05.09.2007

Microsoft MVPs: Chaosian, the Zone Advisor for VB.NET, was recently named to Microsoft's MVP program.

Sembee, a permanent fixture in this section of the newsletter, was not only the first of two members of the Savant club for reaching 10,000,000 points in a single zone (the other is angelIII, but he also received his second Genius certificate, in the Windows Server 2003 zone. Others reaching the 1,000,000 point level in a single zone were ozo in Math & Science, EDDYKT in Visual Basic, and leew, who earned his ranking in Windows 2003 Server, and thereby lost his spot as the highest-ranking member of the Hall of Fame without a Genius certificate. That honor now belongs to stevenlewis.

Other milestones recently reached include the 10,000,000 points overall mark, attained by war1, 8,000,000 points in the Java zone by objects, and CEHJ's 6,000,000 points, also in Java.

If you're reading this newsletter, you have probably already experienced the power of Experts Exchange and how it can save you from the direst of technology troubles. But how can we help those who live without the support of the best technology Experts in the world? Wouldn't you like to invite them in out of the cold and serve them a nice, warm cup of solutions?

Lend them a hand by using our new?del.icio.us,?Digg,?Google Bookmarks,?Yahoo Bookmarks,?Technorati and Windows Live Favorites (Internet Explorer users only)?buttons at the top of every question page. Share Experts Exchange or a "must have" solution with those in need via your favorite?social bookmarking?site. Bookmark an Expert's awesome solution on del.icio.us as a way of giving them additional kudos or see if the servers here at EE can handle the"Digg Effect"?by Digging a solution to Digg's front page!

Many tech savvy folks use social bookmarking sites to gather their own favorite, and most useful link, and to discover the favorites of their peers. We've made adding solutions to your collection of internet treasures easier for you by including buttons on each solution page for several popular social bookmarking sites. If your favorite bookmarking site is not listed, let us know by using the site feedback button at the top of any page.

Adding Experts Exchange to your favorite social bookmarking site will introduce new users to Experts Exchange, increase the number of questions asked, give Experts more opportunities to earn recognition and increase the number of solutions stored to our continually growing knowledgebase. Ultimately, spreading the word will benefit everybody involved in Experts Exchange! What are you waiting for?

IT professionals and webmasters, listen up. If you haven't heard about this already, you soon will. And if your company accepts online payments or processes credit cards you need to particular attention.

There's a new sheriff in town, one that has huge dollars behind it and the ability to affect your ability to process credit cards. How's that for a stick?

So who's the sheriff? The PCI Security Standards Council (PCISSC). Those of you who are already in their sights know that this group is not one you want to mess with. If you get a letter from your processor or credit card company, pay attention, it's not a gimmick. Companies that do not meet the Data Security Standard (DSS) requirements may be barred from processing credit cards, incur higher processing fees, and even face fines up to $500,000.

In September of 2006, a group of five leading payment brands including American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International announced the formation of the PCI Security Standards Council (PCISSC). The goal of the council is to ensure that merchants and service providers who send data electronically have taken steps to protect transactions. These requirements apply to all payment card network members, merchants and service providers that store, process or transmit cardholder data, and affect all payment channels, including retail (brick-and-mortar), mail/telephone order and e-commerce websites.

The PCISSC was formed because the credit card companies are tired of taking the hit of fraudulent charges. In the brick-and-mortar days, credit card fraud was a manageable expense; one that was just a cost of doing business and necessary to maintain consumer confidence. In today's world, criminals have taken advantage of loose security, wireless networks, and the Internet to the point where payment processors are faced with huge losses and staggering liability. It's easy to point the finger at the credit card companies or at the lax security of e-commerce applications and cry foul, but the fact remains that something needed to be done. While some may see this as overkill or deride the profit motive of the founders of the PCISSC, the reality is it will benefit all of us, webmasters, IT professionals and consumers alike.

Here's the lowdown: Everyone who processes electronic payments is required to comply with the DSS. No matter the size of your store or the number of transactions you process, you face the minimum requirement of performing a quarterly scan of your network and completing an annual self-assessment questionnaire. Of course, requirements increase based on number of transactions and type of business. For example, All processors and all payment gateways are required to have an on-site audit performed once a year.

The good news is, the PCISSC has done some of the work for you. They maintain a list of Approved Scanning Vendors (ASVs) who can perform the quarterly scans for you. And since this is required, the market is quickly becoming commoditized. Some of the ASVs offer one IP scan for free as an enticement to use their services while others offer scanning for as low as $25 per IP. So even though you are being held over a barrel, the costs aren't particularly high for the small merchants and eCommerce sites.

In the long run, this will be a good thing for the economy. It may sting a little, but the alternative is credit card companies pulling services from the small to mid-size merchants and websites. And if that happens, consumer confidence in online purchases would surely suffer.

You can find a complete list of the DSS by visiting https://www.pcisecuritystandards.org/tech/download_the_pci_dss.htm, and there's plenty of information available at the PCISSC's website.

zorvek, this year's "leader" in the points standings in the Excel zone, was on a tear May 1. First, he answered a question regarding appending data about two minutes after it was asked, prompting a response of "That was amazing. Thanks!" Then, he took his time, using about eight minutes to answer another question regarding using Excel charts in a Word document. Nice work, zorvek!

rdivilbiss, one of the Zone Advisors in the Web Development areas, managed to coax a laugh out of the asker while passing along a good answer.

An editor by trade a writer by avocation and an Expert by happenstance, ericpete is the person who puts together the newsletter for Experts Exchange.

I'll admit it: I was raised in print media, and while I spend time doing web development, I'm not one of those bells and whistles kinds of people. I like things simple and clean; to me, Google is the best example of what a website should be. There aren't a lot of questions one can ask about how to use it; its interface makes it obvious how it works. What I admire about the people at 37 signals, a Chicago-based design firm, is that they get it when it comes to web development. Sites need to work first and be pretty later; if people can't figure out how to use a site, they won't use it, and all the pretty and promotion in the world won't help.

Having said that, the other day we came across what has to be the best example of the worst of design in almost every sense of the word. One of the best ways of teaching people how to do things right is to show them how it's done wrong; by looking at just this one page -- it will take a while to load, unfortunately -- you can pretty much see how to not do web design.

The problem: where to start. I've always thought that websites are like buildings as much as anything; architects design buildings with the function of the building in mind, and then worry about what it looks like after that. You wouldn't design a library with a bunch of tiny rooms, one for each section of the Dewey Decimal System; as Hemingway noted, it should be a "clean, well-lighted place for books." Librarys are generally a few big rooms because how they function -- and when an architect goes to work, that's his first consideration. A web designer does the same thing; if he's doing his job, his first questions to his client are something along the lines of "what is it you want people to do, and how do you want them to do it?", and he builds on that.

Since, at their core, websites are manifestations of a communications medium, the matter of conveying information efficiently is the next factor. What do people need to know in order to use the site, and what steps does the site have to take in order to make it so that it is obvious to the user how to use the site? Aside from all the technical peculiarities our "best example" has -- no fewer than 29 scrolling marquees, rotating images that are more a distraction than they are informative, 1.3 mb of text (and you thought the help page took a long time to load), tables without padding, multiple typefaces, color combinations reminiscent of the mid-1960s... you get the idea -- it's damn near impossible to figure out what these people actually do.

Early on in my newspaper career (about age nine or ten), my father taught me that you get about four seconds to get someone's attention and hold it; people who looked at the dead-tree-medium back in the sixties were a lot more patient, because the web design gurus say you get about half that. So the next consideration for a designer: How do you get people's attention and hold it long enough for them to want to look at what you want them to look at?

I've been known to rip into marketing and advertising people on occasion, but some of them are brilliant. Thanks for the link, Jürgen!

In a word: content. If people are looking at a site trying to find information, they want it now; they don't want finding that information to be a scavenger hunt. That's not to denigrate the glitz of Flash-based sites; a picture is worth a thousand words, and what some people can do with Flash content is truly remarkable. But it's not the Flash that makes the site successful, with lots of traffic; it's the information transmitted using Flash.

If the site is one based on user-created content, then looking at the issues of what, where and how become that much more important. What are the things people are trying to do? What do they have to do to accomplish those tasks? Do we explain all the processes, and do they make sense? Have we made it too complicated? I'm guilty of that; I did a site once for a guy, and it did exactly what he wanted. The problems were a) that no one bothered to find out if users wanted to do what he wanted them to do; b) that it wasn't obvious to users that they could do what he wanted them to do; and c) that even if they could do it, how they did it was a bit of a chore. So they picked up the phone and called, or worse, went to someone else.

All too often, websites work the way they do because someone thinks they know what users want without checking first. That's not something that is solely a website issue; businesses come and go all the time because they don't change the menu, or stock new products, or modify their ways of doing business to adapt to the times; it wasn't all that long ago that Tadich Grill didn't take credit cards. Even the PC manufacturers are finding out that people don't want things they haven't asked for.

But for websites, that's a huge problem. Yes, the site needs to be at least a little attractive, just like the part of the front page of the newpaper that is above the fold needs to get the attention of passers-by. But in making it attractive, you're wasting precious time if you're not helping your user find his way around. Content isn't just the information -- the writing and images -- on the page; it's whether the information is relevant and useful. If it isn't, then get rid of it; sorry, but if I'm looking for a hosting service, I don't want to see photos of your dog everywhere.

Of course, I could be wrong.

The new site of Experts Exchange has brought forward a good number of ideas for improvements, some that have been suggested before, like a code tag for monospaced type or building a system to make it easier to close self-answered questions, and others that are new, like an an "Adopt A Member" program or making the comment ID number visible that are the result of changes to the systems since the new launch.

Experts Exchange truly appreciates the suggestions and ideas. The most effective way of making your voice heard about any system or change at EE -- whether it is something EE has added, or something you want EE to implement in the future -- is to use the Feedback link at the top of any page.

It's not that EE doesn't pay attention to the Suggestions, Input, New Topics, Feedback, and other zones on the site. It's that EE uses the email it receives through the Feedback link to help set priorities for which projects to tackle next. So please, use the form to let EE know what you want to see.

File this under "good advice that will be forgotten in three weeks": We came across 12 laws every blogger should know, and while EE isn't a blog per se, some of the rules apply, like the ones that pertain to the use of other people's content. One law that the author didn't include: If you're going to blog, make sure you have something to say, and try to stay within some ethical boundaries.

That time again: Nobody's life, liberty or property is safe when the legislature is in session, so all you US-based folks need to start writing your congressmen. There are a good number of them who want to let state and local governments tax Internet access and use. One of those states, Utah, has a couple of laws it has passed that were intended as moneymakers for the state, but are instead turning into financial disasters.

Site of the Week: BooMod sent us an idea that has a certain amount of merit. It is certainly a lot more friendly than suggesting someone return their computer to the vendor. Speaking of which, as the US politicians gear up for the 2008 elections, it is worth noting that they can't find -- or are not looking for -- the ANY key.

We told you so: The new Daylight Savings Time, which was supposed to save 100,000 barrels of oil a day, didn't., and more organizations are piling on YouTube.

Google Hell: For all you budding Search Engine Optimizers out there, Forbes had a fascinating article on the website equivalent of a mid-life crisis: finding out that your website has been moved to Google's "supplemental index". There are also some good tips on how to avoid it.

If a tree falls in the forest...: then as it turns out, it might not make a sound after all. Or it will, but it will be the sound of one hand clapping.

USPS, NCAA form partnership: The NCAA, the organization which makes a fortune for US universities by signing huge television contracts and otherwise makes the lives of coaches miserable, has instituted a ban on text messaging as a way of recruiting athletes to attend their schools. And while we're on the subject of US institutions of higher education, the MPAA has released its list of the top 25 schools in terms of movie piracy. At least one of those schools -- Ohio University -- has restricted file-sharing.

En requiem: David Halberstam, Pulitzer Prize winning author. His book, The Best and The Brightest, is stunning in its completeness.

Stop the world, I want to get off: "I have found the code quality, at least in terms of security, to be much better overall in Vista than Mac OS X 10.4. It is obvious from observing affected components in security patches that Microsoft's Security Development Lifecycle (SDL) has resulted in fewer vulnerabilities in newly-written code." So says Dino Dai Zovi, who won $10,000 for finding a vulnerability in Safari.

Lest we forget: Wang Xiaoning, who was in prison in China, filed suit against Yahoo because of it.

Signs of the Apocalypse: The IRS is still lousy about protecting taxpayer data, but the Department of Homeland Security is no longer flunking cybersecurity, but they are flunking when it comes to protecting the data of their employees. Maybe the OMB will get them moving. And Microsoft is suggesting that Google should be looked at for antitrust violations.

Susan Kirkland, one of the Zone Advisors for the Apple/Mac zones, sent me a note about her electric bill and the technology the power companies use to read your meters:

"Ever done anything on AMR? That's the automatic electric meter reading technology power companies use so they don't have to send a man out to your house. There's only one problem (which I discovered after some minor google research). It's called signal drift (duh) which is caused by cold temperatures.

"I've always been conscientious when it comes to energy. I turn the lights off when I leave the room -- maybe the nuns did that to me. Waste not, want not (?) who knows. Three months in a row, I got this "double what it usually is" power bill. I paid; I'm not one to question the power company. This month, I got a bill 6 times the usual usage. I went out to read the meter -- it said 8834. What did this mean? I looked at my bill; it said for usage from 9633 to 12363. I called and the high school graduate told me it was because I was using more electricity now that I had the heat on. She said to disconnect the breakers and see which one was eating up my power. When I mentioned the odd numbers on the meter, she sighed, as if I was arguing with her good sense (LOL) like sooooo many others who just didn't get it. They sent a man out to read the meter. He discovered the meter was malfunctioning. He put in a new meter. They will adjust my bill.

"How many times does this happen without your knowledge? Check your electric meters -- after all, it uses a modem to communicate the readings." At least she didn't say that they use Windows Vista.

I also came across a fascinating article at New Scientist Tech about how browsers are the new tool of choice for the nasty folks who create botnets. No one is safe, it seems; any site with any kind of security hole is a target for these guys, and the only thing you can do to protect yourself is hope that you don't fall victim to one before your antivirus software is updated. So for all you guys out there who might be tempted, don't go to that one site just to take a quick peek to see if "Candy" is really all that pretty without her clothes on. You could be getting more than you bargained for. Even legitimate sites can have the problem; Google recently removed some sponsored links that were actually links to the bad guys' websites.