Entries Tagged as “Opinions & Rants”
Mango Blog Setup Folder Security
Over the last few days I have found an alarming number of 404 errors in my coldfusion server logs. They all had one thing in common. A missing setup.cfm page. Naturally we don't want 404 error's right? In this case it's a good thing.
It is my belief that someone, or some group of people are testing the security of Mango Blog by looking for the setup directory that comes with Mango blog when you first download and setup your blog. The installation instructions state that once your blog is setup correctly, you should remove the setup folder from the admin, to prevent no-gooders from doing anything malicious to your site.
I went to the mangoblog.org site and took a look at a long list of people in the "Who uses Mango" section of the site and most everyone still had the setup directory intact. I was actually really surprised to see the carelessness of so many people. Especially by a few people that SHOULD know better than that.
What's worse is that I was able to add a new table to one unlucky site by guessing the username, password, and datasource! And it wasn't very hard! How lazy are we people!? Do we have to get hacked before we wise up? This is just plain ridiculous! I am not even a security person and was able to compromise one system in just a few minutes. Imagine what a security expert could do with all their tools and knowledge
Mango Blog owners. Remember you need to delete the setup folder after installation has been verified. It's obvious to me that people are checking for the existence of the setup.cfm so we best be on our toes.
My Solution
Here is what I am proposing as a solution. I am interested in your feedback.
The idea I had was to have the admin overview page check for the existence of the folder and if it finds the setup folder intact it could warn you that leaving the setup folder on the server is a security risk. It should then offer the admin user a chance to delete the folder. I think this is a better method as it provides the blog administrator a good chance to verify that things are working before deleting the folder. It also gives continual reminder to those that forget to delete the folder on their own.
Here is a sample design that I had. Maybe there is a better way to do things. I just thought I would get the ball rolling and see what can be done.
A plugin could easily be built for this, but I honestly feel it should be apart of the core install and not a plugin provided by an end user. That would pretty much defeat the purpose really.
→ Respond NowTags: Mango Blog · Opinions & Rants
Redesigning the Desktop Calendar
Most people use a calendar of one form or another in their day to day lives. With so many people using calendars I am really surprised that nobody has gotten annoyed by their functionality to the point where they felt that they needed to rewrite the way calendars work. Maybe I am alone on this idea but stay with me.
It seems to me that the computer calendar was simply a copy of the old paper calendar. The ones that hang on the wall in your cubical with the last month still in view because you never look at the thing except when you finally remember to flip the thing to the next month. Yeah that one.
It seems to me that when designing the desktop calendar programmers took the tried and true route. They built the calendar to look just like our old trusty friend the paper calendar. Granted they gave us more views like week view, day view, and even year view. But I think their needs to be one more view. "Rolling Month View"
Rolling Month View is for people who like the birds eye view of the month, but also want to see the next three or four weeks in addition to the current week. The problem with the traditional calendar system is that if I am at the end of the current month I have to click over to the next calendar month to see what's going on in two weeks. flipping back and forth counting days, trying not to count those extra days that are dimmed out but added in there to complete the boxes in the grid.
I just want to see what's happening in the next week or two. I never care about what happened last week unless the police are asking me "Where were you on the night of…" Anyway, you get the point.
Below is a screen shot of my calendar for the month of May. Assuming today was the 25th of May, it is nearing the end of the month. Granted I can see a few days ahead, but what if I want to see what's happening the week after? I have to toggle to the next month. Meanwhile the calendar is happy to show me what I did 4 weeks ago. What a waste of space! And totally useless in my opinion.
Rolling Month View might be the solution. It continues to roll the calendar forward a week at a time so you always have the next two or three weeks ahead of you displayed in the familiar monthly grid view.
Here is a very rough screenshot for conceptual purposes. There is probably a nicer way to do the rolling calendar, but this took me all of 1 minute to put together. The point is, it makes sense even if the presentation needs some work.
If your a developer for Apple, or know a developer for Apple, can you please get this worked into the next version of iCal? I will love you long time.
→ Respond NowTags: Design · Opinions & Rants · Software · usability
Who Uses ColdFusion Anymore?
I went to a web development meeting a few days ago and when I mentioned during the introductions that I was a ColdFusion developer the reaction from others in the room was that of amazement. I think they were amazed that the language still existed. I'm not surprised really. It's actually a common reaction from developers.
Someone in the room asked, "Does anyone even use ColdFusion anymore?" I know that I see ColdFusion powered sites all the time, but for the life of me I could not recall a single site that used it other than MySpace. And honestly, that's not a shining example of a good CF site. Feeling a bit embarrassed that I could not recall some decent sites on the spot, I felt I needed to do a bit of research and compile a list ColdFusion powered sites. If for no other reason that to answer this simple question when asked.
So here is a list more popular sites that I know to run ColdFusion. If your wanting to find a more comprehensive list, GotCFM.com has a pretty large database of sites.
- AT&T (portions)
- Bank of America (portions)
- Boeing (portions)
- California Department of Toxic Substance Control
- California Department of Water Resources
- California Dept of Developmental Services
- CarFax
- Dallas Cowboys
- Doctors Without Borders
- Duke University
- eBags
- Ebay (portions)
- Energy Star
- Foot Locker
- Gamepro
- Georgia Tech Savannah
- Guitar Center
- Hasbro Toys
- HP (portions)
- Logitech
- Macworld UK
- Massey University
- Merrill Lynch (portions)
- MMORPG
- MySpace
- NASA (portions)
- Ohio University
- Pottery Barn
- QuickBooks Online
- Scientific American
- Section 508
- See's Candy
- The Economist
- U.S. Bank
- Ultimate Fighting Championship
- University Of Amsterdam UVA
- University of Maryland
- US Dept of State
- Virginia College
- Vodafone
→ Respond NowTags: ColdFusion · Opinions & Rants
Are acronyms hurting your SEO rank?
Anyone that knows me, understands that I am not a big fan of acronyms. I think they breakdown the lines of communication, and confuse people quickly. Earlier this week I attended a marketing luncheon with a topic on SEO, where I became acutely aware of this issue and wanted to write about it. I don't claim to know much about SEO, so you experts out there can set me straight if I am missing the point.
Basically the presentation sounded like this: "keywords in your name, keywords in your url, keywords in your username, keywords in categories, keywords in your tweets, keywords, keywords, keywords." Sounds reasonable right? Well it does until I started noticing all these acronyms appearing in the presentation materials, in the conversation, on the web, etc.
All this got me to thinking. Why spend all this time creating a keyword rich business name, username, url, etc., if your going to refer to them with acronyms? The same is true for valuable keywords or trigger words within the content of your site as well. Using acronyms seem like missed opportunities to add valuable keyword content to your website.
A perfect example of this would be the title of my blog post. "Are acronyms hurting your SEO rank?" If I was an SEO expert, I just missed an excellent opportunity to gain "search engine optimization" as three additional keywords. The problem with using acronyms are that people looking for your content may not be familiar with your specific acronyms and therefore search for the longer more verbose phrase or only part of the phrase.
Acronyms are a big part of our language—for better to for worse—we are stuck with them. We should think carefully about the usage of acronyms within our page content. Properly defining an acronym the first time it's used on the page with the <acronym> tag is the first thing I would recommend.
However I would be remiss if I didn't caution against the overuse of the <acronym> tag. I still believe that once a term has been defined on the page it does not need to be defined again. Optimizing for a search engine is one thing, but user experience should be your top priority. Unless of course your customers are search engines and not people.
→ Respond NowTags: Opinions & Rants · SEO
Is The Phrase "Apple Killer" the new "Heavy Duty"
In the last few years it seems that every new gadget that is announced gets dubbed an "Apple Killer" of some sort. The Apple Killer rhetoric lasts up until the point when the actual product is released to the public. Then what? Nothing, you never hear about these alleged Apple killers again. Why is this?
I think the answer is simple. They are all trying to be like Apple in some way by coping their formula for success, instead of innovating like Apple. They spend all their resources just trying to catch up, and make a product that can maybe compete on some level. All the products I have seen to date all end up falling short, and not delivering on the promise of great user experience.
In the end, what elevates Apple products to the top of the food chain is great user experience. It's not a laundry list of features, and tech specs. If these other companies are going to create a true "Apple Killer" product, they are going to have to set aside the idea that the only thing people want are more features and better specs, and actually make an innovative product.
Once upon a time, the phrases "Heavy Duty" or "High Quality" meant something. At least it did to me back then. Over time the two phrases have been so badly abused my marketing companies and manufactures, just seeing the words make me instantly think of cheep offshore junk.
Seeing the phrase "Apple Killer" in news headlines today, has the same negative effect. I no longer think, could this be a real threat to Apple? My thoughts are now replaced with, poor guys, just how badly is this product going to fail?
What about you? How do you feel about the phrase "Apple Killer"? does it still mean something to you? Or are you like me in thinking that the phrase is the new "Heavy Duty"
Past Apple Killers. Where Are They Now?
Does anyone remember these past products all touted as being "Apple Killers"? Sure people bought them, and I am sure some of them are actually happy with their purchase. Most of them were only talked about by the buzz engine created by marketing companies, but most of them have already been forgotten or barely considered a reasonable alternative.
iPhone Killers
Palm Pre
T-Mobile G1
BlackBerry 9000
BlackBerry Bold
Garmin Nuvifone
HTC Touch Pro
LG Dare
Samsung Instinct
Samsung Omnia i900
Nokia N96
Apple TV Killers
Archos TV+
Netflix‚ set-top box
Blockbuster‚ set-top box
Asus O!Play
URC PSX-2
Netgear iTV
iPod Killers
Sony Network Walkman
Microsoft Zune
Cowon iAudio
Archos Gmini
PSPgo
Samsung P3
→ Respond NowTags: General · Opinions & Rants
