How I read and share stuff online

Image via CrunchBase

I read and share a lot of news on FriendFeed. It seems that every other day someone posts to one group or the other about new ways of reading and sharing items, so here’s how I do it. I’m not advocating anyone else do the same, just showing how I take care of things on my end:

 

Step 1: Subscribe to feeds in Google Reader

 

Step 2: Create a folder in Google Reader for the feeds that I want to keep up with

I’m one of the probably few users who deliberately subscribes to a lot of stuff I actually don’t read. Explanation after Step 5 below.

 

Step 3: Make the above folder a “public” metafeed

To do this in Google Reader go to Settings –> Folders and Tags. Beside the folder name is the option to make the feed public. Note that this doesn’t make my feed visible to search engines. It’s (nearly, because some very smart person could try) impossible to get to the feed without knowing the URL.

The resulting “public” feed is an aggregation of all the feeds in the folder I created.

 

Step 4: Subscribe to the public metafeed in Newsfox

This is what the above looks like:

As you can see, Newsfox has a 3 pane view that allows me to see the source of each item in the aggregate feed as well as the contents of each entry all in one tab. I have the content display option set to Text to make loading faster, but you can chose to load the actual page too if you wish. I also like that I can see the number of unread items at any time by looking at Firefox’s status bar. I’ve configured Newsfox* to automatically refresh the feed and delete read items every 10 minutes.

 

Step 5: Share!

When I see an entry I want to share, I open it in another tab and invoke the FriendFeed bookmarklet using Shareaholic (the little green icon to the right of my address bar above). The bookmarklet is my preferred way to share on FriendFeed because I can manually pick the text and images I want to include and post to several groups/people simultaneously.

And that’s pretty much it.

 

For those of you wondering why I don’t actually read the feeds in Google Reader, there are several reasons for that: 1) Reader is browser based and slow compared to a local newsreader. This is why I don’t use Feedly either. 2) A lot of what I subscribe to in Reader is actually filesharing blogs (for searchability purposes, I’ve written a guide for using Google Reader to find music/movies/etc. here) that aren’t really meant to be “read”. However, Google Reader includes them in its Unread count, which gets annoying 3) My primary audience is on FriendFeed.

I don’t use FriendFeed as my newsreader either because 1) the refresh rate isn’t configurable 2) Unlike Newsfox and Google Reader there’s little native support (yes, I’m aware of FeedBuster) for displaying the full contents of each entry and 3) FriendFeed wasn’t developed to be a newsreader in the first place.

*Newsfox is has more options than you can shake a stick at – you can set it up to behave a lot differently than I have.

Reading between the lines on UAC

Image via CrunchBase

If you’ve been following Windows security, you probably may be very confused by the latest statements on the subject both from inside (Mark Russinovich) and outside (Long Zheng) Microsoft.

Here’s what I think you should know. Most of this is my interpretation, but from Mark Russinovich’s article and Microsoft’s repeated tiptoeing around the subject, I don’t think you’re going to get straighter answers from anywhere else, since there’s a lot about UAC that MS can’t say directly for marketing reasons.

 

If, as Mark said, UAC isn’t a “security feature”, then what is it?

UAC’s point is to inform the user when a process is trying to effect a change that could affect the integrity of the system. In layman’s term’s, UAC warns the user when an application is trying to do something that requires administrative rights.

EDIT: UAC also prevents standard users from hosing a system/changing critical settings without admin consent.

 

But isn’t that a security feature?

That depends on semantics. To an informed user, it is. To a less savvy user, it’s more of an annoyance than anything else. I’ll explain what I mean by what I call The Girlfriend Example:

Imagine that your girlfriend arrives at your house and wants to come in. Does the number of locks on your door or the fact that you may have an alarm system prevent you from letting her in? No, as long as you are convinced the person outside is your girlfriend, you let her in whether it takes 5 seconds to open the door or a full minute to unlock it and disable the alarm system.

UAC functions much like the locks/alarm system for your house. The “girlfriend” can be any arbitrary program you implicitly trust. The point is: once you trust a process to be benign and deliberately run it, it doesn’t matter whether UAC (the door/locks/alarm of the house) is enabled or not. You’ll run the process anyway, and it will be able to do whatever it wishes with your system.

Continuing our girlfriend example:

Your girlfriend enters your house, except that it’s not really her. It turns out to be an armed robber who looks like her. You get jacked. Is this the fault of the alarm system? No, it’s your fault for being fooled by the robber. This is because, philosophically speaking, regardless of whatever alarms or locks you have on your front door, you have the final authority on who enters your house.

The same is true with your PC. Regardless of UAC’s complexity, your system is yours. The most it can do is warn you when a process is “at the door”. It’s up to you to determine whether the process in question is safe or not. That’s where the “informed user” part comes in. An informed user is able (note the italics, there are informed users out there who don’t use UAC) to figure out whether a certain process is harmful or not, and therefore use UAC to stop the bad ones. A less informed user simply thinks UAC is getting in his way.

UAC will NOT tell you whether or not skytools22h.exe is safe. All it tells you is that skytools22h.exe wants access to your PC, thus giving you the option to stop the process before any damage is done

 

If UAC functions like an alarm system, why are MS representatives saying that it’s not a security feature?

That’s because of the above example. UAC may alert you, but it won’t prevent you from doing anything you really want to do, i.e. if you want to break your own system’s security, UAC doesn’t prevent you from doing so.

To help understand this point, consider what would happen if admins could only run what UAC allowed them to. That wouldn’t be workable as it would mean that Microsoft effectively controls what users can and can’t do with their own systems.

The admin user is the final authority when it comes to the system, and UAC embraces that fact by allowing the admin to scuttle the system if he so pleases, even if the scuttling is a result of ignorance.

 

Why did MS add auto-elevation to Windows 7?

This is the easiest question to answer: because of the vocal idiots – I’m not mincing words here – who decried the feature in Vista due to the number of prompts. So now, instead of warning you every time any process needs admin rights, Windows 7 will by default grant some Windows processes admin capability. This reduces the number of UAC prompts users see, but at the expense of informing them of exactly what is going on and result in the situation described in Long Zheng’s post.

 

Is Windows 7’s default UAC mode a vulnerability?

That depends on your “house” rules. If you think of your PC as a hypothetical house where you allow trusted friends to come and go as they please, then it’s perfectly fine. The problem with this approach is that you could have undesired guests. Of course, as Russinovich points out, exploiting this loophole requires “deliberate” action. Unfortunately Mark doesn’t explain what “deliberate” signifies, but it probably means that the exploit requires user action. Which could include navigating to an infected site.

If you prefer to know every time someone drops in, then it’s a vulnerability.

That said, let’s just call a spade a spade: MS turned down the volume on UAC in response to complaints about the number of prompts. But I don’t blame MS. I blame the idiots who complained loudly about UAC in the first place before trying to see exactly how it benefited them. I blame the total retards who disabled the system, thus resulting in MS’ telemetry indicating some users run Vista without it anyway. I blame the bastards who raised hell that XP was better than Vista because it didn’t “annoy” users with UAC prompts.

Had MS stuck to their guns on Vista’s version of UAC, I’d be willing to bet Windows 7 would be getting nearly as unnecessarily bad a rap as Vista often does currently. This is because pre-Vista Windows users aren’t used to UAC prompts and are therefore annoyed by them.

 

Does this mean Windows 7 is less secure than Vista by default?

In practice: No. You see, the conversation about UAC misses the point that a 7 installation will have Windows Defender, if not also some other real-time antivirus/antimalware installed by the user or shipped with the system. Thus, it’s likely that a fully patched (both Windows AND the security software) system would be able to detect and neutralize malware before it does damage anyway. Of courses, MS isn’t going to say that because one the common knocks against Windows is that you need antivirus to run it safely* (as much as I hate to say it, this is true).

In theory: Yes. A loophole is a loophole. Period. And if you want to close it, I’d suggest you change 7’s UAC settings to match Vista’s immediately upon first run. That’s what I’ll be doing for sure.

 

Am I completely safe if I change 7’s UAC settings to match Vista’s?

Nope. Someone with no access to your house can still trash your lawn and as Mark pointed out in his blog there is plenty of damage malware can do without admin rights, such as wiping out your personal files (this is theoretically true for all OSes).

Bottom line is: there is NO OS out there, Windows, Mac or otherwise, that will can be safely and securely used without safety and security* in mind. In other words, regardless of what you’re running, you still need to beware of sites you visit, files you download, and programs you install. This is because, as stated at the outset: you are the final authority for your machine. Lexus, BMW, etc. may add all the safety features imaginable to their cars, but that doesn’t prevent a suicidal driver from running one of their vehicles off a cliff. All OSes may make it varyingly difficult for you to hose them, but a determined ignorant user with admin rights can - and will - still do so.

Currently no major OS on the market has remote vulnerabilities. Which means you and me, the users, are the weakest link. Goodbye :P

*Please not the difference between “safety” and “security” as used here. Security is an intrinsic property of the OS, while safety accounts for malware and other external threats.

Reducing Noise in FriendFeed

Image via CrunchBase

I love FriendFeed. I hate the noise on it. And by noise I mean repeated posts about the same fucking thing, or on stuff I don’t give a shit about. This attitude cuts both ways: I’m sure there are a lot of users out there who have very little interest in most of what’s on my feed, or can’t stand something else about my profile, such as my userpic. That’s ok with me. Anyway, here’s how I deal with the noise:

1. Subscribe to Groups, not people

   I actually DO subscribe to other people for the sake of politeness, but only a few of those are actually on my Home Feed. The others aren’t on any feed at all. By keeping only Groups on my Home Feed, I get more of what I’m interested in (subject matter/topics) and less of what I’m not (where you are/what you ate this morning).
   
   And yes, this cuts both ways, duh. I don’t expect everyone out there to be interested in what I’m listening to or what I’m doing throughout the day.
   
   

2. Blocking users

   There are some users who insist on posting outdated or duplicate stuff to rooms, often with the excuse that it’s FriendFeed’s responsibility to automatically collect similar stories. I have 3 things to say to that: a) FriendFeed already groups similar posts b) The fact that the service lacks a particular feature doesn’t give you the right to ruin the experience for other users. Stop being a lazy fucktard and check your groups before you post to them c) BLOCKED
   
   And another thing: as someone who’s been participating in internet forums for years, I’ve seen my share of annoying avatars in the past. But few things are more irritating than one that appears repeatedly in your Home Feed with useless posts. Emphasis on “with” in the above, just having an unattractive avatar isn’t sufficient to get you blocked. But if your avatar’s unattractive AND you post useless stuff, guess what? Blocked? Yep.
   
   PSA: IF YOU CAN SEE MY FRIENDFEED, I HAVE NOT BLOCKED YOU, SO DON’T FREAK OUT.
   
   As before, I’m aware that my userpic may be offensive to some people too. That’s cool with me. In any case, I make exceptions for users who consistently submit sensible stuff.

Since I am net exporter of news, i.e. I tend to submit more to FriendFeed than I actually get from it AND most of my news comes from external reputable RSS feeds, I can easily take the above measures without missing anything important.

I’m not advocating everyone else do the same as myself, but if you’d like to see more of what you care about and less of what annoys you, those are a couple ways of doing it.

How To: Filter FriendFeed with Yahoo Pipes

Image via CrunchBase

A personal annoyance with FriendFeed is that the Home RSS feed gets updated when I post something. This isn’t a bad feature per se, but if you monitor your Home feed in an RSS reader, being alerted every time you do something is like being told what you already know.

Fortunately, you can fix that with Yahoo Pipes, which allows you to filter any input newsfeed via a variety of criteria. I built a Pipe that filters out my own entries from a search feed for the term “Google”, resulting in a feed that updates only when someone else posts to it.

Obviously, this method can be extended to filter just about any FriendFeed RSS feed for anything, so it’s generally applicable.

Step 1: Clone the Pipe I built

 

Step 2: Insert the FriendFeed newsfeed you want to filter in the Fetch Field module

 

Step 3: Edit the filter as you wish

If you want to filter your own items out, enter “You:” as I did. If you want to filter items from another user, enter their FriendFeed username followed by a colon, such as “User:”, and so on

 

Step 4: Save the cloned Pipe and go to its page

 

Step 5: Click “Get as RSS” to get the address of the filtered feed

The concept is pretty simple, using only the Fetch Feed and Filter modules. Enjoy :)

Google gets a suit and tie for work

Image via CrunchBase

Back in 2006, the Washington Post published an article on Google co-founder Sergey Brin’s net neutrality lobbying trip to the nation’s capital. The report poked fun at Brin’s dress code, which was totally out of sync with the people he was trying to influence:

Dressed in blue jeans, silver mesh sneakers and a black T-shirt and jacket, Google Inc. co-founder Sergey Brin came to Washington yesterday to lobby members of Congress and found it was a little harder than he had hoped it would be to get meetings.

Those of us who’ve spent time in research environments – from which Google were born - know that Brin’s dress would have been considered pretty normal in any grad school or lab. In fact, for most such places the jacket would have been overkill.

Nearly 3 years later, as Google continue their serious push to the enterprise market, the dress code is changing. But this time it’s not the wardrobe of their senior execs. Rather, it’s Google’s service logos, according to the official Google blog:

These are the result of a new logo design we are rolling out. We hope this design freshens up our look as well as improves consistency and ease of use across our sites. Now, our product names will appear in clean, simple blue lowercase type alongside the Google logo

Here are the new logos:

Hmmm, sound/look familiar? Can you think of any other company who’ve routinely prefixed their name to their products, so that they all read like Company Product? How about a major competitor with billions in enterprise sales?

Microsoft.

For years, Microsoft has consistently made billions in the face of free competition with Microsoft Windows, Microsoft Word, Microsoft Excel, etc. Microsoft don’t just like to see their own name. They also realize that the affixing practice is an important branding tool. When people think of Windows, Word, Excel or any other such product, they think Microsoft. And they also associate that product with everything that Microsoft brings as an enterprise software solution.

This is a point I’m sure Google haven’t missed, but are only just now acting upon. I’m sure they’re hoping that when people think of the product Docs, for example, they think of Google and everything Google brings to the table.

All of the above is part of Google’s relatively rapid transformation from a scrappy startup to a reliable, established enterprise solution. And as such, the Stanford grad school fashion of its product culture is being phased out in favor of a more uniform suit and tie approach.

This also might mean that Google may just become less exciting of a company to watch as it ages, thus capturing less of the blogosphere’s imagination. For example, when Microsoft released IE 8, it made some waves, but nothing compared to the tidal wave of Google’s Chrome debut. Except for Windows 7, Microsoft haven’t generated much in the way of consumer buzz over the years. Google, like Apple, have generated much but haven’t exactly taken the enterprise by storm.

As Google becomes more formal, can it sustain the excitement it usually generates and become a major force in the traditionally stodgy enterprise market? We’ll see …

How to import your Last.fm Recently Played tracks into Twitter

Image via CrunchBase

For some reason it’s currently not possible to link your Last.fm and Twitter accounts directly (you’d think this would be obvious to devs at both sites, but apparently it isn’t), so you’ll need a go-between.

EDIT: Some people have asked why you’d want to do this. The reason is simple: unlike Twitter, Last.fm has no way to “follow” people in the Twitter sense of the word. Therefore, IMO if you’re into broadcasting your music as I am, Twitter + Last.fm is a killer combo. If you’re not, then the following is probably not for you.

There’s more than one way to do this, but the way I’m about to show you offers several advantages over the others:

1. Recently Played tracks are added to your Twitter feed faster
2. You can manually force an update of your Recently Played tracks import
3. Each imported track comes with a link to its page on Last.fm
4. Each track link above is automatically shortened

Excited yet? Good, let’s go.

 

Step 1: Get a FriendFeed account

Don’t worry, the guys at FriendFeed are actually smart and allow you to sign in with your Facebook, Twitter, or Gmail accounts, which covers just about everyone out there.

NOTE: It’s best to sign in with your existing Twitter account, as that also links your FriendFeed and Twitter accounts in addition to giving you a FriendFeed account in a single step. If you sign in with your Facebook or Gmail accounts, you’ll have to link your Twitter account to your FriendFeed in a separate step.

 

Step 2: Copy your Last.fm Recently Played Tracks RSS feed address

Your Recently Played Tracks RSS feed is found on your Last.fm profile here:

Right click on the orange RSS icon and copy its link.

 

Step 3: Add your Last.fm Recently Played Tracks RSS feed to your FriendFeed

Click “add/edit” at the top of your FriendFeed profile page (friendfeed.com/yourusername):

On the page that follows, click “Custom RSS/Atom”, then enter the address of your Last.fm Recently Played Tracks RSS feed. Check the “Include entry description as a comment” box, and then click “Import Custom RSS/Atom”. Your Last.fm Recently Played Tracks have now been added to your FriendFeed. Now to get them over to Twitter.

 

Step 4: Have FriendFeed post your Recently Played Tracks to your Twitter feed

On any FriendFeed page, click the “settings” link at the top right beside your avatar. On the Settings page that follows, click on “Twitter publishing preferences”:

On the next page, ensure the boxes enclosed by a colored shape are checked:

The last box that’s enclosed by a rectangle is the one corresponding to the Recently Played RSS Feed you just imported. Save your changes when that’s done.

And that’s it! Pretty soon your Recently Played tracks will appear on Twitter profile like this:

Clicking any of the shortened links will take you right to the track’s page on Last.fm, bypassing FriendFeed entirely (if you prefer that the links go to the FriendFeed entry, uncheck the “Link to source site instead of FriendFeed conversation …” option in the previous step).

If at any point you want to force an update, go back to “add/edit” in Step 3. Click on the service link corresponding to your imported Recently Played Tracks feed on the right of the page that follows, and then click “Refresh Custom RSS/Atom”:

This will force FriendFeed to pull the latest entries from your Recently Played Tracks feed and publish them to Twitter.

BONUS: The above method can be used to import anything with an RSS/Atom feed into Twitter, such as a blog, photo feed, etc.

Known caveat: Sometimes your Recently Played Tracks won’t appear on your Twitter profile in the same order in which you listen to them. I don’t know whether this is a bug in Twitter, Last.fm or FriendFeed, but I do know that EVERYTHING you listen to winds up on Twitter, which is the most important thing. Besides, I’ve never seen the entries extremely out of order, they’re usually just a couple spots off if at all.

That’s all, have fun with it :)

Fix (sort of) Twitter replies using FriendFeed

Image via CrunchBase

Heavy Twitter users are probably familiar by now with that service’s change to its Replies options that prevent you from receiving replies that aren’t addressed to you.

Some of us, however, would prefer to see all of a certain account’s tweets whether they were addressed to us or not. And all some of use use FriendFeed (You can you sign into FriendFeed using your Facebook, Twitter or Gmail account, so there’s no excuse not to :P). If you belong to both of the above groups, here’s a workaround for you. Caveat: it doesn’t update in real time as Twitter notifications usually do, BUT it does update automatically.

 

Step 1: Create a group in FriendFeed

Create a group in FriendFeed, such as Twitter (yourusername):

You can make the group private as I did if you wish, although technically speaking that doesn’t really make a difference since if your Twitter profile is public anyone can see who you follow and grab all their updates.

Upload an image of your choosing to the group picture so you the updates stand out on whatever list you choose to add them to in FriendFeed. I chose the official Twitter icon for mine.

 

Step 2: Add the RSS feeds of Twitter profiles of everyone you want to follow to the FriendFeed group

You’ll find the RSS feed in question on each Twitter profile on the right below the people the follow:

Copy this link and then add it to the FriendFeed group by importing it as a blog:

Rinse and repeat for each person you want to follow.

If you chose, you can add the group you created to your Home feed list, so all the Twitter updates you want will show up on FriendFeed home page. Notice how the icon I uploaded identifies what service the entry is coming from, and the imported RSS feeds automatically identify Twitter account the update belongs to:

The good news about the above method vs. how Replies worked previously is that you can cut down on a lot of the noise that the latter resulted in by seeing all the replies only from people you’re REALLY interested in.

Also, the above method can be used to follow just about anything with an RSS feed, such as the Recently Played tracks of any public Last.fm account (so you can actually see what your friends are listening to).

Once again, it’s good to see FriendFeed, an often imitated (*cough* Facebook *cough*), terribly unsung innovator in the Web 2.0 space coming to the rescue of yet another service’s shortcomings. Of course, if the people you follow already import their Twitter accounts into FriendFeed, then all you have to do is subscribe to them on the latter anyway :P