Sunday 21 April 2013

Weekly Roundup: 21st April 2013

Welcome to another Weekly Roundup. Here you will find links to software, libraries and blogs I've found interesting in the last week.

Merging Code Nightmares

We've all been in the situation when we've pulled down the latest set of changes from a repository and got a merge conflict. Either another developer has refactored or changed the same code as you, or has moved the code entirely, meaning your merge tool doesn't understand the code & so cannot manage the merge.

Sermantic Merge by Plastic SCM has been released this week. This is a merging tool that understands your code and can handle merges involving code refactoring. This is a great tool if you experience these issues regularly and it works nicely with TFS, SVN, Git and Mercurial. It's only available for C# and VB.NET on Windows currently, but there are plans for other languages like C, C++, Objective-C and JavaScript for other OS in the future. It's currently in beta at the moment but it's definitely a tool that needs to be followed closely.

2 Factor Authentication

A few weeks ago I blogged about the state of internet security on websites. I said that 2 factor authentication was the way to go to secure your website. This week Microsoft finally added 2 factor authentication to its services such as Outlook, SkyDrive and Messenger.

2 factor authentication is a brilliant way to secure your accounts. I highly recommend you do this at the earliest opportunity. Scott Hanselman has a great tutorial on how to setup 2 factor authentication on his blog. The great thing about this is that you can use the Google Authentication app on both iOS and Android with your Microsoft account.

Browser Testing

The quick iteration by browser providers can make testing a nightmare. Both Mozilla Firefox and Google Chrome release new versions every 4-6 weeks,and combined with the number of operating systems and devices, the number of permutations between device and browser can be mind boggling.

Previously, testers might have virtual machines with different browser configurations for testing, however this is now getting to a stage where it's virtually unmaintainable. Enter BrowserStack. BrowserStack maintains all the various virtual machines and configurations for a small monthly fee. If you're a web developer that needs to test on multiple browsers (what web developer doesn't?!) then BrowserStack might just be for you.

Device Testing

Staying with testing, if you're a mobile app developer, and especially if you're an Android developer, you'll know that device testing is getting harder and harder with new devices being released all the time.

A great new service announced by Xamarin this week is Test Cloud. Currently in beta, this service allows you to upload your app to the Xamarin servers and Xamarin will then run your app across multiple devices (actual devices rather than virtualised) and produce test results for all of those devices. You can also write BDD tests and upload these as well. This looks a must-have service when it is finally released. It's only open to limited numbers at the moment, but you can sign up to the beta program on the site.

If you want more up-to-date links feel free to follow me on Twitter @lancscoder as I Tweet links throughout the week. Also if you find anything interesting don't hesitate to share it!

Sunday 14 April 2013

Weekly Roundup: 14th April 2013

Welcome to another Weekly Roundup. Here you will find links to libraries and blogs I've found interesting in the last week.

Sunday 7 April 2013

Weekly Roundup: 7th April 2013

After last week's Easter break, the Weekly Review is back with a change of direction. Rather than have a collection of links to recent news stories and blog posts that I've found interesting, I'm now going to link to open source projects and new libraries that I think would be good to get more attention in the wider world. I think the Weekly Review lost its way somewhat early on, and hopefully with a new name and direction it will get back on course. I'll still add the occasional news story and blog post in as well. These new "roundups" will probably be shorter than the old-style post but hopefully more interesting!

Let me know in the comments or via Twitter what you prefer.

Now, without further ado, let's get started with this week's "Weekly Roundup":

Sunday 24 March 2013

Weekly Review: 24th March 2013

Welcome to another weekly review.

Sunday 17 March 2013

Weekly Review: 17th March 2013

Welcome to another weekly review. This has been another busy week.

The big news story to come out is that Google is to discontinue Google Reader on the 1st July this year. Expect a wide range of RSS readers to flood the market in the coming months; if you want to know whats out there, replace reader is a good site showing other trending readers.

Wednesday 13 March 2013

The State of Internet Security

Another week, yet another high profile security breach for a website. This time it's Evernote; who will be next? It seems like it's becoming an almost daily occurrence that some website has had a security breach. Are our current methods of security broken? Do we need an international standard or just better eduction?

One Password

The web has come on in leaps and bounds over the last 10 years, and it now seems as if every website requires you to sign up. All of the security experts recommend you use different passwords for different sites, but how many people actually do this and how reasonable a request is this? If you have different passwords for your email , Twitter, Facebook, Google+, LinkedIn, Evernote, Amazon, iTunes, Dropbox and GitHub accounts then that is 10 already. If each one is meant to be long and complex (10 characters plus, and a mix of characters, numbers and symbols) is it reasonable or even possible to remember them all? And this is just a small selection of accounts you have that you use on a daily basis, and is not including all the throw away accounts you always end up signing up for.

There are a number of services already available such as LastPass and 1Password but neither are the silver bullet, even though they go part of the way to solving the problem.

So as a web developer what can we do to protect ourselves and more importantly the user data we hold - what options are available?

OpenID and 3rd Party Sign Ins

A popular solution is using OpenID; this goes part way towards taking the responsibility of protecting user passwords and other sensitive information away from your website as you don't store the data in your application. StackOverflow is probably one of OpenID's success stories. However it has not been a success for everyone. Rob Conery has detailed some of the issues he's faced in the past with OpenID.

A way around this is just allowing your customers to sign in with a single 3rd party account. For example Spotify allows users to register with just Facebook; this is easier to manage but it does require all of your users to have a Facebook account.

Mozilla Persona

An alternative to OpenID and a step further than 3rd party sign-ins like Facebook is Mozilla Persona. This is a relatively new development and hasn't had a huge amount of traction yet but it is growing and is one to watch.

2 Factor Authentication / Single Use Code

An additional security step that can be taken is the use of two-factor authentication. This is when a code is sent via email, phone, text or app and is required as a second step in order to login. This is becoming a popular option with Google, Dropbox, Steam, Microsoft (through the use single-use codes), plus many more having this option for its users. This is a complex system to set up, and if you are on limited resources it's not always feasible to implement.

The Password-less Option

A unique take on the issue of security has been taken by Marco Arment (of Instapaper fame) in his new project The Magazine. Rather than logging in with a username and password you login with just your email address. From this a one-time login link is sent to your Inbox and this logs you into the site. I think this is a nice approach to the problem and one that is definitely worth considering if you are implementing a new system.

Feedback

I think the key to providing successful security to your users is giving them feedback at every opportunity. For example, if your user logs in on a new computer, send them an email to say that. Then, if the real person actually hasn't logged in, the user can quickly change their password and/or contact you. Facebook, Dropbox and GitHub are just a few of the companies out there that do this.

Google takes this one step further. If you've ever looked at the bottom of your Gmail inbox you can see a link called "Details". This shows recent sessions for your account and the relevant IP Addresses, so you can see any suspicious activity and reset the session as well. This is also handy if you've left your account logged in on any public machine as well.

Conclusion

As you can see, there are a number of different options to consider when even thinking about security, let alone implementing it. Not all of these options are easy to implement, or possible depending on the size of your project or team. I think the key though is providing user feedback at every opportunity. This will help to gain the trust of your users and improve their overall experience of your product.

If you want links to technical articles and blogs feel free to follow me on twitter @lancscoder as I tweet links throughout the week.

Sunday 10 March 2013

Weekly Review: 10th March 2013

Welcome to another weekly review.