May82008

quote

"Excuse me if a look of bewilderment crosses my face when a surrogate of Sen. Hillary Clinton’s starts off on the “we need hard-working white workers to win in November” mantra."

Roland Martin: Democrats need more than working-class whites

link

Online Advertising: News Corp. exec explains why MySpace traffic rose, revenues dropped »

In other news: the banner/text ad model is clearly broken for apps where the user is not searching out something in particular.

video

This may have limited appeal since it’s a lot of “inside jokes”… but I think it’s really funny! And so well done.

May72008

text

Saw Iron Man last night. ‘was fun, but I was offended by the notion software writes itself. My friends replied: umm, it’s a superhero movie.

May62008

text

learning just how little I understood about MySQL optimization.

May42008

text

The twitter client Hahlo is not secure. I recommend thinking twice before using: http://stream.btucker.org/post/33710515

text

Use Hahlo Twitter Client with Caution

Hahlo is a really nice Twitter client targeted primarily at the iPhone, but also usable from any browser. Unfortunately, it handles authentication in a completely insecure way, exposing users’ twitter credentials to any third party sniffing packets on the network.

For starters the login page does not use SSL. This in and of itself is a problem since for that one login request a user’s login credentials are exposed, but it’s actually much worse. Hahlo stores a user’s username and password unencrypted in cookies. This means that every single request to hahlo (even ones for images) includes the user’s username and password completely in the clear.

This is unacceptable for a production application, especially since it’s undisclosed. Definitely don’t use it at a coffee shop, tech conference or college campus. Or if you connect to the internet with a cable modem.

Update: @hahlo complained on twitter that I didn’t mention other twitter clients are equally insecure. This is true (just confirmed PocketTweets has exactly the same vulnerability). I singled out Hahlo because it was a new release getting a lot of attention. But this is no excuse not to fix (or at least disclose) that hahlo is so insecure.

The fix is not hard, either.

1) buy an SSL cert for $30
2) setup https://hahlo.com
3) use 2-way encryption on the cookie so that only with a secret can it be read

(This is how Quotably handles authentication.)

May22008

video

It’s really fun to watch other people pitch your stuff with even more enthusiasm than yourself! Thanks Ed!

text

18 years after shyly entering my first classroom at age 5, today I left my last.

May12008

video

What a great ad! I’m glad my last contribution went toward this. This should serve as a model for political advertising as far as I’m concerned.