Nurse & Soldier: LP & Tour

Last summer, I did the layout for Nurse & Soldier’s new LP, “You are standing behind the curtain”:

a0253962933_2

Last fall, I started playing drums with them.

This winter (i.e. this week!) we’re doing some regional touring:

Friday 1/17/2014 Pistol Pete’s Portland, ME Details
Saturday 1/18/2014 Secret Project Robot Brooklyn, NY Details
Saturday 1/18/2014 Death by Audio Brooklyn, NY Details
Sunday 1/19/2014 Deep Thoughts Boston, MA Details
Nurse & Soldier: LP & Tour

Why I went back to one monitor

While the idea that more desktop real estate means higher productivity seems sound, in practice I found it mostly just invited distraction.

The fact is, I can only look at one monitor at a time, so whether I’m turning my head or using a keyboard shortcut, I’m not ever going to be able to see code and output simultaneously without putting those two windows on the same monitor.

So more often than not I just used the extra monitor to keep email or social media open constantly, inviting those things to distract me or, worse, trigger a stress response via peripheral vision.

In short: Mo monitors, mo problems.

Why I went back to one monitor

Help me find the flaw in this authentication paradigm

Recently, I tweeted this:

It prompted a discussion with my super-colleague, Mark, about why no one has implemented that as an authentication process yet. Consider a process like this (I’ve bolded steps that the user would actually see):

  1. User enters email address, clicks LOGIN.
  2. User is prompted to close their browser tab or window, then go check their email.
  3. Cookie is set on user’s browser.
  4. User clicks time-sensitive, encrypted link in the email which opens a new tab or window.
  5. Cookie and link are required to actually be logged in.
  6. User is logged in.
  7. Server is flushed and encryption algorithm changes.

Four steps.  No passwords.

So, what is the flaw in this process? How is it not both as quick and as safe, if not safer, than the existing authentication paradigm of creating a new password every time you go through the forgot password flow?

Just to be thorough:

  • What if I type in the wrong email address? That would send an email to an account you don’t have access to and would thus prevent you from signing in as that account-holder.
  • What if my email gets hacked? First of all, the links in these emails are active for a brief window of time, say 30 minutes at the very most.  Second, if your email has been hacked you are already screwed because the hacker can reset your password to every account in the current paradigm anyway.
  • What if your server gets hacked? Again, the generated url is valid for a very short time and is then completely erased from the server.  Also, logging in requires not just that url, but also the presence of a cookie on the same machine.  Further, the algorithm changes constantly. Thus, it would have to be an inside job performed in under a minute, just to gain access to a single login. Not a very economical way to make a living.

Help me find the flaw in this because, for the life of me, I can’t figure out why every website doesn’t already work this way, saving us all from the utter farce of passwords.

3/4/2013 Update:

Thanks to @andystalick for pointing out the post I had been searching for before writing this one: Is it time for password-less login? Its follow-up is also essential: More on password-less login.

And more on why we need SOMETHING other than the current password system: 30 years of failure: the username/password combination

Help me find the flaw in this authentication paradigm

How to Get Things Done

I’ve been freelancing for about two and a half years now. Here’s what I’ve learned so far about staying productive:

The Freelancers' Union is really rad.

  • Make yourself accountable to someone else.  Schedule regular check-ins with the people you are doing work for since you’re unlikely to want to show up to those empty-handed.  If you’re not working for anyone, schedule presentations to update your family or friends on your progress. Social pressure is an amazing motivator.
  • Break down larger projects into discrete chunks and assign each chunk a deadline.  Projects I haven’t broken into manageable sub-tasks are less likely to ever get started, and tasks that have no deadline are unlikely to ever get finished. It might feel overly forced at first, but once your calendar/to-do list is calling the shots, it takes on its own air of authority.
  • Schedule meetings in clumps. Nothing breaks up my concentration as dramatically as meetings. Since one meeting can derail an entire day, why not just plan them all on one day? Then I don’t expect to produce anything and am not disappointed in myself when I don’t.
  • Get structured about email and social media. The constant stream of activity is hard to tear yourself away from, so make some rules.  Unless it’s an essential tool in your work, don’t look at Twitter or Facebook until after lunch (at the earliest).  Get good at delegating emails.  99% of them don’t need an immediate response, so star them and get back to work. Better still, schedule intervals for looking at your email; try first thing in the morning, after lunch, and at the end of the day.
  • Keep in mind what your productivity killers are.  If you know your enemy, you’re much more likely to be able to defend yourself against it.  E.g. when a meeting ends, I know I have to really concentrate on getting back on track because I’m especially vulnerable to distractions at that moment.

Now stop reading this and get back to making stuff! ;)

How to Get Things Done