“Guys, it’s crunch time.”

You feel dead inside as you process the words.

“We’re gonna need to be doing some late nights here for awhile. We need this done by July 16 or… ” he trails off.

“or it won’t be done by July 16,” you think to yourself.

So one late night you’re eating pizza with the project manager and you ask, “why the rush?”

“Well, our competitor is working on this thing too, and if they come out with it first then they’re going to win this whole market and we won’t have a future.”

“Of course,” you respond after looking up from your Blackberry. “I’ll stop messing around on MySpace and get to work.”

You open up Rhapsody to find some music to jam to, then you fire up WordPerfect and finish up with the report you promised to get done.

Yep, you think to yourself. We better get this project off the ground first or no one will ever use it, like when that one company tried making their own version of Hydrox. What were those called? Oh, yeah, Oreos.

There’s a lot of hysteria going on about cybersecurity as of late. Even President Trump knows the importance of “the cyber.” In theory, cybersecurity is really scary because there are a lot of moving parts involved and vulnerabilities are everywhere. However, a lot of recent high-profile breaches were a lot more old-fashioned in nature: someone got a hold of someone’s password.

By doing a handful of simple things you can be protected from a lot of potential attacks.

You don’t need to be good with computers for decent security to be within your reach, nor should you have to be. You aren’t expected to be a locksmith just to secure your home and your belongings. Why should your digital belongings be any different?

More and more of the important things in your life aren’t physical things, but digital ones. Keeping this secure isn’t just for paranoid delusional nerds. You have something to lose. David Brooks put it best:

 

Privacy is important to the development of full individuals because there has to be an interior zone within each person that other people don’t see. There has to be a zone where half-formed thoughts and delicate emotions can grow and evolve, without being exposed to the harsh glare of public judgment. There has to be a place where you can be free to develop ideas and convictions away from the pressure to conform. There has to be a spot where you are only yourself and can define yourself.

 

This isn’t going to make your digital life NSA-grade, but if you follow all these guidelines you’ll probably be fine.

Passwords

Most of the time, when someone says “my Facebook got hacked!” what they really mean is “someone guessed my Facebook password” (which is a polite translation of “I had a shitty Facebook password”) or “someone tricked me into giving them my Facebook password” or “I use the same password on every site and somebody got my password from another site and tried the same one on Facebook and they got into my account!”

Good passwords are the foundation of good digital security.

Live by these password rules:

• Every login you have should use a completely different password (don’t just use simple variations of one password!). If some rinky-dink company you have an account with (like, I don’t know, Sony) has hackers making off with your password, it’s not as big of a deal because it’s only good on that one site.
• You should pick good passwords. Good passwords are lengthy and have a lot of entropy (think of entropy in terms of a rubik’s cube. If you have solved it and all sides are solid, that’s low entropy. If you have it all scrambled that’s high entropy). aaaaaaa isn’t particularly high entropy but 1 award for my pony Isabella is quite good. A lot of sites force you to include numbers and symbols in your password and that’s great, but a password that is a long phrase is as hard to guess as a short password made of cryptic numbers, letters and symbols. If a site says your password can be up to 32 characters long, make it 32 characters long. It’ll be that much harder for hackers to guess.
• Use fake answers to security questions, and keep a record of your fake answers. The answer to a security question is as good as a password, so make sure that your answers aren’t things others can find out about you easily. I use random phrases as answers to security questions and keep track of those in a password manager. Your mother can’t change her maiden name, so don’t use her real one as your security answer!

There’s no way you can remember all those passwords. You need a password manager.

I have logins for HUNDREDS of sites, and I actually know maybe half a dozen of the passwords for them. My password manager knows all, and it keeps them in a securely encrypted virtual vault.

Password managers used to be a tool for nerds like me who have a ton of logins. Nowadays that’s pretty much everyone. They work on your computer and on your phone/tablet, and they have the added bonus of saving you from typing in repetitive information in forms on the web.

I use 1Password on my Macs and iOS devices. It’s cheap and totally worth it. If you’re more of a tightwad you can use iCloud Keychain (assuming you use Safari). Lastpass works well too (and is free, and is available on virtually all platforms).

A password manager takes some getting used to but it’s worth getting into the habit.

One very important note: Your password vault’s password needs to be REALLY good. Pick a long one that is super hard to guess (but make sure it’s easy to type on your phone! 

don’t get phished

“So Aaron, what’s the easiest way for a hacker to get my password?”

“You’ll voluntarily give it to them.”

“Whaaaaa?”

Yep, hackers don’t need to build some sophisticated computing cluster to break past a firewall. Instead, they rely on the biggest security hole of all: the humans that use these secure systems.

It’s surprisingly easy to harvest users’ passwords by sending them official-looking emails that lead to fake web pages that make you think you’re logging into a real site. It’s gotten even more targeted nowadays, too. There might even be people trying to phish you at work, convincing you to share some proprietary company information.

Be suspicious of emails telling you that you need to verify stuff. Be suspicious of an email from Amazon or eBay telling you that you just bought some expensive item you didn’t buy.

If the email is from a site you use and it’s suspicious looking, don’t click a link in the email. Instead, go to your browser and log directly into that web site, then deal with the matter from there.

Always double check URLs in your browser’s address bar to make sure you’re on the site you expect to be on.

Get in the habit of always using your password manager to log into sites. If you think you’re on Target’s web site, but you’re actually on target.com.myphishingsite.biz, your password manager won’t fill in your target.com login.

If your web browser tells you that it might be a phishing site, believe it.

Ad Blocking

I recommend that you equip all your web browsers with ad blocking extensions.

There are ethical issues for sure. Most of the sites you use serve ads to pay their bills and using an ad blocker is kind of like leeching off of them.

The problem is that most sites don’t directly control the ads that appear on their pages. Instead they let a complex series of shady middlemen manage these ads, and as a result, a lot of otherwise reputable sites have lately been feeding you shady ads and sometimes malware.

Ghostery goes a long way to protecting you; it blocks hundreds of trackers. I also recommend AdBlock Plus and uBlock Origin.

If you’re on iOS you can get ad blocking now too; as of iOS 9 Apple had added the ability to develop content blocking extensions for Safari. They’re super fast and they make Safari load pages a lot faster!

Nowadays a lot more sites try to detect if you’re using an ad blocker and will bug you about if if they think you’re using one. Wired won’t even let you read the article. If you land on a page like that, don’t whitelist the site like it asks you to. Instead, just open that page in an incognito window. In iOS you can also press and hold the refresh button to reload the page without content blockers.

As an aside, I strongly recommend that you find sites that make cool stuff and support them. Spend the $10 on YouTube Red and enjoy ad-free videos without guilt. Pay for a news site subscription. Patronize people on Patreon. There’s stuff on the web worth giving your support to, and if more people start paying creators with cash dollars, we won’t be expected to pay for stuff with our eyeballs.

Maintenance and Security Updates

OS updates don’t just give you the latest emoji; they usually include security fixes, and they’re an important way to protect yourself! Always install your security updates promptly. 

I recommend iOS over Android to all friends, not just because iOS is so much nicer overall, but because security updates on Android are a total crapshoot. If you insist on using Android, I recommend using the Google-branded phones. Google-branded Android phones get Android updates the soonest. 

Most modern web browsers are very aggressive about updating themselves and that’s a good thing; don’t try to stop your browser from updating. Most people are doing a lot of their computing inside of a web browser and so that makes your browser a big attack vector. 

Miscellany

I think the above steps are essential, but there are a handful more things you can do to make yourself just a little more secure.

On iOS if you set a six-digit passcode, all the data on your phone is encrypted with a strong key, and iOS works really hard to prevent people from guessing your passcode by brute force. (And to be clear here, that hard work on iOS’s part is the really important part here, otherwise a six-digit passcode is laughably inadequate. Do not let this give you the impression that six numbers makes a good password for your other accounts.)

You should absolutely have a passcode on your iPhone/iPad.

On OS X you can enable FileVault, which encrypts your entire hard drive. You should have FileVault enabled, but make sure you keep the recovery key in a safe place. When it’s on you won’t really see any difference in how your Mac works. It’s great.

Windows offers full-disk encryption as well.

If you want some more security for your accounts, Two Factor Authentication is a great thing to add. With 2FA, your password alone doesn’t get you access to your account; you also provide an extra six-digit code that changes frequently to get into your account. 1Password can work with these. I recommend turning on Two Factor Authentication for your iCloud account or your Google account.

I could go on, but this is a good start. If security interests you, you should dig into it more!

This stuff is important

Maybe you live in a home in a pretty safe neighborhood. Not much crime is happening around you, and you feel nice and safe. 

Being just a regular average Joe on the internet you might think you’re also in a safe internet neighborhood and that no one’s gonna hack your account. After all, why would they?

On the internet, we’re all living in the unsafe neighborhood. On the internet you’re just as accessible as any other citizen on the internet. Your private photos are on the same iCloud as all the celebrities whose private photos got leaked awhile back. You’re the same one phone call or email away from some scammer who tries to get you to install some app that watches everything happening on your computer.

I don’t secure my digital belongings because I’m a computer enthusiast; I secure them because they’re mine. You don’t leave your car unlocked on a busy street because “you’re not a car guy.”

Security habits benefit everyone, and I believe they should be accessible to everyone, whether you’re the President, some CEO, or a high schooler named Jessica.

I’ve long been on the quest for the perfect pair of headphones suitable for using for work and pleasure. For the past year or so I’ve settled on Beats Studio Wireless headphones as my “good enough” headphones that get the job done because they offer two things I find essential: 1) they’re wireless, and 2) they offer active noise cancellation. 

While my Beats headphones were getting repaired awhile back I took to using my Bose QC3 headphones, a fantastic pair of on-ear, noise cancelling headphones, and I was a bit surprised to remember just how good Bose’s noise canceling technology is (after all, they invented the category). Due to a very luckily timed tweet Bose caught wind of my desires and they were kind enough to send me a pair of QC35s which they released last Sunday (full disclosure: Bose gave me these; they aren’t a review unit).

I plugged them in to charge them up (silly superstition of mine that I like to give brand new stuff a full charge before using) and I put them on and powered them on. They were easily paired with my iMac and I was off to the races.

I didn’t want to post knee-jerk impressions so I have held off, using these over the past few days to really get a sense of what they are like to use, and I have to say, I’ve never been more impressed by a pair of headphones.

Mind you, I’m not an audiophile; most of the things I’m looking for in a pair of headphones are convenience features, and I’m not listening to music to really appreciate every single detail of a song with perfect fidelity; I’m usually using headphones because I work in an open-plan office with a bunch of other folks and I want to provide some sense of isolation to help me concentrate, and I want to enjoy sound that is relatively high quality. Of course, I assume that if you’re reading a post about Bose headphones you aren’t the type to snub your nose at them anyway, so you’re probably going to be fine. I know that Bose stuff may not be an audiophile’s dream but they do a great job of making quality sound equipment for the mass market.

Noise Cancellation

The noise cancellation on these is remarkable. I’ve used the Bose QC15s and the Bose QC3 and have always found their noise cancelling to be quite good, but the QC35 uses Bose’s latest tech, incorporating microphones both inside and outside of the cup to vastly improve noise cancellation performance. And it makes a huge difference. I feel like I’m the only person in the room when I’m listening to music with these on. I can’t hear my coworkers typing on their clicky keyboards or chatting or laughing. It’s really quite fantastic.

Compared with my Beats headphones, Bose’s acoustic noise canceling is wildly better. In particular, I appreciate that on the Bose headphones I don’t hear my pulse echoing when no music is playing (something that will drive you nuts if you just want to enjoy the noise cancelling without any music playing).

Wireless

Being wireless might just seem like a box to check off in a features list, but to really do it well takes a lot more than that. The QC35s will pair nice and easily with Bluetooth. You can pair the headphones to up to eight different devices and the headphones can be connected to two devices at once (though audio will only come through on one device at a time). These aren’t the first headphones to offer this kind of functionality, but allowing you to control it via an iOS app means that for the first time in my life I’ve been able to use wireless headphones with two devices at once without it being a huge pain in the neck. It’d be super cool if they offered an OS X app for doing this, but I can live without that, especially given that one of my connected devices is bound to be an iOS device anyway.

Example of this multi-connect functionality in action: You’re at your desk, listening to music on your computer, when you get a phone call. You pause the music and answer your phone, carrying on the conversation all through the headphones. When you’re off the call, you play the music again and you’re right back to where you were. 

If you’re actively listening to sound on one device and the other starts playing something, you won’t hear it until you stop sound on your current device, which is a smart behavior; you don’t want your phone hijacking your headphones just because someone is calling.

Sound quality is excellent. I know Bluetooth headphones get a bad rap for having poor audio quality but in the past couple of years I think they’ve crossed the “good enough” threshold for 98% of consumers. Music sounds clear and detailed, with a decent (but not overpowering) amount of bass. The noise canceling helps you appreciate your music even more because less of it gets drowned out by outside noises. You’ll be able to keep your music at a quieter level while still blocking out the environment around you.

Bose prides themselves on reducing what they refer to as the “electronic noise floor;” that is, that soft buzzing sound you can hear when the headphones are on but nothing is playing. My Beats Studio Wireless headphones have a particularly noisy buzz that makes them seem cheap, but the QC35s don’t exhibit this at all. If there is any buzz it’s totally inaudible for me.

Bluetooth performance overall is great. I can freely move around at my desk without causing so much as a jitter with the sound. I’ve had audio skip on me a bit on my iPhone and iPad, but I believe in these cases the devices were at fault; it could either be related to being connected to two devices at once, or it could be just that iOS skipped the audio for a fraction of a second when notifications came in or I switched apps. I spent awhile using these with my iOS devices and the issue was rare and nothing to write home about.

Battery Life

I have been using these headphones since Wednesday, which means two and a half full workdays plus a couple hours this afternoon, and I didn’t charge until last night when I still had about 15% left. Bose rates these as offering 20 hours of battery life and I think in practice they perform even better.

If you want to go wired you can enjoy twice as much battery life. Having the wired option is nice on these headphones; if you want to use someone else’s device or share the headphones quick it saves you from needing to go through the Bluetooth pairing process for just a quick listen on another computer. If this were my ideal pair of headphones I’d also be able to plug it in via USB and have it be a USB audio device, letting me charge and listen to high quality audio. Another day, maybe…

Comfort

Bose put an incredible amount of thought and effort into this. While my personal favorite form factor is the on-ear design (found in the discontinued QC3 but still available in their spiritual successor headphones, the SoundLink on-ear wireless headphones), the QC35s are building on years of experience making comfy headphones. The materials feel light but premium, and the ear cups feel soft and easily fit around my ears. They don’t make my ears feel too warm or sweaty either. They’re very easy to wear all day.

Conclusion: Buy

Again, audio purists would probably reject headphones like this outright; acoustic noise cancelling and Bluetooth have both traditionally been considered things that adulterate the sound. But as I said, purists probably don’t care how good these are and they probably aren’t reading this.

The people who are reading this are most likely people who want a quality pair of headphones that sound great, are comfortable and convenient to use, and can provide you with a little sound isolation in a noisy environment. I’m confident that the QC35s are the best headphones for that job. Bose may not have been the first to put noise canceling Bluetooth headphones on the market, but they are for sure the first ones to do it right.

If you’ve ever worked in the same office as me you may know that I have a sort of… obsession with keeping glass screens completely pristine. My favorite (and only) tool for this job is iKlear’s suite of cleaning products. 

They’re the only thing that keeps my Apple stuff looking incredible, the stuff doesn’t smell of volatile chemicals, and the material of the cloths included work incredibly well. The iKlear kits include a blue chamois microfiber cloth good for surfaces and matte LCDs and this gray microfiber cloth said to be anti-bacterial and recommended for use on glass.

I use these for everyday electronics cleaning, cleaning my glasses, and removing sticker residue from my laptop when I get rid of stickers.

Swift going open-source today is for sure exciting news, but we need to temper our expectations for what that means for the language. For sure it’s better to see an open-source Swift than a closed-source one, but merely being open-source isn’t a panacea for Swift.

Lest you think I’m just being a pessimist, Objective-C is open-source for decades, yet the only people using it to build real apps are building them on Apple-owned platforms.  Despite the language’s merit, it’s risky to build your software or your own framework with a language whose roadmap is entirely dictated by another company. This is why many incredibly popular frameworks are built on languages that aren’t primarily associated with a particular company’s platform (for instance, this is why you don’t often see OS X apps written with Mono, or Windows apps written in Objective-C.

Outsiders could now theoretically contribute to an open-source Swift, but that’s almost certainly not going to happen. Typically in the past Apple has worked on open-source work in secret, then released it all to the public once it was unveiled. It’s not super collaborative. Apple might accept a pull request here or there, but they’ll be working on it alone.

The most sure benefit I can see with an open-source Swift is security. With public source code, any security researcher can dive right into Swift’s source code and the source code of the compiler and find potential vectors for attack in a way that’s a lot more difficult if you don’t have source access. 

Swift is an incredibly interesting language, though. It lets developers write very high-level code with the performance of a very low-level language. It also gets the head start of being the lingua franca of the army of iOS and OS X developers in the wild. At the same time, there are many other new languages coming into the fray, many of which are offering similar things (high performance, easy concurrency, safety, all with high-level abstractions). If Swift can successfully gain some independent frameworks and communities to grow around them, it just might stand a chance.

As I walked out out of the conference hall after DHH’s RailsConf keynote this morning, I felt this vibe that people are regarding him as out of touch with reality. Indeed, DHH did give off this sort of church sermon-like tone in his keynote, railing (pun sort of intended) against microservices and JS frameworks.

For some reason, SOAs and JS frameworks have gotten a reputation for being something you want to use instead of something that you have to use. From what I’ve seen with each, I struggle to understand how they got to be in vogue.

SOA proponents will make the usual arguments. When apps are made of small services it’s easier to scale them individually. If your app hits big enough scale a monolith would be crushed under its own weight. That sort of thing. But I’m also hearing proponents discuss how small services are better because each app is simpler and it lets its developers move faster and with less cognitive load. And that’s a load of bullshit.

Architecting your application as a set of microservices adds a large upfront cost in the form of new complexity, and it takes a lot of traffic for that to pay off. Your uptime is reduced with every codependent service running at the same time, so you need systems engineers to help keep as many nines as possible in your uptime. You start discussing things like putting your services in  a VPC so that they can quickly talk to one another keep traffic private. Each app needs fault tolerance against other services being unreachable. Debugging becomes wildly more difficult. You need to be on your monitoring game.

Oh, and by the way, you need to consider your application-level architecture. Applications don’t break up easily into super independent components; in the real world these components tend to deeply intermingle with one another. It’s challenging to design the services in a way that adding one feature doesn’t end up touching 3-4 services.

I feel like no one ever talks about these application-level issues. I hear people speaking in generalities about ensuring apps only have a single responsibility, but I’ve yet to hear a real-world story of a real-world app that is built with an SOA and takes business need changes in stride and the developers are happy and work with minimal cognitive load. 

Big companies like Google and Amazon aren’t using services because it’s faster or more productive; they’re doing it because they have to.

DHH isn’t trying to cling to some foregone notion of cowboys taming the wild west on their own with their Rails monoliths; he provides real examples of large scale monoliths (Basecamp, GitHub, Shopify). I hate seeing those 3 examples getting reused, but those apps remain successful, and I am not hearing about equivalent SOA-based counterparts.

I’m not snubbing what other frameworks have to offer, but I take comfort in that I can ship real products using Rails with minimal developer manpower. If the app is just as nice, customers won’t care or notice. As everyone around me is levitating toward over-engineered collections of microservices I can see it going two ways, both positive for me. If the world ends up being right and microservices are a productivity panacea, I’ll embrace them with open arms (using Rails 5’s new API mode that DHH was none too excited to announce). If they’re wrong, then I’ll churn out more value faster while they spin their wheels with services.

The leaked specs and artist’s rendering of Apple’s alleged 12″ MacBook Air are a radical move for Apple laptops, particularly in that they are getting rid of most of the ports in favor of just two: a USB Type C connector, and a headphone jack.

• I don’t want to have to visit your web site and check the news from there every day; I want to aggregate it.
• I don’t want to need to use your mobile app to read the news.
• I don’t want your article pages to be magazine-like with painstaking layouts and typography. Good writing suits me just fine. If you do want do do those things, keep the design clean.
• I don’t want my news pages littered with ads. In fact, I don’t want any ads at all.
• I don’t want articles cluttered with links to other things I “might be interested in,” half of which are actually ads posing as real content, and many of which have carefully constructed clickbait titles. And i sure as hell don’t want these links inserted into the article content.
• I don’t want to make comments on your site or participate in any sort of community with the other readers, and the only people who seem to aren’t exactly generating positive discourse.
• I don’t want the articles I’m reading to be paginated. I know how to scroll.
• I don’t want a toolbar at the bottom with a call to action for me to share that thing to a bunch of social networks. If I want to share the article, I know how to copy a link.
• I don’t want to pay over $100/year to support the site. News companies are pricing these as though I get all my news from one source, when I’m reading from dozens of sources in a given week.
• I don’t want to see user generated content on my news site. There are other sites where I look at user generated content, like Twitter, or Instagram, or Vine, or YouTube, or Facebook, or one of the dozens of other places.
• I don’t want to read articles that managed somehow to extract four paragraphs of filler from a single tweet. I’d rather just look at the tweet.
• I don’t want my news site to have a social presence, trying to push things to me to read there.
• I don’t want my news site to be incentivized to get me to click on their articles.
• I don’t want a video at the top of the articles I’m reading, and I sure as hell don’t want it to auto-play.

• Well-written articles that are rigorously fact-checked and well contextualized
• • Bonus points if you happened to capture some photos of the event. If you didn’t, that’s okay, you don’t need to show me a stock photo of something related to it.
• A full-article RSS feed that lets me do all my reading from my RSS reader.
• A way to easily pay you a fair price for the above two things, and ensure that you’re beholden to me, and not your parent company, not advertisers, not some bullshit KPIs somebody wants you to hit. 
• the ability to share links to nice clean versions of articles with my friends and followers
• The news org to be independent from corporate owners. If I’m paying you, I want you working for me.
• For news like this to be available to me at the local, regional, national, and international levels (and I don’t mind paying separately for each)