Fastest way to figure out x and y image offsets

Here is an app that will help you quickly visualize x and y image offsets. I think everyone has tried to eyeball offsets by tweaking the x and y a bit, hitting build again (and again) and then viewing your changes. Simply upload your image in the embedded app below and then adjust the sliders until the image is in the right place.

You can download a zip file (5kb) of the code here.

If you don’t see the slider bars in the app below you need to upgrade to a browser that supports HTML5 <input type=’range’> tag, or feel free to download and modify the code.

What do you really want in a future smartphone?

I’m voting for five simple things. Note, we are talking about smartphones here and not tablets. I look at the patent fights and all the junk functionality that is being crammed into the newest SDKs, and as a consumer all that I really want is all of the following bolted into one phone:

  • Significantly better battery life – My current phone won’t make it through a typical work day.
  • Faster battery charging time – My original Google Ion used to charge in less than an hour, my Atrix takes at least 2 hours and usually much longer.
  • Better default keyboard app – I probably make six mistakes typing one average length sentence because the tiny keys are so close together. Some third party apps have figured this out.
  • Better control over the camera app – I would stop carrying a separate camera if I could simply adjust f-stop and aperture.
  • Ability to read my screen in full sunlight with polarized sunglasses on – No chance of that on my current phone.

I’m fairly happy with the operating system software. And, my phone already has plenty of CPU horsepower and memory. It appears that in five short years the smart phone market has matured and the phone vendors are struggling to differentiate themselves. The current phone wars remind me of car ads on TV. Everyone is claiming incremental improvements that make your life better, easier or faster.  However, I propose there hasn’t really been any ground breaking innovation in smartphones since June 29th, 2007.

Now if there was a press release that said in the next version I could heavily use my phone for 3 days straight without a charge…that would get my attention!

What do you want in the next smartphone?

Changing your Twitter password – Bad design or security hole?

When you reset your Twitter password it does not automatically cascade across all of your allowed applications. In other words, ANY Twitter app will continue to function just fine until you manually revoke permissions. Yep…manually. The apps even continue to work after you, say, reboot your phone. However, once you’ve revoked permissions then most apps will prompt you for a new password. More on that at the end of this post.

Why should you care? Because if your Twitter password or your smartphone is ever stolen and you don’t revoke permissions, then the bad guys can continue to use Twitter apps that you approved.

Twitter doesn’t really tell you much about how password changes work. On the password changed acknowledgement page there’s a deceptively mild mannered blurb of text that simply asks if you want to review the applications that can access your account. This is what the page looks like:

Call me crazy, but it seems natural to me that if you change your Global password, that any application using that password should be auto-majically changed as well. The technical answer is contained deep within the Twitter Developer FAQ:

When using OAuth, application connectivity and permissions do not change when a user resets their password on twitter.com. The relationship between Twitter, a user, and a third-party application do not involve a username and password combination. When a Twitter user changes their password, we’ll now ask the user whether they would also like to revoke any of their application authorizations, but any revocations are manually executed by the end user.

My response to this is your average user has no clue about the pros and cons of using OAuth and they most likely don’t really care.

My immediate suggestion to Twitter is that they should provide a “Learn More” link on the password has been changed acknowledgement page that provides informative bullet points on how changing your password affects or doesn’t affect other Twitter applications. They should also include a warning in bold letters that tells you that applications can and will continue to use the old password — until you revoke their access.

Now, full disclosure is that I did get my password stolen and I was, fortunately, able to quickly reset it before any major damage happened. I was lucky. However, it wasn’t until a day later that I had done enough research to know about revoking access on all of my applications. Like I said above: I figured the password change would automatically affect all applications. However, I simply got curious when I noticed my Android Twitter app kept working fine and never asked me for a new password. It was possible the criminals could have still used any of these other applications with my old password. Yikes!

Conclusion. My experience after revoking permissions wasn’t exactly seamless and your mileage may vary (YMMV) depending on how your third party app was built. My Android Twitter application simply appeared to send a tweet with no indication anything was wrong. I only knew it wasn’t sending tweets because I checked using Twitter’s web app. Only after I did a full restart on the phone did the app finally ask for a password. Hmmm.  TweetDeck at least let me know that my tweets failed to send, and within a minute it displayed a dialog box asking for the new password (TweetDeck screenshot below). Also, it’s important to note that after entering the new password Twitter mysteriously un-revoked my access and I could send tweets again.

The good news is that revoking access does immediately shut off an apps ability to send tweets. The so-so news is that once the correct new password was entered, then Twitter mysteriously un-revokes status on the app. This bothered me. I would think if you manually revoke access to an app, then as a security best practice you would also have to manually un-revoke access as well.

So, is this poor design, a security hole or maybe even both?

Resources:

Twitter Developer FAQ – How do password resets affect authorization?

Twitter Application Permissions Model

[Edited 8/26/12] Twitter Help – My account has been compromised