How to switch wifi networks with Keyboard Maestro

In a recent blog post I explained how I secure my home network with a VPN. In that article, I also explained how I enabled external access to my home network, using the Slink software running on a Mac mini server, whose primary network interface is wifi connected to my ISP router, and second network interface is ethernet connected to my home gigabit switch.

This setup works great, but it did require solving a tricky problem:

My home wifi network (created by the AirPort Extreme) is called “Hacienda”, and the wifi network created by the ISP router is called “HaciendaOlive”. Since I want all my home devices connected to Hacienda, that network is given first priority over all other known networks on my iPhones, iPads, etc.

The problem is that that network priority list propagates to the Mac mini (and all my devices) via iCloud, and so anytime there’s a network interruption or the machine reboots, the Mac mini connects to the Hacienda wifi network (instead of HaciendaOlive)—which of course kills my external access to that machine.

What I need is that the mini, and only the mini, has HaciendaOlive set as its highest priority wifi network. But this doesn’t see to be possible, unless I’d be willing to disable iCloud on that machine.

My solution to this problem was a Keyboard Maestro macro which runs every five minutes, checking whether the computer is connected to the HaciendaOlive network, and if not, switching it to that network. This required researching some obscure AppleScript code, and so I thought I’d post the macro here for the benefit of others searching for how to switch wifi networks using Keyboard Maestro. The blurred text in the image, is the wifi network password.


How to protect your home network with a VPN router

In this article, I describe how I added security to my home network by installing a router that directs all internet traffic through an encrypted VPN connection. The adventure includes my experience with the FlashRouters company, the Tomato router firmware software, an OpenVPN connection to the Cloak network, the Linksys E2500 router and the Netgear Nighthawk R7000 router.

Continue reading How to protect your home network with a VPN router

Using WordPress redirection plugins to create easy-to-remember social links

I’ve never been good at remembering my social media URLs. Am I “dafacto” there or “mhenders”? At Facebook, where neither was available, what was that URL stub I chose? And doesn’t LinkedIn include something like /i/ or /in/ in their URLs?

Well today I solved that problem by using the Yoast SEO Premium WordPress plugin’s “redirect” feature (also available in the free alternative, Redirection). Now, all my social URLs are easy to remember:


Authenticating support requests

I experienced something today that’s frustratingly becoming quite common. I emailed the support address of a financial institution I use, and they replied that they can only provide support if I contact them from the email address registered to my account.

The problem here is that as the owner of my own domain, I can receive email sent to [email protected], and I take advantage of that by using unique email addresses for most services I sign up for. (If for nothing else, this makes it easy to determine who’s passing on my email address to spammers.) But I can not easily send emails from all those different addresses, since that would require adding each one manually to

What I find irritating, is the company’s assumption that the “from” address serves as any kind of authentication, since it’s dead easy to spoof the from address on an email!

Any company that wants to provide authenticated support must provide a mechanism to initiate the conversation only from within a logged-in authenticated session at their website (or app). After that, it’s fine to continue the conversation outside the authenticated session—e.g. using ZenDesk, HelpScout or whatever support tool they use—because regardless of the email address I use from that point forward in the conversation, I wouldn’t be in a position to even respond if I hadn’t been the one who securely initiated the conversation in the first place.

How to disable root login on a DigitalOcean droplet

When you create a droplet (virtual private server) at DigitalOcean, the service sends you an email containing the login password of the root user. The problem with this setup is the risk that your server gets compromised through a brute-force password-guessing login attack.

DigitalOcean provides a more secure alternative, if you first add your SSH public key to your DigitalOcean account settings. In this case, when DigitalOcean creates your droplets, it will disable root login with password, and configure the server so that you can login as root using only your ssh key.

I only learned about this safer option after having created my droplet, and so I spent a little time trying to figure out how to rectify things — i.e. I wanted to add my SSH key to the server, and disable root login with password.

Surprisingly, I had to piece together instructions from a couple of articles, as well as getting some support from our company’s system administrator, and so I thought I’d post a summary here for the benefit of others:

Step 1: Copy your SSH key to the DigitalOcean server. (You do this from your local computer, and this assumes you already have an ssh key locally.)

cat ~/.ssh/ | ssh [email protected][your_server] "cat >> ~/.ssh/authorized_keys"

Step 2: Edit the file /etc/ssh/sshd_config, setting the PermitRootLogin setting to “without-password”. I used Transmit’s “Edit in Transmit” feature to do this. Also, don’t, as I did, confuse this file with the similarly-named “ssh_config”.

PermitRootLogin without-password

Step 3: Login to the server as root, and restart sshd:

service ssh restart

After sshd restarts, you should be able to login as root without entering a password, and your server should now be a bit more secure.

WordPress Hosting — From DreamHost to DreamPress to GoDaddy to DigitalOcean

This website runs on WordPress, and over the past several years has seen its hosting move from the DreamHost shared environment, to DreamPress managed hosting, to GoDaddy managed hosting to, finally, DigitalOcean. This article explains why.

Continue reading WordPress Hosting — From DreamHost to DreamPress to GoDaddy to DigitalOcean

Why I switched from DreamPress to GoDaddy Managed WordPress Hosting

I recently switched from DreamHost’s DreamPress to GoDaddy’s managed WordPress hosting service. This article explains why, and discusses my experience so far. [Update: Since writing this article, I’ve switched away from GoDaddy, and now host my blog in a VPS at DigitalOcean. You can read about that switch, here.]

Continue reading Why I switched from DreamPress to GoDaddy Managed WordPress Hosting

Sony Playstation Network doesn’t validate email accounts

Someone named Dillon Henderson recently joined the Sony Playstation Network using my Gmail address, and I immediately began receiving two to four emails per day, as Dillon recharged his account and purchased content or games, or whatever it is you purchase on the network. (I guess Dillon’s middle name must be “Matt”.)

Continue reading Sony Playstation Network doesn’t validate email accounts

Proposal for a centralized credit card data access service

Having received a new American Express card, I just finished updating the billing details at the thirteen online services which periodically charge that card.

And it took much longer than I would have imagined!

Of the thirteen services, I experienced thirteen different workflows for updating my billing details. At some, I simply had to update my card’s expiration date year. At others, I additionally had to update the security number. And at yet others, I had to completely delete the old card, and add a new one. And incredibly, a few sites presented forms which disabled pasting into the credit card number field—forcing me to carefully type 15 numbers—aaarg! Finally, at site’s like AT&T Wireless, it took forever to even find where to update my billing information.

There’s got to be a better way, which got me thinking…

I wish a service existed where I could store my credit card details, and then provide oAuth access to the various online services I use which need to charge my card. In the same way that I give services like Instagram oAuth access to my Facebook and Twitter accounts, I’d give services like Amazon AWS and Dreamhost oAuth access to this centralized credit card data service.

Such a service, if it existed, would provide several benefits:

  • When I need to update the expiration date and security code of my credit card, I’d only have to do it once, in one place.

  • If I decided to switch from using an AMEX card to using a VISA card, I could update the card in use at all my subscribed services from one place, with a single action.

  • In terms of enhanced security, the service would be implemented such that my authorized online services could charge my card, without actually getting access to the card details. (No idea how that’d work, but I’m confident it would be possible.)

  • Such a service would make it easier for me to actually remember all the different services that are presently authorized to charge my card. I’d review that list from time to time, and revoke access to those services I no longer use.

I’d be surprised if such a thing doesn’t exist, but I suppose it doesn’t since none of my online services like Amazon AWS and Dreamhost provide for any other payment method than entering my credit card details in their own systems (or the systems of their payment processors).

Google Authenticator broken in iOS7. Use Authy instead.

I discovered this morning that the Google Authenticator app is broken in iOS 7. While it does display authentication codes, it doesn’t display the associated service description. So unless you only use Authenticator for a single service, you’re kinda stuck.

Google are aware of the issue, but haven’t yet released a fix.

Urgently needing to login to Amazon AWS, I discovered an alternative app called Authy that does work on iOS 7. I was quickly able to get setup with (the better looking) Authy and Amazon AWS, Google and Dropbox, and subsequently deleted the broken Google Authenticator app.

How to take good photos

As an amateur photographer, there are three simple things you can do to dramatically improve your photos.

The first two relate to the most important aspect of photography—composition. No matter how good your camera is, poor composition will result in poor photographs. The third step relates to post-processing, usually done in whichever app your photos end up (in my case, Aperture.)

  1. The rule of thirds. It’s usually not a good idea to center your subject. Instead, imagine the camera viewport divided into thirds—horizontally and vertically—and place your subject on one of those lines, so that they are off-center. If you’re taking a shot of nature, you can perhaps align the horizon on a one-third line.
  2. Get closer. The second common mistake is standing too far away from the subject. A close-up of a face is usually much more interesting than a photo of someone’s full body. Think in terms of “signal-to-noise” ratio. The camera viewport has a certain number of pixels. Mentally estimate the number of pixels representing the subject and divide that by the number of pixels not representing the subject. Generally, it’s better if that ratio is high. Start by getting to what you feel is too close. You might be surprised by how much you’ll like the resulting photos! (A corollary to this rule: You can always crop your photos later, to simulate having gotten closer in the first place. I crop almost all the photos I take!)
  3. Auto-enhance. If you have access to a tool that can “auto-enhance” your photos, that’s usually a good idea. Before auto-enhance was commonly available in tools like Aperture, I would apply two simple post-processing steps that worked wonders on photos—auto-level and unsharp-mask.

And that’s it. The first two are by far the most important, and the third is great if you have time.

The downside for developers of automatic app updating in iOS 7

Manual app updating, prior to iOS7, was beneficial to developers as a mechanism to notify their customers that a new version was available1. Since Apple doesn’t otherwise provide developers with a way to communicate directly with their customers, that indirect mechanism served an important role.

in iOS 7 apps silently get updated, automatically. This morning, I just happened to wander into the App Store app and discovered several apps that had recently updated—some of which contained interesting functional additions.

Perhaps with iOS7, enabling customer communication by finding creative ways of capturing user email addresses—i.e. ways that don’t violate Apple’s policies—will take on a higher priority with developers.

  1. I think some developers abused this with unnecessarily frequent updates, simply to trigger a reminder that their app exists. 

My experience with the Simple bank

About a year ago, I opened a checking account at and made a small deposit. I’d seen a lot of chatter about the new service and its plan to fundamentally change personal banking, and wanted to give it a try.

My experience was so-so.

On the positive side, I really, really appreciated the effort they put into the design of the user experience. They also did some interesting stuff like geo-tracking my debit card transactions. On the negative side, I missed basic things like being able to download monthly statements for reconciliation. And as someone who spends more time outside the US than in, I missed having access to foreign-transaction-free credit cards and fee-free foreign ATM access, like I get from other American banks.

At the end of the day, though, Simple seemed primarily intended as a personal-finance tool, helping people maintain goals and budgets—services I don’t personally need (as I do budget tracking elsewhere).

This week, realizing it’s been months since I’ve even logged into Simple, I decided to close my account. When I logged in, Simple showed my available balance as $5.72. Manually adding up my transactions, though, the balance came to $15.06.

When I emailed customer support, they reported that indeed my balance was $15.06, and speculated that the website is displaying the wrong balance since my account has been inactive for several months.

Hmmm, that doesn’t inspire much confidence!


Have you ever noticed that when surfing around the web you’ll often see big banner ads to websites you’ve recently visited? That’s due to this company—AdRoll. AdRoll-enabled sites set a cookie when you visit, allowing AdRoll to later display banner ads from those same sites when you visit other sites. (The notion is that repeat exposure is instrumental to conversion.)

In my own experience though, I most often see AdRoll ads for services I’m already subscribed to; obviously a waste of impression.

Orphaned Facebook apps

We have a customer in Germany for whom we developed several Facebook apps used in their business. The apps were associated with the personal Facebook account of our customer contact.

Several months ago, without notification, Facebook converted this person’s personal account to a business account. As a result, all of their apps became orphaned—no longer associated with the account, and no longer accessible for modification.

Facebook later began sending notifications to us (and all app developers) about required app updates vis-a-vis Facebook’s new privacy policies, and warning that non-complying apps would be deactivated.

But without access to the apps, we obviously can’t make any updates.

We’ve tried everything we can think of to get in touch with someone at Facebook about this, but have been unsuccessful. We’ve tried posting in Facebook-sponsored developer forums, posting to several Facebook-related twitter accounts, etc.

As far as we can tell, Facebook does not expose a contact address for developers who have problems that need resolution. And so we are stuck with a set of orphaned apps that we can’t access, but which our customer needs in the operation of their business.

I’m posting this to my blog in the hopes that someone might stumble across the article, who could help. If you can help, please contact me here. Thanks so much.