Whenever someone tells me about their startup idea I immediately start brainstorming. Different product features, customer acquisition strategies, etc. That’s how my mind works and I believe that’s true for most entrepreneurs. We can’t help but come up with ideas.
Lately though, I try to take the opposite approach and ask what the core idea is. Coming up with ideas is easy, especially if you’re not the one having to build them. What is difficult though is defining the core idea. So the next time someone tells you about their startup idea don’t give them a list of additional ideas (which they probably have already thought about anyway), but help them understand what their unique value proposition is and what a stripped down 1.0 release could look like.
Strijp.is is a platform showcasing and connecting creative professionals from Strijp-S, Eindhoven and the surrounding area. Strijp-S is Philips’ former industrial site now being developed into a living and working area for creative people and institutions.
Meetups, conferences, network events are all great ways to meet new people in your industry, but it can be difficult filtering out the people most relevant to you. Here’s a great trick to have these people come to you:
At the start of a networking event there’s often a few presentations. Usually there’s time for Q&A or a speaker might actually ask the audience a question. Most people don’t engage, but what I try to do is ask (or answer) at least one insightful question that lets people know who you are.
You don’t want to be that douche that tells his whole life story before finally asking the question, but it’s perfectly reasonable to give a one-sentence description of who you are or what you do. Make the sentence something bold, memorable and intriguing. The line I used yesterday was "I help startups get their first 500 customers" referring to my goals with Beta List. Notice how it’s different from “I’m the founder of Beta List" which is meaningless, unless people would already know about Beta List which wasn’t the case here.
After the presentation (or workshop in this specific example) multiple people approached me to learn more about what I do and we had some great talks.
It’s an obvious trick, but powerful nonetheless. Give it a try.
The interesting thing here is that Bitcoin isn’t set in stone to forever exist exactly as it does today — it depends on the majority of miners not modifying the protocol. I’m talking about what’s essentially a 51% attack, but rather than it being performed by a malicious party, what if a technical/political decision with very strong opinions on both sides had to be made? It would be like a democracy where those with the most computing power win.[Emphasis mine]
TL;DR: If you grant random apps full access to your Dropbox folder and aren’t cautious whenever entering your 1Password’s master password, someone might be able access all your passwords your 1Password keychain.
Two of my favorite apps I use daily are Dropbox and 1Password. The former needs no introduction, the latter lets you manage all your different passwords in a secure and accessible way.
Although not a security flaw inherent to either of these apps I think I might have come up with a way to grab someone’s 1Password keychain (which is an encrypted database of all their passwords) and their master password which is considered top secret and is used to encrypt and decrypt the keychain.
1. Getting the 1Password keychain:
The attacker creates a fake, enticing web app which supposedly requires full Dropbox access to do its work. A lot of web services ask for this so it doesn’t seem too strange for a new web app to do as well.
With full access to the victim’s Dropbox folder the attacker is now able to download the (encrypted) 1Password keychain. This only works if the victim is using Dropbox to sync his/her keychain, which a lot of people do and is actually a recommended by Agilebits, the creator of 1Password, if you like to sync your passwords across different devices.
2. Getting the Master Password:
Getting the password is a little bit trickier, but here’s what I came up with: If the victim has the 1Password browser plugin installed anytime he signs up for a new website the plugin will ask whether it should save the account information to 1Password via a small bar that pops up at the top of the website. If the victim hasn’t logged in to 1Password for a while he’s prompted to first enter his master password for security reasons. (You wouldn’t want anyone with access to your computer be able to add accounts when you’re grabbing a coffee or whatever). Here’s the design flaw though: That little bar that popups and asks for your master password can easily be replicated by the attacker and be embedded in the site. The unsuspecting victim wouldn’t know the difference and would be entering their master password which gets submitted to the attacker whom is now able to decrypt the 1Password keychain and has access to all the victim’s different passwords.
I’m not a security expert and I haven’t tried it, but I don’t see why this wouldn’t work. I’d love to hear from anyone that is more experienced in this subject matter.
For now though, I recommend not granting access to your full Dropbox folder to any site or app unless you 100% trust them and their own security. Also be wary whenever you’re entering your master password.
For what it’s worth I don’t think it’s fair to put too much blame on Agilebits for this as users shouldn’t be granting people access to their keychains anyway. That said, I contacted Agilebits and they are aware of the issue and have been looking into it.
I’m seeing tons of mockup/prototype services lately, but I just had a brief email exchange with one of the founders of Marvel and he got a great answer to what sets them apart from the rest.
I’m not sure how ‘secret’ their approach is, but since they don’t describe on their own homepage yet I’m going to refrain from getting into any details. If you’re a designer just subscribe to their mailing list to get notified then they launch.
Often times while writing an email, tweet or blog post I find myself needing the homepage link of a specific product, company or person. For example in my previous post about Alfred you’ll notice I linked to some of its alternatives as well.
I used to do a quick Google search whenever I needed a link while writing, but I recently created a simple TextExpander snippet which does the work for me. Here’s how it works:
I select and copy (⌘C) the name of whatever I want a link to.
I type /url wherever I want the URL to appear.
TextExpander goes and replaces it with the URL of the first search results it finds for that name.
Although doing a quick Google search isn’t that time consuming, it’s unnecessary and disturbs the writing flow which is why I love using this new snippet.
Strijp.is will be a showcase of creative talent from the Strijp-S area in Eindhoven, the Netherlands. Philips’ former industrial site now being developed into a living and working area for creative people and institutions.
Even though I don’t live in Strijp-S (yet?) I’m keeping a close eye on its developments as they got some really innovative plans. What better way to keep an eye on something than create a platform for it?