Loading Profile...
Recent activity
Subscribe to this feed
adactio replied on January 01, 2009 12:56 to the question "xspf playlist format?" in Huffduffer:
Done. Anywhere that you see an RSS feed, you can now also get an XSPF file (just change the URL from /rss to /xspf):
http://huffduffer.com/new/xspf
http://huffduffer.com/popular/xspf
http://huffduffer.com/tags/TAG/xspf
http://huffduffer.com/USERNAME/xspf
http://huffduffer.com/USERNAME/tags/T...-
adactio replied on January 01, 2009 11:53 to the question "xspf playlist format?" in Huffduffer:
I reckon that's doable. I'll get working on that. -
adactio replied on December 23, 2008 12:46 to the problem "Pulling the wrong avatar from Flickr; no option to edit/delete." in Huffduffer:
I've tweaked the way that the icon gets pulled in. It used to be that checked first for a matching username (on Twitter, then Flickr) before resorting to checking for an account using the same email address (on Twitter, then Flickr). I've flipped that 'round now so that it first checks for a matching email address before checking for a matching username.
Now your Flickr icon is showing up correctly. -
adactio replied on December 22, 2008 21:24 to the idea "Can you add the option to sort tags alphabetically?" in Huffduffer:
I've changed the main tag page to sort alphabetically:
http://huffduffer.com/tags
...but I still think it makes more sense for the smaller tag "clouds" (on the front page and on user profiles) to be sorted by popularity to give that at-a-glance indication of popularity. -
adactio replied on December 22, 2008 21:22 to the idea "Please stop playing a Podcast when another is selected." in Huffduffer:
Supposedly the current player should be able to support playing just one stream at a time but for the life of me I can't get it to work (and it doesn't help that the documentation is hard to find). I'll keep trying though. -
adactio replied on December 17, 2008 11:43 to the update "Pownce Read-only Archive" in Pownce:
That's an excellent first step to archiving this stuff permanently. Thank you, Mike. Thank you, Ben. Thank you, Tantek! -
adactio gave praise in Spacehack on December 03, 2008 11:27:
Great idea, beautifully executedI just wanted to say: Spacehack rocks! Inspiring stuff.
That is all. -
adactio replied on December 03, 2008 11:25 to the idea "Exporting data is lovely, but can we redirect our permalinks?" in Pownce:
I concur. If there's any way to avoid link rot (even some kind of quick'n'dirty permanent redirect), that would be great. -
adactio started following the idea "Exporting data is lovely, but can we redirect our permalinks?" in Pownce.
-
adactio replied on November 27, 2008 11:38 to the question "right click huffduff it or keyboard shortcut" in Huffduffer:
I wish I could. Alas, I know nothing about creating this kind of tools. I'll read up about it but in the meantime, if anybody out there can help, please chime in. -
adactio started following the idea "Implement OAuth for 3rd Party Limited Access" in Twitter.
-
A comment on the idea "Stop asking for Twitter passwords" in Get Satisfaction:
You're quite right, Scott. I really don't mean to come across like I'm dogpiling all this on you guys. Sorry if it came across that way. – adactio, on November 24, 2008 19:48 -
adactio marked one of Scott Fleckenstein's replies in Get Satisfaction as useful. Scott Fleckenstein replied to the idea "Stop asking for Twitter passwords".
-
adactio marked one of Lane Becker's replies in Get Satisfaction as useful. Lane Becker replied to the idea "Stop asking for Twitter passwords". adactio and 2 other people think it's one of the best replies.
-
A comment on the idea "Stop asking for Twitter passwords" in Get Satisfaction:
You're right, Lane, and I hope I don't mean to come across like I'm piling it on you guys. Like I said, you guys—Ted and Scott—have done great work with technologies like OpenID, hCard and OAuth and you are absolutely deserving of the benefit of the doubt.
Sorry for coming on so strong. – adactio, on November 24, 2008 19:46 -
A comment on the idea "Stop asking for Twitter passwords" in Get Satisfaction:
But of course! I'm upset at the bad practice, not at you guys personally. You guys are teh awesum! :-) – adactio, on November 24, 2008 19:42 -
adactio replied on November 24, 2008 19:35 to the idea "Stop asking for Twitter passwords" in Get Satisfaction:
Scott and Ted, I'm kind of surprised by the push-back from you guys. As your rightly pointed out, you have done *excellent* work on implementing OpenID and hCard subscription in your sign-up process so I would have that the negative effects of the password anti-pattern would be self-evident to such savvy developers.
I can't provide you with too many examples of direct phishing attacks based on the password anti-pattern. Here's one:
http://www.codinghorror.com/blog/arch...
Then there are the less extreme cases like the MyNameIsE example mentioned above:
http://getsatisfaction.com/e/topics/a...
That was an example of (mild) identity theft rather than direct phishing.
But as so many have already pointed out, the real problem isn't direct cause and effect phishing, it's the message being sent out that it's okay to hand out passwords from one site (Twitter) on a completely different site (Get Satisfaction). If—or should I say when—this practice becomes commonplace then phishing and identity theft become so much easier ...even if it remains hard to measure directly.
Right now, Get Satisfaction are basically aligning themselves with sites like this: http://twitterawesomeness.com/
(though this is done as a joke whereas Get Satisfaction are doing it in all seriousness).
Now, the usual response to pleas for removing the password anti-pattern (e.g. Slideshare, Pownce, LinkedIn) is that they desperately need to be able to import people's address books. In the case of Get Satisfaction, you aren't even trying to do that! All you want to do is allow people to post a message to Twitter. For that, you *do not* need anybody's password.
Ted, you asked me to provide a solution. I made very sure to do just that in my original post. Simply make your "Twitter this" an actual URL that points to http://twitter.com/home passing it a query string with a variable called "status" pre-populated with the message you want to post.
The current solution isn't just bad practice and bad for the web, it's kind of over-engineered, don't you think?
P.S. to everyone else who is rightly upset by this, please remember: Ted and Scott really are top-notch developers who have done great things with OpenID support and hCard subscription. -
adactio shared an idea in Get Satisfaction on November 24, 2008 11:50:
Stop asking for Twitter passwordsIs it really necessary that the "Twitter this" widget asks for people's password? It is *not* okay to ask for the password for one site on a completely different site.
Now I know that the Twitter API doesn't provide any OAuth-style authentication but for this situation, you don't even need to do that. You just need to create a link on the fly:
http://twitter.com/home?status=Your+m...
Please stop teaching people that it's okay to throwtheir passwords around like confetti. You are teaching people how to be phished.
http://adactio.com/journal/1357
http://microformats.org/wiki/social-n...
http://www.codinghorror.com/blog/arch...
http://adactio.com/journal/1513/ -
adactio started following the idea "Implement OAuth for Connections Import" in LinkedIn.
-
adactio replied on November 18, 2008 23:13 to the idea "Please stop playing a Podcast when another is selected." in Huffduffer:
Um... shouldn't *you* stop playing one audio file before playing another?
| next » « previous |
