Secure browsing on open Wi-Fi hotspots

I frequently connect to insecure Wi-Fi networks on my iOS devices and my Mac. Aside from the risk of eavesdropping and malware when connecting to these hotspots, they frequently block access to services, insert advertisements in web pages, or worse.

To work around these problems, I’ve tried numerous virtual private network (VPN) services. My experience with most of them has been awful. They tend to connect slowly or not at all, and I frequently can’t access anything on the Internet once the VPN connection is made. Many services don’t offer automatic connections, particularly on iOS. The software tends to be clunky and confusing.

Cloak VPN is an exception. I’ve been using Cloak for several months, and it’s been rock solid. It’s also affordable, at $3/mo for 5GB of data transfer or $10 for unlimited transfer. If you don’t want a subscription, Cloak also offers the ability to buy non-renewing, unlimited passes for a week, a month, or a year.

Cloak automatically detects when you’re connecting to insecure Wi-Fi and protects your connection. One account can be used to protect all your computers and iDevices.

Cloak released version 2.0 today for iOS, which is a significant upgrade. You can now identify trusted networks, such as your home or cellular network, and Cloak will stay out of the way when you use those networks. This means you can set it up and pretty much forget about it. (Cloak for Mac already offers this capability.)

Like any VPN, using Cloak can cause issues. Cloaked connections are sometimes misidentified by servers as coming from a “bot” instead of a human. This isn’t Cloak’s fault, but a consequence of well-intentioned but misguided system administrators. Some sites won’t let you connect at all, while others, such as Wells Fargo, may ask an extra question when you sign in.

With a few clicks or taps, you can disable Cloak and connect to problem sites. In practice, I’ve only found one or two websites that were completely blocked while using Cloak. I’ve also had outgoing iMessages get blocked sporadically. In all, the issues have been minor, and far outweighed by the benefits of the service.

Cloak has very responsive customer service and is sometimes able to work around blocks by re-routing traffic for certain websites.

I highly encourage you to learn more about Cloak and get started with a free 30-day trial. You don’t need to hand over a credit card to get stared.

Cloak provides small data kickbacks to users who tout them on Twitter. I don’t spam my followers so that I can get free stuff. I’m posting this because I rely on Cloak, and I think everyone should check it out.

On making good coffee

A couple of years ago, I was inspired to improve my diet. As part of that, I started drinking my coffee black. As someone who formerly drank coffee with lots of artificial sweetener and non-dairy “creamer” or milk, it came as a surprise that the switch was pretty easy. I got used to black coffee in a week or two and haven’t looked back. I’ve since discovered that coffee with any kind of creamer or sweetener has now become completely unpalatable.

Drinking black coffee has also given me an appreciation for good coffee. French presses can make pretty good coffee. A talented barista can make a good Caffè Americano. Most drip machines do not make good coffee. Pod machines suck.

I once bought a high-end Tassimo pod machine for home use based on its technical merits. It’s a fine system on paper; Bar-coded pods have customized brew profiles, automatically controlling variables such as temperature, pressure, pre-infusion time, brew time, and water volume. There’s a flow-through heater that doesn’t require pre-heating. The machine is wonderfully consistent. The coffee sucks, though. The pods are too expensive and the only “flavor” we ever really found acceptable (and only just) has been discontinued. I can’t recall the last time I used the Tassimo machine.

A few months ago, I bought an Aeropress. It looks more like a torture device than a coffee brewer, but it can make an amazing cup of coffee. The 3,000+ 5-star reviews (4.7 average) on Amazon are not wrong. The first cup of coffee I made with my Aeropress was an eye-opener: Not only was it smooth, it was rich. It had astounding depth of flavor and complexity. You’ve seen coffee like this in TV advertising (oh, Pierre!), but this Aeropress coffee is real. One cup from this plastic wonder made me abandon my drip machine. If I had to pick one thing that I don’t like about it, it’s that I can only make a mug or two worth of joe at a time. It’s no good for parties.

Using the Aeropress is easy. You put a small paper filter in the filter cap, screw it onto a plastic cylinder, and place that over a coffee mug. I like to pre-wet the filter. Put in a measured amount of ground coffee (measuring device included), and fill with hot water up to the indicated mark. Stir for 10 seconds. Insert the plunger and press.

A surprising aspect of the Aeropress is that it’s effortless to clean. It mostly cleans itself while you use it. After pressing, remove the filter cap and eject the puck of spent coffee into the trash. A quick rinse and a wipe afterward is all it requires. It’s much easier to clean up than any other coffee machine or French press I’ve had. This aspect alone makes up for any additional effort required up front.

Some tips for successful Aeropressing:

Water temperature matters! Aerobie suggests 175 degrees Fahrenheit, and that’s a good starting point. With the full immersion brewing and pressure at work, traditional brewing temperatures (195-205 F) are usually too hot. Experiment with this variable to find what works best for your particular roast and your own tastes. An instant-read thermometer is essential. I eventually purchased a PID-controlled kettle to save time in the mornings.

Dilute the coffee from the Aeropress with 50-60% hot water. The stuff from the press is strongly concentrated. It’s good; I find it quite enjoyable that way, but if you want something that resembles drip coffee or an Americano, you’ll need to water it down.

Grind matters, but here it matters less than for other types of brewing. You want to shoot for a grind slightly finer than you’d use to make drip coffee. Folks claim you don’t need a great grinder with the Aeropress, and to an extent, that’s true. You’ll get better results with a whirring-blade grinder and an Aeropress than you will with that grinder combined with any other brewing method. A burr grinder is better; The consistency will allow you to control the force required to press the water through the grounds. Ideally, it shouldn’t be difficult to press, and you should be able to press the water through in 20-30 seconds.

If you’re making coffee for two people, press the brew into a measuring cup, then fill with hot water around 14-16 oz, stir, and pour into two mugs.

If you like a bolder cup, consider getting one of the many metal filters available for the Aeropress. I have an Abel Disk-Fine, and I find that it can really improve some coffees.

Use Dropbox to host public files on your own domain name

I’ve been using a Dropbox public folder and some Apache trickery to share files directly from Dropbox on my own domain at pub.noxon.cc. Dropbox is drag-and-drop file sharing at its finest, and by sharing my files on pub.noxon.cc instead of on dl.dropboxusercontent.com, my files are accessible to corporate folks who would otherwise find themselves blocked by an over-zealous web filter. Last but not least, if one of my files becomes too popular, Dropbox won’t shut down my account.

product logos

Dropbox doesn’t offer a custom hosting service, so I had to build it. I already have an Apache server, so I created a new virtual host and added some reverse proxy magic. I set up my virtual host as the origin server for the Amazon CloudFront content distribution network, ensuring a minimal load on my own server and the ability to handle virtually unlimited amounts of traffic.

Here’s a recipe for Apache 2.2, mod_proxy, and mod_rewrite:

DirectoryIndex disabled

ProxyRequests off

RewriteEngine on
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-d
RewriteRule ^/(.*) http://dl.dropboxusercontent.com/u/xxxxxx/$1 [P,L]
ProxyPassReverse / http://dl.dropboxusercontent.com/u/xxxxxx/

Header unset cache-control
Header unset Pragma
Header merge cache-control max-age=3600
Header merge cache-control must-revalidate
RequestHeader set User-Agent Mozilla

The cache-control settings dictate that CloudFront should cache my content for an hour (3600 seconds). CloudFront currently ignores the specified max-age for 404 results, instead preferring to cache them for about 10 minutes. I’d prefer a shorter lifetime for failed requests, but that’s not easy with Apache 2.2; With 2.4, it’s do-able.

The requesting User-Agent override is necessary because Dropbox blocks requests from the Amazon CloudFront User-Agent.

Using mod_rewrite makes it possible to host overlapping content outside of Dropbox. If it exists on the server, it gets served locally; If it’s missing, Apache tries to fetch it from Dropbox. I locally host the favicon, robots.txt, a 404 handler, and a couple of other things.

If you want to use your own 404 handler, you’ll need this:

ProxyErrorOverride On
ErrorDocument 404 /path/to/404.html

Before you deploy something like this, carefully consider the security implications and make the necessary adjustments. Do you want PHP code in a Dropbox folder running on your server?

Dropbox public folders are not available to users who signed up for Dropbox after July 31, 2012.

Google Hangouts for iOS: Google Talk gets pushy

Since switching from Android to iOS, I’ve been looking for an instant messaging client that works well with Google Talk. Push notifications are essential for the “instant” part of instant messaging.

Unfortunately, most iOS Talk apps only have push capability until the application times out in the background (10 minutes); One client, Verbs IM Pro (App Store link), has server-based push notifications, but it times out after a week, and has some bugs and reliability issues. The developer hasn’t updated it for six months.

Google now offers a Hangouts app for iOS (App Store link), and it works very well. Most importantly, it has server-based push notifications that don’t time out. I’ve tested it by killing the app in the system tray. It’s really nice to have a way to keep in touch with friends without using SMS or iMessage, and it works well in conjunction with the built-in chat in Gmail and Google+.

If you want to use the new Hangouts app with a Google Apps account, your administrator will have to enable it for your domain first. Here’s the Google support article. Eventually, Google Talk will go away, so this is an early opt-in.

It’s unfortunate that Google ditched the standards-based XMPP protocol used by Talk. I’m not sure what this means for the future of third-party IM clients. If iMessage is anything to go by, there may never be any.