RDM630 125KHz RFID reading with the Arduino Mega 2560 R3

This howto is for the RDM630 125Khz RFID module – UART board. Seeedstudio and Spec Sheet.

There are a few chunks of code on the internet that will get the RDM630 up and running on an Uno, but those don’t seem to work on the Mega. There are also a few examples of code that sort-of works, but not reliably, and does not check the checksum etc. I stated with these and then kept on hacking until I got it to work 100%.


So, firstly, a few things that you should know before we start:

  • Many of the code examples work fine with an Uno (using Software Serial) but I’m starting to learn that the Mega doesn’t like Software Serial. I’ve found a few instances of people saying (anecdotally) that Software Serial is “not supported” on the Mega, and even though it works, it’s buggy, and there are patches blah blah. Luckily we have 4 hardware serial ports, so lets use those.
  • You only need to use +5V, GND and one pin (TX) to connect the board to your Mega.
  • You will notice the delay(20); in my code. That gives the board time to bring up the serial connection before trying to read data for it. Without that you’ll get garbage 90% of the time.
  • There are various methods for reading. I’m using a hybrid of various approaches from the internets that uses Serial1.available() as a signal that a tag has been swiped and explicitly reads 14 bytes.
  • I am also explicitly closing and restarting the the Serial1 connection after reading a tag. I do this because the code was working until I left a tag in range for longer than about 5 seconds, at which point Serial1 would get confused and the counter would overrun. This approach does slow things down, but since you can still scan about 4 tags a second (way more than you’ll need to in real life) you’ll be fine.
  • This approach uses pointers, buffers and some confusing snprintf and sscanf functions to extract and convert the 14 bytes from the tag into the various bits and pieces (RFID Tags have checksums, and the unique number itself is stored in HEX). That stuff is hard to grok, but luckily you can chose to either make an effort to understand it or just use the code as-is.

Right. Wiring.

Look at the spec sheet. On pin-set one, pins 4 and 5 go to GND and +5V respectively, with  pin 1 going to Pin 19 on your Arduino Mega (RX for Serial1). That’s all.

Now the code:

uint8_t buffer[14];
uint8_t* buffer_at;
uint8_t* buffer_end = buffer + sizeof(buffer);

String checksum;
boolean tagfound = false;

void setup()
    Serial.println("Serial Ready");

    Serial.println("RFID Ready");

void loop()
    if (Serial1.available()){
        buffer_at = buffer;

        while ( buffer_at < buffer_end )
            *buffer_at++ = Serial1.read();
        tagfound = true;

    if (tagfound){
        buffer_at = buffer;
        uint32_t result = 0;

        // Skip the preamble
        // Accumulate the checksum, starting with the first value
        uint8_t checksum = rfid_get_next();
        // We are looking for 4 more values
        int i = 4;
            // Grab the next value
            uint8_t value = rfid_get_next();
            // Add it into the result
            result <<= 8;
            result |= value;
            // Xor it into the checksum
            checksum ^= value;
        // Pull out the checksum from the data
        uint8_t data_checksum = rfid_get_next();

        // Print the result
        Serial.print("Tag: ");
        if ( checksum == data_checksum )
            Serial.println(" OK");
            Serial.println(" CHECKSUM FAILED");
        // We're done processing, so there is no current value

        tagfound = false;


uint8_t rfid_get_next(void)
    // sscanf needs a 2-byte space to put the result but we
    // only need one byte.
    uint16_t hexresult;
    // Working space to assemble each byte
    static char byte_chars[3];
    // Pull out one byte from this position in the stream
    buffer_at += 2;
    return static_cast<uint8_t>(hexresult);

Now connect it up, open your Serial Monitor and swipe a tag. You should see the tags being read, with their decimal value (often the number that’s printed on them) printed out.

My three tags look like so:

Serial Ready
RFID Ready
Reading: 695592 OK
Reading: 721129 OK
Reading: 1430936 OK

I stole a large chunk of code from ManicBug’s blog post, and got a lot of help from the great people in #arduino on Freenode.  Thanks!


20 Pieces of Startup Advice I Should Have Posted A Long Time Ago

Disclaimer: I am not a successful tech entrepreneur, so you probably shouldn’t read this.

  1. Build what people need and build it in the quickest and easiest (read hackiest) way possible that is barely acceptable to them. There are a lot of very bad implementations out there making millions right now.
  2. Do not build what you want (or what you think people need/want). As a tech entrepreneur you are an anomaly. Most people don’t care about the things you care about. eg. “I want a way to sync my scrobbles to my own server in case LastFM gets taken down by the FBI.” – Only 5 people care about this.
  3. Build products around use cases, NOT use cases around products.
    If you can’t explain what your product does in 20 seconds then you don’t have a product, you have a big idea. Unless you have unlimited resources and funding you’re going to need to tame your idea. Find a specific implementation of your big idea in action that resonates with the masses and run with that. If building that specific instance of your idea doesn’t sound sexy enough, think about how sexy it is going to be when you go back to your old boss and ask for a job. Once you’re making a profit off your not-so-sexy idea you can start self-funding your big idea.
  4. Big ideas don’t get funding. Google was not a big idea, it was a vastly better search engine in a market flooded with search engines. It was a product. Angels and VCs need to be able to understand your idea and then be able to communicate your idea to other people who will also understand it and immediately see how it will make money.
  5. Don’t let VCs lead you down the garden path and never commit. They’re doing you a disservice. If they truly like your idea and believe in you they can do their due diligence in 2 weeks and have (some) money in your bank account in a month. Too often it seems that VCs who don’t really “get” an idea are too scared to tell the founders to go away, just in case their idea starts to make sense. (No one wants to be the record exec who told the Beatles to go away). But this can give youa false  impression of how good your idea is, because if a VC seems interested, then surely your idea is a good one, right?
  6. Don’t make friends with VCs. Friends don’t want to tell friends that they “don’t really get it“, or more specifically that they “get it, but don’t see how you will be able to sell enough of it“. This kind of feedback can too easily come off as a personal insult for anyone to ever say it… so they’ll lead you on in the hope that one day you’ll say something to convince them because they really want you to do well.
  7. Don’t get too personal or precious about your idea. You are a smart, attractive person with great hair and a wonderful personality, you don’t need your product to validate your worth. Getting too personal about your product leaves you unable to change anything because it’s like gazing into the eyes of your beautiful new born baby and wishing they had been born with with nicer ears. You need to be ready to dump that baby in the dumpster at a moments notice.
  8. It’s all about cash, sales and runways. Building the product is the easy bit. Any nerd with a laptop can build a product. Selling it is HARD. You need to realise up front that your “tech startup” is 90% on-the-street-corner-sales. If you think you’re immune to this you’re a fool. If you aren’t earning 50% of what you need to break even after 50% of your runway you are in trouble.
  9. If your runway is 100 meters long, you need to be selling your product at 25m. The next 75m is refine, sell, refine, sell, repeat.
  10. Make sure know how long your runway is from day 1. Count down in days, have it up on the wall in big print.
  11. If you can’t build a product that people would pay for in 25m, make it simpler. If you don’t think you can sell this new simplified product then charge less for it or try and find some more runway… But figure this all out before you start.
  12. If you think you have a longer runway because you will obviously get more funding, don’t quit your day job. Negotiate all your funding before you quit your job. You might need to develop an MVP to get this funding. Do that at night or on weekends.
  13. Selling isn’t sexy but don’t avoid it. Rather get your hands dirty from day one so that you get used to the smell. (You’ll also get better at not stinking up the room every time you try)
  14. You need to realise that there is a difference between what people are impressed by and what they will pay for. If you’re removing some significant pain or frustration from their life, they might not be impressed but they will pay for it. People pay for lots of very unsexy things all the time.
  15. Design and field-test products until something resonates. Mock something up in photoshop and then go and see if you can sell it. You need to get to the point where someone is willing to give you cash out of their wallet in order to go home and use your thing.
  16. Sell to people you don’t know and who don’t know you. If you’re going to be successful then 99.9999% of your market is going to be people who have never met you, so why would test your sales on people who know you? Firstly they’re biased (they want to help you and may even give you their hard earned money out of guilt/pity/just-to-be-nice) and secondly, you have insider knowledge– you know who to sell to and which of your friends to not even bother with. That’s not reality.
  17. If there is more than one of you in the startup, don’t assume roles like “sales guy” and “coder”. Send the coder out to sell (especially when you’re still faking it)… He/She might just surprise you, and, at the very least they’ll learn more about how the product fits in the real world.
  18. Get a simple office (or even a room in the back of someone else’s office). Be there every day from 9 until 5 (or 10 till 6, or 11 till 7 etc) from day 1. Stick things on the walls, decorate your corner… get a crappy coffee machine. There is something about a humble office that will bring out the best in you. Working from someone’s home, even if you all work together just doesn’t have the same effect.
  19. Don’t believe everything you read on the internet.
  20. Read The Personal MBA before you start. Even if you have an MBA.

Danny the capturer of the world.

Many years ago I worked at company that sold widgets. These widgets were very complicated and required lots of customisation. The company had developed a pretty large piece of software to help their sales people build complex widget quotes with lots of line items.

This company also had a big off the shelf enterprise accounting system that handled their real accounts.

I had worked at the company for almost 2 years as a software developer when one day I found myself sitting in the accounts department helping Danny with something unrelated. It was then that I learnt what Danny from Accounts actually did.

Every morning Danny would print out the previous days ‘accepted’ quotes from the quoting software resulting in a small pile of paper, one for each customer, with hundreds of line items, for every day. Then, using a ruler and pen to scratch out the lines, he would manually re-enter all of the customer data and their quote information, line item by line item, into the big accounting system. This process took him most of the day, sometimes more if business was good. He occasionally made mistakes that either cost the company lots of money or pissed off the customers.

As a software developer I knew that both systems ran off MSSQL databases. I knew that all the relevent information probably already existed to do the “job” programmatically. I knew that it would probably take a day or two to write a piece of software that did Danny’s job, perfectly every time, in a few milliseconds.

Danny had been doing that job for almost 6 years.

Since that day, whenever I start working with a new company, I try my best to meet everyone and get an idea for what they do and how they do it before I put my head down and start trying to solve any problems. That habit has served me well. In a team of ba/tech/strat/arch people I’m often the only one who knows how the accounts actually work, or how the stock is really procured, or what the weird hippies on the third floor do. (They’re always copywriters.)

But I’m not trying to pretend I have special powers. My point is that you can never assume that other people will have looked at problems like you do, with your knowledge-set. Most of the time other people won’t even see something like that as a “problem”. Danny’s boss never thought to question the process that admittedly pre-dated him. They all have no idea what SQL is and neither should they need to. It’s not their job. It’s yours. (Assuming you’re in a tech field)

What really excites me is how this kind of technology-discovery can be applied to people who traditionally live without the exposure to technology that we do. We now live in world where mobile phones can do things that sometimes even I think are quite magical (think SoundHound and Shazaam). I don’t know what “Danny the capturer of the world” situations exist in an under-resourced high school in a Soweto. I don’t know what efficiencies might just be waiting to be discovered in a clinic in Khayelitsha. I am however convinced that if a large corporate focused solely on profits with a really good, international, management team and a chartered accountant CFO all couldn’t spot that Danny was unintentionally wasting his time (and their money), then I can only imagine what amazing, albeit probably simple, tech-opportunities are waiting to be discovered in the “real” world.

I may not be ready to tackle the townships just yet, and I’m by no means assuming that there aren’t already smart people doing this kind of stuff, but I do look forward to one day being able to spend a few weeks immersed in the daily grind of a township school teacher or a minimum-wage worker, and maybe finding some way to bring a little bit of technological awesomeness and efficiency to their lives.

I know you’re wondering. I did write that software and Danny did need to click a button every morning and watch as the script whizzed by in less than a second, but he didn’t lose his job, instead he was able to move on to tackling more challenging things that actually needed his accounting skills. Everyone’s a winner.

Content and delivery.

Recently a friend who’s in the magazine industry was complaining about how their company (who is a very large media company) continually cut the magazine budgets while  spending gob-loads of money on their “Online” and “Mobile” people. The techies have access to iPads, iPhones and brand new Macbook Pros, while just down the passage there are magazine teams, retrenched to a fraction of their previous size, running on 10 year old macs.

The print-media industry is no doubt floundering. Seeing demand for their products dropping by significant numbers every year (We’re talking overall sales figures of around 20% what they were 10 years ago) while ad-sales is becoming more and more brutal due to the “global economy”, but probably more realistically because they’re losing ad sales to online channels. Fewer people want to buy newspapers and magazines and they media industry is making less and less (from ad sales) off the reduced distribution numbers.

So you can imagine the kind of pressure the industry is in and how incredibly easy it would be to come to the very foolish conclusion that the correct remedy is to spend those gob-loads on “Online” or “Mobile” to the detriment of the content producers.

My father was a printer, technically an offset lithography “machine minder”. He was badly paid, worked long shifts, went to work in blue overalls and came home covered in ink. The work was tough. You needed to have an expert eye, understand some of the chemistry, have delicate hands and be able to perform running repairs on dangerous machines. We’re talking about giant room sized printers and the “minder” having the ability to hear that the third roller bearing on the transfer shaft dingle dangle needed oil in the next 30 minutes or the machine would fail. (I’m paraphrasing)

The reason my dad was badly paid even though his job required so much skill was because lithography was an old technology. The mystique had been removed from the process hundreds of years earlier and the machines looked after themselves just enough to allow an unskilled worker become fully skilled in 3 years of on the job training.

The technology was mature and there was solid competition in the market. This drove the printing prices down, which pushed the salaries down, which meant that eventually the job of “machine minder” was only slightly more attractive a career than something like panel beating.

Compounding this, in the last 30 years printing has evolved to the point where the machines are easier to use, faster and even more reliable. Instead of hiring one or two “minders” per machine you can now have a few roaming engineers for an entire factory of printers. Putting ink on paper has never been cheaper.

My father moved to the publishing world about 30 years ago and has been wearing chinos to work ever since… Though I’m pretty sure he would still prefer to deal with machines than colleagues.

The costs and skill required to deliver content will always drop. Technology takes care of that, whether it’s a slightly more reliable room sized printer, or software that makes building an iPad app easier, the world is pre-programmed to make processes more efficient.

However, We will never have Artificial Intelligence that can drive to Darling and write about an Evita Bezuidenhout show, take photographs of the flowers in the Karoo or write about swimming with dolphins on a cool Sunday morning.

100 years ago quality content made money… Nothing has changed and it is unlikely to ever change. How content is delivered should never become more important than the content itself.

You might be able to wow people with your swanky iPad application with annoying faux-turning-pages animations, but eventually, just like the printing press, the technology will mature and everyone will be building swanky iPad apps. The cost involved in building those apps will drop and the big boys will be consistently competing against small, leaner, startup content producers. It took hundreds of years to get the cost of printing so low that we could print a daily newspaper and sell it to the masses. The cost of producing an Ipad app drops constantly and, as the technology evolves, it becomes trivially easy for anyone with some good ideas and camera to create something that other people want… and god forbid, would actually pay money for.

So, if you happen to be the CEO of some big ass media giant, spare a thought for Gutenberg and then Google “ios and android development frameworks” before deciding not to buy your content producers some decent computers. You could even do it on your iPad.

There is no spoon – The challenge of unlimited bandwidth in a limited world.

Change is constant. With increased international capacity it was inevitable that ISPs would eventually enter a price war. It was MWEB, a traditionally not-so-forward-thinking ISP, who shot first.

Uncapped internet for a price that didn’t seem insane – Terms and Conditions apply... It didn’t take long (a few minutes actually) before the nerds were frothing at the mouth over what seemed to be overly-burdensome (and in some cases just-plain-stupid) regulations. Rules like “No unattended downloading” being one of them… while in principle most people understood the ethos, the unfortunate reality is that rules shouldn’t be _made_ to be broken… and telling an old granny she can’t go make a cup of tea while her email downloads is simply not intelligent.

The problem is simple. Internet Service Providers have a limited resource and they are selling it on as an unlimited resource… It’s the all-you-can-eat ribs special, only in a digital world, where the limit to how much you can eat is simply a question of how big your hard drive is.

Most of the nerdosphere understood that ISP’s would have to enforce some limitations, and in fact, most ISPs worldwide have some form of Acceptable Usage Policy. The difference being that the kind of numbers that constitute abuse are generally in the range of hundreds of gigabytes/terabytes per month, and then only after consecutive months of “abuse”.

The problem in SA is that the business model is really hard to get right because it revolves around a number of unknowns:
1. What can we offer that’s good enough to a) Attract customers. b) Be called uncapped. c) Not piss off the nerdosphere. ?
2. How many customers can we sell this to?
3. What will the average usage of those customers be? (Ubernerds download a lot more than your Granny)
4. If we scale up operations because of a surge of new customers, how can we be sure those customers will hang around to support the increased running costs?

Additionally, ISPs are obviously terrified to not enter the market because not having an uncapped option will inevitably mean losing pretty much every customer who isn’t living under a rock.

So, possibly with a fair dose of fear and trepidation, a number of other ISPs quickly entered the market with their own offerings, all clambering to try and get that business model right.

Some ISPs even appear to have decided to start selling the product before they figured out what that business model would be. A bold move that cost the likes of Afrihost a fair amount of pain when they realised they needed to implement a soft cap (they call it something else) at 60gb. That 60gb number wasn’t anywhere on their website because it appears to have not existed when they launched… it was only after seeing the real usage numbers that they realised they needed to implement some additional limits. (After downloading 60gb your connection is throttled, and then once you hit 120 it’s throttled further etc etc)

So we come to what is really the crux of this debate. What is uncapped? Currently the uncapped market is unregulated and very unstable. The rules are changing on an almost daily basis and pretty much anyone can offer anything and call it uncapped. Someone could have a product that calls itself “uncapped” but that limits you to 1kbps after the first megabyte. This is not good for consumers.

The market is in need of a lot more transparency or a regulator. There are really only two groups that could play the role of regulator: The Advertising Standards Association and the Internet Service Providers Association. I’m ignoring ICASA for obvious, incompetent and toothless, reasons.

The ASA unfortunately doesn’t have the knowledge to regulate such a highly complex industry and any attempts to do so would probably have very negative effects for all involved.

ISPA on the other hand does have the know-how but hasn’t publicly said anything about the matter. All of the ISPs currently offering Uncapped ADSL are ISPA members. I think the only reasonable solution is for ISPA to get a bunch of its members together and lock them in a room until they can all agree on what the minimum provision for an uncapped account should be. This would need to be measurable limits and not warm-and-fluffy, open to interpretation, language. They may even decide that calling these sorts of accounts “uncapped” is dishonest, perhaps it should just be called something like “Managed Cap 60” etc.

I look forward to the day that we have true uncapped internet in this country and I salute those ISPs who are trying their best to bring us closer to true uncapped internet. They are brave businesses operating in an increasingly brutal space.

Most importantly we need the ISPs to be honest about what they’re selling. If they’re selling something that has graduated throttling (like Afrihost is doing) they need to say so before they take the customers money. Afrihost doesn’t currently say this on their website, but their CEO has published (very bravely and honestly) the planned (and he understandably pointed out that it was plan that might change) approach on the mybroadband forums. I’m sure that this info will make it onto their website as soon as the dust settles.

Publishing the exact structure/behaviour of their uncapped product is a brave move that hopefully will force other ISPs to do the same. It’s only when all ISPs are showing their hands that consumers will be able to make an informed decision.

Quick and Simple Server SMTP

I have a number of servers that I look after in various places on the intertubes. I like to have things like MDADM (Linux software RAID manager) be able to mail me when the something goes wrong like a disk dies etc.

Some of these machines are in places without reliable SMTP servers for me to send mail through and I’ve tried running my own postfix and delivering the mail directly, but invariably I run into situations where the servers that I’m trying to deliver mail to don’t like DSL IPs… and not getting a mail about a dead disk is kinda a big issue.

I also don’t trust a lot of ISP’s SMTP, and some of my servers move around, so one day it’ll be behind a DSL IP and the next behind a Verizon IP (where it can’t talk to smtp.dslprovider.net etc).

My solution is quite simple, use google. (This guide is for Ubuntu but I’m sure you’ll figure it out with other distros)

  1. Create a gmail account for monitoring. I do this because I don’t want my gmail password floating around in plaintext on various machines.
  2. Install the ca-certificates package

    $ sudo aptitude install ca-certificates
    $ sudo update-ca-certificates

  3. Install msmtp

    $ sudo apt-get install msmtp

  4. Configure msmtp

    $ sudo vim /etc/msmtprc

    Set it to something like

    account gmail
    host smtp.gmail.com
    from myemailaddress@gmail.com
    auth on
    tls on
    tls_trust_file /etc/ssl/certs/ca-certificates.crt
    user notifyemailaddress@gmail.com
    password mys3cr3tp455w0rd
    port 587

    account default : gmail

  5. Create a sendmail simlink

    $ sudo ln -s /usr/bin/msmtp /usr/sbin/sendmail

  6. Run a test

    $ echo “This is a an awesome test email” | msmtp youremail@domain.com

  7. If you want mdadm to mail you when something goes wrong

    $ sudo vim /etc/mdadm/mdadm.conf

    and put your email address on the line that reads something like

    MAILADDR youremail@domain.com

  8. And then run a mdadm test by running

    $ sudo mdadm –monitor –scan –test –oneshot

  9. If everything is working according to plan you should receive an email. You can now rest assured that any future MDADM issues will get to you.

Visualising the Interest Rate

I though it might be interesting to try and graph the Reserve Bank’s prime rate data… It goes back a long way. I used Python to scrape and collate the data and PyCha to generate the graph.

UPDATE: I’ve replaced my graphs with new versions made by Russell who corrected my original code by interpolating the data correctly over the y axis.

This is the narrow version.

And this is the wide version (click to download the actual 10000px wide png)

Interestingly enough, todays rate cut *was* on that page earlier today, but now I see it’s gone… so I inserted it manually 😉

There is no cure for stupidity.

A while ago I blogged about a weird comment I had received on one of my blog posts.

In summary, there is an SEO company called SEO Results (aka BizSearch, aka NetAge) that gets its staff to trawl blogs and write comments with the Author URL set to the url of one of their SEO clients.

Author : PMM (IP: , dsl-146-34-239.telkomadsl.co.za)
E-mail : kim@bizsearch.co.za
URL : http://www.pmmproperties.co.za
Wow what a difference it looks fantastic, great job done

One would think that after the first run in I had with these spammers they would have avoided my blog?

Anyway, to make sure it’s clear: SEO Results are spammers and black hat SEO idiots… Using them is likely to get you bad mouthed on the internet (like this) and perhaps worse, blacklisted on google.

Eye Witness News (ewn.co.za) has a few issues.

First let me say that I like the idea of a new, fresh news site… EWN could quickly become a serious player in the news arena, but before they do so they’re going to need to fix a few issues.

I sent an email listing some of these issues to the Primedia team. I know it got there because people who know people said there was some flapping and urgent updating that happened as a result of the email… However, I’m yet to get any form of reply whatsoever… which I think is just rude.

(update: A few things (like the comments about Mandela) have been fixed, but the overwhelming majority is still as it was when I wrote this list a few days ago. The site however seems to be suffering from lots and lots of timeouts now.)

This list is by no means exhaustive…

1. You need to add a DNS record for ewn.co.za (so that http://ewn.co.za actually works)

2. You need to add RSS, preferably ATOM, with a number of sub feeds, geographic locality etc.

3. You need to remove your stupid comments from your html source… not only is it dumb, but people WILL take offence.

<!–<li><a href=”#”>Mandela Gives Birth to a Gorilla </a><span class=”timeadded”>2&nbsp;days&nbsp;ago </span> </li><li><a href=”#”>Prengant Child attacks Mandela</a><span class=”timeadded”>3&nbsp;days&nbsp;ago </span></li><li><a href=”#”>Tourists Can’t Give Enough Birth </a><span class=”timeadded”>1&nbsp;day&nbsp;ago&nbsp;</span></li>–>


4. You need to make sure all your templates actually work… for instance this one is a little too concise —

5. You need to protect yourself from SQL injection and handle any attempts gracefully.
ie. http://www.ewn.co.za/articleprog.aspx?id=40%2709

6. You should probably consider looking into better urls for your articles, specifically for SEO purposes.

7. You should also probably add meta descriptions (and possibly tags) to your article pages. This will help display relevant content in search engine results.

8. Your pages do not even come close to validating XHTML transitional.

9. You need a mobile version! This is easy to implement!

10. That logo… It’s very 90’s.

11. Bonus Tip: One of my biggest gripes with the other news sites is how they never allow you to view larger versions of their images. Implementing Lightbox2 over you existing site will be easy and help
differentiate yourselves from the other players.

12. Your site search is broken in Firefox and Safari and is unstable in IE6 and 7.

13. Your server errors (timeouts etc) need to be handled more gracefully. At the moment your site displays the default .NET error pages, which is something that only the developers should be seeing.

14. Your comment form gives no indication that it hasn’t submitted due to invalid data. This will confuse users.

15. Besides the SQL Injection issues, users who search for any string that contains an apostrophe will be greeted by a rather ugly error page. Try search for o’grady.

16. You need to remove all your test data from your database. http://www.ewn.co.z/articleprog.aspx?id=183 etc

17. You should add a clearfix after your pull-out-quote on your article pages. This will ensure that articles that start with single character words like “A” don’t end up displaying the first character to the right of the pull-out with the rest of the article below the pull-out. See http://www.ewn.co.za/articleprog.aspx?id=4021

18. Your logo should be a link to your landing page. This has become a web standard and a lot of users will expect it to do so.

19. You should sanitise your article source before your editors submit it so that you don’t end up with styling imported from MS Word which can break your layout. ie. 

<p class=”MsoNormal” style=”MARGIN: 0cm 0cm 0pt; LINE-HEIGHT: 12pt; tab-stops: 18.0pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt”>

Not only is it ugly but it will repeatedly break your validation.

eg. on http://www.ewn.co.za/articleprog.aspx?id=4033

20. While it’s debatable whether this is a true bug, there is a fair amount of functionality on your site that is broken when the user disables javascript.

21. As I’m browsing the site I am hitting a lot of timeouts. This indicates that your server is probably struggling. Most likely due to bad coding and/or a database that isn’t tuned properly.

22. Your cache control is not good. You should probably add far future expire headers to all your static resources. This will speed up the site for regular users. Also, combine and gzip your js. This will also decrease load on your site and help with all the timeouts.