Page 4 of 192

Weeknote 27/2017

This week I’ve been:

Next week I’ll be getting cracking on creating a scheme of work and resources for Freeformers. I’ll be in London on Thursday for some ideation around that and, apart from running a half-day thinkathon with Bryan for London CLC, won’t have much time to do much else…


I make my living helping people and organisations become more productive in their use of technology.  If you’ve got something that you think I might be able to help with, please do get in touch! Email: hello@nulldynamicskillset.com

 

Why I’ve just ditched my cloud-based password manager

TL;DR: I’ve ditched LastPass in favour of LessPass. The former stores your passwords in the cloud and requires a master password. The latter uses ‘deterministic password generation’ to keep things on your own devices.


Although I’ve used LastPass for the past six years, I’ve never been completely happy with it. There have been breaches, and a couple of years it was acquired by LogMeIn, a company not exactly revered in terms of trust and customer service. Their ’emergency break-in’ feature makes me feel that my passwords are just one serious hack or government request away.

I read Hacker News on pretty much a daily basis and I’m particularly interested in the underlying approaches to technology that change over time. There are certain assumptions and habits of mind that come to be questioned which lead to different, usually better, solutions to certain problems. Today, the issue of cloud-based password managers was again on the front page.

From the linked article:

When passwords are stored, they must be encrypted and then retrieved later when needed. Storage, of any type, is a burden. Users are required to backup stored passwords and synchronize them across devices and implement measures to protect the stored passwords or at least log access to the stored passwords for audit purposes. Unless backups occur regularly, if the encrypted password file becomes corrupt or is deleted, then all the passwords are lost.

Users must also devise a “master password” to retrieve the encrypted passwords stored by the password management software. This “master password” is a weak point. If the “master password” is exposed, or there is a slight possibility of potential exposure, confidence in the passwords are lost.

Also:

I believe that password management should only occur locally on end use devices, not on remote systems and not in the client web browser.

Remote systems are outside the user’s control and thus cannot be trusted with password management. These systems may not be available when needed and may not be storing or transmitting passwords correctly. Externally, the systems may seem correct (https, etc.) but behind the scenes, no one really knows what’s going on, how the passwords are being transmitted, generated, stored, or who has access to them.

It’s pretty difficult to argue against these two points. Having felt uneasy for a while, I knew it was time to do something different. It was time to ditch LastPass.

I looked at a couple of different solutions: the one proposed by the author of the above quotations (too complex to set up), as well as one which looked promising, but now seems to be unsupported. In the end, I decided upon LessPass, which has been recommended to me by a few people this year.

How is LessPass different from LastPass? This gif from their explanatory blog post is helpful:

lesspass

All of this happens in the browser, without your data being transmitted anywhere else.

Basically, you enter the following:

  1. Name of the site or thing for which you need a password
  2. Your username
  3. A secret passphrase

…and, from these three pieces of information, LessPass generates a password that you can then copy using complex algorithms and entropy stuff that I don’t understand.

lesspass-explainer

The fact that I don’t understand it is fine, because there are people who do, and the code is Open Source. It can be inspected for bugs and vulnerabilities — unlike the proprietary solution provided by LastPass.

The options button to the bottom-right of the LessPass window gives the user advanced options such as:

  • Length of password
  • Types of character to include in the password
  • Increment number (if you’re forced to rotate passwords regularly)

My favourite LessPass feature, though, solves a nagging problem I’ve had for ages. If you have a long passphrase, then sometimes it can be very easy to mistype it. You don’t want to reveal your obfuscated passphrase to the world, so how can you be sure that you’ve typed it correctly?

lesspass-emoji

Simple! LessPass adds an emoji triplet to the right of the secret passphrase box. You’ll notice that changes as you type and, when you finish, it should always look the same. If it doesn’t, then you’ve mistyped your passphrase.

I’ll be making the transition from LastPass to LessPass over the next few weeks. It’s not as simple as just exporting from one database into another, as the whole point of doing this is that there is no one place that someone can hoover up my passwords.

So my plan of action is:

  1. Every time I use a service, create a new password using LessPass.
  2. Delete existing password in LastPass.
  3. Rinse and repeat until most of my passwords are generated via LessPass.
  4. Delete my LastPass account.
  5. Celebrate my higher levels of personal security.

Questions? Ask away in the comments section!


Photo: Crypt by Christian Ditaputratama under a CC BY-SA license

My information environment (July 2017)

A couple of years ago this month, I created a page on my wiki to keep track of my information environment. Not long before, I’d written Curate or Be Curated: Why Our Information Environment is Crucial to a Flourishing Democracy, Civil Society for DML Central, and I was concerned to ensure I was getting a rich and varied information diet.

Fast-forward to 2017 and the world is a very different place. So different, in fact, that I’m not so concerned that I’m choosing to read more ‘biased’ stuff. There’s a war of attention going on and, in any case, there’s no such thing as non-theory-laden consumption of information.

I’ve quit Facebook and Twitter, the former completely, and the latter I now only post links to. Consequently, I converse with my friends on Slack, and in a very nice left-wing bubble on the Mastodon-powered social.coop. I’m OK with being partisan at this stage of my life.

So below is my current information environment, give or take a couple of things I’ll inevitably have managed to omit. The wiki page can be found here.

Newspapers

Aggregators

Newsletters

I try out other ones, but these are my favourites:

Podcasts

As with the newsletters, I subscribe to other podcasts on a regular basis, but here are my go-to ones that I wouldn’t want to miss:

Routines

Internet culture

Music


Recommendations welcome! I’m always on the lookout for high-quality sources of information.

Image CC BY Alexander Svensson

Weeknote 26/2017

This week I’ve been:

Next week I’ll be in Dublin to take part in a debate on digital literacy at the World Conference for Computers in Education. I’ll then be working from home for the rest of the week.


I make my living helping people and organisations become more productive in their use of technology.  If you’ve got something that you think I might be able to help with, please do get in touch! Email: hello@nulldynamicskillset.com


Image credit: Thiruva’l’luvar 4 by internets_dairy is licensed under CC BY

Elevator pitch on Open Badges for SQA Expert Assessment Group

Update: Martin Hamilton from Jisc kindly recorded my elevator pitch. You can watch it here.


Tomorrow, I’m in London to take part in the Scottish Qualifications Authority‘s Expert Assessment Group. The SQA have been forward-thinking about Open Badges over the last few years, so I’m delighted to have been asked to attend.

There’s five people been asked to give input in the morning from a ‘future of assessment’ point of view, and five in the afternoon on ways technology might be able to help enable that future. I’ve got a very short amount of time, so I’ve boiled it down to the slides below.

(Note: go fullscreen by clicking the arrows in the black bar at the bottom)

Backup locations: Slideshare / Internet Archive

The flow for my pitch starts with a tweet I saw earlier today from the influential Paul Graham. He links to an article in The New York Times which talks about skills-based hiring, but which completely disregards digital credentialing. From there, I discuss Michael Feldstein’s recent post about badging gaining huge traction in very specific areas. And then I launch into a pretty familiar flow using Bryan Mathers‘ excellent visuals.

There’s loads more I want to say about how version 2.0 of the Open Badges specification allows for really interesting dynamic badges that ‘grow’ over time. Kerri Lemoie and Lucas Blair recently wrote about this from a technical point of view, and I presented my thoughts last week at the University of Dundee, including this slide:

Dynamic badging

Perhaps I’ll get a chance to discuss these new developments if my pitch is selected to be discussed further. I’d bring up blockchain technologies and their potential uses in credentialing, but I’ve got to catch a train back home in the evening…

Photo by John-Mark Kuznietsov on Unsplash

10 top email productivity tips

This morning, Robin Dewar, a freshly-minted supporter of my Thought Shrapnel newsletter, got in touch to ask me some advice. What article(s) should he point his team towards to help them improve their use of email?

I realised that there wasn’t one blog post to rule them all, so instead I took the opportunity to go back through relevant articles I’d saved to Pocket. I removed any that were vendor-specific (e.g. Google, Microsoft) and ones that included tips as part of a wider ‘make your life more productive’ article.

The result, which I’ll continue to add to, can be found on my wiki, divided into the following  sections:

  • In praise of email
  • Time management
  • Dealing with colleagues and bosses
  • Workflow
  • Security
  • Etiquette
  • Dealing with difficult emails
  • Misc.

All told, there’s almost 50 articles in there. I’ve chosen my top 10 tips to feature in this post:

1. Turn off notifications

It is absolutely ridiculous that we allow Outlook to check email every 5 minutes, allow our phone to get push messages, or keep a Gmail tab open all the time. This is absolutely killing us in terms of productivity. In 90% of all cases we don’t need to know immediately that there is a new message. Segmenting our email checking time into 2, 4, or 8 times a day has massive benefits. We greatly reduce task-switching penalties, and removing the alerts so we’re not tempted goes a huge way. (Joshua Lyman)

2. Prepare, but don’t send emails on Sunday evening

Sunday is definitely a day for relaxing, but if you’re often overwhelmed come Monday morning, logging in briefly Sunday evening may help you alleviate some of that Monday mania. You don’t need to make calls or even answer emails—simply assess what your Monday game plan will be, and you’ll sleep a little more soundly. (Inc. via Lifehacker)

3. Be concise

Write shorter emails. What is the 1 main thing you want to communicate? Say it concisely. The shorter your emails, the shorter their response tends to be. It saves everyone time. (George Kao)

4. Tell your boss what you’re going to do, and then what you’ve done

I’m convinced 95% of cubicle workers who work over 60 hours a week constantly can cut it down to 40-45 hours by sending 2 emails a week to their boss:

Email #1: What you plan on getting done this week

Email #2: What you actually got done this week

That’s it. These 2 emails will prevent you from working 60 hours a week, while improving your relationship with your boss and getting the best work you’ve ever done. (Robbie Abed)

5. Communicate facts by email and emotion face-to-face

…if you’ve got great news that will get everyone stoked up, it will be more effective and create more positive energy if you deliver it in person. A group meeting to announce a big sales win, for example, is like an instant celebration. By contrast, an email announcing the same win seems a bit like an afterthought. Similarly, if you’ve got bad news or criticism, it will be better received, and more likely to be helpful, if it’s delivered in person. If you use email, it will seem like you don’t care or that you’re cowardly.  (Lifehacker)

6. Have multiple channels to message people

Perhaps unsurprisingly, CEOs often point to Slack for helping them cut back on superfluous email back-and-forth so they can give priority to the fewer internal emails to do trade with their teams. Some execs recommend other tools for diverting conversations away from their inboxes, from video-conferencing system Zoom to project-management platforms like Wrike and Trello. (Fast Company)

7. Be positive

Be positive & friendly. Emails can quickly build, or erode, relationships. I always try to come across as encouraging and kind, and start or end my emails with something appreciative about the recipient or the situation. For example, “I appreciate your thoughtful message here.” or “Hoping the rest of your week goes well!” Think of the primary purpose of emails you write to be relational (improving trust and camaraderie in relationships) and secondarily transactional (asking/answering questions, proposing ideas, etc.) (George Kao)

8. Treat emails as if they’re postcards

We live in a time when hackers hack for no good reason whatsoever.  We also interact with other humans, who may accidentally stumble on an email left open or snoop because they suck at respecting privacy.  Whatever the case may be, when you write something you commit it to a nearly permanent record—at least, once you hit send.  If you don’t want other people to know your inner-most thoughts, think twice before sending them to someone.  You never know where they may end up. (Awkward Human)

9. Avoid techno-productivism

By focusing relentlessly on making specific tasks or operations easier and faster, instead of stepping back and trying to understand how to make an organization as a whole maximally effective, we’ve ended with a knowledge work culture in which people spend the vast majority of their time trying to keep up with the very inboxes, devices and channels that were conceived for the exact opposite purpose — to liberate more time for more valuable efforts. (Cal Newport)

10. Sign off with ‘thanks in advance’

Among closings seen at least 1,000 times in our study, “thanks in advance” ended up correlating with the highest response rate, which makes sense, as the email’s recipient is being thanked specifically for a response which has yet to be written. There’s a bit of posturing involved with this closing, but it turns out it works pretty well. But no matter how you express your thanks, doing so certainly appears to be your best bet in closing an email if you want a response. (Boomerang blog)

If you’re into upping your game around email-based productivity, you’re going to love my new audiobook. Thanks in advance for investing in it… 😉

Photo by Joanna Kosinska on Unsplash

Weeknote 25/2017

This week I’ve been:

  • Sending out Thought Shrapnel, my weekly newsletter loosely structured around education, technology, and productivity. Issue #263 was entitled ‘Sizzle’. Don’t forget you can sign up to Thought Shrapnel Live! using Telegram to receive links as I come across them.
  • Giving the closing keynote at an Open Badges event up at the University of Dundee. My slide deck can be found here. I enjoyed catching up with Grainne Hamilton from Digitalme while I was there (we were former colleagues at Jisc).
  • Redesigning the landing page of dougbelshaw.com on the train home from Dundee. I’m much happier with how it looks now!
  • Making progress with Badge Wiki, from a technical and policy perspective. With the assistance of Web Architects we’ve sorted out the login workflow, and I’ve drafted Terms of Use and a Privacy Policy for community feedback.
  • Meeting with Sarah Horrocks from London CLC about some research around international teacher professional development that we’re doing for the Education Development Trust.
  • Issuing badges to more of those who have completed Badge Bootcamp. We’re actually going to shut it down at the end of the month to tweak it a bit over the summer, so be quick if you want to go through it!
  • Catching up with Rhys Kidd-Scannell who works for Frog, and is also the father of my daughter’s friend. I also spoke with a reporter from EducationInvestor magazine about badges, Eva-Marie Costello about her plans for digital literacy-related apps for underserved populations, and Bryan Mathers about visualising ways in which badges can be ‘dynamic’ with v2.0 of the Open Badges specification.
  • Attending the local Scout group’s AGM. It looks like I may have upgraded my role from Executive Committee member to Secretary.
  • Compiling, editing, and sending out Issue #13 of Badge News, a regular newsletter for the Open Badges community.
  • Looking after my children due to a teacher training day on Friday.
  • Spending time with local pharmacists, opticians, and doctors at the RVI in Newcastle after a mystery eye infection. I can see fine, but it’s painful. They’ve put it down as viral conjunctivitis, but that’s because they weren’t sure what else it could be…
  • Writing:

Next week I’m working from home at the start of the week, then heading to London on Wednesday to take part in an SQA expert group on assessment on Thursday. I’m itching to get away up a mountain again, but that might not happen until August now.


I make my living helping people and organisations become more productive in their use of technology.  If you’ve got something that you think I might be able to help with, please do get in touch! Email: hello@nulldynamicskillset.com

Badge Wiki: start of 30-day feedback period on Terms of Use and Privacy Policy

Earlier this year, I wrote about the importance of thinking about a project’s architecture of participation when encouraging contribution from a new or existing community of people.

In that post, I included a checklist containing eight points to consider. I think I’ve got another one to add: get your policies right by soliciting feedback on them.

We Are Open Co-op is currently in the first phase of creating Badge Wiki, a knowledge base for the Open Badges community. It’s a project made possible through the support of Participate.com.

As part of this process, we have to come up with several policies, perhaps the two most important of which are the Terms of Use and Privacy Policy. We decided to use the Wikimedia Foundation’s openly-licensed policies as a starting point, adapting them to our needs.

This has thrown up some interesting issues and considerations from an architecture of participation point of view. After all, if people don’t agree to the Terms of Use and Privacy Policy, they can’t use Badge Wiki. There are three important ways in which our draft policies differ from the original Wikimedia Foundation source policies:

  1. CC BY – we propose that Badge Wiki use a Creative Commons Attribution 4.0 International license instead of the CC BY-SA license used on other wikis, including Wikipedia. Although we would encourage them to do so, we recognise that some people may not be in a position to share material they reuse and remix from Badge Wiki under an open license.
  2. Register to edit – we propose that, in order to edit Badge Wiki, you must have a registered user account, approved by an administrator. This is to prevent valuable contribution time being taken up by wiki vandalism, trolling, and other anti-social behaviours caused by anonymous editing.
  3. Real name policy – we propose that members of Badge Wiki use their real names on their profile pages, as well as provide a short bio. This is to prevent accusations of sabotage, given that the Open Badges ecosystem includes commercial interests.

You can access the draft Terms of Use and Privacy Policy for Badge Wiki at the links below:

You’re welcome to leave feedback on the posts themselves, in relevant Open Badges Google Group thread, or directly to us: badgewiki@nullweareopen.coop.

Thanks in advance for your participation and contribution. Remember, comments expressing support and broad agreement are as valuable as expert nitpicking!
Image by madebydot

Redesigning dougbelshaw.com

I wrote my own HTML and CSS for dougbelshaw.com back when I was at Mozilla. It was originally a template to be used with Thimble, and a few people ‘forked’ it to use it for their own site.

Although it had some nice features, however — like a JavaScript library that swapped out text, a custom DuckDuckGo search engine, and one of my photographs of Druridge Bay — it wasn’t responsive and, quite frankly, it looked a bit old-fashioned.

So, on the train on the way back from Dundee today, I thought I’d do something about it. I knew that I wanted something pretty simple and minimalist, yet with just enough to ‘delight’ visitors. It needed to serve static files, not rely on a database back end (as with WordPress).

I also wanted to link to something I’ve been tinkering around with that allows me to surface my most recent writing. I’d already put that together at dougbelshaw.com/feeds in response to people complaining that they miss my stuff because I post it in different places around the web.

For those interested, I’m using the LazyGuy personal landing page template (cheap!) and the Font Awesome Favicon Generator (free!)

Please do tell me what you think: http://dougbelshaw.com

(note that this redesign doesn’t affect the look/feel of this blog)

Weeknote 24/2017

This week I’ve been:

Next week I’m doing the closing keynote at an Open Badges event up at the University of Dundee on Monday, then spending Tuesday to Thursday building out Badge Wiki, and doing some research for a couple of clients. My children have a teacher training day on Friday, so I’ll be hanging out with the family.


I make my living helping people and organisations become more productive in their use of technology.  If you’ve got something that you think I might be able to help with, please do get in touch! Email: hello@nulldynamicskillset.com

css.php