How to Change the World

I read the comments on digg.com (not as long and edified as these here) and was floored by the last one down the screen:

Add a Comment
Join digg for free to comment on this story. Have an account already? Login to comment.

Friction-full commenting, Guy said so in # 11. Now that I comment here for the first time, I will soon know if I hit another #11. For a first impression we get one chance.

OK how about "Make cool blog posts you can print out and share with others or read and mark up in the coffee shop!" Having a "Printer Friendly" link for good readable content is a win!

Re: 13, checkout www.shortersigs.com. All the info you want in a signature, in just one URL.

James
http://shortersigs.com/5037NZNWDTDW

Other than this, the endlessly long webpages that should really split into an 'archive' (or page 2) ...

The "Recent Posts" sidebar makes for a nice navigation menu, but unfortunately, I still have to scroll down to find the menu.

Excellent post - the login-only-comments and impossible to read 'confirmation codes' are my biggest gripe with pages. I would, however, add a few more indepth ones:

1) Websites that don't allow 'tempinbox.com' as your email address provider but want you to sign up just to see what their site does (an expansion on your sign-up too early comment)

2) Webpages that are much wider than your browser window. Now I know I run my browser in 800x600 and the standard is seemingly now 1024x768 (?), but it is still frustrating as anything - scrolling down is fine, scrolling across is awkward.

Other than this, the endlessly long webpages that should really split into an 'archive' (or page 2), and the ridiculously slow speed that digg runs in Safari when i'm signed in - yet Flickr/Wikipedia etc. all run much faster.

Guy - Great post. Very relevant for me at this time. We had a long argument (discussion) last night about item #1. Some say immediate login or account creation is the wave of the future while others of us believe what you think. I see valid points on both sides but am interested to see what others think about the direction of privacy and forced sign-up on a going-forward basis.

Chris

"Yes" on the unreadable CAPTCHAs. Those are annoying.

"No" on the links to del.icio.us, Fark, Digg. These belong at the browser level or through manual user interaction. Placing these on your site (assuming your site isn't hype news oriented) is pitiful and degrading to your brand.

"No" on developing a site for browsers other than IE being "a lot of work". That's bullshit. If you develop to web standards it's precisely the opposite situation. It will work in all browsers *except* IE in many cases, with no added effort for making it work in Safari, Firefox, Opera, etc.

Funny, This morning I tried to have some information about TOGAF on the Open Group website.

I enjoyed a lot of "Hinder" : the barrier on entry is very high just for getting a decent definition of TOGAF.

After that experience, you start to Google for pdf or ppt or you go to Wikipedia instead of going to their site.

After that they complain they don't have enough certified architects (cfr ZapThink)...

I think I have been experiencing most of these barriers since 1997, on a lot of websites.

http://blog.guykawasaki.com/2007/01/the_top_ten_stu.html
http://www.costco.com/Browse/Product.aspx?Prodid=1119755

did u notice?

*************

Nothing much I can do about this. It's TypePad's methodology.

Guy

Fantastic writing skills you have, I seemed to read through your article in a minute, even though it was huge... You got yourself a new subscriber for sure :)

I also like the title of your blog.

Cheers
Aran

Robert Winder wrote: Marketing is critical to a business, but not when the consumer has a problem and needs to talk with someone to get their problem resolved.

In some organizations, this problem manifests itself in the form of a department for each marketing activity. This structure often hinders communication and offsets strategic alignment... unless there is a strong interdepartmental alliance supporting collaboration. Rare.

By the way, my last name is spelled -ay. "Ramsey" is a derivative prevalent in England. My heritage is predominantly Scottish.

Hey good post. I guess the only one i would take issue with is the #1, the log in. Although i agree in general with your point, but in some industries like real estate - asking for name and email before they access mls tools is wise. The perception is they are getting realtor access to a tool which motivated them to the website in the 1st place. EIther you offer them and they surf and leave for free (then whats the point of having a site) or you ask basic info up front and rely on those email followup skills. Just the 2 cents .. but hey thanks for the site- youve done an amazing job!

Guy, let me comment these items one by one:

1. Enforced immediate registration.
Some social networking services "accept" you only if you are registered. Privacy is the key! Facebook is a good example.

2. The long URL. The URL you provided is a search URL. As an engineer I can tell you that we put a lot of stuff the to be able to do whatever we need to do. Sometimes we want to protect the resource from being viewed by users other than you (that's right) because you have a permission to see the resource and other people don't. LinkedIn is a good example. What service should provide (or must) is a permalink wherever it's possible.

3. Windows that don’t generate URLs.
These are usually popups or frames. There are cases then you need them. What service should provide is a link to such popup if it's allowable/possible.

4. The unsearchable web site
Search can be so terrible that you don't want to see it. Good search cost money. On the other side if you see a good search result it means that site/service owners understand how to organize their information.

5. Sites without Digg, del.icio.us, and Fark bookmarks
And tomorrow we'll have yarks, shoopg and bonko. Should I drop old ones and add new ones? And by the way have you heard about the "huge traffic" fear? Yes, traffic can kill the service. BTW, you can add this to your new book. Traffic growth as one of the assumptions.

6. Limiting contact to email
I can understand the reason of "Contact Us" page existence. It helps to track the request and redirect it to the right person. What I don't understand is why they don't provide the simple emailto option as well. And yes, at some point company should start to display a phone number on the contacts page.

7. Lack of feeds and email lists
Some people just don't have good PR news or at least blog. Or they just afraid to be that open.

8. Requirement to re-type email addresses
If you are talking about contact lists there is one explanation I can think of. There are services which don't want all of your 7,703 contacts in their address book database.

9. User names cannot contain the “@” character
It's very simple. Some services don't want to take responsibilities exposing your email. That's why they need user name. There are tons of other reasons.

10. Case sensitive user names and passwords
This one is really stupid. Can't agree with you more.

11. Friction-full commenting
For many people it's just not a big deal. It's a matter of how many people (%) will sign up, If more than 50% of viewers are ready to sign up to be able to comment it's definitely worth it.

12. Unreadable confirmation codes
And I'd like them to think about color-blinded people too.

13. Emails without signatures
You cannot change the world Guy. People are lazy. And there are other reasons too.

BTW, this blog doesn't allow me to enter an email which is visible only for blog owner ;).

Great post Guy! Some additional pet peeves of mine:

1) All marketing follow-up check boxes checked by default. The default should *always* be opt-in not opt-out. When I see the boxes checked by default, it just makes me distrust the company.

2) Overly fussy password requirements: if I can't use my standard password, I usually don't complete the registration - it's too much to remember.

3) Confirmation email with password in cleartext. It has happened and it drives me crazy.

Morgan Ramsey wrote: In your opinion, marketing is noncritical? I'm deeply worried for any business in which you participate.

Marketing is critical to a business, but not when the consumer has a problem and needs to talk with someone to get their problem resolved.

Right on. But I tried to click a link to bookmark this on del.ioci.us because #5 is a great idea, but couldn't find the del.icio.us icon or link on the page.

Another pet peeve are comment boards that require name and e-mail address. If you have a well-policed comment system, anonymous comments are as valuable as registered comments.

One simple one I didn't see mentioned is load times. Just because I've got a broadband connection doesn't mean you need to completely fill it with some multimedia crapola. If your page takes more than a few seconds to load, I (and a suspect many others) will move on quickly.

My favorite CAPTCHA is on TicketMaster.com. You are trying to buy tickets - you need to create an account, each page provides you with a certain amount of time to complete the page or you lose the tickets. At the same time, they use the most insane, multicolored, blurred, CAPTCHA I have ever seen on a site. By attempt three you have timed out and lost your tickets. Nothing more enjoyable than that when trying to buy tickets to an event with massive demand. By the time you get another pair of tickets, if you are lucky enough to get them, you have much worse seats. That newly created ticketmaster.com account sure does make you feel happy about it though - what a great trade off...who wanted the good seats...I now have a ticketmaster.com login id and password!

I think it may be a practical joke set up by the programmers at TicketMaster.com..."Hey guys...check out how pissed this is gonna make people...but who cares, they can't go anywhere else to get the tickets...this will be hilarious!"

Did anyone else get amusement out of the fact that the post is titled top ten, and there are fourteen points listed?

* on FireFox and ActiveX: stop whining, guys - IE is there to stay. Until FireFox takes more than 25% of the market, few will be considering tuning their sites for FF as well. This is just business logic - why put 80% more efforts to please just 20% more clients, if you have limited resources?

* on Captcha: it is very easy to defeat any OCR - put a picture as Captcha and ask the visitor to type in the name of what is shown on the picture. Of course, this will require "localization" of the picture-word correspondence

I had to laugh at your number 12 - Unreadable confirmation codes. Thank goodness I'm not the only one who never get them right the first time!

Good post, Guy. Here are two more small peeves of this type that I didn't see mentioned yet:

1. When your phone number must be entered in a certain format. I would typically write my phone number like this -- 555.555.1212 -- but sometimes a form won't allow the periods. If this must happen, it's best when the exception comes back to you and there's the "proper" format, highlighted in bold red text, e.g. 555-555-1212. Worst is when you have to keep guessing what the format is. I've had to fill out forms where the phone # was required to proceed, and where the "proper" format was (555) 555-1212. *clenched teeth*

2. Another peeve is when a company I've already done business with has assigned me a customer ID . . . but then they don't allow me to just enter the ID to spare myself the burden of re-filling a form. This happened to me just today with a magazine subscription. I specifically save renewal notices and the like so I can skip steps when it comes time to renew -- but today I was foiled. The online form was frustrating enough that I ended up calling the toll-free # rather than filling it all out. Luckily for the company in question, it's in the small minority of merchants I would bother to do that for. Most of the time, if you make it too hard for me, I'll just figure I have better things to do.

"When do you suppose a standard format will emerge for transferring contacts?"

Actually there is one. It's called "vCard" and is supported cross-platform.

Hello Guy--again! I think your are just the "bees knees". But...the point about friction! Huh? I had to sign-up at Typekey to get in to your last blog last month. How many passwords can one handle? And this blog too states that I have to sign-up at Windows Live ID. Huh? Your point number 11, "Friction Full Commenting" is not authentic today. The rest of your points, it's all good. Thanks for the post.

**********

Marie,

I don't think you have to sing up with Typekey to leave a comment here. It says "If" you have an account, you can use it.

Also, the Microsoft thing is a screen shot to show an example of friction-full commenting. It's not for commenting on my blog.

Thanks,

Guy

Good assortment, don't forget spyware sites. Or sites that plaster adult ads on what would otherwise be a site intended for everyone.

Sites that lack creativity in design or feature. So many sites just copy the standard idea, and don't innovate. They see no need to innovate because they are making money without doing so, but this will cost them visitors and money in the long run.

Fantastic common sense articulation of the challenges faced when making the user experience exceptional. I would like to add
1. the notion of breadcrumb trails as a really useful way to help people get back to where they came from.

2. The ability to provide feedback on any apsect of the experience but set in the context of the moment the user felt the delight or pain. nothing accelerates improvement of bad websites and reinforcement of good design than feedback that is timely and easy to interpret in context of where the user was at the time they felt the way they did.

Love NetVibes it is similar if somewhat improved experience from the customised google homepage

Keep on blogging

Actually, supporting other browsers than Internet Explorer is not a lot of work. Supporting Internet Explorer is surprisingly what's difficult if you develop your web pages in a standard-adherent way. Your web pages will work out of the box in up-to-date browsers like Firefox, Opera and Safari if you just stick to the standards, plus the standards are well-explained and well-implemented and not something you have to hack and test and hack some more to get to work everywhere. Code once, deploy once.

Well, almost. Since Internet Explorer is so lousy at supporting standards, you may have to apply some hacks to get everything to work in that browser. But it's still a lot less work than coding for Internet Explorer first and then trying to hack everything back to how it should have been in the first place for all other browsers on the face of the planet.

Other than that, this is an excellent post and I agree with all of your assertions! :-)

How about companies that disallow valid email addresses?

For example, Air Canada will not send e-Tickets to customers who have two letter names in their email accounts. (xx@mycompany.com).

Great post!

If I had to add a couple of points they would be:

1) Avoid using PDF files for online reading. Coming across a PDF file while browsing, because it breaks a reader’s flow. Even simple things like printing or saving documents are difficult because standard browser commands don’t work. Layouts are often optimized for a sheet of paper, which rarely matches the size of the user’s browser window.

2) Emphasise immediately what your site offers & how it is different from competing sites. Websites are incredibly bad at explicitly stating what they offer users. Instead, they hide their offerings in generic marketese that makes very little impression on prospective customers. When users have needs, they typically query search engines and allocate only a few seconds to scan each of the sites that the search engine drags up.

Great post!

12. Yeah, those CAPTCHA codes are sometimes difficult to read. It's not only the characters but also the backgrounds. Sometimes the characters blend in too much with the background. Sometimes I'll have to kick off a magnifier app to read the damm codes. But what is even worse is when you type the wrong code, the page refreshes and what you wrote is cleared. Sheese! I've learned to copy what I wrote into my clipboard extender program before I click on anything that might clear the page.

14. I use FF browser. But as you note, some sites just don't want to support FF. MSNBC for instance. They require Active-X controls to work fully. I assume they refuse to support FF because they are part of MS$. Then there is myway.com. I used to use them as my home page as an alternative to Yahoo. But myway.com won't work w/o Active-X controls either. When I try to sign-in inside FF, I get:

The browser you're using is not allowing you to sign in to My Way.

Right now, your browser's settings are configured to disable cookies and/or javascript. In order to access your account, you must change your browser's settings to accept both cookies AND javascript.

Of course, both cookies and javascript ARE enabled. Communication with what passes for support over there was fruitless. So they lost a customer.

6. How about NO contact information at all? This becomes an acute problem when you are trying to register for a forum and for some unknown reason, the registration won't take. Like what I experienced at http://forum.zonelabs.org/zonelabs/ when I tried to register. I couldn't figure out how to register, so I couldn't post in the forum asking what the problem was. The Zonealarm reps all claimed they don't run the forum. The forum is hosted by Lithium. So I contacted Lithium and indirectly got the address of the person at Zonealarm responsible for the forums. He didn't know what the problem was but eventually it turned out that you weren't allowed to use digits in your username. Huh? Who've thunk? Last I checked, there still wasn't any email addr contact info posted on this forum. Doesn't matter to me though, I got rid of Zonealarm due to poor support.

Another example is Brother printers. There doesn't seem to be any way to contact them EXCEPT through email.

2. Here's one of those wonderful long URL's with all kinds of weird characters. I'm supposed to forward this to somebody?
http://www.pcworld.com/product/pricefinder/browse/category.html?id=11074&page=1&CMP=KNC-SEM&HBX_PK=pcw_01-CAM-SHOP-GEN&HBX_OU=50&tk=pcw_01-CAM-SHOP-GEN&gclid=COWOybfgh4oCFRznYAodgRuKeQ
.

And I'll add one more:
I block javascript by default using NoScript in FF until/if I choose to look deeper into the site or enter into a relationship with them. Which means that I have to choose to enable javascripting for the site. But then there are sites like http://blog.guykawasaki.com/2007/01/the_top_ten_stu.html where the list of javascript providers is literally longer than the height of my monitor (and I am running 1600x1200 on a 20" monitor). That's criminal!

That CostCo URL really needs only the first part, and even that could be easily reduced if they cared:

http://www.costco.com/Browse/Product.aspx?Prodid=11197553

Online catalogs should provide a short "Permalink" right there on the item page that can be shared around without this kind of URL hacking.

. png

Oh, what music to my ears! I, too, get extremely annoyed by many of these seemingly small but highly annoying things. A couple more of my pet peeves that I nitpicked about myself awhile ago http://tinyurl.com/2z6tj6 :

-No photo on the front of the blog or on the "about" page. I can understand if you are a disgruntled employee saying bitter things about your employer and have to disguise your identity, but if you have a business blog, put up your picture! It really helps to develop a feel for the leadership and employees of the company.

-I realize that this may apply to small businesses only, but I do come across emails from a businessperson that are shared with a spouse such as "billandtracy@smallbiz.com" I always feel slightly uncomfortable sending a message back, since I don't know who is reading it.

-Nothing more than meaningless marketing jargon on the "About the Company" page, such as "We provide high-end, Web 2.0 solutions to solve the go-to-market strategies of our clients." Huh? What about who founded the company, what is their interesting background, why do they choose to work here and what do they hope to accomplish? (of course, they should have a picture too!)

And if you can find a way to help Typepad wrap long URLs in the comments field, I will send you the chocolate of your choice. I have reverted to the "Tiny URL" solution(no idea as to your "you-r-ell" vs. "earl" conundrum) that you referred to.

Thanks for saving a lot of us a lot of pain.

All the best,
-Pam

I also agree especially on the case sensitive username and limiting characters for usernames, or especially limiting characters for passwords. I can understand extremely odd characters that maybe won't go well when meshed with a site's database, but even that is a weak reason with wide Unicode database implementations.

Not only does making the username case sensitive harder to remember (and usernames are rarely supposed to be the "secure" part of security schemes anyway, which would allow for the username as your email address or even to be displayed in places), but implementing character restrictions makes it easier for hackers to break passwords. It just means there are less passwords available to the user to use.

The list isn't bad, but number 12 is off the mark. I realize that it is a very annoying thing to enter in hard-to-read CAPTCHA codes, but if it were any easier, than computers could read them and beat them. Unfortunately, spammers are willing to go to the efforts to beat Yahoo and Google's CAPTCHA codes where it can, which means they need to make them harder for computers to beat. Adding a small amount of fuzziness is not going to cut it.

Also, I've never seen a CAPTCHA code that was case sensitive on characters like X, S, or Y (and the others like Z) that users would never know either way. Come to think of it, I do not remember ever seeing a case sensitive CAPTCHA at all, but I am probably just forgetting them.

Believe me, I don't have perfect vision (though correctable to 20/20 luckily), and I have had a CAPTCHA "get me" on occasion, but usually a second or two more to fix my problem is no big deal since I recognize what is at stake--on major sites this can be hundreds and thousands of spam messages every week. If it were my business, then I would want to avoid that too.

Bottom line is that if the creators of these images would start to allow the "close enough" ideal to go through than it would get many times easier for computers to guess the on screen representation since the "close enough" ideal would be implemented in a similar character's style equality (L = l = 1 = I). I understand that case insensitivity is a must because then it is just too confusing, but a 36 character variation (case insensitive alphabet + ten digits; probably nine since you lose 0 and maybe even eight by losing 5, but most people use 5 since the top half is noticably boxier than an S in normal fonts).

Also, I have never heard or seen number 2's "defense" given before in my life as a programmer. It is very easy to block requests for pages that users do not have the privileges to see, and a long URL is not one of them. The reason to have long URLs is usually because of a very large amount of searching mixed in with preferences (such as default order: ascending or descending). For example, go to Google and do a normal search and then do an Advanced Search. Notice the URL becomes huge.

A lot of "basic" search boxes hide the options available in Advanced Searches by simply doing the work for you and leaving the rest of the fields blank. In Costco's case, this is not the behavior and the length of their URL seems to be a mix of doing stuff for your and unnecessary complexity (notice they have the same thing repeated a few times: "billiard%20table" where %20 represents a space). Messing around with the URL, you will find out that billiard table is repeated because their search runs your search term through an autocorrection phase (change the "search" part to "billiard%20tabl" [note no e]) and it will have no effect, but change the Ntt part to that and it will inform you of a correction. Interestingly, if you enter it on your first go it will supply both "Ntt" and "search" spelled incorrectly. Again, seems like wasted complexity, but that is neither here nor there and I doubt it has anything to do with security.

Guy,

Another great post! Self-effacing, as usual; you should really take more credit for your thought leadership.

Kinkead Edsellers

Guy,

As usual, excellent stuff! Anyway for #14, there wouldn't be compatibility issues if we all use simple plain HTML and Flash just like this website http://www.gamoku.com - you can view it on practically any browser.

Robert Winder wrote: Sure email is a great way to stay in touch for non-critical things, like marketing ...

An or AN?

Sorry Guy, I'm always too quick to assume even though my boss told me long ago never to "assume" because it only makes an "ass out of you and me".

I've never heard URL pronounced as "earl" but others obviously use it:

http://www.eeicommunications.com/eye/utw/98apr.html

http://www.somebits.com/weblog/culture/urlWord.html

So "an URL" will look correct to some and incorrect to others; and most just won't care anyway.

Cheers,

Rob

I use one restriction for allowing comments on public forums: JavaScript must be enabled. Setting a hidden field to a value like 23+12*15 (use different algorithms for each site) with JavaScript and verifying it on the server is a very unobtrusive way to minimize spam. So far no spam bots that I know of run JavaScript...

Spot on! Or more like spot off! I heard you used to park cars at Apple.

Spot on, Guy!

All of your points are right. In true Orwellian fashion though, number 6 is more right than others.

There is no reason to prevent customers from contacting you, and blocking verbal communications is such a lame way to treat the reason you're still in business.

Sure email is a great way to stay in touch for non-critical things, like marketing, but what about when things go pear-shaped and you need to talk?

Put up a phone number, you just might learn something.

A or AN?

Great list and comments. One grammatical note though; it looks like your school teacher, like mine, taught you to always use "an" before a vowel. Hence, "an URL".

I researched this recently and the conclusion of the English language experts I found is that you use "an" when the sound of the following word is a vowel sound. So it should be "a URL" which sounds much more natural than "an URL". This is because “U” begins with a consonant sound, “y”, when spoken. Thus, you wouldn't say "he wore an uniform".

Compare with "an FBI agent" which sounds more natural than "a FBI agent". This is because "F" starts with a vowel sound, "e", when spoken.

Keep up the good work.

Cheers,

Rob

***********

Rob,

Actually, I thought about this a lot. I pronounce "URL" as "earl" not "you-are-el," so that's why I used "an."

The issue is, How is URL supposed to be pronounced?

Guy

Re: #10 and kaykfrink

You're right on this. If you halve the size of the alphabet you need to increase the length of your password by one bit (rather than one character). For short passwords this is more than covered by a single additional character.

Note that for longer passwords you may need to add several characters to get an equivalent level of security. For instance if your case-insensitive alphabet has 32 characters (reduced from say 64, for the sake of argument), one extra character will make up for halving the alphabet of a password with 5 characters or less, since a 5 bit string has 32 possible values.

For decent security your password should probably be longer than 5 characters. For a 5-10 character password you'll need to add 2 characters to get equivalent security. For 10-15 you'll need to add 3, and so on.

Once again it becomes an issue of balancing the risk of annoying your users and the risk of attackers getting into your site. This balance is more delicate than I previously suggested.

Thanks for catching my mistake.

Hi Guy - This is a great list - you had problems with Verizon too? That's why I switched to T-Mobile, but I digress.

In response to #14 - developing a truly cross-browser may be a lot of work, but the reason it is not done is usually laziness or lack of awareness of one's audience. If you're a PC shop, picking up a Mac Mini is small money to cross-test your sites.

Agree on the need for search function for large sites. I dislike the search functions that bring back many, many hits from within a website. How many important documents can a search from a retailer have? I would like to see a standard for seach engine functionality on websites.

Guy,

Great list! Many of the points made here can be the difference between conversion %, # registered, $ bottom line, etc.

These methodologies are indeed catered to an evolving WWW--2.0 or not--and have additional, unmentioned benefits, as well.

Cheers!

The #1 offender for item #1 is the real estate business. Pushy, pushy, pushy.

-jcr

I agree in part, but not all sites are trying to achieve the same goals. The site I work for used to include del.icio.us and digg links, but took them off because they generated worthless traffic. Similarly, email and RSS feeds are not fundamentally necessary if your content doesn't lend itself naturally to these technologies.

Good blog Guy. Your "The Top Ten Stupid Ways to Hinder Market Adoption" list contained twelve of my pet peeves.

Good Tips! Thank You!

Captchas are evil. They limit computer use for people with disabilities. :(

Another no-no is not allowing "+" characters in e-mail addresses.

"Plussed" addresses (like all GMAIL) addresses allow characters following the "+" to be ignored, thus giving a convenient way of tagging addresses to see if the website sells the e-mail addresses it collects to spammers.

For example, one could say his address is "BozoTezino+BiggySoft@webmail.con" whenever registering on the Biggysoft website.

Any mail not pertaining to Biggysoft products received but sent to "BozoTezino+BiggySoft@webmail.con" would be a dead giveaway that Biggysoft sells their contacts to spammers.

Sites that do not allow '+' in the e-mail address. It's perfectly valid according to the RFCs and it allows me to filter things on my end. So something like

dmagda+jan29_2007@ee.ryerson.ca

or

dmagda+test_com@ee.ryerson.ca

allows me to track where things come from, and if I ever start getting junk from one particular place creating a filter is dead simple.

Re: Number 10 and Website Security Services

I agree with number ten based both on the fact that is simplifies password entry and remembrance, but also because you really don't loose that much security. If you halve the number of characters, you don't need to double the length of the password to make up for it, you just need to add one. The math of passwords is exponential, not multiplicative. If, for example, you allow lower and upper case characters, plus the digits 0-9, each character in a password can be one of 62 possibilities. Now say somebody makes a four character long password. The number of possible passwords at that length is 62 ^ 4 = 14,776,336. If you take away the upper case letters, you now have 36 ^ 4 = 1,679,616 possibilities. If you just increase the length to 5 though, you now have 36 ^ 5 = 60,466,176 possibilities, and you have more than made up for the loss of possible characters.

= The Top Ten Things That Mildly Annoy Me When I'm Surfing (?)

I am just seeing if number 11 is true for this blog.

I guess not, but you still have #12.

Long live trying to sell things on your blog!

re: point #14 I've found that "supporting" Internet Explorer is a tremendous amount of work.

There are objective ways to measure compliance with W3C's HTML rendering standards, and IE is the absolute worst in every comparison.

So it's not those "other browsers" that are the problem. Breaking my site code in the specific ways IE wants me to costs about 15% of my development time.

Between Macintosh users and PC FireFox users, that's what, 30% of the internet? How is that a reasonable portion of the market to ignore? Last time I checked my logs IE 6/7 was only about 60% of net traffic.

Wisdom: Entertain your audience, feed the hungry, etc.

Enforced immediate registration.