Weblinks

A collection of random tips for Amazon Web Services (AWS) that I wish I'd been told a few years ago, based on what I've learned by building and deploying various applications on AWS.

Advice for protecting your online accounts when having to use websites which don't store your passwords securely.

A quick guide on how to get graphics working on a Toshiba Portégé laptop when running Ubuntu 10.04 Lucid Lynx.

A quick guide on how to get networking working on a Toshiba Portégé laptop when running Ubuntu 10.04 Lucid Lynx.

Eleven tips for securely managing sessions in web applications. Detailing the current best practices along with common security issues and how to protect against them.

A look at what cross site request forgery is, and the techniques you can use to protect your site against it (including how not to protect against it). I also touch on the differences between POST and GET, and the conventions you should use.

A look at whether we really need to type out the 'www.' before a domain. This information can usually be implied, yet some sites continue to fail if you attempt to visit the URL without those four characters, infuriating users and sending them to look elsewhere for business.

Don't leave your users hanging when your database goes for a walk. Automatically detect the situation and give them something else to read instead.

Security questions are a great way for your users to access their account if they lose their password. They're also a great way for people to hack into your user's accounts. Don't negate a great password system by weakening it with poorly implemented security questions.

Password rules and restrictions are implemented almost everywhere with the intention of forcing complexity to make novice users pick passwords that are harder to crack. In reality they're adding predictability making them easier to crack, and restricting choice, infuriating users who actually do pick complex passwords.

Don't get caught out by the quirks of text-transform: capitalize. It might not behave exactly as you'd expect.

JavaScript is a great tool for making the experience of a website better for the user, but it can also turn away lots of users if you don't have a fallback. Always make sure things work without JavaScript too, otherwise you're going to lose visitors.

Many websites are still storing passwords in a way which compromises user security. Don't put your users at risk, learn how you should (salted hash with key stretching) and shouldn't (plaintext, plain hash, md5, your own algorithm) deal with passwords.

A print stylesheet helps to make sure your website still looks as great when printed as it does on the web. It also helps to save ink by not printing useless items. They're simple to make and can make a world of difference for your users.

It's important to separate the content of a website from it's presentation, just using CSS doesn't always mean this is the case. Here are some common pitfalls people are making in this area.

I'm building a music recommendation engine for my Masters degree.