Controlling Web Based Music Players with Global Keyboard Shortcuts

Ever since I switched from iTunes to using web-based music players (Google Music, Amazon Cloud Player, and Pandora), I’ve wanted the ability to control them with global keyboard shortcuts. The other day, I finally took the time to set it up, and I’m very happy with the results:

If you’re interested in setting this up for yourself (or simply learning about how it works), download the project files here, then follow these instructions:

  1. Unzip the project files. You should see a directory called “music_control”.
  2. Make sure you have node.js installed, then cd into the “music_control” directory and start the server with: node server.js.
  3. Cd into the “extension” directory and open “background.html” in your favorite editor. Change the SERVER_HOST variable to reflect your host name.
  4. In Chrome, go to Window > Extensions. Make sure “Developer Mode” is checked.
  5. Click on “Load unpacked extension,” then navigate to the “extension” directory. (You can also package the extension and install it normally by double-clicking on the resulting “music_control.crx” file.)
  6. Install any application that lets you map global keyboard shortcuts to shell scripts (or AppleScripts, but I prefer bash). I used an app called Shortcuts, but I’m sure there are plenty of free alternatives.
  7. Setup whatever keyboard shortcuts you want to map to the following bash commands (note that you can use something like wget rather than curl if you prefer):
    • curl "http://localhost:8000/music?play"
    • curl "http://localhost:8000/music?next"
    • curl "http://localhost:8000/music?previous"
  8. You’re done! You should now be able to control you web-based music players with keyboard shortcuts.

I realize there are a lot of moving parts here, and any number of ways to accomplish the same thing. If you decide you don’t want to use this exact implementation, hopefully this will at least get you started down the right path of your own setup. Let me know if you get this working and/or if you adapt the concept to something equally or even more interesting. I have lots of ideas for where this could go.

A Simple Phishing Vulnerability in Mobile Safari

I recently put together a demo of a very simple, yet very convincing, phishing attack targeting mobile Safari:

It works by first checking the user agent and determining what kind of device the request is being made on. If the device isn’t an iPhone, the user is simply forwarded to and will never know the difference. But if the request is made from an iPhone, the user gets the special phishing login screen which does the following:

  1. Shows an image of Safari’s location bar at the top which implies that the user is on
  2. Scrolls the actual location bar off the screen quickly enough that very few people will notice it.

Since this attack targets mobile devices, it’s pretty safe to assume that many (probably most) users won’t be paying very close attention, and will likely not notice the actual location bar being hidden. The effect is so fast that even users who do notice probably won’t think anything of it.

I really like that mobile Safari lets you hide the location bar in order to have more pixels for actual content, but perhaps there’s a way to tweak the design in such a way as to make malicious applications of this feature less feasible.

Before You Criticize the Cloud for Downtime

cloud_computingWhenever cloud services like EC2 or Google Docs experience downtime, there are always plenty of comments about the dangers of relying on the cloud. While it’s true that depending on third parties (both your ISP and the provider of the cloud service itself) for basic computing tasks like document editing can be risky, it’s also important to look at and understand the entire equation before evaluating cloud services. Here are some things to consider:

  • First and foremost, when you work 100% locally, you have to worry about the integrity of your own storage solution. I’ve had drives fail and/or files become corrupt several times over my career, and I lost much more time than I probably would have during a Google Docs or Amazon Web Service outage.
  • When you run everything locally, you need to spend time and money on a backup solution. Although there are a lot of great ways to back up data seamlessly and unobtrusively, there is still overhead involved in the form of configuration, maintenance, and even computer performance. Additionally, local backup solutions like Apple’s Time Machine and Time Capsule are insufficient; if you really want to be secure, off-site backups are imperative. (Take it from someone whose office recently sustained water damage after we got 12″ of rain in four days.)
  • If you work in the technology industry, you probably use more than one computer and/or go through computers faster than a typical consumer. Keeping data synchronized across computers, maintaining workstations, and configuring new machines all requires overhead which can be dramatically reduced by using more cloud-based services.
  • Although using cloud-based services puts you at the mercy of both the service itself and your ISP, I think you can make a pretty good argument that your ISP usually isn’t all that much of a risk. Even if I’m working 100% locally (writing code, editing video or image files, etc.), I am much less productive without an internet connection. In fact, I’m so dependent on various sites and web-based services that when my connection goes down (which is very rare), I’m more likely to walk away from my computer entirely than to continue working with local files.

All this is not to say that relying on the cloud doesn’t have risks associated with it, or that cloud-based services are always superior to working locally. In fact, although I’m hugely invested in, and dependent on, cloud-based services, I’m not convinced the day will ever come when I do all my work in the cloud. Additionally, aside from downtime, there are other things to consider when choosing to store data in the cloud — chief among them being security. However, before one criticizes cloud services for downtime, it’s important to understand that periods of time during which you cannot be productive come in many different forms, most of which are actually alleviated by using cloud-based services.

Five Simple Gmail Tips

gmail_alertBelow are five simple tips that will help you make the most of your Gmail account:

1. Pluses Give You Infinite Gmail Addresses

You can append a plus (“+”) along with any arbitrary string to your email address, and Gmail will simply ignore it. For example, if your email address is, you can send email to, and it will be delivered as usual. The only difference is that the “to” address will retain the additional string, allowing you to filter on any token you want. I’ve found this is useful for two primary reasons:

  1. If you need to create a second account on a site that requires an email address, you can enter a unique email address without having to actually create another email account.
  2. You can filter on the additional string which allows you to keep your inbox better organized.

2. Dots are Ignored

Gmail actually ignores all dots (“.”) in your email address. For instance, if your email address is, you can log in or send email to,, or even Again, this technique can allow you to link a few different email addresses to a single account, or to simply change your email address without actually having to change it.

3. Enable “Undo Send”

Have you ever sent an email, then skimmed it again only to find a typo or realize you forgot a key piece of information? If so, go to Settings, then check “Enable Undo Send.” You can specify a period of 5, 10, 20, or 30 seconds during which you can undo sending an email should you change your mind. Truly a brilliant feature.

4. Use the Word “Attachment”

Get in the habit of using the word “attachment” in emails where you intend to send an attachment. If your email contains the word “attachment” but you haven’t actually attached anything, Gmail will alert you and give you a chance to attach a file before sending the email. We’ve all sent and received plenty of emails referring to nonexistent attachments, haven’t we?

5. Filter on “Unsubscribe”

(This one isn’t specific to Gmail, but I thought I’d throw it in anyway.)

The other day, I posted to Twitter that I wanted a Gmail plug-in which searches for links containing the word “unsubscribe” in all my email and automatically clicks on them. Of course, in practice, this could actually do more harm than good. But a useful alternative is to create an “unsubscribe” filter in order to keep unwanted mail out of your inbox. You can check the label occasionally, read the one or two emails that you actually wanted to get, and decide for yourself which ones from which to manually unsubscribe.


Gmail is frequently updated with all kinds of very cool new features, so check your settings regularly to make sure you’re not missing out on something that can make your life easier, or make you more productive.

Update: If you use email as a way to send yourself reminders, here’s another great email tip for you.

Tips for deploying a LAMP stack on Amazon EC2

If you’re interested in using Amazon EC2 and other services to deploy a LAMP (Linux, Apache, MySQL, and PHP) stack, you will probably find this post invaluable. I spent about three full days migrating all my sites over from a physical dedicated server to an EC2 instance, and what follows are several things I learned during the process.

This post will cover the following (in varying levels of detail):

  • Selecting and setting up an AMI (Amazon Machine Image) with Apache, MySQL, and PHP.
  • Setting up an elastic IP address.
  • Setting up an EBS (Elastic Block Store).
  • Sending email from an EC2 instance (not as easy as one might think).
  • Backing up your data and web applications.

Continue reading

Hey, Google: It’s time to launch Gmail already!

Did you realize that Gmail is still in beta? Have you noticed that you still have a limited number Gmail invites? Huh?

You can call an application "beta" all you want, but when thousands of people (tens of thousands? hundreds of thousands?) depend on it on a daily basis, it’s no longer beta. Gmail has been launched by consensus which means it’s time for Google to tighten it up.

Rather than continuing to add features, I would much rather see Google bulletproof the features they already have and officially launch it so I can stop dealing with issues like these:

  • A surprising number of errors. Yesterday, the attachment scanner wasn’t working. Today, clicking emails in my inbox is sometimes a NO-OP. I often have to click send several times to actually get an email to send. These are basic operations, no?
  • Since the recent update, only my Gmail contacts auto-complete in the "to" field. I don’t know if this is a bug, or if this is designed to make me try to convince all my non-Gmail contacts to switch to Gmail, but it’s extremely annoying, and it’s not how it used to work.
  • If you have Gmail configured for multiple accounts, and your reply to a message that wasn’t sent to your Gmail account, the new message always defaults to being from your Gmail account rather than the account the email was sent to.

None of this is to say that I don’t like Gmail. Quite the contrary, in fact. I switched to Gmail after years of using Yahoo! Mail, and I’ve never looked back. And their new IMAP support was just what I needed to make getting mail on my iPhone bearable. However, whether Google likes it or not, Gmail is no longer in beta. So as we say in the software industry, lock it down, bake it, and ship it!

Update: Thanks, Soheil, for pointing out that Google has addressed the third point about the from address. That just made my day!

How web applications will get to the desktop

About a year and a half ago, I made a post entitled "Why web apps will move offline". All this time later, I’ve come to realize that we’re in for much bigger and more interesting changes than just offline web apps.

It’s inevitable that web applications will move offline, and we’re already starting to see some examples (Google Reader using Google Gears, for instance), but I think that in the next year or two, we’ll see something even more interesting: web apps that run in the browser with real desktop functionality. I’ll call these "webtop" applications.

The first thing webtop applications need is secure local storage. Google Gears is addressing that with what I believe is a very interesting solution: a browser extension with SQLite embedded to give web application developers the ability to store data in a local database. Google Gears also has a local server bundled for caching assets offline, and a way to spawn additional threads in JavaScript to make web applications more responsive.

The next thing you need is desktop APIs, or maybe I should say OS APIs. We got our first glimpse of web applications using OS APIs at WWDC when Steve Jobs revealed how devleopers will extend the iPhone: web applications which will load into Safari. The iPhone version of Safari has APIs for things like making phone calls. These applications will run in some kind of a secure sandbox which will keep them isolated so that, in theory, they can’t damange your phone or corrupt other applications.

So what’s the next step? I see webtop applications moving forward in two different directions:

  1. I think there will be additional browser extensions which will add desktop functionality like drag and drop, system notifications, and maybe even limited file system access to browsers. I also think it’s possible that Apple will add OS APIs to the desktop version of Safari, and now that Safari is available for Windows, webtop applications will be able to run cross-platform. (Apple has already done it on the iPhone — why not on the desktop?)
  2. The Adobe Integrated Runtime (AIR) is another alternative (I’m a Product Manager on the AIR team at Adobe, but I’ll try to be objective). AIR lets you build desktop applications using web application technologies like Flash, Flex, HTML, Ajax, etc. Rather than loading the applications from the web, however, you install them, more like traditional desktop applications, which gives them more desktop privelages than you would probably want to give something that was loaded from a web server. AIR applications bridge the gap between the desktop and the web by allowing easy access to remote services, and by providing a secure sandbox in which remote content can run in.

Not to be outdone, I’m sure Microsoft will join the party with additional Silverlight functionality which means some of the biggest software comapnies in the world (Google, Adobe, Apple, and Microsoft) will all be trying to bring web applciations to the desktop. Get ready for web to take a huge step forward.

A second look at Google Reader

The first time I tried Google Reader (which was when it was first introduced), I found it to be one of the more technically impressive JavaScript applications I’ve seen, as well as one of the least usable.  It seemed that the Google Reader team was far more concerned with pushing the boundaries of Ajax and JavaScript wizardry than they were with building a functional, practical tool.  The good news is that I think they came to the same conclusion, and completely redesigned it.  It’s been some time now since they relaunched Google Reader, but I was so put off by their first version that I didn’t get around to trying the new one until about a month ago.  I’m happy to report that I think Google Reader has grown into an uncommonly good application.

It’s easy to get started using Google Reader, so rather than spending a lot of time reading my conclusions, I recommend that you go draw some of your own.  I would like to briefly point out some of what I consider to be the most compelling features, though:

  • It’s fast.  I think speed has always been Google’s secret sauce.  Speed is not a feature, as far as I’m concerned.  It’s a necessity, and Google has proven that they are the master of responsive web applications.
  • It’s optimized.  The UI, I mean.  Google Reader makes exceptionally good use of the browser window, and a lot of thought obviously went into how the user would interact with the application.  I’m able to take in a great deal of information at a glance, and easily uncover more information with a minimal number of clicks.
  • It’s focused.  Although Google Read is actually pretty feature-rich (it supports tons of keyboard accelerators, you can add bookmarks to your toolbar which automatically navigate through your new posts, and you can read your feeds on a mobile device), the features stay out of your way until you want them.
  • Sharing.  My favorite feature of Google Reader is sharing.  When you share a post, it adds it to your shared list which basically auto-generates a link blog.  Very slick.  I’ve just started using this feature, so I haven’t shared much content yet, but I think this concept has a lot of potential.  (If you’re interested in what I find interesting, you can find my shared posts here.)

I’ve done a lot of work with RSS and blog aggregation over the last few years (I wrote the Adobe XML News Aggregator, News Brew, and the open source ActionScript 3 RSS/Atom libraries), so I feel like I have a special appreciation for when RSS aggregation is done well, and I think Google has certainly gotten it right. What do you think of Google Reader?  If you’re not using it, what’s your aggregator of choice?

eBay: the Internet’s most successful bad idea

The first time I came across eBay, I was convinced it would never work. The idea of conducting anonymous financial transactions online seemed, on the best of days, insane. It’ll be fraught with scams and spam, I told my friends. No matter how many guarantees they offer their customers, they won’t be able to keep up with claims and disputes, both legitimate and fraudulent. Internet savvy con artists will find they can swindle dozens of victims simultaneously from the comfort of their own homes.

Now that billions of dollars find their way through eBay every year (yes, that’s billions), I’ll admit that I was wrong. I have a pretty good track record when in comes to predicting the success of new Internet technologies and businesses, but eBay was one that I missed. As it turns out, the good has outpaced the bad, and 11 years later, eBay continues to not only grow, but completely dominate the online auction space.

Only I wasn’t completely wrong. If you use eBay long enough, it’s pretty much a statistical certainty that you’ll eventually have a bad experience. I’ve been using ebay for over seven years now, and last weekend, my luck finally ran out.

I’ve been on sabbatical from my Product Management position at Adobe for about three months now, so I decided to start getting rid of a few disused toys I have lying around in order to keep at least a trickle of cash coming in. Last week, I tried to convert a PSP bundle and an iPod Video into cash, so I listed them on eBay. Both sold on Sunday, and by Monday afternoon, I had learned that both buyers are deadbeats. The PSP auction ended with sniper taking it for $300, then like any good sniper, vanishing into his surroundings to never be seen or heard from again. The other auction ended with "Buy It Now" in about 30 minutes, and has been a much more interesting experience. The buyer had no feedback whatsoever, so I didn’t have very high expectations, but I decided to give him the benefit of the doubt, and send an invoice anyway. Later that day, I received the following email:

Hello, how is you family and business? i just want to infrom u that i have made out my payment. once u get the comfirmation email from paypal pls get the iterm shiped.

Moments later, I received the expected forged PayPal email showing that I had been paid in full, and instructing me to send the iPod to, of all places, Nigeria.

Now I’ve been using eBay since 1999, and I’ve generally had pretty good luck, however an experience like this is enough to make you want defect to craigslist. Here’s my current situation:

Continue reading

How to use more than one computer

If you use more than one computer on a regular basis, here are five tips to make your life easier:

  1. Consider replacing desktop apps with web apps. Some desktop apps can’t be replaced (especially on Macs), but some can (especially on Windows). If you’re willing to sacrifice a few features and little performance, check out Writely (word processing), meebo (instant messaging), Num Sum (spreadsheets), Backpack (to-dos, notes, photos, files), Bloglines (RSS aggregation), and Yahoo! Mail or Gmail. What do we still need? A good calendar application (actually, personal information management in general), HTML WYSIWYG editor, and a good cross-platform, streaming music solution.
  2. Move your bookmarks online. Use, the Firefox bookmark synchronizer plugin (needs to be updated for 1.5), or get a .Mac account to synchronize your bookmarks across Macs (Safari only).
  3. Move your files online. I’m actually not sure the best way to do this. I’m using a Mac these days, so .Mac is one solution. I tried using Xdrive when I was using Windows more often, and it was a complete disaster. Omnidrive seems to have potential, but I’ve never used it, and it’s still in beta.
  4. Move your music online with something like Rhapsody. Rhapsody is the first service like this I’ve tried, and it was great. Worth every penny. Until I started using a Mac again. Their Mac support doesn’t really even deserve to be called such. I don’t know of a good cross-platform solution except to just cary around a high-capacity MP3 player in your bag. If all you use are Macs, and you are usually on the same network, you can always just share your iTunes playlists.
  5. Work off a USB flash drive. If you need a lot of capacity, use a high-capacity compact flash card and a PCMCIA adapter, especially if you need your computer to be more easily mobile (a PCMCIA adapter sits flush with a laptop case while a USB flash drive obviously needs to be ejected and removed before your computer can be packed up.) For sensitive information that you’re afraid could get lost, create a small encrypted partition on the flash drive. I carry a Swissbit Victorinox USB flash drive everywhere I go. You can even run several applications directly off of flash drives like Firefox and Thunderbird.

Any other good suggestions?