January 2008 - Posts

Don't surprise the user
Monday, January 28, 2008 11:18 PM
copier

You are probably getting ready to hear about some error dialog or weird setting in an application but not this time - it was a photocopier!  I was copying some printouts for a meeting and discovered midway through the job that the paper tray had fancy paper in it that I shouldn't be using.  Not a problem, right?  Just hit the "Cancel Job" button ...


Are you sure that you want to cancel this job?

CONTINUE      EXIT

I was stumped.  Does that mean "continue" to cancel the job or should I "exit" the job?  After ten seconds careful thought, I pressed "continue" and my print job continued printing! Not exactly what I expected. :)

 

Jonathan Cogley is the CEO and founder of Thycotic Software, a .NET consulting company and ISV in Washington DC.  Our product, Secret Server is a enterprise password manager system for teams to secure their passwords.  Is your team still storing passwords in Excel?

by thycotic | 1 comment(s)
Filed under: , ,
Cleaning the BlackBerry 8820 track ball
Monday, January 28, 2008 12:27 AM

I love my 8820 ... I have had it for about a year and it replaced my 8700 which I also loved.  I was a little skeptical when I first got the 8820 because the beloved thumb wheel was gone and replaced by a track ball in the middle of the phone.  But it didn't take long before I was happily scrolling around the screen enjoyed the improved 4-way motion. :)

Then one day moving to the left suddenly stopped working.  I could move the track ball to the left but it didn't move on screen.  I tried a few things and finally removed the battery and restarted - this seemed to do the trick and everything started working again.

Then last week the same thing happened but this time I couldn't move down.  I tried taking out the battery but it still wouldn't move.  Surprisingly I couldn't find any key on the keyboard that would substitute as "down" so that I could still use the device (this was surprising since the BlackBerry always seems to have great keyboard shortcut keys for most stuff).

I found this very useful post which suggested that dirt on the interfaces of the track ball was the likely culprit.

I decided to undertake the procedure and here are my pictures which may help if you are experiencing the same problem. (be sure to try taking the battery out and restarting before attempting to clean the track ball as that is an easier fix!).  Disclaimer: These instructions are based on my experience and anything you do to your phone is at your own risk.

bb8820-1

 

1. Turn off your phone and remove the battery.  Take a small screwdriver and pry it under the silver ring around the track ball at the bottom.  Gently apply pressure until the ring pops up.

 

 

 

 

 

 

bb8820-2

 

2. Carefully push up on the ring until it pops off.

 

 

 

 

 

 

bb8820-3

 

3. The ring has 3 plastic clips underneath - remember that the side with no connector matches the top side when put back on the BlackBerry.

 

 

 

 

 

 

bb8820-6

 

4. Get some rubbing alcohol and an ear bud - needed to clean the connectors.

 

 

 

 

 

 

bb8820-4

 

5. Looking underneath the track ball you will see the metallic connector below.  This should be cleaned gently using the ear bud and rubbing alcohol.  I also rotated the track ball around rubbing it with the rubbing alcohol.

 

 

 

 

 

 

bb8820-5

 

6. Clean the gold color area under the track ball using the ear bud and rubbing alcohol.

 

 

 

 

 

 

 

 

 

7. Reposition the track ball with the vertical part of the metal connector pointing up.  Press the silver ring back over the track ball putting the side with no plastic connector at the top.

You can put your battery back into your phone and power it up.  The track ball should work correctly now - mine did!

 

 

Jonathan Cogley is the CEO and founder of Thycotic Software, a .NET consulting company and ISV in Washington DC.  Our product, Secret Server is a enterprise password manager system for teams to secure their passwords.  Is your team still storing passwords in Excel?

by thycotic | 4 comment(s)
Filed under:
Speaking on Refactoring at RockNUG in March
Friday, January 25, 2008 8:37 AM

I will be presenting on Refactoring in C# at the Rockville .NET User Group (RockNUG) on March 12th 2008 at 6:30pm.

Refactoring in C# - Bad code to better code
What could be more fun on a Wednesday evening than critiquing some bad code and making it better? :) Come along to learn how to clean code like the Thycotic team. What do we look for? How do we take small steps to keep it working? What tips and tricks make it easier? This session will be code, code and more code (and a few unit tests of course!).

I always like Refactoring sessions because they give great opportunities for discussion about coding practices and also get lots of different opinions on how to improve the code.  I will be using Visual Studio 2005 and Resharper 3.0.

 

Jonathan Cogley is the CEO and founder of Thycotic Software, a .NET consulting company and ISV in Washington DC.  Our product, Secret Server is a enterprise password manager system for teams to secure their passwords.  Is your team still storing passwords in Excel?

by thycotic | with no comments
Filed under: , , , ,
Bad password requirements
Thursday, January 24, 2008 9:02 AM

This morning I signed up with a major credit card company website.  Much to my surprise I was greeted with this requirement while choosing a password:

Your Password should contain 6 to 8 characters . at least one letter and one number (not case sensitive), contain no spaces or special characters (e.g. &, >, *, $, @) and be different from your User ID.

Let's review these limitations:

  • 6-8 characters - Requiring a minimum of 6 seems reasonable but still not very strong.  Capping the length at 8 seems strange since this is still not very strong and why would you want to prevent someone from using a longer (and probably stronger) password?  Unless your database field or legacy systems only support 8 characters ...  Does that really mean they are going to store this password in clear text?  Maybe they use some sort of arcane encryption or hashing (hopefully) algorithm that limits the digest size to 8 characters.  Still seems unlikely.
  • At least one letter and one number - This seems like a smart option to force different character sets and improve the password strength.
  • (not case sensitive) - What?!  This reduces the size of the alphabetical character set by half.  This also throws into question whether they are really hashing this password - are there hash algorithms that ignore case?  This requirement makes no sense and definitely feels like a requirement for a legacy system.
  • No spaces - This is a shame since a non-written character like a space can be a great security mechanism especially when at the start or end of a password since it is invisible if the password is ever written down.
  • No ... special characters - Why would you explicitly prevent the use of another character set that can greatly improve the strength of the password?  Again this feels like a legacy requirement.

How strong is this password that they are forcing you to use?  I took a look through LockDown's Numbers and you can easily see how the number of possible combinations for this password is limited by the lack of character sets and case sensitivity.

I am really glad that I used an auto-generated password for this account. :)

Are you hashing and salting passwords in your applications or do you also have bad password requirements?

 

Jonathan Cogley is the CEO and founder of Thycotic Software, a .NET consulting company and ISV in Washington DC.  Our product, Secret Server is a enterprise password manager system for teams to secure their passwords.  Is your team still storing passwords in Excel?

by thycotic | 8 comment(s)
Filed under: , ,
More Posts