Hacking groups (such as LulzSec) have been targeting high profile companies (including Dropbox, Sony, Valve, et al) and (among other sinister things) have been releasing millions of rows of customer’s data have been released into the public domain.

Thankfully, this has highlighted the importance of good security for technology companies all over the world, some of which are taking the threat seriously and beefing up their own security as a result.

But a chain is only as strong as it’s weakest link, and more often than not, the weakest link is a user’s password.

In my job as a Web developer I’m often given the login details for many of our customer’s accounts, anything from hosting, email and social media accounts right up to e-commerce payment gateways, and more often than not, (if I’m allowed to be frank for a moment) the passwords on these accounts are abysmal.

Some of them are so bad, they’re the equivalent of Manchester Unitedusing ‘football’ as a password, or The Coca-Cola Company using ‘c0ke’ (substituting a letter for a number – such as replacing an I with a 1 – is not making a password secure.)

what constitutes a good password?

There is a lot of advice on choosing a good password, and even a range of different tools that can help generate them, but it mostly boils down to choosing a password that will be difficult to guess, and with enough characters (and special characters) that a brute force attack would be endless.

All of this advice is worthless, however, if even after choosing a good and secure password, you use the same password on everything you sign-up for, or if you write it down on a piece of paper next to your desk.

how am i supposed to remember all these passwords?

As I mentioned before, I have to keep track of the login details for many of our customers, and as such it is my responsibility to keep these passwords secure. To help with this I use a piece of software calledKeePass:

KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).

KeePass isn’t the only solution, others such as LastPass andPasswordGenie (seen below) exist, but keepass has worked well for me for a number of years.

Anyway, I hope this post has been useful to you (and I hope I start to see some more secure passwords from our customers), but in the meantime, let me leave you with this interesting PasswordGenie infographic:

(Article originally published on Ghost Design.)

Essentials

Bitbucket (Free)

I like GitHub. I use it to host my public repositories and I like what it has done for both Git (making it the de facto version control system) and the open source movement (made it easy for people across the world to collaborate on open source projects for free). But as a lone developer who currently manages 41 (and counting) private repos. across two accounts, it would cost me $100 per month to host them on GitHub.

BitBucket, on the other hand, since it added support for Git, does everything that GitHub does, but charges according  to number of users on each repo., and seeing as each repo gets 5 (or up to 8 if you refer people) users for free, I’d be throwing my money away if I didn’t use them.

Dropbox (Free)

At the time of writing my Dropbox account has 23 GBs of free storage, of which I’m using just under 80%. This is quite a bit more than the 2 GBs of free storage you start with, but if you know how, it’s quite possible to get this much (if not more) with relative ease.

Google Apps (Free)

Google Apps is a great way of having a Gmail account on your own domain name. Sure, it’s possible (via a series of email forwards, aliases, additional reply to settings, et al) to sort of do this with a regular Gmail account, but Google Apps is much more fluid, and provided you don’t set-up more than 10 mailboxes on your domain, it’s totally free. (I plan on writing a full review of Google Apps at some point in the future, so watch this space).

Basecamp (Budget package @ $20/month)

Since it’s recent rebuild, Basecamp has gone from strength to strength. I used to use Asana for my project management needs, which is free for up to 30 collaborative members, but Basecamp, which allows me unlimited collaborative members across ten active (and unlimited inactive) projects, just works better.

BE Broadband (Pro @ £28.89/month)

I think this is a very reasonable rate for what I get: 14 meg download speed, a static IP, unlimited downloads, and telephone line rental. I’m tempted to go for a fibre optic connection in my next flat, but I’m happy with this for now.

Hetzner (X2 Dedicated Server @ €29.00/month)

Up until around a year ago I was more than happy using JustHost. I had a 50% off discount code (50OFF), and paid two years in advance, meaning that hosting all my websites cost me less than £2 per month – but this was holding back my development. Since setting up my dedicated server (a local development server with the same set-up) I’ve learnt a lot about server management, Bash, Git, Apache, BIND, Samba, and so much more (even if I did get hacked in the process).

Backup script (Free)

Using a slightly modified version of a script created by Gina Trapani, both of my servers automatically create a backup, which is saved to my Dropbox account, at midnight every day. I mention this only as Chris pays $40 a month per site for for a backup solution called VaultPress.

GIT-FTP (Free)

In a similar vein to the backup script above, whereas Chris spends $15 a month to use Beanstalk to deploy his Git-based projects, on projects where I don’t have SSH access to the server, I use a simple Bash script written by René Moser.

Font Squirrel (Free)

If you’re looking for a custom font to use on a website you can’t go far wrong looking for it on Font Squirrel. Not only do they have over 800 (and counting) font families available, each of which is 100% free for commercial use, but they also provide all the tools you need to make them work. Move over Typekit, Font Squirrel got it covered.

Optional

Orange (Panther 26 @  £32.35/month)

Although not strictly needed for my job, my Android-powered mobile phone lets me keep connected on the move.

Conclusion

Unlike my previous post – which said that even though I was paid a fraction of his start-up costs, I still had all the same abilities as him – this post tells a slightly different story.

Like my previous post, I’ve listed various free alternatives to services that Chris pays for, but on a number of occasions, while the free alternative is OK, you get more for your money with Chris’s option.

For example, I’ve got 23 GBs of free storage on Dropbox, but it has cost me time and effort to amass that amount, which I did by testing beta editions of the software, linking my university account and around four years of referrals.

Also quite telling is what I don’t have on my list, such as the lack of CDN services – although It could be argued that none of my sites need it (I get nowhere near the levels of traffic that Chris gets) – or accounts/invoicing – I don’t have enough freelance clients to make this a necessity currently.

Anyway, all in all, just under £100 is leaving my account each month. Hopefully I’ll be able to get some more freelance clients in the near future, and this amount can go up as I pay for more services, but in the meantime, I think this is pretty reasonable.

Essentials

These are the applications and software without which I would be unable to do my job.

NetBeans (Free / Open Source)

Having tried a number of different text editors over the years (including PSPad and NotePad++) I’ve settled upon NetBeans as my editor of choice. Netbeans, being an IDE however, is more than just a text editor, and while I have to admit that I probably don’t use anywhere close to all its tools and features, the tools and features that I do use (PHP syntax checking, Git diff highlighting, syntax autocomplete, source formatting, et al) are invaluable.

VirtualBox (Free / Open Source)

A valuable piece of software that lets me run guest operating systems on my PC. My initial reason for using this was to run copies of Windows XP (for IE6), and Windows Vista (for IE7 and IE8) for backwards compatibility testing of Web sites, but in recent months I’ve started using it to run a LAMP development server.

Debian (Free / Open Source)

Used as operating system, this is the L of the aforementioned LAMP development server. There seem to be as many different flavours of Linux as there are religions (and their followers are just as ferocious), but current poster child is Ubuntu, which is built upon best practice and designed to make things as easy as possible. I’ve chosen Debian however, as I’m new to managing a Linux server, so wanted to learn best practice for myself, rather than have it all done for me.

Apache, MySQL and PHP (Free / Open Source)

With the first letter of the LAMP abbreviation being filled by Debian above, the last three are filled by Apache (a web server), MySQL (a database) and PHP (a scripting language), which combined, power most of the Web sites I build.

SASS (Free / Open Source)

SASS is a CSS preprocessor written in Ruby which “makes CSS fun again”. It does this by adding a number of features sorely missing in vanilla CSS, including support for variables, calculations, functions and mixins. SASS files need to be compiled before they can be used, but this is handled by running a simple script on the command-line which does this automatically every time they’re saved.

FileZilla (Free / Open Source)

Although I use Git to deploy my sites, no web developer can survive without an FTP client, a piece of software that allows me to transfer files between two computers, such as the local machine and a server.

PuTTY (Free / Open Source)

This is an SSH client which allows me access to the command line of my remote servers. Nuff said.

KeePass (Free / Open Source)

As I mentioned in my article on the importance of a good password, in addition to keeping a secure copy of all my own login details, I have a duty to do the same for the login details of my clients. KeePass, an encrypted password manager makes this easy.

Optional

Although not needed to do my job, this list of software and applications which do make my job easier.

Synergy (Free / Donationware)

I work in an office full of iMacs (my own personal hell) and was given an iMac of my very own to use (f7u12) – so from my second day of working here I brought in my own Windows 7 laptop to use instead. Quickly realizing the benefits of being able to use two separate machines simultaneously however, lead me to Synergy: an application which allows me to share the keyboard and mouse of my Windows 7 machine with the iMac via the network.

DisplayFusion ($25)

Thats right, I’ve actually paid for something… Much like the aforementioned benefits surrounding the use of two separate computers, as a result of working for Propeller I discovered the benefits of having multiple monitors on a single computer. At a minimum DisplayFusion adds a taskbar to the second monitor, but also makes it easy to setup multi-monitor wallpapers, window snapping, and buttons which send the applications to the other monitor.

Conclusion

Wow, so while Chris’ one off costs amount to $1,779.98, mine are a fraction of that at $25 (and even that is optional extra).

By now however, I’m sure that many of you will be painfully aware that I’ve neglected to list Creative Suite (or even one of the many free alternatives such as GIMP or Pixlr) which accounted for $1,299 of Chris’ budget. This is because, as a developer (rather than a designer), I don’t actually have to do all that much image manipulation. What little I do do is limited to basic stuff like image cropping and sharpening, for which I do use Photoshop (a cost of $699, which thankfully has been absorbed by my various employers), but could just as easily do this using either of the free options listed above.

But even removing this from the equation only reduces Chris’ budget to $480.98, which is still   almost 20 times higher than mine. And it’s not even like I’m missing out on anything. I’m able to do my job as efficiently and comfortably as he does his.

Anyway, the next post in this series will be in response to Chris’ Monthly Service Costs – watch this space.

That isn’t to say that WordPress is bad – it isn’t – it’s just that for some of the projects I was working on, using WordPress was a bit like cracking a walnut with a sledgehammer.

Add to this the fact that the majority of our clients were having trouble understanding the WordPress administration interface (meaning that, more often than not, I ended up populating the content for them), I was looking for something better suited to the type of project I was working on.

Enter CouchCMS

CouchCMS is a lightweight content management system that is designed to work with pretty much any HTML template you wish to throw at it.

Unlike a lot of other CMSs I’ve used, which require that you convert your template into a theme (which, depending on the CMS at hand, can be hard work, not to meantion downright confusing for a beginner), Couch instead gets you to define the editable regions of your template via the addition of some special tags added to your existing markup, which it then uses to build the administration area of the site to your requirements.

But this post isn’t designed as a review of Couch (although if it was, it would probably say something like “two thumbs up”), or even a tutorial on how to use it - rather, the purpose of this post is to explain my plan to use Couch with Git.

Separation of data and logic

Since getting into Git I’ve discovered lots of really useful ways to make my life easier. For example, after following an article on how to Install and manage WordPress with Git, all the WordPress sites that I maintain on a daily basis are version controlled with the minimum of fuss, making it easy for me to update them as and when I need to.

This is achieved via the use of a submodule containing the core WordPress files (and nothing site specific), while the rest of the repository contained the bits specific to the site being built. This is very similar to the concept of the separation of  data and logic.

I wanted the same with Couch, but the default install has at least two folders (uploads, snippets) and one file (config.php) that exist within the main couch folder.

I made a post in the forum about this, and found that the aforementioned folders are easily moved, but without a config.php file in the correct place, Couch would just refuse to work. Although it looks as though the guy who wrote Couch might implement a fix for this himself at some point in the future, I’m impatient, so I made my own solution.

What I did

The solution, when you think about it, is really simple. First I made a copy of the default config.example.php file, renamed it config.php, then moved it into the root directory folder before customising its settings (while not forgetting to set the values for the uploads and snippets folders), then created a new config.php file in the couch folder with the following content:

<?php
$folder = dirname(dirname(__FILE__));
require $folder.'/config.php';

As you can see, this gets the path to the root folder (because relative paths don’t work), then uses it to require the config.php file that has all your settings in it.

Now that the couch folder is standalone, you’re free to do whatever you want with it, such as set it up as a submodule, or simply ignore it from your Git repository.

I’ve tested this with Couch 1.2.5 and 1.3-RC1, and so far as I can see, it works fine with both (although I can’t see any reason why it shouldn’t work with any version of Couch, past or future).

Once upon a time…

Once a year, at the start of the logging season, the greatest lumberjacks of world meet to take part in a competition. The rules are simple: using nothing more than an axe and their muscles, the person that fells the most wood, in the eight hours allocated, wins.

The morning of the competition is bitterly cold, but the competitors are high in spirits and ready for action. At exactly 9:00am a horn sounds, and the competitors run into the woods, chopping down everything in their path.

An hour later, Three-fingered Ole and Battle-axe Nelson are neck and neck, matching one another in speed, strength, and number of trees felled, leaving the others competitors for dust.

This is why it was such a shock when Battle-Axe sat down.

Three-fingered was a little confused by this, and having known Battle-Axe for years, knew it wasn’t because he was tired, but he didn’t have time to worry about it now, and laughed as he raced ahead.

Ten minutes later, Battle-Axe stood up and got back to work, but only for an hour, at which point he sat down for another ten minutes. In fact this happened every hour, despite the fact that all the other competitors just kept going.

As a second horn sounded to announce the end of the day, the competitors returned to base, and as they enjoyed a drink and some food, the winner was announced:

“And the winner is… Battle-Axe Nelson“.

Not only had Battle-Axe won the competition, but he had done so by a huge margin. Why do you think this was?

(scroll down for the answer)

The answer is simple: every time he sat down, he sharpened his axe.

The moral of the story

Now I realise that the vast majority of the people reading this blog don’t use an axe as a tool in their day job, but every one of you use your brain, and it is just as important to keep your brain sharp.

You’re the best person to know what you need to keep your brain sharp, but if I could offer some suggestions, I’d say:

• Always try to learn something new, you might just discover a better way of doing something.
• Make sure you plan new projects from the start, rather than jumping into them head first.
• And don’t overwork yourself.

In my opinion, It is better to take your time, and produce something of quality, than rush, and end up with a steaming pile…