Poor form design

Making a booking on the BFI’s website. What’s wrong with this form design?

Yeah that’s right – how can my credit card have a Start Date in the future?

How not to do input validation

Here’s a screenshot from a form I was filling in on the TV Licensing website. I’d just entered the date as 9/6/2009 instead of 09/06/2009. Obviously it’s too tricky for them to work out how to pad 1-digit numbers with a leading zero.

This falls into the same category as sites that insist you enter your username in either lower or upper case. Or that you enter your credit card without spaces or hyphens. Or that you format your phone number in a particular way.

It’s all putting extra work on the user for something that could be done automatically server-side with just a few lines of code at most. Not good practice!

PHP developers most satisfied

As reported in The Register, developers using PHP are more “satisfied” than those using other languages.

The top languages were:

• Actionscript
• Flex
• Javascript
• Microsoft F#
• Microsoft Powershell
• Perl
• PHP
• Python
• Ruby
• VB Script

I know what you’re thinking, “what no <insert_favourite_language_here”>? For me, that’s “what, no CFML?”

The survey was done by Evans Data. To view the press release on their website you have to register. Then to view the PDF of the report, you have to register again.

The report is 27 pages, with a page given to each of the top 10 languages, and a bit more analysis for all the major categories of the survey. They surveyed about 500 developers and IT professionals. The survey is actually for scripting languages, which is why I guess it omits several obvious popular languages. The one language in the list that is perhaps of most interest for Coldfusion developers is Flex, of which they said:

As with Actionscript, with the exception of ease of use, users gave Flex relatively low marks across the board. It did receive the second highest rating of any of these languages for quality of tools, something that most likely is attributable to the resources and support that Adobe contributes to the Flex community.

PHP, Ruby and Python all seemed to do pretty well. I’d be interested to know if they just gave developers that list of 10 pre-defined languages, or if more languages were rated, but they limited the report to the top 10 of those by usage.

Google: all sites may harm your computer

Sometimes you may have noticed “This site may harm your computer” appearing under individual search results on Google. Today I noticed it appearing under every search result, no matter what I searched for.

Some kind of hiccup down at the Google server farm? There was a generic error message that came up later, and now it all seems to be back to normal.

It’s reassuring to see that even Google can screw things up.

Update: as reported in The Register and LifeHacker

Google later put out the official explanation of what happened: human error. They’d entered / into their list of bad sites, which equalled all websites. Oops!

Sith Sigma

Found this interesting blog about management tips for technology organisations. Covering topics such as leadership skills, workforce efficiency, business intelligence, etc. Fairly typical to many other blogs on the same topic.

However, check the name: Sith Sigma. Yes, that’s right; it’s a blog from the Sith Lords, Darth Sidious and Darth Vader! They’ve obviously learnt many management and leadership tips while running the Empire. The title itself is a pun on Motorola’s Six Sigma business management strategy.

For example, here’s an excerpt from a post about Employee Performance Appraisals:

Storm troopers need to bring in Jawas for interrogation. Do we evaluate them on the sheer number of Jawas they bring in, or on the quality of the intelligence extracted from them? Obviously it’s a combination of both.

Another Storm trooper evaluation may have the very narrow categories of: 1) Following orders, 2) Number of prisoners who escaped.

This may seem like an ok set of metrics to evaluate a guard on, but we don’t want them to think that is the only aspect of their jobs. We don’t want narrow metrics to define the job. We may also care about: Initiative, efficiency, attendance record, prisoner health etc.

If it’s important to the organization, it should be in the performance evaluation.

Here be dragons!

Trying to resolve an issue I’ve been having with the Adobe Flash plugin for Firefox. I found some useful tips at MozillaZine.org which at one point directed me towards the about:config page in Firefox.

Accessing the about:config page then brought up this delightful warning message.

There aren’t enough dragons in the software industry! Or humorous warning messages for that matter…

Humour aside, this is a great example of an easy to understand warning message. No redundant ‘Cancel’ button. No verbose jargon that would just get ignored. A Submit button that is related to the action, and thus might be read rather than immediately clicked on in a Pavlovian response.

Information you shouldn’t display to users

Received an email newsletter from some company, and decided to unsubscribe. Clicking on the link gave me this page:

For some reason, Senior Send have decided it’s a good idea to output what SQL they’re using to delete me from their client’s mailing list. This sometimes happens, especially with Coldfusion, when you accidentally get an error. It’s not a good idea to display this much information even then. It’s an even worse idea to display this to any or all of your users.

SELECT id,status_id, mail_subscriber.name FROM mail_subscriber WHERE id = 94523

found 1

And the URL looks like:
http://internal.seniordev.co.uk/mailer/mail_unsubscribe.asp?id=696&subscriber=94523

I wonder what happens if I just change the subscriber ID to anything else? How long would it take to write a script to loop from 1 to 94522 deleting all users?

Maybe they should have just passed my email address, or a UUID, or an encrypted version of my ID. Maybe they shouldn’t have output their SQL.

How not to display images

Trying to register at xbox.com. For some reason their Flash detection seems not to work for me (using Firefox 3.04, Flash 10.0 r12). So they display an image telling me to "Please download Flash Player". If you look at the fullsize version of the screenshot, you’ll see the image looks sort of distorted.

It seems that Microsoft in their infinite wisdom, are stretching that image to fill the screen. This makes the text all fuzzy, and the female character they’ve used seem somewhat wider than her designer originally intended.

It’s kind of an amateur web technique. Often you’ll see it being done the opposite way, where a much larger image is squashed down to fit into a smaller space. In this case, the image often looks ok, but with the effect of increasing download time. If the end user is on broadband, they probably won’t even notice. However the amount of bandwidth your site uses will be higher than it should be. I saw a particularly bad example of this recently where two small logos on the page were actually very large .bmp files. The cumulative filesize of those files was over 750Kb. I converted them to .gifs, grand total about 10Kb.

The original image for comparison:

A separate discussion could be had over whether they even need an image on this page anyway. A simple text message telling me to download Flash Player would have sufficed.

Why you need to test your code – Racing Green

After bemoaning the lack of personal touch from House of Fraser greeting me as [ncgi::value emailaddr_], I got the following email from Racing Green:

I love it when you call me NULL!

Also you might notice a distinct lack of images showing up in this email (in Gmail). It seems to be because they haven’t properly formatted the URLs of the images. Looking at the source, it’s full of HTML like:
<img src=”http://srg-cms.snowvalley.com/upload/email_assets/NL RG Accessories Banner 11th Nov 08.jpg” alt=”Accessories Offer” style=”BORDER-TOP-STYLE: none; BORDER-RIGHT-STYLE: none; BORDER-LEFT-STYLE: none; BORDER-BOTTOM-STYLE: none” />

I’m guessing Gmail baulks at the unescaped spaces in the URL.

Why you need to test your code – House of Fraser

For some reason I ended up subscribed to the House of Fraser mailing list. Clicking on the link in their email to unsubscribe, I got this useful error message informing me that "[ncgi::value emailaddr_] has been removed from our mailing list.":

(click image to see full size)

I love the personal touch!