We Have Moved!

I thought I would be able to keep things quiet until I was completely unpacked, but somehow the cat got out of the bag! My new feed was found less than 24 hours after being "live" and although I'm happy about being found, I'm in my sweats eating pizza and it's moving day - and I have COMPANY!

So, what's a few more? Come on over and check out the new digs. Just please don't mind the moving boxes as it will take me a few more days to get settled and unpack the rest of the way. Oh, you don't mind a little pixel dust? Well come on over!

Here is my new address: http://www.techafina.com so please be sure to update your bookmarks and subscriptions: http://feeds.feedburner.com/techafina. And if you're too shy to stop by during the unpacking phase, please be sure to stop by sometime next week!


Image by Duval Guillaume

This Week in Review - Edition #2

Some news from the Home Front! This week Sharon’s Report went through yet another design overhaul. What can I say, I’m indecisive! If you read site updates from your RSS Reader and haven’t been to the site in a while, this is a good time to check it out. Feel free to leave comments about the changes. And, since I'm STILL not sure if I like the design, if you do, or don't, I'd love to hear your thoughts!

In addition to the site redesign, I have now added a Contact Form page so I can be reached easily without sharing my email address with spammers. As a side-note, the workaround with Blogger to have extra “pages” on your blog is to simply create a new post, and link to that post. I used that method to create the contact form “page”, but back dated it to the end of July so it wouldn’t appear as a recent post. Unfortunately, FeedBurner still published it as a feed as though it were a new post (so that should help clear up any confusion you may have about receiving that odd feed)! Also, it's a Blogger tip for you if you just happen to be wondering how to do that, now you know how!

Now, without further ado, here are some great things moving and shaking around the ‘Net this week…

1. Cool Blog Find! TeleRead: Bring the E-Books Home, is a site focused on ebooks of course, in all it’s related context. If you read anything in digital format you’ll want to check out this site.
2.  As I admitted earlier this week, I am a proud owner of a new Kindle. With that in mind, I had to throw in a link for fellow Kindle owners! Check it out: Kindlerama, complete with Kindle Tips & Tricks, accessory reviews, and “how to" information.
3. Like random cool geeky blogs? Pixel Bits is definitely an "interesting" find. I may add this to my Blog Roll (if I ever set one up).
4. Haven't had enough Twitter yet? Want to find more interesting folks to follow near you, or with similar interests? TwitterPacks is a Wiki just for that purpose. I found several cool people to add to my Twitter Network and even added myself to the Dallas section. Wiki's can be quite handy...
5. This week my focus seems to have been on Security, so in keeping with that theme, here is a Beginner's Guide to OpenID Phishing. Like the site owners, I do not in ANY WAY condone phishing in any form, but it is important to know that this exists and be informed.
6. And, You're No One if You're Not on Twitter, because
"...if you haven't been bookmarked, retweeted and blogged, you might as well not have existed..."  This is a seriously catchy tune by Ben Walker.

That takes care of this week, I hope you all have had a wonderful Holiday weekend!

OpenID: Benefits and Risks

By David Rosen  

Last week we defined OpenID. This week we're going to talk about why you might choose (or not choose) to use OpenID.


As promised, let’s discuss the Benefits…

Simplified Login
Single Username and Password for multiple sites. You only have to authenticate to OpenID one time per session. Once you are logged into your OpenID account, OpenID can automatically log you in to the other websites that you visit.

Unique Web Identity
No more wondering if the post by "CowboysFan" on one website is by the same person as "CowboysFan" on another website. OpenID's are unique everywhere.

Information Management
OpenID servers have features such as “information profiles”, that let you control how much personal information each particular site has access to. Some sites might only get your name and email address, while you may allow others to automatically get your full contact information.

Decentralized
Anyone can run their own OpenID server. You're not tied down to any particular company or bound to a proprietary system.

Security
The websites which accept OpenID never get your log in information. That information is only shared with your OpenID server. There is also the benefit of user customizable security level. You can define your own login method (or methods) for OpenID:

• Username and Password - just like normal
• Getting an SMS message that requires you to reply
• Choosing a sequence of pictures
• Receiving a phone call on your cell and pressing a button to allow the authentication
• Finger print scanner, USB Key, RSA tokens, etc...

As you can see, OpenID can make your online experience smoother and easier. It also provides social benefits, such as a unique identifier. Your online identity already spans multiple websites but it no longer has to span multiple names. You can be "you" everywhere. The security benefits of OpenID are nice, too. One of main reasons I use multiple passwords is that I don't want to use the same password for my Online Bank that I use for posting comments on a blog. If the blog was setup incorrectly, then my password could be stolen and used maliciously. With OpenID, neither the blog nor the bank would ever see my password to begin with.

Speaking of security, that brings us to the Risks:

All Your Eggs in One Basket?
If your OpenID account is compromised, you can say "Bye, bye Humpty Dumpty" because everything tied to it is now gone.

Unique Web Identity
Overheard in the breakroom, "Hey look! I just found Bob's OpenID posted on a personal ad at www.TranssexualNaziEskimos.com!" 

Decentralized
Multiple points of failure: If your OpenID server has an outage, you can no longer log in to all the sites that use it.

Security
Phishing attacks now are a primary threat.

This list might be small, but the items on it are big. Some of the obvious solutions to the issues here break the features presented above. Don't like having all of your eggs in one basket? Just create multiple OpenID accounts. It's not the end of the world, but it does start to erode on a major selling point, the convenience factor. The most negative point here is Security. OpenID is a ripe target for phishers. "Phishing" is the process of attempting to trick users into just over their usernames and passwords, or other sensitive information. How? Come back next week for final segment of OpenID Explained, discussing the phishing risk in greater detail.

Read Any Good eBooks Lately?

I did it. I finally bit the bullet and bought an Amazon Kindle. The Kindle caught my interest when rumors first broke about it’s upcoming debut, and now that it has been available for several months I decided it was time to take another look.

If you are not familiar with the Kindle, it is an electronic reading device, but it has a special e-ink screen that make your eyes feel like they are reading from paper, not a lit screen. My BlackBerry makes a decent reading platform, but not a GREAT one. I enjoy reading in short spurts on it (as mentioned previously, I am seriously addicted to Viigo) – but the backlit screen is just not comfortable for extended periods of reading.
 
Moving toward a digital library is becoming easier as time goes by, as every day more and more books are being released in the digital format. Most Classics are free, and there is a large selection of ebooks available in a variety of formats. Although Kindle Books (purchased through Amazon) are tied to a single Amazon account, more than one device can be managed by an account to allow content sharing. This isn’t a perfect situation, as sharing only applies to books, not subscriptions such as blogs, magazines, or newspapers – and “Amazon Recommendations” will no longer be geared toward YOUR reading preferences. The slight problems aside, I am absolutely adoring my new Kindle, and I can say in earnest it really is as cool as everyone says it is. Reading on the Kindle feels equivalent to reading newsprint but ink smudges are a thing of the past.
If you are looking to add ebooks to your digital collection, here are a few links to get you started:

• http://www.freekindlebooks.org/
• http://manybooks.net/ or http://mnybks.net
• http://www.feedbooks.com/

Happy Reading!
Image credits: Kindle by John Pastor, Books by Manu M

Welcome, and Thank You!

I want to take a moment and point out that last night’s What is OpenID article was NOT written by me. If you read it quickly you may not have noticed that the name David Rosen is the name in the byline! Yes, I managed to convince my husband to be on occasional guest author here on Sharon’s Report, so please give him a hardy welcome and show your support! He has a follow up post in the works, and another article or two up his sleeve. Welcome Dave, and thank you for highlighting OpenID for us and kicking off some well needed focus to web security.

What is OpenID?

By David Rosen

If you have signed up for a new service recently, you may have noticed an option to use something called OpenID. You may have noticed that it is an option when you log in to Plaxo, LiveJournal, or WordPress. You may have heard that AOL and Yahoo are now OpenID providers. Many OpenID sites extol the virtues and benefits that come with it... "Only password to remember!" "Decentralized!" "Open Source!" "Establish your identity anywhere and everywhere!" But they all tend to explain only the benefits of OpenID rather than what it actually IS. Today we're going to answer the question, What is OpenID?

First a quick digression: What is authentication? Normally, to login to your account at a website, you first identify yourself with a username, and then you prove that you own it by providing a password. This process is "Authentication." It doesn't have anything to with your Plaxo contacts, your Blogger profile, or your Flickr pictures. Authentication is claiming that an identity is yours (username) and proving it (password).

There are many of ways to authenticate to a system besides usernames and passwords, you use some of them already. Need an example? Think about getting money from an ATM. First you claim who you are by providing your ATM Card. Next you prove it by entering the PIN (a 4-digit password).

There also methods of authentication that don't directly require passwords at all. In fact this occurs almost every time you sign up for a new account online. Say you're signing up for an account at Plaxo.com... At some point you claim that an email address (an identity) is yours, by entering it into the sign up form, and then you have to prove that it is indeed yours. How do you do that? By going to your email, logging in and receiving an email with a secret code to enter or a secret link to click. You have now authenticated your email identity without ever having to hand over your Gmail password to Plaxo. NOTE: Your email username and password were still required indirectly. You had to enter them to check your email, but your email password was never entered at Plaxo.com.

Now back to the real question: What is OpenID?
OpenID is just another method of authenticating yourself - one that is similar to the email registration example above, but more automated. With OpenID your identity is a Website rather than an Email address or a Username. You first claim that you own a website (an identity), and then you have to prove it. But, just like in the email registration example, you never directly hand over the username and password to your OpenID website. So how do you prove you own it? Same method as in the email example, you go to your OpenID and log in. But in this more automated version, the service you to want to use (Plaxo.com for example), automatically redirects you to your OpenID website. Then, instead of having to click a secret link or type in a secret code to prove you logged in, the OpenID website itself simply tells the requesting service (Plaxo) whether you passed or failed authentication.

Need a concrete example? Here is a simplified version of what happens when I want to log in to my Plaxo.com account:
Step 1. I go to Plaxo.com and choose the option to Sign in with OpenID
Step 2. I type in "https://dnszero.myopenid.com" and hit enter
Step 3. Plaxo sends me to my OpenId site (www.myopenid.com) to login
Step 4. I login at myOpenID.com
Step 5. myOpenID.com send me back to Plaxo.com, and tells Plaxo.com whether I passed or failed authentication

Still wondering what the benefit is here? It's two-fold: First, I can use dnszero.myopenid.com to log in everywhere that OpenID is accepted. No more having to remember 8 usernames and 6 passwords. Second, these websites that I log into never touch or even see my password. I don't have to worry that a flaw in one website's security will compromise my password (the same password I use to log in everywhere, in this case).
Pure bliss, right? Maybe, maybe not. Come back next week and we'll touch on some of the benefits and some of the major flaws.

Image Credit: Photo by Konrad Mostert

Person David Rosen

Right click for SmartMenu shortcuts

Twitter: See the Other Side of the Conversation

Twitter previously had a function that allowed you to click on the profile of someone and see their replies. I’m not sure when that feature disappeared, but it leaves people at a loss when seeing only part of the conversation come through to their stream. That happens if they are following you, but not your friend who you just replied back to on Twitter.

The Replies tab was useful to clue you in on the other half of the conversation, if you were curious enough to take a look. Earlier today, I came across @Pistachio and noticed that she is using a GREAT work-around for Twitter’s missing feature! In her Bio, she has added a link to her replies on http://search.twitter.com. That’s fantastic! I immediately copied her methods and did the same for myself, and at the same time noticed a new search feature in action. The ability to use a “threaded view” was added to Twitter Search a few weeks ago but I didn’t pay too much attention to it at the time.

To see the beauty of the threaded views, take a look at this example. I do not know @danhounshell, and do not receive his Tweets. Therefore, I didn’t know what @JamesShaw was specifically replying to (aside from the fact that his Tweet makes sense, but let’s pretend it didn’t for the moment). Out of five Tweets, the only one I saw was the one that had my name (@SharnAtlanta) in it. Take a look at the screenshot below.
 


Now, when we click the “Show Conversation” link below the Tweet, we see the entire threaded conversation! I can now see:



And voila! You can now see BOTH sides of the conversation! I hope this features becomes a regular part of Twitter.com! In the meantime, be sure to bookmark Twitter Search for future reference and insight to those one-sided conversations.