is, because of the complex licensing around the GPL, we actually didn’t want to do one without the other.”

I say:

Face it, Mr Steve. You’ve sold out and had to finally not only admit Linux is here to stay, but you had to do something about it. And go on, prove that FOSS violates your patents – give me some real evidence and I might be convinced.

Greed is a nasty human tendency, isn’t it?

UPDATE: It seems Ballmer really is off his rocker not in agreement with Novell on this, as this open letter from Novell tells us. I am slightly reassured.

Megaphone pre-release source code is here

As of right now, I’m announcing the immediate availability of the Megaphone source code in it’s current form.

Shortly, I’ll set up a project page on my site to house it, but for now, this blog post is the definitive source of information.

Please be aware – this is a development release. It will eat your computer up without warning, and will contain more bugs than Internet Explorer 6 – erm, I mean, an ant hill.

Do not run this on any production machines at all – just don’t, it’s only for testing and playing around with. Currently it doesn’t really do very much that other software doesn’t already, but I have to start somewhere don’t I? ;)

Download .tar.bz2

Download .zip

It’s only been tested with PHP 5.x on Linux, but in theory should work with other configurations.

Installation instructions:

  • Download and extract.
  • Make sure you have PHP, MySQL and Apache’s mod_rewrite enabled.
  • Create a blank database.
  • Create the table skeleton as per the dbskeleton.sql file
  • Add your DB details to system/config.php
  • Create a random string of characters for the salt in system/system.php
  • Create a user by inserting a row into megaphone_users (password needs to be a SHA1 hash of the salt followed by the password)
  • Tweak the .htaccess files in both directories until they work for you
  • Login and enjoy the ugly interface (we have a designer on board though, never fear!)

As you can tell, the nice installation procedure hasn’t even been started yet. :)

Enjoy.

BoxCheck for Firefox 2.0

If anyone wants to use BoxCheck (a Firefox extension that allows you to shift-click to select multiple tick boxes on web forms) on Firefox 2.0, I’ve updated it to make it compatible.

Note that this is hacked – all I’ve done is change the supported versions in the script to work with 2.0. It works for me, but if it eats your Firefox, don’t come complaining (execute FF with -safe-mode to remove it if it kills it).

You will have to add me to the list of allowed sites to install software, but don’t worry, it’s pure BoxCheck just with a hacked install file (you can verify for yourself, just Save Target As the .xpi, rename to .zip and explore it).


Tutorial on how to hack your favourite FF 1.5.x extensions to work with FF 2.0 coming soon.

Microsoft Firefox (spoof)

Thank goodness this is a spoof. I was scared there for a moment.

It’s a spoof people (under heavy traffic too at the moment, be patient).

Royale Noir – Windows XP in black without hacking system files

Fortysomething.ca have a slightly different than normal Windows XP theme – Royale Noir.

UPDATE: Please note that the freely available Zune theme is very similar (and feels a lot more finished than this theme.

Royale Noir on Windows XP

It’s not perfect – some bits like the scrollbars are still standard blue Royale, but it makes a change for those becoming-dangerously-rare times when I’m in Windows (without hacking uxtheme.dll).

And the reason you don’t have to hack that file is because this is an official signed theme by Microsoft – albeit one they hadn’t finished and didn’t intend to publish.

Yes, I’m slow to this. I saw it on Digg about a week ago and I downloaded it, unrared it and put it on my shared partition, but didn’t get round to actually installing it in Windows until now. 7-Zip will unrar it for you, don’t get WinRAR, it’s arguably evil (I shouldn’t have to pay to decompress files, it’s just ridiculous).