‘Tis the season as they say. No, not THAT season - I mean it’s Fall. Along with Fall comes the realization that many of my clothes from last year are worn out and need to be replaced. Next comes the ultimate chore – clothes shopping. I hate shopping. No, I mean I REALLY hate clothes shopping.

Men have no idea what it’s like trying to figure out what size each item is (which varies by store, as well as season, not to mention what is “in”), they have the pleasure of just dealing with measurements. I know I wear a variety of sizes between not only the number size, but then the style, and let’s not forget height. The definition of Petite by clothing manufactures is shorter than 5’3.” That’s just great for me because I am 5’3” which means a good part of the time Petite clothing is too short for me and “regular” sizes are too long. Next there is the option between Misses, Women’s, and Juniors. So you see, the variables expand at an exponential rate, and all I want to do is get what I need and move on, not try on six different versions of one item.

Is this just a normal rant? NO! You may have noticed before that I tag some blog entries with “Feature Requests” and that’s what this is semi-rant is about. I would love to see the following…

I would like to go into a local store and have myself scanned. Think of it as an x-ray, or perhaps something along the lines of a Motion Capture suit, like what Andy Serkis wore during the filming of The Lord of the Rings. Next, I’d like to be able to shop for my clothes online with any retailer I wish, and at the start of the session be able to click on my linked 3D-self (which of course my retailer would support) and move along with my shopping. This 3D image would then give me an option to “try on” a variety of clothing and styles, all virtually, from the comfort of my desk chair and the ease of a few clicks. Even better, my options would automatically be limited to only show me what would fit me, based on my 3D-Me. I could then order the items that fit and reduce the chance of having to return 80% of my order. This would actually make shopping much easier, faster, and, maybe even encourage me to “try on” more than I came to the store to purchase since I wouldn’t be worn out from trying on twenty different pairs of jeans.

Every year I would go back to my local 3D-Me store for a rescan to update my virtual self. Of course, I realize there are some software challenges to resolve, but can you imagine? Yes, 3D-Me please! Image by Cayusa

Aging issues and discussions are often avoided as they are seen as depressing, perhaps rude (who wants to acknowledge they are aging?) and just not very fun to talk about. Recently my family was facing some “end-of-life” decisions as my grandmother’s health declined at such a rapid pace that the entire family was discussing how to handle “things.” She said her goodbye’s and requested that all of her medications be stopped, her IV discontinued, and just wanted to be let go. Of course being my grandmother (of incredibly strong will), that didn’t really stop anything at all and she is doing quite well now, months later, and will be around for years to come. That aside, it brought up a lot of delicate discussions. Hard to believe since this woman is nearing 90…

When do we discuss aging? If we don’t discuss it in the early years along with proactive, preventative measures, what can we possibly discuss in our elder years other than reactive? I remember my grandfather put up an enormous fight over giving up his car keys, and later was seen driving his motor scooter down the street with a flash light tied the front… But again, I digress.

Is anything being done to improve “quality of life” of the elder community BEFORE they get to a stage where “matters need to be discussed?”

I came across some news this past week about a program that is being piloted to allow older drivers reduced car insurance. Allstate has a plan in the works that would offer clients aged 50-75, discounts in exchange for GAMING! Gaming often receives a bad rap for being a waste of time, instigating violent behaviors, or just whatever-negative-reasoning-someone-can-create. The truth is that gaming increases cognitive behavior and response time and is an excellent way to rejuvenate the mind.

The news of Allstate’s program is what I hope to be the first of many such ingenious ways to discuss aging matters, improve quality of life of those currently in the “Baby Boomer phase” and simply bring attention to an aspect of life that usually receives a “shhh” response.

Now, what does this have to do with “Geeks & Gamers?” It’s simple… how many assisted living homes have Themes? None that I’ve come across. There are the standard services offered along with nursing care and different levels of assistance and monitoring. What about activities? How many assisted living homes provide the option for those to live with other people who have common interests? I picture assisted living homes like college dorms, but they are nothing like that at all. Why not?

Forget arts & crafts, shuffle board, and Mahjong. I want to see assisted living homes have themes, and most importantly, when it’s time – I want to live with the geeks and gamers. I’d like to spend my evenings in the common room playing D&D, Magic the Gathering, or whatever MMO (Massively Multiplayer Online game) is popular in 40 years so I can play alongside my friends in other parts of the country.

What about you? What do you want to see change?

Tired of your day job? Not enough credit for the heroic work you accomplish? No need to wait for a mid-life crisis! Bad Horse is here for you and just what you need to spice things up a bit.

Take a chance. Be brave. Be evil. Apply to the Evil League of Evil and don’t tell your co-workers! This is your chance to take a stand against the oppression of Heroes and everything they represent.

Need to refresh your memory (or catch up on what all this Evil speak is about)? You can view Dr. Horrible’s Sing-Along Blog for free on Hulu.

Once you apply, you are welcome to add a link to your video application in the comments of this post. Techafina will be proud to help promote your application!

Remember… “make the Bad Horse gleeful, or he’ll make you his mare!”

Thousands of people are under the misconception that the Holiday Season begins with  Halloween. Of course, those same people may be baffled when their family, friends, and colleagues color their speech with odd sayings on September 19th every year.

Today, I’m going to set the record straight regarding the REAL kickoff to the Holiday Season, as well as make sure YOU are ready to celebrate like true pirates!

To begin with the beginning, a history lesson is in order. If you have never heard of Talk Like a Pirate Day, the quick back story is this: two dudes slipped into pirate lingo one day and decided there was a need for worldwide holiday to enjoy such endeavors. Thus, a new holiday was born (all with a little a help from Dave Barry). If you’d the more detailed version, feel free to take a moment and learn how it all began. Of course, come back here to learn how to properly celebrate this auspicious holiday!

Now, how to celebrate! Be sure you are up to speed on all your pirate lingo. At the very least throw around an Arr or Avast and absolutely an Amatey! And don’t forget about Heave Ho, Jolly Roger (the pirate’s flag) and  Shiver me timbers! If you want to see the Pirate Guys (Cap’n Slappy and Ol’ Chumbucket) show you an example, just head on over to YouTube.  Another great resource is the wikiHow article “How to Talk Like a Pirate,” complete with vocabulary usage and video (that eerily reminds me of a 1960’s Driver’s Ed video - but I think that’s the point).  And, last but not least, know what NOT to say on Talk Like a Pirate Day…

I think that about covers it! Hopefully now you can be well prepared to properly celebrate Talk Like a Pirate Day in all it’s glory this Friday, September 19th, 2008!

P.S. By doing your part to increase pirate activity, you are helping to decrease global warming! To learn more about this matter, check out The Gospel of the Flying Spaghetti Monster from Amazon.

P.P.S. Techafina takes no stance in the Pirates vs. Ninjas conflict and will give equal press time to Stalk Like a Ninja Day on December 5th.

Photo credit: http://www.talklikeapirate.com

There are many reasons people start a blog; to share information, teach, have a voice in the community, provide a sounding board for feedback, journal, you name it – the reasons are endless.

Regardless of WHY you blog, one very important underlying goal that you may not be aware of, is to continue to improve as a blogger. That need is there every time you check your traffic statistics, ask for feedback to a particular post, or consider changing the elements that are present on your blog. In the back of your mind you are wondering if change is good, will it help bring readers, anger loyal readers, deter people from staying long enough to read, or worse yet – will it prevent comments.

It’s important to stay in touch with the vibe of the blogging community, know what people are looking for in a blog, and, how to deliver it.

To stay in the blogging loop, I subscribe to more sites than I can possibly keep up with, but that works to remind me that my goal is never-ending. So instead of a Weekly Review of on goings around the ‘Net from this past week, here are some of the tools from my blogging toolbox.

1. Daily Blog Tips - http://www.dailyblogtips.com/
2. Copyblogger - http://www.copyblogger.com/
3. Personal Branding Blog - http://personalbrandingblog.wordpress.com/
4. ProBlogger - http://www.problogger.net
5. Smashing Magazine - http://www.smashingmagazine.com/
6. ConverStations - http://www.converstations.com/
7. the Blog Herald - http://www.blogherald.com/
8. LifeHacker - http://lifehacker.com/
9. stock.xchng - http://www.sxc.hu/ (free stock photography – just remember to attribute the photographer)
10. Flickr - http://flickr.com/search/advanced/ use the Advanced Search to find pictures with the Creative Commons license so you can use them for free (with attribution to the photographer)

And don’t forget your Blogger Punch List! Just like you need to change your light bulbs, replace batteries, and check your air filters – don’t forget your Blog needs routine maintenance too!

Do you subscribe to your own RSS feed so you see what your feed readers see? Does the “Subscribe Now!” link work? Better yet, pretend to view your site for the very first time – what do you see? Does anything need to change? Can you leave a comment on your latest article? Can a reader contact you?

Create your own punch list and make sure you go through the list on a regular basis.

Image Credits: Pencil Cup by JakeTse and To Do List by Stompy

By David Rosen

Here at last, is the final installment in our 3 part discussion of OpenID. In Part 1 we answered the question, “What is OpenID?” In Part 2 we looked at the benefits and risks that come with using OpenID. Today in Part 3, we’re going to finish our discussion of OpenID by taking a closer look at one of it’s greatest vulnerabilities. Phishing.

Before we delve into how Phishing applies to OpenID, let’s first take a look at a traditional Phishing example:

You check your email and find a (phony) email saying, “Your credit card will be closed unless you log in now to verify our records!!!! Click here to log in and verify your account now!” The phony email very helpfully presents a hyperlink to take you (supposedly) to your Credit Card Company’s website. In actuality, the link takes you a phony site which LOOKS just like your normal Credit Card login page but with one minor difference: the URL bar has the wrong address. If you fail to notice this one difference, then upon entering your username and password, the phisher will now have full access to your Credit Card account.

There are a few key hurdles the phisher has to overcome in order for this attack to be successful:

1. The email has to be convincing enough to get your attention, but not so over-the-top as to appear phony.
2. You have to actually click the link provided in the email.
3. The phishers have to guess which Credit Card Company login page to mimic (American Express looks different than Visa, etc).
4. The URL must be good enough to fool you. It must either be similar to the real thing, hidden, or obscured.

If, at any one of these steps, you get suspicious enough to not enter your username and password, then the phisher loses.

OpenID makes this process far easier, for the phisher, by completely eliminating the first 3 of these obstacles. How can this be? Take a look at the following OpenID phishing example:

While researching woodworking, you find a nice set of plans for a workbench at www.EvilWoodWorkers.com. The plans are free to download once you create a login for the site. Luckily, they accept OpenID logins, so you won’t have to waste a bunch of time filling stuff in. You click login and then follow the instructions to enter your OpenID URL. Unbeknown to you, instead of redirecting you to your OpenID login page, EvilWoodWorkers.com simply follows the URL, and copies your login page, on the fly, to their own phishing server, which happens to have a long, unpronounceable URL. This server logs everything you type to a handy, searchable Database (based on EvilSQL 2.0). You, however, simply find yourself staring at an exact replica of your normal login page that you’ve seen a thousand times, aside from the URL. And instead of looking at that long and unpronounceable URL, your eyes gravitate to the slowly blinking cursor which is waiting patiently for you type in your username and password. The muscle memory in your fingers takes care of typing out the login details. You hit enter. You download your Work Bench Plans for free. A week later, you log back in and leave a comment thanking EvilWoodWorkers.com for the nicely done PDF.

Alas, the fly in the sauce here, is that the Phisher’s Database now contains your OpenID URL, your OpenID Username, and your OpenID password. They have obtained, with elegance and style, the keys to your castle.

Everything that you use OpenID for now belongs to the Phisher.

How can this be? Why? The key point of failure in the above OpenID example is the redirection process. Normally (without OpenID), when you log in to a website, say Visa.com, you enter your username and password on a page hosted somewhere on that company’s domain. If you went to log in to Visa.com, and it redirected to you to some other website, with a totally different design, a different URL, and a different name, then you would be pretty darn suspicious that something phishy was going on. However, with OpenID, being redirected like that is simply business as usual. OpenID trusts the 3rd party site (Visa.com in this case) to redirect you to your OpenID provider’s log in page. That trust is the key flaw which upon which phishers will prey. The fact that you have to trust a criminal with part of the log in process is what causes this to be such a catastrophic vulnerability in OpenID.

Obviously, not every site is run by thieves. The real downside here is how do you know which is which? Since OpenID uses the same log in info everywhere, if the 99th site you log in to hits you with a successful phishing attack, then every previous (and future) site is now compromised as well.

OpenID is not without benefits, though. As we discussed previously, OpenID can potentially streamline and simplify the log in and sign up processes at supported websites. The potential conveniences it offers are definitely attractive.

Would I use OpenID? Sure. Given a couple caveats:

1. I only intended to use OpenID at low value sites
2. I only use https OpenID URL’s in order to minimize the risk of phishing
3. I only use OpenID at sites with which I already have a trust relationship

OpenID stands to improve considerably as it progresses. Perhaps the best part about OpenID is that it’s Open Source. It’s development is shaped and directed by the community which uses it.

The bottom line:
If you’re an early adopter who like to play with new toys and you have a good eye for security issues (or a extremely high risk tolerance), then OpenID is a great playground.

If you are just looking to make your online life easier and more streamlined, then stay away from OpenID for now. It’s not ready for prime time yet, and even though it seems like we’ve talked about some nasty looking flaws, there are likely even more problems yet to be uncovered.

Remember that horrible writer’s strike that the Writer’s Guild subjected us all to? Of course you do! If you watched any regular programming during last year’s television season, your shows were disrupted and TV pretty much came to a standstill.

During that awful time, a group of very creative guys (the Whedon brothers) wrote a comical  musical for Internet distribution only. The idea was to entertain, provide something of worth for those of us starving for new content, and simply crack a joke or two. This musical was available for free to watch streaming from the web site for several weeks and is now available on iTunes for a mere $1.99 per episode or $4.99 for the season pass to all three.

What am I talking about? Why, Dr. Horrible’s Sing-Along Blog of course! I know, I know, this isn’t “new” – but did YOU already know about it? If not, you’ve got to do yourself a favor and take 43 minutes to enjoy this wonderful creation. You’ll find yourself humming the tunes, and later, reaching to watch it again and again. Catchy, it is. And hey, if you’ve already seen it, isn’t it time to watch it again?

1. Blogger is a Turnkey solution. Once you sign up, you simply choose a blog name and a template, and you’re good to go! You can even rename your blog, giving it a new website address, if you decide you like a different name better without having to create a new account.

2. There are 16 preset templates to choose from, including some that have multiple variations bringing the template choice up to 38! This includes only what Blogger provides, but you can find plenty of other templates in a variety of locations. Plus, you can change anything you want with the template, and use a pre-existing one as a skeleton from which to build. Let me explain…

3. Want to change the color scheme of your template without messing with the code? You can point and click your way through a color makeover, and preview your changes as you make them without making any commitments. Easy changes without knowing a lick of HTML!

4. If hands-on code is what you want, you can do that too!  Change how much or how little you like, even change from two columns to three! Click Preview to load the page in a new tab or window so you can see exactly what things will look before saving. Don’t like the changes? No problem – nothing will change until you hit “Save Template.”

The HTML and CSS are together in the same file, so all the code you need to make a fantastic looking site is all there, in one place. If you’re under the impression that you can’t make a great look site with Blogger, take a look at The Blog of Doug Cloud. Doug’s site is a wonderful example of just how much you can customize your Blogger Blog. Go ahead, drool on his site a bit, he won’t mind.

5. Now let’s say you want to add some interactive features to your site. MyBlogLog is a great example.

You can hop on over to MyBlogLog, create an account, and gather the appropriate code to copy/paste into Blogger. Once you have the code copied, head back to your Blogger Dashboard and go to Layout, then Page Elements and click Add a Gadget. Simply choose the HTML/JavaScript gadget and paste the code from MyBlogLog into the Content box and Save. That’s it! No scripts, downloads, or plugins required.

6. Want to add other elements to your Blog? Take a look through the Add a Gadget options as there are plenty from which to choose. You can add Link Lists, Blogrolls, Pictures, RSS feeds, Adsense, HTML/JavaScript (for MyBlogLog, Google Reader, and others), etc. The options are practically endless. Once the item is on your Dashboard you can reposition it with ease, as all the elements on your Dashboard move by way of “Click and Drag.” Below is an example what my Dashboard looks like on a test site (click to see a larger version of the image). The entire page layout is there for you to re-arrange at ease, and allow you to keep the overall site structure in mind.

7. Now that you have your Blog up and running with all the gadgets you could possibly want, you may find yourself bored with your current layout. After all, change can be fun. One quick and easy way to spice up your site is to change your template. One of my favorite resources for Blogger templates is http://www.ourblogtemplates.com/. Their templates look good and work as expected. You can also take a look at http://btemplates.com/ or http://blogger-templates.blogspot.com/ or simply search on Google for more Blogger Templates. There are hundreds of free designs to choose from, you just need to go out and find them. You can upload the template directly to your site or create a test blog hidden from everyone but you so you can play around with templates and changes without worries until you know exactly which design you want to use.

8. You can of course do all of your writing directly in Blogger, but you can also use software that may make the job a little easier. Windows Live Writer is what I prefer, and it’s such a fantastic tool, I can’t believe it’s free. The best feature of this software is being able to edit images (add borders, drop shadows, etc.) as you go - no need to switch to a different software application. Windows Live Writer will also upload the pictures along with the post, so all in all, it’s a very handy tool.

9. Automatic Software Updates! This could be a negative depending on your philosophy, but I see it as a positive. Blogger makes updates seamless so you don’t have worry about staying on top of patches and updates.

10. The Blogger community. There are MANY Blogger sites out there, but there are two that stand above the rest. Blogger Buster and Tips for New Bloggers will keep you busy tweaking your site as you continue to learn all the cool and wonderful things you can do with Blogger. These sites are definite “must bookmark/subscribe”. I wish I could highlight all the wonderful things these two sites provide, but there is just too much there and not enough time.

So there you have it. 10 Things You May Not Know About Blogger – in a nutshell.

Some news from the Home Front! This week Sharon’s Report Techafina went through yet another design overhaul. What can I say, I’m indecisive! If you read site updates from your RSS Reader and haven’t been to the site in a while, this is a good time to check it out. Feel free to leave comments about the changes. And, since I’m STILL not sure if I like the design, if you do, or don’t, I’d love to hear your thoughts!

In addition to the site redesign, I have now added a Contact Form page so I can be reached easily without sharing my email address with spammers. As a side-note, the workaround with Blogger to have extra “pages” on your blog is to simply create a new post, and link to that post. I used that method to create the contact form “page”, but back dated it to the end of July so it wouldn’t appear as a recent post. Unfortunately, FeedBurner still published it as a feed as though it were a new post (so that should help clear up any confusion you may have about receiving that odd feed)! Also, it’s a Blogger tip for you if you just happen to be wondering how to do that, now you know how!

The portion above is now slightly irrelevant, as I switched from Blogger to Wordpress. Why? I’ll explain that in another post… (8/31/08)

Now, without further ado, here are some great things moving and shaking around the ‘Net this week…

1. Cool Blog Find! TeleRead: Bring the E-Books Home, is a site focused on ebooks of course, in all it’s related context. If you read anything in digital format you’ll want to check out this site.

2.  As I admitted earlier this week, I am a proud owner of a new Kindle. With that in mind, I had to throw in a link for fellow Kindle owners! Check it out: Kindlerama, complete with Kindle Tips & Tricks, accessory reviews, and “how to” information.

3. Like random cool geeky blogs? Pixel Bits is definitely an “interesting” find. I may add this to my Blog Roll (if I ever set one up).

4. Haven’t had enough Twitter yet? Want to find more interesting folks to follow near you, or with similar interests? TwitterPacks is a Wiki just for that purpose. I found several cool people to add to my Twitter Network and even added myself to the Dallas section. Wiki’s can be quite handy…

5. This week my focus seems to have been on Security, so in keeping with that theme, here is a Beginner’s Guide to OpenID Phishing. Like the site owners, I do not in ANY WAY condone phishing in any form, but it is important to know that this exists and be informed.

6. And, You’re No One if You’re Not on Twitter, because

“…if you haven’t been bookmarked, retweeted and blogged, you might as well not have existed…”  This is a seriously catchy tune by Ben Walker.

That takes care of this week, I hope you all have had a wonderful Holiday weekend!

By David Rosen

Last week we defined OpenID. This week we’re going to talk about why you might choose (or not choose) to use OpenID.

As promised, let’s discuss the Benefits…

Simplified Login
Single Username and Password for multiple sites. You only have to authenticate to OpenID one time per session. Once you are logged into your OpenID account, OpenID can automatically log you in to the other websites that you visit.

Unique Web Identity
No more wondering if the post by “CowboysFan” on one website is by the same person as “CowboysFan” on another website. OpenID’s are unique everywhere.

Information Management
OpenID servers have features such as “information profiles”, that let you control how much personal information each particular site has access to. Some sites might only get your name and email address, while you may allow others to automatically get your full contact information.

Decentralized
Anyone can run their own OpenID server. You’re not tied down to any particular company or bound to a proprietary system.

Security
The websites which accept OpenID never get your log in information. That information is only shared with your OpenID server. There is also the benefit of user customizable security level. You can define your own login method (or methods) for OpenID:

• Username and Password - just like normal
• Getting an SMS message that requires you to reply
• Choosing a sequence of pictures
• Receiving a phone call on your cell and pressing a button to allow the authentication
• Finger print scanner, USB Key, RSA tokens, etc…

As you can see, OpenID can make your online experience smoother and easier. It also provides social benefits, such as a unique identifier. Your online identity already spans multiple websites but it no longer has to span multiple names. You can be “you” everywhere. The security benefits of OpenID are nice, too. One of main reasons I use multiple passwords is that I don’t want to use the same password for my Online Bank that I use for posting comments on a blog. If the blog was setup incorrectly, then my password could be stolen and used maliciously. With OpenID, neither the blog nor the bank would ever see my password to begin with.

Speaking of security, that brings us to the Risks:

All Your Eggs in One Basket?
If your OpenID account is compromised, you can say “Bye, bye Humpty Dumpty” because everything tied to it is now gone.

Unique Web Identity
Overheard in the breakroom, “Hey look! I just found Bob’s OpenID posted on a personal ad at www.TranssexualNaziEskimos.com!”

Decentralized
Multiple points of failure: If your OpenID server has an outage, you can no longer log in to all the sites that use it.

Security
Phishing attacks now are a primary threat.

This list might be small, but the items on it are big. Some of the obvious solutions to the issues here break the features presented above. Don’t like having all of your eggs in one basket? Just create multiple OpenID accounts. It’s not the end of the world, but it does start to erode on a major selling point, the convenience factor. The most negative point here is Security. OpenID is a ripe target for phishers. “Phishing” is the process of attempting to trick users into just over their usernames and passwords, or other sensitive information. How? Come back next week for final segment of OpenID Explained, discussing the phishing risk in greater detail.