The Lazy Load plugin has to be one of the best jQuery plugins I’ve seen yet. For image heavy sites, it will certainly take the edge off loading times.

Its really easy to implement too. You obviously need a reference to the jQuery library and a reference to the LazyLoad library:

<script type="text/javascript" src="jquery-1.4.1.min.js"></script>
<script type="text/javascript" src="jquery.lazyload.mini.js"></script>    

You then need the following javascript code to call the LazyLoad routine:

$(document).ready(function() {
    $(function() {
        $("img").lazyload({
            placeholder : "../images/grey.gif", 
            threshold : 50,
            effect: "fadeIn"
        });
    });
});

The example above will fade any images in within 50px of the page fold.

Nice.

About two months ago, a client suggested that they create their own security questions for the website that we were building them. I strongly advised against it over a several conversations, stating that we should use the standard questions, e.g. Mother’s maiden name. No, they were adamant. These questions were boring.

The result was questions like “What do you want for Christmas but never get?”. I agreed that they were great questions but advised again that they were not practical.

Two months after the site went live, I received an email from the client stating that users were contacting them saying that they could not remember their answers or were misspelling the answers.

I couldn’t say I told you so, but boy did I want to. The reason everyone uses the same security questions is because they work. They need to:

• Be personal to the user;
• Have an easily memorable answer;
• Have an answer not dependent on the mood of the user;
• Have a one word answer, preferably;

There is a good article here http://goodsecurityquestions.com/designing.htm.

Firstly, these “defensive code” articles are not meant to be a definitive, just practices I feel are important to the way I code. The reason I’m compiling this list is partly so that I can have a reference for myself, but also because I wanted to present something to the team I work in.

Input validation

There are two types of input validation:

• Input from an external source; and
• Input from within the application.

An external input may be a user submitting a form or it may be the stream from a file you are importing. Input from within your application may simply be the passing of variables as parameters from on method to the next.

In both cases I choose to take the stance that input is almost always likely to be invalid or just plain wrong.

External input

Regardless of the input, it is imperative that you check:

• The input exists
  
  There is no point further validating a null string or stream. This should be the first step in ANY input validation.
  
  
• The data should be of the correct format
  
  If a user inputs a value into a decimal field, it should be validated to ensure that the decimal has the correct point accuracy, e.g. 2 decimal places for a monetary value. This can be done without the need to cast the value.
  
  
• The input data is of the same type that is expected
  
  If a user inputs a value into a decimal field, the value should be validated to ensure that it is a decimal and not a string.
  
  
• The input data is within the correct boundaries
  

Obviously, there are scenarios where this is overkill. For example, you wouldn’t need to check that a textual input is of a string type! But regardless of the input method, these can all be applied to ensure that the data collected is valid.

Internal input

I think controlling internal input is easier, just more time consuming. Essentially, for any method, you should check that the values passed or pulled in are valid. Again, there are scenarios where this is not required but my personal rule is to assume that input is invalid.

You will hardly ever have to validate parameterized input is of a specific type as this can be defined by the parameter type. However, all the guidelines from above can be applied.

• Data exists;
• Data is in the expected format;
• Data is within the correct boundaries.

With values that are pulled in, i.e. not parameterized but maybe from a global variable, it is even more important that the guidelines from above are adhered to. This is because otherwise there is an assumption that some other process is validating the data pulled in, which of course you cannot rely on.

Consider the case that a class has a username property which is used in a method but not passed in via a parameter. In this case, it is worth having a separate, global method for handling the validation of the username, i.e. IsUsernameValid(). This way, other routines can make use of the same validation method.

So I recently attended a company away day where the morning was essentially hosted by the MD’s wife, also an MD of her own company and an advocate for NLP.

I’m a cynical person, I know that but I turned up anyway knowing what I was letting myself in for, thinking that all I have to is get through the morning to get to the fun-filled afternoon. But early in the morning session, the Mrs MD announced that she would be on the look out for “Mood Hoovers” and “Black Abbots” - people who suck the mood and fun out of situations. She would single them out and take them for a walk.

Now, I don’t know about you, but I find it very difficult to be happy on cue and I consider it insulting to think that I’m not allowed to be myself with my colleagues, friends etc. Yes, I could quite easily be considered a “mood hover” but I’m also a hard worker and had I known that a prerequisite for the away day was continuous levity I may have stayed away.

The thing I object to is people being forced to be something they don’t want to be or don’t need to be. The Mrs MD is a prime example of this ludicrous “self”-help mania-stricken world we live in, enforcing it on everyone else because they think we need it.

I don’t want to be told to “be happy or else”, that’s not how it works.

Away-days. An excuse for the management to inflict their bs strategic pipe dreams on us. Only you know that come the next away-day they’ll be giving you a different set of bs about a slightly different strategy because the last didn’t work quite the way they expected.

Now don’t get me wrong, management have a duty to the company they run/own to come up with the strategies but why is it that these new strategies always seem to involve the non-management working harder and having to handle more pressure whilst the management get a couple more holidays.

For example, our company’s new strategy is to build, host and manage ecommerce websites for companies that don’t have the facilities/budget to commission one themselves. In return a percentage of the sales will be kept by our company. Actually, its not a bad idea. But who’s going to pick up the extra work? A new team? New resources? No, that’s right, the existing employees who are expected to do the same work as before but now this as well.

So when the management say, “let’s have an away day to unveil the new strategy!” they may as well have said, “Let’s lure them from their homes and then rob them”. Ok, a little extreme but talk about sugaring the pill.

To be honest, once we got past the morning’s bullshit - the promises of potential exchanges with partners in exotic places and the pep talks convincing us that we are a slick, streamlined company – the afternoon’s frivolities were a lot of fun! So “bah humbug” me.

I just can’t get the thought from my head that the only strategy the company should have is “being better at what we currently do”. Is that too complicated? Although we haemorrhage money on every project because of our lack of process, our ideas and product delivery is good. Are the management thinking that expanding the business will automatically solve the process issues? They can’t be that naive. The strategy should be “lets shore up the processes in this company, train up these employees and make some real money!”. But no.

I would have settled for an email.