Monday, 28 May 2012
The EU cookie law, what a mess..

If you haven't already noticed, the EU cookie law has now become mandatory in the UK over the weekend.

However it's left a terrible taste in the mouths of several website owners when the ICO (Information Commissioners Office) at the last minute stated that it was ok to use "Implied Consent" as opposed to implicit consent  before placing cookies on the users machine. While thousands of website owners will rejoice. Those that had committed the recourses to meet the implicit cookie consent requirement are probably fuming.

Implied consent is effectively placing the onus back on the user by telling them that by using your site a cookie will or has already been placed onto their machine. If they are unhappy about this, they can remove it themselves, or they can just continue using your site as usual. As a large majority of sites have been informing users about the placing of cookies on their machines in their privacy policy for years you can't help but feel that it has somewhat lost its bite and makes a mockery of the whole situation.

What is interesting is there appears to be an attitude among some companies to sit back and see who gets sued first before taking any action. You can certainly understand their reaction when a large amount of government websites themselves are not compliant, this morning appears to be following with the implied consent root. By placing cookies on your machine and displaying a small message at the bottom of the page about their cookie policy.


You can't help but feel when the government came to overhauling their websites to try and meet the implicit cookie consent requirement that someone said "Hang on a minute we have X hundred sites and we're going to have to recode how all of them to handle cookies in one year!". I also couldn't help but wonder when developers were looking at the issue and discovered that certain server technologies they were using just couldn't be changed to handle the new cookie law requirement. The issue probably fell heavily on the ICO's shoulders, you can almost picture that meeting taking place. How on earth could they enforce a law the government itself was not even abiding by?

How are websites implementing the cookie law this morning?

No 10 Downing Street -

No 10's website (you guessed it) has gone for "Implied Consent" I get 4 cookies placed onto my machine. You'll be forgiven if you missed the information about Cookies I've highlighted it for you below.

Amazon placed 9 cookies onto my machine as soon as I visited the website with an anonymous browser. They also appear to have gone with implied consent, scroll right to the bottom of the page and you will see the words in the footer "Cookies & Internet Advertising"

Lloyds TSB -

Lloyds TSB have a small message at the top of their site that links to their cookie policy



Visiting several European websites, I found many of them also followed the implied consent pattern. The information about what cookies they placed on your machine was usually buried inside their privacy policy.

While it has been stated that Britain is out of step with EU law because of the use of "Implied Consent" which could lead to fights in the European courts, you can't help but feel the law really doesn't hold much water if the rest of Europe appears to be following the same approach. Perhaps someone somewhere responsible for the law, realised what a massive mistake it was and hopefully it will slowly be forgotten as yet another mistake. You only have to look at the European Unions own website which also uses "Implied Consent" with some details in its "Legal notice" to realise that not much will probably happen as long as you explain about your cookie policy in your privacy policy.

Report those offending cookies

The ICO has also created a page to allow members of the public to report their concerns about the use of cookies. Personally I really can't see too many people using it, if they were not aware of what cookies were to begin with. I would guess it is targeted more towards technically minded people, however these type of people are more than likely to just delete the offending cookie from their browser than think anything more of it.

Fighting Crime

The ICO also states on its website that ".the intention behind this Regulation is also to reflect concerns about the use of covert surveillance mechanisms online." It goes on to explain about the use of spyware and "..such activities often have a criminal purpose behind them.". While I appreciate the intention of the law to fight crime, I don't believe a criminal enterprise is going to stop using cookies in this way because it is illegal to do so. However when a criminal is charged with this very offense I presume I will stand corrected.

I await to see what will happen in the coming months, if anything happens at all..

posted on Monday, 28 May 2012 10:30:57 (GMT Standard Time, UTC+00:00)  #    Comments [0]

 Thursday, 24 May 2012
Are hasty responses to customer emails harming your business?

We all know how important it is for companies to respond to customer queries. A customer with a complaint can soon become a companies worst nightmare when they begin to vent their frustrations using social media such as twitter and Facebook. Many companies recognise this and employ teams of people to respond to emails. To assist these people many of them are equipped with the standard responses to queries ie

  • "Our opening times are between x and y"
  • To place an item in your basket select a size first and click the yellow add to basket button.
  • To place a return log into your account and click on the "return items" button.

The last one in that list is a good example of an issue my wife once had with a website where she was trying to return an item. She informed the company that when she clicked on the "return items" link that the site gave her an error. She also copied down the error for the company to help them fix the issue.

The response she got, you guessed it!

"To place a return log into your account and click on the "return items" button."

The customer support team were either working on auto pilot and just saw the word "return" and nothing else not bothering to read the rest of the email. Or they had some sort of automated system in place for responding to emails. Because when my wife responded and told them they didn't reply to her email she got the same response again. It was only after several attempts that it appeared human sense kicked in and someone in the company acknowledged something was wrong.

I have had several cases myself when asking web based organisations questions. I have even gone to great lengths to stress that "I am NOT referring to X I am referring to Y" it seems as though if there is not a predetermined script for an error on the site or something that doesn't fit into how the company works someone somewhere just chooses the closest response. 

I am starting to see a trend here where people are beginning to vent their frustrations on twitter about this very issue. I am wondering if its become almost as big an issue as the outsourced call centre where the operator working off a script does not understand the problem the customer is having.

posted on Thursday, 24 May 2012 10:00:33 (GMT Standard Time, UTC+00:00)  #    Comments [0]

 Thursday, 03 May 2012
The EU Cookie Law and your website

You've probably ended up here doing a Google search and there are hundred of websites tagging onto the "EU cookie law" that comes into effect on the 26th May 2012.

Firstly there are a lot of sites offering solutions and consultancy around the issue. If you are a developer who just wants to get down to the knitty gritty with all the cool free tools that are available on the Internet then please continue. Secondly the wording I have used and the various interpretations are my own, I strongly encourage you to read the ICO guidelines before implementing them and would also add that you use any of the wording or ideas I have put down here at your own risk.  If you are a large organisation I would refer to your legal department first for their interpretation of the law.

Right everyone is talking about doing a cookie survey and a lot of organisations will offer to do one for you. The truth is, this isn't a hard task at all it just takes a little time. All you need to do is make a list of all the pages on your site and all the actions you would go through on your site. Then get yourself a copy of.

  • Firefox (if you don't already have it, all web developers should have a copy)
  • Firebug (just about every web developer I know has this installed)
  • Firecookie (Its an add on for fie bug to to tell you about cookies)

Now there are plenty of other tools out there you can use. The ones above just happen to be my favourite.

What cookies do we have?
Right fire up FireFox and enable Firebug and then FireCookie then visit the website you want to do your cookie analysis on


You should see something similar to the image above. As you can see we have 4 session cookies and the cookies with the underscores on them are from Google Analytics. We'll worry about Google Analytics later, the next step is to find out if any of these cookies are still being used by your site. In many cases a lot of sites don't use the ASPSession cookie although this is enabled by default in IIS (if your site is hosted on IIS). If you know you are not using it (you may want to do some tests on a dev environment first). Turn the ASPSession off using the following Microsoft Technet Article. So far in the above site I have eliminated 2 cookies from the equation.

The next step is to navigate the pages in your site (remember the list I mentioned above), use your contact forms and any other functionality in your site that may use a cookie. If you are using an ecommerce site, add items to your basket and monitor what cookies appear. Note these down as you make your way around your site.

After you have a list of all of the cookies on your site you need to list down what their purpose is and you have to work out if its easier to carry out that functionality without a cookie. So for example if you are storing the fact that a user has seen a message in a cookie and the user is logged into your site. You may want to make use of a server end process to store this information against the users profile which would enable you to get rid of another surplus cookie.  For example when logging into a website a user is usually given a session cookie. The site checks this session cookie and may look up details such as the user id, username and basket items for example using this session cookie against the database. You could use this very same session cookie to store the fact the user has clicked on a message by using a table which stores the users preferences against their user id.

These are all the cookies we need
After we have made sure we have gotten rid of the cookies that are surplus to our requirements the next step is messaging to the user about the cookies we want to keep. The Information Commissioner Office appears to be clear on one fact and that is the "obtaining consent" before placing a cookie on a users machine.

What does obtaining consent mean to us?
It basically means that before placing any cookie onto a users machine you have to ask them if this is ok. There appear to be various caveats here, for example if the cookie being placed on the users machine is essential for them to receive a service or functionality they are asking from you. From what I can understand you are fine placing this cookie onto their machine as long as you inform them you are doing so. Here are some examples

Ecommerce site adding item to my basket for the first time
If this is the first time a user adds a product to their basket, you could use the following message

"In order to add this item to your basket we need to store the following cookie on your machine" Yes/No

If the user consents to this action you do not need to ask the user again as you have now gained consent. You may also need to gain consent for the very fact you may store a consent cookie on the users machine (yes it does get rather silly).

"In order to register the fact you have given consent to store this cookie on your machine we need to store another cookie on your machine" Yes/No

However I don't think you will be dragged over hot coals if you don't. Additionally because the cookie is essential to the working of your site I have heard from some people that they believe giving notification for this action should not be needed. As you can see the law is quite open for interpretation I suppose it depends on just how cautious you are being.

Logging into a secure site
If a user logs into a website for the first time you could use the following message placed by the login button with a tick box they have to tick before logging in.

"In order to log into this website you agree to receive what is called a session cookie on your machine"

or without a tick box.

"In order to log into this website you agree to accept the following cookies .."

This option is going to cause a lot of pain and a lot of websites are going to lose out if they use cookie based analytics packages such as Google Analytics. As far as I can tell there is no other way around this but to actually present a nice big dialogue box to the user with one of the following messages.

"This sites uses Google Analytics in order to monitor its performance and for us to make improvements to our site. It does not store personally identifiable data about you. Can we place a cookie on your machine to enable this functionality?" Yes/No

The above according to some results I have seen usually leads to a black hole in analytics data. However the following text may work better, however may prove controversial depending on the organisation.

Deny Access/Catch All Scenario (Controversial)
The following text may prove controversial and I have no idea of knowing how it will impact the business of a site. Although if enough large sites do it, it may be something users become used to.

"In order to use our site the following cookies will be placed on your machine. If you object to the use of these cookies you will not be able to use our site" Yes/No

Under the message all cookies the site uses are listed with their purpose on why they are being used. This solution is probably the easiest solution to implement and the wording can be altered to reflect that. The dialogue box is shown to anyone who does not have a "consent" cookie on their machine.  Implementing this above solution though could be a problem depending on how cookie generation works on your server platform. You could implement it in various ways here are  a few examples.

Before your site places any cookies on a users machine you:

  • Check for the consent cookie on the users machine. If the consent cookie does not exist you redirect the user to a page containing you above message.
  • Check for a consent cookie. If it is missing you activate code to display a light box on the page with your above message. Clicking ok reloads the page calling your cookie generation functions to place cookies on the users machine. I favour this option as the user can see your site behind the light box and know they are just a click away from getting to it.

Master Pages

  • If your site makes use of master pages you most probably have the Google Analytics activation code sitting here. It should be a simple process of placing this code inside a placeholder that is not activated until a consent cookie is detected.

Terms and Conditions/Privacy
Don't forget you will also, if you haven't already done so need to update your websites Terms and Conditions /Privacy pages to reflect the above.

I understand what the new Cookie Laws are trying to achieve however I believe the approach they have taken hasn't taken into account the many software packages and platforms that will need to change and could cost dearly. There are also the smaller ecommerce sites that make do with out of the box packages where the owners of these sites have no knowledge of how they work just that they have been installed and they run their businesses off them. There are also countless blogs out there with analytics and various bits of functionality they're users probably have no idea are using cookies.

I hope this article has proved useful, and I am sure as I have seen already on various sites that I may have opened myself up to flaming from people in the comments section. If you have interpreted things differently, please share your knowledge, the sharing of ideas is part of how we learn right?

posted on Thursday, 03 May 2012 21:47:06 (GMT Standard Time, UTC+00:00)  #    Comments [0]

 Friday, 20 April 2012
The scourge of malware and scareware

We've all encountered these despicable bits of software at one time or another, usually in the form of a cleverly constructed scareware site like the one below.


We technically minded people spot the spoof straight away. Firstly we can see its hosted inside a web browser and secondly we all know that the tool this bit of scare ware is pretending to be doesn't work in this way. But this scareware isn't targeted at the technically savvy user its targeted at the likes of our less technical parents or siblings (yes I generalise some parents are more technical than others). The ideal audience for this site is someone who mainly uses their computer for the likes of documents, emails and browsing the net. They know some basics and sometimes they have a few notes next to the machine such as "double click to open document" and "once click to select". They may have a few mantra's such as "never open attachments in emails until they have phoned you first" (I get this quite a lot). The above site will immediately set the alarm bells running for them in most cases they will either contact their tech savvy person (usually you) or they will go ahead with scareware thinking it is legitimate (ouch!).

My personal feeling on the matter, is that computers are just far too technical. There is far too many things that could fool the unsuspecting non technical user who can be bombarded via email and a web browser. What I would say would be a good way of getting out of the problem is to have a some sort of tray application installed which with a key combination which will shut down all web browsers on the machine. I know this may seem a bit extreme but its a lot better than being infected by a virus. So basically saying to granny if she sees a screen like the one above hit (some key) and if it doesn't go away call.

posted on Friday, 20 April 2012 13:15:20 (GMT Standard Time, UTC+00:00)  #    Comments [0]

 Monday, 02 April 2012
Sky Anytime+ with any broadband

If you haven't already seen it. Sky Anytime+ is available without the need to sign up for Sky Broadband.

I managed to sign up to it over the weekend. However I did have a few teething issues with the Sky+ HD box not being properly registered at Sky. However after phoning up Sky they managed to sort out the issue and after a few minutes I was seeing Sky Anytime+ content on my Sky+ HD box through my BT Broadband.

posted on Monday, 02 April 2012 20:23:19 (GMT Standard Time, UTC+00:00)  #    Comments [0]

SharePoint Designer unable to connect to SharePoint

I usually use SharePoint Designer for prototyping. One of the errors that recently through me was it being unable to connect to SharePoint. It said the server returned the status 'ok', what a confusing error message!

However going to the Application log in the event viewer on the server gives us a little more information.

The service '/_vti_bin/client.svc' cannot be activated due to an exception during compilation.  The exception message is: A binding instance has already been associated to listen URI

I discovered the error for me was to be found in IIS. It appeared there were two bindings for my SharePoint site. One of them was for the FQDM and the other was a binding with a blank host name for port 80. Removing the blank host name binding appears to have solved the problem for me.


posted on Monday, 02 April 2012 14:01:50 (GMT Standard Time, UTC+00:00)  #    Comments [0]

 Thursday, 01 March 2012
First look at Visual Studio 11 Beta

Just a quick blog article on my first thoughts on Visual Studio 11 Beta. I suppose the first thing that hits me after the web install (you will need to reboot) is "oh its very monochrome like.". I think I can understand the choice behind the monochrome like feel, its probably been targeted towards developers like myself who use ridiculously high resolutions to get everything on the screen. It also reminds me of some Java IDE's and some Linux GUI applications. 


Have a look in Tools > Options and we have the ability to switch to a darker themed version. I can already think of 4 developers I know who would prefer this type of theme, however the majority of developers will probably be looking for ways to get the old themes back.


What I do find nice though, is that Microsoft appear to have geared the IDE towards the ability of the developers machine. Its a good idea because not every developer is given the best machine for running a development environment.


The Solution Explorer
The solution explorer appears to have changed and appears to be a hybrid between the class explorer and the old solution explorer.


Verdict so far?

The new GUI appeared highly responsive, however I was using it from a machine with a lot of memory and an SSD drive. I personally like the monochrome type feel of the IDE although I know I'll be in the minority. I noticed that the Source Control providers such as GIT and Mercurial I had installed on my machine didn't come up in the source control provider drop down, so we'll probably need new versions of these plugins (among others) created for when the product is finally released.

Anyway, more later.

posted on Thursday, 01 March 2012 10:56:01 (GMT Standard Time, UTC+00:00)  #    Comments [0]

 Wednesday, 15 February 2012

Its true Sharepoint DataForm Webparts are incredibly easy to develop if you need to query lists or data without the need to create fully grown webparts from scratch in SharePoint they are definitely the way to go. However there is a but and that is that most of the SharePoint Universe appears to believe that everyone creates DW webparts on their production environment using SharePoint Designer. In many production environments SharePoint Designer is disabled as default. If you have stand alone webparts this may not be an issue, but if you have a set of DataForm webparts that need to be linked to each other you're going to face all kinds of problems when you try to link them to each other on a target environment.

So for example lets say I have developed some webparts on my development SharePoint box. I access a list from my webparts, I have also had the sense to take the list from the production environment as a template so I won't have any conflicts with field names. All works fine my webparts talk to each other but then when I deploy them and try to get them to talk to each other they just refresh the page. Even if I've created connections between the webparts, what happened?

Enter what I feel is the Achilles heal of the DataForm Webpart. If you created those webparts in SharePoint Designer and created the webpart connection between them in there you probably didn't realise that it places a bit of code in there which looks something like this.


<xsl:value-of select="ddwrt:GenFireConnection(concat('g_cb4fe2eb_738d_4bbb_8ec7_ce81633092a5*',$fields),string(''))"></xsl:value-of>

The problem in the above bit of code, is that when you make a webpart connection in SharePoint Designer with DataForm Webparts it hard codes the GUID of the target webpart. When you deploy your webparts the target environment will give them different GUID's. Even if you try to re-establish the connections in SharePoint's Web Interface this won't make a difference at all.

If you are wondering what GenFireConnection does and I appreciate there is precious little documentation about it, most of it being on previous versions of SharePoint. Its creates an ASP.NET post back link which contains the consumer webpart  GUID (highlighted above) and the data we are sending to our consumer webpart such as the value of a field.

Work Around
The only work arounds I have found to this little problem, unless anyone else has a better method, is to.

  1. Create the link in the SharePoint web interface on the target environment after the webparts are deployed and placed on the page.
  2. Select "Edit Webpart" and use the XSL Editor to change the GUID on the "GenFireConnection" on the calling webpart  to the new GUID of the target webpart.

The other option is to just use query strings in your lists. SharePoint Designer will quite happily accommodate this using parameters you can then pass this around in links around fields.

The above seems to always work for me, although I would love to know if there is a more elegant solution to this.

posted on Wednesday, 15 February 2012 13:15:51 (GMT Standard Time, UTC+00:00)  #    Comments [0]

 Sunday, 12 February 2012
Watching SkyPlayer and other content from your PC on your TV

This article can apply to just about any content that you can watch on your PC but just can't watch on your TV be it via XBOX, PS3 or some type of set top box we have to face the facts that some services are either limited on these devices or have content restrictions.

So for example lets say I want to watch a show that is on SkyPlayer on my TV via my XBOX. You may discover that that show is restricted for viewing via Xbox on your TV but you are perfectly free to view that content on your PC. Sounds silly doesn't it?

Anyway the next option is to connect your laptop or PC to your TV and that can often be pretty impractical especially if you want to use the laptop at the same time.

The Solution
Enter this lovely box of tricks by StarTech called a Ethernet to VGA Over IP Converter, so how does this help?


This clever little device plugs into your home network and has a VGA connector on the back that plugs into your TV or monitor. You then install drivers for the device on your laptop which will discover this device on your network and treat it as an extra monitor!

But it doesn't just stop there, the device is also a USB server. That means you can plug any USB device into it and your laptop will think its plugged into one of its local USB ports. You're probably wondering why? Well you may want to plug a USB mouse and keyboard in there so you can control what's happening on the screen from near the TV.

I basically use it by dragging the video I am watching onto the extended display my laptop suddenly has via this device and can carry on using my laptop while at the same time its playing a video in the other window.

So just how good is this?
There is a "but" though, your were expecting one weren't you? You can use this device over WiFi but to get a good quality broadcast I resorted to both my machine and the device being on a 100meg wired network. In theory if I had a 300meg WiFi network instead of 54meg it would have had the same result?

posted on Sunday, 12 February 2012 20:47:00 (GMT Standard Time, UTC+00:00)  #    Comments [0]