Phoenix Light Rail Opens

I’ve written several times about the Phoenix tech community. One of the issues is transportation. We’re so spread out and it’s not easy for people to meet up with others. Inevitably, you’ll have people driving 20-30 miles from all directions to meet up. It’s tough to get a group together to go out to some bars in downtown Phoenix if everyone has to drive home afterward.

While it won’t cure the problem, the Phoenix Light Rail will help scratch some itches and help feed the nightlife in downtown Phoenix, Tempe, and other cities struck by the route. The light rail was an extremely expensive project and will be convenient for a small percentage of the population, but it is a very welcome step in the right direction.

Follow the RailLife blog, and/or connect with Nick (@raillife) on Twitter to keep up-to-date with the Light Rail!

I wouldn’t read my blog.

I know a lot of smart people who are crappy bloggers. They each may have a plethora of useful information, but the way they approach the act of blogging leads seems to be flawed. And I think I’m one of them.

Here’s my problem:

My interests cover several different industries, more than one brain hemisphere, a couple of cultures, and too many demographics. So who is my audience? I don’t know. How do I write something that will appeal to my audience? By not writing at all.

I occasionally overcome that issue, but only when I have something I really want to get out there. The thought of writing something that will appeal to my “audience” is what keeps me from being a “better blogger” (whatever that means).

When I write something, I tend to make an article of it. I want it to be well thought out. I want it to be thought provoking. I want it to be some sort of literary masterpiece. What do I end up with? A bunch of words.

Why I wouldn’t read my own blog:

I read blogs via RSS, unless I’m searching for something. When I go through feeds in my RSS reader, I blaze through them. I read through them so fast, the blogs authors’ keyboards rumble. I glance at the title and I sometimes skim a sentence or two to see if it’s something absolutely interesting. Long posts, like the ones to be found on my own blog, usually get the least attention — unless the title reaches through my monitor and grabs me by the eyelids. Believe me, that doesn’t happen often.

I’m thinking about what to do to resolve this. I want to write more often and I want to overcome my “audience” issue. Someone who is interested in my philosophical meanderings probably won’t be too interested in a quick blurb about something code-related. I wonder if I should create a separate blog for code stuff. A blog for wordy articles about anything, mostly philosophical, career, marketing, etc. Maybe even a blog for photography and video. Maybe a blog about neat crap I’ve seen on the web. I see a lot of neat crap and might as well share it.

Should I?

Twitter Security Issue

UPDATE: The primary issue described in this post has been fixed. You can only change your email address after inserting your password.

I recently discovered a serious security issue on Twitter. Let me tell you the story.

Taking over an account

Someone started a Twitter account with the sole purpose of mocking me. It took me quite a while to find out who it was. Since practically everyone enjoys a good joke at my expense, the suspect list was quite long. But finally, I received information from a good Samaritan who did some investigating that was out of my reach.

I confronted the individual, a friend of mine, and asked him to turn over the account that was tarnishing my reputation (many people thought I was behind the account, leading them to believe I was pretentious and egotistical). After a few hours of instant messaging and agreeing to some terms (such as anonymity), he gave me access to the account. Upon logging in, I immediately changed the password, logged out, and logged in with the new password to make sure it took.

A day or two later, the user popped up on my radar again by mentioning my name in a tweet.

How did he get access to the account?

My first thought: I’m an Idiot! I forgot to change the email address in the account settings! If my friend went through the password reset steps, he could easily regain control of the account. I tried logging in with the password I had recently set, and it worked. I changed the email address and changed the password again. Then I contacted my friend about it, admitting my idiocy regarding the email settings. He said he hadn’t thought to go through the “Forgot password?” steps.

Then how did he get back in?!

He told me he had left his browser window open. The morning after yielding control of the account, he went back to the browser and it still worked!

This is where it gets SERIOUS

Let’s imagine, hypothetically, that you give your password to a 3rd party application. If the application’s owner uses that password once and saves the session cookie, they can store the session cookie and re-create it at any time in the future even if you change your password (There are even browser plug-ins that allow you to read and write cookies).

This means they can get back into your account whenever they want, indefinitely. They can post tweets, read your DMs, follow other users on your behalf, etc.

What’s worse, they can lock YOU out of YOUR ACCOUNT!

If you type in your password every time you go to Twitter.com (even if your browser “remembers” it), an attacker can take complete control over your account. The “remember me” checkbox will give you the same permanent access to your account that your attacker enjoys. So how can they take over your account? You can change your email address without typing your password! If an attacker is in your account, changing your password won’t stop them from kicking you out. They can change the email to their own address, log out, and request a password reset from Twitter. They send an email to you and you can click the link to reset it.

How to stay safe

As far as I know, there is nothing you can do to prevent this from happening to you, aside from never giving anyone or any application your password.

Twitter needs to use a smarter session cookie that is in some way linked to the user’s password or have another way of killing other sessions if you log out. Twitter should also consider using per-user API keys for users to give to 3rd party applications, instead of authenticating with your password.

AZ Entrepreneurship Conference – November 19

The 3rd Annual AZ Entrepreneurship Conference is less than two weeks away! Are you going?

This year’s event will include the usual broad range of entrepreneurial topics, but will have a touch of social media. The speaker line-up is among the best Phoenix, AZ has seen in one place, especially in the tech entrepreneurship realm.

It’s going to be absolutely amazing.

In this economy, you might want to learn what is happening in our local banking market. It’s something you need to know if you are in business.

And there will also be an announcement from Microsoft that will benefit anyone with a software startup (under 3 years old) or a new project.

Businesses and entrepreneurs looking for funding, talent, real estate plays for the future, green initiatives or innovative ideas will find them all at the Third Annual Arizona Entrepreneurship conference November 19 at the Buttes Resort in Tempe, Arizona The day-long event will connect participants with some of the most interesting and active entrepreneurs and investors across the U.S. Last year’s event was standing room only, with this year’s event expected to draw even larger audiences.

Keynote speakers include a collection of heavyweights sharing their in-the-trenches experiences in building, funding and selling their companies.

Keynote Speakers:

  • AllanKaplan, Co-Founder of Limelight Networks and Director of Clearview Capital Partners
  • Matt Mullenweg, Founding Developer of WordPress
  • Gary Vaynerchuk, Founder of WinleLibrary.com
  • Bill Reichert, Managing Director, Garage Technology Ventures
  • Howard Lindzon, Partner in Knight’s Bridge Capital Partners and Founder of Wallstrip

Full conference will include:
– The State of Startup Financing
– Creating a Product that Can Sell
– Local Successes
– Lessons Learned
– State of the Blogosphere
– Sustainability Initiatives
– State of Funding in Arizona
– Social Media Best Practices

Conference details:
Location: November 19, 2008
7:30 am – 7:00 pm
at The Buttes Resort (2000 Westcourt Way, Tempe, AZ)

Registration ($150) includes lunch and a continental breakfast: http://www.azentrepreneurship.com