This is my personal blog. The views expressed on these pages are mine alone and not those of my employer.

Monday, 23 November 2009

Regular Expressions are fun

I've finally made the effort to fully understand how to write my own regular expressions.  In the past I just had no idea what something as cryptic as ^.+[a-zA-Z][a-zA-Z]\d\d\d\d\d\d.+?.pdf|^.+\w+\.xml (I just wrote that) meant.

Plugging that into my application now means that it fully validates my input, and does it perfectly.  How did we manage before these things were invented?

If you want to learn more about regular expressions then take a look here.

Wednesday, 4 November 2009

Using the @MasterType directive instead of the @Page directive with MasterPageFile=""

Just a quick snippet for future use.  When referencing a master page within your aspx file its best to use the @MasterType directive rather than the MasterPageFile="" attribute of the @Page directive.  Doing so will allow strongly typed access to any methods you've put in the master page rather than having to do something ugly.

Example:

((DefaultLayout)this.Master).SetPageHeading("This heading is set from inside Default.aspx");

becomes:
Master.SetPageHeading("This heading is set from inside Default.aspx");

Much better dont you think?

Tuesday, 3 November 2009

Browser discrepancies, arghh!

Why oh why do browsers from different vendors (Internet Exlorer, Firefox, Chrome etc) STILL have problems agreeing on the correct way to display a web page and correctly interpret javascript?

The World Wide Web Consortium has been around for 15 years now and defines the standards required for web developers to follow (which I must say I attempt to do very carefully) only to find that most browsers out there don't (or even worse have their own interpretation of them).

The problem here is the W3C leaves it up to the software manufacturers in order to become 'compliant', which doesn't mean much, as there are different standards of compliance, huh?

Microsoft's latest version of Internet Explorer claims it is "standards compliant" and has been riled all over the internet forums for breaking existing websites. Which I think is a very positive move as now these websites must also begin to follow standards or start losing traffic.

I think the only way this can be tackled would a scheme which checks new web browser software prior to market for compliance, and only if it passes 100% of tests can it legally be called a browser. Such a scheme could work in the same way that SSL certificates are issued, and would work something like this:
  • Software is submitted to an independent authority which performs tests on the browser for compliance with current standards
  • Following a successful result a certificate is issued based on a signature of the software, and is unique to that software
  • In order resolve domain names this certificate must be included in DNS requests, failure of which would mean the request is ignored
Assuming this is possible would mean that non-compliant browsers would be less convenient to use for end users (who wants to type in IPs each time they want to visit a page?) and would result in loss of custom, forcing them elsewhere.

On a side note the latest version of outlook express actually uses the Word (yes Word) to render embedded HTML, surely this is a joke Microsoft?

Monday, 2 November 2009

Why I hate the bank card readers

All the major banks are now supplying the darned card readers to be used for online transactions.

If you don't know what I mean they're the little "calculator like" devices which you insert your debit card (and pin) to allow yourself to be authenticated via online banking.

However (like all security) there are downsides:

  • You have to carry one everywhere you do your online banking
  • For some reason most institutions lock them to only work with their cards (so you cannot simply borrow one from someone)
Most people mis-understand how these devices work, the clue is in the name, they are a reader, they don't have any logic on-board regarding anything financial. The processing all happens within the chip itself on the card, the readers are simply a means of communicating with your card.

Regarding having to use one for each institution would be very understandable if each used their own algorithms for card transactions, but this would be both a massive overhead and simply isn't the way its done (do they have different card readers for each bank in the shops?). Instead a marker is set on the card detailing the banks 5 digit number. The readers must simply compare this to a pre-set value and if not identical "Wrong Card", god dam!

Forcing most people to have to carry this stupid things around with them.

Regarding security they can actually make it worse. Picture this. Dark alley late at night. Thieves mug you, get your card, and demand your pin. It can be checked on the spot, without the thieves having to risk marching you to the nearest cash machine. This is stupid that these things actually issue "wrong pin, try again". A better way would to be simply issue the authentication codes anyway, which would of course be wrong had the pin being incorrect.

Nevermind, maybe the banks will catch up with technology one day...

Shame on you banks for locking down on internet banking when the whole ethos is around making it more convenient for their customers.