Isn’t it about time to ditch the “Confirm Email” field in forms? Really I don’t see any point to them any more, I suspect they only exist because that’s the way these forms have always been done.

What’s wrong with re-entering my address?

Well for one it doesn’t prevent the problem, if I’ve mistyped my address once chances are that I’ll do it again. Ok checking that both values match will reduce the chances that I mistype my email address incorrectly the same way more than once, but it doesn’t actually prevent it from happening and as most of the time I’m typing on ‘auto-pilot’ with my fingers following paths I’ve drilled into them over and over again I’d argue I’m actually more likely to re-enter the same value anyway.

It’s rude and assumes I’m not to be trusted

Making me repeat myself implies that the form doesn’t trust me to get it right first time. Now I know we’re taught to distrust all user input, but I think this takes things a bit far. I accept that the main reason this approach still exists today is error prevention but if that’s the case though shouldn’t there also be a “Confirm Name” field, after all I’m quite likely to get annoyed if communications get my name wrong and I’m just as likely to type that incorrectly.

How do I approach the form when I encounter them?

My usual approach, when I encounter confirm email fields in forms, is CTRL+A, CTRL+C, TAB and then CTRL+V, it is much quicker than typing the whole email address again. So disabling copy & paste really irritates me!

Of course that approach assumes I’ve typed my email address correctly the first time, but a) I’m pretty good at typing my email address and b) when I do make mistakes I will correct them. If it is really important that my email address is right, such as for confirmation that an online payment has happened then you can bet I’m going to double and triple check that address myself! When getting my email address right is important I will pay attention but so often my email address is needed just to fill in a form that there really isn’t any need for an email address on that I just don’t care why they want it (and I’ll give them a disposable 10 Minute Email).

What can be done about it?

There are other and better ways to confirm the email address is correct:

• The user can actually see what they’ve typed and fix it there and then
• Display a confirmation page with the option to go back and correct mistakes
• Send a confirmation email – this also confirms they have access to the email account and aren’t just signing up their friends without permission!

What about password fields

So far I think that what I’ve said would be accepted by 80%+ of web users; I’d like to go a step further and apply the same principle to password confirmation fields!

Currently when I have to set a password I’m presented with 2 text boxes that mask my entry, so I can’t see what I’ve typed. I know the reason here is to prevent someone from peeking over my shoulder and seeing what I’m typing – but I don’t think many people are that interested in accessing my bbc.co.uk account or my MSDN profile and most of the time I’m doing it I’m either at work or at home and I know the people around me and they’re too busy to care!

Personally I’d like to unmask the password box and get rid of the confirmation box; then I’ll know what I’ve typed and can correct it if I need. Or at least have a toggle option that lets me keep the old way, for when I’m using a public computer maybe, but when I’m at home just let me see my password.

Permalink | Comments (0)

The ASP.NET Profile is awesome, with it you can store information about each user (typically things like their name and site preferences); but you’re not limited to simple data types, the Profile can store complex objects too – or so I thought…

On the face of it the Profile is pretty easy to work with; you add the Property you want to persist to the web.config and .NET takes care of all the plumbing required for CRUD operations and the persistence itself, you don’t even need to explicitly determine who the user is that’s all done for you.

<profile>
  <properties>
    <add name="ExamBookingProcess" />
  </properties>
</profile>

By default these properties are serialised as Strings, but you can change that by adding the serializeAs attribute

<add name="ExamBookingProcess" serializeAs="Binary" type="ifs.Web.Schools.ExamBookings.Process" />

In this example I have specified the assembly that describes the Process class. Process is a ‘complex’ object in that it is a collection of other business objects, there are Strings and also Lists that represent the collections of Students, Qualifications and Subjects that comprise an Exam Booking. Now this is where things get a bit hairy, each of the classes that make up my Process object have to be decorated with <Serializable()> (yes I am using VB.NET). Not a huge problem but it is important and places some restrictions on what can go into each class as everything in those classes has to be serialisable.

Assuming you have a Process object that you now want to save to the Profile you should then be able to store it with the following code:

Profile.ExamBookingProcess = Process
Profile.Save()

I said should because it isn’t working for me. I get an error about converting a String to type ifs.Web.Schools.ExamBookings.Process – and unfortunately I don’t have any more time to devote to trying to identify why, I’m falling back on the Session to persist this object between pages. So this post is a bit of a rant and a warning. I suspect that the issue is really down to me and I’m missing something – if anyone knows how to do this I’d appreciate some insight…

Permalink | Comments (1)

I’ve recently posted about the problems I experienced with webhost4life and why I had to change hosts, at the time I wrote that post I was still in a ‘dispute’ with their accounting department over issuing me with a refund for the remaining 6 months worth of hosting. That issue has now been sorted and I’m pleased to be putting it behind me. This post is about the final outcome of that saga.

To recap and summarise what has happened so far, I used to have my sites hosted at webhost4life but on 17th February 2010 they decided to migrate my account (without telling me) to their new platform. The migration didn’t go very well and I was without websites or emails for well over a week, after a point I couldn’t just sit around and do nothing any more - my opinion was that as their migration had been so terrible and their customer support unable to answer any questions it had left me with no choice but to set up alternate hosting that was able to handle my sites, and as such they should refund me for the months I had already paid for but wouldn’t now be needing.

In an online chat I had with their accounts department I was told that they could cancel my account, refund me but there would be a $35 cancellation fee. At the time I wasn’t prepared to say yes on the spot because I still needed to set up hosting elsewhere, but after I had set up my new GoDaddy account I was ready. So I contacted them and again said I wanted my refund and was then told they wouldn’t refund me because their new account system hadn’t billed me so there was nothing to refund.

Needless to say this didn’t go down well with me and I insisted the issue was escalated. Finally they agreed to the refund and the $80 has cleared in my account – I’ve been waiting until the money actually cleared before writing this post just to make sure that they weren’t playing one last mean trick on me and the transfer bounced or something. So I am now completely free from webhost4life, my account is closed all my data was deleted and I have things running on my new hosting. However it turns out I wasn’t alone in my problems in the comments to that post Francis recounts his own problems with webhost4life – but he’s taken things a stage further and started a blog to determine the extent of damages that have occurred to others – anyone else who has suffered with webhost4life I’d like to suggest visiting the site and adding your voice!

Permalink | Comments (7)

For some reason (actually I’m not sure there is a reason) the company I work for have decided that they’re going to use Juniper for their VPN. The problem with this is that, at home, I have 64bit Windows 7. Up until quite recently Juniper did not support Windows 7 and they didn’t support 64bit! Yeah I know that does seem a little… slow to react. 64 OSs have been around for quite some time, and being a developer I’m drawn towards the shiny new things, not to mention the fact that you need 64 windows in order to use more than 3GB of ram and with 4 or more Visual Studio instances open at once, plus a bunch of other applications that ram gets used up quickly. So I’ve been using 64bit for some time. Add in to that the fact that Windows 7 has been available for some time and you can see why I’m of the opinion that Juniper isn’t the greatest solution in the world.

What I don’t get is why. Why does my company need something like Juniper when a bog standard VPN connection is all they need. Windows has been capable of setting up a VPN connection since XP, could we just use that? Oh no, we need Juniper because then its possible to deny access if the users computer doesn’t have the latest Anti-Virus definitions, or isn’t fully patched. Well I’d imagine that for most users they wouldn’t know where to start with some of those requirements. I try to keep my PC updated, I’m not a big fan of anti-virus software because it takes up more resources than a virus usually and I’m savvy enough not to get infected (I think), I don’t open email attachments from people I don’t know, I don’t go surfing odd websites etc. Add to that the security enhancements in Windows recently and I think I’m pretty safe. Of course there will be exceptions to that and if someone really wants to do something nasty I’m sure there are ways to do that. But do I really want to waste those CPU cycles I paid for running some software just to make sure that some other software doesn’t do something on my computer…?

Anyhow turns out that not only does Juniper want my OS to be fully patched and that I must have anti virus on my computer but I also need to have java installed! Why on earth would I want to install Java? Along with Flash its one of the most godawful things going. But most importantly I just don’t need it or want it on my computer. I haven’t seen a useful Java ‘thing’ for ages (granted Oracle etc are written in it… but have you seen them?), and pretty much everything Java can do so can .NET and I’m a .NET developer. I know I should care about what ‘the opposition’ are up to… but honestly I don’t want it on my home pc.

This leaves me stuck when it comes to working from home. I can’t simply login like other people, if I need to work from home it looks like I’ve got 2 choices: Install Java or borrow a work laptop. I’m going to go down the work laptop route, that way they can manage the anti-virus and OS and Java stuff and I can have my nice clean pc nice and clean and to hell with the notion of productivity!

Permalink | Comments (0)

I’m trying to keep the content on this site focussed on .NET and programming / developing software but every so often I feel compelled to speak up about something outside that arena – this post is one of those posts.

I don’t have much to do with hackers besides writing code that should keep them out of websites, as far as I know none of the sites I’ve written have attracted any attention from hackers – I suspect they’ve got their sites set on more interesting targets. However the recent decision by the British government to extradite computer hacker Gary McKinnon upset me enough that I’m posting about it here to vent my feelings.

To me this seems to sell out British citizens and I have to wonder to whom the government is answerable to, is it the British citizenship or the American government. I’m not condoning hacking, what Mr McKinnon did was wrong end of discussion. What secrets did he steal, what damage did he cause? Well besides hacking into US government computers, including those of NASA and the Pentagon… the only damage he seems to have caused is to reputation of the IT departments that set up the weak security ‘protecting’ those computers – access was gained using default administrator passwords! It is lucky that he wasn’t out to steal secrets or cause problems. According to Mr McKinnon he was on a “moral crusade” to prove US intelligence had found an alien craft run on clean fuel. I agree he should be punished but that can be done on British soil and by our own penal system; the US government has zero credibility for dealing with suspects after Guantanamo bay. America still has the death penalty for juvenile offenders, there is no moral high ground to be had there!

Mr McKinnon is a British citizen, the crimes he committed were carried out on British soil and he should be dealt with by the British legal system. Each country has its own set of laws and it is not right to enforce those laws outside the jurisdiction of that country, in the current global age is is wrong to assume that criminals will not look abroad to commit their crimes. However international laws should exist to deal with such situations as they do for other crimes.

Home Secretary Alan Johnson could block the extradition, he could stand up for a British citizen, he could recognise the unusual and cruel treatment of Mr McKinnon who has been in an heightened state of terror for almost eight years, he could recognise the mental vulnerability of Mr McKinnon and keep him on home soil. However he has chosen not to and seems to have fast tracked this case.

I hope the European Court of Human Rights can step in and apply some common sense here.

Permalink | Comments (1)