Paypal, False Authority Syndrome and Movie Plot Threats

Was out to dinner earlier this week with a friend and a number of her friends. This friend, knowing some of my technology background, started sharing with me some of the experiences she’s had recently with her paypal account being hacked. She had been in contact with paypal and her bank and everything was being refunded which is the good news. While she was on the phone with her bank they suggested that she close her account and open a new one, which is probably part of her bank’s script. My friend was asking me if I felt there was a threat to her bank account.

I sat for a second, probably with a crinkled brow trying to picture the Paypal interface, thinking about whether her account number or credit card information would have been available to the cracker. I knew her address and phone number would be visible, but was pretty sure that Paypal kept all other information hidden. Before I could say that the person on my right said, “your bank is right you should change your account, it’s the only way to be safe”. I replied, “I’m not sure, I’m pretty sure that paypal obfuscates the bank account and credit card information in their interface”. She looked at me and then said, “it’s not that, you don’t know what was attached to the transaction so they could track it back.. They could track the transaction through the banking system based the the size of the transaction”. I sort of nodded because I knew where this was going and didn’t want to engage it any further. But my friend pushed on, “I’m curious how can they do that?”. “I don’t want to go into the nefarious activities of hackers” was the only response. I must admit to having to suppress a smile both because she didn’t know anything about my background (irony is funny sometimes) and partially because her delivery seemed to require an organ from a 1960’s soap opera, where’s Eddie Layton when you need him?

Before I break this down, I want to point out, for the record, that I have since checked, paypal does not expose your credit card or bank account information while logged in. Well actually, they expose the last 4 digits, not enough to be able to reverse engineer or brute force the account without raising eyebrows. If you’re not a tech, just so you know Paypal works as a proxy for your accounts if you are paying someone or they are sending you money, there’s no way for for them to learn anything out about you except that you use paypal and what your email address is.

So now my reaction. If you couldn’t guess from the title, the more I thought about this, the more I thought of Rob Rosenberger’s False Authority Syndrome and Bruce Schneier’s Movie Plot Threats.

The concept of following a financial transaction through the financial system sounds like something out of the movie Hackers. I can see it now, Z3r0 C001 and Ac1d Burn make a number of financial transactions against Agent Richard Gill’s account while L0rd Nik0n and C3r341 Ki113r use their 3D fly through the computer like a video game interface tracking the financial transaction like onstar tracks your Chevy.

While discussing this, she tried to speak with an air of authority. If it wasn’t for my knowledge I might have been inclined to listen to her some more because she was certain persuasive in her argument mostly due to her passion and certainty that she was correct. Where myself and my friend weren’t buying into it, others at the table certainly were. If there was

Of course, someone’s going to comment now and say “changing her bank account can’t hurt”, but that’s not the point. I’m not a fan of FUD intentional or unintentional. Often times because computers seem mysterious, people take the advice of anyone who sounds knowledgeable, I see it all the time. When you get technology advice, you should think about who’s giving it and why. You should try an understand the issue before you take actions proposed by anyone.

    Posted: Mar 29, 2009

Artisteer: A Review for Drupal Developers

There are 2 types of Drupal Consultants (yes I know these are stereotypes and many people fall in the middle).

The first type is the designer. The person who immediately know which fonts go together. They don’t need the eyedropper tool in Photoshop to identify colors, they know the hexcodes the same way average people know light from dark. A one pixel difference is a matter of life and death to them. It has often been suggested that Monet’s Waterlilies were a blatent ripoff of this person’s finger painting. If this is you, odds are Artisteer isn’t for you. You’ll be frustrated by the lack of options and control.

The other type is a developer. The person who eats code for breakfast lunch and dinner. He can’t tell the difference between red and green. He can’t draw a straight with a pencil and 2 rulers. In kindergarden his teacher, Mrs. Smith, would display his artwork in the coat closet because that was the room for all the “special artwork”. If perchance this is you, it might be worth an hour to take a gander at this tool.

Over the last few weeks I’ve heard about Artisteer, a tool that can automatically design and create Drupal, Joomla!, and Wordpress themes as well as static HTML and master files for an ASP.NET application. I was a bit skeptical, but as my artwork is still hanging in Mrs. Smith’s closet (she never would give them back to me, something about a psychiatrist’s evaluation), so I decided I’d give it a shot.

Artisteer is rather interesting. It has a number of predefined color pallets, layouts, typographies, graphics and other design elements built into it. There is a “suggest design” button which assembles all the design elements into a sample site. You can override any of these settings manually and ask for suggestions on any group of elements. For example, let’s say you have a Client’s Logo which gives you a color pallet and font family to work with. You can enter those and have Artisteer suggest menu settings, page layouts, backgrounds, button settings, etc. When you have something you like you hit export and have a shiny new Drupal Theme.

To be honest this isn’t going to replace a designer for that middle to upper tier website you’re working on and I’m not sure I agree with Artisteer’s claim that you can make “fantastic looking” themes, but I would say they are better then serviceable. The designs seems smart, if a little cookie cutter. I do see a number of uses for it:

  • That small project with a limited budget where you can’t afford a designer.
  • That project where the theme is still coming but you need to show off what you’ve done so far.
  • Quick application prototypes.
  • Anytime you’re saying “Darn, I need something to replace Garland in this but don’t have the time”

I wanted to spruce up this site, and I used Artisteer to do that you can see the results looking around. In under an hour I built this theme from scratch. In this case it is heavily influenced by the original design for this site (I have a thing for navigation above the masthead, and the color blue). Basically, I entered the colors and my masthead, selected a layout and scrolled though the other options until I found something pleasing. It got me about 90% of the way there (where stock themes usually get me 80% of the way). When it was done I still did some minor tweaks to the theme (I prefer that my tags go above the story, Artisteer forces them below), but I was up and running quickly.

Some notes on the theme:

  • It will work with D5 and D6. There is code in the theme to use the right API calls.
  • The code itself is rather clean from a PHP POV. I always worry when using code generators that I’m going to get bad code to work with.
  • For some reason the Artisteer created a page-blog.tpl, page-node-add.tpl and page-node.tpl which were all identical to page.tpl so I deleted them.
  • You can’t create regions beyond content and 2 sidebars. If you are looking for something fancier this isn’t going to work for you.
  • Regions are fixed and not collapsable.
  • Panels seems to be entirely foobared using these themes (although that might not be Artsteer’s fault, sneezing too close to Panels in D6 causes issues)

In closing, keeping in mind the limitations I’ve mentioned, I feel this is a great product for the artistically challenged. It will help move folks away from stock templates and into something more custom.

    Posted: Mar 24, 2009

Connecting BSG to Doctor Who, *BSG SPOILERS*

Spoilers for the final BSG episode

Connecting The Doctor and Admiral Adama:

  • The 4th Doctor was playing by Tom Baker
  • Tom Baker married Lala Ward
  • Lala's Second Husband is Richard Dawkins
  • Richard Dawkins wrote about Mitochondrial Eve in Rivers out of Eden
  • Mitochondrial Eve was Hera
  • Hera was born on the Battlestar Galactica
  • The Galactica was commanded by Adama
    Posted: Mar 23, 2009

Kindlecasting and A Kindle Catcher: A Propsal

Last night, in a fit of inspiration and exhaustion I posted a poll around creating a kindle catcher. As I was tired, I assumed that folks would immediately know what I was thinking based on a sentence, which might be insane. So, without further adieu I present a more thought out plan for what I’m thinking about. I know this is an evolutionary idea more then revolutionary but I think it’s worth discussing. Actually, there are folks that would say going from audio/video to print is devolutionary but whatever.

Back in 2000 Dave Winer added a media enclosure tag to RSS. This simple development gave us Podcasts, Vidcasts, Netcasts, etc. Quite frankly, I feel the media enclosure was one of the most significant development in RSS, allowing people to broadcast media to anyone who wants it.

So, just like a podcast is an RSS feed with attached .mp3 files, a “kindlecast” would be an RSS feed with attached .mobi/.prc or maybe .txt files. A kindle catcher, like a podcatcher, would parse the RSS feed pull down the ebooks. There can also be software to sync the content directly to your kindle. This can all happen without going through Amazon’s distribution model which will make Prof. Emily Walshe very happy, perhaps we can save free speech while using her kindle.

Off the top of my head I can think of a number of use for this:

  • Independent Authors can release their books on a feed. They can either release for free (maybe to create buzz), for a fee (with a personalized URL) or work on a donation model (like podiobooks) all without having to run through Amazon. This would work for short stories or chapters. When she did Playing for Keeps as a podcast, Mur Lafferty released a PDF with each episode. Having a feed of Kindle edition books would’ve fit right into the way she was marketing her book.
  • News Organizations, Blogs and Magazines who are just looking for people to read their stuff can publish in this methodology. There can be embedded ads (just like a newspaper), or a subscription model via a personalized URL.
  • I’m sure there are more. I don’t have a great imagination.

Now that I’ve given some backstory and detail. What do you think?

Edit: Filed the spelling of Dave Winer's Name, Sorry Dave

    Posted: Mar 20, 2009

DRM and Kindle: An Old Debate Reexamined

In this article: Kindle e-reader: A Trojan horse for free thought, Professor Emily Walshe raises some points that I discuss. Generally I’d post a comment on the article, but the CS Monitor doesn’t allow for commenting, something they should really think about on techie articles like this. So I’m writing my thoughts here.

To start with, even though a Kindle supports DRM, it doesn’t force it. The kindle supports a number of different open formats either directly or through simple conversion tools.

The article states:

You can download only from Amazon’s store, making it difficult to read anything that is not routed through Amazon first

I fear that Prof Walshe is misinformed. One example of a place to get books that don’t run through the Amazon store is Feedbooks, a source for Project Gutenberg and creative commons released books. They have a simple guide describing how to easily get there books on the Kindle.

Also a number of publishers that make their books available in PDF. A few of them will convert them into kindle format if you ask, I know that Packt Publishing makes kindle versions of their book when asked. If not there are several free tools that will convert that PDFs into kindle format (or at least mobi/ prc which is kindle compatible). Getting those books onto your kindle is easy, attach to USB, drag and drop. If you can get photos off your digital camera, you can get put data onto your kindle. Amazon will also convert the files for free via their email service. Over 90% of the books on my Kindle are DRM free. I have exactly 4 DRMed books from the Amazon store and considerably more from open sources.

It’s funny that Prof. Walshe ties this to the first amendment, because try as I might I don’t see this as a censorship issue. Actually, I feel quite the opposite. Through the internet and simple tools, anyone can publish their book, and send it to anyone who wants it. No publisher deciding what’s marketable or not. The author has the choice to publishing the book on the Amazon Store with DRM or off their website without and that book can have equal standing the other books in my Kindle.

I really suspect that the cycle we saw with digital music will repeat here with books :

  1. Publishers force anyone who wants to use their content to use DRM. This will annoy customers but old media executives will feel safer, and say they are protecting their authors.
  2. Independent authors, trying to cut out the middle man, will make DRM-Free Kindle Version of their books available, either out of a moral obligation or rather smart marketing.
  3. A few major authors will start making their books available DRM-Free to appeal to their audiences.
  4. Publishers, realizing they are losing grip on their authors will go DRM-Free for all their content. If they fear Amazon they will start with another platform first (maybe Sony), but eventually all this content will be available DRM-Free.

Earlier today I said to a friend that this process will take 5 years. It might be faster because there is a more established catalogue of legal, freely available books through both the public domain and the creative commons. There’s also a large community of writers who publish their work on the internet who care more about being read then they do about making money on their writing.

Like the music industry there will be back and forth. There will be battles over removing the DRM and lawsuits will be filed. Who owns bits will be heavily debated, but at the end of the day, until the publishers the publishers feel comfortable they will insist on the DRM. Some day, they will realize that it makes more financial sense not to use DRM but to open things up.

As it says in the Book of Pythia, “All this has happened before, all this will happen again”.

    Posted: Mar 18, 2009

Why the Kindle is a Better Reading Device Then A Computer or IPhone

A lot of tweets over the last few days which are really asking the question “Why should I buy a kindle if I have a netbook or iphone”. As hard as I’ve tried to answer that question in 140 bytes at a time, I figured I’d go out there and post why I think it’s a good device, and (even though I didn’t have to pay for mine) why I think it’s worth the money if you have it.

I’ve been reading ebooks for a long time. To put this into perspective, I was using my Palm Pilot to read ebooks in 1999, so I have 10 years under my belt. As I think of it I’m sure I was reading some sort of ebook on my Apple ][ back in the late 80’s and early 90’s. If Kindle users are here for the birth of the industry, I was playing with stem cells. I give this history not to brag, but to show you I have a little history doing this.

First off, I’d like you to consider why the computer really hasn’t replaced the book yet. I think there are a number issues but I think there are a few killer ones. The book, until now is the most comfortable experience on the eyes. You can read a book indoors and outdoors. It’s easy to read it in cramped situations. The goal of an ebook is to clone that as well as possible.

The first major difference between reading on a Kindle and reading on a traditional device (laptop, netbook, iPhone) is the screen. E-Ink is a really cool technology (even though when you read up on it you realize it’s just a new-fangled etch-a-sketch) which not only maximizes battery life, but gives a rather clear test, which basically has the feel of a paperback book. Unlike LCDs I can read this screen in the outdoors (reading in a park or on the beach), or in average lighting. It has the same limitation as traditional books, I can’t read it the dark without an external light, but I’d rather that limitation then the inability to read when there’s too much light, because I can correct one and not the other.

I know I’m not alone in this, as a NYC resident I often am reading on the subway or the bus. From a space perspective it’s much easier to whip out a Kindle and read then it is to pull out a laptop or netbook. I don’t have to be sitting and Jeff Bezos is right, I can read with one hand convenient for the average strap hanger.

Of Course battery life is another issue. A laptop, Netbook, PDA or phone will get a few hours before it dies, a Kindle will get you a week or 2.

In closing these features make up for the lack of backlighting and a monochrome screen. If you’re looking for a platform to read books this is the way to go.

    Posted: Mar 18, 2009

Tweeter Getter, Tweepme and Twitter Popularity Contests

Been reading a little about tweepme today after it popped up as a buzzing and trending topic on twitter today and have been thinking about this popularity contest people call social networking.

A few months ago tweeter getter was introduced as a free service that “helps you” get new followers in what is really a ponzi game, you put your name on the list, you become a follower of the last X people to join, the next x people who will join follow you. When you join and at other point you automagically tweet:

RT @garymccaffery has a crazy idea 19,350 new followers in 30 days Check it out link

That link is used to track how many people you’re responsible for, which I’m sure determines how quickly you get new followers. After unfollowing anyone who was using tweet getter, I’d send out a tweet like this:

@nibbler has a crazy idea get new followers using your wit and charm instead of a ponzi scheme!

The interesting thing here is that this person lost a follower who is interested in what they are saying and is gaining new followers whose goal is to get more followers instead of being involved with the conversation. I wonder if our eyeballs have the same value.

Today, I started seeing buzz about tweepme.com, a service similar to tweeter getter except that there’s a fee to use it. This site has a little more polish from a visual perspective. Again, I question if it really does any good because I’d drop someone using it like a hot tomalley and you wind up only with followers that are looking for new followers.

There is a line on the site that makes me chuckle:

Tweepme.com uses Twitter’s API to automatically form friendships on our members’ behalf

For me, forming friendships is an active thing. Where there are some twitter peeps that I have friendships with (you know who you are), my average twitter peep is not a friend (sorry). I know this makes me sound old, but I’ve never accepted the web 2.0 definition of “friend”. The concept of an API forming friendships on my behalf just sounds creepy.

For a while I didn’t understand why people view twitter as a popularity contest. Then it hit me, for these folks, twitter is not a community, it’s not a place for discussion, it’s a broadcast platform.

My goal is always simple, I want to follow people who interest me and join in the conversation. I don’t care who follows me. If you want to follow me great! If you’re interesting I’ll follow you back and hopefully we’ll get something out of it. Where I do my share of self pimping it’s not the reason why I’m on twitter (I’d tweet if I wasn’t blogging and vice versa).

    Posted: Mar 16, 2009

Listening and Social Networking

While I was watching Evo do his weekly Social Media Triage yesterday morning, I got to thinking about how much of social media is about listening. It’s a message that came up several times during the video and I think it’s a skill that’s rather underrated when it comes to social media.

Back when I was living in Chicago in 1995 I worked at a company that got a “team work” bug in their bonnet. They shipped out a number of employees, including myself, to one of those team build retreats. You know one where we did trust falls and other team building exercises. I have to admit I was paying attention more to mock the retreat then to learn something, then the person leading this said ten words that altered my life:

“The opposite of speaking is not listening, it’s waiting to speak.”

He went on to explain that, more often then not, when people are in a discussion, they’re not waiting. They are formulating their response, or they’re waiting for whoever’s talking to take a second to inhale, so they can jump in and get the floor again. We all do this to some degree, but it’s worse in tense situations. When this happens to me, I catch myself these days I often catch myself and force myself to listen.

So, what does this have to do with Social Networking? In Evo’s presentation, he sited that one problem with social media is that people often jump in before understanding the community and often breach etiquette. He also brought up that not paying attention to the wants and needs of the people in your network have be problematic. At the end of the day, both these problems have the same root cause: not listening before speaking.

This isn’t a new problem on the internet. How often has someone posted a comment on Friendfeed, Digg or Slashdot based on an article title without reading the article? Or, actually, how often does someone read the article before posting might be a better question. Another symptom of speaking without listening.

Warning Major Stereotyping Ahead

There are 2 types of tweeters that I don’t understand, folks that follow 10 tweeps and folks that follow 30,000 tweeps. Neither of these people can effectively be listening. The former has no one to listen to, and the latter has too much coming at him to effectively drink from the firehost.

If you watch the person with 10 followees, they tend to embody the twitter stereotype :

  • “10:10 putting bread in the toaster”
  • “10:13 spreading strawberry jam on toast”
  • “10:14 had my first bite of toast”
  • etc

The 30,000 followees person tends to try and contribute but tends not to be able to follow the conversation because there’s so much scrolling on his screen. If his name isn’t @scobleizer, there’s no way he can (Scoble is superhuman, and I’m pretty sure he’s alpha testing a neural implant of some sort, “Robbie Mnemonic”).

In closing, I’d like you to think about slowing down and learning to listen, it will probably build you a stronger presence.

    Posted: Mar 15, 2009

Getting The Kindle Etched

Just got in from getting a kindle etched down at adafruit and I wanted to relate the experience to you all. It’s probably the funkiest thing I’ve done in a while.

photos courtesy of adafruit, full set here

I had some trepidation going into this. On some level I was worried that it was just a little too tooly. I even took the step of writing Molly and Kelly on Gadgettes, asking their opinion and may have given them a new segment in the process (the gadget version of Dear Abby). But in my heart of hearts I knew that the pristine Aluminum had to be customized.

At first I considered getting this side intentionally left blank on it, harkening back to the days of paper computer manuals but then it occurred to me that no one gets that joke on the back of my business cards so maybe 10 people would understand it.

Then I thought of hitchhiker’s and thought the logo would be perfect. Seeing xkcd had the same idea almost put me off, I didn’t want to seem derivative. At the end of the day I realized that “Don’t Panic” made more sense and was the way to go.

I have to admit to some nervousness since the metal on the back of the kindle feels much lighter then the metal on the back of an ipod or on a laptop, but to the victor goes the spoils so I figure what the heck, I’ll go for it. I also have to admit that watching smoke come off the kindle as the laser was etching it made me think that the magic smoke might have been escaping the unit. I’m happy to say that wasn’t the case.

Now, technically speaking I’m not sure this was an etching. As I mentioned earlier the Aluminum is thin, real thing. There’s a layer of thick plastic underneath it (I suspect that the exposed plastic from the antenna goes all the way down the unit). The laser actually burned away the layer of metal giving it a rather cool appearance.

Here’s the video of the kindle being etched.

I do want to thank everyone at adafruit industries

Edit: if you're interested in reading some public domain books on your kindle you should check out the Kindle Book Club

    Posted: Mar 12, 2009

Social Networking, It's What's Missing From the Kindle

After reading @kindlejunkie’s tweets on how to update your Library Thing via Twitter (and how it’ll work from a kindle), I got to thinking about the Kindle and how it should be integrated better into social networking.

History

Most people know that Amazon bought Shelfari back in August and I thought this was an inspired move. I figured a tight integration between the 2 services would be fantastic. Imagine that when you write reviews on Shelfari they get ported to Amazon (and vice versa). When you buy a book off of Amazon it gets added to your book shelf automatically.

What Does This Have to Do With The Kindle?

If Amazon builds the infrastructure I began discussing about above it would be trivial to add the following features to the Kindle:

  • Update the books on your shelf based on your kindle purchases and books loaded onto your kindle via USB.
  • Update the “Book I’m Currently Reading”.
  • Rate and Review books, directly on your Kindle and update not just Amazon.com but also Shelfari.
  • Import book annotations into Shelfari.

Now It Can Really Get Cool

Once all this is in place there are some rather interesting thing that can happen:

  • As you search the kindle store your friends reviews would float above anyone else’s.
  • On a Daily basis whispernet could deliver all your friends’ statuses and reviews to your kindle. There would, of course links to the book referenced to make purchases easier.
  • Annotations could be shared amongst friends. Imagine you’re in a class and could effectively setup virtual study groups by share thoughts on book passages via your kindle.

That’s just a start. There’s more I’m sure but that’s a beginning.

    Posted: Mar 10, 2009