How to protect your home network with a VPN router

In this article, I describe how I added security to my home network by installing a router that directs all internet traffic through an encrypted VPN connection. The adventure includes my experience with the FlashRouters company, the Tomato router firmware software, an OpenVPN connection to the Cloak network, the Linksys E2500 router and the Netgear Nighthawk R7000 router.

Continue reading How to protect your home network with a VPN router

Using WordPress redirection plugins to create easy-to-remember social links

I’ve never been good at remembering my social media URLs. Am I “dafacto” there or “mhenders”? At Facebook, where neither was available, what was that URL stub I chose? And doesn’t LinkedIn include something like /i/ or /in/ in their URLs?

Well today I solved that problem by using the Yoast SEO Premium WordPress plugin’s “redirect” feature (also available in the free alternative, Redirection). Now, all my social URLs are easy to remember:


The importance of external bootable backups

This morning I posted an article about some CrashPlan-related issues discovered when migrating my wife’s dead iMac to a new machine. Another lesson learned in that situation was about the importance of external bootable backups.

My wife’s old iMac, dating back to 2011 I believe, had an internal 256GB SSD and a 1TB internal hard drive. Back in the day, I thought I could improve her desktop tidiness by doing without an external drive, and creating a 256GB partition on that 1TB drive, for the purpose of maintaining a bootable backup.

What I didn’t consider at the time is what actually happened last week—green bars suddenly appeared on her screen, followed by a shaking and shifting of the image, increasing in frequency until the whole screen went white—and the machine shut down. And then upon reboot, the whole ordeal would start again!

Evidently the machine was dying, and it occurred to me then that the only bootable mirror I had for migrating to a new Mac was the hard drive inside that dying iMac!

Since the bulk of the computer’s files lived on the other portion of the 1TB drive, managed by BitTorrent Sync, the start drive itself contained relatively little data. So I had hopes that I could keep the machine booted long enough for Carbon Copy Cloner to mirror the startup drive to an external USB drive. Lucky for me, after a third reboot, the machine stayed up long enough—barely!—for CCC to finish its backup. The machine repeated its meltdown literally seconds after the backup completed.

Lesson learned: Always maintain an external bootable backup of important machines!

Mac OS X — admin vs wheel group (and how that affected CrashPlan)

Last week my wife’s four-year old iMac died. When the new one arrived, I set it via migration in the form of a USB-connected drive containing a mirror of her old system.

After booting up the migrated machine, I ran into an issue in which the CrashPlan app wouldn’t start, and the menubar app reported “Can’t connect to backup destination”. I tried running the CrashPlan uninstaller, and then doing a fresh install, but unfortunately it didn’t help.

Checking the console, I found messages reporting that the file “.ui_info” couldn’t be found in the directory /Library/Application Support/CrashPlan. Which was strange, since I could clearly see that file existed in a Terminal directory listing.

What I also noticed was that the CrashPlan directory was owned by the “wheel” group, while most of the other directories in Application Support were owned by the group “admin”.

I then tried manually deleting the CrashPlan directory in the Terminal, and running the CrashPlan installer again. This time, the CrashPlan directory was owned by the “admin” group—and, consequently, the CrashPlan app successfully started up.

This experienced prompted a couple of observations:

  1. Even when authenticated by an admin user, the CrashPlan uninstaller was unable to remove its CrashPlan directory in Application Support.
  2. A fresh install of CrashPlan didn’t set the correct group ownership of the CrashPlan folder in Application Support, which led to the app being unable to start.
  3. I have the impression that the “wheel” group may have been deprecated at some point in the OS X evolution, but still getting passed on from machine to machine in migration upgrades. I wonder whether it would be a good idea, or even safe, to do a global change of anything on the computer owned by “wheel”, changing it to “group”?

If you know the answer to the third, please let me know in the comments. Thanks!

How I migrated my snippets from TextExpander to Keyboard Maestro

TextExpander is a Mac utility for creating auto-expanding text shortcuts—“snippets”—that can save you time on things you repetitively type, such as email signatures, your telephone number or boilerplate responses to support emails. With version 6, Smile decided to move away from paid upgrades, to a subscription plan that would cost roughly $5 per month. The move was controversial, a situation which is well documented at Michael Tsai’s blog. I’ve been using TextExpander for 10 years, but decided against continuing with a subscription plan.

Continue reading How I migrated my snippets from TextExpander to Keyboard Maestro

2016 Andalucia Kids Chess Championship

The 2016 Andalucia Kids Chess Championship took place at the El Fuerte hotel in beautiful, El Rompido, Spain.

Over the course of three days, nearly 400 participants played nine rounds of chess in the U08, U10, U12, U14 and U16 categories. For our family, this was Lance’s first year in U14 and Andrea’s first year in U16.

For the third year in a row, Lance won first place in his category, with a perfect nine wins in nine games, and Andrea finished third female in her category with 5.5 points of a possible 9.

Congratulations are in order to the Andalucia Chess Federation for once again organizing a great event, in a wonderful location. The hotel was great, the food was great, the weather was great, and of course it was fantastic to have a chance to see all our chess-playing friends from around Andalucia!

Next stop, the Spanish Kids Championship in July!

Paying one’s “fair share” of taxes

In this article about Roger Ver’s $100,000 bitcoin bounty to Bernie Sanders for a debate on the topic of patriotism, we come across this quote (emphasis added by me):

These great lovers of America who made their money in this country, when you ask them to start paying their fair share of taxes, they’re running abroad. — Bernie Sanders

The obvious problem with this is that Sanders’s opinion of what constitutes one’s “fair share” is likely to be quite different than that of, say, Milton Friedman.

And in the context of Sanders’s desire to raise taxes on the wealthy, it’s probably worthwhile to take a moment to review the current situation in terms of taxes paid versus benefits received across all income levels:

Inna Demianova is a persistent woman

Inna Demianova is doing her best to overtake Ronak Parker’s persistency record. Looking for a way to migrate WooCommerce data, I ran across her company’s Cart2Cart service, and pinged them in chat to ask if they do what I need. Inna responded, confirming they do, but I got a sense she really didn’t understand what I was asking for, so I didn’t proceed with Cart2Cart.

I must have provided my email address when initiating the chat, which has led to Inna’s persistent queries:

Five follow-ups and counting! We’ll see how long this continues…

Ten follow-ups and counting! We’ll see how long this continues…

Haven’t heard from Inna in a while, but her colleague Oleksandr Yablonskyy has stepped in to take the baton:

2016-08-21 It continues…


The Man in the Arena

It is not the critic who counts; not the man who points out how the strong man stumbles, or where the doer of deeds could have done them better. The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood; who strives valiantly; who errs, who comes short again and again, because there is no effort without error and shortcoming; but who does actually strive to do the deeds; who knows great enthusiasms, the great devotions; who spends himself in a worthy cause; who at the best knows in the end the triumph of high achievement, and who at the worst, if he fails, at least fails while daring greatly, so that his place shall never be with those cold and timid souls who neither know victory nor defeat.

— Theodore Roosevelt

Authenticating support requests

I experienced something today that’s frustratingly becoming quite common. I emailed the support address of a financial institution I use, and they replied that they can only provide support if I contact them from the email address registered to my account.

The problem here is that as the owner of my own domain, I can receive email sent to [email protected], and I take advantage of that by using unique email addresses for most services I sign up for. (If for nothing else, this makes it easy to determine who’s passing on my email address to spammers.) But I can not easily send emails from all those different addresses, since that would require adding each one manually to

What I find irritating, is the company’s assumption that the “from” address serves as any kind of authentication, since it’s dead easy to spoof the from address on an email!

Any company that wants to provide authenticated support must provide a mechanism to initiate the conversation only from within a logged-in authenticated session at their website (or app). After that, it’s fine to continue the conversation outside the authenticated session—e.g. using ZenDesk, HelpScout or whatever support tool they use—because regardless of the email address I use from that point forward in the conversation, I wouldn’t be in a position to even respond if I hadn’t been the one who securely initiated the conversation in the first place.

A letter from Pinky

Yesterday, I received a random email from “Emily Johnson”, from “Ranks India”:

Hi esteemed Sir/Ma’am, Could you please outsource some seo business to us? We will work according to you and your clients and for a long term relationship we can start our SEO services in only $99 Per month per website. Please advice: Emily Johnson

I replied:

My suggestion, when approaching companies like mine, is to use your real name. It will come across as much more sincere, and that’s what we’re all looking for.

I didn’t expect a reply, but one did arrive, from Sandeep Kumar Pandey:

Hi esteemed Sir/Ma’am, Could you please outsource some seo business to us? We will work according to you and your clients and for a long term relationship we can start our SEO services in only $99 Per month per website. Please advice: Pinky

What it’s like to take on venture capital investment

One of my favorite podcasts, recently discovered, is StartUp, by Alex Blumberg, former producer at This American Life. The podcast chronicles the story of starting Gimlet Media, Alex’s new business aimed at creating a network of story-narrative podcasts. “StartUp”, documenting their own story, is Gimlet’s first production, and what’s interesting about this podcast is that Alex records almost all of his conversations along the way, giving us uniquely inside access into the creation of their company.

Continue reading What it’s like to take on venture capital investment

The design of one-click feedback

Today I received helpful support from Kimberly Castleberry, who works at Yoast. At the bottom of her email was a mechanism to provide feedback:

I’m busy, but at the same time do want to “give back” in appreciation to Kimberly, because lord knows how shitty customer support has gotten these days.

So what’s my expectation—or rather hope—when clicking on this button? That it’s a one-click operation, just like unsubscribing from most email newsletters. But even then, those one-click email unsubscribes aren’t truly one click, because you still have to close the “You’ve successfully unsubscribed!” window.

That might seem insignificant, but that one little extra step actually registers a small amount of irritation in my mind. I’m not sure why, but perhaps it’s because I hate wasting time, and closing the window triggers an awareness of the cumulative amount of time I lose in a valueless component of the process of unsubscribing from the countless newsletters I somehow get signed up for.

But back to this feedback workflow: Yoast use HelpScout — and I love HelpScout! We use them too, so no knock on them—and after clicking the smiley face, I again registered that slight feeling of irritation having landed on a page where I have to take at minimum two further actions: (1) clicking the “Send” button and (2) closing the window.

The unfortunate consequence is that I’m unlikely to participate in those types of feedback opportunities again, so this is an area I feel could use some workflow design improvement, targeted towards making it a truly one-click, friction-free interaction.

iCloud Photo Sharing

Having an extended family spread geographically far and wide, I’ve been pleasantly surprised to find that a Mac/iOS feature I’d previously rarely used has ended up connecting us far better than any social network, and that is iCloud Photo Sharing. My parents, brother, our kids, their kids, etc. love seeing photos appearing in the streams, and being able to comment on them.

Taxes paid vs benefits received

The Heritage Foundation has an interesting 2015 article on, The Redistributive State: The Allocation of Government Benefits, Services, and Taxes in the United States. In it, I saw this interesting chart comparing taxes paid versus benefits received, based on income. I’ll refer to this next time someone mentions that the wealthy aren’t paying their fair share:

Ronak Parekh is a persistant man

Several weeks ago, I posted a job on Upwork looking for an individual who could help me test our new product, ChessDrop. In addition to receiving applications from individuals, I also started getting emails from all the offshore companies who use Upwork as a source of leads.

Many don’t even bother to read the job description. Here, Mr Ronak Parekh seems to believe that I’m looking for developers to build a mobile version of our product. Our mobile product, of course, already exists, and my post didn’t mention any development work, or a single planned enhancement.

As with the others, I didn’t bother replying to Mr Parekh. Unlike the others, as you can see below, that hasn’t dampened his resolve. I’m curious when he’ll finally give up, but in the meantime I’ll keep updating this post with his contacts. We’ll see how long the list gets! 🙂

Deteriorating user experience design at Apple

In a recent Philip Greenspan post questioning Apple’s competitive edge going forward, I found myself sympathizing with this anecdote:

What about Apple’s supposed leadership in user experience? Plainly the Apple Health programmers didn’t get the memo, but surely the core iOS has a better/cleaner user interface than any Android or (gasp!) Windows phone? I might have thought so until I visited a neighbor. She is intelligent and well-educated, but not passionate about technology. She said that she had hardly gotten any phone calls for weeks. I discovered that her phone was in “Do Not Disturb” mode. She had entered this inadvertently by mistakenly swiping up from the bottom of the screen then touching the moon symbol (a nice icon but there is no explanation of what it means). No programmer at Apple had thought to have the phone display a confirmation dialog box after a few days in DnD mode.

How to disable root login on a DigitalOcean droplet

When you create a droplet (virtual private server) at DigitalOcean, the service sends you an email containing the login password of the root user. The problem with this setup is the risk that your server gets compromised through a brute-force password-guessing login attack.

DigitalOcean provides a more secure alternative, if you first add your SSH public key to your DigitalOcean account settings. In this case, when DigitalOcean creates your droplets, it will disable root login with password, and configure the server so that you can login as root using only your ssh key.

I only learned about this safer option after having created my droplet, and so I spent a little time trying to figure out how to rectify things — i.e. I wanted to add my SSH key to the server, and disable root login with password.

Surprisingly, I had to piece together instructions from a couple of articles, as well as getting some support from our company’s system administrator, and so I thought I’d post a summary here for the benefit of others:

Step 1: Copy your SSH key to the DigitalOcean server. (You do this from your local computer, and this assumes you already have an ssh key locally.)

cat ~/.ssh/ | ssh [email protected][your_server] "cat >> ~/.ssh/authorized_keys"

Step 2: Edit the file /etc/ssh/sshd_config, setting the PermitRootLogin setting to “without-password”. I used Transmit’s “Edit in Transmit” feature to do this. Also, don’t, as I did, confuse this file with the similarly-named “ssh_config”.

PermitRootLogin without-password

Step 3: Login to the server as root, and restart sshd:

service ssh restart

After sshd restarts, you should be able to login as root without entering a password, and your server should now be a bit more secure.

WordPress Hosting — From DreamHost to DreamPress to GoDaddy to DigitalOcean

This website runs on WordPress, and over the past several years has seen its hosting move from the DreamHost shared environment, to DreamPress managed hosting, to GoDaddy managed hosting to, finally, DigitalOcean. This article explains why.

Continue reading WordPress Hosting — From DreamHost to DreamPress to GoDaddy to DigitalOcean

Refund policies on downloadable software

Cozmoslabs is a Romanian company that sells products, through an intermediary company called Avangate, for building WordPress sites. I purchased a plugin from them, subsequently decided it wasn’t for me and requested a refund. I was eventually granted a refund, but only after some frustration and confusion. Here’s the story.

Continue reading Refund policies on downloadable software

Rantbox is now Dafacto

A while back I created a second personal website at The idea was that my frequent complaints about things really weren’t content I wanted living here at Ultimately, however, maintaining a second website didn’t compensate any benefit of that separation of content, and so I’ve consolidated that site back into dafacto, and will just keep my rants separated by category.

There are few short-cuts in life

The inferior man’s reasons for hating knowledge are not hard to discern. He hates it because it is complex—because it puts an unbearable burden on his meager capacity for taking in ideas. Thus his search is always for short cuts. All superstitions are such short cuts. Their aim is to make the unintelligible simple, and even obvious.

— H.L. Mencken