This is Tom Dibble's Typepad Profile.
Join Typepad and start following Tom Dibble's activity
Join Now!
Already a member? Sign In
Tom Dibble
Recent Activity
Two things: a two-part authentication verification scheme is always preferable to a single-part scheme. Those suggesting IP as the second part above are on the right track: you want IP + HTTP-Forwarded-For value; this allows a user to access your site securely over a protocol-supporting proxy server. Second, all the talk about SSL is protecting the cookie *in transit*, but not in rest. You are not protecting yourself from an XSS-initiated session hijack, nor from a disk-read or memory-read based session hijack. These are "harder" than the simple wire sniff attack, so SSL is a solid first step, but don't believe it gets you all the way there. Overall, taking SSL + two-part identification gets you a whole lot closer to secure (based primarily on how well the user secures their end of the conversation), to the point that neglecting to do so should really be considered a security failure on your site. From the user's end, never, ever, ever do anything on an open wireless connection (or any unknown network). Always use SSL where possible. Should go without saying, but obviously the world needs more education on the matter.
Toggle Commented Nov 21, 2010 on Breaking the Web's Cookie Jar at Coding Horror
@Adambanksdotcom: @Davraamides: crucial to keep in mind that although items are easier to click if they're *on* the screen edge, being *near* the edge - even one pixel away - completely removes the benefit. In fact, putting something *near* the edge probably makes it a bit harder to click, because it'll more likely be further away from the user's start position (compared to, say, an object in the centre of the screen). The Mac OS menu bar is a fairly rare example of an effective application of the rule. Actually, "completely removes" is incorrect. Anything along the edges of the screen is a flick away from anything on the screen. Something 2 pixels away from an edge is a flick and adjustment away from anywhere on the screen. The further from the edge the greater the adjustment, and it doesn't take long before "flick/adjust" is just as difficult as simply point/click. Moving something a few pixels "inland" does make it harder to click than placing it right along the edge, and there is almost never a good reason to do so. Example, since you mentioned it, the OS X menu bar: the Apple and Spotlight menu items look like they are set in from the corners by a bit, but if you flick the mouse to the corner and click you'll find that they activate even from the top/left or top/right pixels. Same thing is true of the Dock; the icon for each app hovers several pixels "inland" from the edge, but clicking right at the edge still activates the particular app (although I think this was changed at some point, as I seem to recall Jaguar at least not acting this way). The point, though, is that you don't give "all" benefit away. You just give away some of the benefit. And, if you want your button to be easy to get to yet hard to accidentally click, maybe 5 pixels in from the corner isn't a bad idea.
Toggle Commented Mar 26, 2010 on The Opposite of Fitts' Law at Coding Horror
I recently moved from my trusty old and somewhat battered 300D to a 40D. As I noted in http://tomdibble.wordpress.com/2008/05/20/moving-to-the-mid-range-the-canon-40d/ ... I certainly find it to be well worth the expense! One thing to note, aside from features, is that moving from the XSi consumer DSLR range to the 40D mid-range is that construction quality, sheer fit and finish, takes a serious step up. Everything is significantly more solid than either my old D-Rebel or the latest in-store generation of it. That and the gorgeous viewfinder and twice the burst speed for sports ... I can't see anyone rationally arguing that they shouldn't just spend the extra couple hundred to drastically improve their experience!
Toggle Commented Jun 12, 2008 on Canon 40D Price Drop at The Online Photographer
Great talk. One minor nit: a backlit miniblind background is hard to look at for very long! Google! What happened to the yellow room you usually use? In any case, to my surprise it ceased bothering me about five minutes in. The content is to credit for this.
Toggle Commented May 27, 2008 on Joe McNally at The Online Photographer
"If they are right (and the law of averages says they will be someday), then they get to say 'I told you so'." Umm, actually, no. "Gut" feelings with no actionable intelligence do not qualify as the basis for "I told you so". "I told you so" would be valid if he came on the news today, said we all need to duct-tape our windows shut, we ignore him, a duct-tape-reppelled dirty bomb hits, and those who ignored him die. Ha, I told you so! I told you what? I told you to do something because something was going to happen, and you didn't do it. No, here we have Chicken Little saying the sky is falling, yet again, but offering us not a whit of intelligence which might possibly change how we live our lives in such a manner that we might be more likely to live through it than doing nothing. If he's "right", he still gets no credit. He's not doing his JOB. Instead, he's trying to terrify the people.
Toggle Commented Jul 14, 2007 on please don't be afraid at WWdN: In Exile
1 reply
vavu: So, in other words, nothing will get better in 18 months because Bush has f'd it up so bad we'll be paying for his nation-destroying incompetence for decades to come? Yeah, I agree with you there. But, what's your point? I'd still rather have someone in there who is making semi-rational decisions aimed at getting us out of this hole we're digging than another blowhard tool who believes the best way out of a hole is to dig all the way through. In my opinion, the hardest things to fix post-Bush will be his usurpations of power to the Executive Branch (signing statements, spying authority, war powers, etc). That's going to take some ground-up public effort to reverse, because there's little reason for the next guy to give all that power back. As for the Libby commutation (NOT a pardon! Worse!) having any hidden meaning? What would make you even suspect that? Because you still believe Bush would do something that is "right" instead of acting purely on his personal motives? Again, what would make you even suspect that he'd do that? I'm sorry; the first two, three, or maybe even four completely craven political borderline-illegal moves he made might have gotten the benefit of the doubt. He's used all that up by now.
Toggle Commented Jul 14, 2007 on please don't be afraid at WWdN: In Exile
1 reply
I suspect that the original poster is getting a glare off his massive 48X lens reflecting the streetlight which is right in front of them as though it were high in the sky. Explains his repeated assertions that street lights don't grow miles above the nearest hill ...
1 reply