Being Mark Cohen

That title would get attention It also happens to be the name of a set of tools by Security Compass. Security Compass Exploit-Me tools are (currently) free Firefox Add-ons that you can use to test your sites for XSS and SQL injection vulnerabilities, as well as unauthorized resource access testing. I’ve started running them on some of our major traffic pages and thankfully they haven’t come up with anything. Well worth a look though, if you’re involved in web development – especially the SQL injection one if you use SQL Server, as there’s some serious
SQL
Injection going around now.

I’ve been on the lookout for a good photoblog package for a while. Tonight I found flogr. Flogr is a very clean implementation of a photoblog “web layer” using the Flickr API. The site is highly configurable, and there are a few canned themes available. This product is awesome. You can see my implementation using it out-the-box; I haven’t changed anything other than configuration options.

One thing to watch out for: The application accesses your photos as an anonymous user – so if you have restricted access to the originals then it can only see the next size up. You’ll know what I’m talking about if your photos look pixellated. To fix this you need to change the photos’ license option to “creative commons” – or probably uploading a bigger original and keeping all rights reserved would also work (didn’t try that yet). Now I’ll have to follow in @NickHodge’s footsteps and go Wordpress theme hunting to find something that matches my swish new photoblog

via TUAW – there’s a tutorial on cocoa dev central that walks you through building a Cocoa app. If you have a half an hour to spare and you’re a non-mac-developer like me, and you own a mac, have a look at

Cocoa Dev Central: Learn Cocoa. It’s a simple tutorial assuming no previous experience.

Notes from Yahoo UI session… References at the end

Some points raised around the proliferation of “because I can” programming – overuse of drag ‘n drop where a one-click could star, shortlist, etc

Principle: Keep a light footprint.

Posterchild is http://digg.com. One-click voting for items. Kevin Rose (founder) thinks that the one-click Ajax vote was key to Digg’s success. It removed usability pain points.

“Paradox of choice”: – The more choice you offer users withing a specific action, the less they like it.

“Design for Engagement”: Use invitations and feedback, treat it like impulse buying in the supermarket.

“Cross borders reluctantly”:

• “endless scrolling” – avoid paging.
• Hover details / “sneak peek” – users can preview in thumbnails on hovering so they dont have to click and leave the page.
• Inline assistance.
• Lightweight popups vs full window popups.
• Every page boundary you make the user cross is a “speedbump”.
• Rethink process flows.

Search results are a bad place for “endless scrolling” because you’ll kill your scalability.

Scrolling:

• Shortlist scrolling, image scrolling, scrolling within page “boxes” like divs works.
• Data the user “owns” like thier shortlists is better scrolled than paged.
• Direct selection like highlighting the selected rows works beter with non-paged (endless scrolling) and checkboxes work better with paged results. the user expects the system to remember wht they checked on previous paged (obviously )

Popups: Use in-context expands over popups (popups hide information)

“Prefer direct, lightweight, in-page interaction”

Principle: Give live feedback

• live suggustions
• autocomplete (ajax style)
• periodic refresh (ajax style, not meta refresh ).
• Busy Indicators – visual cue to inform user that something is happening
• “An ounce of preventive design is worth a pound of error-handling code” – I like that quote best
• Use live previews – only really relevant for highly interactive sites
• Use laws of proximity in providing feedback

Principle: Offer an invitation

• Patterns – hover invitation (tooltips / hover actions),
• tour invitation
• drop invitation (visually indicate drop zones etc)
• Keep actions out of it: The user must feel free to explore. Anything they do must be undoable easily. If a popup is shown, the close action must be as easy as the open was. Also don’t make actions happen that make the user feel out of control. Example “show big map” link that hides a lot of page content automatically if you hover on the link. Upsets the user.
• Speak to the brain: refers to the book “Mind Hacks” by Tom Stafford & Matt Webb, published by O’Reilly.
• Show transitions:
• Motion is useful for getting attention. Example – Flickr Zeitgeist. Movement makes people look at the widget, but they feel like they missed the action. makes them want to click to see what they missed.
• Motions are good for state changes – eg delete an item from a shortlist, it fades away
• Keep it sane – ie don’t overuse.

Principle: Think in objects

• Flickr – geotagging of photos. Basic OO principles carried through to UI design
• Think deeper interaction – Multivariate data, focus + context
• Embedded contextual infrmation and mashups

Key Principles for richness:

• Prefer direct
• Provide invitations beforehand,
• Think in objects and tie information to interactivity

References:

• Pattern Library: http://developer.yahoo.com/ypatterns
• Yahoo UI Library: http://developer.yahoo.com/yui/
• Yahoo Blog – http://yuiblog.com
• Bill Scott’s Blog: http://looksgoodworkswell.com
• This presentation: http://billwscott.com/share/presentations/2007/mix07/

I went to an interesting session on Windows Live today.  The most powerful thing they are going to be offering looks like the contacts component.  It will be possible to build integration into your website to leverage the Windows Live Messenger contacts that your users have.  This is basically the ability to add a social networking component to your application, using a pre-existing social network of many million of people as the foundation.  The service will be free for use on smaller sites, with fees kicking in at the million user mark.  Read about the new contact control here and the new contacts api here.  At 25 cents per UB per year, charges for a million user plus site will probably start at around $250,000 per million per year.

Match.com demonstrated the use of integrated live messaging, and the potential looks huge.  suddenly they bring the ability to IM people who are logged in to Windows Live Messenger from the website.  This means that people do not have to actually be on match.com to be messaged through the website.  I would gues that the effective online audience at any point would be grown by a factor of ten.  That’s a compelling business case in itself.

I haven’t found many sql tools for os/x, but I did find this one tool that is really useful. It’s a lot like the new sql server management studio, which totally rocks if you’re running xp or above. There is a free version, the SQL Express Management Studio that I use on my laptop.

When I’m in os/x though, I have been enjoying using Aqua Data Studio, which is also a free download and is available for windows as well. My favourite feature is that it has intellisense in the query window, something I’ve been waiting for Microsoft to do for years and years. It also allows me to manage all my databases from one tool, including mysql, ms sql, and a whole lot of other formats.

Note to self: Next time you need to do a bulk manipulation of many many gigabytes of images, before you launch off on a project to write a console app that uses GDI+ and does all cool but essentially unnecessary stuff, have a chat with the Unix boys first.  In fact any time you need to do something in a bulk / batch / scripted manner it’s worth talking to them first.

If I had followed my own advice I would have seen ImageMagick has a build for Windows and ships with a good tool for compressing JPEG and other formats, from the command line.  there’s a convert command and a mogrify command.  Mogrify overwrites the source file (ie changes it), compress will output to another file.  Brilliant.  Also released under the GPL.  If you have a website with a wealth of uploaded images and you want to save some space, consider running this over your old images.  Quality at 75% looks good, and the space savings are huge. 

I sat down and thought about what I’d done with my team over the last year, and it really did stack up.

Some of the key things we did were: 

• Established a more scalable architecture
• Introduced more effective use of css and table-less layouts 
• Introduced nUnit 
• Threw out SourceSafe and moved everything over to Subversion, eliminating checkouts blocking work and allowing a more structured branching release process. 
• Introduced some key Agile development ideas like continuous integration, user stories, code reviews and more 
• Moved towards Scrum as a management technique 
• Eliminated the old 1.0 and 1.1 framework bits and pieces and rolled out our first asp.net 2.0 systems. 
• Eliminated Crystal Reports (hurray!) 
• Brought in the use of more .net goodies like caching, master pages, section handlers and more 
• Introduced and rolled out the concepts of syndication and extensibility 
• Extended the dev team with some really good new people and grew with some really good old people  
• Shifted our culture towards being more inquisitive, more technically aware, and learning more of how to be creative (my personal favourites are no 9 and 29) 
• Extended the concept of offline processing for asynchronous tasks based on a simplification of a design I’ll admit to having pilfered from Seth

We didn’t acheive all that I would liked to have acheived, but all in all I would say that the team is operating a league above where we started out this time last year and I would call our efforts very successful.  And worth it

Google Labs showed coders that they do like us still, yesterday.  They rolled out Google Code Search, which is an impressive vertical search tool focused on publically accessible source code.  The search uses regular expressions (POSIX Extended) and the advanced search allows you to filter by license, by language. and more.

This search engine also indexes cvs and subversion repositories so if you have a web-accessible commercial svn repository you may want to review your security and block the crawler :P

Google have made the search results available via GData/XML feeds and are hoping for the developer communities to build tools to leverage it, such as IDE add-ins.

I want to be able to maintain lookup tables in databases purely for reporting and similar applications.  I like enums in code instead of retrieving lookup data as they’re integer comparisons, they eliminate the database hit, and they are far more legible.  Here’s how to get the data you need to populate lists, dropdowns etc based on enums.

I declared a sample Titles enum just to test with:

    public enum Titles
    {
        Mr = 1,
        Mrs = 2,
        Dr = 3,
        Hon = 4,
        Miss = 5,
        Master = 6
    }

I then get the type of the enum, and then do a foreach loop to get all the values available.  Enum.GetValues retrieves all the values in the enum.  The behaviour of ToString and ToInt mean that it is possible to populate combos straight off of enums. 

     class Program
    {
       static void Main(string[] args)
        {
            Enumerate();
        }�br />         private static void Enumerate()
        {
            Type title = typeof(Titles);
            foreach (Titles item in Enum.GetValues(title))
            {
                Console.WriteLine(String.Format (”Title number {0} is \”{1}\”",
                    Convert.ToInt16(item), item.ToString()));
            }
            Console.ReadKey();
        }
    }