1. 7

    specific tools: pen/paper, google calendar+tasks, generally focusing on just three things a day.

    Methods: Atomic Habits by James Clear and a technique I gleaned from Neil Gaiman… I go to my work space, and for 4 hours I have one of two options, either work on something or do nothing. I can do as much nothing as I want, but I can only do nothing or work. I get board enough to think through whatever I don’t want to address, and then my mind latches onto it and I get it done.

    1. 5

      (I’m the author of Minisleep)

      I’m particularly interested on people’s views of the security model.

      Otherwise: all feedback welcome.

      1. 4

        Basic Auth + SSL seems just fine to me. Without a lot of thought, my immediate concern would be that the credentials have to be used on every request and will be cached temporarily by the browser being used. But, that doesn’t seem to be a concern for where this tool would be used (by one person, from one machine, probably).

        I see a lot of basic auth + ssl used in things like Sentry which are much less likely to have a “session,” but do seem to operate in practice quite securely.

        1. 3

          The abuse scenario for this is CSRF, where an already authenticated user visits another malicious website, and that malicious website creates requests for Minisleeps. They get through because the user is already authenticated.

          1. 2

            Thanks Joel.

            my immediate concern would be that the credentials have to be used on every request and will be cached temporarily by the browser being used.

            Yes, unfortunately this method doesn’t provide a “log out” button. It’s browser implementation dependent how these credentials are dropped, in FF’s case it’s when you close the browser.

            There is (as far as I can tell) no workaround. It’s a limitation of the browsers themselves + perhaps the HTTP standards. Ever since online culture went to custom login forms & cookies I suspect that interest in developing HTTP auth waned.

            1. 4

              On Apache at least, you could use mod_auth_form - it’s a ‘regular’ form + cookie session model, but its driven by apache itself not php/ruby/etc app. https://httpd.apache.org/docs/2.4/mod/mod_auth_form.html

          2. 1

            I like it! If someone created a static executable with a HTTP Server + Minisleep embedded into it, would that be interesting? This should be straightforward to do with Go. It would make the deployment even easier.

            1. 1

              You can probable get a static HTTP server and a static shell interpreter already off the shelf. I’m not sure why you would specifly want to add Go to the mix however, unless you’re planning on rewriting the main script in it?

              1. 1

                If you are going to copy in bash files, why not copy in a single statically compiled executable instead? Go just makes this convenient, since there’s a good HTTP server in the standard library, statically compiled executables are the default and several platforms are supported.

                1. 2

                  To customise page layout & links or change the markup engines you need to be able to edit one of the provided scripts. Providing a pre-compiled version of the project would be useless for most people, unless they’re happy for the site to look stock (complete with a header link to the docs & my website).

                  I’ve also found that pre-compiled bins are harder to get working on some shared hosts than shell scripts. Some hosts run really old or obscure versions of libs or kernel setups; one host wouldn’t accept things I compiled in any way (even my static attempts) on Debian stable for instance. These hosts tend to require you to jump through extra hoops to get (temporary) access to their buildchain. They prefer customers with php, js-ey or perl sites. I think they do this intentionally to try and avoid compiled/obscured malware, but I’m not sure.

                  IMHO self-contained shell scripts already provide the ‘runnable anywhere without fetching anything’ goal of static executables. I’m not sure what comparative benefits static executables would actually provide here.

          1. 2

            I’m conflicted a bit – I don’t care about the inclusion of a nsfw tag, really, but I kind of find it pointless.

            it’s highly subjective and the broad spectrum of content on this site does not include typically nsfw content – IE sex, violence, etc – for it’s own sake. instead, material of that nature is usually only posted when there’s a specific intersection with technology and being informative on a somewhat deeper level. And even then, the titles are usually pretty clear and informative about what will be found in the article and the domain is listed. If it’s questionable, the article can be saved for later perusal, and/or maybe the title updated to reflect more accurately the article in question.

            If your workplace would have serious repercussions for simply displaying a title that relates to an inappropriate-for-your-workplace-topic, perhaps it’s not best to risk it, and view a website like lobste.rs at work at all? Otherwise, aren’t you taking responsibility for what happens when your workplace catches you?

            1. 1

              I’ve tried a bunch of stuff, some things stick for longer than others. I find that at the core, a short list of specific next steps works best for me. I don’t hold to a particular order, and I don’t accrue tasks that I’m going to avoid anyway.

              Right now I’m tracking this with a flat text file that I format something like:

              [plan YYYY-MM-DD]
              do w
              - do x
              + do y
              * do z

              one task per line. if the line starts with ‘-’, it’s not getting done. if the line starts with ‘+’ I didn’t do it that day, but it is done. And if a line starts with ‘*’ the task is done.

              every so often I’ll go and delete old days and get rid of any tasks that I’ve avoided – possibly breaking the task into a smaller next-step action if it’s something that I do actually need to get done.

              that’s for when I’m sitting in front of a computer and able to use it effectively. I’ve found that I hate syncing those tasks with some sort of mobile app or task book because they often have different contexts anyway and are just clutter when I’m mobile or away from the computer.

              SO if I find myself with a day off that I want to be productive on, I simply write down a list of things I want to do on a piece of paper or in a note app on my phone, then pick and choose to get those things done as I can. I don’t beat myself up if I don’t complete the list, and just throw it away at the end of the day.

              Fundamentally, the list, whether on my computer or on a piece of paper, is just a reminder for things that I need to do when my brain can’t remember all the things it thought of.

              If the thing is time sensitive, I’ll put it in a calendar app and set reminders.

              I guess another aspect of what I’ve discovered about myself is that searching for a perfect solution that can be universally used everywhere and tracks everything is a futile effort that doesn’t accomplish anything but wasting time for me. An app, a system, a special tool, this technique, that technique – all of it doesn’t produce the motivation to do anything in and of itself.

              I produce the motivation and the productivity, the list is just how I help myself remember what to do.

              1. 10

                Last I looked, Moleskin does not have good paper. There are many other brands of quality paper if you want to go the paper route.

                I would suggest Clairefontaine, Quo Vadis, etc.

                Now I use a fountain pen on some smaller high quality books. I have especially enjoyed the Maruman B5 size — it is not too small, but not too big either.

                For more type of notebooks with good paper: http://www.gouletpens.com/notebooks/c/10

                1. 6

                  I also like the Rhodia dotted paper - I can’t write on blank paper because my writing does not stay straight on a line, but I find the common rulings to be far too distracting and the dots are a good middle ground.

                  1. 5

                    Honestly moleskine paper is fine unless you’re into fountain pens.

                    1. 2

                      I can’t say I have much experience with moleskine paper, but when I have tried it I haven’t been overly impressed by it either. IIRC, all I’ve really used on it, though, is the Uniball v5.

                    2. 3

                      Would you know where to find grid-ruled notebooks with good paper?

                      1. 4

                        If you are located in the United States (url is filtered to graph, dot grids): http://www.gouletpens.com/notebooks/c/10/?facetValueFilter=Tenant~Ruling_Type%3Adot_grid%2CTenant~Ruling_Type%3Agraph

                        If you are located in Southwestern Ontario, there is a place called Phidon Pens located in downtown Cambridge.

                        Besides that, generally if a place has fountain pens in stock that are above $50 with more than one brand, they likely have paper to go with them.

                        1. 2

                          Thank you! I’m in the U.S. so your link is helpful. I’ll check around for local writing supply shops as well; honestly that hadn’t occurred to me before.

                      2. 2

                        I have used Field Notes Brand notebooks in the past. They are nice, and pretty, but the paper can be a little thin one some of the special one. I have also use Word Notebooks, and they have nice heavy paper, that is bright. http://www.wordnotebooks.com/

                      1. 1

                        Current packages for Ubuntu also don’t appear to be affected (except for Ubuntu 15.10): http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1793.html

                        1. 1

                          Some fiction for the moment: Pandora’s Star