Locality Switch

There’s a few websites I go on the internet for insight into design and usability trends: A List Apart, Alertbox, Sitepoint, Web Design from Scratch, and Signals vs Noise. I generally find these sites very useful, and I respect the opinions of the writers there. However, sometimes people are just plain wrong.

The offender today is Jakob Nielsen, who writes for Alertbox. He published an article back in July about password masking, and why we should do away with it:

Most websites (and many other applications) mask passwords as users type them, and thereby theoretically prevent miscreants from looking over users’ shoulders. Of course, a truly skilled criminal can simply look at the keyboard and note which keys are being pressed. So, password masking doesn’t even protect fully against snoopers.

In essence, he is saying we should do away with those dots or asterisks which appear when we type in our passwords. What a bad idea.

The only place I believe this may be valid for is private offices. Anywhere else, it is a bad idea. Schools, internet cafe’s, open plan offices and public kiosks are just a few example of where people type in passwords where people seeing the screen is common place.

Password masking doesn’t protect against malicious criminals who want to hack your bank account. It protects from casual hacking – where people you know look over your shoulder and grab your password to have a bit of fun with you. With password masking, this isn’t a problem. Without it, we are all opening ourselves up.

Perhaps there is a solution to help Jakob see his password on the screen: a browser extension which toggles the visibility of your password on websites. Simple. He can use it, and the rest of us can keep living our lives as if nothing ever happened.

(Just a note: I still respect Jakob Nielsen – I think most of his articles are great. It’s just this one thing I have a problem with. Even others agree with my point of view.)

You have an Active Directory and an intranet/extranet, but want to tie them together onto the same username/password system? It couldn’t be easier, using PHP’s LDAP Extension.

In case you didn’t already know, Microsoft’s Active Directory uses the LDAP protocol to store and communicate it’s data. As this is an open protocol, there’s plenty you can integrate it with. In this article, I’ll focus on PHP.

It’s really easy to get started integrating PHP with LDAP. There’s many truly great and in depth articles on this subject, such as one from Developer.com. If you want long explanations, head they way. Over here, I’ve got a quick and dirty example:

<?php

$username = "administrator";
$password = "MYSecur3Password4";
$server = "192.168.10.5";

$connect = ldap_connect($server);
$bind = ldap_bind($connect, $username, $password);

if($bind == TRUE) {
echo "LDAP Connect Success!";
} else {
echo "LDAP Connect Failure!";
}

?>

That will do a really simple connect to your Active Directory server, such as a Microsoft Windows Server 2008. You can modify this code to grab the username and password as user input from a login form, and then authenticate against that.

However, you must always check to make sure the username and password fields are not empty, or else it will probably authenticate anonymously and return a TRUE value. Here’s a modified example to grab the data from a logon form as POST data:

<?php

if(empty($_POST['username']) || empty($_POST['password'])) {
die("Username or Password field was left blank. Please try again.");
}

$username = $_POST['username'];
$password = $_POST['username'];
$server = "192.168.10.5";

$connect = ldap_connect($server);
$bind = ldap_bind($connect, $username, $password);

if($bind == TRUE) {
echo "LDAP Connect Success!";
} else {
echo "LDAP Connect Failure!";
}

?>

So, that’s the basics. However, it’s probably not much good if you want to do anything else than a quick authentication check. The PHP LDAP Extension supports a myriad of fancy things, from searching to editing and even deleting records. But you don’t want to do that manually. What you really want to do it use a library such as the adLDAP library, and use that to do all sorts of fancy things.

Here’s the feature list:

• User authentication
• Group management
• User management
• Contact management
• Exchange mailbox creation

It’s really worth checking out. They even provide info on how to achieve a seamless signon for within your domain. Here’s the IIS/PHP instructions:

Format the machine and install Linux (recommended), or remove anonymous access from the directory with the IIS management console, the username is available with $_SERVER[“LOGON_USER”].

Seamless authentication with Apache on Windows can be achieved with mod-auth-sspi

[ From: Seamless Authentication - adLDAP Wiki ]

So, there you have it. Active Directory authentication with PHP.

The Primus Data Centre in 55 King St Melbourne suffered from another power failure yesterday, wiping out an enormous portion of our web-hosting market in Australia for the afternoon. All of my websites were down from about 3.45PM, and only came back online at 8:15PM (EST).

This is only the third power failure experienced this year from Primus. The first and second time it happened, they didn’t really provide much information to customers. I don’t expect this time to be any different.

Some providers, such as Cove, moved out of the facility in response to the lack of information provided on the failure. This time, I think Primus will really loose a massive chunk of their customers. Having such a major data centre go offline so frequently is a real worry.

It’s only when stuff like this happens when you really think about your resilience to these sorts of situations. My first question is this:

Why do most Australian web hosts only use one data centre, and rely on that for everything? It’s scary. I can’t seem to find an Aussie web host which boasts dual data centres replicated with each other. Hey, I can’t even find one with even a basic backup name server off site!

US hosts such as Media Temple have identical hardware in two geographically disperse data centres. And they aren’t the only people – I have seen quite a few overseas providers which do the same thing. Why don’t Aussie hosts do the same thing?

Why have I not hosted my own secondary name server and used an external email server? It’s not that hard to sign up for a free DNS host, and have them replicate my primary DNS server records. It’s also not hard to sign up for an email service which is in the cloud. I have used Gmail for other clients – why not myself? This would mean I don’t loose my emails when my web server goes down.

Why is anyone still with Primus after three power outages in one year? It was bad the first time, worse the second, and a third time is just a complete joke. Now there is talk of them doing work next week on the power, which may bring them offline again! C’mon people – there are plenty of other data centres around. Start shopping around!

And here’s some irony for you: the Dilbert Comic for today!

Every now and again I come across things on the internet which are really unique, and awesome. Today while I was browsing the Holroyd City Council website, I found this fascinating tool which they were using to test user experiences – Loop11. Here’s the blurb from their site:

Loop11 is a web-based user-experience testing tool, allowing companies to conduct online, unmoderated user testing on any kind of digital interface. Loop11 is not a survey or web analytics tool, but a user experience tool… helping you to understand user behaviour.

Loop11 is opt-in from the user’s point of view. You have to choose to undertake the tests – they are not forced upon you. Loop11 allows you to setup tests for your users to undertake, and record the results of their experience. For example, you could be asked to find information on council waste services. When you find what you are asked to find, you press the “Complete” button. Simple.

All of your experiences are recorded, and the web developers of the site can evaluate the results to help improve the site. You can see where users have difficulties in navigation and finding information on your site.

It’s currently in private beta, but I am holding out for a public beta to be released soon. I seriously haven’t seen something like this before – it’s quite unique.

There’s only a couple of problems I can see with this approach to usability testing:

• Users have to opt-in
• Users who opt-in are more likely to be more computer literate, and may be able to complete the tests easier than non-computer literate folks

As a result of the above two points, I can see that this approach could deliver skewed results. However, if used in combination with other metrics, it could really help developers create more user-friendly sites.

I reckon we should all watch Loop11 closely to see if they deliver a successful product, and a successful approach to user acceptance testing.

I have got myself into this habit of visiting several websites by default when I first open up my browser for the day. These sites include Twitter, Whirlpool Forums, Facebook, Coding Horror, Signal vs Noise, Google News, and a few others. During the course of my browsing session, I find myself regularly visiting these sites. It would seem I am somewhat addicted?

Not that it’s much of a problem – after all, at each site I can discover something new and interesting.

But, what I really want to know is what makes these sites so addictive? These sites I regularly visit are very popular ones. Sure, some more than others, but each one would pull at least thousands of visitors per day.

There are three main things each of these sites have in common:

• Regular updates
• Human perspective / interaction
• Simple concepts

If you observe the most popular sites on the net, you will see these three traits are common throughout each of them (this isn’t a cold hard fact, just my personal observation). I believe that if you remove one of these traits, you will find the site is no longer as addictive.

Sometimes the thing which keeps dragging me back to a site is the perception of regular updates. See, if no one has posted anything visible to me on Facebook since I last visited, then Facebook will automatically make it seem as if something new has happened, by changing the Highlights section on the sidebar.

The simple concepts item on my bullet list is an interesting one. You will notice each of the sites I regularly visit have a simple concept at the heart of them. Let’s examine a few:

• Google News: get the latest news
• Facebook: connect with friends and family
• Whirlpool Forums: community discussion on Aussie Broadband

While each simple concept may be really really complex to actually implement in a coding sense, the user still gets a simple concept presented to them. While in many cases the simple concept has been expanded massivly, when you first arrive on the site, the simple concept takes center stage.

Finally, us humans love human participation, interaction and perspective. That’s why there are a couple of blogs I regularly visit – I want other people’s perspective on things. Life gets boring if you never get told what other people think. The comments section on a blog are also really important – it shows us what other people think on the same issue.

If you want to build a popular site, then make sure you can check off each of these three items. There’s a lot more to building a successful site, but these three features are at the core of addiction.

96Kbps multiplied by three hundred listeners is how many Gigabytes in a month? What about 128Kbps? If you’re working with Audio over IP and are trying to figure out how much bandwidth you need, the sums can make your head hurt.

Luckily, Google knows the answers to all of your tricky questions. All we have to do is ask it a question, and we get an answer! Let’s try.

I typed “96Kbps * 300 in GB/month” into the search bar, and upon pressing enter, I got a result: 96 Kbps * 300 = 9 028.50894 GB / month

Awesome! It’s a real help when you need to really crunch some numbers in regards to streaming, for example. With this brilliant feature, I can fantasise about the bandwidth requirements of an audio stream with hundreds of throusands of listenets. See:

24.414Gbps is a lot of bandwidth! But, if I was getting to 200,000 simultaneous listeners, then I think I’d be getting pretty good advertising revenue. One would hope, at least.

Google also knows about Petabytes:

See, that’s pretty handy! Plug any calculation in there (and I mean any calculation), and Google can find your answer.

Hopefully you find this as useful as I do.

I love it when companies go and fix data inconcistencies within their system. Today, Twitter fixed a rather odd problem which effected the count of how many people followed you. If you don’t know about it, here’s the news direct from the horse’s mouth:

For some time, the follower and following counts we display have been incorrect for some folks. We’re soon to push a change that will address this issue. This means that the count you see in your sidebar should match what you see on your follower and following pages.

However, a consequence of this change is that follower counts will drop for some people. In particular, those with large followings may see significant changes as we correct for spam accounts and data inconsistencies. No legitimate followings should be affected—we’re just cleaning up artifacts in the system.

[ From Correcting follower and following counts ]

I say this is an odd problem, because the whole concept of counting how many people follow you should be really simple simple, right? In the Twitter database, I expect there to be a column in the users database which contains the number of followers; each time you get a new follower, the count increments.

On my own Twitter account, I had about ten more followers in the count, then I could see in the list. How can the numbers get this different? I don’t know, but I bring it down to growing pains. While Twitter now seems to be getting more reliable, it isn’t past all of it’s problems – the links in the chain still break occasionally. It will still face ongoing challenges when developing and expanding this unique social networking platform. They are innovators, and with that title comes certain expected problems; let’s hope they can work through them.

Web-based software is magic. It all runs on a server in the sky, and we don’t generally have to worry about it. No upgrades, so patches to install, and no need to worry about installing it on every machine. It’s computer bliss.

One of my favourite developers of web-based software is 37signals, who have made products such as Basecamp, Backpack, Writeboard and Highrise.

My favourite product of theirs would have to be Highrise, which is a really easy to use Customer Relationship Management (CRM) solution. I’ve recommended it to our community station, and they have started using it for managing sponsorship deals. There’s a few different plans you can subscribe to, but we have the free version.

I want to take the time to describe how we use it to keep track of sponsorships. Previously, our tracking of sponsorships was all contained within a few different people’s heads, and in our inboxes. It was fine with limited sponsors, but once we got more than a few, it became hard to track payments, renewals, etc.

Introducing Highrise.

As Highrise is a CRM, it’s important to understand the concept. In a nutshell, a CRM will track all of your customers, your dealings with them, upcoming tasks, etc. It keeps track of business for you.

For our sponsorship tracking, we have all of the contact details of our customers contained within the system. Then, we have ‘notes’ added to each one, which describe our dealings with them. Notes, by the way, are just small snippets of text which we can attach to a company. Here’s a few samples:

• Called Rob about upgrading his sponsorship package – is excited about the possibilities. Have to email new sponsorship agreement to him
• Julie sent through the cheque for $220.00, which will give XYZ Builders 3 spots per day until 27/8/09
• Acme Warehouse is changing new management – previous management has passed on their details so we can try and establish a relationship

As you can see, notes are used to keep the whole team up to date with our dealings with individual companies.

The next aspect of Highrise we use is Tasks.

We absolutely exploit this feature (in a good way!) – we currently have twenty two tasks set for the next few months. Tasks are simple. Here’s a few examples:

• Renewal Letter – Jul 23, 6pm (Re: Julie from XYZ Builders)
• Sponsorship Finishes – Aug 29, 8pm – (Re: Acme Warehouse)
• Thank-you letter – Aug 30, 2pm – (Re: Council involvement in OB)

The beauty of Tasks is that the appropriate person gets an email reminder when an item is due, so we never miss a beat. There is no excuse to miss some important task which is time critical.

Of course, the information we receive from Highrise is only as good as the information we put in. The computer can’t read our minds – that is one feature that 37signals has failed to implement.

We love Highrise. The software is simplistic, but gets the job done really well. Hats off to 37signals for producing such a marvelous bit of software – you really have helped us a great deal as a community radio station.

When was the last time that you filled out a contact details form before downloading evaluation software? How many times has the company actually rung you about it? It’s a rare occurrence, but for Symantec it seems to be common practice.

About a month and a half ago, I was evaluating all the managed anti-malware solutions out there, with the goal of seeing which would suit 2CCR. I went through the solutions of Mcafee, AVG, Symantec, and Trend-Micro and tried them all out. All of them asked for my contact details, as I was trying out enterprise software.

Only one company has called me: Symantec. They have been great from the word “go”. All my questions I had were answered by their staff, and their customer service reps called me on my mobile on more than one occassion. Symantec have rised above the competition, and set them apart from the rest.

Regrettably, their software wasn’t quite right for us. I would have loved to go with their products, thanks to the customer service, but I couldn’t quite justify it. Their software we tried was aimed at slighty larger networks. In the end, we chose AVG 8.5 Network Edition because that worked better in our small-ish network. However, the next time I go and design a network (and I’m sure I’ll do that plenty of times in my life) Symantec will be first on the list of products to consider for network security.

Fantastic job, Symantec!!

Does your station stream over the internet? No? *Gasp* You’re missing out on a huge market your station could be reaching. Don’t worry – I’m going to take you through all you need to know to get started.

But wait, isn’t community radio about serving your local area? Well, yes and no. I’m of the opinion that we should offer as many different ways to get our station across to our listeners, whether or not they are in our local area. Sure, programming decisions should be made with the licensed area as the primary focus, but as in terms of who is listening, I believe we are responsible for reaching everyone who wants to hear our programs.

After all, community radio certainly offers a huge range of very different programming, much of which would appeal to people all around the world.

So, what do you need to get started with streaming?

• A spare computer at your station, and an input from your studios into the sound card
• Encoding software – I recommend EdCast
• A reliable internet connection from your studios – I have found ADSL2+ to do the job very nicely
• A streaming licence from APRA/AMCOS – this is calculated as a percentage of your income from your stream
• A streaming provider, we’re going to focus on shoutcast.
• Permission from your board / management (I’m going to assume you have this taken care of)

Before you start piceing the bits together to start streaming, you need a basic understanding of TCP/IP networking, and also knowledge of how streaming actually works. You could just build your stream from the instructions I have here, but when it all falls over, who has the knowledge to fix it?

Let’s take a look at the path your audio will take:

Audio –> PC –> Encoding software –> Internet –> Shoutcast Server –> listeners, listeners, listeners

So, your audio will come into the PC, EdCast will encode it, it will be blasted over the internet to your Shoutcast provider, who will then distribute it to all who want to listen. Simple, right? Not quite…

Let’s explore the different aspects of this audio chain through the ether:

Your encoding software has a vital part to play. It will take a feed from your soundcard and transform it to your chosen format. There are heaps of formats to choose from, but the primary ones you should consider are the MP3 and AAC+ codecs. Why? Because these are the most compatible. Choosing a codec is beyond the realm of this article, but I will try to post more on it in the future.

Within your encoding software, you also have to configure the bitrate – this is technical jargon which roughly translates to quality (and is measured in Kbps – Kilo-bits/second). The higher the bitrate, the higher the quality – however, the higher the bitrate the higher the bandwidth required by both you and the the people listening. The trick is to go for somewhere in the middle of the road, say 64Kbps for MP3 or 32Kbps AAC+. But it all depends – I suggest you try them all out, and see how it goes.

The Shoutcast provider is where all your listeners connect to. They have all the bandwidth which they let you use. Typically, providers in the USA are cheaper, but make sure you shop around for the best deal. You want reliability, heaps of bandwidth, and a reasonable price. Remember, if your provider fails, your stream will suffer – and no one will be able to listen.

Another consideration you have to account for is your internet connection at the station. Can it handle the extra bandwidth requirements? How much will it cost? The best ISPs offer un-metered uploads, meaning you don’t pay for what is being sent out of your connection. This is brilliant if you are doing streaming, because streaming is basically just a constant upload! Make sure you read and understand all the fine print from your ISP before you start – you don’t want to get into trouble.

That’s all for our getting started guide on streaming. I know it isn’t quite a step by step guide which will guarantee success within three weeks. I feel the best way for you to fully understand streaming is to get your hands dirty with it – download the software, install it on a spare box, sign up for a cheap Shoutcast provider, and see how it all works.