Posted on

I wouldn’t read my blog.

I know a lot of smart people who are crappy bloggers. They each may have a plethora of useful information, but the way they approach the act of blogging leads seems to be flawed. And I think I’m one of them.

Here’s my problem:

My interests cover several different industries, more than one brain hemisphere, a couple of cultures, and too many demographics. So who is my audience? I don’t know. How do I write something that will appeal to my audience? By not writing at all.

I occasionally overcome that issue, but only when I have something I really want to get out there. The thought of writing something that will appeal to my “audience” is what keeps me from being a “better blogger” (whatever that means).

When I write something, I tend to make an article of it. I want it to be well thought out. I want it to be thought provoking. I want it to be some sort of literary masterpiece. What do I end up with? A bunch of words.

Why I wouldn’t read my own blog:

I read blogs via RSS, unless I’m searching for something. When I go through feeds in my RSS reader, I blaze through them. I read through them so fast, the blogs authors’ keyboards rumble. I glance at the title and I sometimes skim a sentence or two to see if it’s something absolutely interesting. Long posts, like the ones to be found on my own blog, usually get the least attention — unless the title reaches through my monitor and grabs me by the eyelids. Believe me, that doesn’t happen often.

I’m thinking about what to do to resolve this. I want to write more often and I want to overcome my “audience” issue. Someone who is interested in my philosophical meanderings probably won’t be too interested in a quick blurb about something code-related. I wonder if I should create a separate blog for code stuff. A blog for wordy articles about anything, mostly philosophical, career, marketing, etc. Maybe even a blog for photography and video. Maybe a blog about neat crap I’ve seen on the web. I see a lot of neat crap and might as well share it.

Should I?

Posted on

Twitter Security Issue

UPDATE: The primary issue described in this post has been fixed. You can only change your email address after inserting your password.

I recently discovered a serious security issue on Twitter. Let me tell you the story.

Taking over an account

Someone started a Twitter account with the sole purpose of mocking me. It took me quite a while to find out who it was. Since practically everyone enjoys a good joke at my expense, the suspect list was quite long. But finally, I received information from a good Samaritan who did some investigating that was out of my reach.

I confronted the individual, a friend of mine, and asked him to turn over the account that was tarnishing my reputation (many people thought I was behind the account, leading them to believe I was pretentious and egotistical). After a few hours of instant messaging and agreeing to some terms (such as anonymity), he gave me access to the account. Upon logging in, I immediately changed the password, logged out, and logged in with the new password to make sure it took.

A day or two later, the user popped up on my radar again by mentioning my name in a tweet.

How did he get access to the account?

My first thought: I’m an Idiot! I forgot to change the email address in the account settings! If my friend went through the password reset steps, he could easily regain control of the account. I tried logging in with the password I had recently set, and it worked. I changed the email address and changed the password again. Then I contacted my friend about it, admitting my idiocy regarding the email settings. He said he hadn’t thought to go through the “Forgot password?” steps.

Then how did he get back in?!

He told me he had left his browser window open. The morning after yielding control of the account, he went back to the browser and it still worked!

This is where it gets SERIOUS

Let’s imagine, hypothetically, that you give your password to a 3rd party application. If the application’s owner uses that password once and saves the session cookie, they can store the session cookie and re-create it at any time in the future even if you change your password (There are even browser plug-ins that allow you to read and write cookies).

This means they can get back into your account whenever they want, indefinitely. They can post tweets, read your DMs, follow other users on your behalf, etc.

What’s worse, they can lock YOU out of YOUR ACCOUNT!

If you type in your password every time you go to Twitter.com (even if your browser “remembers” it), an attacker can take complete control over your account. The “remember me” checkbox will give you the same permanent access to your account that your attacker enjoys. So how can they take over your account? You can change your email address without typing your password! If an attacker is in your account, changing your password won’t stop them from kicking you out. They can change the email to their own address, log out, and request a password reset from Twitter. They send an email to you and you can click the link to reset it.

How to stay safe

As far as I know, there is nothing you can do to prevent this from happening to you, aside from never giving anyone or any application your password.

Twitter needs to use a smarter session cookie that is in some way linked to the user’s password or have another way of killing other sessions if you log out. Twitter should also consider using per-user API keys for users to give to 3rd party applications, instead of authenticating with your password.

Posted on

Fame, Fortune, Thanks, or a Pat on the Back

Think about your goals. What do you envision happening when you achieve them? Will you be rich? Will you be famous? Or will you be a do-gooder?

For many people, wealth and fame are tangential to their goals. They generally don’t cite them as the desired end result, but they are kept as lingering expectations. That is reward-driven success.

Even expecting a thank you or a pat on the back can make you reward-driven. A self-proclaimed altruist who is upset when he is not thanked is not an altruist at all.

If you are doing what you do for money, fame, or even a thank you, get out of the game now.

I occasionally catch myself disappointed when my efforts to help go un-thanked, or worse, unnoticed. I remind myself it was the impact I was striving for and not the thank you.

Posted on

Twitter: A Catalyst for Change

Continuing the conversation on the Phoenix technology community, I wanted to describe what has been happening in the last year here in Phoenix.

More meet-ups are taking place around the Valley (of the Sun) and more people are attending them. Refresh Phoenix has been my favorite tech-related meet-up during the last two years and often draws the most people. Anywhere from 20-40 people from as far as 60 miles away would come out every month on the first Tuesday of the month.

This year, there has been a trend of increased attendance at Refresh Phoenix and other local gatherings. Refresh Phoenix seems to be maintaining an average of 40-50, jumping up to about 80 in February on Demo Night. There were about 47 people at last week’s Social Media Club Phoenix meeting, which was great to see.

Every Friday for the last few months, anywhere from 4-10 people have been meeting up at various local independent coffee shops. The meetings are casual, open, and planned in an ad-hoc style by whoever feels like showing up. They are organized on Twitter, sometimes as late as Thursday.

Meet-ups seem to be benefiting greatly from Twitter’s communication mechanism. It’s easier for people to hear about events taking place in their area, as long as they’re connected with enough people in their area.

Twitter is a catalyst for Phoenix. Phoenix has no shortage of talented and interesting folks. The problem is the network. People don’t know there are thousands of others in the city who share their interests. Twitter allows people to connect with a broader network and, most importantly, be subjected to conversations between people inside their circle with people outside their circle. This simple trait of an open communication platform does wonders for introducing people with similar interests to each other.

Thanks to Twitter, people are connecting — at least digitally — with more people. This means they have the opportunity to hear about more events going on in their area, thus increasing their likelihood of attending.

Posted on

Geographic Micro-Communities

Continuing on my discussion about the Phoenix Tech Community, I wanted to describe some fascinating patterns I have seen while building my personal network in the Phoenix area. This applies to any large group of people, but it is very apparent in the loose and spread out Phoenix tech community.

Micro-Communities

When people only attend hyper-local social gatherings and don’t attend city-wide conferences, they tend to see only those who are also hyper-local. This causes circles of friends to be formed in physical areas as well as in interests (often very focused interests, like Linux desktop application developers, for example). Once a circle is formed, members of the circle may begin to think that the reach of the circle is more broad than it really is.

You don’t know what (and who) you don’t know.

These micro-communities can contain anywhere from 5-100 people and there are many of them throughout Phoenix. The trick to building and tightening the Phoenix tech community is to hunt down these small groups and plug their members into other groups.