So one of the things I have been seeing more and more are meat-space kiosks that are enabling (and encouraging) you to interact with them by sharing the activities you participated in via your social media identities.
How are they doing this? By having you type your credentials directly into the kiosk. Not only is this a Really Bad Idea(tm) but even the act of encouraging the generally non-security-savvy population that this is a “thing” is horrifically scary. No longer do you need to click on a phishing email to lose your password, all you have to do is buy something from a kiosk which has this configuration in it, from a kiosk which has been hacked. Oh wait, it’s not like that ever happens, right? Certainly Target would never get hacked, and if Target is safe, well, maybe the little guys will be fine too.
This is a patently Really Bad Idea but I don’t think it’s going away, so what I propose is this: sites and services that consider themselves identity providers (a.k.a. you offer OAuth login credential verification for third party sites/apps/projects/whatever), with their mobile app, should provide an easy way to generate a limited-time-use OAuth token, and then provide a way to display it via QR code, or similar.
Granted, this would require adding a webcam to the kiosks, but webcams are dirt cheap, and the net positive for everyone involved. Heck, I bet it turns out to be so much more user friendly that the rates of those social participation options becomes more frequent. Imagine Retailers could even, with this new, nearly painless, option, even offer users a chance to tweet, or post a status, about their in-progress transaction to receive some sort of discount, or special offer.
Bottom line: let’s get real and not encourage the general population to foster insecure password management choices. Entering your password (which is statistically likely your password to everything) into a public kiosk which exists in an unknown state of security is a bad idea, every time. Making it normal is an even worse idea. Let’s wrangle this under control before it becomes even more wide spread.
I wanted to write a quick note about one of the ways that I stay up to date with things: podcasts.
They’re great for anyone who commutes, and the rest of you can surely find some time to fit them in somewhere. Even if you can only track one or two.
A lot of the podcasts I listen to aren’t specifically web development or even PHP related, but that is on purpose. I have Twitter and RSS feeds, as well as IRC for keeping up with more directly related topics. I’ll detail those later.
The Web Ahead — A podcast by Jen Simmons which covers a variety of topics we should be informed about as web workers.
For Education
The Critical Path — A podcast by Horace Dediu about the theory and practice of disruption, and jobs to be done theory. It has an Apple centric overture, but it uses Apple as an example to build a lesson from.
Freakonomics — Always interesting(ish) topics, to keep the brain going.
For Humor
Back to Work — This could also go into Education, but I find the duo of Merlin Mann and Dan Benjamin to be quite comedic, and even enjoy listening to their “commercial breaks”.
At Symfony Live San Francisco 2012, I gave a little talk. No, really. A little talk. Seven minutes. I’m not even sure I used all of it. That’s not a lot of time, but I think I managed to at least provoke some thinking. At least I hope I did.
Hmm. How do you act like you care about your work, as a developer?
Alright, I understand that in order to keep people checking back regularly, I have to post regularly.
I get that.
I really do!
Sometimes, though, life just takes over. I’m working on making that better.
To that end: Did anyone else attend the Day Camp 4 Developers session last weekend? If not, you missed a real riot. The speakers were excellent, and the crowd in IRC was just awesome.
