March, 2010

ThoughtsComments Off
31
Mar 10

Mac OS X Must-Haves

Jon recently got a Mac laptop at work, and asked me for recommendations, apps that are “must haves.” I’ve been meaning to write about this for a while anyway, because I’m asked this question a few times a year.

My top picks

LaunchBar

LaunchBar is the ultimate Batman utility belt for your Mac. It’s difficult to concisely describe what it does, but I’ll try: you hit a key combo to bring up a small bar at the top of your screen, and with a few keystrokes you can find and run applications, locate and open files, contacts, or bookmarks, execute dozens (hundreds?) of commands doing all sorts of things, search Google and other services, control iTunes, and even do math. You can even add your own commands.

The only way to really understand why LaunchBar is great is to try it. There’s a free 30-day trial download; after that you have to buy a license. I’ve seen people balk at the price for what they consider a “basic” utility. I use LaunchBar easily fifty times a day, so I consider the price a bargain.

LaunchBar is powerful and full of surprises and functionality. I may write more about it another time.

If you’ve heard of Quicksilver, let me put it this way: LaunchBar is like Quicksilver, but without all the slowness, bugs, and developer abandonment.

1Password

1Password is a versatile vault for all kinds of information. Passwords, credit card info, random notes, software licenses, anything you want. It ties into most browsers and lets you auto-fill logins on sites. It also has an easy-to-use random password creator built in.

Here’s how I use 1Password when I set up a new account on a site.

  1. I use 1Password’s random password generator to create a randomized, long password. I usually use about 20-24 characters, but you can go up to 50.

  2. I log into the site with my newly minted password. 1Password will automatically detect the login and ask if I want to save it. I say yes.

  3. The next time I need to log into the site, I just hit a key combo, and I’m automatically logged in.

Do you see the real advantage? It’s not just that I have the convenience of having something type my password for me. It’s that I can use a different and completely random password for every site I use, and I never have to remember any of them. All I need to know is the one password (get it?) to unlock my 1Password database.

If someone managed to crack my Facebook password, the damage would be limited to Facebook. They wouldn’t automatically have access to my Twitter account, my email, or (God forbid) be able to log into my bank account. I use Dropbox (see below) to sync my 1Password database between my desktop and my laptop, so I always have up-to-date data, whichever machine I am using.

1Password optionally syncs data to an iPhone app (via wifi), so you can have your data on-the-go.

Evernote

Evernote is a place to put anything you might want to remember and find later on. I use Evernote for all kinds of things. It has completely replaced all of the sticky notes, scraps of paper, random emails to myself, etc., which I used to use to stash bits of data that I didn’t want to lose. Now I just stuff it into Evernote, forget about it, and if I ever need it again, it’s right there.

Evernote can read images and extract words. You can take a picture of a sheet of paper, upload it to Evernote, and search for words in the picture to find it later. They even do handwriting recognition.

Another big plus to Evernote is that you can tag something with a URL. This is great for bookmarking articles. I used to use Delicious for these bookmarks, but I found that I would often go back to the site and the URL no longer worked. In the case of certain publications, the content would expire from the site (I’m looking at you, newspaper industry). The advantage with Evernote is that I can create a note containing the page’s contents, tag it with the URL, and if the link is broken when I go back, so what? I still have the contents of the page.

There are a number of Evernote clients available (Windows, Mac, iPhone, Blackberry, etc.), as well as access via their web site, so there are many ways to access your Evernote data.

Evernote is free, and you can upgrade to a Premium account if you want a larger monthly upload allowance.

Dropbox

In a word, Dropbox is magic. You have a folder, you drop in files, and they magically appear on any machine where you use Dropbox. I’ve seen other services try to do this (Apple’s iDisk, WebDAV in general…) but Dropbox is the first one I’ve used where it “just works” every time, and it’s fast.

I use Dropbox when I want to edit a file on multiple computers. I also use it to sync my 1Password database between machines. Because the 1Password data is encrypted with AES-128, it’s no problem to leave it out in the cloud.

Bonus: Dropbox is free if you don’t need more than 2GB.

TextMate

TextMate: easily the best text editor I have ever used. As I’ve said before, TextMate has all the extensibility of Emacs, but with none of the Lisp or Richard Stallman.

TextMate is one of those applications that is deceptively simple. At launch, you see nothing but a blank text window. Hidden beneath that simple face is a powerhouse.

I use TextMate for writing, coding, designing, and prototyping. The ability to invent new commands by writing small scripts is very powerful. Unlike some editors, you aren’t limited to a language that was chosen for you. You can use any common interpreted language. I’ve written TextMate commands in Bash, Perl, Ruby, and even PHP. (Though I regret the latter.)

TextMate isn’t cheap for “just a text editor,” but if you spend a significant amount of your time editing text, and especially if you write code more than occasionally, it’s well worth the price. I wrote this post in TextMate using Markdown.

Adium

Adium is a powerful instant messaging client with support for nearly every protocol that exists. I use it for AIM and Jabber, but it also supports ICQ, Yahoo, MSN, Google Talk, Novell Groupwise, Facebook, and a bunch more. In other words, if you’re on a bunch of networks and you don’t want to run a bunch of apps to use them all, Adium is for you.

ClickToFlash

I use ClickToFlash to block Flash content in Safari. Because I hate Flash.

ClickToFlash couldn’t be easier. Wherever Flash would be, you see a gray box that says “Flash” in the middle. If you want to load that object, click. You can also load everything on a page at once, or you can whitelist a domain (e.g. youtube.com) so it always loads Flash without a click. It only works with Safari.

Skitch

Skitch has a simple purpose: let you take a snapshot of something on your screen, and upload it to the web, quickly and easily. I use this at least a few times per week.

By default, Skitch uploads your snapshots to skitch.com. If you prefer, you can configure Skitch to upload elsewhere, like Flickr, or a WebDAV, FTP, or SFTP server. I have Skitch save files to my web site using SFTP.

SSHKeychain

If you use SSH, SSHKeychain is invaluable. As a systems engineer, I use SSH dozens of times every day.

SSHKeychain is an SSH agent, which means it can memorize keys and passphrases for you (to avoid constantly typing them in), and it can forward that authentication data through to other servers (in case you have to jump through one server to get to another, but need to use the same key on both). It can also handle some common tasks like creating SSH tunnels.

Yes, I know, Terminal has an ssh-agent built in, but each window gets its own. So you are constantly typing in your passphrase. It’s annoying, especially if you open several windows in a series.

Second stringers (good to have around)

Firefox

I hardly ever use Firefox, but I keep it around because occasionally I run across a site that is broken in Safari. Usually these sites work in Firefox (but not always – yes, there are still IE-only sites out there).

Flip4Mac WMV Player

Flip4Mac plays Windows Media formats in Quicktime (including in webpage-embedded views).

Perian

Perian is another Quicktime add-on. It understands a bunch of video formats, including DiVX.

ExpanDrive

ExpanDrive allows you to mount remote servers as local volumes. If you have a server that you can access via SSH, you can mount filesystems on that server on your Mac, using SSH (SFTP). It also supports FTP and Amazon S3. This is a great way to edit remote files with your favorite Mac text editor (like TextMate).

ExpanDrive is currently US$39.95.

LinksComments Off
31
Mar 10

Which Party Has More Sex Scandals?

After studying the 58 scandals over the past 20 years involving all politicians or major candidates for city mayor and above—many involved crimes, others just allegations, but all wound up as tabloid fodder—some conclusions can be reached.

The number [of] sex scandals has increased dramatically over the past few decades, thanks to technology, new press standards and a post-Clinton belief that everything is fair game.

Republicans have more scandals (32 to 26), but Democrats have bigger ones, based on our methodology (13 out of the top 20).

Democrats tend to have more problems with harassment, staffers and underage girls; Republicans tend to have more problems with prostitutes, hypocrisy and underage boys.

Which Party Has More Sex Scandals?

ThoughtsComments Off
30
Mar 10

Tweetie, Instapaper and metadata

This is a great feature. When you send a link to Instapaper from Tweetie 2 for iPhone, it includes the tweet as a note, to remind you where you got the link.

This is especially nice if you decide you want to go back to Twitter and reply back about the link.

LinksComments Off
30
Mar 10

The Invisible Hand of the Market

More than 200 companies have joined a boycott of [Glenn] Beck’s program, making it difficult for Fox to sell ads. The time has instead been sold to smaller firms offering such products as Kaopectate, Carbonite, 1-800-PetMeds and Goldline International. A handful of advertisers, such as Apple, have abandoned Fox altogether. Network executives say they believe they could charge higher rates if the host were more widely acceptable to advertisers.

The Beck Factor at Fox: Staffers say comments taint their work

LinksComments Off
29
Mar 10

Mincemeat and the Imaginary Man

Early in the morning on the 1st of May 1943, a fisherman on a beach in Spain discovered a waterlogged corpse which had washed ashore during the night. The dead man was clothed in British military attire and a life preserver, and he had a briefcase chained to his lifeless body. Apparently a casualty of an airplane accident at sea, the body was transported to the local port, where its discovery was reported to the Nazi officials stationed in the city of Huelva.

From his personal effects, the man was identified as Major William Martin, a temporary captain and acting major in the British Royal Marines. Rather than allowing possible military intelligence to go unintercepted, the local agents for the Abwehr – the German intelligence organization – coaxed the briefcase open to examine its contents. Inside, along with the man’s personal effects, the Nazis discovered a personal correspondence between Lt. Gen. Sir Archibald Nye, vice chief of the Imperial General Staff, and General Sir Harold Alexander, the British commander in North Africa. This letter described key details of the Allies’ plans to invade Nazi-held territory. It seemed that luck was favoring Germany; but the discovery ultimately resulted in disaster for the Nazis.

Mincemeat and the Imaginary Man

ThoughtsComments Off
28
Mar 10

Back That Thing Up

Yesterday afternoon, my wife lost her grip on her MacBook, and it fell to the floor, resulting in a catastrophic hard drive failure. The disk utilities could no longer even detect there was a drive installed.

I created a temporary account on my laptop for her, and prepared myself for a major headache recovering data the next day.

This morning, I picked up a new disk at Best Buy. (That I can now buy 250GB, at retail, for only $60, is mind-boggling.) It took only a few minutes to swap the disks physically, and another ten or so to boot from the Snow Leopard DVD, plug in the Time Machine backup disk, and start a restore. It told me to come back in about two hours, and when I did, the machine was ready to go.

Wow. Just wow.

I’ve been using and managing computers for a long time, and I’ve never recovered from a major failure so smoothly. This is why Apple made such a big deal about Time Machine when it was introduced.

By the way: if you have both a desktop and a laptop Mac, you do not need a Time Capsule to do backups over your wireless network. Any shared USB disk attached to your desktop will work. Just turn on file sharing, mount the volume on your laptop, and tell Time Machine to use the mounted volume. You don’t even need to figure out how to get the volume to mount at boot; Time Machine will remember it and mount as needed, and even unmount when finished.

It’s very polished, and more importantly, automatic. Non-automated backups are not much better than no backups at all. (I learned that lesson the hard way.)

LinksComments Off
27
Mar 10

John Frum and the Cargo Cults

Their god has yet to emerge from his home inside the volcano to bring the promised riches, and at least one visitor’s guide offers this advice: “If you question a local about their beliefs, they will most likely reply that you have been waiting for your messiah to return for over 2000 years – while they have been waiting for only 70.”

John Frum and the Cargo Cults

LinksComments Off
27
Mar 10

The Wrath of the Killdozer

Marvin Heemeyer of Granby, Colorado was a profoundly frustrated muffler repair man. In the late 1990s–after years of protests, petitions, and town meetings–it became obvious to the 52-year-old that he was entwined in a gross miscarriage of justice. His business was ruined by some shady zoning changes, and Heemeyer contended that mayor and city council were corrupt. Even as he was forced to give up his legal fight and sell his land, he hatched one last plan to secretly retool his muffler shop to serve a single malevolent purpose: to construct a machine that would allow him to exact his revenge upon those who had wronged him.

The Wrath of the Killdozer

ThoughtsComments Off
27
Mar 10

False Sense of Security

For the past few years, I’ve been using a Mac application called Cha-Ching to handle my banking. I use it to track my checking and savings accounts, a couple of accounts I have for my kids, and my credit card usage.

(No, I’m not going to link to it. It’s made by Midnight Apps. You can Google it if you want to find it. I’m not sending them any traffic.)

When Cha-Ching starts up, it asks for a password to unlock the database.

Cha-Ching unlock screen

Given that this application is intended to contain financial information, and goes to the trouble of asking for a password at startup, one would think the data is somehow protected by that password, probably even encrypted, right?

WRONG.

It turns out that the data is “locked” by the password, not encrypted at all. In fact, the only function of the password is to tell the application not to open the data unless you know the password. If you want to pick through the data file outside of the application, nothing is stopping you. In fact, the password is stored in the application’s preferences file. If you rename or delete that file, the password simply ceases to exist.

Here’s how easy it is to search through my banking data.

$ strings Cha_Ching.1ccdb  | grep dishes
35268605-6F44-4868-A1BA-74AA567E63DC2 sets of dishes (service for 4)
Outgoing562FA75C-114E-481B-B0C7-D2955DED510FAmazonNever
35268605-6F44-4868-A1BA-74AA567E63DC2 sets of dishes (service for 4)
Outgoing559BD5D9-F6BA-440C-A981-84F759309E49AmazonNever

There’s some extraneous text there, but I’m sure you easily figured out that I bought four sets of dishes from Amazon recently.

Oh, it gets worse. If you know how to use SQL, you can just ask the database for anything you like using standard tools.

$ sqlite3 Cha_Ching.1ccdb 
SQLite version 3.6.12
Enter ".help" for instructions
Enter SQL statements terminated with a ";"
sqlite> select ztrans_title,ztrans_date,ztrans_amount from ztransentity
        where ztrans_title = 'Amazon' limit 5;
Amazon|206856000.0|-52.7999992370605
Amazon|207115200.0|-62.1100006103516
Amazon|203313600.0|-26.9699993133545
Amazon|187333200.0|-55.9500007629395
Amazon|209620800.0|-22.6000003814697

To make matters worse, the developers at Midnight Apps seem to have gone on permanent vacation. They have a public beta for Cha-Ching 2 out, and have for over a year, but there’s been nothing from them for the past several months. Nothing on their blog, their Twitter feed, not even their support forum.

Speaking of the beta, it’s all you can download. They don’t even have their 1.0 version up anymore (the only non-beta product they have). Huh? Since the beta is free, this means that not only can you not obtain their “production” version, it’s not currently possible for them to generate any sales.

I know what you’re thinking. They must have fixed this data encryption problem in version 2. Nope. The version 2 beta still just “locks” the data in the application. Looking around in their support forum, I found this amazing gem from the lead developer.

We have talked about this in the past…. The main issue is that we don’t want to ever permanently lock users out of their database.

If the database lock code is stored as part of the database itself then the user will not be able to access the database at all if they forget their password.

We are considering making some changes in this area but I can’t make any promises.

I am open to hearing suggestions though!

Yeah, if you don’t know the password, you can’t read the data. That’s the whole point! I wonder if this guy writes his PIN on the back of his ATM card.

Lessons learned:

  1. A password does not necessarily mean any protection exists.

  2. If you think something is encrypted, don’t assume it is, check.

ThoughtsComments Off
26
Mar 10

A Google spell check change?

Has anyone else noticed this? Sometimes Google will ask if you meant X after typing Y, and sometimes it will just assume you meant Y, and give the option of searching for X instead. I wonder how it decides which way to go?

Did you mean... ?

Uncle Google knows best.

← Older Entries