—Beautiful story (audio only) from Julio Diaz at StoryCorps, about getting robbed on a New York subway platform (via Hacker News).
Put Things Off 2, the free update to the laid-back to-do list I made for iPhone, is now live. You can see the full preview at putthingsoff.com or buy it now from the App Store. It’s on sale for a limited time.
The app’s a huge update, and includes some fun new features you won’t have seen in any other to-do list. It follows six months of hard work, and I’d be thrilled if you’d help me by checking it out and spreading the word any way you can. Thanks!
I currently spend about $500 a year renewing domain names I’m not using. I thought it was about time I sold some of them.
As well as listing the domains below, I’ve provided the backstory behind each one; partly to share what on Earth I was thinking when I registered some of them, but also in the hope that some of you might snap them up and build the things I never found time for.
There’s no price list; just email all serious offers to ndc@me.com. Thanks!
UPDATE: bubl.net sold on flippa.com
A memorable, fun little 4-letter domain name. I bought this from someone I shall generously refer to as a ‘domain name professional’ in the hope of building a browser-based meeting room app with a twist.
My idea? bubl.net would let you create an online room (or ‘bubl’) to invite friends or co-workers into for live group discussions. Unlike similar online meeting services that charge a monthly fee for a permanent ‘room’ online, each bubl would disappear (or ‘burst’) when everyone left the page, at which point you’d each receive transcripts of the chat by email if required.
It was my intention to provide the basic service for free (ad-supported with a banner inside each ‘bubl’), with a pay-per-bubl or pay-per-bubl-pack system for users who required secure chat over https, video calling, file sharing, branded rooms, live annotation, and other more advanced features.
In truth, I still find myself needing something like this from time to time, so I’m a little reluctant to part with the domain. But it’s been many years since I’ve given much thought to building such a service. Perhaps you can breathe some life into it?
I went through a phase of buying and registering domains ending in *jam.com, possibly because I was eating lots of toast at the time. Here’s the full list:
I had high hopes to build a group of web apps around the *jam.com name. It’s hard to find names for web apps that make them feel part of the same family, and I still feel that these domains would be a great way to do that.
I no longer have time to make something of them myself, but perhaps an enterprising soul could do well from these. Would prefer to sell the set of seven at once, but I’ll consider offers for individual domains.
Bought on a whim, the Twitter Genie would have been Twitter’s first good samaritan or — if you’re British — the Jim’ll Fix It of Twitter.
I noticed how often people begin tweets with ‘I wish…’, and thought it would be marvellous to make some of those wishes come true, either by encouraging people to tweet directly at the genie account and granting one wish a month, or by searching for tweets featuring the phrase ‘I wish’ and making the most noble or amusing come true.
I’m still rather fond of the idea of Twitter as a wishing engine, but don’t have the time or resources to make it happen right now. Perhaps you do?
For those with more business savvy than social conscience, the Twitter Genie might also be a lovely way for brands to sponsor Twitter giveaways and get their products or services in front of followers.
A lovely compound word I stumbled upon whose domain happened to be free. I had intended to pen a non-fiction book with the title, but have been busy writing short stories instead.
I still consider it a fun play on words and am sure someone can put it to better use than I have.
Another name registered on a whim, I’d hoped to use this to launch a light hearted book about email. Still tempted to try, but I’m committed to other projects for now.
—
That’s the lot at the moment! Happy to consider all serious offers. Send them to ndc@me.com.
And yes, I did consider registering a domain from which to sell my domains, but dismissed it as madness. Especially when I found that my top five choices weren’t available.
Do you use public Wi-Fi networks to access the Web? Perhaps in a coffee shop, airport, hotel, or university campus? Maybe on a laptop or iPhone?
Did you know that anyone also using that network can currently hijack your twitter, Facebook, and other account details to log in to those services as if they’re you? If you’d like to fix that, read this post. It’s about Virtual Private Networks or ‘VPNs’. It tells you how to use one to make your connection more secure over public Wi-Fi.
Here’s what you’ll need to secure yourself on open Wi-Fi networks. I’ve reduced it to three steps because I’ve assumed that most people reading this want to be safe but don’t care too much how it works. (If you do want to learn that stuff, read ‘how it works’ below.)
I recommend StrongVPN. Their ‘Euro-America Special PPTP 1-year’ package costs $55USD a year, which is good value, and you can pay with PayPal if you like. Order it from this page.
Free VPN services do exist, but I don’t feel comfortable recommending any of them to you. If you want to stay secure but you’re not willing to pay for a VPN connection, the simplest way is to leave your laptop at home and not use public Wi-Fi.
StrongVPN have setup instructions for Windows, Mac, iPhone, and more.
On a Mac, turning VPN on takes two clicks: click the black VPN icon in your Mac’s menu bar. (It looks like this.) Then click ‘Connect StrongVPN’, or whatever you named your VPN connection in step two. The bars in the VPN icon go a light grey colour when you’re connected, and clicking the VPN icon will now display a ‘Disconnect….’ option together with a timer showing how long you’ve been connected for.
On an iPhone, a VPN connection is two taps away: tap the Settings app, then toggle the VPN switch at the top to ON. If you see a blue “VPN” icon in the title bar, you’re connected.
I’ve never connected to a VPN on Windows or Linux, but the final steps in the StrongVPN setup guides tell you how.
VPNs will disconnect you (or ‘timeout’) if you don’t use the connection for several hours. If you sleep your laptop, there’s a chance you won’t be connected when you wake it again. So get used to checking your VPN connection’s still active before you fire up your browser.
A StrongVPN account can only be used by one device at a time. If you’re connected to the VPN on a laptop, you’ll need to disconnect it before you use the same VPN connection on your iPhone. In general, it’s best to disconnect the VPN when you leave your computer, and reconnect it when you get back. Or just turn the whole machine off and save the planet as well as your sanity.
That’s it! You’re safe. Or safer, at least. If you’re curious to discover how someone could hijack your details and log in as you, or want to know how a VPN protects you, read the following FAQ. It’s long, but it’s not too scary, I promise.
There are several ways, including watching over your shoulder as you type them. But the exploit I’m referring to in this post that lets others send requests as if they’re you is called ‘sidejacking’. Here’s how it works:
When you log in to Facebook, Twitter, and other sites, you do so on a secure page — you’ll probably have noticed the ‘https’ at the beginning of the address bar. It means your information’s being passed over a secure connection.
If you log in successfully, the site returns a random string of characters that your browser stores in a cookie. It reads the cookie and sends this string with all future requests when you, for example, update your status or post a photo. It’s why you only have to log in once each time, instead of every time you load a new page.
The problem is this: although sites like Facebook use a secured connection (HTTPS) when you log in, they currently use an unsecured connection (HTTP) for all requests after that. This means that the random string of characters that your browser sends to Facebook to identify you as someone who’s already logged in is sent openly over the public Wi-Fi network you’re connected to. Anyone on the same Wi-Fi network can lift that information out of the air by ‘sniffing’ the traffic.
Once they’ve lifted your special login string from the Wi-Fi traffic, they can use it to send requests to Facebook as if they’re you. They won’t have your username and password, but they don’t need that stuff — the way Facebook and other sites work at the moment means that the special login string is all they need.
On public Wi-Fi it’s laughably easy. There’s even a free Firefox browser extension called Firesheep that helps you do it with a simple user interface. No nerdery required.
Anyone can install the extension, hop on a busy public Wi-Fi network, and wait for someone to log in to Facebook, Twitter, or a wide range of affected sites. As soon as someone does, a double click is all it takes to be logged into the site as them.
Because the more people who know about it, the more chance there is that Facebook and other sites will take their users’ security more seriously.
The idea of Eric Butler’s Firesheep extension is to highlight how easy it is to attack users of popular sites who log in over public Wi-Fi, and to encourage those sites to start using HTTPS at all times. If they did, attackers on your network wouldn’t be able to sniff your user information because, although you’re still sharing a Wi-Fi connection with them, they can’t glean any useable information from a secure connection between you and another site such as Facebook.
No.
There’s no definitive list, but checking is simple: sites you log into should carry on displaying the ‘https’ at the start of your browser’s address bar. If they don’t, users who log in to those sites on a public Wi-Fi network are vulnerable to this type of attack.
In simple terms, a VPN is just a connection between you and another computer. The important thing is that it’s a secure connection. It means that any information you send to or receive from that computer is encrypted so that others on your network can’t read it.
Because the computer you’re connected to when you switch on your VPN connection is far away, what you’re creating is a secure ‘tunnel’ out of the public Wi-Fi network you’ve joined. Other users on your Wi-Fi network will be able to tell it’s there, but there’s no reasonable way for them to tell what information you’re sending along the tunnel, or even who you’re sending it to.
Sure. If you prefer analogies, try this: you’re holding a jar of cookies in a room full of cookie monsters. It’s a pretty dangerous situation. Luckily, the room has one open window. To get the cookies out of the room, you could throw them at the open window. There’s a good chance some of the monsters might notice that you’re throwing something, though. And when they see that they’re cookies, you’re really in trouble.
Instead, you decide to pick up the 10 foot blue tube that one of the monsters just finished using as a didgeridoo. You wipe off the slobber, then push one end of it through the open window. Next, you hold it high and slide the cookies down the tube, one at a time.
The monsters think it’s a little weird, but they can’t really tell what you’re sending along it, and they certainly can’t see what’s coming out the other end beyond the window, because they’re stuck in the room with you. Even if they wanted to break the tube to discover what was going on they couldn’t because, as everyone knows, puppets can’t jump.
If you haven’t guessed already, the giant blue tube is your VPN connection, and the room is the Wi-Fi network. I hope that helps. I really do. I felt quite silly writing it.
Because the computer at the end of your VPN connection is connecting to Facebook on your behalf over HTTP.
The connection between that computer and Facebook is still unsecured but, because that part of the connection is now far away from the open Wi-Fi network you’re on, people on your Wi-Fi network don’t have access to it. In fact, no-one should have access to it, because the only other computers on the far-away network should be other VPN servers in a locked building.
A good question. It turns out that there are some vaguely compelling reasons why big sites don’t use HTTPS for all traffic that flows across their networks but, on the whole, the consensus from security professionals seems to be that no site should gamble with their users’ privacy or security; they should force HTTPS connections at all times. Perhaps they will one day.
UPDATE: As of 26 January 2001, you can now enable HTTPS at all times via your Facebook settings. The advice in this article still applies, though. Using a VPN in public Wi-Fi areas is just safer.
For now, it’s the only option if you want to use a public Wi-Fi network safely. Beyond that, I feel that anyone using a public Wi-Fi network should take whatever steps they can to secure themselves, and not rely on third-parties to do it for them. That’s why I suggest using a VPN on any network you don’t have full control over.
Frankly, if you currently use public Wi-Fi networks without connecting to a VPN, you’re taking a big risk anyway. Sidejacking isn’t the only attack you’re setting yourself up for. Any data you send in plain text (like FTP passwords), will be accessible to anyone on that network. And, trust me: there are people looking for it. For many, it’s akin to a hobby.
Probably. Most of them are password-protected by default now. If yours is too, it’s a lot harder for people you don’t know to use the network to hijack your cookies and log in as you.
Note that I said ‘people you don’t know’. If you share a home or office Wi-Fi network among family members, flatmates, or work colleagues, they can use Firesheep or similar on their own computers to steal your session information and log in as you. So you might want to be kinder to them.
If being kind isn’t an option, the good news is that using a VPN on the computer you access the Web with at home will help. It will stop people who share that network with you from capturing your cookies and posting naked photos of you to your own Facebook account. So it’s probably worth it. Or you could stop using Facebook. That would help too.
But there’s no harm in connecting to a VPN when you’re at home or in the office as well as out and about. It protects you against irritating people you share networks with. It also prevents anyone getting meaningful information from the traffic passing between your machine and the outside world should they manage to join your home or office Wi-Fi network. Perhaps by guessing that your network’s password is ‘yoda’.
If you’re just using a computer at home or work and you trust the people you live and work with, it’s probably not worth paying $55 a year for a VPN connection. Just pick a good password for your Wi-Fi network, change it a few times a year, and be careful who you share it with.
Otherwise, yes, it’s worth having.
You can choose any ‘initial location’ in the StrongVPN location form you see when your order’s completed. It doesn’t really matter.
In general, though, I recommend choosing whichever location is closest to you, preferably in your own country. You’ll experience a slightly faster connection that way. Choosing VPN servers in other countries can also have weird side effects, like being served the Dutch Google homepage instead of your own country’s one.
You can use a VPN to trick websites into thinking you’re in another country in a good way, too. Some people use this to access, for example, the BBC’s iPlayer and other location-restricted services when they’re travelling outside their home country. You’d just connect to a UK-based VPN from the US or elsewhere, and the BBC’s website will serve iPlayer pages as if you’re connecting from the UK directly. (And yes, the BBC knows about this loophole.)
If they’re questions about setting up a VPN, please send them to whoever you’re paying to provide you with a VPN service.
Watching someone flick through TV channels is a lot like being a passenger in a car crash. The feeling that you’re being steered towards impending doom — be it an old episode of Friends or an oak tree — is itchy and unpleasant.
It doesn’t even matter if they’re good at it; I find it just as frustrating to watch someone struggling with an unfamiliar remote as it is to watch a teen channel surf while texting. There’s just something uncomfortable about watching other people use computers.
My latest bugbear came to light shortly after reading a tweet from mpjoyn, foretelling a dark future where PCs invade our lounges:
“Living room pcs will be big, but only as touchscreens for each family member. Hell is watching someone else control a GUI.”
What a relief! I’m not the only one who sighs inside when someone takes out a phone to show me something. They might be innocently navigating to YouTube, but a thousand small annoyances soon bubble to the surface as tiny questions that would seem both elitist and asinine to ask of them:
Today I decided to chill out about it. Partly because I’ve realised that everyone uses interfaces differently, and that your way isn’t any less valid than mine. For all I know, the way I’m doing it — the ‘I spend more time with user interfaces than I do with other people’ way — is wrong. But, mainly, the reason I’ve decided to relax about watching other people use computers is because I’ve found something worse.
If you think that watching someone use a computer interface is hell, try listening to them do it. For six hours. On a train. When you can’t even see the device they’re using.
I now count myself among the world’s most familiar with the soft clacking sound that the iPhone’s on-screen keyboard makes when you type on it. You know, the sound that’s on by default. The one that I turn off as the first thing I do when I get a new phone, out of respect for myself and all mankind.
After six hours of hearing it, I now do an excellent impression of that sound. If I’m ever tasked to annoy someone without reaching for my phone, I’ll be fine. I’m familiar with every subtle nuance: not too harsh, like an old typewriter, but not too soft, either, like the new Apple keyboards. The ones that feel like typing on stale marshmallows.
‘Ta - ta - ta’ goes the iPhone, with each triplet of taps. ‘Ta - ta - ta,’ like a tommy gun blowing bubbles. The sound has an attack that implies a definite action has been taken, with a soft finish that speaks of the action’s relative insignificance. ‘Ta - ta - ta’, it goes again, like the world’s snootiest librarian practising mild reproofs in an empty concert hall. Well, after six hours of hearing the sound, it can ‘ta - ta - ta - ta’ right off.
Some must find it comforting to hear an audio alert for each key press. I’m not certain why. Perhaps to reassure themselves that they have, in fact, successfully reached their iPhone’s keyboard and not, for example, poked themselves in the thigh or otherwise missed altogether.
Indeed, whichever merry chap at Apple decided that the keyboard clacks should be on by default must have thought similarly: ‘People aren’t used to software keyboards,’ he surmised. ‘They’ll want it to feel close to something they’re used to. Something like a real keyboard.’ Perfectly reasonable so far. ‘Keyboards make clacking noises when you type on them. Maybe the software one should too. I can’t see any problems with that.’
Of course, the sound is both subtle and reassuring for anyone typing on the device who lacks the hand-eye coordination to pick their own nose. But should everyone around them have to suffer the dreaded ‘ta - ta - tas’, a technological cha-cha so often magnified by 12 or 13 devices in the same carriage on a morning commute, where even ‘quiet coaches’ are anything but? Must we all wear headphones just to avoid it? It doesn’t seem fair.
So here’s how to turn them off. It’s very simple:
On your home screen, find and tap the Settings app. (One tap is all you need, but you can double tap if you like. I’m OK with that now.):
Tap ‘Sounds’:
Scroll to the bottom and toggle the ‘Keyboard Clicks’ switch to OFF.
Receive my eternal thanks.
