Ok, listen, I’m not going to get into the details or whatever, but it was recently brought to my attention that I really, really should be backing up my MySQL databases on a daily basis at least.  So here’s the recipe.  Modify and use it for your own purposes, and don’t be as dumb as I am.

Create a directory to hold your backups.
Create the following shell script in your backup directory.  Substitute your own info for the stuff in brackets.

backup_script.sh:

#!/bin/sh
logfile=/[PATH-TO-BACKUPS]/backup_script.log
echo "------------" >> $logfile
echo "Starting MySQL Database backup script" >> $logfile
location=/[PATH-TO-BACKUPS]/backup_"$(date +'%d_%m_%Y_%H_%M_%S')".sql
mysqldump -u root --password='[YOUR-PASSWORD]' --opt [YOUR-DATABASE] > $location
echo "Completed MySQLDump." >> $logfile
gzip $location
echo "GZipped the backup file "$location >> $logfile
echo "Removing backups older than 10 days." >> $logfile
find /[PATH-TO-BACKUPS]/ -maxdepth 1 -type d -mtime +10 -exec rm -rf {} \;
echo "Old backups removed." >> $logfile
echo "Backup script completed on "$(date +'%d_%m_%Y_%H_%M_%S') >> $logfile
echo "------------" >> $logfile
exit 0

Set the permissions to 700, to make sure nobody can see your plaintext MySQL password.

Edit your cron tab to run the shell script once a day (or however often you think is prudent.)

To unzip the backed up SQL file:

gunzip -v [YOUR-BACKUP-FILE].gz

To restore your backed up SQL dump:

mysql [YOUR-DATABASE] < [YOUR-BACKUP-FILE].sql

Take it from me, kids. Only fools don’t back up their work.

 

Oh, Klout.  I want to love you, but you just won’t let me.

Let me begin this post by saying that Klout, the web site that claims to measure social media influence, isn’t a terrible idea.  There’s a really good reason to want a decent methodology for determining influence online.  After all, if you’re going to be spending time and effort to reach out to your audiences through social media, it makes sense to try to target the audience members who are most influential, and most likely to use their influence to talk up your product or service.

The idea is solid.  But Klout’s implementation is terrible, for one simple reason.  Their algorithm is ridiculously bad.

I’m not the first person to point this out.  But until today, I was willing to give them the benefit of the doubt; maybe it works, mostly, with little problems here and there.  But in fact, their ratings just don’t bear any resemblance to reality.

To demonstrate, have a look at the screen caps after the jump.  These were all taken today.

Continue reading


On a journalism mailing list to which I subscribe, the following claim was made recently:
One more thing: the last time I checked, more people used the Yellow Pages as a reference tool than Google.

No contest.

Suffice it to say, I found this claim somewhat unbelievable, since I personally haven’t had a yellow pages book in my home for over ten years now.  I can’t think of anyone else I know who does either.  Last time I used the yellow pages, I was in a hotel room, looking for local pizza delivery.  (That must have been five years ago at least.  These days, I just use the GrubHub app on my smartphone. That way, I don’t even have to take my wallet out of my pocket or talk to anyone on the phone.)

So I decided to check it out.  It’s a claim of fact, so it should be pretty easy to find out, right?

I fired up Google Chrome, and typed “yellow pages statistics” into Google’s search engine, which naturally yielded about 20 million hits.

Some fun facts about the yellow pages:

Considering that Google processes something on the order of two billion searches per day, every day, I’d say the answer is no.  More people use Google these days than use the Yellow Pages.

With the explosion of mobile internet access that has been building for the past few years, I’ve gotten a lot of questions from people lately asking about what sort of strategy they should take in approaching mobile for their news or information site.  Should I develop a mobile version of my web site?  Should I build an iPhone app?  What about Android, should I build an app for that, too?  How much does it cost?  How can I get the best return for my mobile development dollars?

Well, this is a question we’ve been working on at the ABA Journal, and we think we have found a good way to

The approach I’ve been advocating recently is to turn the bulk of your attention to building out the mobile web site, and then using small “wrapper” apps to maintain a presence in app stores.

There are several benefits to this strategy.
  • It’s easy to develop for the web.  After all, you’re already doing it.  You probably have scripts and code to do 90% of what you want your mobile app to do, so why re-invent the wheel?
  • Web development is much cheaper than app development.  You know how your web developer wants $100 an hour?  App developers want more than that, and it takes much, much more work to build out a native app.
  • There’s pre-existing libraries to make your website “app-like”.  I’ve had good success with JQuery Mobile, but there’s also Sencha, JQTouch, iUI, and plenty of others.  Using these frameworks, you can make your webpages touch-friendly in no time.  Plus, they give you access (via javascript) to the device’s internal sensors, so you can use that info in your web app.
  • It’s fast to deploy new features.  If you build out an iOS app, then sign it, get it submitted to the app store, get it approved, and then installed on the devices of your user, you’re not going to want to go through all that time and hassle again in three months when you want to roll out your shiny new feature.  If your apps are just small wrappers pointing to a touch-ified website, when you want to change something, you just change it once, on the web, and the changes propagate through all your apps.
  • All your platforms stay in feature-parity.  Since you’re just changing the web app, every platform gets updated at the same time.
  • It’s simple to write the wrapper apps.  With Phonegap, you can turn your web app into a mobile app in no time.  In fact, using Phonegap Build (their online, web-based compiler), I churned out apps for iOS, Android, Blackberry, Symbian and WebOS in a matter of hours.  No nativedevelopment environment required.
  • No worries about writing custom client-server protocols.  It’s the web, so you use standard web stuff like JSON or XML for client-server stuff.
  • You don’t have to use the advertising software the platform advocates.  That means Apple doesn’t get a cut of your ad revenue, since you don’t have to use iAds.
Downsides?  Yeah, there are some.
  • Web apps are slower than native apps.  For most information-driven applications, this doesn’t matter, but if you need to do heavy math or things like 3D animations and the like, then native is your only choice.
  • Not all features are supported on all platforms.  Blackberries, for instance, don’t have a compass sensor, so you can’t rely on having that input available.
  • Web apps rely on the device’s default HTML handling capabilities.  That can lead to layout differences, etc. so it may not look identical on all devices.  This generally isn’t a problem, if you’re making sure to design your pages to gracefully degrade.
What it comes down to, for me at least, is that native apps are HARD.  For each platform, you have to essentially learn a new language and a new set of tools, or hire someone to do it for you.  Mobile developers are in high demand, so farming it out is expensive. So if web developers can build it out instead, why not go that route?
Anyhow, I’d love to hear if anyone else on the list has any insights on this approach.

Today is the day that much of the internet is going dark to protest the SOPA/PIPA acts in the United States.

I wrote a little piece on it for Acceler8or, and I’ve blacked out my logo for the day.

Please, take a moment to register your displeasure with legislators.  Don’t break the internet.

I like tablet form factors, I really do.  I’d love to get one, but they don’t quite make my kind yet.

I need, need, need for there to be a stylus.  I’m a doodler.  Handwriting recognition is also a must.

I need it to be Android 3.1 or higher

An 8″ screen is about optimal, though I’d go down to a 7.  10″ might be too big for my purposes.

It’s got to have GPS sensors, 3G/4G data (unlimited preferred), wifi, NFS, accelerometers, gyro, etc.  I’m of the MOAR SENSORS! school of thought.

Lenovo has almost gotten there, according to this Ars Technica review, but not quite yet.

Soon though.  Soon.

Look, I’m a tech guy. I work on a lot of computers. I work on a lot of web sites. I try out new web services and products all the time. I pay my bills online, I bank online, and to a great extent, much of my life and work is preserved online.

I have a lot of passwords. I need to keep track of them all, and keep them safe.

I’ve had a password strategy which worked for me for years; I kept several base passwords, which I mentally sorted by level of secrecy necessary, and I’d use variants of those basic passwords to create new ones at the right levels.

So I had a low-security password which I could use across sites to try out new services. I had a medium security password for accounts that were associated with my public face — i.e., Twitter, Facebook, etc. And of course, I had a high-security password which nobody at all knew besides me, and that secured my online banking and financial accounts.

Like I said, this worked for years. If I changed jobs, or if I could no longer ensure the security of a given password, I just had to change that one in my rotation.

There were problems, of course… sometimes I couldn’t remember which variant I had used at which site, what the user name might be, etc.  But overall, it worked pretty well, and I’ve never had one of my accounts hacked.

But we live in a different world these days.

I’ll admit, it was the LulzSec leaks that convinced me to re-think my password strategy. They dumped 62,000 email/password combinations on the web, for a wide variety of sites, and let people run wild with them. My email/password weren’t included in the leak, but it got me thinking about how devastating it would be, should my passwords get out in the public sphere like that. It could compromise not just my own security, but the security of my client’s sites.

So I knew I had to smarten up. I needed a way to secure my ever-growing list of passwords, and furthermore, I needed to ensure that I was using different passwords everywhere.

Beyond that, I work on different machines in different locations, and I needed all my passwords to be accessible to me no matter what machine I was using at the time.

And I needed to secure the whole list in a way which was bulletproof, hacker-proof, snoop-proof.

So the solution I found works pretty well, and I figured I’d share it around. There’s nothing really novel about this solution, but there’s certainly no harm in sharing what I’ve learned. Perhaps it’ll inspire you to do the same. The more people who take their digital security seriously, the less harm hackers/viruses/data leaks will be able to do for all of us.

Step 1: Storage in the cloud.

I need access to my passwords wherever I am, on any machine I’m working on. That means either a) a private server or b) a public service or c) a USB key. I opted for the public service, specifically Dropbox. Dropbox has caught a lot of flack over the past few weeks for significant security breaches, but I knew a way around that (see step 2, below). The important thing was Dropbox would give me access everywhere, and two gigs of storage for free. I toyed with the idea of using a USB key, but I abandoned the idea because it meant I’d have to back it up regularly, just in case I lost my key. I can’t imagine the horror which would befall me if I should lose my only copy of my entire password database down a drain, or something. No, better to rely on Dropbox, backed by Amazon’s cloud storage. But something had to be done to make it more secure.

Step 2: Military-grade security

If I’m going to store my most sensitive information in the cloud, I needed to ensure, for my own peace of mind, that it was really, really, really secure.  I couldn’t just rely on someone telling me it was secure.  I needed to do it myself.

Enter TrueCrypt.  TrueCrypt is free, cross-platform, open source, military-grade encryption software which allows the user to create encrypted virtual disks, or even to encrypt entire drives.  It was perfect for my purposes.

So, after getting my Dropbox account all set up and working on my various computers, I installed TrueCrypt.  The fact that it’s cross-platform is particularly important, since I use a PC with Windows 7 at home, and a Mac running OSX 10.6 at work.

After installation, I created a new TrueCrypt volume in a data file in my Dropbox folder.  I set it up with 256-bit AES encryption, which is approved by the US government for documents up to the Top Secret level.  I also made sure to put both Mac and PC-installable versions of TrueCrypt into an unencrypted Dropbox folder, in case I needed them on a new computer at some point.  I could just install without having to download the packages anew.

Step 3:  A secure password database.

Once again, cross-platform compatibility was absolutely key.  Once again, the open-source community came to the rescue with the really excellent program, KeePassX.  It’s got Mac, PC, and Linux flavors.  It stores your passwords in configurable groups.  It includes a password generator for creating and storing really long, really strong passwords on the fly.  And it stores the database in an AES 256-bit file.

I downloaded both a Mac and a PC version of KeePassX, and dropped both of them into the encrypted container that TrueCrypt created.  Again, this is so if I’m on a strange computer, I won’t have to download new copies of the software.  But you won’t know they’re there unless you’re already looking inside my TrueCrypt volume.

You can unlock a KeePassX password database with a master password.  I chose a really long password (~ 30+ alphanumeric characters) for this purpose.  Actually, this was the hardest part of the whole set up — I wanted a master password which I could remember and type, but which would be long and complicated enough to be virtually un-breakable.

At this point, I felt like there wasn’t much more I could do to ensure security, so I started dumping all my passwords in to KeePassX.  Over the last week, I’ve slowly been adding accounts to the database, and I’ve been changing passwords as I go, to ensure I’m not using the same ones for multiple accounts.  I organized them into groups for work, banking, consulting clients, etc., which makes it easy to find the one I’m looking for.

And so far, so good.

So, how secure is it?

Well, let’s pretend I’m a determined hacker, and I’m trying to get at these passwords. Here’s what I’d have to do:

  1. Compromise the Dropbox account. Considering the security issues, let’s just say this a given.  For the sake of our argument, it may as well have no password on it.
  2. Locate and compromise the secure data file created by TrueCrypt. This part is really tricky, because it’s very, very secure.  It’s extremely unlikely that it could be broken by anyone outside of the NSA, and even then, it could take them years and years of computer time to crack it. However, if they did, they’d still have to …
  3. … Compromise the KeePassX database. Again, AES 256-bit encryption with a very, very long passphrase would protect this file from brute-force attempts for longer than the life of the universe.

What about other vectors? Like, say for instance someone was sniffing my network packets trying to pick up the passwords as they passed over the network?

Well, what’s getting transferred over the network is the TrueCrypt file, which is secure.  Local, cached copies are saved on each of the computers which have connected to it, so the only thing that would be sniffable would be the entire file, which would still leave you with steps 2 & 3 above.

What about if they compromise one of the machines that I have Dropbox installed on?  Again, the TrueCrypt volume would be visible to them, but unless they could get into it, and past still another level of encryption, my passwords are still safe.

Keyloggers?  Well, yeah, this is a possible vector.  If one of the machines I was working on were to have a keylogger installed, then a determined attacker could indeed get both the TrueCrypt password and the KeePassX password, which would let them get into the file.  But honestly, that’s the case no matter what steps you take to secure your information.  Best defense there is to keep the ol’ antivirus software up to date, and to regularly scan the system for malicious software.  Of course, that probably wouldn’t help if, for instance, a government agency were to break into my house an install a surreptitious keylogger on my machine, but if that’s what I’m up against, I have bigger problems than whether or not someone can get into my Twitter account.

Caveats: It seems profoundly unwise to have multiple machines accessing the TrueCrypt file at the same time.  That could, potentially, corrupt the encrypted volume irreparably.  Dropbox does do versioning, so this may not be a gigantic problem, but still, I’m not going to try it.  One machine at a time.  Dismount the TrueCrypt volume before logging out.

Another caveat is mobile access.  TrueCrypt and KeePassX don’t work on Android devices, so I can’t see my passwords through my mobile phone.  I can live with that, however.

So, while there may be no perfect security in the world, I feel pretty confident now that my passwords are all safe, accessible, and secure.  Perhaps that’s the best any of us can hope for, as we watch the continuums of privacy and technology shift under our feet.

Did I forget something? Got a better idea? Let me know in the comments.

 

 

ReadWriteWeb reports today on a study by the Pew Research Center’s Project for Excellence in Journalism.

The takeaway?

According to the survey, 46% of people now say they get their news online at least three times a week, surpassing newspapers (40%) for the first time. Only local television is more popular among Americans, with 50% indicating that’s their regular source for news.

Not to mention this beautiful graphic:

So things are looking good for the web.  Not so good for newspapers.  Even less well for magazines, and worst of all for cable news.

I suspect that a large reason for the 13.7% drop in cable news numbers can be directly related to the perception of partisanship on most of those stations.  At least, I hope that’s the reason — it’s a good one.

Stacks of resumes, CC-licensed image by woodley wonderworks, via Flickr

As I’ve posted below, I’ve left my position as IT Specialist/Web Developer at Leslie Hindman Auctioneers to start my new gig with the American Bar Association Journal.

I made it clear to my outgoing employers that I wanted to do everything I could to make the transition to the next person as seamless and pain-free as possible.  Since they needed to hire a replacement, and I’m the only one with lots of knowledge about technical work, and insight into the brain of techs, I was charged with sifting through the résumés and determining who might be a good fit, and who we didn’t need to bother talking with.

So I’ve been looking at a lot of résumés, and I’ve been assisting in the interview process, and I’ve learned a few things about job hunting.  Most of these are common knowledge, but some might be non-obvious, so take it for what it’s worth to you.

Your résumé is important.  Don’t skimp on the time you spend on it. A no-brainer, right?  But you’d be surprised about how many résumés don’t seem to have had even one proofreading.  Your résumé is the first and most important document the person doing the hiring is going to be looking for.  At least, it was for me.  Make sure your current address and phone number are there, at the top.  Are you applying for a web job?  Include a URL for your personal site, and your facebook/twitter if you use them.  If I’m interested in you, I’m going to google you and find that stuff anyhow.  Don’t have a personal web site?  Then you have no business applying for a web job.  Seriously.

Don’t use one of the built-in templates in Microsoft Word to make your résumé. They don’t look good, and everyone else uses them.  It says, “Hey, I know how to use wizards, but I don’t care enough about this to really spend the time to make it myself, so I’ll be content to look like everyone else.”

On cover letters: Really, shouldn’t we be calling them “cover emails” these days?  Does anyone send a resume in by mail anymore?  First rule: Don’t copy and paste the same cover letter for every job you apply for. Second rule:  CHECK YOUR SPELLING AND GRAMMAR.  Third rule: A bad cover letter won’t keep me from calling you if your résumé is good, but a really good cover letter might get you an interview, even if your résumé isn’t so good.

Guess what?  I don’t need to know every model of Cisco switch you’ve ever worked with.  Familiarity with Cisco hardware is sufficient.

If your educational background includes a school which advertises during re-runs of Judge Judy, and your current job is working at a deli counter at a supermarket, I’m probably not going to believe you have the technical skills I’m looking for.

During the interview, I know you’re nervous, and you’re trying to make a good impression. But if you’re relaxed and conversational, I’m going to like you more. Check out the company’s website before you go in.  Learn a little bit about them.  Have a couple of questions to ask.  Be personable. Let’s have a conversation, not an interrogation. And, while it’s not really necessary, if you send a follow-up email after the interview, it’s going to make me think you care enough to put in a little extra effort.

You’ve had six jobs in the last two years?  Thanks, but no thanks.  Next.

And finally, headhunters are useless. Seriously.  I’ve tried going through headhunters while seeking employment, and it always turns out to be a waste of my time.  Now, I’ve been on the other side of the equation, and I can say that they’re pretty useless for finding good help as well.  They cost too much, they do too little.  Avoid them.

CC-licensed image by Samuel Huron. Source - Flickr

Here’s a great series of articles about how to structure and present information on news websites.

The link will take you to the first of a series of seven posts outlining some pretty advanced thinking about content management, the semantic web, and what makes sense for consumers of web content in terms of navigation, metadata, tagging, and how we generally treat information online.

“Each of the four parts (and two addenda) will look at the current state of things, criticize what’s wrong with our websites and what should change, but I’ll also provide a first stab at a solution. We’ve had enough “journalism is in crisis but I don’t know how to get us out either”-type blogposts lately, so I’m not looking to add any verbiage to that pile.”

This link came my way via Brian Boyer, the guy in charge of news apps for the Chicago Tribune.