RSS | Michael Truskowski


To subscribe to this RSS feed, copy its address and paste it into your favorite feed reader.

Michael Truskowski Recent content on Michael Truskowski Hugo -- en Thu, 30 May 2019 11:16:40 -0400 My Top 10 Coasters 2019 Thu, 30 May 2019 11:16:40 -0400 <p>As we begin the 2019 amusement park season I thought this would be a good time to put out a list of my current top 10 roller coasters. This list includes coasters I have personally been on. So don&rsquo;t be surprised if a personal favorite of yours is missing.</p> <p>But first some honorable mentions. In no particular order.</p> <p>Steel Force (Dorsey Park, PA)<br /> Nitro (Six Flags Great Adventure, NJ)<br /> Kumba (Busch Gardens Tampa, FL)<br /> Intimidator 305 (Kings Dominion, VA)<br /> Magnum XL 200 (Cedar Point, OH)<br /> Millennium Force (Cedar Point, OH)</p> <h3 id="10-the-incredible-hulk">10) The Incredible Hulk</h3> <h4 id="universal-studios-islands-of-adventure-florida">Universal Studios Islands of Adventure, Florida</h4> <p>One of B&amp;M’s finest coasters. For the longest time their only launch coaster. <em>Incredible Hulk</em> is simply a great design. It runs well, its thrilling, and has a reasonable level of theming. Not Disney levels mind you, but still a lot of fun.</p> <h3 id="9-big-bad-wolf">9) Big Bad Wolf</h3> <h4 id="busch-gardens-williamsburg-virginia">Busch Gardens Williamsburg, Virginia</h4> <p>This is the only defunct coaster on my list. And I will forever miss it. There are very few Arrow suspended coasters left in the world, and this was the best of them. It’s replacement, <em>Verbolten</em>, is fine, but not on the same level. It was fun, it was unique, and it was well themed. Swinging out over the river was simply breathtaking.</p> <h3 id="8-maverick">8) Maverick</h3> <h4 id="cedar-point-ohio">Cedar Point, Ohio</h4> <p>It’s not the biggest coaster at the park (not even close). It’s not the fastest. It doesn’t have the most inversions. And yet this is the one of the best. <em>Maverick</em> is a wild, thrilling ride that will leave you stunned after your first experience. And the switch to vest restraints really made the ride so much more comfortable. More vests please!</p> <h3 id="7-the-beast">7) The Beast</h3> <h4 id="kings-island-ohio">Kings Island, Ohio</h4> <p>It opened in 1979 and remains the longest wooden coaster in the world. What is most striking about this ride is that you cannot see it. Other than the lift hill, the vast majority of the ride is back in the woods. It adds to the atmosphere. You feel like you have left the park and are out on an adventure. Add to that a ride that is fast and powerful. It has that old school wooden roughness without being uncomfortable.</p> <h3 id="6-superman">6) Superman</h3> <h4 id="six-flags-new-england-massachusetts">Six Flags New England, Massachusetts</h4> <p>Despite there being a few other versions of this ride out there, this is the one to travel for. Incredibly fast, smooth, and full of ejector airtime. This ride is simply amazing. And worthy of its namesake.</p> <h3 id="5-big-thunder-mountain-railroad">5) Big Thunder Mountain Railroad</h3> <h4 id="walt-disney-world-s-magic-kingdom-florida">Walt Disney World’s Magic Kingdom, Florida</h4> <p>This one holds a special place in my heart as the very first coaster I have ever ridden. It may not be the world’s most thrilling roller coaster, but it is a ton of fun. This ride is a perfect example of how Disney’s theming and attention to detail takes what would otherwise be a run of the mill family coaster and make it into something truly magical. A low height requirement and a more mild disposition makes this one of the few roller coasters that entire families can enjoy together.</p> <h3 id="4-phoenix">4) Phoenix</h3> <h4 id="knoebels-amusement-park-pennsylvania">Knoebels Amusement Park, Pennsylvania</h4> <p>This was my first non-Disney roller coaster. I knew the story of it at the time but it didn’t hit me until later just how amazing it is. This classic coaster was originally designed in 1947 by legendary designer Herb Schmeck. But not at Knoebels and not in Pennsylvania. Rather, this coaster was located at a park in San Antonio, Texas. When the park closed in 1980, Knoebels did something novel. They moved it, board by board, to Pennsylvania. While so many other rides from the golden area have fallen to a wrecking ball, this ride lives on. And beyond all that, it is a fantastic ride. Despite being over 70 years old this ride can give some amazing airtime. It never feels unnecessarily rough. Just a good old fashioned fun ride.</p> <h3 id="3-el-toro">3) El Toro</h3> <h4 id="six-flags-great-adventure-new-jersey">Six Flags Great Adventure, New Jersey</h4> <p>There have been few rides that left me speechless after my first run. This is one of them. Oh wow did Six Flags right a wrong here. The station for <em>El Toro</em> actually comes from the previous occupant, a TOGO coaster called <em>Viper</em> (if I ever do a top 10 most hated list, it will be at or near the top). <em>El Toro</em> took the idea of airtime and ran about as far as one could with it. This ride is crazy fast. It never slows down. It never holds back. It is one of the most relentless coasters on earth.</p> <h3 id="2-fury-325">2) Fury 325</h3> <h4 id="carowinds-north-south-carolina">Carowinds, North/South Carolina</h4> <p>I was worried when I first got in line for this one, four years after it opened, that I would be disappointed. I’d heard so much about it that I feared it could not live up to the hype. It does. I really does. <em>Fury 325</em> seems to be a direct answer to the accusation that B&amp;M has gotten too safe and predictable. This ride is everything they do right in one. It is fast, smooth, graceful, and full of floater airtime. It is only the second gigacoastger (&gt;300 feet) that B&amp;M has made. More please. More!</p> <h3 id="1-steel-vengeance">1) Steel Vengeance</h3> <h4 id="cedar-point-ohio-1">Cedar Point, Ohio</h4> <p>I rode <em>Mean Streak</em>, the ride that would eventually become <em>Steel Vengeance</em>. It was fine. I didn’t hate it the way some did. Yes it was rough, but it was no <em>Hercules</em>. When it was announced that Rocky Mountain Construction, then new kings of the coaster world, would be converting it into a steel hypercoaster, I was almost unreasonably excited. And as with <em>Fury 325</em> I was afraid that it would not live up to the hype. Especially after Will and I waited over an hour and a half on our first day at the park in order to ride it. But it delivered in every possible way. RMC outdid themselves again. <em>Steel Vengeance</em> is an absolute monster of a roller coaster. Not that a coaster fan needs an excuse to visit Cedar Point, but if you do, this is it.</p> My Vivaldi Setup Mon, 27 May 2019 12:10:16 -0400 <p>Here is my setup using the Vivaldi web browser. This setup optimizes security, privacy, and speed. Sites will definitely break when set up this way. You will need to do some whitelisting to get everything working correctly. I would not buy hard to get concert tickets in this browser if you set it up like this.</p> <h2 id="sync-account">Sync Account</h2> <p>Vivaldi recently introduced syncing between multiple computers. What is very nice is that they enforce end-to-end encryption. The Vivaldi team never gets to see your data. This is option in Chrome, but the default here.</p> <h2 id="settings">Settings</h2> <p>There are a few privacy settings I enable. These will sync across devices. Under <em>Privacy</em> in settings I disable using Google DNS to resolve navigation errors. I have a PiHole set up at home. Blocked DNS requests are there by design in my setup. I also disable using Google to assist in autofill. I can type myself, thanks.</p> <p>Additionally I block third party cookies. This sometimes breaks sites, but I would rather disable on a per site basis than enable everywhere. Most sites do seem to work fine with this off. Third party cookies are horrible for privacy.</p> <h2 id="ublock-origin">uBlock Origin</h2> <p>This is far and away the best content blocker. While many people just use it to block ads, I use it for security. Advertisers and tracking companies do not care about your security. Malware attacks via their already privacy destroying software is common. The only way to browse the internet safely is to block them.</p> <p>You can use uBlock Origin&rsquo;s ability to sync via the browser. The downside is that uBlock Origin does not auto sync. This is a design decision by the developer. To make sure I don&rsquo;t overrite data, I always begin syncing by clicking the download and merge option. This ensures I have the most up to date data on this computer without overwriting any data that may not have been uploaded yet. Then I click the upload button.</p> <p><img src="" alt="uBlock Origin Sync" /></p> <p>It is a little bit of work but it ensures I always have the most up to date version of my block list and settings.</p> <h2 id="web-panels">Web Panels</h2> <p>One of my favorite features of Vivaldi is Web Panels. These are bookmarks to sites that can open in a small panel next to your main window. I use this for news, weather, and other sites I want to be able to reference quickly. You may also wish to put your social media feeds there if you are in to that sort of thing.</p> <p>I leverage Web Panels to make uBlock Origin&rsquo;s sync settings a click away. Open the extensions settings, then click the + button in the web panel section.</p> <p><img src="" alt="uBlock Origin Web Panel" /></p> <p>Now any time you need to sync uBlock Origin settings you can just click on this web panel.</p> The Web Without JavaScript Thu, 23 May 2019 13:11:36 -0400 <p>Back in the day I used an extension in Firefox called <a href="">NoScript</a>. It is still around. NoScript blocked all JavaScript on a website. You could approve individual sites if scripts really were required to make the site work properly.</p> <p>I stopped using it because I stopped using Firefox. I have jumped around different browsers a lot but currently for my personal use I am running <a href="">Vivaldi</a>. Being a Chromium based browser I installed my trusty <a href="">uBlock Origin</a> as a content blocker. This is for my own security as malicious advertisements have become an epidemic.</p> <p>It turns out uBlock Origin can also block scripts. I turned that on expecting the worst. And some sites did break. But you know what, not as many as I expected.</p> <p>To be honest, for casual browsing having scripts disabled has been so much better. Annoying videos that follow you up and down the page? Gone. Pop up elements pleading with you to sign up for a mailing list? Nope. Pop up elements that block the pop up elements asking for you to sign up for a mailing list that beg you not to leave the page as you move your cursor? Also missing in action.</p> <p>In short the web becomes cleaner, less cluttered, smaller (by download size), and most importantly safer. <a href="">So</a> <a href="">many</a> <a href="">cases</a> of JavaScript loading remotely being compromised and leading to malware on trusted websites. Most of the time when I land on a random site I just want to read the text anyway. That still works fine with scripts turned off.</p> <p>Of course there are sites that break, and break badly. For that I whitelist. uBlock Origin can sync these whitelists via the standard browser sync, including Vivaldi&rsquo;s sync. Only downside is that it isn&rsquo;t automatic. For that I added a web panel for the uBlock Origin configuration page. Just open the uBlock Origin settings and click the add button in the left column. This gives me one click access to the settings. When I make a change I can simply open this panel to upload the change. Then download it on my browser on another computer. I always use the <em>download and merge</em> option so I never have to worry about wiping out any settings I may have forgotten to sync.</p> <p>Lastly I do keep a browser, Safari in this case, with minimal customizations for when I don&rsquo;t want to risk a site breaking. If I am buying difficult to get tickets for a show, let&rsquo;s say. There I would use my <em>clean</em> browser. Otherwise I run the risk of being kicked out of line when I hit a resource I didn&rsquo;t think to whitelist.</p> <p>Beyond that though, this has been a far more pleasant experience than I expected.</p> I Don’t Want Your Curation Wed, 06 Feb 2019 10:18:47 -0500 <p>Spotify made two acquisitions. An expected one, Gimlet Media, and an unexpected one, Anchor. The latter is a big deal. Anchor has become a huge player in podcasting as a very easy way to create and publish.</p> <p>I&rsquo;m very worried that the very thing that makes podcasting special will be lost here. And <a href="">Spotify&rsquo;s announcement</a> is not helping.</p> <blockquote> <p>Just as we’ve done with music, our work in podcasting will focus intensively on the curation and customization that users have come to expect from Spotify.</p> </blockquote> <p>I don&rsquo;t want your curation. I want every independent creator to continue to have the same level of access to me that NPR has. This kind of gatekeeper structure already took the promise of the web, chewed it up, and spit out the horror show that we now call Facebook.</p> <p>Oh but it gets worse.</p> <blockquote> <p>&hellip;builds an even more robust business model for Spotify in an industry we believe will become significantly larger when you add Internet-level monetization to it.</p> </blockquote> <p>Right, because Internet-level monetization has worked out really well for <a href="">journalism</a>. And <a href="">retail</a>. Hell even the music industry has suffered here, in many cases by <a href="">Spotify&rsquo;s own hand</a>! South Park <a href="">lampooned</a> this BS over a decade ago. Unless you are Facebook, Google, or Amazon, there is no internet money for you. Expect to see yourself squeezed out of existence. This is just tone deaf.</p> <p>Maybe there is an explanation though.</p> <blockquote> <p>Along the way, we broke the grip piracy had on our industry and restored the growth of global music through paid on-demand streaming.</p> </blockquote> <p>Spotify apparently exists in an alternate timeline where the iTunes Music Store never happened.</p> Apps for February 2019 Mon, 04 Feb 2019 11:47:24 -0500 <p>Yeah yeah I missed a few months. They were busy months.</p> <ul> <li><strong>Mail:</strong> It seems no matter what I do I keep ending up back at <a href="">Spark</a>. No one else has the reliability and features.<br /></li> <li><strong>To Do:</strong> <a href="">Things</a> continues to impress. I briefly tried <a href="">2Do</a> again, attempting to live in the Apple Reminders system as it can sync with them. But syncing was just not reliable enough. I lost a few tasks. I rely too heavily on my task manager to have this be even a remote possibility. Things is rock solid. I&rsquo;ve also come to rely on their Apple Watch app more and more. They have one of the best watch apps out there in my opinion.<br /></li> <li><strong>Finance:</strong> Despite my longtime use of <a href="">Banktivity</a>, I&rsquo;ve decided to give <a href="">MoneyWiz</a> another go. They have really caught up in a number of ways. And unlike Banktivity, which still seems to treat mobile as a secondary extension of the desktop app, MoneyWiz puts its full power on all platforms, mobile included. I had issues in the past with manually entered transactions not matching up with downloaded ones. This seems to work much better now.<br /></li> <li><strong>Text Editor:</strong> <a href="">Kodex</a> is awesome. Simple, clean, and works with Apple&rsquo;s Files app. This last feature has more or less become a requirement for me.</li> </ul> Apps for October 2018 Fri, 12 Oct 2018 15:54:25 -0400 <p>It has been brutal for email apps with Newton, Alto, and Inbox all being discontinued. For email I have gone back to once again. While I like the new features in Gmail, I don&rsquo;t love the web UI, and I find the iOS app maddening. They brought over snoozes from Inbox but not the very convenient swipe gesture. And it <strong>still</strong> does not support split view on the iPad, three years after the feature was introduced.</p> <p>The nice thing about is it is always there and always works. The main feature it is missing that I do like is the ability to snooze an email. But it <em>does</em> work nicely with <a href="">Things</a>. All emails in Mail have a unique identifier that can be linked to. Dragging and dropping into Things creates a new to do item with this link back to the email.</p> <p>The only problem is the iPhone does not support drag and drop to another app. The solution here is to use <a href="">Dispatch</a>. I&rsquo;d probably consider Dispatch as a primary app if it were still getting updates, but development seems to have stalled. Also there is no Mac version. What it <em>does</em> get me is a way to send an email to Things with the link back to the email in While I wish Apple would just natively include a share sheet, this is the next best thing.</p> <p>This allows me to use the same app on iOS and macOS, with one workflow shared between them. I have notifications turned on only for VIPs, and I have only a few of those.</p> <p>Aside from email I am giving the new <a href="">Pocket</a> a try. While I have long preferred <a href="">Instapaper&rsquo;s</a> design, the new Pocket looks for the first time like it may be catching up. And Instapaper has not had much going on post Pinterest. A side benefit of using Pocket and <a href="">Inoreader</a> together via <a href="">IFTTT</a> is that tags from my RSS reader transfer to Pocket. So if I want to see just tech articles, I can do so in Pocket without manually tagging.</p> <p>It isn&rsquo;t a new app for me, in fact it is one of the oldest, but major shout out to <a href="">1Password</a> for supporting the new password manager feature of iOS 12 on day one. No more copying and pasting into apps that have not supported password managers in the past. Every login is only a tap away.</p> Google Maps and CarPlay Fri, 21 Sep 2018 11:33:47 -0400 <p>I tried out Google Maps via CarPlay this week. I&rsquo;m very glad Apple finally allows third party navigation. Lots of people have ignored CarPlay because they couldn&rsquo;t use Google or Waze (which is also Google). Using CarPlay is definitely safer than a mounted cell phone.</p> <p>But I am sticking with Apple Maps. I have a few reasons.</p> <p>First and foremost is the design. I find the display on Google Maps to be far too busy. All the side streets show traffic indicators. In an area like Queens with a <em>lot</em> of side streets this results in far too much visual clutter. While I can see the utility of this feature I very much prefer Apple&rsquo;s approach of highlighting only the route. I found it easier to understand where I was supposed to go.</p> <p>Nearly as important is voice control. My steering wheel has a dedicated button to launch the voice assistant. Via CarPlay this is Siri. Siri does not work with Google Maps. To use my voice with Google I had to press the microphone icon on the screen. Again there is a safety issue here. I can trigger Siri without taking my eyes off the road and my hands off the wheel. It&rsquo;s an Apple restriction, but it is one to consider. Even worse was that in my testing the Google Assistant did not hear me at all. Not sure why, but driving is not the time to troubleshoot.</p> <p>Speaking of troubleshooting, while using Google Maps I experienced the only crash of the CarPlay interface I have ever seen. Suddenly I was back on the Hyundai screen and had to relaunch.</p> <p>Finally, and this is a minor point, and a highly subjective one. I prefer the Siri voice. I find the Google voice to be terse. Mixing the two makes this all the more apparent.</p> <p>Apple Maps is still struggling to shake off the terrible reputation it gained at launch. But I&rsquo;ve not had a problem with it at all in the last year. And we have driven all over the northeast, not just the NYC metro area. It has not led us wrong yet. It will be interesting to see how Waze does when it comes out of beta. But for now I&rsquo;m more than happy sticking with Apple.</p> Apps for August 2018 Fri, 03 Aug 2018 16:00:43 -0400 <p>Not too many changes to the lineup this month.</p> <ul> <li><strong>Social</strong>: None. All gone. And I am better for it.<br /></li> <li><strong>Read Later</strong>: <a href="">Instapaper</a> is breaking free of the shackles of Pinterest and I am overjoyed. I never got into the styling of Pocket, and I really missed the Kindle integration. So glad to have Instapaper back and looking forward to it actually getting some love now that it will be independent again.<br /></li> <li><strong>Shelf</strong>: I tried several of the &ldquo;shelf&rdquo; apps when they came out following <a href="">Viticci&rsquo;s concept</a>. None really stuck with me. But I like the feature. Turns out <a href="">DEVONthink</a> actually makes a great shelf app. As a bonus, it has basically the same feature on the Mac.<br /></li> <li><strong>Call Blocking</strong>: Taking Marco Arment&rsquo;s <a href="">recommendation</a> here and trying out <a href="">RoboKiller</a>. Nomorobo was really struggling lately. Far too many spam calls getting through. Especially the local extension spoofing numbers. I&rsquo;m not sure I even <em>know</em> anyone with my same local extension (not uncommon in NYC). Hoping this will help put a stop to the noise. I will report back.</li> </ul> <p>One thing I did over the last month was an app purge. I got rid of many redundant apps and squashed down my home screen to a single page. A few folders at the top, and my most used below that in easy reach. Even more so on the iPad where I launch nearly every non-dock app via Spotlight. Next up is an <em>account</em> purge where I intend to get rid of many of the internet accounts I no longer use. It will be interesting to see which ones even allow for this.</p> Workflow as a Hugo Blogging Tool Mon, 02 Jul 2018 18:15:42 -0400 <p>I recently switched away from WordPress to the <a href="">Hugo</a> static site generator. For the most part I have been very happy. The biggest downside has been related to publishing a new post. Unlike WordPress, there is no app. Publishing requires SSHing into a server and running a series of commands by hand. What I wanted was a one click posting option. In addition I needed a way to load the article into Apple News.</p> <p>Workflow to the rescue.</p> <p>Now that the future of Workflow seems secure in iOS 12 Shortcuts I decided to use it to automate the process of posting a new article. The workflow takes in text, asks for a title, generates a preview, then posts to both the site and Apple News.</p> <p>My setup consists of two Linux servers. One runs the Hugo software where the raw text files live. The other is the actual webserver. Everything is previewed in the first server. Then the site is built there and synced over using rsync.</p> <p>The workflow accepts plain text. Currently I am not using images on the new site. So this workflow does not account for them. The nice thing is I can use basically any app that can generate text. I am not locked in to anything. Then a prompt asks for a title in proper title casing, saves it as a variable, then generates a file name by transforming to lowercase and converting spaces to hyphens. The final variable is the date in ISO 8601 format.</p> <p>Now I generate the markdown document in the format my theme requires. Using cat I send it up to the test server over SSH.</p> <p>Next I want to preview the post to make sure it looks how I want. Hugo has a built in preview server for this very purpose. My idea was to generate the preview over SSH and then jump to safari to see it. But I hit my first snag. When you use the hugo server command, it does not return to a prompt until you kill the running process. So using the SSH block in workflow causes the whole thing to pause at this point.</p> <p>The solution was to open the Hugo server in screen. This runs it in the background and lets the workflow continue. I use the server IP instead of a domain name because I will be previewing the server over regular http. Since I am in the <a href="">HSTS preload</a> list I would be unable to get to it using the domain.</p> <p>Workflow then opens this page in Safari so I can preview. It pauses until I return. When I do it kills the screen session, which terminates the preview server.</p> <p>Next I ask whether to continue. If the preview had a problem I can abort at this point. Otherwise the workflow continues. I delete the public folder that was built the last time I ran Hugo. Then run it to build the new site, sync it to the webserver using rsync, and push the changes to a private GitHub repo as a form of backup.</p> <p>And now the post is live. The last step is to get the it into Apple News. This was tricky because back when I was on WordPress I switched to the Apple News format away from pulling an RSS feed. This means the post needs to be uploaded using the API. But there is no Hugo plugin I can find. So I&rsquo;m doing it myself.</p> <p>Still in Workflow I generate a JSON file for Apple News. Thankfully News supports markdown. All I need to do to my article is to replace all newline characters with a literal BACKSLASH N to get the whole thing onto a single line. Using regex, Find BACKSLASH N, and replace them with the literal BACKSLASH BACKSLASH N. Yes, I am avoiding typing those characters out here so as not to break the workflow.</p> <p>Then I use the Apple News ruby client on my server to upload the article.</p> <p>And that&rsquo;s it. I now have a full publishing app built right within Workflow. It really goes to show just how powerful this app is. I am beyond relieved that Apple is keeping this after purchasing the app, and that iOS 12 will probably allow for even more powerful apps to be built. And it serves as another reminder that iOS really has become a productivity platform.</p> Apps for July 2018 Sun, 01 Jul 2018 16:25:34 -0400 <p>As my process of de-socialization continues, my app list for this month reflects dropping the last of an entire category.</p> <ul> <li><strong>RSS:</strong> Still using <a href="">Fiery Feeds</a>, but my backend sync service has gone back to <a href="">Feedbin</a>. The main reason has to do with the next app category.</li> <li><strong>Twitter:</strong> Also using Fiery Feeds and Feedbin. I no longer enjoy using Twitter. In fact I have really grown to hate it. It has become clear that the thing we all enjoyed a decade ago is gone forever. Unfortunately there are still some people I wish to follow there. Enter Feedbin&rsquo;s amazing Twitter feature. While Inoreader does allow you to subscribe to Twitter streams as well, the presentation is not nearly as good as Feebin&rsquo;s. For tweets with linked articles, Feedbin will load the entire text. Inoreader uses the entire tweet as the article title, which just looks incredibly messy. The whole Twitter experience in Feedbin just looks so much nicer. Since I have deleted my entire Twitter history and will be using it as a read only feed, Feedbin&rsquo;s superior Twitter parsing makes it a clear winner.</li> <li><strong>Browser:</strong> I still like Firefox, but I am back on Safari for now. Mainly due to the mobile experience. Firefox tried too hard to be different than mobile Safari. I don&rsquo;t need different, but I do need open tab syncing. So Safari is really the best option still. Plus it will be gaining some very nice anti-tracking features this fall.</li> <li><strong>Writing:</strong> I&rsquo;ve spoken about how much I love Drafts before. But these last few articles I have written entirely there instead of in Ulysses. <a href="">Drafts</a> is such a natural place since my articles fit the <em>write here and send it somewhere else</em> mentality of Drafts. Plus it integrates great with Workflow, which is how I am now posting all of my website articles.</li> </ul> The HomePod is Good Fri, 29 Jun 2018 11:17:14 -0400 <p>I had no interest in the HomePod when it was announced. I had no interest when it was finally released after months of delay. I ended up buying one, almost on a whim, because of Sonos.</p> <p>I&rsquo;ve had Sonos speakers in every room for years. I really like them. But two things happened recently. The first is that Sonos announced AirPlay 2 was coming, but then didn&rsquo;t bring it to a single speaker I own. Then they announced the Beam. I was all ready to buy a Beam. But somehow, despite years of its users begging for great audio codec support (Dolby Digital Plus, DTS, to say nothing of Dolby Atmos), and despite now having the HDMI port that was previously missing for these to be supported, Sonos is stubbornly sticking to its anti home theatre support position on its home theatre products.</p> <p>Aside from the home theatre setup, I mostly listen to Podcasts, but the podcast service selection on Sonos is not great. <a href="">PocketCasts</a> is about it. Yes, Stitcher is there, but I would prefer to live in a world where I can pretend that it isn&rsquo;t. And even with PocketCasts, you don&rsquo;t get important features like 30 second skips, chapters, and silence trimming.</p> <p>I tried Bluetooth speakers, but I hate them. I don&rsquo;t mind Bluetooth headphones, but speakers are terrible. I switch between devices often when listening at home, and Bluetooth makes this a chore.</p> <p>So I decided to try a HomePod. And you know what, it is really good. I like it more than I expected. As every other review has noted it sounds amazingly great. Nothing else in that size compares. No matter where I place it in the room, it fills it.</p> <p>I can AirPlay from any device with ease. Well, almost. Mac support for AirPlay is still odd at times. Though <a href="">AirFoil</a> does fix this for the most part. Not everything is AirPlay 2 yet, but the fallback to the original AirPlay works for me for now. I know it seems like it should be minor but the difference in sending audio to a Bluetooth speaker vs sending to an AirPlay speaker really makes the latter a far superior experience for me.</p> <p>And then there is Siri. Siri is imperfect, and definitely does sometimes fall down in places where Alexa does not. However, this is not always the case. Oddly our ceiling fans, which are compatible with both HomeKit and Alexa work <em>far</em> better with Siri. I would say about half the time Alexa fails, even though it indicates success. Siri commands work nearly every time. In fact, for smart home devices I now <em>prefer</em> Siri over Alexa. A big part of this is the Home app. Having an option beyond voice control is really nice.</p> <p>The biggest issue for the HomePod at this point is price. That $349 is really a tough sell. I think if they could knock $100 off it would be more interesting to people. They don&rsquo;t need to get it to Echo Dot levels, but there is something about sub $250 that makes it easier to justify.</p> <p>But overall I think it is a solid product. More solid than I expected. I am excited to see where it goes. I am really hoping that iOS 12 Shortcuts is a preview of how Apple is going to finally push Siri forward. Should you run out and get one? Probably not. I fully expect a version 2 at some point, and likely a price drop. If Apple&rsquo;s usual pattern holds, the current HomePod will eventually become the entry model with a newer one above it. It&rsquo;s a wait and see game for now. No, it has not taken the world by storm, but this product doesn&rsquo;t have to. Steady improvement is what it needs. I am hopeful that this will happen.</p> Apps for June 2018 Mon, 04 Jun 2018 11:53:30 -0400 <p>I swapped out a few apps for June.</p> <ul> <li><strong>Browser:</strong> I have not given <a href="">Firefox</a> a try in a while. I like Mozilla. I believe they actually care about the open web, as well as have a respect for user privacy. So far I have been quite happy with the performance of the browser. Their tracking protection is basically a built in content blocker. One of the few third party browsers on iOS with a functional blocker. And calling it “Tracking Protection” is genius. Sites that want you to turn it off can’t hide their true motivations.</li> <li><strong>Podcasts:</strong> Oh boy has a lot happened here. Pocket Casts, my pick last month, was purchased by a combination of NYC and Chicago public radio. I am a member of WNYC. I love public radio. But this acquisition makes me nervous. Then came <a href="">Castro 3</a>. Wow oh wow. I am so loving this app. It fixed nearly all the issues that kept me from using it previously (almost - my kingdom for an iPad app.) The queue system in Castro is simply genius. Aside from some bugs I am extremely happy here.</li> <li><strong>Mail:</strong> I was really excited for Spark 2. Then it came out. I am no longer excited by Spark 2. Not only was the launch unstable for days, but the app seems to be moving toward a “suck up all your data” model that makes me really uncomfortable. They now keep your actual full emails on their server according to their privacy policy. The teams feature is not compelling at all, but seems to be their focus going forward. And they use Facebook analytics. Lastly the design is starting to look very dated. I’ve moved back to <a href="">AirMail</a>, hoping the many months since I last tried has brought it stability.</li> <li><strong>Productivity:</strong> When <a href="">Agenda</a> launched on macOS I found it interesting but ultimately didn’t do much with it. Now that it is on iOS also I’m going to give it a fair shake. Not sure if it will have the ability to knock me off of Bear and Things. That will be incredibly difficult. But I am interested in if I can find a place for it, particularly around project management.</li> </ul> Day One's Bad Week Fri, 11 May 2018 11:40:49 -0400 <p>Day One is my favorite journaling app for Mac and iOS. But they had a bad, bad week. Sync was down for several days due to a hardware failure. When it finally returned, the fallout turned out to be pretty catastrophic for an app that stores private information. From their <a href="">post</a>:</p> <blockquote> <p>New user accounts are created with sequential IDs. Since the restored cluster did not contain the newest account IDs, new accounts created on May 8 were receiving lower IDs than expected, which overlapped with existing accounts in the original database. As a result, those new accounts had IDs matching some of the existing journal records, and received access to a few existing journals.</p> </blockquote> <p>That’s really bad. Who knows what kind of deeply personal information may have been disclosed to unknown parties.</p> <p>Day One has an <em>optional</em> end-to-end encryption feature.</p> <blockquote> <p>We do not currently have information on how many of those journals used end-to-end encryption, but any such journals would have been protected against disclosure.</p> </blockquote> <p>This is precisely why those of us who care about encryption are so absolute about having strong, backdoor-free encryption. It not only proactively protects your data, it <em>reactively</em> protects your data. What happened to Day One was an accident, but if you had end-to-end encryption turned on, you were safe. The problem here is that it is off by default, and not easy to discover within the app, so I expect the number of people using it is incredibly low.</p> <p>If you are a Day One user, go to <em>Settings &gt; Journals</em> and turn it on for all of your individual journals now. The only downside is that the Android app and Web app currently do not support this. Assuming you don’t need either, there is no reason not to. Put the private key in your password manager and you are good to go.</p> <p>Day One did the right thing in disclosing what happened. But going forward I would love to see them, and everyone who stores sensitive data on a remote server enable end-to-end encryption as the default. The only data that you cannot leak is the data that you do not have.</p> Let Me Paste My Password Thu, 10 May 2018 12:17:08 -0400 <p>An unfortunately common tactic taken by websites in a misguided attempt at security is to prevent pasting a password. The <a href="">NIST</a> officially recommends against this.</p> <blockquote> <p>Verifiers SHOULD permit claimants to use “paste” functionality when entering a memorized secret. This facilitates the use of password managers, which are widely used and in many cases increase the likelihood that users will choose stronger memorized secrets.</p> </blockquote> <p>I ran into this personally a few days ago. An organization I belong to forced a password change. Upon generating my random password, I was unable to paste it into the field. I decided to reach out to the organization, pointing out that this actually encourages <em>worse</em> passwords, not better ones.</p> <p>Their initial response:</p> <blockquote> <p>Thanks for reaching out. [Our] decision on updating the password requirements comes from an increase in security requirements. The extended minimum length, mandatory special, upper, lower and number characters, and one year life span increases the complexity and lowers the chance of any breach attempt. We do not allow copy and pasting due for security reasons. Viruses, Malware, and other intrusive programs can copy all data saved to the clipboard for later use. Furthermore, users may by accidentally past their password to their username and save it as auto fill, thus view-able to other programs.</p> </blockquote> <p>This is always the response. “Security reasons.” Of course neither of the examples they game me make any sense.</p> <ul> <li>If you have malware on your computer, it does not need to steal from the clipboard. It can just log keystrokes.</li> <li>Users can accidentally <em>type</em> their password into the wrong field. I have seen this happen. Particularly among users with poor typing skills. They almost never look at the screen.</li> </ul> <p>I raised these objections. The response back:</p> <blockquote> <p>Thanks for getting back to us. We do not allow copying an pasting passwords upon creating as to mitigate possible typos and for security. Yes as key loggers would most likely be user use on a comprised computer, we still want to mitigate any other possible problems. After creation users who use complex passwords are more than welcome to copy and paste their password on the login page though.</p> </blockquote> <p>So in order to prevent typos, they require you to <strong>type</strong>. Um? You know how to guarantee you aren’t making a typo? <strong>Copy and Paste!!!</strong></p> <p>I gave up on the communication at this point. I ended up manually typing my extremely long and complex password into the form. But how many users will do this versus just give up and type out <code>P@ssw0rd1</code> instead? After all, it meets all of the requirements, and it sure is easy.</p> <p>If you run a website or service that uses passwords, I beg of you. Read the NIST guidelines. Please help those of us who are trying to teach users good security habits.</p> Apps for May 2018 Tue, 01 May 2018 09:22:12 -0400 <p>I use a ton of apps, and I very frequently move between them. I like trying out new things and knowing what else is out there. So I’m going to do a regular check in on what I am using. These aren’t necessarily recommendations, as I don’t feel I can recommend something without knowing a person’s workflow. But I do think these are worth trying out.</p> <ul> <li><strong>Mail:</strong> <a href="">Spark</a> is the only third party mail app I use that is available on both mobile and desktop, has the features I want, <em>and</em> is stable enough for day to day use. Not sure why so few mail apps have integration with other apps and services, but Spark does.</li> <li><strong>Calendar:</strong> <a href="">Fantastical</a>. Nothing beats the natural language entry. I can copy and paste sentences from an email and it figures out the event details.</li> <li><strong>To Do:</strong> <a href="">Things</a> really wowed me with their recent automation release. It’s also beautiful.</li> <li><strong>Notes:</strong> <a href="">Bear</a> is perhaps my favorite new app. So many notes apps are bloated, slow, or ugly. Bear is none of those things. It has great integration with other apps and supports some great automation workflows. Notes are plain text, so you are not locked in.</li> <li><strong>Writing:</strong> <a href="">Ulysses</a> is where I write these very words. A great app for drafting and organizing my blog posts, as well as writing for my day job.</li> <li><strong>Storage:</strong> <a href="">DEVONthink</a> is one of those power user apps that can do almost anything. When I moved from Evernote I sent notes to Bear, and everything else here. It’s my “everything” bucket.</li> <li><strong>Password Manager:</strong> <a href="">1Password</a> is the longest running app I have ever used. I’ve been on it since the original release. I wouldn’t say you <em>need</em> any apps on this list with one exception. You need this one.</li> <li><strong>Finance:</strong> <a href="">Banktivity</a> has been on my home screen since back when it was called iBank (and on my Mac before the iPhone even existed).</li> <li><strong>RSS:</strong> On iOS I use<a href=""> Fiery Feeds</a>, and on the Mac <a href="">Reeder</a>. <a href="">Inoreader</a> is my sync engine.</li> <li><strong>Read Later:</strong> <a href="">Pocket</a> won me over as a longtime <a href="">Instapaper</a> user. I still like Instapaper, but being owned by a social network makes me very nervous. Mozilla owns Pocket, and I trust their motivations more.</li> <li><strong>Podcasts:</strong> <a href="">Pocket Casts</a> is my current daily podcast app. I jump around a lot here. Pocket Casts wins in large part because of Sonos integration. I still love <a href="">Overcast</a> too, but Pocket Casts checks more boxes. I feel like Pocket Casts gets overlooked because it is also an Android app and many of those on iOS are terrible ports. This one isn’t. It’s a good iOS citizen. I also like the queue management better than Overcast, though not as much as <a href="">Castro’s</a>.</li> <li><strong>Running:</strong> I record with the built in Apple Watch app, because unlike the others I <em>never</em> experience crashes with it. Then I use <a href="">RunGap</a> to sync it to the services I use.</li> <li><strong>Automation:</strong> A combination of <a href="">Drafts 5</a> and <a href="">Workflow</a>. Don’t know what I would do without them.</li> </ul> A Fresh Beginning Fri, 27 Apr 2018 17:55:54 -0400 <p>I’m hitting the reset button. My old blog was getting stale. I wasn’t updating nearly as often as I wanted to. The old site was a WordPress site. WordPress gets a bad rap, mostly because too many sites get setup and never secured or patched. I was pretty good about that, but it still wasn’t working for me anymore.</p> <p>WordPress felt heavy. As I tried to make my pageloads faster and my security headers more strict, I was constantly running up against the heaviness of a CMS generated webpage.</p> <p>So I am trying out <a href="">Hugo</a>. I like the idea of returning to simple, static pages. I write in Markdown anyway, so why not use a site generator that accepts it natively. I also am using a very lightweight theme that uses no trackers. Simple, secure, and clean.</p> <p>I’ve also decided not to import the old posts. Most were outdated, and many of the series I wanted to run were never finished. Also, there was a mix of personal and professional on there. Going to stick more toward the professional side here, but still with my own voice.</p> <p>This allow allows me to do something else I have wanted to do, which is license my writing under Creative Commons. I wasn’t comfortable doing this with personal posts. The new license does <em>not</em> cover the old content. Just this reborn version of the site.</p> <p>I’m going to try to commit to posting more often, and for those to be more useful. Also I am still in the process of grokking Hugo&rsquo;s fullness, so there may be some wild changes to the site until I get more comfortable with how it works.</p>