Thursday, 03 May 2012
The EU Cookie Law and your website

You've probably ended up here doing a Google search and there are hundred of websites tagging onto the "EU cookie law" that comes into effect on the 26th May 2012.

Firstly there are a lot of sites offering solutions and consultancy around the issue. If you are a developer who just wants to get down to the knitty gritty with all the cool free tools that are available on the Internet then please continue. Secondly the wording I have used and the various interpretations are my own, I strongly encourage you to read the ICO guidelines before implementing them and would also add that you use any of the wording or ideas I have put down here at your own risk.  If you are a large organisation I would refer to your legal department first for their interpretation of the law.

Right everyone is talking about doing a cookie survey and a lot of organisations will offer to do one for you. The truth is, this isn't a hard task at all it just takes a little time. All you need to do is make a list of all the pages on your site and all the actions you would go through on your site. Then get yourself a copy of.

  • Firefox (if you don't already have it, all web developers should have a copy)
  • Firebug (just about every web developer I know has this installed)
  • Firecookie (Its an add on for fie bug to to tell you about cookies)

Now there are plenty of other tools out there you can use. The ones above just happen to be my favourite.

What cookies do we have?
Right fire up FireFox and enable Firebug and then FireCookie then visit the website you want to do your cookie analysis on

image

You should see something similar to the image above. As you can see we have 4 session cookies and the cookies with the underscores on them are from Google Analytics. We'll worry about Google Analytics later, the next step is to find out if any of these cookies are still being used by your site. In many cases a lot of sites don't use the ASPSession cookie although this is enabled by default in IIS (if your site is hosted on IIS). If you know you are not using it (you may want to do some tests on a dev environment first). Turn the ASPSession off using the following Microsoft Technet Article. So far in the above site I have eliminated 2 cookies from the equation.

The next step is to navigate the pages in your site (remember the list I mentioned above), use your contact forms and any other functionality in your site that may use a cookie. If you are using an ecommerce site, add items to your basket and monitor what cookies appear. Note these down as you make your way around your site.

After you have a list of all of the cookies on your site you need to list down what their purpose is and you have to work out if its easier to carry out that functionality without a cookie. So for example if you are storing the fact that a user has seen a message in a cookie and the user is logged into your site. You may want to make use of a server end process to store this information against the users profile which would enable you to get rid of another surplus cookie.  For example when logging into a website a user is usually given a session cookie. The site checks this session cookie and may look up details such as the user id, username and basket items for example using this session cookie against the database. You could use this very same session cookie to store the fact the user has clicked on a message by using a table which stores the users preferences against their user id.

These are all the cookies we need
After we have made sure we have gotten rid of the cookies that are surplus to our requirements the next step is messaging to the user about the cookies we want to keep. The Information Commissioner Office appears to be clear on one fact and that is the "obtaining consent" before placing a cookie on a users machine.

What does obtaining consent mean to us?
It basically means that before placing any cookie onto a users machine you have to ask them if this is ok. There appear to be various caveats here, for example if the cookie being placed on the users machine is essential for them to receive a service or functionality they are asking from you. From what I can understand you are fine placing this cookie onto their machine as long as you inform them you are doing so. Here are some examples

Ecommerce site adding item to my basket for the first time
If this is the first time a user adds a product to their basket, you could use the following message

"In order to add this item to your basket we need to store the following cookie on your machine" Yes/No

If the user consents to this action you do not need to ask the user again as you have now gained consent. You may also need to gain consent for the very fact you may store a consent cookie on the users machine (yes it does get rather silly).

"In order to register the fact you have given consent to store this cookie on your machine we need to store another cookie on your machine" Yes/No

However I don't think you will be dragged over hot coals if you don't. Additionally because the cookie is essential to the working of your site I have heard from some people that they believe giving notification for this action should not be needed. As you can see the law is quite open for interpretation I suppose it depends on just how cautious you are being.

Logging into a secure site
If a user logs into a website for the first time you could use the following message placed by the login button with a tick box they have to tick before logging in.

"In order to log into this website you agree to receive what is called a session cookie on your machine"

or without a tick box.

"In order to log into this website you agree to accept the following cookies .."

Analytics
This option is going to cause a lot of pain and a lot of websites are going to lose out if they use cookie based analytics packages such as Google Analytics. As far as I can tell there is no other way around this but to actually present a nice big dialogue box to the user with one of the following messages.

"This sites uses Google Analytics in order to monitor its performance and for us to make improvements to our site. It does not store personally identifiable data about you. Can we place a cookie on your machine to enable this functionality?" Yes/No

The above according to some results I have seen usually leads to a black hole in analytics data. However the following text may work better, however may prove controversial depending on the organisation.

Deny Access/Catch All Scenario (Controversial)
The following text may prove controversial and I have no idea of knowing how it will impact the business of a site. Although if enough large sites do it, it may be something users become used to.

"In order to use our site the following cookies will be placed on your machine. If you object to the use of these cookies you will not be able to use our site" Yes/No

Under the message all cookies the site uses are listed with their purpose on why they are being used. This solution is probably the easiest solution to implement and the wording can be altered to reflect that. The dialogue box is shown to anyone who does not have a "consent" cookie on their machine.  Implementing this above solution though could be a problem depending on how cookie generation works on your server platform. You could implement it in various ways here are  a few examples.

Before your site places any cookies on a users machine you:

  • Check for the consent cookie on the users machine. If the consent cookie does not exist you redirect the user to a page containing you above message.
  • Check for a consent cookie. If it is missing you activate code to display a light box on the page with your above message. Clicking ok reloads the page calling your cookie generation functions to place cookies on the users machine. I favour this option as the user can see your site behind the light box and know they are just a click away from getting to it.

Master Pages

  • If your site makes use of master pages you most probably have the Google Analytics activation code sitting here. It should be a simple process of placing this code inside a placeholder that is not activated until a consent cookie is detected.

Terms and Conditions/Privacy
Don't forget you will also, if you haven't already done so need to update your websites Terms and Conditions /Privacy pages to reflect the above.

Conclusion
I understand what the new Cookie Laws are trying to achieve however I believe the approach they have taken hasn't taken into account the many software packages and platforms that will need to change and could cost dearly. There are also the smaller ecommerce sites that make do with out of the box packages where the owners of these sites have no knowledge of how they work just that they have been installed and they run their businesses off them. There are also countless blogs out there with analytics and various bits of functionality they're users probably have no idea are using cookies.

I hope this article has proved useful, and I am sure as I have seen already on various sites that I may have opened myself up to flaming from people in the comments section. If you have interpreted things differently, please share your knowledge, the sharing of ideas is part of how we learn right?

posted on Thursday, 03 May 2012 21:47:06 (GMT Standard Time, UTC+00:00)  #    Comments [0]

 Friday, 20 April 2012
The scourge of malware and scareware

We've all encountered these despicable bits of software at one time or another, usually in the form of a cleverly constructed scareware site like the one below.

SpyWareHoax

We technically minded people spot the spoof straight away. Firstly we can see its hosted inside a web browser and secondly we all know that the tool this bit of scare ware is pretending to be doesn't work in this way. But this scareware isn't targeted at the technically savvy user its targeted at the likes of our less technical parents or siblings (yes I generalise some parents are more technical than others). The ideal audience for this site is someone who mainly uses their computer for the likes of documents, emails and browsing the net. They know some basics and sometimes they have a few notes next to the machine such as "double click to open document" and "once click to select". They may have a few mantra's such as "never open attachments in emails until they have phoned you first" (I get this quite a lot). The above site will immediately set the alarm bells running for them in most cases they will either contact their tech savvy person (usually you) or they will go ahead with scareware thinking it is legitimate (ouch!).

My personal feeling on the matter, is that computers are just far too technical. There is far too many things that could fool the unsuspecting non technical user who can be bombarded via email and a web browser. What I would say would be a good way of getting out of the problem is to have a some sort of tray application installed which with a key combination which will shut down all web browsers on the machine. I know this may seem a bit extreme but its a lot better than being infected by a virus. So basically saying to granny if she sees a screen like the one above hit (some key) and if it doesn't go away call.

posted on Friday, 20 April 2012 13:15:20 (GMT Standard Time, UTC+00:00)  #    Comments [0]

 Monday, 02 April 2012
Sky Anytime+ with any broadband

If you haven't already seen it. Sky Anytime+ is available without the need to sign up for Sky Broadband.

I managed to sign up to it over the weekend. However I did have a few teething issues with the Sky+ HD box not being properly registered at Sky. However after phoning up Sky they managed to sort out the issue and after a few minutes I was seeing Sky Anytime+ content on my Sky+ HD box through my BT Broadband.

posted on Monday, 02 April 2012 20:23:19 (GMT Standard Time, UTC+00:00)  #    Comments [0]

SharePoint Designer unable to connect to SharePoint

I usually use SharePoint Designer for prototyping. One of the errors that recently through me was it being unable to connect to SharePoint. It said the server returned the status 'ok', what a confusing error message!

However going to the Application log in the event viewer on the server gives us a little more information.

The service '/_vti_bin/client.svc' cannot be activated due to an exception during compilation.  The exception message is: A binding instance has already been associated to listen URI

I discovered the error for me was to be found in IIS. It appeared there were two bindings for my SharePoint site. One of them was for the FQDM and the other was a binding with a blank host name for port 80. Removing the blank host name binding appears to have solved the problem for me.

image

posted on Monday, 02 April 2012 14:01:50 (GMT Standard Time, UTC+00:00)  #    Comments [0]

 Thursday, 01 March 2012
First look at Visual Studio 11 Beta

Just a quick blog article on my first thoughts on Visual Studio 11 Beta. I suppose the first thing that hits me after the web install (you will need to reboot) is "oh its very monochrome like.". I think I can understand the choice behind the monochrome like feel, its probably been targeted towards developers like myself who use ridiculously high resolutions to get everything on the screen. It also reminds me of some Java IDE's and some Linux GUI applications. 

image

Have a look in Tools > Options and we have the ability to switch to a darker themed version. I can already think of 4 developers I know who would prefer this type of theme, however the majority of developers will probably be looking for ways to get the old themes back.

image

What I do find nice though, is that Microsoft appear to have geared the IDE towards the ability of the developers machine. Its a good idea because not every developer is given the best machine for running a development environment.

image

The Solution Explorer
The solution explorer appears to have changed and appears to be a hybrid between the class explorer and the old solution explorer.

image

Verdict so far?

The new GUI appeared highly responsive, however I was using it from a machine with a lot of memory and an SSD drive. I personally like the monochrome type feel of the IDE although I know I'll be in the minority. I noticed that the Source Control providers such as GIT and Mercurial I had installed on my machine didn't come up in the source control provider drop down, so we'll probably need new versions of these plugins (among others) created for when the product is finally released.

Anyway, more later.

posted on Thursday, 01 March 2012 10:56:01 (GMT Standard Time, UTC+00:00)  #    Comments [0]

 Wednesday, 15 February 2012

Its true Sharepoint DataForm Webparts are incredibly easy to develop if you need to query lists or data without the need to create fully grown webparts from scratch in SharePoint they are definitely the way to go. However there is a but and that is that most of the SharePoint Universe appears to believe that everyone creates DW webparts on their production environment using SharePoint Designer. In many production environments SharePoint Designer is disabled as default. If you have stand alone webparts this may not be an issue, but if you have a set of DataForm webparts that need to be linked to each other you're going to face all kinds of problems when you try to link them to each other on a target environment.

So for example lets say I have developed some webparts on my development SharePoint box. I access a list from my webparts, I have also had the sense to take the list from the production environment as a template so I won't have any conflicts with field names. All works fine my webparts talk to each other but then when I deploy them and try to get them to talk to each other they just refresh the page. Even if I've created connections between the webparts, what happened?

Enter what I feel is the Achilles heal of the DataForm Webpart. If you created those webparts in SharePoint Designer and created the webpart connection between them in there you probably didn't realise that it places a bit of code in there which looks something like this.

 

<xsl:value-of select="ddwrt:GenFireConnection(concat('g_cb4fe2eb_738d_4bbb_8ec7_ce81633092a5*',$fields),string(''))"></xsl:value-of>
 

The problem in the above bit of code, is that when you make a webpart connection in SharePoint Designer with DataForm Webparts it hard codes the GUID of the target webpart. When you deploy your webparts the target environment will give them different GUID's. Even if you try to re-establish the connections in SharePoint's Web Interface this won't make a difference at all.

If you are wondering what GenFireConnection does and I appreciate there is precious little documentation about it, most of it being on previous versions of SharePoint. Its creates an ASP.NET post back link which contains the consumer webpart  GUID (highlighted above) and the data we are sending to our consumer webpart such as the value of a field.

Work Around
The only work arounds I have found to this little problem, unless anyone else has a better method, is to.

  1. Create the link in the SharePoint web interface on the target environment after the webparts are deployed and placed on the page.
  2. Select "Edit Webpart" and use the XSL Editor to change the GUID on the "GenFireConnection" on the calling webpart  to the new GUID of the target webpart.

The other option is to just use query strings in your lists. SharePoint Designer will quite happily accommodate this using parameters you can then pass this around in links around fields.

The above seems to always work for me, although I would love to know if there is a more elegant solution to this.

posted on Wednesday, 15 February 2012 13:15:51 (GMT Standard Time, UTC+00:00)  #    Comments [0]

 Sunday, 12 February 2012
Watching SkyPlayer and other content from your PC on your TV

This article can apply to just about any content that you can watch on your PC but just can't watch on your TV be it via XBOX, PS3 or some type of set top box we have to face the facts that some services are either limited on these devices or have content restrictions.

So for example lets say I want to watch a show that is on SkyPlayer on my TV via my XBOX. You may discover that that show is restricted for viewing via Xbox on your TV but you are perfectly free to view that content on your PC. Sounds silly doesn't it?

Anyway the next option is to connect your laptop or PC to your TV and that can often be pretty impractical especially if you want to use the laptop at the same time.

The Solution
Enter this lovely box of tricks by StarTech called a Ethernet to VGA Over IP Converter, so how does this help?

StarTech

This clever little device plugs into your home network and has a VGA connector on the back that plugs into your TV or monitor. You then install drivers for the device on your laptop which will discover this device on your network and treat it as an extra monitor!

But it doesn't just stop there, the device is also a USB server. That means you can plug any USB device into it and your laptop will think its plugged into one of its local USB ports. You're probably wondering why? Well you may want to plug a USB mouse and keyboard in there so you can control what's happening on the screen from near the TV.

I basically use it by dragging the video I am watching onto the extended display my laptop suddenly has via this device and can carry on using my laptop while at the same time its playing a video in the other window.

So just how good is this?
There is a "but" though, your were expecting one weren't you? You can use this device over WiFi but to get a good quality broadcast I resorted to both my machine and the device being on a 100meg wired network. In theory if I had a 300meg WiFi network instead of 54meg it would have had the same result?

posted on Sunday, 12 February 2012 20:47:00 (GMT Standard Time, UTC+00:00)  #    Comments [0]

 Friday, 20 January 2012
SQL Insert Statement Issues

Have you ever got the following SQL Insert statement issues

"There are fewer columns in the INSERT statement than values specified in the VALUES clause. The number of values in the VALUES clause must match the number of columns specified in the INSERT statement."

Like me you probably went and counted your columns and then counted your values and realised they were the same so spent ages scratching your head trying to figure out what on earth was going on. Well here is how I managed to reproduce the issue.

insert into myTable ([columnA], [columnB ) values (1,2)

Did you see what I did in the above statement? I left the "]" off the end of "columnB" the above statement will give you the above mentioned error message. It was pretty much a typo on my part and it took me ages to find it in a large SQL Insert statement.

Hope this helps anyone who has gone about trying to solve the above problem and found they do have equal columns and values.

posted on Friday, 20 January 2012 14:39:31 (GMT Standard Time, UTC+00:00)  #    Comments [0]

 Thursday, 29 December 2011
My WiFi IP Camera/Baby monitor

wifiCam

I remember being in a Microsoft building many years ago wondering what was the best time to go to the canteen when one of the guys I was working with told me to just check on the Intranet. He logged in and showed me a live web cam of the canteen area, placed there so the staff could see when the canteen wasn't busy to go down for lunch.

Suddenly I was more interested in the camera than in lunch as my colleague informed me it was an IP Camera.

"Where can I get one!" was my first question.

He told me they would probably retail at around £600. I gauped at him, I loved the idea of an IP Camera but I wasn't prepared to spend that much on one. Then roughly 6 years later. I discovered a Wireless Camera, with night vision, pan and title functionality, built in microphone and speakers for around £40! You have to admire the evolution of technology!

This camera is by no means the best in its class and from what I can see its a pretty cheaply manufactured Chinese device.  But for the money I spent on it, I get a lot more functionality than I had originally bargained for.

With a bit of fiddling I eventually got the camera to work on my home network on a static IP address. I then setup some port forwarding on my router so I could view the camera on the Internet (password protected).

The camera comes with its own built in web server which has interfaces for most browsers and mobile devices so you can move that camera around from your iPhone, Windows Mobile or Android phone if you want. The cool bit is, is if you install the iPhone or Android app you can also listen in over the camera's microphone! You can also speak over the camera's speakers using the app which is equally as cool when you're playing pranks on people.

At the moment I use the camera as a baby monitor. Its proved incredibly useful as one, given that I can check on the baby from any room in the house now and for the price it provides the same functionality for a much lower price than baby monitors with the same functionality.

posted on Thursday, 29 December 2011 14:54:08 (GMT Standard Time, UTC+00:00)  #    Comments [1]