Friday, November 7, 2008

Forgotten Passwords

One of not very interesting design decisions we made when we rebuilt the site was to store only hashed passwords. For those of you that don't live in the technical world, that means we apply an algorithm (formula) to your password and we store the result. When you login, you enter your password and we apply the same algorithm and test the result against the stored value - if they match, you're in! The upside is that even if you're using a really bad password like 'password' we don't see it, and if our server was hacked they would not get your password either.

Sounds good, right? More security, reasonably pain free to the visitor. The downside is when you forget your password. If we were storing your password in clear text, we could just email it to you. Since we don't know your password, we have you enter a secret question and answer when you sign up - but what happens if you don't remember the answer? And there's our current pain point, based on the current form we show you:

image

Most people get frustrated because they don't remember the answer and miss the 'I forgot my answer' button at the bottom. If you click that we send you a new password via email, when you log back in you can change it. Works fine....if you understand what we want you to do!

It's on the list for our sprint (batch of work) to fix, or at least do differently. Good user interface matters is an obvious statement, not always so easy to know what is a good UI. We watch and listen a lot, and that's where we find places that need work. On an average week perhaps a dozen people use the form, and maybe 1-2 of them get frustrated, and that's more than we'd like for something that should be routine.

Posted by -- at 9:22 AM 0 comments
Labels:

Monday, October 27, 2008

Sponsoring the South Florida Code Camp on February 7, 2009

We've been frequent participants in the technical communities here in Florida, attending most of the events as speakers and sponsors. At least one of us will be heading down to the South Florida Code Camp to sponsor the speaker social the evening of February 6th and with luck we'll get to do a presentation or two on Saturday as well.

This is a huge event! We went last year and they had more than 600 attendees and around 70 presentations. Well worth the drive to south Florida. All the details at http://codecamp09.fladotnet.com/.

Andy

Posted by -- at 1:16 AM 0 comments
Labels:

Thursday, October 23, 2008

Working on New Features - The Quiz

So what's going on at JumpstartTV these days? We've been a little distracted, trying to finish up preparations for SQLSaturday #8 coming up on October 25, 2008. But besides that, the next big thing we're working on (and you'll see a portion of next week) is adding quiz questions that directly relate to a video. There's nothing like a short quiz to keep you focused while you watch a video, and to confirm that you understood the concepts.

Of course, getting all that ready is 1 part technology and a lot of parts sweat, we're going to have to re-watch all the videos and build questions and answers based on the video. For now we'll be focusing on the SQL videos, but eventually we hope to have questions for almost all of our videos.

We've got a couple interesting twists to the quiz that we hope you'll like, and expect to have them deployed for comment in the next couple weeks.

Andy

Posted by -- at 11:44 AM 0 comments

Tuesday, October 14, 2008

Content Update - October 14th 2008












































































































































































































Video TitleChannel(s)Author(s)
Creating a new trace with SQL Server 2005 ProfilerSQLJack Corbett
Detecting deadlocks with SQL Server ProfilerSQLJack Corbett
Explaining the properties window in SQL Server ProfilerSQLJack Corbett
Extracting T-SQL events from SQL Server ProfilerSQLJack Corbett
Adding and Removing columns from SQL Server ProfilerSQLJack Corbett
Saving a SQL Server Profiler TraceSQLJack Corbett
Adding filters to column in a SQL Server Profiler TraceSQLJack Corbett
SQL Server Profiler TemplatesSQLJack Corbett
Reusing a saved SQL Server Profiler traceSQLJack Corbett
Replaying a SQL Server Profiler TraceSQLJack Corbett
Saving a trace definition in SQL Server ProfilerSQLJack Corbett
Adding and Removing events from SQL Server ProfilerSQLJack Corbett
Integrating Performance Monitors with SQL Server ProfilerSQLJack Corbett
Creating windows perfomance monitors for SQL ServerSQLJack Corbett
SQL Server 2005 / 2008 XML Data TypeSQLKendal Van Dyke
Using FOR XML with SQL ServerSQLKendal Van Dyke
Intro to SQL Server XML Schemas, Part 1SQLKendal Van Dyke
Intro to SQL Server XML Schemas, Part 2SQLKendal Van Dyke
Using OPENXML in SQL ServerSQLKendal Van Dyke
Quickly creating XML Schemas in SQL Server 2005 / 2008SQLKendal Van Dyke
Converting a Text data type to an XML data typeSQLKendal Van Dyke
Identifying bad xml data in Text data typesSQLKendal Van Dyke
Creating Primary Indexes on XML Data Types in SQL ServerSQLKendal Van Dyke
What is Dot Net Nuke?.NETWill Strohl
Dot Net Nuke Tour.NETWill Strohl
Dot Net Nuke Terminology.NETWill Strohl
Backing up your Dot Net Nuke website.NETWill Strohl
Downloading Dot Net Nuke.NETWill Strohl
Installing Dot Net Nuke, Part 1.NETWill Strohl
Installing Dot Net Nuke, Part 2.NETWill Strohl
When to upgrade Dot Net Nuke.NETWill Strohl
Upgrading Dot Net Nuke.NETWill Strohl
Adding a new tab in Dot Net Nuke.NETWill Strohl
Adding modules to tabs in Dot Net Nuke.NETWill Strohl
Creating a new user in Dot Net Nuke.NETWill Strohl
Creating a new security role in Dot Net Nuke.NETWill Strohl
Creating a custom login page in Dot Net Nuke.NETWill Strohl
Changing profiles in Dot Net Nuke.NETWill Strohl
Copying Modules from page to page in Dot Net Nuke.NETWill Strohl
Module permissions in Dot Net Nuke.NETWill Strohl
Localization explained in Dot Net Nuke.NETWill Strohl
Connecting to a SQL Compact Database.NETMike Wells
Creating a new table in SQL Compact.NETMike Wells
Creating a new project for SQL Compact.NETMike Wells
Using Managed Procs with SQL Compact.NETMike Wells
SQL Compact Result Set.NETMike Wells
Using TableDirect with SQL Compact.NETMike Wells
Security Options for SQL Compact Database.NETMike Wells
Deployment options for SQL Compact projects.NETMike Wells
Posted by -- at 11:24 AM 0 comments

Friday, October 3, 2008

Setting Up The New Web Server

I had to take a trip to the collocation facility today to enable remote access. Actually I'd enabled it before, but Windows 2008 has two modes, one which requires Network Authentication, for more secure clients and communications, and the older RDP method I'm used to. The new one is the default, as it well should be, but it means that people like me, that casually set things up, don't realize it won't work until we connect. Since I couldn't really connect inside the cage the day I put the server up, I didn't realize until I got home. In case you need to do it, here's a good article on what to change on your side. This took all of 12 seconds to fix once I’d logged in.

It’s working now, but a funny story along the way.

When I built the server, I added accounts for myself, Andy, Brian, and Chris. As I've usually done, I set up the server, picked good passwords, and then mailed them off to everyone. As usual I picked funny ones, using the first word that came into my head when describing them. For Chris Rock, because of the name, and because he's a non-funny white guy, I use "funny" somewhere in there. Needless to say, everyone got a kick out of their passwords.

When Windows 2008 enforces passwords, it has a policy that requires various things. Since I was in a bit of a hurry here, I didn't muck with the requirements, and decided to go with them. I ended up adding mixed case, numbers, and other things to the words I'd chosen.

One problem: my main passwords (I have like 5) don't meet the requirements. They're combinations of numbers and letters, but I haven't typically mixed case or used non-alpha characters. So the first 2 or 3 I used didn't work.

Since I was in a hurry, I decided to just pick a new password. That was a few months ago. Today I got to the collocation facility today, signed in, surrendered my ID, got escorted to the rack and it was unlocked. I got the crash cart, connected a keyboard/mouse/monitor to the server, got the login screen, clicked my name and entered a password.

That didn't work.

I stopped for a minute, entered another one and that didn't work. I switched to "administrator" and tried a couple and they didn't work. So I stopped for a minute, wondering what I should do, being 15 or 20 miles from home and my laptop.

So I called Andy and promptly got dropped into voice mail because he is teaching a seminar today. I tried a few more passwords for myself, variations and combinations of my default 5 and then sat there for a minute.

Since I knew my partners well, I ran through a list of possible passwords. I rejected Brian and Chris because I had an idea of what word I'd use, but not necessarily how I altered the word for security. For Andy I knew the word, but wasn't sure what to do. Then on a whim, I added a number to the end and hit enter.

Success!! I could see the desktop being prepared. Going with my first instinct on the word and number worked great and I could reconfigure things.

Fortunately Andy called back shortly and gave me Chris' number so I could have him test it before I left. We now have remote access and can set about moving the web stuff to the new server and getting some redundancy and protection for the database and web code.
Posted by -- at 4:19 PM 0 comments
Labels:

Friday, September 26, 2008

Tagline - Part 2!

Last week we talked about Do We Need a Tagline and our not too creative efforts to come up with something we liked. Brian was working on short welcome video that we wanted to try out for new visitors, and as I listened to one of the versions, he said something that sounded pretty good....'learn something new today'. Maybe not perfect, but better than our others and it is a pretty good description of what we're about. Chris is updating our marketing materials and hopefully it'll show up on the site as well.

Coming up next we'll have a post or two about our development strategy and life in a very small company!

Posted by -- at 11:08 AM 0 comments

Thursday, September 18, 2008

Do We Need A Tagline?

Chris has been reading Branding for Dummies and one of the ideas he came back with is that we should probably add a tagline to help explain a little about what the heck is JumpstartTV.

Back in the beginning Brian had "Your how-to hub" which seems ok, if plain. We've been trying to brainstorm in the background, and so far not sure we've done any better than that one:

  • Learn how right now
  • Watch.Listen.Learn.
  • The How-To Network (playing on the TV part)
  • Climb The Learning Curve
  • Get Jiggy With It (no, not serious, sometimes we just get silly)

We'll continue to not-think about it for a few days, but what about dear readers? Any great suggestions?

Andy

Posted by -- at 3:22 PM 0 comments
Subscribe to: Posts (Atom)

About This Blog

--
From time to time we'll be posting here about new content, new authors, and changes/fixes we make the site. We'll also be talking about our vision for our business and why we opt to go in certain directions. Please don't hesitate to post a comment, we'd enjoy and appreciate any feedback you have.
View my complete profile