The recent implosion of Ma.gnolia and a growing skepticism of entrusting your data to the cloud got me thinking about the data I’ve got that’s “out there.” One particular point of vulnerability is Delicious, where I keep my bookmarks.
Fortunately, Delicious makes it pretty easy to download all your bookmarks if you know what you’re doing. Unfortunately, you have to know what you’re doing, at least a little.
With that in mind, here’s a simple Applescript that any Mac user can run to create a backup. Delicious requests that you do this sparingly, so I’d recommend doing it only, say, once a week.
To make this work, open Script Editor on your Mac (it came with it, and should be lurking about somewhere unless you deleted it) and paste the following into it, changing the username and password. There may be a linebreak on the last line—edit it so that it is all on one line. Save it using “Application” as the file format with whatever name you like—this will result in a mini app that you can double-click to run.
Running it will create a file called deliciousbackup.xml in your Documents folder. That file will not be in the most readable format, but it will have all your data. Each time you run it, it will overwrite the previous version of the file. It would be possible to do multiple snapshots, but I haven’t gotten that fancy.
set thefile to "deliciousbackup.xml"
-- change myusername to your username, keep the quote marks
set theusername to "myusername"
-- change mypassword to your password, keep the quote marks
set thepassword to "mypassword"
-- this is where the magic happens
do shell script "curl https://" & theusername & ":" & thepassword & "@api.del.icio.us/v1/posts/all -o \"$HOME/Documents/" & thefile & "\""
If you use Gmail and have a keyboard with a numeric keypad, try turning on the Labs feature, and then turn on the “Custom keyboard shortcuts” gadget.
This will create a new tab under settings for your keyboard shortcuts. Following is a proposed set of shortcuts allowing for faster browsing and sorting, with what I consider a logical organization. Note that I’m not showing shortcuts for every command, only the ones I propose changing.
|Back to threadlist
|Report as spam
|Move to trash
Chris tweeted that Twitter is “just a toy.”
Well, maybe. But if you really want/need to be reachable and you’re on Twitter (and your would-be contacts are too), it’s a one-stop way for people to message you. Twitter permits one-to-one messages (as opposed to its default broadcast mode), and if you’ve set Twitter up for it, these will be sent through chat, e-mail, and SMS. There are probably other ways to “explode” a message to multiple communications channels like this, but none that I’ve seen. So, chalk up one potentially practical use for Twitter.
This suggests a way Twitter might actually make money, one of the questions its members have been wondering about since day one: quality of service. An organization could move some of its communications onto Twitter and actually benefit from this message-exploding function, but Twitter has been too flaky lately to make that practical. But if business users paid for and received a certain QoS, it might be viable.
Perhaps everyone else knew about this and failed to tell me, or perhaps I knew and then forgot, but the New York Times is making permanently accessible permalinks available for their articles online.
This sounds obvious, but it isn’t. NYTimes.com charges for access to older articles, and up until this change (whenever it was), the only way to bookmark an article in such a way that you’d always be able to get through to it was via a hack.
But they’re getting hipper now, with buttons to directly bookmark to a few social-bookmarking sites (not del.icio.us, too bad for me), and also a “permalink” button. Clicking on that reveals the key to the kingdom, with the welcome announcement
To link to this article from your blog, copy and paste the url below into your blog or homepage. Using this link will ensure access to the article, even after it becomes part of the NYT archive.
I’ve just received my first invitation in the form of a Youtube video. Somehow this feels like a watershed moment.
I was just paying my mortgage online, at the website of my note-holder. Their online-payment system is set up so that once you log in, you are presented with an on-screen facsimile of a check, where you fill in the amount, routing number, and account number of the paying bank. Below that is a field for the last four digits of your SSN and an e-mail address to send a confirmation notice to.
Well, I actually fat-fingered my SSN today, and the page immediately popped up an alert that I had entered my SSN wrong. It seemed that there had been no round-trip to the server to check that, so I checked the page’s source code. Sure enough, I saw this:
if (document.Form1.txtssn.value != "the actual last four digits of my SSN here" && document.Form1.txtssn.value != "the actual last four digits of Gwen's SSN here" )
document.Form1.txtssn.value = ""
alert("Your entry did not match our records. Please enter the last four digits of your social security number.");
Embedded right there in the page asking my for the information is the very information it is asking me for. That’s just a bad security practice in general, but it’s especially bad considering the information in question. Now, admittedly, nobody should be able to get access to my account in the first place, but if they do, the damage they should be able to do should be limited to that website. But the last four digits of the SSN are so widely used as a shorthand identifier these days that the potential for mischief is much more widespread.
I have notified the bank, and will not mention their name just yet.
I’ve been using Flickr to host my photos for some time, and I’ve been happy with it. And it’s one of those rare websites that seems to have established itself almost as a public utility among many people active on the web, so it seems it would be hard to dislodge. But then there are these new kids at Zooomr. Jeremy is intrigued, and as he puts it, “I’m just not sure I’m willing to give even $25 to anyone [Flickr] whose parent company might take a cavalier attitude towards helping people into prison in China.” And, shoot, Zooomr is giving away free accounts to bloggers, so what the heck.
This is an oldie but a goodie, a picture of a friend I don’t get to see often enough, on the occasion of her first burn. The smile says it all.
Bank of America has a smart idea they call “site key” as a defense against phishing. Logging into their site is a two-step process: you enter your username, which takes you to another page to enter your password. On this second page there is a picture that you have previously chosen from among many pictures, accompanied by a descriptive word that you typed in yourself when you chose that picture. Barring a security breach, it would be essentially impossible for a scam artist to reproduce this.
Something like this could be applied to e-mail, to help identify it as legitimately from the bank (or paypal, or ebay, or any other institution susceptible to phishing attacks). When the user sets up an account, they type in a unique, memorable phrase that is completely unrelated to their password. This phrase will then appear in all e-mail from that institution to help identify it as legitimate. I’m calling this key phrase a “mailpass.”
I can imagine a technical objection to this, and a related psychological objection. The technical objection is that with rare exception, mail is not encrypted. So the mailpass will be sent as plain text over unsecured channels, making it vulnerable to interception.
Which leads to the psychological objection. Because a phisher could intercept and use your mailpass, the mailpass would need to be viewed as a necessary proof of authenticity, but not a sufficient proof. This point could easily be lost on a lot of people, and there would need to be plenty of attendant scare-language to the effect that you cannot count on a correct mailpass to be rock-solid proof of authenticity, should always exercise due care against scammers, etc.
But mailpass would definitely make e-mail filtering a lot easier. If I were to get e-mail from paypal that lacked the mailpass, I could confidently route it to the trash without even looking at it. And I can’t think of any other reasons this would be a bad idea, though I’m sure someone out there could.