Gravity is Alfonso Cuarón’s first feature since Children of Men and the trailer looks captivating. Gravity almost seems like Cast Away in space, which could be a pretty compelling narrative if done correctly.
As soon as Mailbox was unleashed, like so many other people, I quickly downloaded the app and got in the 150,000+ access queue. I had already signed-up via the web, but for whatever reason that reservation did not follow me, and I had to start over. After a couple weeks of waiting, I was finally offered entry into the system I eagerly awaited.
Hopefully some of my trials and tribulations will help other folks better understand how Mailbox functions sincer there is not a lot of information available right now. The good folks behind the Mailbox twitter account are great at responding to people, but sometimes people need more in-depth answers than what happens inside of 140 characters.
Before I continue I must confess: I am an email client junkie. I do not know why but I really enjoy testing and playing around with new email clients. I am forever in search of email client utopia. Although I have come close a couple times, in the end I always end up returning to my old [bad] habits.
The built-in Mail.app, while decent, does not have the same polish I would like, nor does it natively support Gmail’s labeling system. It was for those reasons that I snatched up Sparrow as soon as it became available on iOS. Unfortunately, like with so many other services, Google bought Sparrow and promptly dismantled what was probably the best third-party iOS email client.
Although the Gmail iOS app is decent, it is not a fully native app, opting for a Web View-based app instead. This makes it a bit slow and clunky, and it feels uncomfortable. Plus, even though it supports multiple accounts, it fails to offer a unified inbox view, which is almost a necessity these days.
So Mailbox was released and I was jazzed about yet-another-iOS-email-app to try, along with the idea of turning email into a task management system. I started playing around with Mailbox and was pleased with the clean user interface. The unified inbox, snoozing, and archiving system the Mailbox team has built is very exciting.
But I ran into an adoption problem: existing Gmail labels are inaccessible from within Mailbox.
For me, this is a deal killer as I have a number of filters designed to apply labels and skip the inbox. Although that appears to violate the spirit of Mailbox, it is the way I use email. I need access to those labels; luckily there is an easy solution.
Upon initial launch, existing Gmail labels are not accessible but there is a simple way to make those labels viewable. Simply go into Gmail->Settings->Labels and move all labels so they are nested underneath the [Mailbox] label. This turns them into Lists in Mailbox parlance. The app will automagically see the new labels and create new Lists.
If your existing Gmail label setup is something like this:
Merely move all those labels so they nest underneath the [Mailbox] label as so:
Now all those labels are accessible as Lists from within Mailbox. It may be necessary to force-close Mailbox after moving the labels, because this appears to force the app to rescan for new Lists. Jump on over to Mailbox->Settings->Lists to reorder Lists into a desirable order. Personally, I go for alphabetizing my Lists since it makes it easy to locate the List I need.
Here are some additional notes about List use within Mailbox:
- If two separate Gmail accounts both share the same label, Mailbox will treat them as a single List. Mail from both accounts will be intertwined within the List. It may be necessary to open an email to determine which account it was sent to, so this could cause a bit of confusion if not properly managed.
- Similarly, because Mailbox only presents a single collection of Lists, it is not possible to determine which account a List – ergo, a Gmail label – belongs to. This could be confusing if you are not aware of exactly how Mailbox employs List use. It is easy to “inadvertently” put an email on a List previously defined from another account, leading to unexpected filing when using Gmail on the web.
- If you have Gmail filters apply labels, and use Mailbox to file the email on a List, the previously applied labels will be removed.
- Similarly, if you have Gmail filters apply labels, and use Mailbox to archive email, the previously applied labels will be removed. In Mailbox, when an email is archived, all labels are removed, and it can only be found in the All Mail Gmail label.
- If you have Gmail filters apply labels and “Skip the Inbox”, the applied Gmail labels will remain intact, and the email will be found on the appropriate Mailbox List [assuming the labels are nested as previously discussed].
- Adding a new Gmail label will automagically add a new Mailbox List. As previously mentioned, it may be necessary to force-close Mailbox before the changes can be seen.
- Similarly, removing a label in Gmail does not automatically remove the label from Mailbox. The app appears to cache certain data, and there is no method for forcing Mailbox to rescan for label changes. At some point, the deleted label will be removed from the Lists side-panel, but still show up in the Lists configuration. At this point it is safe to delete the Mailbox List without fear of any unintended consequences.
- Mailbox’s List message totals do not appears to match those in Gmail. Even if taking into account multiple email accounts sharing the same List, the totals are orders of magnitude off. Not all email on those Lists appear to be accessible.
I did perform a number of fairly exhaustive tests but under limited circumstances and with only a finite set of Gmail accounts. I hope this information I found helps some folks better understand Mailbox, and how it manages Lists and Gmail labels. As I find more quirks, I will update this post to reflect the new information.
Mailbox is a truly revolutionary yet simple app. I am sold on the email-as-task premise and plan to stick with Mailbox for the foreseeable future, especially since DropBox acquired the app. I anxiously await an iPad and OS X app sometime in the near future!
This post is part of the thread: Email – an ongoing story on this site. View the thread timeline for more context on this post.
It seems like there is not a day that passes without news of yet another web site hacking incident, where the attackers made off with a set of thousands of usernames, email addresses, and either plaintext passwords or password hashes. Although the later may appear to be safer – and it is better than having your plaintext password compromised – in the grand scheme of things it is still a major concern. A hashed password is not a huge hurdle for a crafty and determined attacker to overcome, especially if they are patient and have time.
When web sites are hacked, the real concern for a user, other than stolen credit card details, should be password reuse. Come on an admit it – you are using the same password on damn near every site you visit, right? You know it is not a smart strategy, potentially dangerous even, but you do it anyways. The problem is that once a web site is compromised, and when an attacker has your password, they now have access to every web site you use.
Just imagine the implications. You have just handed the keys to your kingdom to a bad guy. Now then can impersonate you, try and siphon money from your friends and family, or worse. Having your online identity stolen is not pretty, and can have huge ramifications on your offline life.
What can you do to decrease the security risk to your accounts – to make it far more difficult for an attacker to gain access to your cherished data?
The answer should be obvious: stop using the same password on every web site.
I know what your initial reaction is going to be because I have heard it a thousand times over throughout the years: “How do you expect me to use a different password on each site and remember them all? I use facebook, twitter, gmail, yahoo, tumblr, linkedin, pinterest, dropbox, disqus, my blog, my computer, just to name a couple. There is no way I can remember a unique password for every one of those sites. It is impossible.”
So how do you use unique passwords on the dozens of web sites you visit daily, without this being a huge burden on your already overtaxed brain?
There is actually an extremely easy method for solving this ostensibly complex problem. What if I told you there is a method allowing you to use an easy-to-remember unique strong password on all those web sites you mentioned? And what if I told you this was done by remembering and entering a single “password” for gaining access.
How’s that for simplicity?
Unique passwords via a single password. Sounds so unsecure, right? Thankfully, it is not insecure at all.
So how does it work?
There is only a single tool required to make this work, although I recommend an additional few tools to make your life easier, especially when you are mobile. The tools are:
PwdHash is the primary piece of magic behind the elegant solution to this complex problem. So what is PwdHash and why should you care?
PwdHash transparently converts passwords into a one-way domain-specific hash based on the password the user entered and the domain-name of the site being visited (ie. facebook.com). This way, the site only sees a domain-specific hash of the password as opposed to the actual password itself.
If the site is compromised, only password hashes will be exposed rather than the actual password. Although PwdHash is using a public hashing function, there is no genuine way for an attacker to determine if the password exposed is an authentic password or a hash. The beauty of this solution is that although the user is using the same “password” on every site, each site is storing a unique password.
PwdHash is the difference between an attacker seeing MyD0gF!d0roc$ and FCiDTxpsdbpq1+zO.
Put simply, PwdHash makes it easy to use a single password on multiple sites but in a secure manner because each web site is storing what appears to be a unique strong password.
PwdHash has a browser extension for Firefox, with ports for others popular browsers such as Chrome, that helps generate unique passwords based off of the domain of the site and then a “site password” you enter. Alternatively, if your browser-of-choice does not have an extension, the PwdHash web site can generate the necessary hashes for you.
Here is how easy the PwdHash extension is to use:
PwdHash generates theft-resistant passwords. The PwdHash browser extension invisibly generates these passwords when it is installed in your browser. You can activate this protection by pressing F2 before you type your password, or by choosing passwords that start with @@. If you don’t want to install PwdHash on your computer, you can generate the passwords right here.
Let me translate that to make it more understandable. Lets say you installed the extension and already changed your password using PwdHash. To login to facebook, you type in your email address as your normally do and then “tab” to the password field. Press @@ and the field changes to yellow, to indicate PwdHash is ready for your input. Type in your password and then “tab” to the “login” button. After exiting the password field, PwdHash will replace the contents of the password field with the necessary has.
Does it get much more simple than that? This is really where the HOWTO could end, however, there is an additional tool to make your unique password entering life much easier: 1Password, a tool for securely storing passwords for easy recall in the future.
Password Storage, Retrieval, and Backup
What makes 1Password valuable is that it will securely store your passwords in a database that can be backed up to DropBox or iCloud (from the iOS client). Using the DropBox integration allows multiple copies of 1Password to stay in sync. Update passwords on the desktop, save to 1Password, open up your iOS device and instantly synchronize 1Password with those new or modified entries.
The only drawback to 1Password, if you could even call it that, is its price may be objectionable to some folks: $49.99 for the Desktop version and another $17.99 for the iOS version. For me, the cost is absolutely worth the peace of mind and ease of use.
1Password also has the ability to generate strong unique passwords from within the application, thus allowing users to create truly unique passwords for each web site. Using this functionality ultimately changes the context of remembering passwords though. If 1Password is generating strong passwords, that makes this application required – it is no longer an optional component of this strategy. There are a couple tradeoffs to consider:
- Using PwdHash to generate strong passwords does not require any additional software. Users can continue to use a single password for all web sites albeit in a secure manner. Using the PwdHash browser extension, or visiting the PwdHash web site, users can generate the secure hash required to login to any web site desired.
- Using 1Password to generate strong passwords now makes 1Password a required application, thus turning this solution from free to paid. Additionally, you are now dependent upon 1Password for logging into web sites because you are using a truly unique password for each web site, rather than a hash based on a single password. Optionally, you can memorize all those unique passwords and forego 1Password altogether.
What this really comes down to is: do you want to be forced to use 1Password for logging into web sites? While I adore the application, I enjoy the additional flexibility of PwdHash. In my solution, 1Password is a mere convenience, not a required variable in the equation.
Stop talking and tell me how to make all this work!
So now that I have told you all about these nifty toys, here are the steps to implement them as smoothly as possible:
- Download and install PwdHash browser extension (Firefox or Chrome).
- Purchase, download, and install 1Password for your favorite desktop operating system as well as your go-to mobile operating system. Personally, I use Mac & iOS, and find the tools to work flawlessly together.
- Configure 1Password to synchronize with DropBox.
- Install the 1Password browser extensions (Safari, Firefox, and Chrome)
- At this point you are ready to start generating unique secure passwords, as well as saving them in 1Password for cataloguing. This facilitates mobile synchronization and data back-up to the cloud in the event there is a catastrophic failure with your hard-drive.
- Visit all your favorite web sites and change your password using PwdHash. Save all these newly generated passwords in 1Password with the browser integration. Now you have unique strong passwords on all your web sites, and are safely storing those for later recall, and backup, via 1Password.
- Live with the peace of mind that your online identities are a whole lot safer than previously.
What is great about this solution is it is cross-platform and not dependent upon operating system-specific applications even though they are available. While I do encourage the use of 1Password, it is purely optional. I wholeheartedly recommend 1Password for its versatility as a password storing application as well as its ability to securely store other sensitive information, such as credit card details, driver’s licenses, and other important data.
- If a web site is compromised after you start using this method, and password data was stolen, I highly recommend you change your password for that site even though the site was only storing a password hash. At least your account itself was not compromised, and by extension all your other online identities, but you still remain at risk. Do yourself a favor and change passwords.
- The previous concern is where the use of 1Password excels. Even though you may have one or two sites using a different “password”, the correct password hash will be stored in 1Password. Your access is always only a fingertip away.
- If offered, two-step authentication should be turned on to the maximum extent possible. Google has this capability, as does DropBox, App.net, WordPress (hosted and wordpress.org), and more. Twitter is claimed to be working on this as of April 30, but has not yet released this functionality.
- If you have multiple accounts on a single service – save multiple Gmail accounts – then PwdHash fails to a certain extent. Since the password hash is generated by the user-entered password and the site domain, multiple accounts may end up with the same hash unless you use a unique per-account password in this instance. This is another area where 1Password excels; in the few cases where you have multiple accounts on a single service, using 1Password to recall the password is invaluable. This way your accounts may use unique passwords but they are securely stored and easily recallable.
The internets today is like the wild west back in the late 1800’s. Protection is a must, and you start by securing access to your online identities. The simplest way to do that is to use unique a password for every web site you visit. The best, and least inexpensive, way to do that is with PwdHash. Coupled with 1Password and you have a solution for creating unique per-site passwords that are backed-up and safely stored should you ever need that data at some point in the future.
Be part of the solution, not the problem. Use strong passwords and protect your online identity.
This post is part of the thread: Security – an ongoing story on this site. View the thread timeline for more context on this post.
The Washington Post on a proposed New Mexico law that would send rape victims to prison for having abortions, in the name of evidence preservation:
New Mexico House Bill 206 states: “Tampering with evidence shall include procuring or facilitating an abortion, or compelling or coercing another to obtain an abortion, of a fetus that is the result of criminal sexual penetration or incest with the intent to destroy evidence of the crime.”
According to the proposed law, even the physician who performs the abortion could be charged with a crime.
You can’t make this stuff up.
Neil Macdonald of CBC News on Al Jazeera’s attempts to have an American cable news channel:
Last week, after the announcement that AJE had bought Al Gore’s Current TV (for something like $500 million), and with it access to as many as 40 million American homes, Time Warner immediately announced it was dropping Current from its cable roster.
The move was reminiscent of the Comcast decision not to carry AJE here when the network first launched in 2006.
It’s been a pattern. The country that, in the name of free speech, allows flag-burning, Ku Klux Klan marches and protests at military funerals by religious zealots hoisting “God hates fags” placards decided years ago that AJE represents the kind of speech it simply cannot tolerate.
Jim Tanous of The Mac Observer on Japan’s NTT DoCoMo showing interest in offering the iPhone:
President Katoru Katō reportedly said that his company was eager to add the iPhone to its lineup, but that concerns over alleged sales quotas imposed by Apple had been a previous point of contention. Mr. Katō now says that DoCoMo could meet those quotas as long as the iPhone accounted for 20 to 30 percent of its overall smartphone sales.
NTT DoCoMo is Japan’s largest mobile telecom network by far. Overall, it has the best coverage throughout the entire country, often times offering service in areas where KDDI and SoftBank have very limited, or no, service. It would be a big win for Japanese consumers if DoCoMo were finally to get off its high horse and start offering the worlds most wanted smartphone on its network.
This post is part of the thread: Japan – an ongoing story on this site. View the thread timeline for more context on this post.
A seventeen year old high school student in Osaka committed suicide after what appears to have been systemic physical abuse at the hands of his basketball club “advisor”, presumably one of the school teachers:
The education board said the city was informed two years ago of the alleged physical punishment inflicted by the teacher, but it subsequently received a report from the school that there had been no such incidents. No students were interviewed at the time.
Osaka Mayor Toru Hashimoto on Tuesday ordered a thorough inquiry into the case. “I have to admit physical punishment was a factor behind the suicide. This is a far more serious case than those suicides caused by bullying,” he said at a meeting with senior city officials.
How these bullying cases continue to go unnoticed is simply beyond me. Are teachers not doing their jobs, or do they just not care?
I find it interesting how the Osaka mayor believes this case to be “far more serious” than your average, everyday bullying. Although bullying, generally speaking, takes a huge mental toll, its victims are often subjected to physical punishment as well. The combination of mental and physical abuse is extremely difficult to endure, especially for young, fragile children in the high-stress Japanese high school environment.
It seems very insensitive for the mayor to suggest this case is any worse than the countless other children and young adults who have opted for suicide rather than seeking the help they so obviously need.
This post is part of the thread: Japan – an ongoing story on this site. View the thread timeline for more context on this post.
According to Juliet Macur of The New York Times, anonymous sources close to Lance Armstrong appear to believe he is considering admitting to have used performance enhancing drugs during his career as the ostensible greatest cyclist ever:
Lance Armstrong, who this fall was stripped of his seven Tour de France titles for doping and barred for life from competing in all Olympic sports, has told associates and antidoping officials that he is considering publicly admitting that he used banned performance-enhancing drugs and blood transfusions during his cycling career, according to several people with direct knowledge of the situation. He would do this, the people said, because he wants to persuade antidoping officials to restore his eligibility so he can resume his athletic career.
Notice, he does not intend to admit to the accusations simply because his conscious is bothering him, but because he desires to compete in triathlons and other similar WADA-governed sporting events. One has to wonder if he has any ounce of regret outside of having been caught, stripped of his titles, and the self-inflicted wound of a tarnished name, assuming the accusations are true.
This ought to be a very interesting story, assuming it develops passed the “anonymous sources” phase.
Fascinating story by Don Melton about how the Safari development team kept the browser secret up until it was launched:
I wasn’t worried about talk either. Forstall certainly trusted me – that’s one of the many things that made him a great boss. And I trusted my team — otherwise I wouldn’t have hired them. None of us nor any of the internal beta testers at Apple were going to snitch. There were too damn few beta testers, but they were above reproach.
Twitter and Facebook didn’t exist then. Nobody at Apple was stupid enough to blog about work, so what was I worried about?
Server logs. They scared the hell out of me.
When a Web browser fetches a page from a Web server, the browser identifies itself to that server with a user agent string — basically its name, version, platform, etc. The browser also gives the server an IP address so the server knows where to return the page. This exchange not only makes the Web work, it also allows the server to tell who is using what browser and where they’re using it.
You can see where this is going, right? But wait, there’s more…
The entire story is well worth the reading time.
Dalton Caldwell on organizational complexity:
There is, of course, a downside to organizational complexity. Complexity tends to breed more complexity. When you talk to employees of a large company, it seems as if their entire world is made up of byzantine internal politics with no relation to customers in the external world… a large percentage of every day is spent attempting to navigate ever-shifting politics surrounding the org chart. It would seem that the larger a company gets, the more the company tends to allocate resources towards inwardly focused (as opposed to outwardly focused) issues.
The general belief is that instituting a traditional hierarchical organizational structure is a good thing for a small organization. Unfortunately this could not be further from the truth. As Caldwell clearly states: complexity breeds more complexity, rather than solving any innate problem.
If only more people understood organizational efficiency increases thanks to smaller, less complicated, nimble, cross-functional teams. More often than not organizations stumble and fail to produce due to unnecessary complexity, confusion surrounding the organizational complexity, and pointless office politics because of the confusion.
Stay lean to be green.