Another Rant From “Lefty”

There’s been some meta-discussion around yesterday’s phishing attack on Twitter (of which I, and many others, were victims) regarding the unwisdom of clicking on an unsolicited password reset link in an email, but there are way to assure yourselves that such things are genuine.

Every email package I’ve encountered has a function to allow you to see the full headers of an email message; in Entourage on OS X, it’s the “View Headers” command in the “Message” menu. Taking a look at the message (which is identical, from all appearances, to the one Andrew Girdwood recieved) shows us the following; note the “Received” headers in particular:

Received: from unknown (HELO mail-front4.dca2.superb.net) (66.148.95.125)
by 66.148.95.31 with SMTP; 2 Feb 2010 05:21:20 -0000
Received: (qmail 84707 invoked from network); 2 Feb 2010 05:21:20 -0000
Received: from mx003.twitter.com (128.121.146.152)
by 66.148.95.78 with SMTP; 2 Feb 2010 05:21:20 -0000
Received: from twitter-web043 (web043.twitter.com [10.209.32.253])
by mx003.twitter.com (Postfix) with ESMTP id DF684587210
for ; Tue, 2 Feb 2010 05:21:19 +0000 (UTC)
X-DKIM: Sendmail DKIM Filter v2.8.2 mx003.twitter.com DF684587210
DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=twitter.com; s=dkim;
t=1265088079; i=@twitter.com; bh=ISzoeDqxeACoknd1YdcwEDZRDOA=;
h=Date:From:Reply-To:To:Message-Id:Subject:Mime-Version:
Content-Type;
b=QPpIZ0gV6a4WZPVALF+WWo3QVbr8HrfEVzCPg4AI9CTmULA9n7iLkNpTAfjxJdsvM
9ldsItg7386k4hf9b4aTiUYQwOf31EJM4jI5dvGG7S/f40lqgqdxIf4EkJ+wdov2Wb
8WTmKeuKm1P8AdZ8aE1WbceMpruk4B5BnGYNsi4M=
X-DomainKeys: Sendmail DomainKeys Filter v1.0.2 mx003.twitter.com DF684587210
DomainKey-Signature: a=rsa-sha1; s=default; d=twitter.com; c=simple; q=dns;
b=3hurpIWY7RHpVLkpad1GNEuzZ8LftciXQP5+G6tQo3Yd5u0jLnFQjLn0TPcluhu9J
E3qz/hUWZWIfCXFgdzRGA==
Received: from twitter.com (localhost [127.0.0.1])
by twitter-web043 (Postfix) with ESMTP id D364EBAD19A
for ; Tue, 2 Feb 2010 05:21:19 +0000 (UTC)

Every time an email message passes from one system to the next, a “Received” header is added; you read them from the top down to trace a message back to its origin. So, the first “Received” line, referencing Superb.net, my (excellent) hosting provider, as well as the second, is me picking up the message here are home, in essence. The next line is Superb.net receiving it from mx003.twitter.com, whose IP address is given as 128.121.146.152; we can check that.

Doing a reverse DNS lookup is easy: go to http://remote.12dt.com/, enter the address you’re interested in, and here’s what you get:

So, that address checks out fine. (The 10. address given later for the site web043.twitter.com isn’t useful: any IP address that starts with “10.” is a private one, for internal use, in this case within the twitter.com domain.

Note, if you’re especially paranoid, that the message has been signed with a “Domain Key”. This is a use of public-key-encryption to both sign and validate the contents of the messages, giving assurance as to its origin and that its contents haven’t been altered.

The “Received” headers are well-nigh impossible to forge, given that the path an email message traverses, up to and including my own computer, can’t all be under a “phisher”’s control. The fact that I was able to validate and verify addresses for the origination of the message gives me some level of certainty that it did, in this case, come from Twitter, and not from a phisher.

And yes, I did work in networking for a number of years.

No Comments »

Once upon a time, before the Internet was the Web, there was USENET. And on USENET, there was Kibo. Kibo’s chief claim to fame was that, anytime anyone anywhere on USENET made a posting which contained the string “kibo” (whether in actual reference to him, or in random unrelated words like “skiboot”), he would post a message, usually of a somewhat surrealistic nature in response.

Anyone can pretty much do that now.

I posted a message on Twitter this morning, commenting that I was going to watch a new DVD I’d gotten, Pandorum, by Christian Alvart. I’d noticed, but missed, it in the theaters, and I didn’t realize until I looked at the case that he’d directed it—I like one of his earlier films, Antibodies, quite a bit.

I go and look an hour or two later, and I’ve got a new “follower”: Christian Alvart.

Remarkable. Pandorum’s a good film. If you liked Dark City, I think you’d enjoy it.

PS: I am, as it happens, Christian Alvart 666th follower. Neither of us seems entirely certain what to make of this.

No Comments »

Great moments in Apple history:

After we’d finished up with Mac OS 8, and were beginning to plot Mac OS 9, a nicely-made ”Mac OS 9 Suggestion Box” appeared on the wall outside of Tech Lead Keith Stattenfield’s office, with the helpful sign, ”Please leave your suggestions for Mac OS 9 here!” When you put a note into the slot, a whirring sound started, the paper was sucked into the box and a hail of confetti poured out the bottom into a waiting wastebasket.

No Comments »

The old WWDC bingo card was in need of some updating, so here’s one ready to go! Get your pencils out, less than an hour to go!

The new version can also be found here!

No Comments »

Among the variety of things I do, I dabble in web design (not for others, but to support my own efforts). I do most of my implementation in Dreamweaver CS4, which I’ve used since it was “GoLive Studio”, but there are a number of browser-based support tools available for Firefox that can be terrifically helpful.

MeasureIt: Sometimes—as with creating Twitter backgrounds—you need to live within constraints that aren’t of your own making. You can guess-timate, or trial-and-error your way through, but having a nice ruler you can use on Joe Random Website to see how big things are and how far away they are from one another is a lot easier, and less time-consuming. MeasureIt gives you a button in the lower left-hand corner of your browser frame that, when clicked, provides what amounts to a two-dimensional “ruler” that will give you measurement in pixels, points, and other units. Download MeasureIt from here.

Web Developer: The Web Developer extension is made of gold and awesome. It gives you a tool bar and menu which let you do everything from manipulate and view CSS, to working with images, forms and cookies, to validation tools, and a ton of other stuff besides. You need this extension. Download it from here.

FireBug & FirePHP: If you’ve got a PHP site, you know the pain of debugging such stuff. FireBug duplicates much of the functionality of Web Developer (in a perhaps slightly less convenient console form), but adds a network activity monitor, a Javascript debugger and some other cool toys. Where it really shines is when you add FirePHP, an extension aimed at AJAX development, which lets you insert method calls in your remote code to provide information which is displayed on FireBug’s console. Get FireBug from here, and FirePHP from here. (FirePHP requires FireBug as a prerequisite.)

There are a lot of terrific tools and plug-ins for FireFox, and that’s one of its greatest strengths: don’t like what it does, or need it to do more or different? You can, and thankfully, a bunch of talented folks have. We all benefit from their interest and hard work. Thanks to Christoph Dorn (FirePHP), Parakey, Inc. (FireBug), Chris Pederick (Web Developer) and Kevin Freitas (MeasureIt)!

These tools can make your web design and development life a lot easier. Try ‘em out and let me know what you think.

No Comments »

I have managed, over the years, to stake out a bit of a reputation around my office as the guy who’s willing to wade knee-deep into the stuff nobody can quite get their heads completely around. That’s how I wound up, in large part, with the open source-related responsibilities that have been my main area of focus for the past several years.

Accordingly, I got a sort of a gift from my management going into 2010: I’m the official “social media” lead these days, and everyone’s looking to me to figure it out, for the most part. I’ve worked out a few things already, which I believe are helping me, and they might help you, too. Or I might be dead wrong. If so, let me know where you think I’ve gone off the tracks.

One of the keys to succeeding in Twitter, it seems to me—at least in my terms—is in building up first, a solid set of sources of useful and interesting information, and second, a body of folks who are interested in at least reading the things you find interesting, but also (ideally) getting into a more interactive “conversation” around those things.

I’ve come across some tools which, in combination, are proving to be very powerful.

First, Twitter lists. The first inclination I had was to follow everyone and everything that seemed interesting, useful or potentially worthwhile in some way. I now see this as an error. This is what lists are for. I can follow Ars Technica here, or Guy Kawasaki, or Bob Scoble until the cows come home, but it’s not going to make them interact with me. So, I created a list called “News Sources”, added them (and similar feeds and reflectors and such) to it. I can read them all without following a single one. If we do get into a conversation—as I have with a couple of high-profile folks already—I’ll follow them then (as I do with the folks I’ve mentioned). I’ve created similar, topical lists for various areas of interest, and will continue to do so, tinkering with them as need be. An excellent tool.

There’s a philosophical decision about whom one should actually follow. One extreme would seem to be, on the liberal side, to follow anyone who follows you. This ends up entailing a lot of maintenance, it would seem: do you still follow them if the unfollow you? The conservative extreme is to follow only those people you’ve actually met. I’d like to be somewhere in-between, a nice “Middle Way”: I want to follow those with whom I actually have meaningful and useful interactions.

So, second: I’ve found “Friend or Follow” to be very useful in managing folks who I wound up following who aren’t following me back. The display of such folks gives a useful pop-up showing when they last tweeted (so you can remove those who’ve wandered away) and the size of their following (which factors into my judgment on such things, other factors like interaction aside). If they’re interesting, but don’t follow me, I unfollow them and add them to a relevant Twitter list and read them there.

Third and fourth: The best analytical tools I’ve found so far are Twitalyzer and Klout. I use them to take a look at potentially interesting new followers to see if I want to follow them back. Judgments can be made on things like “engagement” and “generosity” on Twitalyzer, which provide an indication of how interactive they are, and how likely to retweet things; on Klout, similar judgments can be made from looking at the “True reach” score on the “Stats” tab. Klout has a nice feature in the form of a four-quadrant breakdown of tweeps into “Casuals”, “Climbers”, “Connectors” and “Personas”, based on audience size and influence. It’s a little rough-and-ready, but it seems pretty indicative, and seems to see through things like large follower counts which turn out to be mostly MLM marketers or bots.

Klout still has some rough edges: they have only added an “Update” capability within the past week, and the “Remember me” checkbox on the login form still doesn’t. That aside, I think it offers some useful capabilities, although at the moment, Twitalyzer is more full-featured.

It’s good—again in my view—to have a healthy follower-to-following relationship. In my terms, that means that (ideally) more people are following me than I’m following back. It’s the 80-20 rule: 20% of the people produce 80% of the valuable content. I want to follow—and interact with—that 20%. If you do, too, this should give you some ideas how to manage it.

1 Comment »