When it comes to login or authentication schemes for web pages you have a few choices.  

1. Authenticate with email address and a password.
2. Authenticate with a user name (either system or user generated) and password.
3. Authenticate with an account number (or some relevant identifier) and password.
4. Authenticate with an account number (or some relevant identifier) and pin or other unique identifier (SSN, address, etc).

Each of these schemes has its own unique merits.  The most popular is probably number one above.  The email address is usually one of the easiest logins to remember.  However a potential stumbling block is the situation where multiple unique users share an email address.  It’s hard to believe that this seems logical to a person when email addresses are a free commodity.  

Number two is probably the second most popular as it eliminates the problem from number one, however it introduces the problem that a user must remember some kind of random user name because they probably won’t get the one they want as it will already have been taken.  This increases the possibility of support calls and user frustration.

Number four is becoming more common especially for financial services and other highly regulated or secure environments.  All information is meaningful and unique.

My preference is usually number one.  It’s common and easy to understand and the draw backs are easily remedied by the forcing of a unique email address.

I choose number four as my second choice.  It’s more complex to implement but it provides a higher level of security while using relevant customer/user information.  This would prove especially effective if the required login information changed randomly like many financial institutions authentication schemes.

As usual Joe is right on target with this article.  He explains why MS Project sucks for software projects (it's meant to manage construction of buildings not software) and why Excel is the most complicated tool you need to create a good software schedule.  I believe the SCRUM process also uses spreadsheets.  I had a colleague who was big on the SCRUM process and it seemed very promising in that it let the developer plan the work without a dog and pony show.

http://www.joelonsoftware.com/articles/fog0000000245.html

I've often wondered if you could prove that the speadsheet is one of the most valuable pieces of technology ever, perhaps behind the hand calculator, email and the word processor.

Every once in a while you come across some truly innovative useful software.  Wink is that type of software.  It's a free application that can capture screen shots as either individual frames are as a mini movie which are then converted into single frames and can then be edited and eventually saved as a flash .swf or windows .exe file. 

I intend on using it for help systems and instructions for remote users.  Did I mention it's free?

All I can say is wow.

http://www.debugmode.com/wink/

@echo off
call :timer start
dir
call :timer
goto :eof

:timer
if /i "%1"=="start" set timer=
for /f "tokens=2-5 delims=:,." %%a in ('echo.^|time^|find /i
"current"') do (
  set hh=%%a
  set /a mm=1%%b-100,ss=1%%c-100,dd=1%%d-100
)
set /a hh=1%hh:~1,2%-100,timer=hh*3600000+mm*60000+ss*1000+dd*10-timer
if /i not "%1"=="start" echo elapsed time = %timer% msec
goto :eof

:eof

alt.msdos.batch.nt as posted by Garry Deane

Once again, Joel is a great resource.

In this article he links to the project specs for Aardvark which is a remote help system that you can use to help your aunt get her pc working again (if she can connect to the internet).  The product itself looks nice but I'm more interested in the spec itself at this point because of the best practice gems it contains.

Example 1:  Use CSS for formatting but tables for layout because CSS layout support is so buggy in modern browsers.  This is especially true if you have to support multiple browsers.  Trying to lay this out with div's can be an extreme exercise in patience. 

There are other examples such as making the user experience as simple and easy as possible.  Don't make the user answer unnecessary questions that they don't know the answer to anyway. 

It's worth a read, especially if your looking for modern web best practices as many sites out there are still publlishing information from 1999-2000.

This is a great tip as rsync is super fast and can work both ways.  But rsync is too good just to be a *nix only utility.  There is also a Windows version available from ITeF!x that installs cygwin, ssh and all the other goodies to get you going on the Windows side.  

Follow the installation instructions and you shouldn't have any problems.  

To make life easy I added the default install directory (C:\Program Files\cwRsync\bin) to my path.  I also added a couple of system variables for cygwin: CYGWIN = nontsec and HOME = c:\path\to\home\directory.  

Once you have rsync downloaded an installed you can alter the code above slightly to work on a Windows system.

desc "Deploy basic application directories"
task :deploy => :environment do
  dirs = %w{ app lib test public/images public/stylesheets public/javascripts db}
  dirs.each do | dir|
   onserver = "username@yourdomain.com:/home/username/web/"
   local = "/cygdrive/c/rails_app/" + dir
   cmd = "rsync -arvz -e ssh #{local} #{onserver} --exclude \"*.svn*\" --exclude \"*~\" "
    
   puts cmd
   rsync = IO.popen(cmd, "r")
   while line = rsync.gets
   end
   rsync.close     
  end
end

Notice that in the local assignment I'm not using "#{RAILS_ROOT}/".  This is because of the way cygwin has to access the NT (or FAT I suppose) file system.   "/cygdrive/c/rails_app/" evaluates to "c:\rails_app".  Notice also that I added another exclude for files ending with ~.  This is because I use VIM and it leaves these files all over and I haven't gotten around to another solution but this should serve as an example of how to exclude other file types.

Once last piece of goodness.  If you're using Textdrive (and why wouldn't you?) then you can set up certificates to authenticate with rsync instead of a password.  

Here's how it works.  Open a command prompt.  If you've added C:\Program Files\cwRsync\bin to the path then the ssh command should be available from the command line.  

Type this:

ssh-keygen -d

You will be prompted to save the key to a file.  Choose a location otherwise it will default to the value in your $HOME + \id_dsa.  When prompted for a passphrase you can leave it blank.

Now upload the *.pub file you just created to Textdrive into your  /home/username/.ssh directory and rename it to authorized_keys if this file doesn't exist otherwise copy the contents of your file into  the end of the authorized_keys file.  

Once this is done you know have a way to authenticate yourself via certificate from your machine to the Textdrive server.  This means that when you run the "rake deploy" command you won't be prompted for a password each time because you are authenticating via public/private keys.

Paul Graham seems to be an incredibly smart guy.

Here’s an article that covers a wide gamut of issues many of which I’ve pondered and I have to say I admire the way in which he has laid out this article and the coherent stream of consciousness it presents.

Essentially, it’s hard to work in offices, which I whole heartedly agree as I get the lion’s share of my work done at night after my wife has gone to bed and the house is quiet.  He also writes about the fact that people will work hardest for themselves and more importantly their idea and ideals. 

The idea that most intrigued me was the employer-employee paternal relationship and its implication of justice.  In other words an employer is obligated to take care of the employee and this makes the employee behave like a teenager, tugging at the reins of control imposed on him/her and resenting the cozy embrace of the parent’s house and rules.  His example of postal employees is dead on. 

Well worth the read but set aside 15 minutes of quiet time (if your office allows for such a thing) and read it.

Open your config/environment.rb and place this line someplace after the # Include your app's configuration here: comment.

ActionController::CgiRequest::DEFAULT_SESSION_OPTIONS[:tmpdir] = "#{RAILS_ROOT}/sessions/"

In this example if my application (on Windows) looks like this:
   
root/
    app
    config
    ...
    sessions

Then when you restart webrick or whatever web server you should see session data populate in the root/sessions folder.  This is an easy folder to access for session clean up if need be.

In production you could set up a task in cron or task schedule to delete these files periodically.

One thing that I love about Ruby on Rails is the fact that I can concentrate on adding functionality without the hassles I used to have with ASP.NET.  I just downloaded the search generator (gem install search_generator) which allows me to add a simple search feature to my site and even integrate some of the features from OpenSearch (http://opensearch.a9.com/). 

Once again the generators usually provide simple code generation which generates models, views, helpers or controller classes etc which you can then extend to your heart’s desire.  Usually the generators integrate or weave some feature into your application that just makes your life much easier. 

The beauty of rails is that you KNOW where things are at.  Where’s the business logic?  Controllers or Models.  Where’s the display logic?  Helpers or Views.  And it’s the same with each app. No need to scrounge around an inconsistent application looking for bits and pieces of some functionality. 

Rails is a shining example of some best practices and some pragmatic ideas combined with patterns and OOP to make one heck of a productive application. 

I uploaded my latest project to http://Textdrive.com the other night and at first I was disappointed with the response speed.  Then I remembered I was using cgi instead of fcgi.  I made the config change and the speed blew me away.  I’m used to ASP.NET application speed and the usual compile and load time each page normally takes.  Also with WEBrick I was used to a slower response time.  All I can say is that the UI was nice and zippy and just felt good. 

It’s one of those times when something surpasses your expectations.  Textdrive is a pretty good host and I recommend them.  I’ve had quite a few hosts to this point and I have to say their tech support has been great.  They also support the Ruby on Rails project which is great also. 

So far I’m enjoying life on the rails.

I'm working right now on creating a service that operates on messages with javascript.  The service is java and javascript makes a natural choice since almost everyone has to use javascript these days for that pesky web development. 

I'm using the Rhino package from Mozilla.  Right now I'm very impressed with the ease of use of this package. 

The main driver behind this is processing plain text.  Plain text just can't be changed to XML via XSLT.  So obviously a nice scripting language could manipulate the message to add tags and parse for naughty characters that XML doesn't like. 

I will post on how this turns out.