Top 5 Script Kiddie Mistakes

These are the most common and most annoying mistakes I see in web development code on a daily basis. Well, Ok, it’s the things that annoyed me most TODAY, but it’s not unique. It’s mostly PHP and MySQL stuff here, but the same abuses take place anywhere the language allows it.

1. Database prefixes. I find so many database tables that use a “table” or a “tbl” prefix. Are you serious? Do you think we don’t already know it’s a table we’re looking at? Likewise, some developers find it somehow necessary to use “column” or “col” in their column names. I mean really… do you pin your own name upside down on your shirt? Seriously, this type of labeling is completely unnecessary and it probably reveals you as the half-baked amateur that you are. Label your column names descriptively: too little info is bad, but too much is no better.

The one exception I make to this rule is this: be verbose with your primary keys because you’ll use those in all of your join statements. I know it’s easier to code if every table uses the ubiquitous “id” as the primary key, but if you ever have to do complex MySQL joins for reporting queries you’ll appreciate the fact that user_id or post_id references the same thing no matter which table it’s used in. Continue reading

Help! My Site Was Hacked!

This can happen to the best of us. Hacks suck. There is no formulaic response to them that is guaranteed to fix your site, but I’m going to outline a few steps that might get you back in the saddle and hopefully help you identify the extent of the damage. The most common type of hack I see is against sites running known systems (like WordPress) where the hacker modifies the index.php file and prints extra code into the pages. This causes visitors to inadvertently download malicious code and it causes Google to black-list your site. Did this happen to you? Keep reading… Continue reading

Securing Your Email via 2-Step Verification

It is vitally important to keep your email account as secure as possible. Google is one organization that emphasizes security, so take advantage of it! For Google Mail, it is easy to enable 2-step authentication. The idea is simple: in order to log in, you must provide something that you know (your password) and something that you have (your phone).

Think about this for a moment… normally if someone gets ahold of your email password, they could read your email (or impersonate you!). Think about it a bit more: once a hacker is in your email, they can visit other sites (like Facebook, PayPal, or ???) and they can easily click the “I Forgot my Password” link, and POOF: they’ll be able to log into any site that uses that email address. Continue reading

The Importance of Unique Passwords

This is a topic that Brian and I have spoken about in several posts, but take a minute to think about it: what could happen if a hacker cracked just one of your passwords? You may not think your information is really very special… so what if someone reads your email to your mother, right? Well, let’s think about this a bit…

I just read Parmy Olson’s We Are Anonymous, and one of the most devastating hacks carried out by the hacker group Anonymous was against the cyber security firm HBGary Federal and its CEO, Aaron Barr. One exploit gave the hackers password hashes, which were then cracked, so suddenly hackers had Aaron’s passwords out in the open: “kibafo33″. Continue reading

How to Simply Rip DVDs in 64-bit Windows

Handbrake iconIn the past, we’ve looked at how to easily rip DVDs on the Windows platform. That method still works great, unless you’re on a 64-bit version of Windows. For those of us now running Windows 7 64-bit, we have a problem: DVD43 – a required decrypter used in the previous tutorial, does not get along well with 64-bit versions of Windows.

The Solution – Handbrake with libdvdcss

There’s an easy solution to this problem, and it only requires the installation of one software program. I’ve migrated to the mighty Handbrake for all my DVD rips. First, install the 64-bit version of Handbrake. As of this writing, the latest version is 0.9.6. Continue reading

Microsoft takes another hit: NGINX tops IIS

Some bloggers have suggested that ripping on Microsoft is going out of style… but this week Microsoft’s beleaguered IIS web server got bested by the open source NGINX web server.

Web Server Statistics

Microsoft IIS goes down

My beefs with Microsoft are many, however, I will tip my hat to Bill Gate’s many generous donations to charity. That’s really the most remarkable thing about Microsoft: it gave birth to one of the most magnanimous philanthropists of an entire generation, and no words can express thanks for that.

Continue reading

How WordPress Destroyed the Internet

WordPress is so popular that it is taking over — it’s behind 22% of all new sites on the internet, but this sets a dangerously poor coding standard. Our infrastructure is crumbling!

Yes, this is a rant. My beef today is this: the WordPress manager might be easy to use, but under the hood, it sucks. There, I said it. It’s awful architecture and it has taught thousands of web developers that it’s Ok to write piss-poor code. This has single-handedly dumbed-down a whole generation of developers by setting a bad example. WordPress is the junk food of coding standards: ubiquitous, tastes good, but lacking any nutritional value.

I’ve ranted about WordPress before but what put me over the top today was the Suffusion Theme. It looks like a clean layout, so I thought I’d give it a try. Holy flaming monkey balls, was I in for a shock!

Continue reading