We share pictures of nearly every moment of our lives (and our kids’ lives) through social media. That’s great for distant relatives that can handle a smart phone, but what about those that can’t? I recently setup a cheap Android tablet as a remote controlled digital photo frame.
I wanted a setup where the user wouldn’t have to do anything at all. The photo frame should start automatically in the morning, show photos during the day and shut down in the evening. No user interaction should be required at all. I also had to make everything remote controlled as it would be located about 500km away, without anyone nearby that could handle any tech support. Last, but not least, it’s important that it’s as easy to share to the photo frame as to any other social media from a mobile phone.
In a recent project using Azure, SSL worked perfectly on all devices – but those running Android 2.X. It turned out that legacy Android has limited support for modern SSL/TLS features such as SNI and subject alternative name.
Getting TLS configuration right nowadays can be quite tricky. Google Chrome is aggressively pushing for deprecation of old insecure standards by showing warnings or even errors on sites using deprecated https settings. Using a certificate issued merely two years ago, with the standards where common then now shows an error because the SHA-1 algorithm is not considered to be safe for the two remaining years of the lifetime of the certificate. The Google Chrome team is definitely pushing hard for moving web cryptography to safer grounds.
On the other end of the scale (no, I won’t be complaining about Windows XP, it’s not that much of a problem any more) is another Google product: Android. Even with the blazingly fast technology development, people are (IMHO rightfully) expecting a multi €100-device to last for more than a few years. That means that a lot of devices out there are still running Android 2.X. In this particular project, the target audience are not that tech-savvy. A lot of the users even have had to invest in their first smart phone, making their call-and-sms-only phones to history. With that audience, we had to support those old devices. On the other hand SSL warnings or errors in Chrome was unacceptable, so we had to find something that worked for all those platforms – and we did. Oh and by the way, the budget was really, really tight, so we had to find something that wasn’t too expensive.
A few days ago I saw a tweet about a new font called Hack. It’s a font that’s designed specifically for programming. No more doubts if it’s an O or a 0. Clear, enlarged punctuation for ; . ,. It’s just brilliant.
I’ve not written anything here for more than a month and I’d like to make a short off-topic post to explain why. In the end of May our third kid arrived to the family. He’s a healthy little boy, but even though he’s still small, he’s wreaked havoc to my ability to plan my time. Just as it is supposed to be. But that means blogging hasn’t been on the priority list.
I’m living in Sweden, where the possibilities to spend time with the kids (even as a dad) is totally awesome. It’s easy to take things for granted and it’s not until I discuss how to balance family life and work with people from other countries that I fully remember just how awesome it is here.
The biggest thing is the parental leave. For every child the parents gets 480 paid days to stay at home and care for the child. Counting only work days, that is nearly two full years of paid leave.
The thing that usually surprises non-Swedes the most is that those paid days are not tied to the mother, but to both parents. Actually 60 days are non-transferable, meaning that if the dad doesn’t use them, they are void. Personally I’ve been staying at home with my two older kids for about half a year each and I plan to do the same with the baby, once my wife get back to work. Oh, that’s standard in Sweden too – Mothers are usually working.
When she returns to work, it’s my turn to stay at home on state pay. But, there is actually a limit on how much the state pays for during parental leave. The maximum pay is about €100/day (before tax) and salaries in the IT sector are often much higher than that. But as I’m working at a generous company they actually fill in on top of the public payment, so I get 90% of my salary for spending 6 months with my son. That’s awesome (did I mention we’re hiring?).
Once I get back to work, my son will go to daycare. Children in Sweden usually start daycare from somewhere between age 1.5-2 years. Daycare is heavily subsidized. We pay about €120/month per child for daycare. That’s roughly 10% of the real cost. On the other hand I can confirm that the rumors are true: We do have high tax levels in Sweden, but in my opinion we’re also getting a lot back.
For now this means that I’m taking a long summer off and spend the time with my family. There will probably be blogging done, but not as frequently as when I’m working.
Distribution of credentials to new users of a system is often done in an insecure way, with passwords being sent over unsecure e-mail. With ASP.NET Identity, the password recovery functionality can be used to create a secure account activation mechanism.
The scenario for ASP.NET Identity, in the default MVC template is to let users self register. Then there are mechanisms to confirm the e-mail address, to make sure that the user actually is in control of the given e-mail address. There are also support for letting the user associate the account with external sign on solutions such as Google, Facebook and Twitter. That’s perfectly fine, but not for most applications I build.
I’m building line of business applications. They are actually often exposed on the Internet as they need to be available for partners. But, they are not meant to be available through self registration for anyone on the Internet. Those applications are invite only. That means that a user account is created for a new user. Then that user somehow has to be notified that the account has been created. The usual way to do that is to create the account, set a good password like “ChangeMe123” and send the user a mail with the new credentials. There are two problems with this
A lot of users don’t get the hint and keep the “ChangeMe123” password.
The e-mail can be sitting unread for a long time in the inbox, until someone gets hold of it – and the account.
Fortunately, there is a much more secure way to do account activation with ASP.NET Identity without much coding at all – by reusing the password recovery mechanism.