1. Home
  2. Blog
  3. Windows 10 gets pushy with Edge

Blog

Windows 10 gets pushy with Edge

Microsoft are a long time players in the browser wars with the Internet Explorer browser – but it has a problem, a branding problem – no matter how much they improve Internet Explorer it will always be remembered for it’s poor performance and inability to stick to web standards – making it equally frustrating for users and developers.

Enter Microsoft Edge – Microsoft’s new and improved browser that was first introduced with Windows 10. 

But even with the free upgrades to Windows 10 they’ve failed to make any real impact against Google Chrome.

What’s interesting is the ways Microsoft tries to encourage you to stick to use Edge, the default browser, in Windows 10.

Searching for other browsers. What’s the best use of Internet Explorer? – Searching for another browser. Microsoft have taken note of this and now when you use Bing, their search website, to search for another browser you get a little video advertisement promoting the benefits of Edge.

Windows 10 makes it harder to change browsers. In previous versions of Windows you would see a prompt and click to set the new browser as the default – but with Windows 10 you now need to click, wait for the ‘choose default apps’ window to open, navigate it and click and choose the new default browser. Making things harder to do is a strong tool to control what people do, and it’s clear what their objective is here.

Are you sure? Even after clicking through to change the browser you get Edge pushed at you with a message that reads:

Before you switch
Try Microsoft Edge - it's new, it's fast, and it's built for Windows 10.

Prompts when first loading another browser. Windows 10 knows all – and this includes when you first load another browser – you soon see a prompt that reads:

The recommended browser
Microsoft Edge was built for Windows 10.

Prompts when launching Edge. Even after all of this, if you go back to Edge you see another prompt which reads:

Do more with Microsoft Edge - the fast, new browser built for Windows 10.

This is a normal technique done by all browsers – but it is unique in that by this time you’ve already gone out of your way to change browser and dismissed several other prompts to change to back to Edge. 

 

Despite all these measures, since it’s release in 2015 Edge has only slowly increased in usage – but Google Chrome remains the biggest share in browser usage. 

Overall currently Internet Explorer and Edge have a 8% market share with Google Chrome having 58%

Reference: https://www.w3counter.com/trends 

Does this signal the end of Microsoft being in the browser war? Even when they have 75% of the operating system market they’re failing massively to convert users to their browser. Chrome appears destined to become the new term to describe an internet browser – much like Googling has for searching.

Why the Active Directory Users and Computers tool sucks

As an IT support worker it’s hard to go a day without using Active Directory Users and Computers (ADUC).

And yet even as a key tool to managing an Active Directory environment it has massive usability issues.

“Advanced Features” option

In the ‘view’ menu you’ll find a “Advanced Features” option – which is not enabled by default.

Once enabled a number of important options are available, for example when viewing a user you’ll see additional tabs – Published Certificates, Object, Security, COM+.

Why on earth is this even an option – who actually uses ADUC without this enabled!

Search box clears after switching filter

When you change the search filter from the default ‘Users, Contact, and Groups’ the search box changes, clearing the search term entered – sounds easy to remember right? Wrong ! Most still find themselves searching for a computer, then switching the the “Computer” filter and loosing the search term!

Missing “Additional Account Info” tab

For those that haven’t worked long enough in IT to remember – there used to be a non-standard addon (acctinfo.dll) that gave you an “additional account info” tab – with this you were able to easily check key information like:

  • password last set date/time
  • password expires date/time
  • password replication across domain controllers
  • locked state
  • last logged in date/time
  • last bad password date/time

This stopped working after Server 2008.

Free vs premium WordPress plugins

There are a huge number of WordPress plugins available to extend WordPress – this has contributed to the success of WordPress bringing it to power 27% of the internet’s websites.

Almost 50,000 free plugins are available from the WordPress plugin directory – as well as paid or “premium” plugins from third-parties.

But what’s the difference between the free and premium plugins?

Free plugins

Free removes the cost barrier to trying new software – it allows you to test out a plugin without committing – but it does come with more risk.

The WordPress plugin directory isn’t the only source for free plugins – many developers release plugins on their personal websites or GitHub and there are many third-party plugin directories.

However they’re not all equal – the official WordPress plugin directory has a strict quality control process that ensures plugins are not doing anything malicious or have security vulnerabilities. If security vulnerabilities are found they are fixed quickly by a community of developers that volunteer their time. Other sources may not have the same level of quality control – and for this reason extreme caution should be used when using free plugins from other sources.

Code quality

The WordPress plugin directory often serves as an entry point for developers to release a plugin and start building their online presence as a developer – this results in plugins that have various levels of code quality.

To avoid being caught with a “bad” code – be wary of new plugins and check the updates and support history to make sure the plugin is being actively maintained by the developer.

Support

Typically when getting something for free there is no expectation for support. This is particularly true with the official WordPress plugin directory – developers can provide support through the plugins support page but are in no way obligated to.

This is important to remember because if you rely on this plugin for running your website you may end up in all sorts of trouble if something goes wrong.

Updates

Plugins on the WordPress plugin directory can receive free updates – but like support there is no expectation for developers to provide ongoing updates.

An update to WordPress or a change to a browser could stop the plugin from working, again leaving you in all sorts of trouble.

Premium plugins

Premium plugins are available through third-party directories or directly from plugin developers. They are called “premium” because they are paid for – the prices vary but typically are between $30 – $300.

There are three main advantages to premium plugins –

  1. time and cost – you won’t need to develop the plugin
  2. support
  3. updates

Code quality

The code quality for premium plugins is typically better than free plugins – this is largely because developers are earning an income that provides them time to improve the code.

This isn’t always true – but you can avoid issues by sticking with the “big” plugins (e.g. Gravity Forms), reading reviews and checking the quality of the free plugins provided by the same developer.

Support

When you pay for a plugin you become the customer – this introduces an obligation for support under consumer law.

Support is typically provided for 6 or 12 months after the purchase and is limited to installing and configuring the plugin.

Always check how long support will be provided.

Updates

It’s in the best interests of a premium plugin developer to to keep the plugin functioning and introduce new features through updates – this provides support to current customers, ensures the plugin stays functional and introduces new features to entice more customers.

However, because premium plugins are provided outside of the WordPress plugin directory updates are not automatically provided – the developer will need to host their own update server.

Always check that the plugin comes with automatic updates – and for how long.

The curiously grey market of GPL licensing

What is the GPL?

When WordPress plugins and themes are released they’re typically licensed under the GPL (General Public License) – this spells out the rights and limitations to using the software.

Whilst licensing under the GPL isn’t a requirement, it is the preferred license as it used for software in the WordPress plugin and theme directories.

The GPL is all about making sure software is free to run, study, share and modify. This makes the software is free to distribute (and modify) as long as you acknowledge the author.

GPL and premium software

Whilst the GPL is about free access to open source software it doesn’t out rule charging a fee for the distribution (access to and download) of the software (and updates).

When you purchase a “premium” plugin or theme that is licensed under the GPL you’re really paying for distribution and access to support.

Enter the grey market

Nothing in the GPL forbids you from taking someone’s software and redistributing it (as long as you acknowledge the author) – in fact it encourages it because it’s what makes open source software grow so quickly.

Some people take advantage of this by simply taking the software and adding their own price to access it, normally without support or updates.

What I find interesting is there are markets dedicated to this activity – where you pay a few dollars instead of the full price to download the software – most don’t even hide that they’re a third-party.

Whilst this is perfectly legal, it undermines the value of the GPL and the business model that supports the development of the software. Without the income developers will be forced to focus on other activities or release under a more restrictive license.

Ultimately purchasing the software from the developer provides you with updates and support and funds future development that is in everyone’s interest.

 

 

For more information on GPL licensing and fees see:

https://www.gnu.org/licenses/gpl-faq.en.html#DoesTheGPLAllowRequireFee

Buying on the Envato Market is WAY harder than it should be

Having recently purchased an item off the Envato Market I was surprised at just how hard they make the whole process.

The expectation of consumers is a few clicks to select, pay for and download an item – but the Envato Market is nowhere near this simple.

Before looking at what the Envato Market does – let’s consider making a purchase on eBay as a first time buyer (no eBay account).

  1. Find item
  2. add to checkout
  3. checkout
  4. register + login
  5. choose PayPal for payment – login, confirm amount, billing/shipping detail
  6. purchase

Now compared to the Envato Market –

  1. Find item
  2. add to checkout
  3. checkout
  4. register + login
  5. add billing details
  6. purchase … but wait – there’s a $2 surcharge to pay, but you can instead transfer credits and not pay a surchage
  7. cancel checkout
  8. go to account and find credit transfer
  9. Confirm email before adding credits? OK – wait, still not email, try again – done !
  10. return to credit transfer … only accepts increments – $20, $30, $40, $50, $60 … that’s annoying my item is $59 and credit expires after 12 months
  11. add credit – choose PayPal for payment – login, confirm amount, billing/shipping detail
  12. purchase credit
  13. return to item
  14. add to checkout
  15. checkout
  16. now I have two items!
  17. remove original item
  18. choose credit for payment
  19. purchase + download

So purchasing on the Envato Market was three times harder than it really should have been and left me feeling rather disappointed with the whole process and cost me MORE than the actual item cost.

Let’s take a look at the issues here …

Finding the item

I just want to point out how difficult it is to actually find what you want on the Envato Market.

Every product I looked at used pictures of text – I can only assume that there are formatting limitations placed on sellers that force them to do this but it has massive implications for searching for key features.

Instead of using keywords to search for the features I was after I had to manually read through each item that was remotely relevant to find the one I needed.

This also has obvious SEO implications – Google can’t index the words in pictures which meant all my product research initially let me AWAY from the Envato Market.

Untrustworthy worthy review system

If items has only five star reviews – chances are the seller is refunding the purchase for people that have left a bad review. Why? Because it removes the negative review from the system.

This makes the review system completely untrustworthy because you’re only going to hear the positives about the item.

$2 surcharge – the hidden cost

I full well accept that payment processing is not cheap – but adding a surcharge should not be the answer.

It’s like running any business, the expenses need to be factored into the cost – NOT ADDED IN AS A HIDDEN COST AT TIME OF PURCHASE.

Confirming email address

Very rarely have I seen issues with a ‘please confirm your email address’ message not coming through – but with Envato the first one didn’t come through for at least 5 minutes – that’s 5 minutes where I, as the customer, may have just chosen to give up leaving a lost sale for the seller.

Credit increments

They don’t promote the credit increments as a way to avoid the surcharge – but a quick Google showed that many people have taken this path. But it still leaves you with a “surcharge” in the form of a dollar or so that you most likely wont spend before it expires.

Their credit increments come in 10’s – from $20 to $100. However, after looking at hundreds of items I didn’t see one that was being sold in any of these values. The majority were an odd number like $47 or $59.

So no matter how you cut it – you’re paying a FEE to pay for your item. Keep in mind, this isn’t passed onto the seller and is ON TOP of the commission they make from the sale.

Credit expiry

Any credits you have on Envato expire after 12 months and there’s no way to transfer it back to you before this happens.

Imagine if PayPal decided to expire your balance after 12 months!

Tax file number

When adding my billing details to my Envato account I saw a tax file number field – fantastic, that’ll be great on the invoice.

I pop it in, click save – “sorry this is in the wrong format” — but it was the correct format as provided by the tax number register – ## ### ### ###

Instead I had to save it with NO SPACES which IS NOT the correct format – ###########

A small gripe – but this is a meant to be a high quality market place. Forcing users to enter their tax file numbers in the incorrect format only because you insist spaces aren’t valid is not very reassuring. 

After purchase support

With any digital market place support is critical – however as far I can tell the Envato Market completely does away with this.

Instead I found myself directed to the developers website, registering another account and submitting a ticket to link my sale on the Envato Market to the support request.

I can see now why so many requests for support were placed in the review and comments sections – because there is none !

Updates

Envato does not provide any automatic update system or notifications.

Whilst you may be entitled to updates for a limited period after the purchase – you won’t know if there is one unless you constantly check the product page for any updates.

It’s possible for a seller to bundle the item with their own update system, since their using the Envato system to distribute their item, it’s highly likely they have their system for distributing updates.

Beware WordPress developers that rely on third-party plugins

When engaging a WordPress developer there’s one very simple but important question you must ask – do they develop or implement.

With hundreds of thousands of free plugins and many more premium plugins there’s an alarming trend of people claiming to be ‘WordPress developers’ but when it comes to the development they rely on these third-party plugins, earning themselves the title of ‘WordPress implementer’ and putting your project in a very dangerous territory.

What’s the difference?

A decent developer or implementer will listen to your requirements and work through them with you – however when it comes to the actual development, the developer will build a solution to your exact requirements and the implementer will start looking for solutions to each of your requirements, usually patching together several third-party solutions.

Why does it matter?

A developer or implement may be able to get the same results for your project, but what matters is how they achieve the results – as it affects the quality of the product, securitylicencing and the ongoing maintenance.

Quality

Plugin bloat is a well known fact in the WordPress community – the more plugins installed, the slower the site runs.

This is exactly what the implementer is doing to your site. They’re more than likely going to install multiple plugins with little regard to how the plugin affects your sites performance. Furthermore since the plugin is developed by a third-party developer for a the WordPress community it’s likely to be feature rich – features you most likely don’t need but contribute to the bloat.

On the other side the developer will use their expertise to code to your requirements – they will know 100% what code is running and when with no bloat.

Security

It’s highly unlikely the implementer is going to read through the plugins code, if they even could understand the code they would be much more likely to develop.

The third-party plugin is a point of weakness in your websites security – without knowing exactly what the code does your website could be open to any number of vulnerabilities.

Engaging a developer involves trust – if you’ve ended up with an implementer you need ask yourself – do I trust all these third-party plugin developers with my website?

Licencing

Licencing is something that’s easy to overlook, especially when you’re employing someone else to build the website.

With the developer you can simply stipulate no licence on the development, however when an implementer installs all those third-party plugins what they’re doing is making your agree to the terms of the third-party plugins. They may even be locking you into ongoing licence fees to the third-party plugin developer.

Maintenance

When you patch together several solutions you create a delicate balance that keeps things working.

When one plugin updates, that balance may break leaving your website broken.

When it comes to support instead of having the one developer that knows your code, you have several developers that may or may not be interested in supporting you.

tl;dr

I’m not advocating bespoke solutions for every project, I’m saying that people need to be aware of how their project will be achieved and what the implications are.

You need to ask – do I want a developed solution or an implemented Frankenstein patch work solution?

If you’re comfortable with an implemented solution, for each plugin you need to ask:

  1. Who developed it? Are they well established and trustworthy.
  2. When was it last updated? Is the plugin being maintained, does it work on the latest version of WordPress.
  3. Is it well supported? Is the third-party developer providing ongoing support.

And finally, remember that your site is only as secure and efficient as the code runs it.

Seven ways to speed up a WordPress site

Here’s a list of seven easy things you can do to speed up a WordPress website.

1. Remove plugins

Any plugins you have enabled are potentially slowing down your website – some times more than others.

Check your plugins page in wp-admin and remove any unnecessary plugins which you’re not using or can do without.

2. Optimize DB

If your site is more than a few months old, you should optimize your site database with a plugin like RGV optimize or Simple optimizer. These plugins will remove unnecessary junk from your site such as spam comments, post revisions etc. which will make your site database cleaner and perform better.

3. Limit post revisions

By default, WordPress keeps past revisions of posts, however most websites don’t need this.

Here’s a good article on how to disable or limit it.

4. W3 Cache plugin

This plugin which will cache your site, making page loads much faster.

5. Cloud flare

Cloud flare is a CDN network that will improvise your site performance, also – it’s free!

6. Analyse your site

Use a page speed analysis tool like Google Page Speed it will  tell you exactly how you can improve your site speed.

This can be a time consuming and technical process but in my experience always has good outcomes.

7. Consider changing host

If you’re still suffering from a sluggy WordPress site – it’s time to consider a better host or package.

Does your current host provide dedicated servers or a “faster” hosting package?

Or even look at finding a host that specialises in WordPess hosting.

10 tips for spotting phishing emails

‘Phishing’ emails are designed to convince the recipient to share his or her personal information with an Internet-based criminal. Usually they will pretend to be from a financial institution like PayPal or a bank but can also be from individuals offering a deal that’s too good to be true.

The personal information can be requested directly by email or by clicking on a link.

The term ‘phishing’ is a variant of the word ‘fishing’ which alludes to the way the emails lure their victims into taking the bait.

Below are the top 10 tips for spotting a phishing email.

1. Requesting personal information

The number one warning sign is that the email is requesting personal information – usually your name, paypal email, bank account details or street address. This information can be used to directly access your bank account or be used as proof of identity to access other resources.

To tackle the risk of phishing attacks most banks make it clear that they will never request information through email.

It also serves are an important reminder that email is insecure and NEVER an appropriate way to request personal information.

2. Awkward or impersonal greetings

Most, if not all, phishing email emails don’t refer to the recipient by name. Instead, they usually have a generic greeting such as, “Dear valued member.”

If you do believe an email is phishing and has used your name there is cause for concern – this implies the criminals already have some of your personal information. You should seriously think about changing your passwords and PIN numbers and watch your bank statement for fraudulent transactions.

3. Urgent language

Phishing emails often make the emails appear urgent – hoping to lure their victim before they have second thoughts.

They will usually say one of two things: that the recipient’s account has been suspended due to “security concerns” and he/she needs to take action to restore the account; or that the recipient’s account will be suspended soon if he/she does not act immediately.

If you’re facing this situation, stop and think – and if in doubt contact the source by phone to confirm the email is authentic.

4. Typos, spelling mistakes and poor grammar

Without a doubt the funniest part of phishing emails is the many mistakes they make with the English language.

Official emails from large corporations are proofed to ensure these mistakes are not sent to their clients.

Typical examples are ‘acounts’ rather than ‘accounts’ and ‘your information has need to be confirmed’.

If the email contains a link to a website check it carefully for two things –

  1. Is the text part of the link going to where the link part is.You can do this by hovering over the link, a pop up will display where the link actually goes to – are they the same?
  2. Is the link going to the official website?

6. The offer is too good to be true

If the email is claiming to be from a long lost family member or an Nigerian prince hit delete. After all, why would a Nigerian prince that you have never heard of contact you to help him smuggle money out of his country?

7. No prior contact

If the email is an unexpected contact from a company you have nothing to do with steer clear. Typically these are emails claiming you’ve won the lottery or the tax office offering your an instant refund.

8. You’re asked to send money to cover expenses

A clear sign that you’re looking at a phishing emails is that you’re being asked for money to access the offer – such as a ‘small fee’ to claim your lottery winnings.

9. The email makes unrealistic threats

Looking at the darker side of phishing – sometimes the emails will be making threats. The threats are usually blackmail or murder – no laughing matter.

If you receive a threatening email through a work email account contact your IT or HR department – there should be a process in place to measure the threat and involve law enforcement.

If it’s a personal email account you have the option of contacting the local authorities but it is unlikely they will take it seriously unless there is another reason to. Simply hit delete and try not to think about it.

10. Something just doesn’t look right

And finally, gut feeling is the best measure.

If there’s something that just doesn’t feel right DO NOT interact with the email – don’t click on the links, don’t reply – just delete it.

If you do believe an email is phishing and has used your name there is cause for concern – this implies the criminals already have some of your personal information. You should seriously think about changing your passwords and PIN numbers and watch your bank statement for fraudulent transactions.

3. Urgent language

Phishing emails often make the emails appear urgent – hoping to lure their victim before they have second thoughts.

They will usually say one of two things: that the recipient’s account has been suspended due to “security concerns” and he/she needs to take action to restore the account; or that the recipient’s account will be suspended soon if he/she does not act immediately.

If you’re facing this situation, stop and think – and if in doubt contact the source by phone to confirm the email is authentic.

4. Typos, spelling mistakes and poor grammar

Without a doubt the funniest part of phishing emails is the many mistakes they make with the English language.

Official emails from large corporations are proofed to ensure these mistakes are not sent to their clients.

Typical examples are ‘acounts’ rather than ‘accounts’ and ‘your information has need to be confirmed’.

If the email contains a link to a website check it carefully for two things –

  1. Is the text part of the link going to where the link part is.You can do this by hovering over the link, a pop up will display where the link actually goes to – are they the same?
  2. Is the link going to the official website?

6. The offer is too good to be true

If the email is claiming to be from a long lost family member or an Nigerian prince hit delete. After all, why would a Nigerian prince that you have never heard of contact you to help him smuggle money out of his country?

7. No prior contact

If the email is an unexpected contact from a company you have nothing to do with steer clear. Typically these are emails claiming you’ve won the lottery or the tax office offering your an instant refund.

8. You’re asked to send money to cover expenses

A clear sign that you’re looking at a phishing emails is that you’re being asked for money to access the offer – such as a ‘small fee’ to claim your lottery winnings.

9. The email makes unrealistic threats

Looking at the darker side of phishing – sometimes the emails will be making threats. The threats are usually blackmail or murder – no laughing matter.

If you receive a threatening email through a work email account contact your IT or HR department – there should be a process in place to measure the threat and involve law enforcement.

If it’s a personal email account you have the option of contacting the local authorities but it is unlikely they will take it seriously unless there is another reason to. Simply hit delete and try not to think about it.

10. Something just doesn’t look right

And finally, gut feeling is the best measure.

If there’s something that just doesn’t feel right DO NOT interact with the email – don’t click on the links, don’t reply – just delete it.