I first received one of these plastic bags with something I ordered from Amazon a couple months ago. On the surface it looks like a good idea. You send your old cell phone in and supposedly it will be given to the soldiers overseas so that they can call home. I won’t even get into the technology compatibility issues here…

But what I will get into is with all the recent news of people being reported for relatively benign things and with people reporting totally innocent acts to help fight the war on terror, is sending used cell phones in little plastic bags through the mail a good idea? Isn’t this exactly what people are reporting? Random electronic equipment that lights up or beeps? And we’re being encouraged to send these through the US postal service? Worse yet, would post workers start to ignore odd shapes and odd sounds coming from these bags since they all supposedly contain used cell phones?

With knee jerk overreactions to non-threats becoming more and more commonplace, and “report all suspicious activity” becoming the mantra nowadays, it seems strange that we’re being encouraged to put little electronic devices into little plastic baggies and mail them en masse…

I would have thought that the rules of when to use and when not to use checkboxes were pretty straightforward. However, after a UI review last week, it became apparent to me that this may not be the case. So when do you use checkboxes? Simply when you have a true/false, yes/no, or on/off choice:

However, checkboxes don’t work if you have a two choice option that is not a simple, binary, opposite choice. Usually you can tell if this is the case if you can’t logically put a “not” or “don’t” into the label to describe what happens when the checkbox is unchecked.

In that case, use something else like radio buttons or combo boxes:

And of course any option that requires three or more choices would be displayed similarly:

But of course, there’s always the problem of deciding when something is one option with several choices or is two or more options with dependencies:

But the simple and most common case for checkboxes still applies: only for simple binary choices!

How do you guys keep up morale at work? Where I work, we’re quite fond of the good ol’ prank. In the past we post it noted:

But that took a bit of time. So this time we decided to go for the “speed prank”. While our boss was at lunch, we pulled out the tin foil and let it rip so to speak…

So if your coworker or boss likes to take long lunches, leaves to go to a dentist appointment or even goes to a 1/2 hour meeting, it’s fair game. Let the speed pranking begin!

There’s a great new plug-in for Wordpress blogs called Socialize-Me. It looks at the HTTP referer field and if it’s a social networking site that you’ve configured the plugin to recognize, it shows a link to your profile to whoever is visiting your site. A pretty simple yet powerful concept. It lets you extend your social network from the site the network is on out in to your own blog. Sounds to me like a pretty nifty way grow your network.

Installation is as easy as any other WP plugin. You simply copy the folder into your plugins folder, activate the plugin on your Wordpress dashboard, then just tell it your usernames for each profile you have. The content it adds doesn’t take your theming into consideration:

but after a little javascript and CSS hacking you can make it match:

I have it set up for Digg, Flickr, Pownce, Facebook and a few others:

And considering I’m not in high school, that’s probably a few too many…

I don’t like buying music online. There. I’ve said it. I don’t know if that makes me an old fart or what. I just don’t like doing it. When you buy the CD, you are actually buying something concrete… something substantial. When you buy music online, you’re buying bits.

I think my biggest problem with buying online though is that you get the music files in only one format and in only one bit rate (which you typically can’t control) and slathered chalk full of DRM. If I buy tens or hundreds of albums on iTunes, I am thereby chained to using iTunes and iTunes forever else I’ll have to rebuy all that music again. And that’s assuming that iTunes and Apple will still be around 10, 20 or 50 years from now. Those facts almost make me consider renting music. You pay a relatively small fee and can download all the music you want. But then again, if you ever stop your subscription or want to transfer your music elsewhere, you’re SOL. You never really owned anything.

However, if I own the CD, I can always rip, rip and rerip the music into any format I want. MP3 is still the dominant format nowadays, but I may want all Ogg Vorbis in a few years. No problem. I have the CD, so I can rerip it. And not just that, but CDs are already a pre-existing backup to their digital counterparts. After you rip it, the CD sits on a shelf or in a case. If your iPod or Zen or NAS dies on you, you can always just pop the CD back in and rip the songs again.

All that being said, there is one online music service that I’ve tried and may continue to use. It addresses most of my problems and I don’t feel too dirty using it:

Amazon’s music downloading service is almost everything that I’ve wanted. Look at this from their help page:

Where possible, we encode our MP3 files using variable bit rates for maximum audio quality and smaller file sizes, aiming at an average of 256 kilobits per second (kbps).

DRM-free means that the MP3 files you purchase from Amazon.com do not contain any software that will restrict your use of the file.

The albums and songs you purchase from AmazonMP3 Music Downloads are free of Digital Rights Management software so that you have the flexibility to play them on any of your media players, PC or burn them to CD.

They have high bit rate files and no DRM. NO FREAKIN DRM! No matter where I put this, it will work. It’s up to me to keep my actions legal. And I’m not a 15 year old kid that is going to share all this stuff. I actually believe in buying music and supporting the artists. If I like the stuff that the artist puts out, I have no problem giving them money so that they can continue to produce more. If my collection consists of a hundred one hit wonders, maybe I need to reevaluate my musical tastes, but that’s another blog entry…

So let’s take a look at how all this works. Let’s say you want to buy an album from Amazon. You go to the album page on Amazon as normal. Look for the amazon mp3 panel in the lower right hand side and click it if it’s available. Not all albums are available, of course, but I’ve found most of the things I’ve looked for (and my tastes aren’t too terribly mainstream):

That will bring you to the album’s purchase page in the MP3 Downloads section of Amazon. From here, you can either buy your music song by song or just buy the whole album. And a lot of songs and albums are even cheaper than iTunes:

So after purchasing the music, you than need to download Amazon’s Downloader application if you haven’t already and then the .amz token file which tells the Downloader app what to do:

The Downloader then just goes on automatically downloading your files whether in the foreground or in the background:

And when it’s done, you’re politely informed of that too:

You can then spawn off your default music player to start listening to your new purchase or you can click on “Show Downloads” to open Explorer in the folder where all your purchases are. For me, that is C:\Users\mike\Music\Amazon MP3\. They are arranged by artist then album. Pretty typical stuff. There you have all your free and clear mp3’s to do with what you want. How beautiful…

The Amazon MP3 Downloader is a pretty bare bones app. It’s not this bloated thing sitting there in your system tray taking up CPU cycles. Consequently, it doesn’t save any state. After you close it or even if you buy and download additional songs, it will have totally forgotten everything you bought beforehand. You can only access them through the file system. But that isn’t a big deal. I don’t really like it when applications try to manage that stuff for you… like iTunes. Yes, it’s yet another thing I don’t like about iTunes.

Anyway, I’ve bought three albums in researching Amazon’s MP3 service and I think I like it. I’m still a little uncomfortable that I don’t have anything concrete to show now that ten more of my hard earned dollars are gone, but I guess I need to get my head out of 1995 and embrace this new age of digital music, social networking and cloud computing.

I admit it, I have a big one. Sometimes being big is great. All that size is helpful. But sometimes you get made fun of for being big. Like at work, the past two days now. I pulled it out at a meeting and Scott made a comment both times: “Geez, Mike… that’s a big laptop.”

You see I’m of the opinion that you need to either go big or go small. No in between. That’s why I bought the HP Pavilion dv9428nr laptop. I wanted a machine that was still portable, but could act as a desktop replacement. And with a 17″ widescreen, dual core 2.20 GHz, 2GB RAM, I would say that it does the job well. On the other hand when I just need portability and small size, I go to my (now relatively outdated) HP iPAQ 2215 Pocket PC or to my LG Cherry Chocolate. On either one, I can check email wirelessly, surf the Internet, read RSS feeds, read books… They do the job and easily fit in my pockets. You see, I get these devices. They make sense to me.

Then there are the “in between machines”. These are the computers that don’t have a clear identity or place to fit in. For example, take the Asus Eee PC 4G. It’s small, but not too small. It runs Linux or Windows XP. It has a 800×480 monitor. It has USB slots, an SD slot, 802.11g, ethernet, and an external monitor port. It costs between $200 and 400.

It isn’t bad, but it isn’t great. It isn’t too terribly slow, but it definitely isn’t fast. So where does this fit in? What role does it fill? It may fit in my coat pocket during the winter, but it won’t fit in my jeans or shorts in the summer. It could work as a “couch term”, but if I wanted to do some serious programming or watch some quality video… eh, not so much. If that was the case, I’d just go get my laptop. If I wanted to check email in my car or in line at the post office, I’d use my phone or my pocket pc. The Eee PC would be too big. If I wanted to check my email or do some work while on travel or at a conference, I’d pull out my laptop. I wouldn’t need the small size of the Eee PC.

So where do these “in between machines” fit in? I can see buying the Eee PC if I simply can’t afford a powerful laptop. I’m sure there’s a market for that, but how big of a market? However, not all these computers are targeted at those markets. The Samsung Q1 is a small handheld tablet computer meant for video, email, Internet, etc. This is a case where they’re trying to put the desktop in your pocket, but with specs like a 900MHz proc and 512MB RAM, you just aren’t getting that.

This suffers from a lot of the same drawbacks as the Eee PC. Too big for real portability yet too weak for real use. However, this one isn’t quite so cheap. With a price tag of around $1000, you really have to want one to buy one. So I ask again, where do these “in between machines” fit in? Or maybe the better question is…

How big are you?

Recently I’ve been working on the membership provider that I talked about in my last ASP.NET post. I know it was mad secure already, but I figured a little extra beefing up probably wouldn’t hurt. So I create a user class derived from MembershipUser and override some more methods in my derived MembershipProvider class. I fire up the page, login and then bam!

Configuration Error

Ok, well how about we set some breakpoints and see what’s going on. I hit F5 and get a welcome dialog in return:

You want Windows auth? I’ll give you Windows auth. Back into Visual Studio. Open up web.config. Change it from Forms auth to Windows auth:

<authentication mode="Windows">

Ok, let’s F5 again…

Ok, looks like I’ll need a little more help. I hit Google with the error and get a wide variety of help. After a few wild goose chases and clicking through IIS Manager a lot, I finally come across a page actually talking about this problem in Vista and IIS 7. It says to go to the “Turn Windows features on or off” dialog. I go. As directed, I click IIS -> WWW Services -> Security, and then check “Windows Authentication”:

Ok, seriously. What the heck? The option that the IIS 7 help page for my exact error is telling me to check an option that isn’t there. Peachy. I go back to IIS Manager and go to the Authentication section for my site. I click on help and find the answer to my questions (but not my prayers):

What? What?!? So Windows Home Premium isn’t good enough to debug with? For something as “esoteric” as debugging you have to go all out and buy Windows Vista Ultimate? Please… Sure I can still debug by opening up my project as a file system solution rather than an HTTP solution and then debug with Cassini, but that’s just annoying and just shouldn’t be necessary. You shouldn’t need the end-all-be-all ultimate-of-ultimates version of Vista to debug. However, since there’s little choice, I may just be upgrading to Vista Ultimate after all:

At least this gives me a more compelling reason to upgrade than the “Vista Ultimate Extras”…

Creating a login page with ASP.NET is almost ridiculously easy. First create a page called “Login.aspx”. If you want to use a page named something other than “Login.aspx”, you can specify that in your web.config file:

<authentication mode="Forms">
  <forms loginUrl="member_login.aspx" />
</authentication>

After that, add an <asp:Login …/> control inside your page. The how to use the ASP.NET login control article from MSDN has more details (if you need it). After a successful login, the user will be redirected back to the page they were originally trying to access before being redirected to Login.aspx. If the user went straight to Login.aspx, they they will be sent to your Default.aspx page. If you don’t have a Default.aspx page or simply want to send them somewhere else, add this attribute to your asp:Login tag:

DestinationPageUrl="~/YouLoggedIn.aspx"

Easy enough, huh? Well, how about the actual authentication? By default, ASP.NET will try to authenticate with the AspNetSqlMembershipProvider as specified in your machine.config file:

<membership>
  <providers>
    <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web,
               Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="LocalSqlServer"
               enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/"
               requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7"
               minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression="" />
  </providers>
</membership>

If you want to use your own database provider, just specify it in your project’s web.config:

<connectionStrings>
  <add name="GlamRock" connectionString="server=skidrow;database=motleycrue;uid=poison;pwd=warrant;"/>
</connectionStrings>

<membership defaultProvider="MySQLProvider">
  <providers>
    <add name="MySQLProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral,
               PublicKeyToken=b03f4a8e571d503a" connectionStringName="GlamRock" enablePasswordRetrieval="false"
               enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false"
               passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7"
               minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression="" />
  </providers>
</membership>

Or if you want to make your own provider you can easily do that too. Again, in web.config you add:

<membership defaultProvider="Simple">
  <providers>
    <add name="Simple" type="SimpleMembershipProvider, App_Code"/>
  </providers>
</membership>

Then add a new class declaration for SimpleMembershipProvider under App_Code, override ValidateUser and put your super complex code in it:

public class SimpleMembershipProvider : MembershipProvider
{
  public SimpleMembershipProvider()
  {
  }

  public override bool ValidateUser(string username, string password)
  {
    return (username == "mike" && password == "foo");
  }

…and of course you need to define all the rest of the abstract functions from the MembershipProvider base class. If you want to read in a flat file with all the account info you can do that or maybe read in a file that’s been encrypted with .NET’s encryption mechanism and then decrypt it. It’s really up to you. Although, I’m awfully fond of my implementation up above…

I’ve recently started getting into web development. Some javascript here… some ASP.NET there… It’s all pretty interesting and definitely different from desktop development. One thing that I’ve found helpful is all the great (and free) tools out there. Here are some of my favorites so far:

• Reflector - Of course there’s Reflector. Everyone knows about Reflector. Not necessarily web-centric, but definitely web-useful.
• Aptana - This is a great Javascript, CSS, HTML tool that has intellisense and keyword coloring built-in. It also supports Ruby on Rails and PHP as well as Javascript debugging in the browser.
• Firebug - Speaking of Javascript debugging, there is Firebug. This is a Firefox extension that lets you set breakpoints in Javascript, shows you errors in Javascript line by line, and also lets you view and modify the HTML, CSS, Javascript, and DOM of any page in realtime and view the results. Really slick.
• Web Developer - This is Firefox toolbar that allows you to mess with cookies, Javascript, CSS, images, and just about everything else. It can overlay layout information right on the page and I’m sure lots of the other things that I haven’t even found yet.
• IE Tab - Here is another Firefox extension, but this allows you to see your page rendered by IE from within Firefox with only one click.
• Builtwith.com - You put a URL into this site and it gives a report of all the technologies used to build the site. Satisfies your curiosity when you’re foaming at the mouth to know how they built that uber cool site you found today.
• Fiddler - This is an HTTP debugging tool. It acts a proxy and logs all your HTTP traffic and lets you set breakpoints, modify data, and all that. It automatically works with IE, but have to configure Firefox if you want to use it as a proxy.
• ViewState Decoder - A nifty little tool that allows you to put in the encrypted ViewState text blurb and it will show you the cleartext all formatted pretty.
• NoScript - Who can forget about NoScript? I’ve blogged about NoScript from a security prospective, but it can also be used to disable Javascript for your current page or selectively disable Javascript based on domain.

I’m sure there are many, many more. Like I said, I’m still fairly new at this. So what are your favorite tools for web development?

No, not *this* site, but sites that show up in Google’s search results just might:

See the little warning underneath the title up there? Well apparently this message shows up under search results that Google has “identified as sites that may install malicious software on your computer”. You can even try to click the link, but Google will warn you once more just to be sure:

If you’ve protected yourself like I’ve talked about before, then you’ll probably be ok, but most people don’t. (Disclaimer: Don’t hold me responsible if you get h4ck3d anyway. You’ll be the one that has to fix it!)

I just have to wonder how Google is deeming these websites as “virus-y”. Does it have a farm of machines armed with various browsers visiting all sorts of different sites and then seeing if they come out without a scratch? Or does Google go test the site right after it gets added to their database? But then what if a site was originally clean, it gets added to Google’s database, but then a week or so later it either gets infected or even intentionally starts installing malware to unsuspecting visitors? Then you have Google results that indicate that the site is safe to visit even though it really isn’t. And that’s probably worse: having a false sense of security. Then what if Google in their infinite wisdom says that my site “may harm your computer”. What am I to do? Would I be stuck with this stigma forever?

However, it’s still probably a good idea for Google to provide this type of service. Most people still can’t tell a malicious website from a hole in the ground and wouldn’t be able to tell if anything had been installed even if their system is totally infested with trojans, worms and the like. What’s worse is that some people seemingly don’t care or even want to get infected. And with malware variants on the rise, don’t expect things to get any better…