I recently switched away from WordPress to the Hugo static site generator. For the most part I have been very happy. The biggest downside has been related to publishing a new post. Unlike WordPress, there is no app. Publishing requires SSHing into a server and running a series of commands by hand. What I wanted was a one click posting option. In addition I needed a way to load the article into Apple News.
Workflow to the rescue.
Now that the future of Workflow seems secure in iOS 12 Shortcuts I decided to use it to automate the process of posting a new article. The workflow takes in text, asks for a title, generates a preview, then posts to both the site and Apple News.
My setup consists of two Linux servers. One runs the Hugo software where the raw text files live. The other is the actual webserver. Everything is previewed in the first server. Then the site is built there and synced over using rsync.
The workflow accepts plain text. Currently I am not using images on the new site. So this workflow does not account for them. The nice thing is I can use basically any app that can generate text. I am not locked in to anything. Then a prompt asks for a title in proper title casing, saves it as a variable, then generates a file name by transforming to lowercase and converting spaces to hyphens. The final variable is the date in ISO 8601 format.
Now I generate the markdown document in the format my theme requires. Using cat I send it up to the test server over SSH.
Next I want to preview the post to make sure it looks how I want. Hugo has a built in preview server for this very purpose. My idea was to generate the preview over SSH and then jump to safari to see it. But I hit my first snag. When you use the hugo server command, it does not return to a prompt until you kill the running process. So using the SSH block in workflow causes the whole thing to pause at this point.
The solution was to open the Hugo server in screen. This runs it in the background and lets the workflow continue. I use the server IP instead of a domain name because I will be previewing the server over regular http. Since I am in the HSTS preload list I would be unable to get to it using the domain.
Workflow then opens this page in Safari so I can preview. It pauses until I return. When I do it kills the screen session, which terminates the preview server.
Next I ask whether to continue. If the preview had a problem I can abort at this point. Otherwise the workflow continues. I delete the public folder that was built the last time I ran Hugo. Then run it to build the new site, sync it to the webserver using rsync, and push the changes to a private GitHub repo as a form of backup.
And now the post is live. The last step is to get the it into Apple News. This was tricky because back when I was on WordPress I switched to the Apple News format away from pulling an RSS feed. This means the post needs to be uploaded using the API. But there is no Hugo plugin I can find. So I’m doing it myself.
Still in Workflow I generate a JSON file for Apple News. Thankfully News supports markdown. All I need to do to my article is to replace all newline characters with a literal BACKSLASH N to get the whole thing onto a single line. Using regex, Find BACKSLASH N, and replace them with the literal BACKSLASH BACKSLASH N. Yes, I am avoiding typing those characters out here so as not to break the workflow.
Then I use the Apple News ruby client on my server to upload the article.
And that’s it. I now have a full publishing app built right within Workflow. It really goes to show just how powerful this app is. I am beyond relieved that Apple is keeping this after purchasing the app, and that iOS 12 will probably allow for even more powerful apps to be built. And it serves as another reminder that iOS really has become a productivity platform.
As my process of de-socialization continues, my app list for this month reflects dropping the last of an entire category.
- RSS: Still using Fiery Feeds, but my backend sync service has gone back to Feedbin. The main reason has to do with the next app category.
- Twitter: Also using Fiery Feeds and Feedbin. I no longer enjoy using Twitter. In fact I have really grown to hate it. It has become clear that the thing we all enjoyed a decade ago is gone forever. Unfortunately there are still some people I wish to follow there. Enter Feedbin’s amazing Twitter feature. While Inoreader does allow you to subscribe to Twitter streams as well, the presentation is not nearly as good as Feebin’s. For tweets with linked articles, Feedbin will load the entire text. Inoreader uses the entire tweet as the article title, which just looks incredibly messy. The whole Twitter experience in Feedbin just looks so much nicer. Since I have deleted my entire Twitter history and will be using it as a read only feed, Feedbin’s superior Twitter parsing makes it a clear winner.
- Browser: I still like Firefox, but I am back on Safari for now. Mainly due to the mobile experience. Firefox tried too hard to be different than mobile Safari. I don’t need different, but I do need open tab syncing. So Safari is really the best option still. Plus it will be gaining some very nice anti-tracking features this fall.
- Writing: I’ve spoken about how much I love Drafts before. But these last few articles I have written entirely there instead of in Ulysses. Drafts is such a natural place since my articles fit the write here and send it somewhere else mentality of Drafts. Plus it integrates great with Workflow, which is how I am now posting all of my website articles.
I had no interest in the HomePod when it was announced. I had no interest when it was finally released after months of delay. I ended up buying one, almost on a whim, because of Sonos.
I’ve had Sonos speakers in every room for years. I really like them. But two things happened recently. The first is that Sonos announced AirPlay 2 was coming, but then didn’t bring it to a single speaker I own. Then they announced the Beam. I was all ready to buy a Beam. But somehow, despite years of its users begging for great audio codec support (Dolby Digital Plus, DTS, to say nothing of Dolby Atmos), and despite now having the HDMI port that was previously missing for these to be supported, Sonos is stubbornly sticking to its anti home theatre support position on its home theatre products.
Aside from the home theatre setup, I mostly listen to Podcasts, but the podcast service selection on Sonos is not great. PocketCasts is about it. Yes, Stitcher is there, but I would prefer to live in a world where I can pretend that it isn’t. And even with PocketCasts, you don’t get important features like 30 second skips, chapters, and silence trimming.
I tried Bluetooth speakers, but I hate them. I don’t mind Bluetooth headphones, but speakers are terrible. I switch between devices often when listening at home, and Bluetooth makes this a chore.
So I decided to try a HomePod. And you know what, it is really good. I like it more than I expected. As every other review has noted it sounds amazingly great. Nothing else in that size compares. No matter where I place it in the room, it fills it.
I can AirPlay from any device with ease. Well, almost. Mac support for AirPlay is still odd at times. Though AirFoil does fix this for the most part. Not everything is AirPlay 2 yet, but the fallback to the original AirPlay works for me for now. I know it seems like it should be minor but the difference in sending audio to a Bluetooth speaker vs sending to an AirPlay speaker really makes the latter a far superior experience for me.
And then there is Siri. Siri is imperfect, and definitely does sometimes fall down in places where Alexa does not. However, this is not always the case. Oddly our ceiling fans, which are compatible with both HomeKit and Alexa work far better with Siri. I would say about half the time Alexa fails, even though it indicates success. Siri commands work nearly every time. In fact, for smart home devices I now prefer Siri over Alexa. A big part of this is the Home app. Having an option beyond voice control is really nice.
The biggest issue for the HomePod at this point is price. That $349 is really a tough sell. I think if they could knock $100 off it would be more interesting to people. They don’t need to get it to Echo Dot levels, but there is something about sub $250 that makes it easier to justify.
But overall I think it is a solid product. More solid than I expected. I am excited to see where it goes. I am really hoping that iOS 12 Shortcuts is a preview of how Apple is going to finally push Siri forward. Should you run out and get one? Probably not. I fully expect a version 2 at some point, and likely a price drop. If Apple’s usual pattern holds, the current HomePod will eventually become the entry model with a newer one above it. It’s a wait and see game for now. No, it has not taken the world by storm, but this product doesn’t have to. Steady improvement is what it needs. I am hopeful that this will happen.
I swapped out a few apps for June.
- Browser: I have not given Firefox a try in a while. I like Mozilla. I believe they actually care about the open web, as well as have a respect for user privacy. So far I have been quite happy with the performance of the browser. Their tracking protection is basically a built in content blocker. One of the few third party browsers on iOS with a functional blocker. And calling it “Tracking Protection” is genius. Sites that want you to turn it off can’t hide their true motivations.
- Podcasts: Oh boy has a lot happened here. Pocket Casts, my pick last month, was purchased by a combination of NYC and Chicago public radio. I am a member of WNYC. I love public radio. But this acquisition makes me nervous. Then came Castro 3. Wow oh wow. I am so loving this app. It fixed nearly all the issues that kept me from using it previously (almost - my kingdom for an iPad app.) The queue system in Castro is simply genius. Aside from some bugs I am extremely happy here.
- Productivity: When Agenda launched on macOS I found it interesting but ultimately didn’t do much with it. Now that it is on iOS also I’m going to give it a fair shake. Not sure if it will have the ability to knock me off of Bear and Things. That will be incredibly difficult. But I am interested in if I can find a place for it, particularly around project management.
I believe everyone has a right to privacy, and has a right to control their personal information.
This site does not run ads, does not use trackers, does not store cookies, and does not log IP addresses. Only two types of connections are logged, 1) errors (for the purpose of troubleshooting) and 2) violations of the page’s Content Security Policy. Beyond this only the minimum amount of information required for an active TCP session will be used, and will be discarded upon termination of the session.
Day One is my favorite journaling app for Mac and iOS. But they had a bad, bad week. Sync was down for several days due to a hardware failure. When it finally returned, the fallout turned out to be pretty catastrophic for an app that stores private information. From their post:
New user accounts are created with sequential IDs. Since the restored cluster did not contain the newest account IDs, new accounts created on May 8 were receiving lower IDs than expected, which overlapped with existing accounts in the original database. As a result, those new accounts had IDs matching some of the existing journal records, and received access to a few existing journals.
That’s really bad. Who knows what kind of deeply personal information may have been disclosed to unknown parties.
Day One has an optional end-to-end encryption feature.
We do not currently have information on how many of those journals used end-to-end encryption, but any such journals would have been protected against disclosure.
This is precisely why those of us who care about encryption are so absolute about having strong, backdoor-free encryption. It not only proactively protects your data, it reactively protects your data. What happened to Day One was an accident, but if you had end-to-end encryption turned on, you were safe. The problem here is that it is off by default, and not easy to discover within the app, so I expect the number of people using it is incredibly low.
If you are a Day One user, go to Settings > Journals and turn it on for all of your individual journals now. The only downside is that the Android app and Web app currently do not support this. Assuming you don’t need either, there is no reason not to. Put the private key in your password manager and you are good to go.
Day One did the right thing in disclosing what happened. But going forward I would love to see them, and everyone who stores sensitive data on a remote server enable end-to-end encryption as the default. The only data that you cannot leak is the data that you do not have.
An unfortunately common tactic taken by websites in a misguided attempt at security is to prevent pasting a password. The NIST officially recommends against this.
Verifiers SHOULD permit claimants to use “paste” functionality when entering a memorized secret. This facilitates the use of password managers, which are widely used and in many cases increase the likelihood that users will choose stronger memorized secrets.
I ran into this personally a few days ago. An organization I belong to forced a password change. Upon generating my random password, I was unable to paste it into the field. I decided to reach out to the organization, pointing out that this actually encourages worse passwords, not better ones.
Their initial response:
Thanks for reaching out. [Our] decision on updating the password requirements comes from an increase in security requirements. The extended minimum length, mandatory special, upper, lower and number characters, and one year life span increases the complexity and lowers the chance of any breach attempt. We do not allow copy and pasting due for security reasons. Viruses, Malware, and other intrusive programs can copy all data saved to the clipboard for later use. Furthermore, users may by accidentally past their password to their username and save it as auto fill, thus view-able to other programs.
This is always the response. “Security reasons.” Of course neither of the examples they game me make any sense.
- If you have malware on your computer, it does not need to steal from the clipboard. It can just log keystrokes.
- Users can accidentally type their password into the wrong field. I have seen this happen. Particularly among users with poor typing skills. They almost never look at the screen.
I raised these objections. The response back:
Thanks for getting back to us. We do not allow copying an pasting passwords upon creating as to mitigate possible typos and for security. Yes as key loggers would most likely be user use on a comprised computer, we still want to mitigate any other possible problems. After creation users who use complex passwords are more than welcome to copy and paste their password on the login page though.
So in order to prevent typos, they require you to type. Um? You know how to guarantee you aren’t making a typo? Copy and Paste!!!
I gave up on the communication at this point. I ended up manually typing my extremely long and complex password into the form. But how many users will do this versus just give up and type out
P@ssw0rd1instead? After all, it meets all of the requirements, and it sure is easy.
If you run a website or service that uses passwords, I beg of you. Read the NIST guidelines. Please help those of us who are trying to teach users good security habits.
I use a ton of apps, and I very frequently move between them. I like trying out new things and knowing what else is out there. So I’m going to do a regular check in on what I am using. These aren’t necessarily recommendations, as I don’t feel I can recommend something without knowing a person’s workflow. But I do think these are worth trying out.
- Mail: Spark is the only third party mail app I use that is available on both mobile and desktop, has the features I want, and is stable enough for day to day use. Not sure why so few mail apps have integration with other apps and services, but Spark does.
- Calendar: Fantastical. Nothing beats the natural language entry. I can copy and paste sentences from an email and it figures out the event details.
- To Do: Things really wowed me with their recent automation release. It’s also beautiful.
- Notes: Bear is perhaps my favorite new app. So many notes apps are bloated, slow, or ugly. Bear is none of those things. It has great integration with other apps and supports some great automation workflows. Notes are plain text, so you are not locked in.
- Writing: Ulysses is where I write these very words. A great app for drafting and organizing my blog posts, as well as writing for my day job.
- Storage: DEVONthink is one of those power user apps that can do almost anything. When I moved from Evernote I sent notes to Bear, and everything else here. It’s my “everything” bucket.
- Password Manager: 1Password is the longest running app I have ever used. I’ve been on it since the original release. I wouldn’t say you need any apps on this list with one exception. You need this one.
- Finance: Banktivity has been on my home screen since back when it was called iBank (and on my Mac before the iPhone even existed).
- RSS: On iOS I use Fiery Feeds, and on the Mac Reeder. Inoreader is my sync engine.
- Read Later: Pocket won me over as a longtime Instapaper user. I still like Instapaper, but being owned by a social network makes me very nervous. Mozilla owns Pocket, and I trust their motivations more.
- Podcasts: Pocket Casts is my current daily podcast app. I jump around a lot here. Pocket Casts wins in large part because of Sonos integration. I still love Overcast too, but Pocket Casts checks more boxes. I feel like Pocket Casts gets overlooked because it is also an Android app and many of those on iOS are terrible ports. This one isn’t. It’s a good iOS citizen. I also like the queue management better than Overcast, though not as much as Castro’s.
- Running: I record with the built in Apple Watch app, because unlike the others I never experience crashes with it. Then I use RunGap to sync it to the services I use.
- Automation: A combination of Drafts 5 and Workflow. Don’t know what I would do without them.
I’m hitting the reset button. My old blog was getting stale. I wasn’t updating nearly as often as I wanted to. The old site was a WordPress site. WordPress gets a bad rap, mostly because too many sites get setup and never secured or patched. I was pretty good about that, but it still wasn’t working for me anymore.
WordPress felt heavy. As I tried to make my pageloads faster and my security headers more strict, I was constantly running up against the heaviness of a CMS generated webpage.
So I am trying out Hugo. I like the idea of returning to simple, static pages. I write in Markdown anyway, so why not use a site generator that accepts it natively. I also am using a very lightweight theme that uses no trackers. Simple, secure, and clean.
I’ve also decided not to import the old posts. Most were outdated, and many of the series I wanted to run were never finished. Also, there was a mix of personal and professional on there. Going to stick more toward the professional side here, but still with my own voice.
This allow allows me to do something else I have wanted to do, which is license my writing under Creative Commons. I wasn’t comfortable doing this with personal posts. The new license does not cover the old content. Just this reborn version of the site.
I’m going to try to commit to posting more often, and for those to be more useful. Also I am still in the process of grokking Hugo’s fullness, so there may be some wild changes to the site until I get more comfortable with how it works.
I manage IT at a K-12 school. Previously I worked at Tekserve, the famous Apple Specialist. I also blog and podcast when I have the time.