I haven’t tweeted in a week

July 11, 2013 is the day I realized Twitter was turning me into a bad internet person.

I watched my Twitter stream flow by all day that day and I couldn’t think of a nice, polite, constructive response to any single one of the tweets flowing by. It’s not that the people I follow are terrible human beings who post mindless drivel. In fact, I’ve recently trimmed my followers down to a short list of quality tweeters.

I realized that I was becoming a snarky asshole. Every moment I spent looking at Twitter was a moment I spent forcing myself not to be a jerk in public.

In my previous post I wrote that I use Twitter as a “real news” source. But to be honest over the past week, I haven’t felt like I’m missing anything.

I doubt I’ll write another 13,367 tweets.

The larger question here is whether this is truly a “me problem” or a Twitter problem.


Blog First, Tweet Later

WordCamp Winnipeg was absolutely amazing! I’ve literally been waiting my career to see this calibre of event in Winnipeg.

David Pensato gave a really great talk about the future of social blogging. He made the keen observation that, with Facebook, Twitter and the like we are all blogging all the time.

As an experiment, I am going to challenge myself to write a blog post instead of a Facebook status update, or tweet. I’m already seeing some potential issues with this idea, more on that later.

Oh yeah, Peter Chester‘s talk on measuring WordPress performance was one of the best tech talks I’ve seen, ever!  Slides are here.


Twitter Conversation Observation

I started listening to podcasts right around the same time twitter was starting to gain a following among über -nerds. I can’t remember which came first. Doesn’t matter.

At the time, it was not uncommon for an every nerd podcast to be dominated by twitter talk, for weeks on end.

With twitter’s recent “new guideline” announcement, every single nerd podcast I subscribe to is once again dominated by twitter talk.

They’re doing something right.

Apps Tips & How To's

Firesheep: A Valid Reason to Fear WiFi or How To Hack Your Wife’s Facebook

Just in time for Halloween, a developer by the name of Eric Butler has released Firesheep – a truly terrifying security tool. It’s so simple to use it makes script kiddies look like rocket surgeons. All you have to do is install the Firefox extension, that’s it. With the extension installed at the click of a single button you can collect any session cookies floating around the WiFi network you’re connected to and use those cookies to browse any website the victim logs in to. To reiterate, if you’re on a public (or unsecured) wifi hotspot anyone else on the network has the ability to view your Facebook account, without any technical knowledge at all.

As you can see in the screenshot. Firesheep gives you a nice list of all user logins you’ve collected, including their profile pictures for your convience; clicking one logins you in to the social network as that user, giving you full access to everything they have access to.

While this type of attack has always been a vague hypothetical possibility and there have always been tools available to take advantage of this sort of exploit, it is has never been this simple. It’s the equivalent of putting a “give me money” button on the side of an ATM. Facebook, Twitter and friends are going to have to take notice.

What Not To Worry About

  • Private WiFi. If you know and trust everyone on the WiFi network you’re connected to at home or at work, you probably shouldn’t worry too much. You’re still just as vulnerable to the attack on a private or encrypted WiFi connection. But without open access to the general public, it’s a lot easier to catch the person messing with your account.
  • Passwords. This exploit works without ever knowing your password. No respectable website stores your password in plain text and even if someone gets into your account, most websites will not allow a user to change the password without entering the current password.

How To Protect Yourself

Firesheep is taking advantage of the fact that your session data is being sent over wifi in plain unencrypted text. The only effective protection against this is full end-to-end encryption using HTTPS aka SSL. A lot of websites like banks or government services enforce HTTPS connections due to the sensitive nature of the transactions. Most social networks may offer HTTPS if you type it into the address bar (ex. or, but since encryption slows down connections somewhat and is a little more taxing on server hardware, no social networks require you to connect with HTTPS. I suspect this will change within the next couple of weeks, if not sooner. In the mean time there are some steps you can take to make your browser use https.

  • If you use gmail, they provide a handy setting to force gmail to always use a secure connection. Details here. Enable this if you haven’t already. This is not necessary, gmail went 100% SSL earlier this year.
  • For other sites always include the ‘s’ after https when logging on to a website. This should work with any major website. Update your bookmarks now.
  • Right now, I’m serious…
  • ….
  • Unfortunately, updating your bookmarks is not enough. Even when you log in via a secured connection Facebook and many others do not continue to send your traffic over secured links as you click around the site. Meaning, as soon as you leave that first httpS page, your may begin to expose your session details.
  • If you use Firefox, Techcrunch has an article on configuring Force-TLS an add-on that forces sites to use HTTPS. Details Here.
  • If you use Chrome or Safari, there are a few Greasemonkey extensions you can install that do similar things. This one covers a lot of sites. Take a look at the directory for more.
  • Do not user Internet Explorer.

That said…

If you’re wondering who that neighbour with open WiFi has been messaging on Facebook, it’s never been easier to find out. Download the extension (disclaimer: don’t actually do this, it might be illegal).


Embedded Tweets Not Ready for Prime-Time

Twitter just launched a little tool designed to make it easier to embed tweets into your website. Currently blogs tend to paste in tweets whenever a twitter source requires reference, as Twitter explain in their blog post “…a pasted-in image of a tweet is a bit of a hack. We have a simple alternative to propose…”

All you have to do, in theory, is load up Twitter’s “Blackbird Pie” tool, enter a “full tweet URL” and voila, neat little embedded tag.

Unfortunately, the HTML code it currently outputs is a massive pile of garbage. By massive, I mean really massive; embed code is running well over 1kilobyte. I’ve never seen anything like this before. Seriously, try it out! The HTML is pretty garbage-tacular too. It spits out an inline <style> tag in an attempt to replicate the native profile style of the cited user. I guess they’re trying really hard to replicate the look of a screenshot.

There are numerous problems with this implementation: 1) <style> is inside <body> won’t validate in current Doctypes (AFAIK); 2) I can almost guarantee that the majority of WYSIWYG editors and/or output filters will barf up the inline style – wordpress certianly does; 3) even if you are able to post the embed, it’s quite likely that RSS readers and some browsers will ignore the <style> tag, rendering your embedded tweet illegible; 4) some of the key class names they’ve chosen – eg. timestamp, author, metadata – are not very unique and could potentially have existing styles assigned to them.

There is no real indication that this tool is experiment or “alpha,” just a short “use at your own risk.”

Blackbird Pie does not taste good. They should not have released this on a public server, it’s embarrassing.