Archive for May, 2010


Moved again!

Well, I moved again! I’ve upgraded my hosting on my website, and switched it to a WordPress blog. It’s now been running for a week at http://www.matthewdaly.co.uk/ , so please join me there!

PassCrunch

As an exercise to teach myself the basics of regular expressions in JavaScript I decided to implement a small function I called passCrunch to check how secure a password is. I implemented it based on the following principles:

  • First of all, check for a list of well-known easy to break passwords to foil a dictionary attack, and reject it if it’s there.
  • Then check that it’s at least 8 characters, and reject it if it’s not.
  • Then implement a counter to measure how secure it is by various checks.
  • Then add to the rating if it’s more than 12 characters.
  • Add to the rating if it contains lowercase letters.
  • Add to the rating if it contains uppercase letters.
  • Add to the rating if it contains numbers.
  • Add to the rating if it contains nonalphanumeric characters.
  • Finally, convert the result to a percentage score and return it as an integer.

The finished article’s available here as a .zip file if you’d like to use it, or just take a look at the code. Be warned, it’s quite long due to the fact that the list of insecure passwords I used had in excess of 3,000 entries in it! It includes a very simple HTML form which will allow you to submit a function and will return a score for it via an alert() dialogue. Feel free to use it if you wish!

Having recently completed the Database Design Methodology part of my course, I’ve now moved onto the next part, which is JavaScript Fundamentals. It’s quite an interesting topic since unlike HTML and CSS, JavaScript is a proper programming language (OK, technically it’s a scripting language, but it’s not merely a markup language like HTML), so I’m quite enjoying it.

However, I’m a little disappointed with the quality of the training materials for the course (CIW JavaScript Fundamentals). It was published in 2003, and recommends the use of Windows ME or Windows 2000, and Internet Explorer 5.5 or later, or Netscape Navigator 4.0 or later. Now, IE5.5 was released in July 2000, making it a few months shy of a decade old, a staggering length of time for the web. Netscape Navigator is even older, dating back to June 1997! Of those two browsers, IE5.5 now has a miniscule market share, and Netscape Navigator isn’t actively developed at all anymore (although Mozilla Firefox is built off the same code base).

Given that in the last few years Internet Explorer has been rapidly losing market share, and developers are doing things with JavaScript that we couldn’t dream of five years ago, you’d hope the course would cover the more interesting and powerful things we can do with JavaScript today, such as AJAX, Greasemonkey scripts or third-party libraries such as jQuery. Instead, I’m stuck with form validation (OK, fair enough, need to learn that), manipulating frames (seriously, frames? When was the last time you even saw a framed website? They’re ugly and a pain to use) and pop-up windows.

Personally I’m more than willing to take up the slack myself by studying independently, but I’m sure there are plenty of people who wouldn’t do so until they reach the workplace. Admittedly, the fundamentals of the language haven’t changed, but there’s plenty of stuff that’s of very little use today that I’ve had to learn when I could be learning something more useful.

So surely these texts are long overdue for a refresh? I would hope that a newer release would cover at least some of the following:

  • At least one third-party JavaScript library, such as script.aculo.us or jQuery.
  • Writing Greasemonkey scripts (which is a very good way of learning more about JavaScript).
  • Creating a simple AJAX application.
  • Using a JavaScript debugger such as Firebug.

I really don’t think there’s any excuse for the training materials being that outdated when some of their other CIW training materials are much more current.

For a while now I’ve been looking for a good free shell account provider, and the other day I stumbled across the best I’ve ever seen at http://devio.us/. They run OpenBSD, they provide pretty much everything you could want from a shell account provider, and they’ve been very willing to help so far – when I asked if they had plans to add Python support, they added it within 24 hours. If you’re looking for a good shell account provider, I suggest you give them a try.

I’ve made the tough decision to abandon Blogger and move my blog to WordPress. For those of you that have joined me from my old blog at http://farbeyondtheedgeofreason.blogspot.com/ thank you very much for doing so!

The new blog will have a somewhat different emphasis than my old one. Rather than being a bit of a free-for-all covering Linux, programming, new websites and anything else that I think of, this blog is going to be much more focused, with web development as the main subject. That said, we’ll have to see how things work out.

I’m considering another move in a few months time, with my site at http://www.matthewdaly.co.uk/ becoming the new location of the blog, but that would require paid hosting, so I’m going to give WordPress a good try first before I commit to using it.