Monday, September 16, 2013

Ask A Programmer - Part 1

Since starting my own custom software development company, I occasionally pick up small gigs on different programming sites like oDesk, Freelancer, and Fiverr. On one of those sites, someone offered to pay me to answer five six (after an additional question) questions for them. Since I write blog posts basically for free I decided to take this customer up on his offer. Below are his questions, and my responses.

This customer asked me about 'trust seals' in an email before he actually asked his five below questions.

1- Is it possible to have a badge shown on the url area. there is usually a site lock and ssl verification, what is the process of adding one of your own? say on the right?

A trust seal is basically an image that says your website is trusted. Most modern browsers show images in the URL area when a site is using a properly signed (by a trusted organization, not a self-signed) certificate for SSL. These type of trust seals are built into the web browser.

However, you can show other icons to represent the page. The favicon is an icon that people use to show a quick, small, image representing the page used for shortcuts. With modern browsers, those are not shown in the URL area, but along the title bar, or with the tab. I believe they USED to be shown in the URL, but a quick test on modern IE, modern Chrome and modern Firefox show that is no longer the case.

As far as I am aware, it is not possible to show icons in most standard browsers in the place the 'lock' (for recognized SSL sites) or the 'broken lock' (for sites that have SSL problems) go. 

However, I sometimes like to add the W3C validated image on a site that I make, after the W3C validation engine validates it. That is the only trust seal I've ever put into my site, and I put it in just as an image when I'm writing HTML. This is not in the URL area though.

I have no idea if this website is valid or not. I just added the trust seal here. 

2 and 3 - server and website verification( as i read on wikipedia ) performs tests on servers and websites to ensure that they are not vulnerable. Are these web crawlers that do this? What program scans so intensely and how do you go about creating one?

There are web crawlers that do this. Most of these crawlers are created by malicious individuals, and/or government organizations that want to find vulnerabilities and exploit them for their own purposes. Metasploit is a well developed program which will automatically attack targets using a set of canned exploits. Another program which is useful in fingerprinting systems to determine which versions of programs (services) they are running is called nmap.

Whenever I've created something like this, I used a programming language called Python  and a package called BeautifulSoup to scrape and post to websites. Basically, any programming language can be used to accomplish this, but some are better suited to accomplish it quicker. Depending on what people are targeting, they will use a combination of unknown ('zero day') exploits and widely available, extremely well know, vulnerabilities.

If you run a server online, and you run a service called secure shell (ssh), you will immediately (within 10 minutes) start seeing people 'rattling your keys' with common username / password combinations trying to login to your system. Whenever I put together a website using a system called Drupal, I start seeing bots (web crawlers) signing up for accounts, and posting random crap to the Drupal site. These are pieces of malicious software trying to exploit, trying to be annoying, or just put together as an experiment for someone to learn from.

All of this is a reason to keep your software up to date, and run software that you trust.

5- instagram app, being able to upload to different social networks and managing different accounts in one place, like instagram or whatever. Such platforms seem very easy to build or create, but are they? are they expensive to build and maintain?

Social networks that have millions of users are extremely complicated pieces of software. They rely on gigantic server farms, and took lots and lots of time to build. They are very time consuming and difficult to build and maintain. If I remember the Facebook book correctly, it took Mark Zuckerberg like 6 months of programming all the time to get Facebook even kind of usable, and he sounds like he was a bad-ass. Even then, they had a few servers and multiple programmers working on Facebook full time. Building a social network is not easy. I spent some time working on a project using a tool called Social Engine for a customer, and that was my one clear failure in the year of programming. That failure happened for a variety of reasons, but one reason was that the software for that is extremely complicated (and I did not know much about Zend, the underlying system on which it was built.)

This may not be true for small social networks built on top of Drupal or WordPress but eventually if your social network continues to grow you'll have to hire some super smart dudes.

6 - Like you I am an entrepreneur and the questions I asked before where purely for research. What I want to know is how willing are people in your end of the world ( America) willing to adopt new products. I live in Botswana and before I launch anything I always second guess myself because in Botswana, its not only super behind on technology it's also super conservative and.. well pretty african.
So how willing are businesses and people in general willing to try out new products given the times you find your self in? Just your opinion.

People in the United States are willing to try new technological and business things very quickly, if properly sold on the concept. I believe our technological skills in the United States are the best in the world, and so are our sales skills. American salespeople are always trying to convince potential customers to try something new (as long as you speak English.) We are always looking for ways to do things more efficiently, with more profit, less waste, and more fun. Our minimum wage is very, very high, which discourages companies and individuals from hiring minimum/low wage people. It is much more efficient to try and replace a low skill, minimum wage person with technology even if somewhat more expensive, because software and robots do not cause any of the problems that people can in our society. The high minimum wage, combined with the the pragmatism Americans have, make it so we are interested in trying new products, especially if they can go back to the old way if the new way isn't any better.


No comments: