Ctrl-P to print…

Most people don’t think about how their websites or blogs print out. Probably because most people don’t print things anymore. But for me, if I’m starting on a long article, I’ll try and print it so that it doesn’t hurt my eyes.

When I Google related searches, I see people posting thoughts along the lines of:

“Why bother? Nobody prints things anymore.”
Those people are assholes inconsiderate, or ignorant, or both.

I’ve spent a lot of time on the computer over the course of my adult life. Looking at a computer screen, which emits blue light which is harmful to the retina.

I get eyestrain after looking at the screen for a few minutes/hours (depending on the day and how much off-screen time I’ve had to recuperate). So, in the interest of preserving my vision for future decades, I like to print long-ish articles.

There used to be an easy way to print things. Ctrl+P. Or, if you’re on a Mac, CMD+P. It still works, and people still print things.

But websites have gotten uglier over the years. Marketers have taught us that we have to use the sidebar to put an email signup form, as well as “tag clouds”, adverts and all other sorts of nonsense.

For one, it really degrades the readability of a site. But also, it makes web pages really, really hard to print out, if you’re trying to conserve paper and don’t want a lot of nonsense that you’ll just have to throw away.

Some people (developers) use browser tools to remove things they don’t want to see on an ad-hoc basis and print that. I’ve edited websites from 20 pages down to about 3 or 4. It’s that bad.

And this is really an issue of accessibility more than anything. Here’s a good definition from my friends Google and Wikipedia. They seem to know everything.

Accessibility refers to the design of products, devices, services, or environments for people with disabilities. The concept of accessible design ensures both “direct access” (i.e. unassisted) and “indirect access” meaning compatibility with a person’s assistive technology (for example, computer screen readers).

This accessibility problem opportunity is also very easy to fix (usually). The solution? Print media stylesheets, à la the ones you can see here: https://github.com/nmarley/stylish-stylesheets

In summary, my real advice to anyone with a website would be:

Make it so that when a person visits your site and types “Ctrl+P”, they get a nicely-formatted version of your page/site that’s perfect for printing. That’s it. That’s the goal with all of my sites, and hopefully they’re all at least close to it.

Tangent: Sites should be “responsive”, which is an techie term. It means that when someone visits your site on a mobile phone, it should still: 1) look reasonably good and 2) be readable without having to zoom in. Not necessarily the same as the desktop version, but it should satisfy those two criteria. Also, Google thinks so too.

Email Anxiety

Inbox - Email
Breathe while reading your email!

I don’t know if email anxiety is a real thing, but I definitely have it, regardless.

When composing an email, sometimes it takes me one, two, … up to three hours or more. To write an email. Not a long email of a few thousand words (I don’t believe most emails should be that long). Just a simple, short introductory email.

“Hey, how are you? I’m Nathan. I see you’re doing [INSERT COOL THING HERE], I think that’s cool because [REASONS] and just wanted to connect with you. I’d love to help if you need it with [SOME THINGS I CAN HELP WITH].

Anyway, take care,
Nathan

<<--- this template took me 2 minutes to write. An email that looks just like this template, but with details filled in and written completely from scratch, can take me hours to write. My anxiety is that bad. Side note: I really should start using templates like this to make life easier.

I agonize over the process, how will this sound to him/her? What words should I use? What should I say? This is especially true with people that I respect and admire.

Replying to emails is the same way, sometimes even worse. Because someone’s taken the time to write me a message and respond, meaning they at least don’t hate me. They took time out of their day to write me something. So I’ve now got to step up and really deliver value.

I know it’s over-analyzing. It’s really a form of perfectionism. I don’t want to mess anything up, say something one way where it could have been said better, or more elegant, or more precise.

Analysis paralysis – the reason why I don’t get near as much accomplished as I’d like to. But I’m committed to being prolific, so I’ll have to just power through and as my friend and colleague Chiara told me, “I think you need to get out of your head, and get out there and talk to people… just talk to people, I think the biggest thing that’s holding you back is this perfectionism. You need to practice moving fast.”

I also have this internal rule where I always reply to emails unless I think it’s spam (like from a tech recruiter — those people really are the worst). So, if you’ve emailed me and I haven’t replied, and the email warrants a reply, then it really is on my TODO list, promise. It’s likely that I respect and admire you, and just haven’t had the time (read: hours) to sit down and craft a well-written, perfect response to you, because that’s what you deserve. I’m sorry, I do want to write back to you, and I will eventually.

So my challenge for today is to:

1. Get this post up & published, and:
2. Get to Inbox zero — reply to all emails where I’ve been putting off emailing them (which is why my Inbox isn’t at zero now).

Thanks for reading, thanks for understanding, and you’re awesome.

Illustration credit: Marie-Chantale Turgeon – Breathe while reading your email!

Be Ruthless with your Email

Email is sacred ground. It’s where you get important notes from friends and family, as well as the businesses and organizations that you care about.

But for a lot of people it’s become a wasteland, a junkyard to be traversed, only every once in a while finding a gem here or there.

Me? I’m ruthless with my email. If any company, organization, or marketer sends me something that I don’t want to receive even once, they’re gone. Done. Unsubscribed. I don’t care how much they might have improved my life or condition. By giving over my primary email address, for any reason, I’ve given you my trust, and that doesn’t come lightly.

Once you violate that trust, even one time, you’re done. Gone.

I signed up for Medium.com the other day, just so that I could get set up for publishing some articles there in the future. And less than 24 hours later, got an email with “stuff I might like”, or some such nonsense. Bam! Gone. If I want to waste my time going through “stuff I might like”, I’ll search for it myself and on my own time.

Email is sacred. It’s my own place to receive asynchronous communication when I feel like it and when I’m ready to do so. Not somewhere you can get more eyeballs on your content on a regular basis. I trusted you, and you let me down. You don’t get a second chance. I’m through with you.

I use Gmail, and they have a nice “Spam” button. It’s real nice when you’ve committed to being ruthless with your email purges.

Nowadays, my primary inbox is pretty clean. It’s only used for communications that I want in there. If I do want to collect marketing or autoresponder emails for future use, I use another “fake” email address. Not an actual fake one, but another one that I’ve set up that’s not my primary one.

My primary email is sacred. I try and treat it well, to keep it spotless, and in return I have a lot more mental clarity and less clutter when checking my email. I can visit my inbox, do what I came to do, and then leave. Less distraction, more productivity.

10 Ideas to improve your site’s SEO

SEO
SEO

I wrote these ideas for a local photographer that I know, who was asking on Facebook about SEO for her website. But since I think they’re pretty generic, these could apply to just about anyone with a local business. So I’ll just share them on here for everyone, and point her to this post.

SEO is basically broken into 2 things:

1. How relevant is your site’s content to the people searching for it?

You improve this by optimizing your site – content and meta information (e.g. meta tags, internal links to other pages on your site, etc.)

2. How popular is your site? (Sites with the same relevance, but more popular = higher in Google results.) This means how many “backlinks” your site has, which is other people/websites linking back to yours.

You improve this by what’s called “link building”.


Anyway, without further ado, here’s a list of ideas that might help improve any site’s SE rankings.

  1. Ensure your keywords/phrases that you want to rank for are somewhere on your site. Bonus points if in your meta description and in an h1 tag on the page. Keyword phrases are what you type in to google when you want to find your site, e.g. "Northwest Arkansas Photographer", or "Portland Wedding Photography", or whatever. If you know your keywords, you can run a free report here for your site: https://juxseo.zoomshift.com/. But this report will only analyze your page content, not your ranking in the SERPs.

  2. Get lots of (legitimate) links from other sites back to your site. In the SEO industry, we call these "backlinks". The link text should be your keyword phrases mentioned in #1 above.

  3. Have profiles for your business on all social media sites and somehow integrate those with your site, or at least link back to your site.

  4. Make sure you have a responsive theme. This just means that your site is easy to read on a desktop and on a phone, iPad, tablets, etc. Google has started giving preference to sites which have responsive themes, and people viewing your site on mobile devices will appreciate it too.

  5. Make sure your site loads fast. (Google has indicated site loading speed is one of the signals that it uses to rank pages.) Large images/files can be hosted on a CDN. You can see https://moz.com/learn/seo/page-speed for more info.

  6. Make sure your business is registered w/Google business. This will help ensure you’re on the "map" that shows up in the results, and lets Google know you’re around.

  7. Add your site to Google webmaster tools.

  8. Make sure your robots.txt allows indexing (this is easy and can be done from Google webmaster tools).

  9. Create a sitemap for search engines if you don’t already have one.

  10. Are you publishing content to your site on a regular basis? If so, this would result in more frequent search engine visits.

  11. Another suggestion – submit articles to high-profile sites like medium.com & link back to your site

  12. Along the same lines, guest posting to other people’s sites (e.g. other photographers who get a lot of readers) helps, as you get a link back to your site (this is part of link building). All links back to your site are good as long as they’re genuine and not spammy.

Most SEO consultants/services will offer some suggestions like the above, they might do it for you, and they’ll probably deliver ranking and content reports as well. They’re probably just buying these white-label from moz.com, which is the de-facto authority (besides Google themselves) on SEO.

Of course, I’m probably forgetting some things, but this should cover the basics.

Ok, bye.

Photo by Steve Rotman

Open Financial eXchange (OFX) is Broken (Online Banking Security is a Joke)

Hacker Rene

Am I the only person in the world who thinks that it’s utterly ludicrous that we have to give our passwords to sites like Mint.com so they can help us keep track of our spending habits? Surely I can’t be the only one. It’s like giving away the keys to the kingdom.

It kind of irks me a little that if I want to use a site like Mint.com to track my spending habits and help me keep my budget in line, I have to give my username and password over to them.

In fact, the way the underlying technology works, Mint.com must keep our passwords stored in their system. Not just a hash, but the passwords themselves, since that’s what they have to use in order to access our bank account info. They are stored encrypted, no doubt, but the have to be decrypted in order to be used (see below).

Mint.com has worker programs, “robots”, if you will, which log in to our bank accounts the same way we do (well, not really, but I’m simplifying for the general public), so they have to be able to authenticate as ‘us’. But the problem is, those username/password combos aren’t read-only. Mint.com may tell you that they have read-only access, but that’s just not true. Anybody who hacks Mint.com’s database, and is able to decrypt those passwords, has full access to the corresponding bank accounts.

The technology which enables this log-in that Mint.com and other financial websites use, is called OFX, which is short for Open Financial Exchange.

The part that requires the username and password for every transaction is described in the OFX ‘security’ page (emphasis mine, and BTW, what a fucking joke):

Authentication enables the recipient of a message to verify the identity of the sender. For example, a financial institution or third party processor authenticates a customer by requiring the use of a password and user ID with each transaction. A customer’s application authenticates a financial institution or third party processor by verifying the institution’s digital certificate.

That technology was developed about 10 years ago. (The website looks about 10 years old too — just take a look.) We’ve evolved since then. Technology has evolved. Why the hell has the banking system not caught up yet? (Hint: it’s not in their best interests to improve the security of your bank account. They would have to pay the cost of securing your account, while not seeing any reward for it.)

This should immediately set off red flags for any information security professional. An obvious way to mitigate this risk is to simply enable customers to generate a read-only API key on the bank end, then give out that read-only API key to any party that they wanted to share their info with, on a read-only basis. This would be true read-only access. But that is something that banks themselves would have to implement, and they’re too busy raping the general public with ridiculous fees for things like debit cards, and simply having a deposit account in the first place.

The Solution

The solution? A successor protocol to OFX which requires banks to implement read-only API key access, and which can be controlled by customers, e.g. by allowing depositors to generate their own unlimited number of API keys, read-only or not (depositor’s choice).

A standard has to first be put in place. It would specify that usernames/passwords are no longer allowed, period. All account access would be via API keys, which would be generated on the bank end, controlled by the clients (depositors), and either read-only, read-write, or other combinations. They could be extensible so as to plan for the future.

Then, make all the banks follow the standard. Fines of $XX,XXX,XXX per day after a X-year grace period which allows all banks ample time to convert from OFX to the new standard, NOFX (New OFX).

Hell, I don’t know. Just something. But please, do something to protect the people, instead of just considering the up-front cost of implementation. (There are hidden costs of not implementing something like what I’ve suggested, but most individuals and businesses won’t see them until it’s too late).

Note: This solution isn’t going to happen. This is just an ideal scenario. The banking system is going to be transformed, but not from the inside, not by anyone who had anything to do with this. Technologies like Bitcoin and other cryptocurrencies and trustless systems are going to render insecure protocols like OFX useless. The funny thing is, it’s because the current system will never change which is the reason why it’s going to be pre-empted and destroyed. The market will find a solution.

Bitcoin eliminates PCI compliance

I was just reading up on wrapping APIs and just came to another realization regarding Bitcoin. In a payment system using only Bitcoin, there is absolutely no need for PCI compliance. Zero. That’s right:

Bitcoin eliminates PCI compliance.

There’s no private data to store. No customer data exists that a criminal can then steal and rack up charges. Since Bitcoin payments are a push from the customer, instead of a pull from the merchant, there’s no need for any PCI compliance. Customer security is simply “baked in” to the protocol.

Think of how many millions (probably billions) of dollars are spent by large corporations every year, just to be PCI compliant. I know first-hand that the largest company in the world spends (at least) millions on PCI. There are yearly audits, infrastructure costs galore. All CC data must be encrypted. It’s a huge freaking hassle.

And forget about the small guys. There’s no way small businesses could ever hope to store CC data themselves (and be in compliance with PCI standards) — which is why they have to rely on companies like Stripe and Braintree to accept credit card payments.

I like Stripe and Braintree, but I like even more the fact that millions of dollars can be saved simply by using Bitcoin.

Things like this are what makes Bitcoin so amazing. This is just one example. Bitcoin takes everything we think we “know” about electronic payments and flips it on its head.

Here’s why Bitcoin will change the world…

As I’ve said before, a lot of people a lot smarter than me could explain Bitcoin a lot better than me… so I’ll leave it up to them.

Both of these videos feature Andreas Antonopoulos, a network and security professional and major Bitcoin evangelist.

Watch This First

The first clip is Andreas speaking at the Milwaukee Bitcoin meetup a couple of weeks ago. You can start watching at 47 minutes and 15 seconds (the link should take you there).

Edit: Ok, I can’t figure out how to the get damn player to start at exactly 47:15, so if it doesn’t take you there, just fast-forward to 47 minutes in.

I have also extracted the audio for anyone interested in just listening to it, which you can get here (trimmed to only include Andrea’s talk):

Watch This Second

Now that you’ve drunk some of the kool-aid, you’re ready for the second round. This one is more intense, and more exciting. You’ll be wanting to pour (fiat) money into Bitcoin after watching this one. This interview discusses the recent failure of a Bitcoin exchange known as MtGox, infamous for their incompetence.

It’s an hour and a half, and I suggest you watch the entire thing. It’s worth it, I promise.

Bitcoin

I’ve refrained from posting about Bitcoin until now, mostly because I haven’t had time, which is to say that it hasn’t been prioritized. I have also refrained from posting because I’ve been considering a site re-design, and didn’t want to take the time to mess with it. But I’ve got too many thoughts which I need to get out, plus the “Twenty Fourteen” WordPress theme is pretty clean and simple. I like it. Anyway, here goes…

What is Bitcoin?

So many people have given explanations for this, and all of them a lot better than anything I could write here. According to Google:

Bitcoin is a peer-to-peer payment system and digital currency introduced as open source software in 2009 by pseudonymous developer Satoshi Nakamoto. It is a cryptocurrency, so-called because it uses cryptography to control the creation and transfer of money.

Bitcoin is protocol, a type of electronic money, a payment network, a distributed timestamp server (at it’s core), and much more. It’s an entire infrastructure, and it’s completely distributed and self-healing. I recommend reading the Bitcoin whitepaper if you’re completely new to Bitcoin if you haven’t read it. I promise it’s short.

Also, check out http://www.weusecoins.com/en/

Bitcoin is the future.

It’s a Libertarian’s dream, a crypto-nerd’s fantasy, and the great equalizer for the common people. Bitcoin is a payment network, a currency (if you want it to be) and a store of value (much better than those worthless paper notes in your wallet and in your bank accounts). Most people focus on the currency aspect of Bitcoin, and its value relative to the US dollar. It’s so much more than that…

Bitcoin can’t be seized (stolen).

Ok, that’s not entirely true. Bitcoin can be stolen (just as the FBI stole the Bitcoins owned by the operator of the Silk Road). But as long as you’ve taken appropriate security measures, your Bitcoin is safe in your hands. Or on your computer.

Here’s an excerpt from an article by attorney Mark Nestmann that I read yesterday. (You can read the article here.)

…cases like that of Emiliano Gomez Gonzolez, who had the misfortune of being stopped by cops in Nebraska – a state where police get to keep what they seize. State troopers found bundles of currency totaling $124,700 in his car.

Police seized all the money, alleging that it was the proceeds of drug trafficking. Gonzolez tried to get it back in court but lost his case, despite the fact that police found no drugs, drug paraphernalia, or drug records connected to the cash. Nor was he ever accused of any crime. And the Nebraska cops kept it all, less a 20% commission paid to the feds for their assistance in prosecuting the case.

Mark then makes a case for opening a foreign bank account and stashing some of your savings there as a solution. Of course, Bitcoin makes this a non-issue. If the driver had instead been holding his $124k+ in Bitcoin, it simply could not have been seized (as long as he had secured his Bitcoin). Money in foreign banks, however, can be seized by the foreign government which regulates that bank, or by the bank itself, as we saw in Cyprus in April 2013.

Bitcoins are limited

There will only ever be 21 million Bitcoins in existence. Due to the mathematics and cryptography behind Bitcoin, they can’t be copied or created out of thin air. This is a good thing. Since Bitcoins can’t be conjured out of thin air (unlike US dollars, British pounds, Euros, etc.), they retain value.

Bitcoin is global

Bitcoin is global, can be used anywhere in the world, and has value anywhere in the world. Take Chile, for example. What’s the point of holding Chilean pesos if I ever get into a bind and need money here? Chile just elected a Socialist president — what’s to stop her government from dipping into your bank account, just like in Cyprus? The Chilean government can’t dip into your Bitcoins without your approval. They won’t even know you have Bitcoin unless you tell them.

A few predictions

It’s currently January of 2014. My predictions are thus:

  • Within the next 2-3 years, at least one other “developed” country will enact a Cyprus-style bail-in. Probably France. The US will eventually do it also, for the sake of “national security” of course.
  • With Bitcoin, there’s no more need for money transmitters (since that’s baked into Bitcoin by default). Western Union? Gone with the next 5 years. Maybe within 2-3, depending on how fast the world adopts crypto-currencies.

<tl;dr>

Bitcoin is the future. It will destroy banks. It will change the world. Crony-capitalism, in it’s current form, will be finished.

My Wife Has a Website

A few months ago my wife began her quest toward becoming a full-fledged web developer.

She’s now got a good basic understanding about computers in general, and today she set up her very own website (without any help from me!). The link to her site is here:

http://huckleberry.site44.com/

Needless to say, I’m very proud of her and wish her continued success on her long and rewarding journey.

Firefox, You’ve Done It Again

The Problem

After upgrading to Firefox 24, some fonts weren’t displaying correctly in one of my own websites. I was referencing a Google fonts URL in my CSS, because they’re so pretty. And free. And apparently a security risk, according to the new Firefox default settings.

The Fix

1. Type about:config in the address bar.

2. Search for “security.mixed_content.block_active_content”, set to false.

For the love of G-d, Firefox devs, please stop trying to protect us from ourselves. It’s ok. We know what we’re doing.