# Tuesday, 14 November 2006

Been having sort of an argument with a client recently.

The project in question is to make a desktop widget, thingamabob that will pull down information about the client's promotions and offerings so that the users can be kept up to date on the client's offerings.

The client also has BIG BIG plans for future expansions of the product, so it's not just a plain and simple RSS viewer.

So half a year ago, when this item was first inserted into the project proposal I already stepped in and informed the client that based on what they want, and planned to do int he future, the best way that we can go with was to use .Net to make the program. And they all agreed to using the .Net framework then.

6 months later and after some staff turn over, they're telling me a different story. And now they're asking us to use alternate methods, the main alternate method is of course to use Win32 to make it.

But ask any ISV who gets paid on a project basis if they'd commit to a 2 month deadline for a Win32 UI application and they'd probably tell you it's a crazy thing to suggest.

The results will be known today on how things go...

Tuesday, 14 November 2006 09:50:51 (Malay Peninsula Standard Time, UTC+08:00)  #    Comments [2]  | 
# Monday, 06 November 2006

Overheard from the head of a certain high education instituition to the lecturers who are teaching there.

"Now your annual review will be based on the passing rate of your students, cause if you're doing your job properly your students won't fail!"

Oh great.. just what we needed more lecturers who are afraid to flunk students who are not up to par!

Monday, 06 November 2006 23:16:26 (Malay Peninsula Standard Time, UTC+08:00)  #    Comments [1]  | 

Today I was going to login to the Citibank website to check out my credit card activity and I was told to create a username instead of using the credit card number to login. Cool I thought, at least I don't need to remember the credit card number when going in anymore. So I followed the steps to create a username and password.

So I punched in a username, then I entered the password using their virtual keyboard (to stop the spoofing attacks) and I pressed continue.. then I was greeted with the message the USERNAME you have chosen is not strong, please follow the security guidelines.

So I took a closer look at the fields to see what they mean by a strong USERNAME... then I noticed it's the SAME guideline for the password.. which are..

• 6 characters or more, with at least 1 alphabet and 1 number
• May contain the following special characters @, . and _
• Cannot contain 3 identical characters in a row (e.g. alpha111 or aaa125)
• Cannot contain 3 consecutive alphabets or numbers in a row (e.g. abc269 or alpha123)

Which just made me go... WHAT THE HELL? Instead of a simple username like weiminchanz and then followed by a complex password of l3t1tb3th3w4y I have to make a complex USERNAME as well?!?!? w31min8i8v7 don't they know if you make the user have to remember more complex stuff then they're gonna have more of a reason to stick it under their keyboard?

It seems that in their blur of thinking that complex=secure the people behind the design of the security system forgot WHY passwords get leaked in the first place. Which is mainly... people have bad memory!

Monday, 06 November 2006 22:20:34 (Malay Peninsula Standard Time, UTC+08:00)  #    Comments [0]  | 
# Thursday, 02 November 2006

So.. here I go again, I just got myself a Leatherman Squirt P4. Which like all other Leatherman tools is basically a pair of pliers.

And like all good multitools, the Squirt has a few other things tucked away in it's handles.

A knife, a file, the 2 types of screwdrivers, a small screwdriver and finally an awl (what the heck is an awl for anyway?) Now for you people who are familiar with multitools, you might be wondering why it seems like that there's only a few items on the thing.

Well, that's because the Squirt is a SMALL multitool, QUITE small and pocketable when closed.

It's just a little bit longer than a AA battery! This ensures that I can carry it with me all everywhere I got and ready for me to use when I need it!

Thursday, 02 November 2006 23:17:33 (Malay Peninsula Standard Time, UTC+08:00)  #    Comments [0]  | 
# Monday, 30 October 2006

There are certain times where the job as an ISV just makes you want to rip your hair out and strangle the customer for their inadequet understanding of their IT systems. And here's one of them.

So... we made this Flash heavy website for a client, and recently after we changed the content of one of the files, the client came back to us and said we hadn't perform our changes. Upon closer inspection we realized something... the client's proxy server was CACHING the Flash file, and upon seeing that the filename was the same decided that the file was unchanged and thus didn't load the new file from the server.

So we tell the client about this and.... they blame it on us!!! They say that we need to solve this problem cause they don't expect all their other users behind proxies to have to clear their proxies whenever there are file changes.

I have yet to take a close look at the server settings (the client is running a JSP server not a MS server) But if nothing can be done on the server side, then the problem is the proxy server and well... they're current still holding that there's nothing wrong with their proxy server.

Well I guess I understand why they'd say that, there is technically nothing wrong with their proxy server. I'd think that a typical proxy/cache server would classify Flash files as uncommonly updated files and thus would cache them down for a longer period if no ChangedDate was supplied to the server for a given file.

Problems problems...

Monday, 30 October 2006 22:43:24 (Malay Peninsula Standard Time, UTC+08:00)  #    Comments [2]  |