Give an option to enter a password in clear text

Password fields are masked for privacy reasons. So no one can see your password and use it. When was the last time I had such a concern? NEVER! Whether at home or at work, there’s no one behind me looking at my monitor. But passwords are always masked? I suggest adding a check box next to the password as an option for making the password in clear text. I am always for giving options to the user. When I can see the password, I can correct a misspelled password before submitting it.  It’s annoying to be denied a log in or get a captcha or be locked out from a system because you entered the wrong password a few times when you could have easily confirmed your entry before submission.

separator

Don’t force web users to enter data in a certain format

For certain fields in a form, don’t force users to enter the data in a certain format. Let the user enter their phone number in the fashion they are comfortable with. (555)555-1234, 5555551234, 555-555-1234 & 555 555 1234 should all be valid phone numbers. In your code, extract the digits and validate. Display an error message only if you don’t get 10 digits for US numbers. Remember that other countries do not have the same US format. Better, do no validate the phone number unless the number is really needed. Personally I do not like to give my number away and I enter 555-555-5555 if it’s a required field. I would put my real phone number if they have a valid real reason. I see this often for trial software downloads. I don’t want a sales guy calling me. Use email if you want to contact me. I will buy the product if I need it, not because of a sales pitch.

Domain name or url field is another example where I see “don’t add http://” or “don’t add the www” instructions next to the field. The user should be able to enter a domain name and the programmer should be able to write a few lines of code to strip these off. Don’t move the burden to the user when a computer can happily do this work in a fraction of a second.

You can use a mask edit field which helps users enter the data correctly. Use this judicially. Some users do not like or understand why a keystroke is not responding.

Last, trim the fields from white spaces. There were numerous times when I get a password by email, copy it and enter it in a password field and see the login fail. Why? Because the copy copied an extra space  after the password and the system didn’t match the password because of the extra space. I didn’t see the space because the password field is masked as *******. So always trim the input before doing a match or compare. Passwords are one words so there’s no reason to suspect any spaces for errors.

separator

How I built a very fast development PC running Windows & Visual Studio 2010 for under $1200

 

Being fast and multitasking on a PC, a slow computer which can't keep up with me is a big productivity drain for me. Hundreds of times of milliseconds or seconds of wait time a day add up quickly to a big waste of time. A compile time of 30 seconds for example, will cause me to context switch to do something else like reading an article or surf the web... which will take more than the 30 seconds which I didn't want to wait for initially, and this means even more time spent unproductively.

A few months ago I took upon myself to upgrade my computer to make it very fast. First by upgrading the hardware and then by doing all kinds of operating system and software optimizations and tweaks to make the PC run as fast as possible.

This is what I did to get my computer running very fast. This is not an exhaustive list but are major steps one could or should follow. As a .NET developer, my goal was to make Visual Studio environment work super fast because it’s the tool I spend the most time with:

Note: I built two computers; one development machine and one server. So cost was a big factor without compromising quality. Unlike some people who go for the most expensive high end part, I go for the sweet spot in performance/cost.

HARDWARE:

  • If you have only one choice to upgrade, that would be memory. More memory.. more memory and add as much as you can. Windows, SQL server and Visual Studio LOVE memory. To minimize memory paging, disk thrashing & page file usage and maximum caching, there should be lots of memory around. I also using DISK RAM which uses part of physical memory. I went with the maximum my motherboard allows. So I went with 16GB DDR3 1600Mhz. Amazon Komputerbay has the best prices. or go for better known brands.
  • I decided to get AMD Phenom II X6 1090T Black Edition Thuban 3.2GHz 6 core. At $255.99, as of today at NewEgg, it's a great performance/value. While Intel's 6 core offerings are faster, they're a lot more expensive. The Intel Core i7-980X Extreme Edition is 4 times as expensive as the 1090T but it's not 4 times better. Not 3 times better.
  • For the motherboard, I only like ones from Asus or GigaByte. My criteria was to get one, which supports the AMD CPU, has lots of USB & SATA ports and at least one PCI slot to support my telephony card.  I don't care about overclocking but the motherboards I got had nice automatic overclocking features.  My experience with overclocking is not good. The system gets unstable. 3.2GHz is plenty enough and let the CPU run at its nominal settings.
  • I didn't upgrade my two port graphics card. I am not a gamer and the gfx card I have is powerful enough for the few games I play and certainly works for development purposes. If you go with a high end gfx card, make sure it doesn't give out too much heat. You don't want to end up with a room heater! Some of these high end gfx cards are overclocked cheaper same model ones.
  • The real bottleneck in a computer is I/O. , which is mainly the hard drive. I am not buying any more hard drives except for backup purposes. SSD's (solid state drives) are the future. I am predicting the hard drive to be obsolete in a few years. An SSD is much faster, smaller, uses much less power and is silent. However, they are more expensive per gigabyte. Prices are going down all the time with more brands coming out. I opted for the 160GB Intel X25-M. It gets good reviews.  Make sure the one you get is G2 (generation two) or better which supports TRIM. SSD technology is improving fast so do your research first. You might find better SSD's now than the Intel. Maybe from OCZ? See my own benchmark stats, which show an SSD is much faster than a typical hard drive. The benchmarks below show the very big difference between SSD’s and hard drives in terms of transfer rates and access times. 0.1 ms vs. 14 ms access time means the SSD is 140 times faster than a hard drive in finding a file.

SSD_vs_HD

  • The last 3 points are not performance related but worth mentioning when building a fast computer. Get a good quality power supply with a quiet fan and with enough power (500w or more). A large radius fan moves more air with fewer rpm's. There are also some fanless power supplies, but I don't believe they work well in a warm area.
  • A CPU with heavy load could produce a load of heat. I opted for a water based CPU cooler because water is a better heat conductor than air and the fan doesn't have to spin fast, equals less noise and longer life.
  • I am very picky about computer noise. It has to be very low. Usually getting powerful components means getting components with fast spinning noisy fans. I have my computer is closed closet in my office room. This masks out most of the noise. Most of the noise right now is coming from the hard drives. Eventually, these drives will be gone, and only SSDs will be used, thus cutting out most of the noise. Right now large capacity SSDs are very expensive.

 

SOFTWARE & TWEAKS:

  • If your computer has more than 4GB memory (8GB should be the minimum) there's no choice but using  64bit Windows. Windows 7 64bit. No sense using XP 64bit, which is pretty old. Windows 7 has some good enhanced caching & prefetching mechanisms than earlier versions of Windows.
  • Use the AHCI driver. Before installing Windows, switch the BIOS to use AHCI for SATA. You can also switch to AHCI post Windows installation. My benchmark testing indicated better SSD performance when AHCI was enabled before Windows installation. The AMD AHCI driver which I installed later doesn't seem to support the TRIM function necessary for the SSD so I rolled back to Microsoft's (msahci.sys). Make sure your motherboard's chipset supports it.
  • Storage access is the slowest computer operation. If disk access is as fast as possible, you will notice dramatic improvement. SSD can make this happen. I went even further by incorporating a RAM DISK. A RAM DISK is a portion of computer physical memory which behaves very much like a physical drive. It has a drive letter like a real drive. With 16GM memory, a ram drive would work very well without memory constraints. I used a RAM DISK 64bit version from this site. It has nice features like loading and saving the ram disk between reboots and dynamic adjustment of size. If you use a ram disk with persistent storage between reboots, make sure the drive doesn't get filled with orphaned files over time.
  • Create subfolders in the ram drive for all the temporary files. I have one subfolder for Windows temp files and another one for ASP.NET temporary files. Visual Studio 2010 gives a very non informative non related error message when ASP.NET temporary files where written to the root folder of the ram drive. The files need to go to a subfolder instead. 
  • Change the system's temporary files’ location to a subfolder in the ram drive. Go to Computer->properties->advanced computer settings->Environment variables- and change the user and system Temp & TMP locations to the subfolder.
  • Visual Studio writes and deletes lots of files in the ASP.NET Temporary folder when running and compiling ASP.NET apps. By default the location is at  C:\WINDOWS\Microsoft.NET\Framework\vxxxx\Temporary ASP.NET Files where xxxx is the framework version number. You want these files to go in the ram drive. As explained above, it only works if inside a subfolder and not the root folder. Go to each machine.config file and add this section under <system.web>. Mine looks like this: <compilation tempDirectory="T:\ASPTemp"/> where T is my ram drive.
  • Heavy writes to an SSD will shorten its life. While it doesn't have mechanical parts, an SSD has a finite number of writes in its Flash cells before they go bad. Another reason for using a ram drive is to offload the frequent writes and deletes of temporary files from the SSD to RAM. You get better performance plus extending the life of the SSD.
  • When using an SSD, NEVER use disk defragmentation. Defragmentation causes a ton of writes and deletes to an SSD. A bad idea. Furthermore, turn off the indexing service and prefetching service. The access time in an SSD is very short compared with a hard drive. See the stats in the images above.
  • Turn off all services which you don't need ever but be careful here because it can be tricky. For example, you don't have a printer attached to your computer so you decide to turn off the printer spooler service. This actually could cause problems for some software like some pdf printer drivers. If you have lots of ram, to be on the safe side, leave the services as is.
  • There are some discussions about misaligned partitions, which degrade disk performance. Read a quick guide about this issue. Read also about where this issue can cost hundreds of thousands of dollars. My hard drives had alignment issues. See the 8032 BAD in the image above. 8032 is not divisible by 1024. I used the Partition Alignment Tool from Paragon Software.  I am bringing up this issue just as an FYI. Others might benefit from it. Note that Windows XP installations caused this misaligned partitions because it created the reserved boot sector and Windows installed itself starting from an odd sector. Windows 7 doesn't suffer from this. You can see from the SSD stat above it says 103424 OK (Win7 reserved a 100M partition before the boot partition). Make sure you back up your drive whenever you use software which changes the drive's structure.
    The benchmark below shows the stats for the same Maxtor drive after fixing the alignment. Instead of improved performance, the scores actually decreased! I am not sure what to make of this. AS SSD shows the alignment setting. Notice the  tooltip in the SSD figure above. If it’s a green ‘OK’, the alignment is fine. If it’s a red ‘BAD’, it’s not.

    ssd after offset fix maxtor

 

  • The Intel SSD comes with a Toolbox software which optimizes the SSD. Either use it manually at good intervals or schedule it to do the work automatically. Use the Toolbox to check the health of the SSD. I don't want to be surprised by its sudden death because I ignored its health. SSD's are new to me.
  • Leave some free space on the SSD like 10%. I don't know the inner workings of an SSD but I think the SSD tries to use the cells from the free space when it detects used cells almost dying. I know an SSD comes with extra cells for this feature but if those extra ones are used up, i am guessing it will use the ones from the free space. I do know the Intel X25-E (not X25-M) SSDs are more reliable and have extra backup cells. One reason they cost more.
  • With 16GB memory I thought I didn't need a Windows page file anymore but according to some people, Windows 7 still uses it even if there's lots of free memory. I guess this is due to some legacy code in Windows.
  • I have used many small tweaks here and there to squeeze out more performance. Spend your money on more memory instead of doing marginal upgrades like replacing a 2.6 GHz CPU with a 3.2Ghz. You will probably not see much improvement. 16GB enables me to open 3 instances of Visual Studio which do their work very fast. I could even put the databases in the ram drive and have the queries run extremely fast. (I don't worry about database data loss in a development machine).
  • Finally, Tweak and experiment and learn how your system behaves.
separator

Local vs. global variables in JavaScript. An example of a subtle bug.

Developers know the difference between a local and a global variable. The definition is mostly the same in the programming languages. In some languages expected behavior actually do not happen.

Here’s an example in JavaScript:

   1: var a = 123;
   2: function foo()
   3: {
   4:   alert(a);
   5:   var a = 890;
   6:   alert(a);
   7: }
   8:  
   9: foo();

 

A lot of developers expect the first alert to display 123 and the second to display 890. Actually the first alert displays undefined. That’s because the local scope of the variable ‘a’ takes precedence over the global one in the function even if its first use appears before its declaration.

For this reason and for better code clarity, it’s best to name all global variables differently than all local ones.

You can test this at http://jsbin.com/odofu3/edit.

separator

On Microsoft embracing HTML5 instead of Silverlight

There are lots of posts these days about Microsoft embracing HTML5 over Silverlight. One prominent post is from Mary-Jo Foley. She follows Microsoft closely.


About two months ago, I made a personal decision not to pursue learning and developing in Silverlight and concentrate my efforts in improving my current skills in JavaScript, jQuery, CSS, HTML(5) and other related technologies. What I am hearing today validates my decision.

The areas where I find Silverlight being most useful are in:

  • Windows Phone 7 applications
  • Video playing and streaming
  • Higher end games
  • Heavy data entry Internal Line of Business applications (LOB) replacing legacy WinForm Apps or new apps in favor of WPF. #1 is the most important one.

 

I have yet to see LOB applications in the web projects I have worked on which couldn't be satisfied with the use of AJAX and optimized web services to give them the feel of a desktop application.I have seen some cool UI effects in some public web pages. When I see some of these, I expecting Flash or Silverlight behind the scenes. When I right-mouse click, to my surprise, I notice the page is not using Flash or Silverlight. Web developers are getting more creative and pushing the envelope on what web standards and browsers without plugins can do.

I believe when Internet Explorer 9 is released and being adapted by most IE users, there will be a big transformation in what a web page can do. Web development will be more fun to create and use.
Apple with its blocking of Flash and Silverlight in its devices is a major force in getting developers abandon proprietary standards in favor of open ones.

When you're developing an application or service to meet the public demands, you should follow what users are using instead of going after a technology you have a personal interest in. A basic technology, which works for most users, is better than some eye candy which doesn't last long. An app made for tens of millions of users is better than a few thousand. Follow the money.

separator

Use your own domain name for your RSS feed address

This is a little tip where if you're using an external web feed management provider like Feedburner for your blog feed, your feed url looks more professional if it uses your own domain name instead of a third party domain name.

I use FeedBurner so in my case, instead of feeds.feedburner.com/onwebusability, it's at feeds.examinemysite.com/onwebusability . There's no cost in doing this. Hopefully your web host gives you access to your dns entries. If not, have them do it for you manually.

In addition, the benefit of using your own domain name is having more control. If for example Feedburner goes down for days or goes out of business, you will not lose your subscribers. You just make a quick dns change and redirect the subscribers to another feed location such as the blog's own feed.

I followed these instructions to make the necessary changes at my host and at Feedburner. Good luck.

separator

An anti comment spam bot technique without using captchas or extra user input

Yesterday I was using a support forum to post some messages and one of the antispam measures they had was the usual reCaptcha AND another text field to enter the two words next to that field. This means I have to enter 4 words for every post. I don't understand why the need for the second field. The forum is not popular at all with just a few posts belonging to the company's customers. While the forum is public, it's meant for the customers only. Are they getting hit so much by spam bots that the bots cracked reCaptcha and they had to use another field? Highly unlikely. This is adding extra friction to the user. It's enough I have to keep refreshing the reCaptcha to get two legible words.

Here's an idea for an anti spam bot measure without using any captchas and without adding any extra work for the user:

First I want to say I don't take any credits for this idea. I read it somewhere long time ago and always wondered how many sites use it knowing reCaptcha and other captchas are so ubiquitous these days. (Unless the sites use both methods.. and more. Good for them). Technically a spam bot, ignoring the sophisticated ones which hopefully are rare, is pretty dumb. A spam bot is an automated script or program which goes to web sites, follows all the links looking for pages which contain forms. Once it finds one, it fills all the form fields. It also specially takes note of text area type of fields. The gold nugget. That's usually the form post or comment which the bot wants to use to unload its message with the spammy urls. The urls which they hope the user clicks on or just for the sake of upping their page ranks (An SEO practice).

Now you can take advantage of the fact that they blindly fill ALL the form fields. The counter measure is that you hide one of the fields, an extra field which has no use to the user. Visually hide it through css or JavaScript as in giving it a "display: none" for example. A dumb bot doesn't know it's hidden and it fills it with data as usual. In your code, you test for that field. If it's not empty, you know the field was filled by a spam bot. If it's empty, you know a human posted the form because they can't see that field.

Even if the form was submitted by a bot, play the innocent and let the form submit successfully and send out a Thank You message without any errors. In the backend, send the form's contents to a black hole! :)

separator

Make areas in webpage clickable only when they serve a specific purpose

Clickable areas or sections in a web page should be confined in their exposed area. This limits the user from accidently clicking on a part of a page they did not intend to. One example which suffers from this is Hotmail.

hotmail

 

Once a while I have a bunch of emails I want to delete. So I go clicking rapidly on each message’s checkbox to mark them for deletion. On one click, I accidently click a few pixels away from the checkbox. Hotmail unselects all the checkboxes and opens the message which I clicked on. That wasn’t my intention. Then I have to go back and select those messages again. Not user friendly and quite annoying when it happens.

There’s no reason to have the checkbox area part of the selected message row. Most users will click on the message’s title or less often on the author. Highly unlikely clicking somewhere very close to the checkbox.

 

Limit where users can click if close areas do different actions.

separator

Use descriptive file names for downloadable files

Over the years, I have downloaded thousands of files, mostly software. Freeware, shareware and commercial. Most of the time I have to rename the download to a more descriptive filename. A file name  like setup.msi is really a bad naming choice. A setup file for which software? I am not going to remember the purpose of that download after 2 days. Or what if another vendor also renamed their download setup.msi? All my downloads go into the same folder. The other naming problem is the 8 characters or fewer names. Is anyone still using Windows earlier than Windows 95? All operating systems support long filenames. Use long file names to your advantage. For the longest time, Adobe’s Acrobat reader was named something like adb_rdr.exe!

 

File names should be descriptive enough to not exhibit any ambiguity.

 

My perfect naming convention example: Adobe Acrobat v8.0.3 build 2009 trial 64bit.msi.

Include the company name, the software title, the full version number, whether it’s a trial version and whether it’s a 32bit or 64bit version. A year later when I look at the file name, I know exactly what the file is.

Sometimes I even add an important  note or comment to the filename if I really need to remember it.

separator

Podcasts should have release date announced at the beginning

Just like blogs, podcasts should  have their release date announced at the beginning of the podcast so listeners can know a podcast’s age. Is it a day old, a week old , a year old …?

If I plan to save a podcast on a computer,  I could include the date in the file name and when I come back to it I know how old it is before I listen to it.

separator