Thinking Aloud

Too many passwords these days. Way too many. I’ve been keeping passwords on kitchen recipe cards ever since the passwords that get handed out at work started to become completely cryptic and beyond my ability to remember them. Which may seem like a pretty insecure way to keep passwords. But, if the bad guys are actually sitting at my desk, I figure I may have bigger problems.

Finally, I’ve decided to take the risk of actually storing my passwords on my computer. I’m not real jazzed about the idea, seeing as how if the hackers get into my machine and then into my password file then I’ll really have given them the keys to the castle. But, with way too many passwords, what is the average hacker to do.

I work on mostly Debian/Gnu linux systems these days (hurray free software!!). So if you’re working on some other operating system this may be completely irrelevant to you. So, for myself and others here’s how I’ve attempted to secure my passwords.

Enter GPG

GPG is some state of the art encryption techniques are often used to sending encrypted emails. But I found a few people who have used them for encrypting password files. So, this is the technique that I’ve chosen to follow. To get started you need a private key. At the terminal command line run

gpg --gen-key

I used the defaults for the questions it asked and then entered my details and non-forgettable, non-write-downable passphrase. More specific detail on getting started with GPG. Seems too simple, yeah, to me too. That provides a private key with which we can encrypt files. And you can encrypt whatever you would like, but it requires remembering a bunch of command line stuff that I would rather not try and recall, ( more about encrypting files for personal use from the command line here). Note: Once the password file is encrypted it’s not necessary to encrypt it by hand again.

So I created a new file called memories.txt and then encrypted it by typing on the command line

gpg --encrypt --recipient 'Jeff Richards' memories.txt

This produces a file called memories.txt.gpg. Now the original memories.txt can be deleted. Great! now how to add passwords, view them easily and re-encrypt the file as needed.

Vim and GPG plugin – Making Encryption Easier

At this point, ideally I’d have an encrypted file that I can open with my passphrase, and then read, write and close in an encrypted fashion. Enter vim plus the gpg plugin. Turns out someone has handily figured all this out. NOTE: the standard Debian install comes with vim-tiny. which doesn’t support plugins so the first step is to install vim proper (package name: vim).

Once that’s installed, next step is to install the gpg plugin file.

• Grab the gpg plugin code and save it into a called gpg.vim.
• Copy gpg.vim into the /home/your-username/.vim/plugin/ directory
• If the directories .vim/plugin/ doesn’t exist, create it!

And… that’s it! try and open the encrypted file with vim, in my case

vim memories.txt.gpg

Enter the passphrase and your in, add and subtract and the file is encrypted when you exit the program.

My reading of the vim plugin seems to indicate that there won’t be any temp files created or saved anywhere. If anyone has any tips as to why if/how this is a terrible/insecure way to keep passwords, please let me know!

One thing that happens when you start using some of these new fun websites, facebook, twitter, identi.ca etc. Is that you really do end up mixing friends, from all kinds of different places. In my case I’ve got friends, from university, high school, church, work, Hardwicke Island, Victoria Social Media Club plus my parents, inlaws and pretty much everyone having the ability to look in on my status updates, new pictures, etc. It really cuts across groups that are generally held separate. In some respects, this is great, and in some respects this is taking some getting used to.

Are you all listening?

The great part of this is that everyone who is interested in what I’m doing has the opportunity to keep up with my latest thoughts and latest happenings. The bit that takes some getting used to is that, being a fairly private person, I would tend not to tell my high school friends what the latest up on Hardwicke Island is, and vice versa. It makes it a bit easy to get stuck not letting anyone know what’s up since the messages aren’t really targeted. There’s things that are obviously inappropriate, and these days it seems no election campaign will now be complete without some facebook/youtube-reveals-your-past news. Not that I’m planning to run for office any day soon…

So, it seems that there’s a few ways forward. Set up separate accounts for different people to tune into – This seems crazy, do I need more usernames and passwords… Surely not. Or the second, just get used to the fact that the world is going to know a little more about my life than they could before, and let the benefits of sharing outweigh any detriments that might occur. So, does this really all come down to “sharing is good?”

There’s a little more than that… somewhere along the lines, the idea that avoiding talking about religion, politics and money seems to have seeped into my thinking, I’m not the only one. But if you read that article you can see that things are changing. And that’s where the simplicity comes in.

Just Be Yourself, Ok?

With all the social media slashing holes in our so called anonymity, everyone gets some choices. If anonymity and integrity are important, you really can’t play. That’s the only way, just keep reading the webpages like back in 2001, don’t comment, don’t post, don’t tweet, don’t, don’t, don’t. Don’t get involved. If anonymity is important but integrity is not, then you could always just fake it and be who you want online, and be someone else off line. But just like in really life, being different people in different places, means remembering your character when you step into a certain situation, and it is very awkward when those people from different situation collide, I’ll leave that to your imagination.

Integrity Sans Anonymity

The last choice is if integrity is important and anonymity isn’t or at least is sacrifice-able. Then you just speak into every situation as yourself. The downfall here is that everybody get’s to see what you’re thinking; what you’re about. And it may be very different from what they expected. It offers people the opportunity to be involved in what you really are thinking. It definitely exposes a lot more territory for discussion, but I think the benefits of this way outweigh the detriments.

If you’ve seen this before, watch it again, it’s great. If you haven’t… enjoy.

In an incredible handy coincident of wants it turns out the BC government wanted to get old crumby cars off the road at exactly the same time that I wanted to get rid of my old crumby 91 Honda Civic, massive door ding and all. And while the used car prices are already pretty low, the government was willing to give us $1300 towards an electric scooter through the scrapit program. We jumped through the hoops, we got the money and now I’m riding an electric scooter around town, and I just past 100km on the odometers. Yes, that’s right, 100.

How is it?

Well, there’s a few things that I like and few that I don’t. Starting with the good stuff. It’s incredibly quiet. I mean dead silent. Zipping along about the loudest thing I hear is everyone else. Which has the nice feeling of floating on the cloud and the detriment of scaring the bejeebers out of blind people, not that I’ve encountered that situation yet. Another obvious upside is the never needing gas part. It’s a novelty that hasn’t worn off yet.

Matt told me that once you get a bike you start getting the wave from other bikers. Turns out that in some cases motorcycle riders will condescend and offer the wave to even the lowly scooterist, I appreciate it, although I do feel a sense of other-ness as I noiselessly (and relatively slowly) glide by as they quickly and powerfully eat up the pavement. Speaking of speed, my speed record is 65km/hr. I’ve done it once, on a downhill, drafting behind a car. It’s not a fast scooter. 100 kms in I’m still waiting for my first road rage incident as a motorist speeds by exclaiming how the slowness of my ride makes him want to run me down. Hopefully, sounder minds prevail.

The Downsides

On the downside, the range is pretty limited. While I’ve yet to actually reach the heart stopping moment where the batteries are exhausted and the scooter slows to a stop on some major thoroughfare, I do dread its arrival. The other downside is the size and weight of the scooter. It’s heavy, those batteries are very heavy and just shuffling the scooter around can be a bit of challenge. And it turns out that the scooter itself is a bit small for someone who is 6′3″. It’s especially noticeable with the storage compartment bolted on the back. I suppose you could say that it lends a feeling of humility to the rider to be somewhat cramped on the bike, but I would have paid a little extra to get a slightly longer wheelbase and a couple more inches of knee-room.

The Helmet

Last but not least, there’s the helmet. Yeah, that’s right it looks a lot like power ranger without the tinted shield. Do all helmets look this ridiculous? Actually, it’s very comfortable and seeing as how it came with the bike. I’m not complaining, we’ll see how it goes over when I hit my first scooter meet up. I’ve seen them in the past, line ups of Vespa’s at Ska Fest and other in town music events. I’m not convinced they’ll take me seriously, being electric and all.

Getting thing done is a constant struggle and to be honest, I’ve spent way to much time thinking about how to try and catalog all the things I want to do, rather than just doing the blasted things that need to be done. So, to share what wisdom I’ve got (if any) on this topic, I thought I’d pass along the details of all my efforts how I try and keep track of my self and what I’m trying to do. And how I’ve tried to stop obsessing about my todo lists and just do something (this post may be part of my therapy on that front).

My Tools

Both my tools are online, at this point in my life, it’s where I live, so it seems to make sense to me try and keep myself organied online as well.

• Online Calendar That syncs to my mobile phone (Google Calendar)
• Online Email accessible via my mobile(Gmail)

Separating Work and The Rest of My Life

I don’t bother. I’m just one person, work is part of my life. So, there’s just one calendar and one todo list, and one log book email with everything in it. For me, the simplicity of just having one place to look for things far out weighs the bummer of looking at work tasks when I glance at my to do list on the weekend.

How my System Works (or tries to)

Calendar

Everything that has an actual time (think meetings) or due date (think reports) hits the calendar. And that’s where it lives. This provides the hard landscape (borrowed from GTD) for my life. So, that’s pretty simple. I get an agenda sent every day to my email and I try and survey the weeks events fairly regularly so that I see the big trouble coming a little before it arrives.

The To Do List

I’ve tried plenty of online stuff that is pretty fancy (and feature-full) but I always end up neglecting it and then getting disorganized, so I’ve resorted to a draft email. I seperate my tasks by project in the email and then write the tasks as a bullet list. If I’m waiting for something I put a note in the list that I’m waiting for this from someone and when I started waiting for it.

The Log Book

Being trained as an engineer, I have it drilled into me that a log book is crucial to success, you NEED to be able to see what was done and when. Being incredibly forgetful when it comes to things that happen in day-to-day life (especially with dates) this is even more important for me. So my log book has become an add on to the end of my draft email to do list. Once I finish anything, I copy that item from my to do list to the bottom of my draft email and tag them with the project that they’re for and list them underneath the date I completed it. At the end of the week, I copy all these paste these finished tasks into a new email and send it to myself. Then I archive it and when the time comes that I really need to recall what I’ve done, three weeks from now, I’ll call it up and look at it, curse myself a little for not leaving better notes and thank my lucky stars that I left any notes at all.

The Daily Habit

All this stuff only works if you buy into the system 100%, I’m trying to buy in 100% and review my calendar and to-do list daily. During my daily review I find a few items that I really want/NEED to get done during the day and write them on a separate piece of paper that I try and put somewhere VERY prominent. Throughout the day, the really quick tasks (5 minutes or less) I do right away and then longer jobs I put on the to do list. Then I just try not to get distracted by youtube, google reader, wikipedia, my own navel and facebook and get those few items on my list for the day completed.

.

There has been quite a bit of fuss around stopping advertising from coming into your home. There’s two usual routes for people to try and get their message to you, the phone and the mail. Stopping people from soliciting is getting a little easier. On the phone side there’s the national do-not-call list. And on the mail side, there is the Red Dot Campaign

Stopping Mail One Box at a Time

The Red Dot Campaign is dead simple. In a nutshell, you put a red dot on your mailbox that says “No Junk Mail Please” and that’s it. The mail person stops putting the junk mail in your box. The campaign organizers have pdf that you can print out and tape onto your mailslot and one that you can print out and put on your mailbox (it’s bigger). Or if you’re really feeling spenfy you can buy some red dot campaign stickers.

This isn’t a Crazy Environmentalist Thing, Canada Post is Onboard

The best thing is that Canada Post is totally onboard for this. They’ve said in their FAQ’s that:

Customers who do not wish to receive advertisement mail should put a note to this effect on their mailbox if they receive door-to-door delivery. For a community mailbox, group mailbox or postal box, the note should not be placed on the inside or the outside of the door. The note should be placed on the inside lip of the box. When the letter carrier puts the mail into the community mailbox, group mailbox or postal box, the door panel is open and not in view

They’ve even got a splashy little page encouraging you to do the right thing for the environment and stop the junk mail. The folks at the Red Dot Campaign claim:

The Consumer Choice database is decremented for each person opting out, and advertisers reduce their print quantities accordingly

But, I couldn’t find that on Canada Post’s site, although I reckon if enough people opt out of receiving flyers the message will travel up stream soon enough.

Results – Look Ma, No Junk Mails

Honestly, I am in awe of the fact that a small sticker stopped the seemingly endless stream of junk mail, but it did. We now get no junk mail. Big thank you to Canada Post and my mail delivery technician for making this easy.

CBC Radio is a staple for most Canadians. And beyond listening to CBC, just so that you can say “I heard it on the CBC” thereby invoking the Canadian equivalent of “this is gospel truth” they do put together some really great shows.

Payback is both a book and a Massey Lecture Series that CBC put on with Margaret Atwood (or perhaps it was vice versa). I happened upon it listening on the radio show as I was making a late night delivery to a friend from church. As near as I can tell the lectures are simply Margaret Atwood reading the book. Which makes both the book interesting as it has a strong conversational tone and the radio lecture interesting because it is well thought out and structured.

The book covers quite a bit of ground, looking through the aspects of the debt and creditor relationship as they stretch back in time and relay how this framework is only really possible because humans have a sense of fairness and are living as a society where relationships are a necessary part of our daily lives. It then stretches into looking at how debt and sin are related and how sinfulness has been extended to relate to both the creditor and debtor. The idea that debt is only possible because memory is possible is opened up and poked and prodded and found that indeed debt really can’t exist with out memory (or accounting and ledgers).

Debt as a plot line is explored. This is a brilliant, if partially borrowed from Eric Berne, piece of work laying out how many of us are using Debt as a way to spice up our lives. In many cases, Debt may be used to add the story to the passing days of our lives. The subject is then spun out to a more national scale with some explanation of Taxes and how national debt works.

The book finishes in a somewhat dramatic twist by looking in upon the way that we as humans are in-debt to the Earth and how we are on line for some terrible times ahead should we consider to borrow on the large but diminishing reserves of Mother Nature Represented by the Spirit of Earth Day. When Mother Nature comes to collect you don’t want to be the one that answers the door.

Through all this Atwood has woven the stories of Doctor Faust, Ebenezer Scrooge (who gets a big role), Shylock (from The Merchant of Venice) and a variety of other classic pieces of literature which act as expected to glue together and fill out the presented ideas. Atwood touches in the church and Jesus and where they seem to fit in the story, interestingly pointing out that the church has really been focusing on the sexual sins lately and has let what used to be equally significant finance related sins pass away. She also presents an alternate scenario for 9/11 where the American’s choose forgiveness of the terrorists rather than revenge. (I’ve often wondered if the amount of money that has been pumped into the war efforts had been pumped into building up educational and infrastructure resources in Afghanistan and Iraq what would have happened in the ensuing years. I recognize that doing that kind of development would not be easy/possible in a hostile environment but it represents a different goal and I feel a better tactic.)

Both the Payback: Debt and the Shadow Side of Wealth book and radio presentation are engaging and well worth the time.  While I can’t speak to how well it agrees (or disagrees) with modern thought on debt, the book ties together a lot of strings to provide a cohesive and well thought out (not to mention Canadian flavoured) look at the subject.

Problem: I live in Canada (and Canadian’s love Facebook), no matter how awesome Identi.ca, Twitter or any of the other microblogging services are most of my friends still use facebook, nearly exclusively. I like my friends, I want to know what’s up with them, however I don’t want to login to facebook 5,10,20 times a day to see what’s up.

Wouldn’t it be great if Facebook status updates could funnelled into status updates into my Gtalk/XMPP/Jabber or any other instant messenger.  But how… Googling around didn’t turn anything useful up.  I was stuck, I got an RSS Feed from Facebook and resigned myself to reading it occasionally. Then iafter reading a ReadWriteWeb Article on notifixio.us I started thinking it may be possible to feed notifixio.us the facebook RSS feed and get IM facebook status updates that way. Unfortunately, notifixious is dealing with a problem regarding Facebook RSS feeds, however, in my travels I discovered that FriendFeed could rebroadcast the RSS feed and Facebook status updates via IM possible!

Notifixio.us + FriendFeed – Helping Facebook Instant Message

Notifixio.us is a service that polls RSS feeds and sends the updates to you via GTalk/XMPP. So generally you could just plug in the rss feed that you get from Facebook and bingo, bango, bongo you’d have Facebook updates coming to you via IM, but there’s a problem that stops that from working at the moment. So it’s time to introduce FriendFeed. While FriendFeed is generally used to consolidate one’s online posting activity so that friends can stalk (I mean, keep up with) all your online activity in one RSS feed, however, with a little encouragement we can use FriendFeed to re-broadcast the Facebook RSS feed in a form that Notifixio.us likes . [Update 2009-02-16: There's something funny with either friendfeed's news feed or else notifixio.us it seems that I only tend to get a portion of the status updates. Not all status updates come through]

Here’s how:

1. Log in to Facebook
2. Click on the Friends Section in the Top Navigation
3. Find the “Friends’ Status Feed” on the Left of the Page
4. Copy the link location to the clipboard
5. go to FriendFeed and get a new account. We need a new account because we don’t want this account to be crowded up with all the personal stuff that generally gets collected in FriendFeed.
6. After you’ve worked through the registration process, Click Add/Edit Services (it’s on the right)
7. Click See All 59 services at the bottom of the screen
8. Click on “Custom RSS/Atom” (it’s under Miscellaneous)
9. Enter the URL for your facebook status updates RSS and click “Import Custom RSS/Atom”
10. Go to your FreindFeed homepage and get the RSS feed link address for that page (It’s way at the bottom)
11. Go to Notifixio.us and register
12. Go to “Settings” and work your way through the Gtalk/XMPP setup process
13. Click “Add Source” and paste in the Friends’ Status Feed Url that we copied out of FriendFeed And Click “Go”
14. Choose how you’d like to be notified, for me it’s my Gtalk/XMPP username
15. A confirmation IM immediately saying that updates will be coming soon

That’s it! Facebook updates by IM. Wait patiently for one of your friends to post some banal detail of their daily life and enjoy reading about in close to real-time via your favorite IM protocal!

What about Other Status/Microblog Services

Identi.ca Works with Gtalk/XMPP/Jabber out of the Box

One thing that I really like about identi.ca is that you CAN send and receive updates from your people through Gtalk/XMPP/Jabber. This is great, because you can have updates from your friends, or followers coming into your life in real time. It is so handy when you’re at an event and people are sending updates about not just life changing thoughts, but activities that are happening at the time. This is great, my same old Gtalk chat application all the identi.ca updates streaming in, realtime. Awesome!

Twitter can work with Gtalk/XMPP/Jabber with some Fiddling

I searched around for a way to do this with twitter. And sure enough tweet.im is offering a similar service. You can sign up with them, hand over your twitter username and password. (ugh, ouch! who are these guys anyways? But so far so good haven’t seen any rogue posts yet.) and then just like identi.ca does out of the box updates from your twitter friends start flowing into your Gtalk/XMPP/Jabber instant messenger. It’s great requires no special apps, only downside is handing over those login credentials. At this point I consider this a necessary evil. Message to twitter: seize the future start making Instant messenger Support Native to your platform. Please!

Technical Reflections on Polling (skip if not interested)

RSS has one really big flaw, you have to poll the server to see if anything new is there.  This means that every RSS feed you subscribe to means that a computer now has to poll that site to see if there is anything new there.  Which is no big deal if you’ve just got a few subscribers, but if you’ve got tons like twitter, you’re servers are getting polled ALL THE TIME, so we’re eating up band width to find out if anything is new on the site.  This is at least one reason why twitter’s fail whale is so well known.  That’s a lot of requests all the time, twitter limits polling to once a minute, jsut to keep their servers noses above water. XMPP is the future, this is a good first step.