Category: Techie

I don’t remember who first mentioned MaxiVista to me, but whoever it was: thanks. I’ve just downloaded the trial version, and it has proved to rock. I’ve never worked with multiple monitors before, but I can see myself getting used to this rather quickly. Even over an 802.11g connection, the performance is just fine.

(Testimonials and further explanations of exactly what MaxiVista does from Scott Hanselman and Ryan Farley.)

The only problem I’ve found with it so far is that when Firefox (0.9.1) is running on the second monitor, it still displays all its menus on the primary monitor. How odd.

If I hadn’t just gone through the hassle of changing web hosts at the back end of last year, TextDrive are the folk I would be signing up with right about now. (Via Brad Choate.) I’m extremely happy with pair.com, but TextDrive’s hosting packages are fine-tuned for personal publishing, and blogs in particular.

Incidentally, I’m now also on the lookout for some Windows/.NET web hosting. I don’t suppose anyone has any recommendations?

The “Close Other Tabs” sits waaay too close to the “Close Tab” option in the tab context menu.

Nuts.

I’ve been developing web applications since 1998, but it was only a couple of weeks ago that one of the fundamental aspects of SSL (Secure Sockets Layer) really clicked into place for me: during an SSL session, the traffic is encrypted with a symmetric algorithm. SSL only uses an asymmetric (public key) algorithm during the session handshake in order to securely exchange the symmetric key for the rest of the session. The bulk of the SSL session is therefore optimised for speed, while the key exchange (the most vulnerable part) is optimized for security. Clever.

I can already see Spence shaking his head in disbelief that I hadn’t known this. My only excuse is that I’ve spent most of my time on inward-facing web apps, rather than public, internet-facing ones. (Not much of an excuse, though, I know.)

While I’m in a confessional mood, I might as well admit that the technique of salting hashes for increased security in storing passwords had passed me by until recently, too.

The real cleverness of salting hashes is not the technique itself, but the recognition of why it’s important. You could just take the attitude that if an attacker has got access to your database, then they can do whatever they like with it anyway, so why bother further encrypting the passwords you store in it? The problem with this is that most people re-use the same password in multiple places. So if an attacker gets hold of someone’s password for their blog, say, then chances are they can use it to also gain access to that person’s email or online banking account.

I’ll take this opportunity to recommend again the Password Safe tool, which removes the burden of having to memorize dozens of different passwords. Go get it, and start using it. If you’re not a computer expert, it’s difficult to spot where the weakest link is in any security chain. Password Safe, at least, will help to make sure it’s not you.

…but I’m stuck here instead. Huh.