Put your Mac to sleep from afar…

As a trainer and presenter, I often set my Macbook Air up in classrooms and conference venues. When I go to lunch or another break, I often wonder whether I remembered to lock my Macbook Air.

This post today from MacSparky (@MacSparky on App.net and Twitter) provides a wonderful little automation that uses Drafts on iOS, Dropbox and Hazel on the Macbook Air.

So I can now be sitting at lunch, and type a command into Drafts, and as long as my Macbook is online, it will go to sleep a few seconds later.

A great automation tip from MacSparky!

Backing Up – Securing Your Files for the Present and the Future

Backing Up – Securing Your Files for the Present and the Future

In an increasingly paperless world more and more of our data is being digitised. While offering many opportunities, there are (at least) three challenges presented by this:

  1. Backup of data in case of loss or destruction of the host system;
  2. Accessibility of the data by others in the event of your inability to do so yourself; and,
  3. Usability of the data into the future (i.e. future-proofing).

Every inhabitant of the digital world needs to consider ensuring they maintain their data for now and into the future. This article addresses some of how I approach these tasks.

Over on SimplicityBliss, Sven Fechner recently outlined his comprehensive backup and emergency data access strategy for Mac.

Today I have not one, but effectively four different backups of my data. Three of them are always up-to-date, while the fourth one is the ‘nuclear event’ offsite contingency.

Sven has very ably outlined an approach that addresses the first two points in detail, and I’d suggest you read his article and digest his approach.

My own approach is not dissimilar, at least for three of the four levels described:

  1. Onsite backups with Time Machine (I use Time Capsule for MacBooks and an old Drobo for my iMac);
  2. Data in Dropbox (aff) and Evernote, protected with strong passwords and 2 factor authentication (Dropbox only for now). I am also playing with the Transporter for having my own distributed data.
  3. Cloud backup using Crashplan.

As for the third consideration – future-proofing – we need to think very seriously about whether the masses of data we’re producing daily today will be readable into the future. We have an unprecedented opportunity to capture data for future generations, but we have a responsibility to ensure they will be able to read it.

There are two aspects to this problem – the storage media and the format the data is stored in.

Try listening to an old mixtape you made on an actual cassette tape. I’d bet that most people couldn’t find a (working) cassette player in their house, so unless you drive an old car, you’re quite likely out of luck! Having as much stuff in the cloud as possible deals with at least the media part of the problem, as most cloud solutions will incrementally migrate their storage media, progressively over time. You should do the same at home.

As for the format, this is an equally important consideration. While it might be inconceivable that your current .doc, .jpg or .xls files might not be readable in decades to come, try opening an early 1990’s WordPerfect document. I dare you.

I don’t have a crystal ball, and have no idea as to what formats will be readable in the future. But my gut feel tells me this:

Storing your data in the most raw form possible gives you the best chance of being able to read it into the future

In other words, applying as few photographic enhancements as possible, or using little or no rich text formating is your best strategy for future proofing your data. If you’ve tried to “restore” an old photo, you’ll know you have more chance if you can use the original film (or negative) than if you use a print. If you’ve tried to scan old, heck, even read old text, you’ll know that the simpler the font the better.

My two main forms of data that I want to preserve are my photos and my writing.

I capture all photos in RAW format, and I keep the raw files of the keepers. Backed up.

This is also one of the benefits of having made the decision to write in plain text, using Markdown. Seriously, if you write and you don’t write in Markdown, go and learn more about it. It’s not difficult, and there’s even a great book to help you learn Markdown.

I only wish that I had started writing in plain text sooner. Some of my old writing is literally locked up on on 5.25" floppy disks in WordPerfect format. I have a project to do something about that.

We are in the digital era. Being productive in this era means backing, ensuring others can access if and when needed, and ensuring your data is available now and into the future. I urge everyone to consider an appropropriate backup startegy, including an offsite solution like Crashplan. I also suggest that you learn more about future proofing your data by using the simplest possible formats for storage, including Markdown for plaintext.

How do you backup? And how do you future proof your data?

Wishful thinking with the Dropbox-Mailbox merger

Perhaps its wishful thinking, but I wonder if I am alone in hoping that following the acquisition of Mailbox by Dropbox, perhaps Dropbox will launch email hosting as part of its suite of offerings[^1] .

I love Dropbox – it’s a vital tool in my personal file management, and I am proud to have been a paid customer for several years. I have implemented many features – shared folders (I have many of them), 2 factor authentication (one of my must-have features in an online service) and integration to a variety of iOS and OSX apps.

I must admit, one of the things I like about Dropbox is the fact that I am customer. Being a paid service, Dropbox benefits out of maintaining my business, which means providing me with a stable product that best meets my needs, and not using me and data they glean about me, to sell advertising (or sell to advertisers).

I’ve been enjoying using Mailbox on my iPhone, and it provides me with some features that are great – easy ability to clear my inbox down to what’s important, then make it zero by clearing those things out. It also has a way of making things come back later, perhaps when I am in a better place to deal with them.

But there are one or two things that bugs me – Mailbox is effectively an extra point of failure between me and my mail. If their servers are down, I can’t get my mail through the app – although at least I can get the mail through normal Gmail means. It also relies on Gmail, and like many people I am nervous about relying on gmail following the GReadier debacle. It’s also a free app, so I’m nervous about trusting it – but at least I have workarounds.

If Dropbox were to build a new email system from ground up, and use the front end features of Mailbox as a guide to the “UX” (user experience), this could make for interesting days. I’d love to see it as a paid service, part of the Dropbox Pro offering. Obviously the ability to map your own domain would be a necessity, but could be for a further premium.

This may be speculative and wishful, but it makes more and more sense as I think about it. I would move off Google Apps in a heartbeat if there was another offering that was similarly feature rich, but without the creepiness factor.

Evernote’s password hack, and the security of your stuff in the cloud

Like all Evernote users, today I received an email (and blog post) advising that there has been an attempted security attack to their system, and that they have force-changed all user passwords:

Evernote’s Operations & Security team has discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service.

As a precaution to protect your data, we have decided to implement a password reset.

I am a heavy Evernote user, and put a lot of stuff up there – from basic research to business records. I love that I can easily find my key information so easily. They have solid apps for OSX and iOS (although they have been increasinly buggy lately), and a good browser based system to get at my information from anywhere. I love having my stuff in the cloud so I can get at it whereever I am.

For the past couple of weeks I was teaching a PADI Instructor Development Course in Fiji and on several occasions I was able to quickly get to records that I needed but didn’t have with me through my iPad or MacBook Air. Too easy.

Lately I’ve been wondering about the wisdom of having all my eggs in one basket. I trust the Evernote team, and as a Premium User I have a paid account. But my concerns are two-fold:

  1. If Evernote ever goes away (unlikely, but still a risk), what will happen to my data.
  2. Evernote has to be ever-vigilant for hacking attempts, and they have to win 100% – hackers only have to win once in a blue moon.
  3. As Evernote’s servers are not in Australia, my data may be legally accessed by a foreign government without warrant!

So it was good to see the following paragraph:

In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost. We also have no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed.

The next paragraph, while honest and direct, certainly gave me pause to continue to consider the future of my information storage:

The investigation has shown, however, that the individual(s) responsible were able to gain access to Evernote user information, which includes usernames, email addresses associated with Evernote accounts, and encrypted passwords. Even though this information was accessed, the passwords stored by Evernote are protected by one-way encryption. (In technical terms, they are hashed and salted.)

Just yesterday (before the email went out), I downloaded a copy of DEVONthink, an OSX app that does many of the same things – allowing you to store snippets and documents, easily find them, OCR them, etc. Using DropBox you can sync data between multiple Macs, and there is an iOS app. The latter feels a bit clunky, and looks like you need to sync via Wifi. I hope Dropbox sync is coming soon to that, because my iPad is rapidly becoming my main on-the-go device.

There has been a lot of debate about Evernote vs. DEVONthink, and there are very passionate people on both sides, with some very persuasive reasons for their approach. Evernote’s cloud based storage is both it’s greatest feature and it’s biggest drawback, depending on your perspective. I had planned to use DEVONthink side-by-side with Evernote for a couple of weeks to get a feel for which (if either) is the better approach for me. I still will, but I think I’ll move more sensitive info straight away.

Back to the security issues. I have waiting for a while for Evernote to introduce 2-factor authentication. Google has had this for some time, and Dropbox also introduced 2-factor security in 2012, following similar hacking attempts.

Evernote needs to implement 2-factor security as a matter of urgency.

While I am at it, Apple also needs to implement 2-factor security for their iCloud services as a matter of urgency, particularly if they want Documents in the Cloud to be taken seriously.

Going forward, my personal rule is that 2-factor authentication is a threshhold feature for any cloud based service that I use to store any thing I would consider proprietary or sensitive, let along confidential. I recommend you consider the same approach.

Evernote’s team made some additional excellent suggestions for security:

  • Avoid using simple passwords based on dictionary words

  • Never use the same password on multiple sites or services

  • Never click on ‘reset password’ requests in emails – instead go directly to the service

The first 2 should be an absolute given, but it’s clearly not the case. The third one has tricked most people at least once, making the first two even more important.

Most people I know have a password management strategy that consists of three passwords:

  • a simple “throwaway” password they reuse on most websites
  • a more secure one for some selected sites
  • a most secure one for banking, finance, health, etc

In all three cases, most people re-use the same passwords, perhaps with minor variations.

The hackers know this and have setup ways of “sniffing” passwords. One way is to setup a rogue site, and when users try to sign on, they take the username and password and throw that at other sites, knowing that they will often get a hit. Even if they only get 1% success, they have a starting point. Mat Honan of Wired magazine’s own case teaches us that once a hacker gets “in” at a low level, they can use that information to gradually get full access to your life.

So you need to ensure you don’t re-use passwords, and that those passwords must not be simple. When it comes to hacking and security, most hackers are way better at hacking than users are at securing.

This is where my next rule of web security kicks in – I use 1Password to generate a separate password for each and every site I visit. Of course there are a lot of sites I visited before using 1Password, so once those sites are in 1Password, I can from time-to-time go through and manually change those passwords, starting with the passwords that are least secure.

Whilst on 1Password, I’d recommend that if users want cloud access, they store the 1Password file in a Dropbox account, not iCloud, because of the fact that Dropbox has implemented 2-factor security.

I also have a category of sites that require the highest security, so I have those sorted together into a group in the 1Password app, and I change those passwords twice a year when the clocks change with Daylight Savings (an idea I got from MacSparky).

Clearly this issue has made me re-consider aspects of my own approach to information security, and has reinforced others. I recommend that everyone do the same, and take at least the following actions:

  1. Use only reputable services that provide 2-factor authentication for cloud storage of personal, sensitive or confidential data;
  2. Have a personal password management policy that includes never re-using passwords, and never using dictionary passwords. Use of an app like 1Password, LastPass or similar may help.

The “be alert, not alarmed” approach is the right one. We users need to recognise that information security is a moving target, and that balancing convenience, ubiquity and security is a constantly changing challenge. We need to reevaluate our balance regularly!

\

Send to Evernote as Print Option

EvernoteI’m a big Evernote user, using it a repository for many personal records that I need to have access to, but don’t want the paper clutter in my life (or my house or office). I scan most documents directly to a ScanSnap S1500M in my office, although when on-the-go I use a NeatReceipts scanner.
The PDF’s generated are then moved on each computer (iMac in the office, Macbook Air on the go) using a series of Hazel automations to a Dropbox folder. From that folder, the files are then pulled into my Evernote Inbox notebook for processing. Sounds a little complex, but once setup it all happens seamlessly.

When I receive documents by email (including PDF attachments), I forward those documents directly to an Evernote email address that deposits the files directly to that same notebook. I also use Evernote’s Web Clipper to grab web pages I want to keep for archival records (not for later reading, which I simply use Instapaper for.

This gives me (almost) a single place to drop files for later filing. But I also get occasional other documents that I read on my Mac, but then I want to keep a PDF copy of in my records (regardless of the original format). In the non-App Store version (i.e. non-sandboxed) version of Evernote, I can simply use the Save PDF to Evernote option under the Print > PDF command. In the App Store (sanboxed) version of Evernote, you lose this option.

MacPowerUsers co-host Katie Floyd today made a post showing how to add a Send to PDF option when using the sandboxed version of Evernote:

The solution is simple, you need to create an alias to the Evernote application and drop it into ~/Library/PDF Services. (This is your users library folder for those of you unaware what the ~ means.) This can be a little tricky because is the ~/Library folder is hidden by default in OS X Lion and above. To see it you have to hold down the option key while selecting “Go” in the finder and the Library will become an option. If the PDF Services Folder doesn’t exist, just create it but make sure you title it exactly that.

Total Finder

Another way to see the hidden files is to use the excellent TotalFinder app (recommended by Katie and co-host David Sparks in episode 106 of MacPowerUsers. Once you’ve installed TotalFinder, open up Finder Preferences, and go to the new TotalFinder pane. Then select the Tweaks tab, and check the Show System Files option. Then you’ve got permanent access to hidden system files. (Of course, with great power comes great responsibility). Don’t play around with system files unless you know absolutely what they are, and what you’re doing!

Ultimately, the goal is to capture your documents into an Evernote notebook. Once there, you can use your GTD processing step to move the documents into your reference folders, or of course, action them if there is an outstanding next action!