Category Archives: Internet

Why I secure passwords with SuperGenPass

There’s been a lot of talk about security, passwords, and authentication. As we put more about us online, our passwords become ever so important. Everything from banking to commerce, friendships to resumes, and even our day jobs require passwords.

Passwords are broken

Having worked in information technology auditing, I can tell you that people hate passwords. If I had so many to remember and they were all necessary for me to get my job done, I would simply pick one, easy-to-remember password. Unfortunately, businesses believe this is unsafe and force users to follow silly rules (8 characters, 2 must be numeric, and you must change this password every 60 days). Due to these rules, things become less secure. Two examples:

Passwords start showing up on sticky notes next to computers. Or they are all written down in a handy notebook right next to the computer (typically open to the most frequently-used password). Now that “easy to remember” to me password in my head, is now written down and easy to access by anyone.
Similarly, we use a database like 1Password or some other encrypted database to store all these fancy, super-secure passwords. But, then we protect them behind a single, “easy to remember” password. Now it only takes one password to unlock all your passwords, and we’re right back at square one.

Alex and I feel strongly about password security and he’s written about it many times. Here’s my thoughts and what I’ve found works best for me.

SuperGenPass

Very similar to PwdHash, SuperGenPass creates a unique, complex, secure password for every site you use. The steps are simple:

Enter a “master password” (eg: puppies)
Hash that password against the current domain (eg: facebook.com)
Generate a secure string using those two inputs (eg: 4ced9d6f52dc88d02028d34a3625e43d)
Truncate the result to X characters (eg: 10)

Here’s how SuperGenPass describes itself:

Instead of storing your passwords on your hard disk or online—where they are vulnerable to theft and data loss—SuperGenPass uses a hash algorithm to transform a master password into unique, complex passwords for the Web sites you visit.

Arguably, the concept of a “master password” means you have one “easy to remember” password that anyone can get to and then use to generate your secure passwords. But, there are a few counterpoints:

An attacker would need to know I use SuperGenPass (whoops)
They would need to know how long my generated results are (8, 10, 20 characters long?)
I use a secure master password which is unguessable and not something I’d write down or use elsewhere

Now that we’re all convinced (right?), the mechanisms of using a password hashing utility are super simple.

Browse to site
Type in master password
Use Bookmarklet or Mobile site to generate hashed password
Login!

Since I use Safari, I have SuperGenPass added to my Bookmarks Bar and I can use Command + 1 on any page to trigger the bookmarklet to enter my password. It then finds any “password” fields on the page and auto-populates them with the hashed version. This is very fast and hardly any more intrusive than simply typing a password into a form.

Simply entering my password into the form and hitting Command - 1 means a super-secure password is instantly replaced.

This also works well for me because I can use the Bookmarklet in Mobile Safari (iPhone, iPad). I can pull up the mobile site on any machine in the world. If it’s unavailable? No problem, I’ve stored the mobile site in my Dropbox. Since all that’s needed is JavaScript to run, I can even generate my passwords offline.

Still not convinced? Drop a line or leave a comment to share your thoughts…

Quickly add Open Graph to WordPress theme

3 Replies

I’ve found a lot of benefit adding Open Graph properties to my blogs. Primarily: more visitors. By adding simple code to my WordPress theme headers, social plugins like the ‘Like’ button will make your content display more meaningful within Facebook.

Which of these two articles would you be drawn to? Which would cause you to stop, read, and consider clicking through to?

Yet another easily ignorable line item:

Or this rich image and excerpt:

With WordPress I can easily drop a few lines of code into my theme’s header and make any ‘Liked’ content a little more compelling.

The Source

In the header, I’ve added a quick snippet to grab only the image URL of the featured image for the current post (via wpcanyon.com):


$thumb = get_the_post_thumbnail($post->ID);
$pattern= "/(?<=src=['|\"])[^'|\"]*?(?=['|\"])/i";
preg_match($pattern, $thumb, $thePath);
$theSrc = $thePath[0];

I then add the following to define the required Open Graph properties:


<meta property="fb:admins" content="FACEBOOK ID" />
<? if (is_single()) { ?>
<meta property="og:title" content="<?php echo get_the_title(); ?>"/>
<meta property="og:type" content="article"/>
<meta property="og:image" content="<?php echo $theSrc; ?>" />
<meta property="og:url" content="<?php the_permalink() ?>" />
<meta property="og:description" content="<?php the_excerpt_rss() ?>" />
<meta propert="og:site_name" content="<?php bloginfo('name'); ?>" />
<? } ?>

And just like that, you’ve added all the necessary properties to your theme to tell anything that respects Open Graph (primarily Facebook) to your blog articles.

Be sure to use the Facebook URL Linter to test this out. Here’s an example of a recent post of mine.

Bing vs Ping

3 Replies

I heard a commercial on [Pandora](http://pandora.com) last night that made me do a double take. I’ll paraphrase:

>Use [Bing](http://www.bing.com) to find new music and discover songs on the internet. Bing allows you to connect with and follow the artists you love and learn more about them. Then search Bing for upcoming concerts and events near you and buy tickets instantly.

Every time I heard “Bing” I thought, oops, you can easily mishear (or replace it with): [Ping](http://www.apple.com/itunes/ping/).

Of course, Bing is Microsoft’s search-engine-do-everything answer to Google. And Ping is Apple’s social-networking-sell-music answer to Last.fm. Let’s look at the copy on Ping’s page:

>Follow your favorite artists with a click and become part of their inner circle … Find out what music other fans are listening to lately … See when artists are playing near you and see who else will be in the audience, too. Then click to buy tickets from Live Nation.

Perhaps Microsoft’s Bing is getting itself into the business of brand confusion. Maybe they’re trying to piggy back on the instant popularity of Apple’s Ping. Or perhaps it’s just a coincidence. Either way, I found it curious…

Theory: why YouTube is slow on iPad

The iPad appears to have had an issue from day one: videos from YouTube can sometimes take extremely long to buffer and play. As with any inconsistent behavior, you don’t notice this the 95% of the time when there is no problem. But that 5% will frustrate you to no end. Especially since other devices (laptops, smartphones) can load the same videos blazingly fast on the same network. Plus, other video providers including Vimeo, Hulu, and Netflix have no issue at the same time.

## Current theories

There have been plenty of discussions about this across message boards and blogs since the early days of the iPad. I’ve tried everything and most seemingly sound like a wild-ass guess (WAG). Some of the highlights:

– Your DNS settings are wrong: the DNS lookup is taking too long and by switching to OpenDNS or Google’s (conspiracy theory alert) DNS everything fixes itself. This makes no sense during video buffer (DNS lookup is complete) and does not explain why other devices don’t have this issue.
– Other router configurations will fix it: I’ve seen some obscure router settings thrown around about packet rates or loss or this or that. Again, the problem is not at the network level, it’s at the device (iPad).
– Low brightness setting: somehow the wifi power corresponds to the brightness setting and the lowest level will prevent video loading. Interesting theory but I almost always keep my brightness at the lowest setting other internet applications have no issue: video (Hulu Plus, Netflix), web pages (Safari) and even Instapaper.
– Auto-join networks enabled: I have no idea why this is discussed as I’m already on a wifi network and am never prompted. The network is fine as all other devices load YouTube and the iPad still gets blazing (10 MB/s) speeds.

In short, these theories miss the key points:

– the wireless network is always fully operational and experiences no other issues with any other providers
– other devices on the same network are not experiencing the slowness specific to YouTube
– the iPad is still downloading at very fast speeds, even for large video files
– other applications are not experiencing any issues at the same exact time
– the timing of the slow buffers is inconsistent (may happen once a week with in a one-hour window)

## YouTube’s iPad experience

I’ve had plenty of experience with YouTube and other video hosting sites. Since YouTube was a launch partner with Apple’s iPad, it’s clear to me there is some behind-the-scenes stuff that is loading iPad-specific video types. Here’s a few points:

First, it appears to only be higher-quality videos (so that Apple’s YouTube app is always loading beautiful videos?) can be displayed on the iPad, you don’t even have the option of viewing a lesser quality version. Keeping in mind that at upload time, YouTube creates various formats and sizes from the small mobile-friendly videos to the 1080p high quality versions.

Second, it’s also clear that not all videos will load on the iPad. For instance, Cee Lo Green’s “F*ck You” will not load on the iPad. From the mobile website this NSFW video (mobile link) will not load even if you try to tap the big play button. To confirm this is not just a bad video, I’ve saved this video as a ‘favorite’ and tried loading it from the YouTube app itself. At which point it returns the error: “The author of this video does not allow playback on iPad.” Curious…

## My theory

The iPad is always trying to load a very high quality version of a video, but it’s not the same version as the desktop or other mobile versions. It’s clear that from both the mobile site and the YouTube app that there is a different video format being delivered to the iPad.

The very slow buffer and download speeds may be explained by:

– an iPad-specific video is being compressed, or converted on-the-fly which requires much more time on the YouTube server’s side of things (doubtful as the same video may load quick one day, slow the other)
– a larger file size like 1080p being loaded where this is not the default on the desktop nor a mobile device. This could explain the perception of slower loads as more data is being delivered (this would only explain the slowness simply being magnified)
– a different set of servers or content delivery providers are responsible for an iPad-specific version of the video. This network is not part of the same resources as the remainder of of YouTube.

Why would YouTube keep the server resources for one device separate from the rest of the powerful mega data centers that power the other billions of videos being served? My thinking is that YouTube was required to maintain serious secrecy up to the iPad launch and quarantined any iPad-specific delivery, formats, servers, CDN resources, etc.

This has only seemingly been getting worse with time. I have had plenty of weeks where I’ll load funny cheezburger YouTube videos with no problem. I’ll even watch music videos, CollegeHumor videos, all on YouTube with no problem. But lately, the buffering has been getting worse. A 90 second video will take more than five minutes to load during “peak” hours (weekends, after dinner). My guess is there is many more iPad users coming online but nothing new happening on the YouTube infrastructure side.

I’m sure the plan is ultimately to move everything into the same data warehouses but this takes a few months of careful coordination. Especially since the iPad cannot load Flash, which means it cannot load ads, this is now a cross-departmental issue with far reaching intentions and consequences that was only just surfaced on the day the iPad was announced. Video publishers want to do things right for the iPad and, as we’ve seen, change takes a long time and the technical hurdles will remain on-hold. Note the huge ad beneath Cee Lo Green’s music video to buy his new album. You don’t see that on a stripped-down mobile version of YouTube.

Data fragmentation on Facebook

Leave a reply

Since we can all agree that Facebook is “the internet” to most people, it’s pretty important what comes in and goes out of it. Since the beginning of Facebook, there have been various “types” of content. It started with Harvard students, then Stanford students, then just students. From there we saw things like groups of people, and photos, and tags. The site evolved into high school students, and human beings, and events, and networks and so on.

Facebook has also invented the “open graph” which is yet another atomic element that can describe nearly any “type” of content from movies, to music, to musicians to business, and so on.

Plus, there is now the concept of “Places”, yet another type of content typically representing a business.

All of this leads to why you can search for a business, even a small one like “Crowd Favorite” and turn up no less than four separate results:

Crowd Favorite fragmentation on Facebook

Crowd Favorite's group, page, company (network) and local business (place)

Which leaves us with these various web addresses to point people to:

– [http://www.facebook.com/pages/Crowd-Favorite/154204807926246](http://www.facebook.com/pages/Crowd-Favorite/154204807926246)
– [http://www.facebook.com/pages/Denver-CO/Crowd-Favorite/378155388161](http://www.facebook.com/pages/Denver-CO/Crowd-Favorite/378155388161)
– [http://www.facebook.com/pages/Crowd-Favorite/115570975120068](http://www.facebook.com/pages/Crowd-Favorite/115570975120068)

Which, if there’s no way to associate all of these, a lot of hard work in establishing brands using pages, and encouraging people to “check in” is completely useless. As a business, I would want to know who and when people check in to my location. When they visit my “Place” they can “Like” it and I can start making a deep connection.

But I already have a Facebook Page with thousands of “Likes” and potential customers and fans that I’m reaching out to, pushing people to from my website, and so on. What now?

And in Crowd Favorite’s case, we also have both a group (which you can’t actually click through to) and a “company”, both of which are fragments left over from the transition of having a company’s “network” of employees.

I feel like this will be solved. I hope it will. There is a lot of data cluttering the web and Facebook is not helping right now.

Don’t even get me started on Apps. How do I know the various “Coca-Cola” apps are really by Coke?

Questions and thoughts raised by #NewTwitter

2 Replies

Twitter, the non-social network social network has announced a new web interface.

Some initial observations and questions:

– Why does the introductory video take nearly 90 seconds to get to the demonstration? That is nearly three times the length of a television commercial. For a company that originated with brevity in mind… wow.
– This appears to be a simple effort to move people to Twitter as a product (not a platform that you use other means to access it) in order to control the eyeballs and eventually, add advertising and other means of monetization.
– How many people use the web interface currently? I doubt this re-design will have the same backlash a site like Facebook expects. Not enough people use the web interface, they’ve moved to third-party apps and this is a push to get Twitter-proper back in control.
– Will Tweetie for Mac ever be updated now? Or is this Twitter’s approach to become the product *and* the platform on desktop computers?
– How can designers like TweetyGotBack get back into a competitive position of designing wallpapers with a huge stockpile of existing themes? No matter what they do, they step on the toes that helped get them where they are today.
– Is there even enough room for wallpapers (with your contact information in the gutter) to even exist on this new design? I surely hope not. Who visits a twitter profile only to go and type in another URL pertaining to how to find you (use the website link in your profile). Social media experts…

And with that said, I don’t know why I use Twitter. Alex and I were chatting and I’ve come to the realization I get nearly no value from it. Perhaps that speaks to the people I follow. It’s not that they aren’t great people, I just don’t like their online personalities. Instead of the typical nerd values you expect to see from the people you know in person (quiet, smart, witty, polite) you get the vices (self-importance, loud, benign). I’m the first to admit I look at my profile and realize, I don’t think I would follow me.

Devin doesn’t tumble

4 Replies

…but he does write in the third person.

I like to experiment on the internet. Tweaking, testing, and optimizing to find what works best for me and my web presence. I tried posterous for a while and that didn’t work. I recently gave Tumblr a shot. In short, I am back to WordPress to stay. Not only am I most familiar with WordPress, it offers the right mix of simple and advanced functionality.

Through the use of plugins, I can make my site and my blog as plain or as powerful as I want. Plus, I can jump into the code and make changes that other hosted platforms couldn’t. I always thought simplest was best; let someone else worry about hosting and features. It turns out I can’t give up that power.

In short, this post is an apology to everyone who had 10 unread items from me in their email inbox or feed reader this morning.

Facebook Places prediction

Leave a reply

Facebook is announcing something today. It’s some form of location-based blah social media stuff blah blah social graph blah blah thing. In short, everyone says Foursquare and Gowalla will be dead because FACEBOOK SMASH and the entire developed world will use Facebook’s offering over theirs. I doubt it. Put simply:

**Facebook Places will compete with Google Buzz, not Foursquare. It will work the same way that Twitter Locations works.**

Your identity lives with Facebook. Things like Twitter, Foursquare, Gowalla, etc. push structured data to Facebook. It just needs a way to organize location-based data (Places). Google is trying to come at the same space from the other direction: Maps, Latitude, Buzz.

On tech writing

Leave a reply

“Why _____ (popular company) should ____ (buy|destroy) ____ (other cool thing or company)” articles are so trite. They’re really:

“Why _____ (my name) wants _____ (edge case) in ____ (other cool thing or company) magically fixed with no economic sense by ____ (popular company)”

It’s like a really topical MadLib populated with keywords from Techmeme:

– “Why Apple should buy Skype”
– “Why Google should buy Gowalla”

I click on these articles *all the time*. Those titles always look so appealing and savvy. They’re not.

They work the same way as “Top 10 (reasons|ways) _____ (popular thing) (should|could) ____ (sexy verb or name or service)” articles.

– “Top 10 reasons Apple should buy Palm”
– “Top 10 ways Facebook could rule the world”

I’m think I’m starting to figure this whole tech writing thing out.

Introducing Carrington Build for WordPress

Leave a reply

The team at Crowd Favorite has been working on one of the most innovative drag-and-drop page layout tools I’ve ever seen. In fact, I can’t think of a web-based content management system with anything like this. We call it Carrington Build and it’s been very popular with current and potential clients alike. In fact, the ability to quickly create a page layout with drag-and-drop abilities helped me and the team build our own company website quickly and easily (no custom coding required).

I enjoyed being a part of the packaging, delivery and marketing of Carrington Build and it’s corresponding WordPress theme, Carrington Business. Helping oversee internal initiatives like this are much different than managing any client project because we are our own boss. It’s pretty unique, actually.

Anyway, if you’re a WordPress designer, developer, or are an organization looking for a top-notch WordPress theme for your website check it out.