Tuesday, May 29, 2007

Zen and the art of Google Search (it will help)

This article will help you find what you want - these techniques have helped me. After talking with friends that don’t use Google (or other engines) too often I found I knew lots they didn’t so this will probably help.

At first, it seems simple - you type in the first thing that comes to your mind and then hunt and peck and wait and back and peck again.

But there’s a better way - here’s how. Take the advice: JFGI and find it.

1. Search assuming you’ll find your target.

When searching for something, try and imagine the text that would appear on the perfect web page about what you want to find. Sometimes it’s useful to search using a question but for certain queries, search for the text you think would appear in the result of the search.

For example, I heard a podcast (internet radio show) that talked about a photo of Al Gore’s office that had three screens and was part of a profile of Al Gore in an online article (didn’t know where it was published). I started by typing:

“al gore photo” - that didn’t help

then, “al gore photo profile” - much miscellaneous stuff

It was only when I thought of what someone might write in an article about this photo or link to it that the search:

“al gore photo screens”

That I found the link to the Time article. What is remarkable about this photo is that he’s got three huge Apple Cinema displays on his desk - this is the first thing you’d mention and what you’d expect would HAVE to be in the text of a blog or news entry about this photo. In fact, “al gore screens” might have found it as well because it’s an unusual association of ideas and makes this search a unique hit.

2. Search shallow, look deep.

Narrow down by starting broad then scanning keywords in the description of each result that’s better or closer to what you want. Start by typing a word that must result in a close (ish) result and scan for better words that will narrow down the result. This technique works well when you’re not sure of the terminology of something but will know it when you see it.

I could suggest you use a dictionary to find synonyms or further refine some of the keywords you’re looking for but most search engines (if they’re any good) should display snippets under each link containing heaps of relevant words.

e.g. You’re looking for a particular schooling habit of dolphins. Type in “dolphin school” then look for keywords that will narrow your search to exactly what you want. This usually only means two or three attempts rather than five to ten. Starting broad helps here but choose keywords that will put you in the ballpark.

3. Use google to search a specific site.

If you know the site the content comes from, DON’T search for it on the site. Use google.

Digg.com is a classic example of this - it’s search feature absolutely sucks (sorry Kevin, but it does). Google will find it instantly. If you remember the title or the gist of the article, then just type:

“toxin site:digg.com”

The site: tag will only search that site and it’s far faster than just about every site’s search engine. Who has 150k machines (or more) to grep with? :)

4. Sometimes you can hold on too hard. Let go.

This is related to point 2 but it deserves it’s own point and it’s a bit Zen :). If you’re typing in too many keywords you can assume a result that leads you 10-15 levels down a path that’s restrictive.

Occasionally on a difficult search, it’s best to just back up and type the best two words you’ve used. Use the results to coalesce the result to something that’s closer to what you’re looking for. So search shallow but look deep.

5. Can’t find what you want after many searches?

Occasionally, you’ll find that the result eludes you. Sometimes it’s helpful to vocalize what you want to find (to yourself) like you’re trying to explain it to someone then choose the best keywords. Or just type the lot in. In expressing what you want to find you’ll either form a question or express the matter you want to search and it’ll present new words and ideas you can use.

6. Nouns are you’re friend. Verbs and adjectives are your fast index.

Remember that people are emotive. Computers aren’t. If you’re looking for something with action then use the words that best describe the *action* of what you’re looking for. You’ll find it immediately because this will become (in combination with the more mundane nouns) an instant emotive pointer to the dynamic as well as the actual descriptive meaning of what you’re trying to find.

7. Use questions, when appropriate.

If you’re sure someone, somewhere would have asked the question you’re asking online either in an FAQ, a use-group or in a rhetorical question on a blog then this can find it for you very quickly.

e.g. I wanted to know what the term “stat” meant in medical dramas (I’m a big fan of the House series). I knew it probably mean “quick!” but wanted to know the background. Given that this has GOT to be a common question of anyone laptop-surfing in front of the TV, this query found a very good answer straight away:

“what does stat mean”.

It found a Yahoo Answers question “What does the term STAT mean in medical situations?” and gave this response: “Stat, from statim is a medical term meaning "immediately" (from Latin) or Sooner Than Already There.” Ref: http://answers.yahoo.com/question/index?qid=1006012206384

8. Some sites have so much, just use them.

If you’re looking for a film, actor or director then just type their name in or use imdb.com or wikipedia.com. Google will take you there instantly anyway.

Sites like youtube etc have video and music videos as well - in these cases it’s best to use their search engine as Google might not keep up with their rate of change.

Finally:

I think search engines will eventually use these types of approaches in algorithms to refine searches without us having to apply these sorts of techniques. But while google and other search engines are amazing now, these little search hacks will help you find stuff more quickly now.

Sunday, May 13, 2007

Kernel Panic, Mac style

When Macs have a kernel panic, they do it Mac style.


It's not a blue screen of death, it's a bit prettier. Only thing you can do is power-cycle your computer though.

This was caused by a bluetooth driver problem after a resume from a suspend. It probably didn't help that my other Windows PC was fighting the Mac for the mighty mouse connection :)

First I've seen - certainly not common.

Friday, May 11, 2007

Xee, The best photo browser on Mac: with apropos to ACDSee

[update 4-Mar-2008. Xee v2.0 fixes this problem, as pointed out in the comments below. Get the update here]

[update 7-Jan-2007. Xee still has a bug in Leopard with full-screen mode, but works fine windowed. If you need something to tide you over until this is fixed, Sequential is a good, simple photo browser.]

Xee

I've been looking for an excellent, fast photo browser for Mac OS X that doesn't make you import your photos first. This is just a waste of disk space (especially if you're using a laptop). So the problem is to browse through thousands of photos on network, external or local volumes without any stuffing around. This is definitely the best I've found so far.

I really wanted something like ACDSee. Xee uses the Finder to choose the folder to browse. You can see thumbnails in that view if you set it (though it's not perfect). Once the first image has been selected Xee has all the features to quickly flick through a set of photos in a folder.

It's a universal binary and really, really fast probably because it uses OpenGL to render the images.

It also has customizable keyboard commands, which is an essential feature IMHO. It also has great full-screen and zoom support. The only feature it lacks (apart from thumbnails) is the ability to reassign the mouse scroll wheel to program functions but I'm sure they'll add it soon.

[Update, you can set the app to pan rather than progress through images in Preferences, General Tab, "Scroll wheel: {Browses images, Scrolls images}". Didn't see that! So that feature has been implemented. Now we just need mouse button allocation!]

It's incredible to me that Aperture doesn't allow a incremental zoom in their application - it's the most basic feature and the Loupe control and 100% zoom feature doesn't always cut it. They should really add that feature.

Download Xee here. There's a Google Code project on this as well and you can get the full source. You can then play with it in Xcode if you want.

It'd be nice to see a fast thumbnail generator so you don't have to rely on the Finder to browse but traditional implementations of this have been very, very slow and introduced high overheads with the database management. ACDSee has spent a lot of time making this aspect of their application fast but don't do a modern Mac version. The older version for Mac isn't worth trying - it's only for PPC and obviously very early code.

So from all the Mac users, thanks for this great application.

Wednesday, May 09, 2007

Review: 13 Mac OS X Password Managers, two that don't suck

[Added 6 more password managers thanks to user feedback]
Nobody wants to have their online accounts stolen. This article reviews 20 password managers for my requirements. Only four of them got a good grade so there's room for improvement. Firefox will happily show any user sitting at your computer all your web site passwords unless you secure it (and has had security vulnerabilities in 2.0.0.2 - fixed in 2.0.0.3).

But first, some tips to maintain the higher level of security. This advice depends on your paranoia level and how much you want to avoid identify theft and scams.

For the average user, good security usually means strong passwords, using different passwords for different sites ... and other measures such as:
  • avoid responding to instant messaging/email phishing scams
  • don't believe that you have won a lottery or that you can help some African smuggle millions out of his country,
  • don't run anything on your computer except software you have specifically intended to install,
  • never buy anything from spammers, anything that comes from non-family oriented image sites is always infested with nasties than the girls themselves would have
  • NEVER open email attachments from anyone except for items you have specifically requested (this means you do NOT open the joke file that your friends have just sent you)
  • have anti-virus and anti-spyware installed
  • have your computer behind a NAT router and/or install a software firewall.
So, most of this is simple experience/education. Let's look at passwords.

What makes a good password?

There are plenty of sites about the place that can tell you about the quality of passwords as a function of recovery speed. Basically, you should use upper and lower case, you should include digits and some punctuation/symbols, your password should be at least 10 characters long, better to be 12 to 16 and contain no dictionary words. (Although apparently windows passwords should not be 14 characters). You should have different passwords for different sites. You should never leave a password set to the default. Never write passwords on post-its.

You can also try using a pronounceable password generator like Xyzzy. This isn't perfect but it's one way to remember moderately complex passwords. It runs on Windows and Mac.

My OS and/or browser remembers passwords for me!

Most browsers will remember your password for you if you let them. I don't like this feature and recommend against it. Like the dark side of the force, this feature can be very tempting as it is so easy but introduces a couple issues that you have to be aware of:
  • Backup of passwords - your hard drive could crash at any time. Maybe right now!
  • Anyone with access to your browser when you are away from the keyboard will be able to access all of your sites - do you lock your machine?
  • You will be unable to use the protected websites when you're away from your beloved password enabled browser.
  • How does your browser protect your passwords?
  • How vulnerable are these stored passwords to web script attacks?
  • What about passwords for things other than the web - eg: encrypted documents.
  • I will kill a kitten for every person I find using this feature.
Safari has wonderful synching via .Mac account which will Synch you keychain with all your other Mac computers. This assumes that you have other Macs, that you are willing to pay to have the .Mac account and that you are using Safari for your secure browsing.

Firefox has a good friend in Google who developed BrowserSync that will synch your bookmarks, passwords, cookies and history on any firefox browser that has the plug-in installed. HIGHLY recommended.

Also, for Firefox users: Firefox -> Preferences, Security Tab, Show Passwords, Show Passwords ... exposes passwords!!! Not many people know this, but now you do. This also works on the Windows and Linux versions of Firefox as well and is the default setting unless you change it ... so if you insist on having Firefox storing your passwords then tick the "Use a master password" setting and set that master password!

I was turned off browser password storage back in the early days of Opera, where it stored certain passwords in clear text files. I'm sure they don't do that now.

Keychain access is awesome for all sorts of OS related items but lack convenience and features of most of the password managers listed below. Obviously Keychain is part of the solution for OS X but would be a discussion all by itself and this article is already way too bloated and still terse.

Authentication questions.

Often a site will have questions that you have already pre-answered that will identify you if you forget your password. Things like “what town were you born in?” and such. These sort of questions will allow an attacker who has some knowledge about you to get into your account. Also, if the hosting site is hacked then this question and answer may be exposed to the hacker which gives them more information about you. My suggestion is to lie in a random way. For the “what town were you born in?” question, just make up a password unique to that site and use that as the answer "jgdalpitwburg".

So, now you have strong passwords for all of the web sites you visit ... how do you remember them all? Well the answer is – you most likely can't. You need some sort of password manager.

Password managers expose you to another set of problems:
  • someone who can crack your password manager will have all of your passwords and access to everything.
    • give your password manager a really strong password to open (this can be open to a keylogger attack though - a combination of GUI-based input can help).
    • choose a password manager that uses good encryption and has a good security model.
  • you won't be able to access your sites unless you have the password manager with you.
    • remember the passwords to the most important sites (eg: webmail). The Xyzzy application might help (see above).
    • have the encrypted data file available online.
    • choose a password manager that can link to a mobile device, or export to text file that you can encrypt on your PDA.
  • if you lose your password manager data then you won't be able to access anything.
    • back up your data. You MUST do this anyway.
Password manager features I would like to see:
  • password required to open password manager. if it uses a keylogger-safe method, even better.
  • do not expose password at any time, only password out is copied to buffer to allow pasting into fields.
  • auto lockout : timeout (duration configurable in prefs) that closes password manager or requires re-entry of password.
  • clear buffer (if still contains the password) after n seconds.
  • export of data in encrypted form for backing up.
  • export of data in plain text for ... whatever use (to PDA).
  • autofill web forms
  • logging of activity. Logs not available from any menu item - just log file location specified in the documentation.
  • take an isight photo at the beginning of each session of activity (limit of n images set in prefs)
Not all of these features are essential, although the first couple are. I didn't note any password manager that had the last two features.

I would not use a password manager that exposes your password as part of the normal procedure to open the associated web site. This means that anyone with you can see the password, which makes the password manager a security hazard rather than a security aid. I was shocked at how many of the password managers actually did this.

Of the 20 password managers that I looked at, I found that only four were good (5/5) and two more were worth considering (4/5). Two of the 20 were from web sites that were so dodgy-looking that I was afraid to install the software. Note “My rating” is purely subjective and based on my requirements. The “Notes” column is far from comprehensive but gives a guide to notable things that struck me as I was looking at the software.
Software Cost $US My rating Notes
PasswordWallet $20 5/5 + never exposes password
+ heaps of features
+ autotyping (clever)
+ synch with PalmOS device
1Passwd$30 5/5 - exposes password on edit
- auto lock tied to keychain access
- expensive
+ excellent autofill
+ wonderful memorising of forms
+ Palm
+ Excellent Export/Import
PasswordVault free / $15 5/5 - free limits to 15 entries
- expose password with click in edit mode
+ funky interface, skinable
+ mac + windows + linux versions
+ great export options
Yojimbo $39 5/5 - very expensive
- no launch URL
- no auto lock
+ password req to copy/view password
+ excellent documentation
+ feature rich
+ more than a password manager
+ very slick
Password repository $25 4/5
- exposed by button.
- butt ugly.
- expensive.
- lacking features.
+ file handling.
+ good documentation.
Vault $5 4/5 - limited prefs, features.
- no auto lock.
- no auto clear buffer.
- no export ... but obvious data file.
+ never exposes password.
+ simple interface.
info.xhead $15 3/5 - exposes password on entry/edit.
- buggy exposure of password.
+ autofill web sites (clever).
+ funky interface.
+ lots of features.
PasswordPlus $30 3/5 - exposes password on edit or via show click in view
- expensive
- doesn't auto open URLs
+ Good documentation
+ OS X/Windows/Palm OS.
KeyMinder $20 (£10) 3/5 - exposes password on click
- unknown preferences (have to register)
- no auto lock
+ OS X/Windows
AutoID $5 2/5 - exposes password on entry/edit.
- butt ugly.
+ autofill web sites (clever).
+ option to hide password, but still exposed on dbl click.
iSafe Lite/Pro free / $20 2/5 - exposes password as you copy.
- doesn't export.
- no preferences.
- no copy password to buffer.
- poor documentation.
- time out is fixed time ignores activity.
+ encrypts docs.
Wallet $15 2/5 - exposes password
- clunky interface
+ autofill
KeePassX Free 2/5 - expose password on click
- no launch URL
- no auto lock
- buggy conversion to OS X
- no help (probably a URL function)
+ Linux/KeePass:Windows/Palm
SafePlace $10 2/5 - exposes password to copy it.
- no preferences.
- butt ugly.
- data file location?
Pastor free / donate 2/5 - exposes password mouse-over
- clunky interface
PasswordMaster $10 2/5 - exposes passwords by default.
+ pref option to hide passwords.
- pref doesn't hide entry of password.
- doesn't force password encryption of data!
DataGuardian $20 2/5 - exposed by click.
- butt ugly.
- totally undefined initially.
- ugh, fricken waste of time.
+ very configurable.
WebConfidential ~$27 (20Euro) 2/5 - exposes password on mouse over
- expensive
- butt ugly
+ autofill - very cool!
+ excellent net application integration
+ OS X/Windows/Palm OS
SecureNotes $30 *1/5 - expensive.
- site looks dodgy, example of downloading movies. (*did not install it)
+ can store files.
KeyMaster free / donate *1/5 - exposes password
- weak description, dodgy (*did not install it)

Sunday, February 11, 2007

Make Safari load pages faster?

Top tip from Digg but easily done via the terminal by just typing (close Safari first)

defaults write com.apple.Safari WebKitInitialTimedLayoutDelay 0.25

The "Dugg" article wants you to download and install some software which does this and a number of other things, but you have to pay for the software while the above command is free to use.

Check out how fast the pages load. Seems faster? If you're happy and like to remain happy then stop reading here.

Apparently the effect is not real. A blog post from the alleged Safari developer claims that this option is no longer used by anything. So they left the option in the plist file to deceive people, or backward compatibility, or maybe they are just lazy.

So I tested the option by setting the delay to 1.0 and then 6.5 ... and there is no perceptible difference on the handful of pages I tried (some large and slow, some small and fast). Bugger. All the testimonials on the original digg article where people are so happy that their browser is running faster are apparently just a placebo effect. Surprising that nobody actually did benchmarks.

Yes, I use Safari. I tried using Firefox a while back on my old G3 (with OS X installed) and it didn't understand right and middle clicks properly (it does now). I configured Safari to function the way I wanted and found I didn't really miss any particular feature that Firefox had except advertisement blocking, but thanks to Pimp My Safari I have all that I think I need with Safari. I must say it will be a shame when I let my .Mac account expire (too expensive); I like the bookmark synchronising feature. I might switch back to Firefox at that stage and use Google's BrowserSync.