Posted: December 21st, 2008 | Author: Jeff | Filed under: twitter | Tags: social media, tweetup, twitter | 3 Comments »
I was tweeting in bed the other day…
Tweeting: (verb) To tweet. Post a message composed of 140 characters or less to the Twitter service on the internet.
Ok, so I was sending this message that was composed of 140 characters or less to the Twitter service while I was in bed the other day…
Twitter?
It’s true. I tweet. I’m a twitterer. A twitizen of the twitterverse. Tweetsville population +1.
From Wikipedia, the free encyclopedia
Twitter is a free social networking and micro-blogging service that allows its users to send and read other users’ updates (otherwise known as tweets), which are text-based posts of up to 140 characters in length.
Updates are displayed on the user’s profile page and delivered to other users who have signed up to receive them. The sender can restrict delivery to those in his circle of friends (delivery to everyone being the default). Users can receive updates via the Twitter website, SMS, RSS, or email, or through an application such as Tweetie, TwitterFon, Twitterrific, Feedalizr, and Facebook. Four gateway numbers are currently available for SMS: short codes for the United States, Canada, and India, and a United Kingdom-based number for international use. Several third parties offer posting and receiving updates via email. Twitter had by one measure over 3 million accounts and, by another, well over 5 million visitors in September 2008, a fivefold increase in a month.
Some of the amazing people that I follow on Twitter are from St. Louis or St. Charles and tweet about things relevant to the area around me. Some of them tweet about information security, or homeschooling, or operating systems; things that are interesting. Some of them are just interesting people tweeting about their daily lives.
In a strange sort of way, its a sharing of community information. Sometimes about the traffic around me, sometimes about news from around the world (a significant amount of the information that flowed out to the world regarding the Mumbai bombings came from people using Twitter) and it happens in real-time. It’s faster than news agencies, it’s faster than blogs. It’s broader than instant messaging. Imagine being able to instant message 200 of your friends, each of whom was interconnected to 200 other friends, who in turn were connected to… well, you get the point.
Click for larger view
It’s like a great big party on the internet, and you’re invited! Just go to http://www.twitter.com and sign up! Then go to http://search.twitter.com and search for things you like, or the city you live in and find people that you can “follow” Then start tweeting! Tweet what you’re doing, or something cool or funny you found on the internet. Read what others have tweeted and respond! Just like a party in real life, the more you interact, the more fun you’ll have. (or the more value you will get from the experience) Check out the lists over at http://twitter.grader.com for a list of highly rated people using twitter. Here’s a list of St. Louis folk that you can take a look at and follow those that look interesting: http://bit.ly/Axcm
I can get a message out to a vast number of people almost instantaneously, and receive feedback nearly as fast. I can ask a question, or post a link, or make a statement.
Today I met a handful of these folks at a Tweetup. That’s a meeting in meatspace (i.e. the real world, not on the computer – great frame rates, graphics are awesome; game play can get tedious at times) of a group of local folk who use the Twitter service.
The St. Charles, MO Tweetup was held on Dec 20th, 2008 at the TrailHead Brewing Co. and was attended by:
St. Charles, MO Tweetup at Trailhead Brewing Co
@tojosan
@stl4closures
@idonotes
@jpickell <-that’s me!
@ap0ught
@LoriFeldman
@Karenstl
Pictures from the Tweetup courtesy of Tojosan: http://www.flickr.com/photos/tojosan/tags/trailheadbrewery/
The conversation was always fast and diverse! We talked about Real Estate, Blackberrys, passwords, the amount of personal information that may or may not be available on the internet. We talked about our kids, and our jobs, we talked about html formatting in a blog! We talked about intersting ways of combining social media streams (Twitter, Facebook, Friendfeed, etc) We really covered so much ground and everyone had so many great ideas and suggestions or experiences to share! I really wish that I had a notebook with me to be able to write down all of the great ideas that were bouncing around! I’ve tried to capture some of the websites that were discussed and I’ve listed them at the end of this article.
If you haven’t participated in a local tweetup, you really don’t know what you’re missing. In addition to all of the great conversation and socializing, it’s added a new dimension to my twitter experience that has been probably the most amazing thing of all: I now know these folks in a way that’s just not possible from just being online with them. The fact that we’ve tweeted together made it very easy and comfortable to meet them in real life. Now when I tweet to these folks, there’s a deeper, more personal connection that didn’t exist before. Do I truly know these people? Probably not, but I can tell you this: some great friendships got off to a great start because of that tweetup!
You can follow me at twitter here: http://www.twitter.com/jpickell
Here’s a partial list of just some of the really cool websites/technologies that were discussed:
http://www.everythingtwitter.com
http://www.tweetshops.com
http://www.useqwitter.com
http://www.diigo.com
http://www.lijit.com/
http://www.kallow.com
Posted: November 2nd, 2008 | Author: Jeff | Filed under: email, Security, software, Solaris | 1 Comment »
Just a quick note this morning to remind everyone to make sure that you’re making plenty of backups of your data. I’m a bit paranoid when it comes to data loss, so I like to take extra precautions. Since all of our computers are macs every machine here has an external drive attached for using Apple’s Time Machine to make automatic backups. I also archive my data to a shared location on the network. The only problem with either of these approaches (as implemented) is that it doesn’t get the data offsite. To solve that problem, I’ve been using Mozy for the last two months. Mozy offers 2GB of free online storage for home use per account. It’s not enough to back up everything, but it goes a long way to backup my most important or timely documents. I may consider upgrading my account and pay the $4.95 a month to get unlimited storage.
I haven’t tried the Windows client so I can’t vouch for it, but so far the Mac client has worked with no problems.
::Full Disclosure::
And if you decide to try it out I’d appreciate it if you used my link here. It’s a referral program and I get an extra 256MB of space for each person that signs up through the link. For a short time, their bumping that up to 512MB per sign up, so I thought I’d plug the product here and maybe earn myself a bit of extra backup storage!
Posted: October 23rd, 2008 | Author: Jeff | Filed under: Security | No Comments »
The SANS Internet Storm Center is reporting that Microsoft has released a critical security patch to address a vulnerability in remote code execution for users of Windows 2000, Windows XP, and Windows Server 2003.
There are unconfirmed reports that this critical patch was released out of band due to the vulnerability that it addresses is currently being exploited in the wild.
Posted: September 19th, 2008 | Author: Jeff | Filed under: iphone | No Comments »
Apparently the little prongs on the adapter have a tendency to break off while plugged into an electrical outlet, causing a potential electrocution hazard. Replacements will become available on October 10th at your local Apple store. (If your adapter has a green dot near the prongs, you already have the newer redesigned version)
Check the following link to Apple’s page for all the specific details:
http://www.apple.com/support/usbadapter/exchangeprogram/
Posted: September 18th, 2008 | Author: Jeff | Filed under: Security | No Comments »
How many passwords do you have? More than one? Do you have a separate, robust, easily remembered password for each and every login you have? I’m thinking that the majority of people fall into one of two categories when it comes to passwords; first up are the folks that just find it too annoying or bothersome to try to remember so many passwords so they just use the same password for every site. The other group go to the opposite extreme and utilize great little tools like 1password or PasswordSafe. These tools allow you to create cryptographically strong passwords and they will manage them for you as well. These just require the user to remember one master password, then use a little bit of the cut & paste, never once needing to actually memorize the password.
Somewhere between these two is “Passphrase Mnemonics” (yes, that’s my term for it – don’t blame anyone else). Passphrase Mnemonics allows the average individual to have unique, easily remembered and cryptographically strong passwords for each and every site requiring a login without resorting to writing them down or storing them in a program.
Before we get right down to it though, let me explain why this post is entitled ”Passphrase Mnemonics” and not “Password Mnemonics” It’s really quite simple: the term “password” implies using a single word to verify your login, whereas “passphrase” implies using a string of words or a phrase. Phrases are easy to remember and can provide more security than a single word. And at this point, we should all be using phrases instead of words. Especially words that can be found in a dictionary. Not just an english dictionary; any dictionary such as French, Spanish, Swahili, Finnish, Vulcan, Klingon, Elvish, etc. Any word that’s found in a dictionary can be easily brute forced using one of several freely available tools.
On to the method or the “Mnemonic” (by the way, a “Mnemonic” is simply a memory device that you use to remember something ~ think of the old rhyme “30 days hath September…” That’s a mnemonic to help remember the number of days that each month has)
Step by Step:
- Find a favorite book or movie – I like to choose a book with at least twelve chapters, so for this example I’ll use “Snow Crash” by Neal Stephenson
- Choose a chapter based on the number of the month. Since this post is being written in September, I’ll use chapter 9.
- The initial passphrase will be the first sentence of the given chapter, so in this case the first sentence of the 9th chapter of “Snow Crash” is “The world freezes and grows dim for a second”
- Lets choose a site that requires a login. I’ll choose Yahoo.
- Now create the passphrase for the site by using the first three letters of the site, followed by a special character: yah!
- Appending the first three words of the initial passphrase (substituting underscores for spaces) yields: yah!The_world_freezes
- Last step, change each word by substituting a number or a special character for a letter in each word: yah!Th3_w0rld_fr3ezes
So for every site that requires a password you simply prefix your passphrase with the first three letters of the site. This same password for Amazon would be ama!Th3_w0rld_fr3ezes.
Is this as robust and as secure as using software based password tools like PasswordSafe? No, not at all. But it’s a sure bet safer than using the same password everywhere! And you don’t even need to write it down or have your pda handy to keep it safe. All you need to do is remember your passphrase (Th3_w0rld_fr3ezes) and know what site you’re logging into and viola! Simple, cryptographically strong and easily remembered unique passwords for each site.
If you’re comfortable using software-based password managers, by all means continue to use them. If you’ve considered them in the past, maybe now would be a good time to do a bit of googling on password managers and find one you like. But if not, this relatively simple process will at least provide you with a method of creating decent passwords (passphrases)
Posted: September 17th, 2008 | Author: Jeff | Filed under: Security | 8 Comments »
Now, most of the readers here are probably beyond reproach with regards to how they handle phishing attempts (whether they are email based or fake sites) but I heard of a tactic today that can be used to detect fake sites very easily and is simple enough for your mom to use.
If you’re like me and you know of several people that might not have the technical savvy to be aware of scams that ask you to log into a bad guy’s site which is masquerading as your bank or other trusted online source. Some of these fake sites go to the extremes of mimicking every single part of the trusted site, with the exception of the login form. Entering your credentials here gives the bad guys all they need to drain the victim’s account via the legitimate site.
How can we expect people with little to no technical experience be able to recognize these threats and avoid them?
The answer is so simple even your crazy Aunt Martha can do it. (ok, maybe not crazy Aunt Martha, but everyone else)
Train your userbase (mom, dad, the neighbors, co-workers, etc) to use the double-login method.
The double-login method (my own name for it) has the user enter false information first, and then the legitimate information. A bogus login and password will be accepted by a bad site every time because they have no way of validating the information until later when they attempt to use it to compromise the account.
An example:
Crazy Aunt Martha gets an email from her bank asking her to verify some security settings or transfers on her account.
Unbeknownst to Aunt Martha, the email was fake! It was a phishing attempt that contained a link that was formatted to look like it came from her bank, but in actuality connected her to the bad guy’s site which has been set up to look just like the legitimate bank.
Aunt Martha doesn’t know the difference between the good site or bad, nor was she able to tell that the email link she just clicked on was bogus. What Aunt Martha can do is use the double-login method to protect herself. She attempts to log into the site with her bogus information and it gets accepted! She immediately knows that this is a “Bad Guy’s Website” and promptly closes her browser and forwards the email to her bank’s security contact, which (being the great IT guru that you are) already placed into Aunt Martha’s address book.
A quick follow-up call to the bank can confirm the details and Aunt Martha’s life savings are intact!
If the bogus credentials are accepted, then the site is bad. How easy is that?
In the interest of full disclosure: This isn’t my idea. I heard of it at a small security conference earlier today. I just think it’s a really great idea that needs to be shared!
Posted: August 28th, 2008 | Author: Jeff | Filed under: iphone | 1 Comment »
Following my previous post regarding the joys of owning an iPhone, I wanted to shift gears a bit and let you know that its not all smoked kippers in iPhoneland (as Ace Rimmer would say… not that he ever said it, but I could almost hear him say it)
It’s as if there were things that Apple wanted to do but maybe they just didn’t have enough room on the ole’ engineering barbecue.
These kippers ain’t quite fully baked:
- Synchronization – So you’re telling me that each and every time I want to backup and/or synchronize my Apple iPhone to my Apple Macbook (both running the very latest OSX variants) that it’s going to take at least 35-45 minutes??? How in the world are we moving the backup bits, carrier-pigeon? I mean really now, us old-schoolers figured out a long time ago that a great down and dirty backup of a system could be had by using rsync (over ssh of course) That being smart enough to only synchronize the bits that were different. Now my macbook can do rsync. The iPhone is running OSX, so I suspect it could do rsync… I’m just saying; If I could come up with a simple solution like that, what’s the dealio here?
- Bluetooth – So you go to all the trouble to build bluetooth capability into the iPhone, that’s just great! Now this is an easy one, there’s already a bluetooth stack for OSX that works pretty good, so you should just be able to re-use it on the iPhone, right? Right? No, I guess that would’ve been too simple. Instead you decided to hack it up so that it only supports bluetooth headsets. That’s like hacking up the IP stack so that the phone can only send packets to my macbook. While I do want to occasionally trade packets with my mac (hey, maybe to oh, I don’t know use rsync?) it sure leaves a lot to be desired. Same here with the bluetooth. I’d really like to be able to do crazy stuff like use my StowawayXT folding bluetooth keyboard (my absolute favorite traveling keyboard, btw) to type up a reasonably long email, or maybe get in a bit of coding. Bluetooth file transfers anyone? Hello? This one just seems like a no brainer.
- Cut & Paste – Speaking of no-brainers… yeah, this one is so stupid, I can’t even rant about it. Just let me cut & paste already.
- Todos – Remember how we were all gonna be a part of the iGeneration and enjoy our iLives using all of our iTools that Apple was so kind to provide to us? Calendars, contacts, even my bookmarks get synched (eventually) but not my todo list? How do you forget to add synchronization for todos? I’m thinking that a certain engineer that was responsible for this wasn’t taking full advantage of his iSkills and forgot to put ‘todo synchronization” on their todo list. Either that or adding todo synch would’ve added another 20 minutes to the synch process.
- Disk Access – I can use my iPod as a usb drive. I bought the 16GB iPhone thinking that oh, I don’t know, that maybe I could use some of that space for my own stuff. (This is partially solved with MobileFinder – see previous post for linkage) This would be so much easier if I could just enable disk-mode like I can with my iPods. Gee, then I could even (you see this coming, right?) USE RSYNC TO BACKUP MY DATA!!!!
Thats the top five unsmoked kippers so far for the iPhone. But I bet I’m not alone here; What doesn’t the iPhone do that you think it should? What could it be doing better? Here’s one to chew on that nearly made it onto my list: encryption. How about some gnupg pki for signing and encrypting my email, or my data files that I copied onto the iPhone using disk-mode… oh wait…
