Social media in the physical world

So one of the things I have been seeing more and more are meat-space kiosks that are enabling (and encouraging) you to interact with them by sharing the activities you participated in via your social media identities.

How are they doing this? By having you type your credentials directly into the kiosk. Not only is this a Really Bad Idea(tm) but even the act of encouraging the generally non-security-savvy population that this is a “thing” is horrifically scary. No longer do you need to click on a phishing email to lose your password, all you have to do is buy something from a kiosk which has this configuration in it, from a kiosk which has been hacked. Oh wait, it’s not like that ever happens, right? Certainly Target would never get hacked, and if Target is safe, well, maybe the little guys will be fine too.

This is a patently Really Bad Idea but I don’t think it’s going away, so what I propose is this: sites and services that consider themselves identity providers (a.k.a. you offer OAuth login credential verification for third party sites/apps/projects/whatever), with their mobile app, should provide an easy way to generate a limited-time-use OAuth token, and then provide a way to display it via QR code, or similar.

Granted, this would require adding a webcam to the kiosks, but webcams are dirt cheap, and the net positive for everyone involved. Heck, I bet it turns out to be so much more user friendly that the rates of those social participation options becomes more frequent. Imagine Retailers could even, with this new, nearly painless, option, even offer users a chance to tweet, or post a status, about their in-progress transaction to receive some sort of discount, or special offer.

Bottom line: let’s get real and not encourage the general population to foster insecure password management choices. Entering your password (which is statistically likely your password to everything) into a public kiosk which exists in an unknown state of security is a bad idea, every time. Making it normal is an even worse idea. Let’s wrangle this under control before it becomes even more wide spread.

On continuing education – Podcasts

I wanted to write a quick note about one of the ways that I stay up to date with things: podcasts.

They’re great for anyone who commutes, and the rest of you can surely find some time to fit them in somewhere. Even if you can only track one or two.

A lot of the podcasts I listen to aren’t specifically web development or even PHP related, but that is on purpose. I have Twitter and RSS feeds, as well as IRC for keeping up with more directly related topics. I’ll detail those later.

For Development

For Education

  • The Critical Path — A podcast by Horace Dediu about the theory and practice of disruption, and jobs to be done theory. It has an Apple centric overture, but it uses Apple as an example to build a lesson from.
  • Freakonomics — Always interesting(ish) topics, to keep the brain going.

For Humor

How to act like you (maybe actually) care about your work

At Symfony Live San Francisco 2012, I gave a little talk. No, really. A little talk. Seven minutes. I’m not even sure I used all of it. That’s not a lot of time, but I think I managed to at least provoke some thinking. At least I hope I did.

Hmm. How do you act like you care about your work, as a developer?

Continue reading “How to act like you (maybe actually) care about your work” »

Making life easier w/ PagodaBox and a special treat!

Have you gotten tired of messing with servers? Doing updates? Maintaining security?

You may just be in the right mind set to look at an architecture as a service, such as PagodaBox or Orchestra.

And now for the treat:

I have set up an easy-to-use quickstart for symfony2 + sonata admin for you to use on PagodaBox.

Want to contribute? Send a PR to the GitHub repository!

Keeping pace

Alright, I understand that in order to keep people checking back regularly, I have to post regularly.

I get that.

I really do!

Sometimes, though, life just takes over. I’m working on making that better.

To that end: Did anyone else attend the Day Camp 4 Developers session last weekend? If not, you missed a real riot. The speakers were excellent, and the crowd in IRC was just awesome.