Right Foot Forward

If you know me, you know that Donette and I love going to restaurants. We recently moved from the UWS to the Financial District, so we don’t know the restuarants down here well. I’ve worked in the area for three years, so I know lots of lunch places, but I’m not so well informed about dinners. We’ve found some good restaurants, but have never been very good about writing reviews. However, our recent experience at Secession inspired us to start sharing our thoughts. Here’s what happened.

Secession
30 Hudson Street
New York, NY 10013

It was a Sunday night, and we were simply looking for a new place to try that we could walk to. We found Secession on Open Table. It’s the reopening of a David Bouley restaurant, formerly called Danube. They are known for their decor, which features reproductions of Gustav Klimt paintings, and it was beautiful. It’s a large space, and although the long bench-style seat along the window makes for tables that are a bit close together, it was a Sunday night, not crowded, and quite comfortable.

Donette had their signature roast chicken and I had the wild salmon. The service was very good and the meals were tasty–good flavors (others have said the food was bland, but we didn’t find that). The coconut cake for dessert was very nice. Overall, the meals were good and it would have been a solid, but not particularly memorable dining experience. But then, something happened that completely ruined it for us.

We were about to leave when a couple sat down next to us. They looked over the menu and the waiter (who also served us) asked if they had any questions. They asked if the wild salmon (that I had) was really wild. The waiter said “no, it’s farm raised.” So, we just paid $150 for a nice dinner at a restaurant run by a well known chef and found out that the meal we had wasn’t the meal they advertised. We feel taken advantage of, and we won’t be back.

Was the waiter joking? Was he misinformed? We did not confront the waiter or the manager, so to be fair, we don’t know for sure. But, it seems to us there are so many valid health and ethical reasons behind the dining choices people make that nothing less than complete honesty on a menu should be tolerated. If a restaurant lists Maine Lobster, it should be that. If they can’t get Maine Lobster that day, and that’s what I order, no problem. Just tell me so I can make an informed decision about what I want to eat.  Now, we read menus and wonder if the New Zealand lamb is from New Zealand or Long Island. There’s nothing wrong with Long Island lamb. I just want to know what I’m eating.

Now, we’re heading to what has become our favorite local place so far, Harry’s (we’ll blog about that soon), and we’re looking for other restaurants to try. Got any suggestions?

A little while ago, a friend sent me a link to Sean P. Aune’s list of
16 of the Best Password Management Tools for Firefox 3 on Mashable, and it made me realize that I really needed a better password management system. Like most things, once you start looking, you find a whole world of ideas, issues and opinions that you had never thought about before.

I’ve always had lots of accounts. Why? I like to try new things on the web, and I like to use amasur as my public persona wherever possible. So I have about 200 accounts at various places, and I’m creating new ones all the time. I also try to keep work and personal things separate–nothing work-related on my home PC and nothing personal on my work PC–but web accounts need to be accessed from both. Obviously, this is way too many to keep straight in my head, so I had to find an electronic solution.

My first solution was to keep list of all my passwords in a notepad file, which is about the most unsecure (or is it insecure?) thing you can do. But after about two days, it got too big to actually find anything. Then, I tried the IE and Firefox features to manage passwords, but they don’t sync across browsers, let alone PCs. So, I decided to just use an Excel file that I kept on a USB drive. It was practical, and a little better on the security side, because the file was password protected. For a long while, I carried my trusty little file around on my USB drive, and it was a decent solution.

Like most people, with so many accounts, I found myself using the same (or very similar) passwords for many sites, and I was bad about changing them frequently. Then, I saw an article (can’t find the specific URL, but there are several stories out there) about identity thieves that buy computers from bankrupt companies, and that, the security at those companies can be very loose–passwords and account information not always encrypted. Hmmm…since I create new accounts at the rate of several a week, and many of the sites I’m check out aren’t around a year later, I should change the way I manage passwords, right?

Where to start? What should you look for in a password manager? Here’s my list of password best practices:

1. You SHOULD have a unique password for every site.
2. You SHOULD have to remember only a single master password (or a few at most), and it (they) should be very secure.
3. You SHOULD NOT store your passwords on a server or a website.
4. You SHOULD be able to synchronize your passwords for use at multiple computers.
5. You SHOULD have a way to get your passwords when you are using a public or friend’s computer.
6. You SHOULD NOT create passwords that people who know you would guess.
7. You SHOULD NOT answer “security questions” honestly. See Wired’s story on hacking Sarah Palin’s email account. If she had chosen to tell Yahoo! that she met her husband “at the summit of Mt. Everest,” she could have saved herself a bunch of headaches.

Now, back to that list on Mashable. Which one to use? It’s a tough call, and the criteria are often at odds with each other. For example, if you want to have a unique password for every site, you won’t be able to remember them all. So if you want to use them across mutliple computers, they have to be stored somewhere that all your computers have access to, right? Well, storing them centrally does make it possible for a really seamless user experience across multiple computers, but it also forces you to put a lot of trust in whomever wrote the tool to keep your passwords safe. I’m not that trusting, and you shouldn’t be either.

With most of the tools on Mashable’s list eliminated, I found that some tools don’t actually store your passwords anywhere, and decided this is the way to go. These tools rely on hash algorithms to actually recreate your password each time you need to log in to a particular site. Basically, they take a master password that you create (and only you know), and combine it together mathematically with information about the site you are creating an account for (usually the domain name) to come up with a unique password for that site on the fly. Here’s a picture to explain how this works:





This way, your passwords are not actually stored anywhere, and you only need to remember one, master password that you keep “super secret”. Aside from the obvious advantage of not having to worry about your password file getting into the wrong hands, the other benefit is that it’s a snap to keep multiple computers synchronized, because there’s nothing to really synchronize. You simply use the same hash algorithim and same master password on each computer, and you’re done. The theory is that even if you told someone what site you were logging in to, and what hash algorithm you were using (there are many), they would’t be able to determine your password unless you gave them your “super secret” master password.

There were a couple on the Mashable list that worked this way, but the one I ultimately chose is PasswordMaker (www.passwordmaker.org). This post is getting long, so I’ll dive into more detail about Password Maker later. Besides, the details of doing this are only for truly paranoid nerds. If you’re looking for something your grandparents can use, stick with what IE and Firefox do “out of the box.” It’s simple, and it works pretty well.

Let me know what works for you,

-Adam

I tried and started using Nozbe today, after playing around with it a bit yesterday. So far, I like it enough to pay the $7 for my first month, and give it a go. If it works well, I might have found myself a new ‘Getting Things Done’ (GTD) compatible application.

The first thing I needed to do was get everything out of my “old” system, and into Nozbe. After hunting around for a while, I couldn’t find anything in the application that resembled an import feature. So, I decided to make my own quick and dirty one that leveraged Nozbe’s, very flexible, email inbox. You can email tasks to yourself using a simple, plain text format that lets you specify a bunch of parameters. I copied the list of supported parameters below from the Nozbe blog.

1. Name of your action
2. D – stands for “Date”
3. T – stands for “Time needed”
4. @ – stands for the context
5. P – stands for the project
6. N – is to mark this as my “Next Action”

There was a catch, though. I had to import more than 100 tasks, and typing (even copying/pasting) them into an email one at a time would be very time consuming. Since I love Microsoft Excel, I exported my task list from Outlook, and made myself a quick, Excel template to massage the tasks into the right format.

Here’s my Super-Simple, Nozbe To Do List Converter Template. Basically, you enter your action items in column C, and fill out the other parameters as you wish for each action. The formula in each row crunches everything into a Nozbe compatible format. You just copy column A, paste it into an email, and send it to your Nobe Inbox—pretty simple.

It just saved me a few hours. Let me know if it works for you, too.