Some tips for safe web browsing in a post-Heartbleed internet

Over the past week, we have noticed many people (friends, family members, etc…) asking for general advice on things they can do to protect themselves from the recently revealed Heartbleed vulnerability. While a lot of the major work needs to be done by owners of individual websites, there are some more general security steps that you can take to minimize your risk. Most are not that difficult to set up, so you might as well go ahead and do them, especially now that security is probably fresh in your brain due to all the Heartbleed coverage.

If you use Chrome, install the Chromebleed extension.

This browser extension will give you an alert when you are on a secure site that appears to be vulnerable to the Heartbleed bug. The good news, as many websites have patched their servers, you should see very few alerts. If you do see an alert. Get off that website and come back later when they have had a chance to patch their servers.

Change passwords on sites that have given the all-clear

It’s a good idea to change your passwords, but only for websites that have given the all-clear that they are no longer vulnerable to the bug. If a site hasn’t patched their servers and you update your personal information, it doesn’t do much good.

Use a password manager like LastPass

It’s really hard (damn near impossible) to remember a unique password for every website you visit. Most people use a single password for many websites. A password manager shifts that burden out of your brain and into a piece of software, allowing you to remain secure while only remembering a single password.

Use two-factor authentication wherever possible

Two-factor authentication minimizes the risk of a password breach by forcing you to provide an extra piece of information  when you log in. Usually this is a rotating security code that you read from an app, or an access code that will be sent to you via text message when you attempt to log in to a website. They are not very difficult to set up, and the security benefits are pretty great. If you haven’t started using two factor authentication on websites that offer it, you really should think about it.

Many sites support two factor authentication. Here are links to set up two factor authentication for Google accountsFacebook (look for “login approvals”), Twitter (look for the “login verification” options), Github, and Evernote. A much larger list of sites can be found here.

Review the applications you are connected to on major social media sites

It’s likely that over the years you have built up many sites that have used a connection to one of your social media accounts. It’s easy to forget about the random website that you connected with your Facebook account two years ago. You should review these applications and revoke any services that you are no longer using.

Here are links to see the connected applications for your Facebook, Twitter, and Google accounts.


Our Android app and Samsung’s repeatedly regressing bugs in Accessibility Services

Hello folks,

A number of you, especially international users, are affected by a very annoying bug in Samsung’s build of the Android OS. The unfortunate situation is that this a Samsung bug, and not something we have the ability to do much about. This Samsung bug variously causes these behaviors:

  • Installing RescueTime and enabling “website details” causes Text To Speech to be active. This one seems to be mostly solvable through ridiculously complicated systems settings changes.
  • Installing RescueTime (and enabling website details?) causes misbehavior of certain alternate keyboards, especially Swype. Doesn’t appear to be a solution to this yet.

 

Samsung has at certain times claimed to fix this bug, but it is as if they are using some stub code that contains the bug, and keep re-introducing it in different ways. The bug has to do (it seems) with Samsung incorrectly responding to other apps Accessibility settings, when they should not.

They seem to have introduced the bug in some revision 4.1, then sort-of fixed it in some iterations 4.2, then re-introduced it in other ways in 4.2.1, at this point it is hard to know which Samsung devices have the issue. Galaxy 3 seems to be the biggest offender.

Here is a comprehensive discussion of other app developers hoping to get Samsung to do something about it:

http://developer.samsung.com/forum/thread/samsung-devices-and-accessibility-services/77/204387

and another thread: https://code.google.com/p/android/issues/detail?id=23105

and another about keyboards: http://forum.xda-developers.com/showthread.php?t=1924208

For users with the TTS and Talkback problem: from what we hear from users if you go to your phone’s system Settings -> App -> All and disable BOTH Google TTS Engine AND Samsung TTS Engine, the spoken text problem should go away.

For users with the Swype and other keyboard problems, we are still looking at recommendations, and will update here. Some users may have success by simply switching the RescueTime Accessibility Service to OFF under system Settings -> Accessibility -> Services -> RescueTime (switch to OFF).

Our current plan of action is to add a feature that detects if you are on Samsung devices, and if you select web site details, give you a warning and a link to this post.

Thanks!

 

 


RescueTime handling of Heartbleed SSL bug

heartbleedThis week, a security vulnerability known as the Heartbleed bug was discovered to be affecting major websites across the internet. RescueTime’s servers have been updated to address this issue.

All requests to RescueTime use SSL (HTTPS). All requests are terminated by Amazon using their Elastic Load Balancing Service. This service was patched to eliminate the Heartbleed bug on April 8th. This means users are currently protect against leakage resulting from this bug.

Additionally, as of April 9 all RescueTime server systems have been patched for the bug, or have been identified as not vulnerable. This is more a precaution than requirement since users do not directly connect to any RescueTime servers.

RescueTime is in the process of updating all passwords used in the administration of the service as the dependent services themselves are updated to protect against the bug, e.g. when the site service we use announces they are patched, we then update the password.

However, for further guarantee of security RescueTime will also update its server SSL certificates used in HTTPS and other privileged resources over the next week. We will make a second update when that is complete.

What should you do at this point?

It is now safe to change your password on www.rescuetime.com. You may also want to read our list of general steps you can take to browse the web safely while other websites are responding to the Heartbleed vulnerability.


See how your day is shaping up with RescueTime Day Timers

time-and-pulse-timer

One of the cool, helpful new features on RescueTime’s new website is the availability of Day Timers. Users can activate a timer to give themselves a stand-alone, heads-up display of cumulative logged time and their current productivity ranking for the day. This appears in the form of a re-sizeable browser window. Personally, I activate the timer and then put the window in back of the other browser tabs and application windows I am using. I use this timer to keep track of my work time for the day and check in periodically to see where I am. I find that this provides both confirmation of work done and motivation to reach my daily goal. I also use the timer to schedule breaks, taking some time after every hour of completed work for coffee, other tasks, or a short walk. This keeps my mind fresh throughout the day. One additional way of using Day Timers is to keep track of time spent on particular activities. If you are looking at an activity in your reports and activate a timer, it will show cumulative time spent on that specific application or website. This is a good way to monitor use and be aware of how close you are coming to your positive and negative productivity goals. It is often surprising to me how my experience of time spent on something differs from actual time spent.

How to use Day Timers

Timers can be opened from any report, just look for the green button that says “Day Timer”.  You can create timers for applications, categories, productivity levels, or goals. The timers will update continuously throughout the day, so you can just leave them open in a spare corner of your screen or a second monitor and watch your time add up.

We’ve been using these timers internally for several months, and we’ve gotten some great feedback from some of our users (thanks to Joos Buijs in particular!). Check them out, and let us know what you think!

Examples

Open a timer from any report

Open a timer from any report

productivity-timer

Timer for all distracting time

application-timer

Timer for the code editor Sublime Text

goal-timer

Timer for a goal of 5 hours of productive time per day

category-timer

Timer for the Communication & Scheduling category


I’m about to start working remotely, and it’s sort of freaking me out

In about two weeks, I’m moving from Seattle, WA to Nashville, TN. This is awesome for a number of reasons. Nashville has less depressing winters, some great friends and family live there, there’s an NHL team, and I’m really excited to reacquaint myself with the city I grew up in. (That said, I am going to really miss Seattle. This place is amazing). There’s just one part that makes me a little nervous: Working remotely. It freaks me out. It shouldn’t, but it does. Kind of a lot. Several people at RescueTime work remotely, and they make it work just fine, but I’m still uneasy.

You see, I’ve worked remotely once before, and I was terrible at it. I mean, I still got my work done and all, but I fell into just about every conceivable work-from-home trap in the process. It was several years ago, and I was living in Boston, working for a small web design company in Anchorage, AK. The four hour time difference meant my work day didn’t start until noon (which is awesome), but it meant I was working until about nine (opposite of awesome). I didn’t have to keep those hours, but between everyone else being on Alaska time and me not being a morning person at all, it was an easy pattern to fall into. Finishing work so late each day sort of wrecked my motivation to go out and do anything afterwords, so often times I would just keep working. That’s a really bad habit to fall into, and led to some pretty bad workaholic tendencies (also not so great for my social life :\). I was working out of my house, so the isolation started to get to me. For days at a time, I found myself with literally zero reasons to put on pants. In a way, that sounds luxurious, but it stops being fun real quick. After a while, I figured out ways to get a little bit more balanced, but it never really got to a spot where I could say I actually enjoyed it all that much.

So you can see why getting back into a remote work situation would be unsettling. But I’ve got some reasons to be optimistic this time around.

I’m not the only one in my company working remotely

The last time I worked remotely, I was the only one in the company not in the main office, and that caused a huge disconnect. I felt guilty being the odd man out, like I was burdening everyone with my weird schedule and the fact that I couldn’t be there for meetings. At RescueTime, more than half the team works remotely, so I don’t feel that same pressure. It’s already a part of our culture. And the folks I work with have been doing this for years, so I don’t have to figure it out all on my own.

Technology is way, way better now

Before, the main options I had for interacting with my coworkers were phone calls, email, and FTP. Now I have all sorts of options to stay connected. We sync files through Dropbox, share code with Git, and share all sorts of random knowledge tidbits with Evernote and Google Drive. On a more social level, Google Hangouts makes it so we can see each others faces (and screens) whenever we need to. And we use HipChat for group chat, which has been surprisingly effective at making everyone feel a little less spread out across the country. On the time management front, RescueTime helps me steer clear of some of the really bad habits I’m prone to by keeping me aware of how my days are shaping up.

There are other options for not working strictly from home

I know that working from home drives me crazy after a short while, so I have to get out and find somewhere else to work. This time around, I have two things working in my favor. Coffee shops are a great option now that I’ve developed a fancy coffee addiction (thanks a lot, Seattle!), and Nashville has an abundance of coworking spaces that I can go to give myself some structure (as well as some physical distance from home, so I can draw the line when I’m done for the day). I’ve spent a few days at CoLab Nashville, which has been great, and there are several others that look really good. I have a lot of options.

Nashville-to-Seattle is way different than Boston-to-Anchorage

It’s not as hard to go back. Flying to Alaska was always a huge, expensive undertaking, no way around it. (To be fair, a huge, expensive undertaking that also involved moose, bears, Northern Lights, and a bunch of other completely magical stuff.) Seattle is still far away, but I’m only crossing two time zones, not four. (No direct flights though, so that’s sort of a bummer.) I’m not really sure how necessary going back will end up being. Going back to the first point, the other people working remotely give me some new options for face to face time. There are two RescueTimers in Atlanta, and that’s only a few hours’ drive.

Remote work is actually a thing people think about now

In the time since I last worked remotely, the conversation has gotten a lot more interesting and sophisticated. In addition to all the tools I listed above, there’s just a better understanding of what the tradeoffs and pitfalls are. A lot of people have put effort into figuring this stuff out, so there’s a better roadmap. It also helps that I have a pretty clear idea of some things that simply don’t work for me (living and working in the same space, all the time, for example). This time around it feels like there is a lot less that I’ll have to sort out by pure trial and error. I’m about halfway through reading Remote, by 37signals, and it’s a really nice rollup of the dos, don’ts, and current thinking about remote work.

So I think it’s all going to work out ok. Still, got any tips?

While I’m optimistic, I still know myself and know the traps I’m apt to fall into. Does anyone have any good tips or strategies for remote work? If so, leave them in the comments, I’d love to hear about them!


Four awesome improvements in RescueTime alerts

There are a lot of things I’m really excited about in the new version of RescueTime. We rolled out over 30 new features, but I’m particularly thrilled about a few of the changes we’ve made to the alerts you can set up to let you know when you’ve spent a certain amount of time on an activity.

Improvement 1. You can now set alerts for ANYTHING.

Before, I could only set alerts for categories or productivity levels. This left out two important situations. First, I’m interested in staying mindful of the total time I’m on the computer each day, not just the productive or distracting time, and it just wasn’t possible to create an alert for that before. Now, I can set an alert to notify me when I log above a certain amount of total time on a given day. This is a great way to curb my workaholic tendencies (and gets even more effective with improvement #2). Second, I can also now set up alerts for specific websites and applications. There are some times when an entire category is too abstract for me, and I just want to know when I’ve been doing something specific.

candy-jewels

For example: I have a problem with Candy Jewels on my phone. I can’t stop playing it sometimes. Not that I think games are bad or anything, but I fall into a hole with this one in particular. I have an alert that let’s me know when I’ve played it for more than a half hour a day.

Improvement 2. You can now include a custom message to get sent along with your alert.

RescueTime alerts are often a way of sending myself a message in the future. Present Robby who’s thinking about how much time he’d ideally like to devote to certain things wants to send Future Robby a note either congratulating or chastising him when he crosses a certain threshold. The problem was, I couldn’t actually include any sentiment with that alert, just a dry status message “You have spent more than 2 hours on distracting activities today”. Now, I can customize the alert to say whatever I want, which allows me to get creative with it. Here are couple examples:

After 2 hours of distracting time:

GrowlHelperApp

After 10 hours total on the computer:

10-hr-alert

And here’s an alert our CEO uses to manage a shoulder injury he’s working through:

Google Chrome

Improvement 3: You can automatically start a FocusTime session after an alert is triggered.

One problem I always had with alerts is I felt they were only half-useful when I was trying to nudge myself into changing my behavior. Sure, getting a reminder where my time is going is helpful, but sometimes I wanted something more. We combined our alerts with FocusTime, our site blocking feature to make the alerts a little more meaningful. Now, I can not only say “let me know when I’ve been getting too distracted”, I can also turn off distracting websites for a period of time as well.

alerts-focustime

I’ve found an interesting productivity hack for this one. When I first get to work in the mornings, I have a bad habit of making the rounds of Reddit, Twitter, Hacker News, etc… before I settle down onto something more serious. I wanted to see if I could improve how I started my day, so I set up an alert to block distracting websites for 30 minutes after 0.01 hours of time is logged each day. This effectively says “no distracting websites for the first half hour that I’m at the computer”.  This is usually enough time for me to sink into something more productive, which sets the tone for my day. I’ve been doing this one for a couple weeks now (weekdays only), and it’s working pretty well.

focus at the start of the day

Improvement 4: Goals now have alert functionality built in.

In the old version of RescueTime, goals and alerts were completely separate. Goals were for keeping track of metrics over time, and alerts were more transient. This always seemed cumbersome to me. The new version still has the ability to create goals and alerts separately, but I can choose to get alerts directly from a goal if I like. This saves me the extra step of creating the alert (and editing it if I ever need to change my goal).

Creating a new goal with notifications built in Creating a new goal with notifications built in

These improvements have really changed the way I interact with goals and alerts in RescueTime, and opened up a whole bunch of new possibilities. I hope you like these new capabilities as much as I do!

If you’d like to sign up for RescueTime, you can do that here. (Alerts are a premium feature. If you’re on the free plan and want to use alerts, you’ll need to upgrade.)


Meet the new RescueTime – the big list of new features

The past few months have been really busy and exciting over here at RescueTime! We recently launched a completely redesigned version of the RescueTime.com for our individual users with over 30 new features and improvements. We’ve received a lot of great feedback and made a few changes to address some issues that have come up, and will continue to work to improve RescueTime for all of our users.

Here is a list of the features and improvements:

A mobile-friendly, responsive design

dashboard-mobile-desktop

  • The website is fully responsive and supports multiple screen sizes and layouts. We also no longer use Adobe Flash for our charts and graphs meaning that you can now use the RescueTime.com website on a much broader base of devices including mobile phones and tablets.

The RescueTime dashboard

dashboard

  • The dashboard has been completely reimagined – based around the most common ways our users interact with RescueTime. This gives you the information you need with fewer steps and in a more readable format.
  • The default view is now the current day (was current week), making it easier to keep an eye on the current day’s activities, which are more actionable.
  • There are several new visualizations, including a ‘spotlights’ section  showing your daily patterns and comparisons with past time periods.
  • Observations about the current day / week / month are available to help you make sense of the data in the graphs.
  • Achievements block showing the lifetime total time logged, top productive day, and more.

Time and productivity reports

activity-2

  • You can pop out a live timer to keep an eye on the time you are logging for any report
  • Reports show richer information about how an activity (or type of activity) fits into your entire day.  (Example: You spent 3h 19m in Photoshop, that’s 5% of your total time this week, and 36% of your time spent in design & composition)
  • It is now easier to categorize or edit an activity, or delete time that you’d rather not include in your reports.
  • Most reports have a new “daily patterns” view that shows you how what time of day you tend to spend more time on activities, categories, or productivity levels. premium-slug 
  • All reports have a “changes over time” view that gives a historic perspective on how you are spending your time. premium-slug
  • You can share the results of a report by email or Twitter

Goals

create-goal

  • You can get notifications when you exceed a goal line via email or pop-up. premium-slug
  • Goals can be created directly from a report page, making it easier to spot things you’d like to change and take action immediately.
  • Goals were previously for categories and productivity levels only. Now you can set a goal for individual applications and websites as well.
  • All-time goals allow you to keep track of the total time you spend on the computer each day.
  • Redesigned goals reports. It’s now easier to track your progress over time.

Alerts & Notifications premium-slug

GrowlHelperApp

  • You can add a personalized message to alerts (example: ” 5hrs of productive time today! Congrats! You’ve earned yourself a break”)
  • Distracting websites can be blocked for a configurable time after an alert is triggered. Great when you need an extra nudge to get back on track.
  • An alert can be created for just about any metric we track (examples: “total time logged”, “all communication & shcheduling”, “very productive time” or just simply “Gmail”)

Daily Highlights premium-slug

daily highlights

  • You can now keep a running list of your accomplishments. It’s a great way to remember what you got done each day.
  • There is a filtered view of your activities to help you remember what you worked on for days in the past.

Offline Time – track time away from the computer premium-slug

offline time

  • Offline time now has a mobile-optimized view so you can easily enter time while you are away from the computer.
  • It’s now much easier to delete offline that you’ve entered by mistake.

Focus Time – Block distracting websites premium-slug

alerts-focustime

  • You can now disable a website during a FocusTime session, after waiting through a ‘cool-down’ period.
  • FocusTime sessions now show an alert when they expire, allowing you to work in intervals.
  • FocusTime now works on all major web browsers.

API / Integrations

  • New “Ways to use your data” page showing you other services that you can use to do interesting things with your RescueTime stats. Currently we have integrations with Beeminder, Geckoboard, and Panic Status Board.

RescueTime for Android

  • You may now track web sites on Android. Before, you could only monitor time spent in individual apps. This is an opt-in feature that requires enabling accessibility features on your Android device. You can get RescueTime for Android in the Google Play Store.

And a lot of small tweaks throughout the site…

  • System health prompts: lets you know if you need to update the RescueTime application, or if you are building up a lot of uncategorized time.
  • More configurable time display options for countries where the 12-hour time format isn’t used.
  • Many, many usability enhancements.

Over the next few weeks we will be diving into more detail on some of the RescueTeam’s favorite new features. If you don’t already have an account and would like to experience it for yourself, sign up for a RescueTime account today.