It's Been a While

It's Been a While

It's been a long while since I posed on this blog and it's not likely that I will do so any more often, at least in the near term. You see, I am not writing at That is not to say that this blog is abandoned. It remains here to preserve the prior posts and as somewhere I can write if there is someething that doesn't fit with MacStories. If you would like to read my articles there, use this link.

Security Consequences of Bad Design

On Saturday I opened the Charles Schwab iPhone app to deposit a check. I create and manage my passwords with 1Password, the gold standard for password managers, but each time I tried to copy my twenty character password from 1Password and paste it into the Schwab app, it failed to paste anything into the text field. The strange thing was that I had no problem using my long password on

I asked about it on Twitter and learned from the good folks at AgileBits, who make 1Password, that Schwab's web site was truncating my twenty character password, the first eight characters of which just happened to abide by Schwab's password rules. As it turns out, Schwab passwords cannot exceed eight alphanumeric characters and cannot contain symbols.

Schwab's reliance on eight character passwords is not unique in the financial services industry, though it is troubling in light of the GPU-based cracking tools that have been available for some time. To be fair, Schwab does offer two-factor authentication. Customers can order a free security token that generates a numeric security code that periodically expires. I would prefer an app like Authy or Google Authenticator to carrying another dingus around, but having two-factor authentication available is a nice option.

What concerned me as much as Schwab's short password limits is the subtle effect the password truncation had on my behavior. There is no feedback on telling users that their passwords are being cut down to eight characters. I am sure some programmer felt he or she was designing the site to fail gracefully, but without any feedback I had a false sense of security that my password was more robust than it actually was, which led me to change my password less often.

The moral of the story? Change your passwords regularly regardless of how long they are. Fortunately, with 1Password, doing so is not difficult at all.

Download Links Matter for Podcasters

Don't make it hard for people to listen to your podcast.

This morning I was checking out a new podcast and was intrigued by the first episode's guests. I already subscribe to a bunch of podcasts, but figured I would use to queue up the latest episode of this new show.

If memory serves, it was a mention by Merlin Mann that first turned me on to Huffduffer, which lets you create a personal RSS feed of podcasts that you can subscribe to in most podcast apps. Simply go to a web page with a link to a podcast file, click Huffduffer's javascript bookmarklet or Safari extension and the show is added to you feed. Outside of perhaps Downcast, which Dr. Drang pointed out to me, this is one of the few ways I know to get one-off episodes of podcasts into your podcast client.

The problem for Huffduffer users is that not all podcasters link to a downloadable file of their shows, especially those who use Squarespace to host their episodes. Squarespace is a great service that I use myself, but its built-in player widget does not link directly to a downloadable file, which is precisely where I found myself this morning. No download link, no Huffduffer.

I fired off a tweet suggesting that podcasters who use Squarespace add download links to their episode pages as Marco, John and Casey do for The Accidental Podcast, which clearly struck a chord. What interested me the most was the reaction of a few podcasters who said they would rather that listeners simply subscribe to their shows. I get that, but you are not going to grow your audience by making it hard to download your show.

There is a wealth of high quality podcasts from which to choose today. If I could listen to them all, I gladly would, but the hard reality for podcasters is that even the most avid podcast listeners will at some point run out of time to listen to everything. Some listeners who choose to huffduff your show will not come back for future episodes, but if you make it easy for them to get your show the way that they want it, at least you have a chance to gain a new regular listener -- making it harder just ensures they won't listen in the first place.

For podcasters who use Squarespace and are interested in adding an episode download link, Marco Arment kindly posted the code he uses for ATP on