About

I'm Mike Pope. I live in the Seattle area. I've been a technical writer and editor for over 30 years. I'm interested in software, language, music, movies, books, motorcycles, travel, and ... well, lots of stuff.

Read more ...

Blog Search


(Supports AND)

Google Ads

Feed

Subscribe to the RSS feed for this blog.

See this post for info on full versus truncated feeds.

Quote

I don't believe any more than Spinoza did in the utility of denouncing vice, evil, and sin. Why always accuse, why always condemn? That's a sad ethics indeed, for a sad people.

— André Comte-Sponville



Navigation





<July 2021>
SMTWTFS
27282930123
45678910
11121314151617
18192021222324
25262728293031
1234567

Categories

  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  
  RSS  

Contact Me

Email me

Blog Statistics

Dates
First entry - 6/27/2003
Most recent entry - 6/6/2021

Totals
Posts - 2636
Comments - 2645
Hits - 2,392,338

Averages
Entries/day - 0.40
Comments/entry - 1.00
Hits/day - 362

Updated every 30 minutes. Last: 9:49 PM Pacific


  01:23 PM

Over the last year and some, we didn't dine out, obviously, since we couldn't. Now that we're easing back into more normal life, I've realized that a year away from the lure of going out to eat has changed my thinking about it a bit.

Of course, many restaurants survived by offering take-out food. We got take-out a few times. But I realized that I didn't like this very much. For one thing, the third-party delivery services have been accused of some shady practices. But even if you order directly from the restaurant, it's a suboptimal experience. My summation of the experience of take-out food is this: cook something; leave it sitting for 20 minutes; serve and (probably don't) enjoy. Now I get take-out only if I intend to eat it more or less immediately.

One of the first things that changed was that we cooked more at home. I'm a, dunno, utilitarian cook: I can make a certain number of things, but I don't aspire to fancy cooking. What the enforced time away from restaurants did, though, was to encourage me to work on cooking things I like. For example, I like going out for diner-type breakfast. Over the last year I actively worked on re-creating that food at home. This was a success for me: I've made waffles, hash browns, eggs over easy, French toast, and hash that to me was entirely satisfactory. (I emphasize that I can now cook these things the way that I like them, not that I should work in a diner.) There are also lunch and dinner foods that I feel that I've perfected for my individual taste. (Same caveat.)


Homemade hashbrowns and eggs

This success has made me ponder the purpose of going out to eat. Certainly I (you too?) have paid for pretty indifferent restaurant meals. At this point, I ask myself why I should go out for a breakfast that I can probably do better (same caveat) at home. Should I wait in line on a Sunday morning to eat a mediocre breakfast? Do I really want to go out for another meal of American Mexican food? I'm beginning to wonder.

Then there is the cost. Any sit-down meal is going to cost $18–20 per person and of course can cost many times that. If I go out for dinner with my wife, we can easily be looking at, what, $50 at even a two-$$-sign restaurant, especially if we get drinks. If one or more of the kids come along, multiply that number. It's not that these prices are unreasonable; it's that it adds up. How much per week should I budget to get meals that have a likelihood of being pretty forgettable?

But dining out is not just about meals that you might or might not be able to make at home. Going out is about third places—not home, not work, but a third place. For example, unlike my parents' generation, we don't "entertain" at home in the way that seemed to be a premise in many 1950s-era cookbooks. If we want to socialize with people, our custom (and I suspect that of many folks) is to meet up for coffee or lunch or a beer. Obviously, socializing over a table—socializing at all—was severely constrained over the last year and some.


Pages from "The Joy of Cooking" (1975) about entertaining

My wife and I also enjoyed taking our laptops to a coffee shop or pub and working or writing. (I wrote many blog posts at an ale house that was within walking distance of our last domicile.)

Did these protocols change over the pandemic time? I have started meeting people again to catch up, and it's the same as before—find a place convenient to both parties, and then have breakfast or a beer or whatever. But I am much more aware now that I'm paying to socialize, so to speak, and I'm maybe a little more resentful when I shell out a hunk of money for something that wasn't very good, the company itself of course excepted. (It's great to see people in person again.)

Based on my limited experience again of working or writing away from home, I know that I still enjoy that. Coffee shops are opening up again to allow people to sit and work; my wife and I spent a couple of pleasant hours at a coffee shop a few Sundays ago plugging away on our respective writing projects.


Back to writing at coffee shops

It would be easy to get back into a habit of going out 4 or 5 times a week to do this. But it's possible that pandemic-time habits have made me rethink all this. Although it will be easy again to think that I'm too tired to make dinner at home and go out, I've gotten out of the habit. I think about whether I'll enjoy it and how much it costs. The same is true for grabbing the laptop and settling at a table somewhere to work. Fortunately, our libraries are opening up again to allow people to sit and work: a third place that doesn't cost anything to use (though the hours are not always convenient).

I don't think we'll change our socializing habits, though; I anticipate that we'll still meet people out in the third place. But the pandemic reset expectations about socializing, I think. We went months without seeing anyone in person, and I'm still okay with limiting face-to-face socializing to just occasionally, maybe a couple of times a month at most. In this regard I think I differ from my wife, who is not as content as I am to have long periods between visits.

I've read a number of articles about how there's pent-up demand for things to get back to how it was in pre-pandemic times. I suspect, though, that for some of us, the forced changes over the last year have done a reset on our expectations and, possibly, on our habits.

[categories]   ,

|


  09:32 PM

On Twitter recently, DeAnna Burghart reminded us that if you use Microsoft Word, it's important to back up your Normal.dotm file. If the file is overwritten or corrupted, you lose your macros, your keyboard shortcuts, and other goodies that editors rely on.

I've experienced that problem, gah. So a while back, I set up Windows so that it automatically backs up my Normal.dotm file several times a day. I thought it might be useful to show other people how I did this.

Sad note: The information in this post applies only to Windows. I'm sure there's a way to do this on the Mac, but I don't currently know how to do it.

I realize that this is a long post and therefore looks complicated. It isn't, I promise! I added some extra steps to test as you go to try to make sure that you don't Experience Disappointment.

Update: I created a video version of this tutorial!

Background

To back up your Normal.dotm file, you copy it from its default location (i.e., where Word looks for it) to some other location. AFAIK, the default location is always this:

DRIVE:\Users\YOUR-USER-NAME\AppData\Roaming\Microsoft\Templates

For example, my Normal.dotm file is here:

C:\Users\Mike\AppData\Roaming\Microsoft\Templates

You can certainly copy the file manually. But you can also automate the copy process so that Windows copies the file for you. You might sometimes forget to back up your file by hand, but if you automate the process, you never need to worry about it.

What I did—and what I'll show you here—is that I created a script. The script doesn't just copy the Normal.dotm file to another folder. During the copy process, it names the backup file by adding a date and time stamp. For example, the script creates a file that has a name like this:

Normal(2021-04-26 17_49).dotm

You can see that the filename includes the date (Apr 26, 2021) and time (5:49 pm). Timestamping the backup files has two advantages:

  • Each time you run the backup, you make a new, different backup file. This can be useful if Normal.dotm gets corrupted—you have multiple backup versions of the file, some of which (hopefully) are older than when the corruption occurred.
  • You know when the backup was made.

I use two technologies for the automated backup:

  • PowerShell. This is a programming language that lets you automate Windows tasks like copying files. PowerShell has been in Windows since Windows 7, so you don't need to install anything. I have the complete script in this post, so you don't need to know PowerShell; you can just copy and paste the script.
  • Windows Task Scheduler. This is a Windows utility that lets you run tasks—for example, a script—at specific times or at intervals.

Create the PowerShell script

  1. Create a folder named C:\backup on your computer to copy the backup files to.

    You don't have to use this folder; you can use any folder you like. Just make sure that the folder already exists. (The script won't create it.) If you don't use C:\backup, you need to make some minor changes later.

  2. Open a text editor (for example, Notepad ... don't use Word for this), create a new file, and then copy the following script into it:
    # PowerShell script to back up the Word Normal template (Normal.dotm)
    # 2020-Apr-26 Mike Pope
    
    $bu_path = "C:\backup"
    
    $bu_datetime = Get-Date -Format "yyyy-MM-dd HH_mm"
    $source_file = $env:appdata + "\Microsoft\Templates\Normal.dotm"
    $dest_filename = $bu_path + "\Normal(" + $bu_datetime + ").dotm"
    Write-Output $dest_filename
    Copy-Item -Path $source_file -Destination $dest_filename
  3. If you don't want to use the C:\backup folder, change the path in the third line (the one that starts with $bu_path =). Make sure that you don't add a trailing backslash (\) to your path.
  4. Save the file to the C:\backup folder (or your alternative) using the following name:

    back-up-normal-template.ps1

    The .ps1 extension is used for PowerShell scripts.

  5. Close the text editor.

Test the script

Before you create a scheduled task for the script, it's a good idea to make sure it's working on your computer.

  1. Open a Windows command window. (Press Windows+s, then type CMD). You see a command line:

  2. Enter the following command (better yet, copy and paste it):

  3. powershell.exe -ExecutionPolicy Bypass -File "C:\backup\back-up-normal-template.ps1"

    Again, if you're not using C:\backup, substitute your folder name.

    The command invokes PowerShell and tells it to run the script that's in the back-up-normal-template.ps1 file that you created earlier. The ExecutionPolicy argument tells PowerShell that your script is safe; if you don't include this part, PowerShell will refuse to run the script due to security concerns.

    If all goes well, the script displays the name of the backup file, like this:

    C:\backup\Normal(2021-04-26 17_59).dotm

    If you see red text, read it carefully. Carefully check the command that you entered. You might also need to fix the script itself (the .ps1 file). Some possibilities:

    • The script you used earlier assumes that the Normal.dotm file is in the default location. If the file is in a different location, it's possible the script isn't finding it.
    • If you're not using the C:\backup folder, did you fix up the script to reflect the folder that you are using?

    You must resolve any errors before you can proceed.

  4. If the script appeared to run correctly, look in the C:\backup folder (or the folder you are using instead). Do you see a .dotm file that starts with Normal followed by a date and time? If so, everything is working.

Schedule the backup

You can now configure Windows to run your script at intervals. You do this by creating a scheduled task. When you create the task, you specify what you want to run (the PowerShell command that you just tested) and when you want to run it.

  1. Open the Task Scheduler app. (Press Windows+S, then type Task Scheduler.)

  2. In the folder tree on the left, right-click Task Scheduler Library and then click New Folder. Name the new folder My Tasks. This step isn't essential, but it makes it easier for you to find your custom task later if you want to modify it.

  3. Right-click the My Tasks folder and click Create Task. This opens the Create Task dialog, which has several tabs that you'll be working in.

    Note: Don't close the Create Task dialog (that is, don't click OK), until you've done all the steps.

  4. In the General tab, do the following:

    1. In the Name box, enter the name BackupNormalTemplate.

    2. In the Description box, enter details about what this task is about.

  5. Go to the Actions tab and click New. This is where you specify what you want to run—namely, the PowerShell script.

    1. In the Program/script box, enter powershell.exe.

    2. In the Add arguments box, enter the following:

      -ExecutionPolicy Bypass -File "C:\backup\back-up-normal-template.ps1"

      These settings specify that you want to run the PowerShell script that you tested at the command line earlier.

    3. Click OK to close the New Action dialog and return to the Create Task dialog.

  6. Go to the Triggers tab and click New. This is where you specify when (how often) to run your script.

    1. Under Advanced settings, select the checkbox next to Repeat task every.

    2. Enter an interval for how often you want to run the script. For example, to run the script twice a day, enter 12 hours. (It doesn't look like it, but you can type in that box.)

    3. In the for a duration of list, choose Indefinitely. This tells Windows to keep running the script until you change the interval or delete the scheduled task.

  7. Click OK to close the New Trigger dialog.

  8. In the Create Task dialog box, click OK.

Note: Don't close the Task Scheduler window yet.

Test the scheduled task

You know that the script runs; now you want to make sure that the scheduled task works.

  1. In the Task Scheduler, in the file tree, click the MyTasks folder. The list of scripts in that folder is displayed on the right.

  2. In the right-hand pane, right-click the BackupNormalTemplate task and then click Run.

    The PowerShell scripting window appears briefly, then vanishes.

  3. Go to the C:\backup folder and check that another backup copy of the Normal.dotm file has been saved.

    If this worked, you should be all set.

  4. Close the Task Scheduler app.

You probably want to check the C:\backup folder tomorrow and the next day to make sure that the script is writing out backup files at regular intervals.

If you need to recover a Normal.dotm file, go to the C:\backup folder, rename one of the backup files to just Normal.dotm, and then copy it back to the folder where Word keeps the template.

Hopefully you'll never need to do that. But if you do, you'll have a recent backup available!

[categories]   , ,

|


  08:54 AM

The hazards of overclaiming

I was listening to a podcast yesterday when it was interrupted with an ad that started like this:

Do you have 30 minutes to spare? Because after just one half hour, you'll never have to worry about a break-in at home again. That's how easy it is to set up a security system from [company name].

My editor brain froze at the point. What I heard was a claim that if you installed their system, you would not be broken into—you would be protected against burglary forever ("never have to worry").

When we technical-edit documents at work, one of our priorities is to check for what we call overclaiming. For example, we stay on the lookout for instances of overclaiming about security, like this:

This product prevents bad actors from hacking your system.

A claim like this simply can't be guaranteed. In the realm of security, the apparent strength of your product might just mean that a hacker hasn't found a flaw in it yet. For example, encryption algorithms that once seemed secure enough to be used by the NSA have been cracked.

We look for overclaiming in any discussion of performance:

Using this product makes your applications three times faster.

We look for it in mentions of costs:

This product reduces your computing costs by 50 percent.

For performance claims, we warn authors that anything that states a number has to have data to back it up. If you say your product is three times faster, you better be able to produce the tests that show this. The same applies to any mention of costs: numbers, please.

And we look for it in any text that involves comparison to other products:

Our product is substantially easier to use than [competitive product].

This claim is problematic in multiple ways. First, what does "easier" even mean? Something that's easy for me might be hard for you and vice versa. And competitive products are a moving target anyway; perhaps our product is "easier" than the current version of product X, but who knows what's in their next release.

So naturally I stumbled over "you'll never have to worry about a break-in at home again." But I thought about it for a bit. First, it's advertising copy, not a technical document on how to configure cloud computing. Maybe there's more wiggle room for wild claims, as in, people aren't expected to interpret these things literally.

I also homed in on the phrase "worry about." With some work, this can be made ambiguous. One idiomatic interpretation is that it means that something won't occur:

What if we run out of Cheetos tonight?
You don't need to worry about that[, we just went to Costco].

A more literal interpretation is that, well, you don't need to worry. This is the type of messaging that insurance companies use: it's not that [thing] won't happen, it's that you can stop worrying about [thing] happening because insurance.

I have a hard time fitting this second meaning onto the ad copy for home security systems. But if I had to defend that statement in court, say, that's what I'd go with.

Speaking of consequences, all of this hypervigilance about overclaiming is of course ultimately about protecting the company. The fear is not just that we'll be shown to have been wrong. ("Sorry.") When people spend vast sums based on assurances that you've given them about security or performance or cost, and when those assurances don't prove true, they might take a litigious turn of mind. At the very least, they're not going to trust you in the future and might look elsewhere to spend their money.

I'm not personally aware of the various companies I've worked for being hauled into court to defend an assertion. ("You said we wouldn't be hacked!") But clearly the lawyercats think about this a lot, and I've certainly participated in my share of fire drills in which we dropped everything to grub through many documents, tweaking some text that was discovered to be overclaim-y.

I would not be surprised to hear an ad from the same company a year from now in which the claim "you don't need to worry about break-ins" has been hedged to something like "Get yourself some peace of mind." If I were editing their copy, that's definitely what would happen.

[categories]   , ,

|


  10:40 PM

I did another uke recording (as noted, to keep me on track while practicing). Rather than post separately for each recording, I'll try just keeping a list of the recordings in one post. The most recent recording is at the top.


Matteo Carcassi, "Andantino"
Recorded June 4, 2021


Grieg, "Hall of the Mountain King", arranged by Jeff Peterson

Recorded May 16, 2021


Ferndando Sor, "Study No. 3", arranged by Jeff Peterson

Recorded April 14, 2021


Ferndando Sor, "Study No. 2", arranged by Jeff Peterson

Recorded March 14, 2021


Dionisio Agudao, "Estudio No. 1", arranged by Jeff Peterson

Recorded February 1, 2021

[categories]   ,

|


  04:22 PM

I've been working from the book Graded Repertoire for Classical Ukulele with arrangements by Jeff Peterson. I'm plugging away at learning to translate written music to ukulele strings and learning some basic techniques from classical guitar as applied to the ukulele.

Update I decided to make a single blog entry that tracks these recordings. (The link to this recording is repeated there.)

I could practice the same pieces forever, probably. So I thought I'd finish them as you do when you take piano lessons: perform them. In my case, I thought I'd record the pieces I really liked, and then declare myself done with those pieces. This is my first effort, "Estudio No. 1" by Dionisio Aguado (1784-1849), arranged for uke, as noted, by Jeff Peterson. This is the 4th piece in Grade 1 (of 8), and has been my favorite so far.

Estudio No. 1

[categories]   ,

[2] |


  09:56 PM

On the ukulele (as with guitar), the idea of movable chords is that the shapes you learn for open chords constitute patterns. By adding a barre, you can move the shapes up the fretboard to form new chords. For example, you can take the C shape, move it up 2 frets, and get a D:

If this is a new concept for you, may I recommend my booklet on movable shapes for ukulele (PDF).

In this post I want to talk about the patterns—the relationships—for moving these patterns around the fretboard. Bear with me while I explain this notion.

On the concert uke, there are basically 5 shapes for playing movable major chords[1]:

In addition to making it easy for you to move a C shape to a D shape (for example), this means that there are 5 ways to play any given major chord. Here are 5 ways to play a C major chord:

There's a relationship—a kind of circle—among these shapes in terms of how you can move between these different ways to play the same chord. I'll show you the diagram and then illustrate how it works.

Here's a different, more formula-like way to indicate the same thing:

C shape + 3 frets = A shape
A shape + 2 frets = G shape
G shape + 2 frets = F shape
F shape + 3 frets = D shape
D shape + 2 frets = C shape

What does all of this mean? It means that when you play a major chord using a movable shape—any major chord, any movable shape—you can easily figure out how to play the same chord using the other shapes.

I'll start by illustrating this using the C shape:

Per the diagram/formula earlier, we can make another C chord by taking the open C shape, moving up 3 frets (C shape + 3 frets), and making an A shape:

Following the formula, to make another C chord, we can move up 2 more frets and make a G shape (A shape + 2 frets = G shape):

Keep going. If you're making a C using the G shape, the next C chord is 2 frets up and using the F shape:

Move the F shape up 3 frets and make a D shape, and you've got yet another C chord:

Finally, move the D shape up 2 more frets and you've back to the original C shape:

I say that this pattern is circular because you can wrap around, so to speak. Start anywhere in the circle to make a shape. Move up or down the designated number of frets, make the next shape, and you've got the same chord. For example, here's a sequence of A chords starting on the open A shape. Notice that the intervals (number of frets) between each of the shapes follows the diagram/formula from earlier:

The pattern is also circular because you can move backward, i.e., down the fretboard the designated number of frets. For example, if you're making an A chord on the 7th fret using the D shape, you can make an A chord move down 3 frets to the 4th fret and switch to the F shape. (D shape minus 3 frets = F shape)

A couple of additional notes:

  • For purposes of this exercise, open chords are fret 0 (zero). For example, if you make an open A chord and want to make the same chord in the G shape, the formula says to move up 2 frets. Zero plus 2 is 2, so barre the second fret.
  • Fret 12 is the equivalent of fret 0—in other words, any chord that you make by barring fret 12 is the same as the open chord. If you get to the point where the numbers take you to fret 12, just go back to an open shape.
  • There are similar circular patterns for other chords—minor, 7ths, etc. I'll put those together in the fullness of time. Teaser: the patterns—the number of frets between chords—is the same for minor chords as for major chords; in other words, you already have the circular pattern for minor chords.

And finally, why is it useful to know this thing? Obviously, you don't sit around moving from shape to shape for any given chord when you're playing.

For me, this has helped a bit as I try to visualize where the chords are on the fretboard. When I initially started with movable chords, it felt a bit like they were just scattered around on the fretboard. ("I know there's a C chord in an A shape, but where is it?") I could look them up in the "dictionary" of the movable chords booklet, but as I worked with the shapes it became clear that there were patterns to how the different fingerings for the same chord were related. So I just sat down and worked it out.

I think this is probably an interim measure for learning out the locations of chords. I imagine that after many, many, many hours of practice, you just know where the several C chords are, and the A chords, and the G chords, and so on, and you don't have to calculate it. In the meantime, I keep a sticky note on my music stand with this major chord circle.

[1] As I note in the booklet, there are also 3-string chords and occasionally some open chords that it isn't practical to move because they're just too darned awkward to barre. I'm sticking here with a basic theory of movable chords.

[categories]   , ,

|


  10:16 PM

Every year I get out the trusty Hal Leonard Christmas Carols for Solo Ukulele book and see if I can remember the ones I learned the year before and maybe learn a new one. Then I use my primitive home recording setup to record them, just for fun.

Here are recordings of some of them that I made this year. These are all MP3 files that are about a minute long and all less than 1 MB.

PS I'm not a very good uke player.

Note: For technical reasons that I don't understand, you might have to refresh the page after listening to a track before you can listen to a different track. Sorry :(

Away in a Manger

Jingle Bells

O Tannenbaum

Silent Night

Merry Christmas!

[categories]   ,

|


  10:26 PM

Covid and name-spelling

I've always had an issue in trying to tell people what my last name is. As I've written about before, people have a hard time understanding the name Pope. "Hope?" "Polk"? There's just something about that combination of consonants that's always hard to hear, especially over the phone.

Well, Covid certainly hasn't helped. I'm not a particularly clear talker under the best of circumstances. Add to that wearing a mask and talking through a plastic shield, and I feel like I practically have to yell to transact business when I'm at a store. One of the local shops posted the following sign, which might seem vaguely rude, but I think everyone understands the issue.

However, even yelling is often not enough to make my name clear to people across the counter. For some people, it can help to spell their name. But the letters P-O-P-E sound similar to other letters, like B, D, E, and spelling my name can just generate a second round of "did you mean …"? Another option is to say something like P as in Peter, and so on. When I talk on the phone with people who are accustomed to the problems of transcribing names, they'll sometimes do this.

Long ago the military solved this problem by inventing a so-called spelling or phonetic alphabet. You probably know this alphabet, which starts with Alfa (or Alpha), Bravo, Charlie, and finishes with Yankee, Zulu:

The beauty of this particular alphabet is that the names were carefully chosen to be unambiguous. Although the letters B and P sound similar, the words Bravo and Papa don't, so there's not much chance of them being confused, or Delta and Golf, or Mike and November. If you look through this alphabet, you'll see that none of the names sound like any of the other names.

So now when I am masked up and talking through a shield, I've taken to preemptively spelling out my name using this alphabet. I'll go to the pharmacy, and when they ask what name the prescription is under, I'll say "POPE, Papa-Oscar-Papa-Echo!" I sometimes get funny looks after this, but so far, no one has misunderstood what I'm spelling out.[1]

[1] Many people who were in the military know this alphabet, and a guy I used to work with who was ex-military taught me the term Charlie Foxtrot as a way in polite company to refer to a clusterfuck.

[categories]   ,

|


  10:52 AM

Over the weekend I ran a security check on my computer. One of the startling results was the report by my password manager that I had many dozens of "compromised passwords."

After my pulse returned to something resembling normal, I looked a little more closely at the report. What they were not saying, I had to figure out, was that dozens of my accounts had been compromised. They only meant that the password that my password manager is storing for some websites was among the passwords found in someone's data breach.

I looked through the list of affected websites in my password manager and had an Aha! moment: virtually all of them are sites where I use a "throwaway" password. That is, I'm interacting with a site and they insist that I create an account, and I end up using the same password over and over. For example, I've done this for some sites that I intend to visit only once.

This is a bad idea, and I should know better. Reusing passwords is a big security risk.

Think about how this works: you use the same username and your throwaway password for a number of sites. One of the sites is breached, and your password and username fall into the hands of people with mal intent. These people then try your username+password combination on hundreds or thousands of sites. In my case, for example, they could have gotten access to dozens of sites that way.

I like to think that I've reused my throwaway password benignly, only for "unimportant" sites. But I can see in retrospect that even if the sites have no commercial value, someone could impersonate me on those sites and do some sort of mischief.

But I think we can also imagine many people using the same password not just for benign sites, but for important sites. This is one way that people's social media accounts get hacked.

So, in part for my own benefit, let's review some security practices that everyone (me, too) should be following:

Don't use the same password on different sites. As explained earlier.

Use a strong password. A strong password is one that's long and random. It doesn't mean just substituting numbers or punctuation in a word (like S3att!e). A decent approach is to use a passphrase rather than password: not just a string of characters, but a string of words. The longer the phrase, the more "entropy" it was, meaning that it's harder to crack. Many people know the xkcd cartoon that explained this beautifully:

Of course, the site has to allow this. A surprising number of sites still prohibit spaces or have a too-short maximum password length. And the "strong test" that some sites show you as you're creating a password isn't necessarily very good, so don't take their word for it.

Use a password manager. One reason people reuse passwords is so they can remember them. Use strong passwords, as noted, and then let a password manager do the remembering. You just have to remember one password, namely the one for the password manager. (Use a strong password for that, please.)

If a site offers it, use two-factor authentication. Two-factor authentication (2FA) is where you have to provide both a username+password and a one-time password (OTP) that they send you in email or text message. 2FA isn't perfect, but it's better than username+password alone.

Among 2FA options, a good one is a hardware key, like those offered by Yubico. For this, you have a little thing that looks like a USB dongle; as part of your login, you have to touch the key. Hardware keys aren't supported on many sites yet, but you can use them on some important ones, including Gmail. (Full disclosure: we use hardware keys at work.)

Use security questions wisely. In 2008, Sarah Palin was famously hacked by someone who got answers to her security questions by studying her biographical data. The answers to your security questions are probably not that hard to find either—for example, how fast do you think someone can discover your mother's maiden name or your high school mascot? (Many social-media questions and polls seem designed to solicit information that can be used to answer security questions.)

If a site insists that you have to set up security questions, you can create answers that are meaningful to you but that aren't easily guessable. As the simplest possible approach, just lie. Just remember what your lies are. :) A more sophisticated approach is to devise an algorithm for yourself that you always use. For example, maybe you take the first letters of the question and use those as an answer. If the question is "What is your mother's maiden name?," your answer could be WIYMMN. (Don't use this particular algorithm, please.) Or you do something with numbers or whatever. The idea is just to have something that you can reproduce many months hence but that isn't guessable.

Get rid of accounts you're not using. Did you set up an account on Pinterest or Coursera or the Los Angeles Times but you never use it? Delete the account. No password worries then for that account.

And finally, lock down your main email account as tightly as possible. When there are changes to your accounts, like a password change, you often have to confirm them via email. But if your email account has already been compromised, the game is up.

I guess I'll also note that I don't let websites store my credit card number. The only company I really trust is Amazon, in part because during my time there, I was impressed with the level of paranoia that they have about security issues, haha. But if J. Random Website offers to store my credit card info, no thanks.

If you want more details on all of this, I highly recommend a whitepaper written by a couple of the solutions architects at work: Modern password security for users (PDF). They have great ideas about strong passwords, about how to handle security questions, etc.

[categories]  

|


  12:19 PM

In an effort to improve my sleep regimen, I was recently prescribed a CPAP machine. This device helps with obstructive sleep apnea, where your throat closes during sleep. The CPAP machine basically pushes air into your nose and/or mouth to keep things open.

The concept is relatively simple, but it involves technology. You wear a mask; the mask is connected via a hose to the device itself, which blows air and has sensors to adjust the pressure and temperature. There's a water reservoir so the machine can humidify the air it's blowing at you. There are air filters that need to be changed periodically. The mask, hose, and water reservoirs need to be washed regularly.

So how does the manufacturer (Philips) make and distribute a machine that's a this complex but is intended for a wide variety of people? I count four ways, and am wondering about a fifth.

First, before you can take home your CPAP machine, you get a 20-minute training session slash demo. The trainer walks you how to assemble and use the machine, and they give you the schedule and some tips for cleaning.

I read once that people retain 10% of what they hear during a presentation. The exact number (10%) isn't that important; the idea is just that people don't retain everything you tell them.[1] And I think about all the people who use a CPAP machine. Is a 20-minute demo going to be enough to train this wide range of people? My guess is no.

So second, the machine comes with a manual—two, in fact, a quickstart and a detailed manual. These reiterate a lot of what you learn in the presentation, so you have at least the possibility of hearing it all twice. The quickstart has a lot of pictures. (The manual, a few line drawings.) For me, it was an interesting case of reading documentation for something that I felt I kind of already knew but that I needed some refreshing on.

A third way that Philips tries to help their users is through design. For example, when things connect, they go together in only one way. There's only one way to plug in the machine. The hose goes into the machine only one way. The filters and water reservoir go into the machine only one way; you can't close it if they're not right. The nosepiece in the mask has clear markings right on it for how to put it together. These are all versions of self-documenting features: you literally do not need to read the manual to understand how to put together the components.

As another example, there are very few controls on the machine. For basic use, you need to press only a single button to turn the machine on and the same button again to turn it off. There's a second button if you want to adjust the "ramp"—that is, to set the air pressure to increase gradually when you start up the machine.[2]

And there is a fourth way in which Philips can help people. The machine phones home to report a bunch of statistics about the user's sleep. (That part of the machine required no setup at all, which was great.) This feature has several purposes (some of them a little uncomfortable to contemplate), but at least if the distributor is getting odd reports or no reports from the patient, they know something went wrong. Perhaps they contact you if that's the case.

I imagine that with these efforts on Philips's part, most people can manage to put on their mask and get the machine running. But how well Philips does attempt to help users with ongoing maintenance? It's easy to forget to fill the reservoir. Similarly, the training emphasized that you should wash the hose every week. Is everyone really going to do that? I mean, we're all supposed to floss every day, but how many people really do that?

So I wonder. Does the machine stop and display a message if the water reservoir is empty? Does it tell you when it's time to change an air filter? Does it (somehow) figure out that it's time to wash the hose? I don't know, and I'm reluctant to get into a situation where the machine has to tell me these things. But given the many ways in which the machine, once running, can go wrong, I hope that the manufacturer has taken steps to try to keep it going.

All in all, giving out a complex piece of technology to people and expecting them to all use it right is a hard problem. It's clear that the folks at Philips have thought a lot about this and come up with different ways to try to handle it. Still, I am curious how many people fail when trying to use the machine—they never figure out how to use it, they use it wrong, or they don't maintain it and the machine itself fails. As someone with a professional interest in communicating complex concepts, I find this to be an interesting challenge.

[1] Someone on my team at work has a variant on this idea: you need to hear something 7 times before you learn it. ^

[2] There is also a dial that you can use to make a bunch of other settings, and the dial is multi-modal: turn left for one mode, turn right for another mode, and push for a third mode. Arg. I hate multi-modal controls. But at least this one is optional after you've done the initial setup. ^

[categories]   ,

[1] |