Corey Roth and Friends Blogs

Group site for developer blogs dealing with (usually) Ionic, .NET, SharePoint, Office 365, Mobile Development, and other Microsoft products, as well as some discussion of general programming related concepts.

Kyle Kelin on .Net

April 2008 - Posts

  • Developer-Centric Companies

    The company I work for, Infusion is a developer-centric company. When I first met the owner I could tell right away how much he valued ability and intelligence. Infusion's strategy has always been to find the smartest people and grow them into leaders. Another developer-centric company is ThoughtWorks. The owner of the company, Roy Singham founded ThoughtWorks to disprove some of the myths that businesses had of intellectuals. My favorite is the following:

    "Intellectuals must be run by B students since intellectuals are idealist and only greedy B students are pragmatic enough to make real decisions"

    Not sure if I would consider myself an A student but I have seen in many companies this type of thinking. I find many companies who aren't developer-centric feel that technical people can't interact with customers or learn anything about business. I have been throwing around some ideas in my head and wanted to write down the criteria for developer-centric company.

    • Developers are not tightly managed and complete their tasks with minimal manager interaction.
    • Developers are viewed as professionals who are self-motivated and take pride in their work. They are not watched over.
    • The company is always looking to hire smart people with the right attitude. They feel hiring the right people is fundamental to the success of the company.
    • Developers are looked to provide business insight in addition to their technical contributions.
    • Performance and ability is preferred over seniority or politics.
    • Project managers are views as facilitators not controllers.


  • Why Are Websites Making it So Difficult to Login?

    Someone should come up with a standard for password requirements. I was creating an account on my car loan website today and here were the requirements for the password.
    • be at least 6 characters in length
    • contain both alpha (A-Z) and numeric (0-9) characters
    • use at least one upper case (A) and one lower case (a) character
    • not have more than 2 repeated characters (ex: "O'Tooole")
    • not have more then 2 characters in a sequence (ex: "123xyz")
    • not match the User ID

    Plus the username had to contain a number as well. Now I am all for strong passwords but this seems like overkill. It seems every site I create an account for these days has different criteria for a strong password.  I try to use only two or three passwords for every site but when a site has restrictions like above I have to create a new one. If it’s not one of the two or three I normally use I can’t remember it. Nothing is more frustrating for an end-user than not being able to login. And even if it is their fault that frustration will displace itself on the site they are having trouble logging into.

    I would prefer to be allowed to use any password that I see fit with a few simple limitations:
    ·         Can’t be the same as the user name.·         Can’t contain spaces or any scripting characters.·         Must be 6 characters in length.
    The other problem besides pissing of your users is if users can’t remember their password, they will write it down. I would venture to say (I don’t have any statistics to back this up) most accounts that are individually compromised are because someone found the password written down somewhere. Which is more secure me using the name of my first car or having RT890%GH*!!99 taped to the front of my monitor? I prefer to encourage stronger passwords rather than enforcing them by providing a strong password indicator to the user. Like the one with the ASP.NET Ajax toolkit. 

    Also I alluded to this earlier but I wish sites would quit requiring special characters or numbers in the username. It is a username it should be up to you. I use the same user name/user ID for all my sites (the ones that will let me) and I don’t see anything wrong with this.

    My bank uses a rotating set of secret questions in addition to a username and password if I am visiting the site from a new computer. I found this a bit intrusive at first but it does provide some extra security and when I am on my normal laptop it detects the cookie and skips the secret question.

    Maybe instead of a call for password standards we should be talking about CardSpace and OpenID. How long have username and passwords been around? Maybe it is time websites and applications evolve past passwords. On a funny side note I usually write my blog posts in Word then paste them into the DNM site. After writing this and going to login to the site I couldn’t remember my password. Though we don’t require strong passwords so I have no one to blame but myself on that one.J  
  • Blogging Directly from Word

    I just stumbled onto something and thought I would share. Until this post I have been copy and pasting from Word into Community Server but now I go to New à Blog Post (instead of document). I then get prompted with a dropdown of my blog provider. I selected community server then specified the address and my login credentials. That is it. Now I can type up a post save it and when I am ready hit Publish.

    There were a few providers and a hook to add your own if yours isn't listed. Also there was a picture provider which would be cool if could included images in a blog post and it would automatically get saved somewhere. I will need to play around more with that feature. Ok well let's see what this looks like.

Powered by Community Server (Non-Commercial Edition), by Telligent Systems