It happened again – someone tweeted me about a negative security experience and I just had to take a look:

C’mon, really? This can’t be for real. But a little more investigating and here we are:

This is bad (for reasons I’ll discuss shortly), but it’s far from isolated:

EE is over in the UK and they’re “the new network for your digital life” who brings you “4G and Fibre Broadband”. A quick look at All My Tweets and it seems that requesting passwords through Twitter is a standard operating procedure. So what’s wrong with all this? Let’s count the ways.

Everybody knows the easiest way to save yourself from SQL injection is to use object relational mappers (ORMs such as Entity Framework) or stored procedures, right? Often I see this becoming a mantra: “You don’t need to worry about SQLi if you’re using [Entity Framework | stored procedures]”. I also see the mantra blindly repeated and it’s wrong, very wrong.

Of course this isn’t new to many people but it’s worth a recap of just how easy SQLi in poorly implemented code using ORMs or stored procedures. So let’s exercise some SQLi on an app that uses not one, but both of these!

Three and a bit years on and it’s time for a change. Blogging has been good to me – very good – but I was starting to feel a bit like the plumber whose own house was full of leaky pipes.

Heavy markup burdened by Blogger’s propensity for in-page CSS, completely mobile unaware and as I’ve written before, not real friendly for those half a billion Chinese internet users. Plus of course, several years of design weariness which eventually leaves you feeling like you’re getting around in clothes from the 80s.

There are a whole bunch of things that change in the seemingly short timeframe that is three years, things worth sharing. So here it is – the meta post – the blog about the blog but far from being self-indulgent, I think there’s actually some useful stuff in here.