Skip navigation

Tag Archives: BSD

Starting sometime mid-year in 2011, I began having more ‘stuff’ to do than even my eidetic memory could help with. It’s not that I forgot things, per se, but the ability to mentally recall and prioritize work, family, personal and other tasks finally required some external assistance and I resolved to find a GTD system by the end of January.

Being an OS X user, there are great choices out there (both of those have iOS sister-apps, too). However, I’m not just an OS X user. As I was saying to @myrcurial (and even @reillyusa) the other day, I dislike being locked in to proprietary solutions. Plus, the $120 price tag for OmniFocus (OS X + iPad) seemed like a king’s ransom, especially since I am also an Android user (OmniFocus only has an iOS app) and pay for both Dropbox and various virtual hosts. Believing that I still have some usable skills left, I decided to — as @hatlessec characterized my solution — cobble something together on my own.

Once upon a time, I did maintain a .plan file (when I had sysadmin duties), but really doubted the efficacy of it and finger in the age of the modern web. The thought of machinating SQLite databases, parsing XML files or even digesting bits of JSON seemed overkill for my purposes. Searching through my Evernote clippings, my memory was drawn back to one of my favorite sites, Lifehacker, which has regular GTD coverage. After re-poking around a bit, I decided to settle on @ginatrapani’s @todotxtapps for meeting the following requirements (in order):

  • It uses a plain text file with a simple structure – (no exposit necessary…the link is a quick read and the format will become second nature after a glance)
  • It is Free (mostly) – mobile apps are ~$2.00USD each and if you need more than free Dropbox hosting and want a web interface, there are potential hosting costs. If you count your setup time as money, then add that in, too.
  • It runs on OS X, BSD, Windows & Linux – no platform lock-in
  • It has a thriving community – without being backed by a vendor (like the really #spiffy @omnigroup), a strong developer & user community is extremely important to ensure the longevity of the codebase. Todo.txt has very passionate developers and users who are very active on all fronts.
  • It is very extensible & integrable – I used @alfredapps to give me a quick OS X “GUI CLI” to the commands. I built an Alfred keyword for my most used Todo.txt functions along with a generic one to bring up vim in a window for a free-form edit. Alfred’s shell-commands also give me @growlmac integration (so I get some feedback after working with tasks).

    I also integrated it with @geektool. I won’t steal the thunder from other GeekTool/Todo.txt integration posts (like this one). The GeekTool integration puts my todo’s right in front of me all the time on all my desktops.

    By storing my todo directory in @dropbox, it also makes syncing to my web site and mobile devices a snap.

    On my server, I have a simple cron job setup to e-mail me my todo’s at the beginning of the day (again, so it’s in front of me wherever I look).

  • It runs on iOS AND Android – again, no platform lock-in
  • There’s an optional web interface – the one I linked to (there are others) is far from ideal, but it was quick to setup and has no overt security issues. Properly protected behind nginx or apache, you should have no issues if you need to have a web version handy.

So, while the setup is a bit more than just downloading two commercial apps, it has many other benefits and isn’t too much more work if you already have some of the other pieces in place. If you want more info on the Alfred scripts or any other setup component, drop me a note in the comments.

While I’ve read about many GTD solutions and seen many user-stories of how they met their GTD needs, I’d be interested in what tools you use to ‘get things done’…

In 2011, we saw a large increase in web site exploits that exposed private user data as well as a breakdown in the trust of SSL (for various reasons) and the introduction of real malware on to the OS X scene. If there were just three things I could ask Mac users to do in 2012 to help protect themselves (‘cuz if your a Windows user it’s been game-over for years for you already) these are what they would be.

Secure & Diversify Your Web Credentials

Just like companies have lost paper files—and then laptops—containing private data, web sites have and will continue to leak your information like a sieve. While you should choose carefully which ones you let have very sensitive data (like credit card numbers, government id numbers and health information), you really do need to ensure that you at least use different and “strong” passwords at each site you have an account at to avoid having hackers replay your credentials at other sites.

The easiest way to do this is to use a utility like 1Password (@1Password & usually $50 but is on sale for $30 for a short time) by AgileBits which works with practically every browser and will let you create and use diverse passwords at the click of a button. It even works on your mobile device, so you don’t have to worry about remembering the (necessarily) ugly passwords they end up creating. You can even use 1Password to store secure notes to yourself (say, in the event you need to use complex credentials on systems you cannot install 1Password).

By using 1Password, you will avoid being the in the 60-70% of users who have their credentials stolen and have to worry or scramble because they used the same ones on an array of popular web sites. Windows users can also take advantage of this tool (and there’s a bundle price if you need it for both platforms).

You can do this without 1Password (e.g. keep a text file or spreadsheet in a secure disk image), but the ease of use is worth the price of 1Password. If you do decide to use a more manual approach, generating secure passwords with tools like this one will also help you be a bit more secure than your brain’s “random” sequence generator.

Know What’s Going On With Your System

While the Mac App Store can help ensure you aren’t loading “bad apps” onto your system, the advent of web-born malware for the Mac was seen for real this year and 2012 may prove to be the year we see the Mac becoming more of a target. There’s no guarantee that Mac App Store apps are non-malicious and you really have no idea what the ones you download from third-party sites contain, even if they do the task you want them to. Some apps that you “know” you trust may be sending out “phone home” signals or other non-user-initiated or informed-of Internet communications with unknown payloads.

This is where a cool little utility called Little Snitch (@littlesnitch and $30) by Objective Development can really help open your eyes as to what applications and processes (programs you may not be able to “see” easily without tools like the Mac Activity Monitor app) are trying to do on your network. Their own information page says it better then I could paraphrase:

Little Snitch informs you whenever a program attempts to establish an outgoing Internet connection. You can then choose to allow or deny this connection, or define a rule how to handle similar, future connection attempts. This reliably prevents private data from being sent out without your knowledge. Little Snitch runs inconspicuously in the background and it can also detect network related activity of viruses, trojans and other malware.

Again, you could monitor your Mac firewall logs by hand with the OS X Console application and tweak your own firewall rules, but Little Snitch won’t forget to watch out for you.

Secure Your Public & Untrusted WiFi Connections

While Facebook, Twitter, Gmail and other sites have SSL (https) options (some using it by default), you really need to take control of your own transmission security when not on networks you trust. Why? Well one example is that you may be at a restaurant (as I was with my kids in November) where they terminate all SSL sessions at their border gateway (meaning they could read all the data that should have been encrypted). You also cannot be sure when Facebook is going to mindlessly toggle their SSL settings or when a Facebook application causes the SSL settings to be disabled. Even though SSL is relied upon by pretty much everyone to “just work”, it’s not a given or a panacea.

When on unfamiliar, public or other untrusted networks, it’s truly necessary to take control of the encryption as best as you can and use some type of Virtual Private Network : VPN : setup. While running your own is the only real way to know what’s happening at the VPN termination point, there are reputable services out there who can provide security and that you should be able to trust (at least better than SSL in a Starbucks). One of them—and I believe the most user-friendly one—is Cloak (@getcloak and FREE to $8-$15/month) by Bourgeois Bits.

Once installed, Cloak will detect when you’re on a public WiFi connection and automatically kick in a VPN session. You can start up a VPN session at any time with a single click in the OS X menu bar and also define more granular rules (if you want to). With Cloak, you have no excuse to not take an added measure of security when you’re out and about with your Mac.

You could do this for free (provided you trust your home Internet provider) with many modern routers or even a simple Linux/BSD or OS X box providing VPN services, but it would still not be as simple as using Cloak.

With these three simple steps/apps (less than $100), you will be far less at risk than you (probably) currently are as you run naked & blind across the internet with your password stapled to your forehead.

If you have any suggestions for similar/competing tools or have additional resolutions you think would be helpful to Mac users (or any computer user), drop a note in the comments.