Attention and Distraction

I was asked to speak in church a few months ago and spoke on the topic of attention and distraction. Here’s the outline of my talk, delivered Aug 28, 2011 in Boulder, CO. By the way, I consider this a very positive topic — the opportunity to direct our attention and feel more peace and flow — not a negative topic about simply avoiding the “perils” of distraction.

Define attention: “your treasure”

You have a limited amount of time. You have even less attention because attention is the subset of your time during which you’re awake, alert, and have energy. Therefore, attention is more valuable than time. How you spend your attention constitutes what is important to you.

“For where your treasure is, there will your heart be also” (3 Ne 13:21)

  • Where does your attention go?
  • Which people get your attention?
  • Which projects and causes and acts of service get your attention?

(The week after I presented this talk, Jason Fried wrote a great post on this concept: “Your Attention Please”.)

Technology can be a source of distraction

NYT Article: “Keep Your Thumbs Still When I’m Talking to You”

  • Story of people at dinner at tech conference.
  • Putting away your phone was like holding your breath.
  • Once one person caved to distraction, all caved.
  • “Mutually assured distraction”

WSJ Article: “When Twittering Gets in the Way of Real Life”

  • “Sometimes, it’s like you’re here and you’re not here,” Joe said to me. “Your mind and soul are in cyberspace, and all we’re left with is the husk.”
  • “Sometimes, I mindlessly find myself logging on to Facebook and staring at photos I have posted of my children when I just as easily could be staring at the real thing. I’m not proud to admit that.”
  • “It’s incumbent upon me to find a way to consume less — and, more importantly, let it consume less of me.”

What we consume consumes us.

David A. Bednar: “Things As They Really Are”

“Please be careful of becoming so immersed and engrossed in pixels, texting, ear buds, twittering, online social networking, and potentially addictive uses of media and the Internet that you fail to recognize the importance of your physical body and miss the richness of person-to-person communication. Beware of digital displays and data in many forms of computer-mediated interaction that can displace the full range of physical capacity and experience.”

We’re here on earth to have a mortal experience with a body, with presence, with real people.

Distraction is the enemy of attention

  • “I am persuaded that two of the greatest sins of our busy and hectic generation are distraction and preoccupation.” (David A. Bednar)
  • “We need to frustrate…distraction by identifying what is critically important in our lives. We must give the cream of our effort to accomplish those things. Where there is limited time or resources, this pattern may require that some good activities be…set aside.” (Richard G. Scott)
  • “Does the use of various technologies and media invite or impede the constant companionship of the Holy Ghost in your life?” (David A. Bednar)
  • “Each of us should be careful that the current flood of information does not occupy our time so completely that we cannot focus on and hear and heed the still, small voice that is available to guide each of us with our own challenges today.” (Dallin H. Oaks)

When we allow some moments of our life to be quiet, peaceful moments, God can speak to our hearts through the Holy Spirit. My prayers are best when I take more time to listen in between what I say. I sometimes feel prompted to pray for something I hadn’t previously considered. We might pray for A, B, C. God may actually want to give us B, C, D, E, F, G, H. If we don’t listen, we may miss those extra things He wants to give.

Dallin H. Oaks: Focus and Priorities

We have thousands of times more available information than Thomas Jefferson or Abraham Lincoln. Yet which of us would think ourselves a thousand times more educated or more serviceable to our fellowmen than they? The sublime quality of what these two men gave to us–including the Declaration of Independence and the Gettysburg Address–was not attributable to their great resources of information, for their libraries were comparatively small by our standards. Theirs was the wise and inspired use of a limited amount of information.

The truck story, ibid.:

Two men formed a partnership. They built a small shed beside a busy road. They obtained a truck and drove it to a farmer’s field, where they purchased a truckload of melons for a dollar a melon. They drove the loaded truck to their shed by the road, where they sold their melons for a dollar a melon. They drove back to the farmer’s field and bought another truckload of melons for a dollar a melon. Transporting them to the roadside, they again sold them for a dollar a melon. As they drove back toward the farmer’s field to get another load, one partner said to the other, “We’re not making much money on this business, are we?” “No, we’re not,” his partner replied. “Do you think we need a bigger truck?”

We don’t need a bigger truckload of information, either. Like the two partners in my story, our biggest need is a clearer focus on how we should value and use what we already have.

Because of modern technology, the contents of huge libraries and other data resources are at the fingertips of many of us. Some choose to spend countless hours in unfocused surfing the Internet, watching trivial television, or scanning other avalanches of information. But to what purpose? Those who engage in such activities are like the two partners in my story, hurrying to and fro, hauling more and more but failing to grasp the essential truth that we cannot make a profit from our efforts until we understand the true value of what is already within our grasp.

How to Password Protect Redmine with Apache, mod_perl, and Redmine.pm

Today I needed to password-protect a Redmine installation. I’ve typically used mod_auth_mysql for similar projects, but Redmine uses a salted password format that’s incompatible with mod_auth_mysql. So, I turned to Apache/Perl authentication, a first for me (I rarely touch Perl) and was able to make it work.

  1. Install mod_perl, and the DBI, MySQL, and Digest (SHA1) Perl modules.
    $ apt-get install libapache-dbi-perl libapache2-mod-perl2 libdbd-mysql-perl libdigest-sha1-perl
    
  2. Copy Redmine.pm to the appropriate Perl location.
    $ cd /path/to/redmine
    $ mkdir -p /usr/lib/perl5/Apache/Authn
    $ cp extra/svn/Redmine.pm /usr/lib/perl5/Apache/Authn/
    
  3. Perhaps I’m not using Redmine’s projects/members/permissions correctly, but I had to patch Redmine.pm to get it to work for me. I greatly simplified the SQL statement used to authenticate a user. There’s no sense of permissions; it’s simply a yes/no for authenticated users.
    --- Redmine.pm	2011-11-12 17:33:10.000000000 -0700
    +++ Redmine.richardkmiller.pm	2011-11-12 17:37:26.000000000 -0700
    @@ -148,16 +148,11 @@
       my ($self, $parms, $arg) = @_;
       $self->{RedmineDSN} = $arg;
       my $query = "SELECT 
    -                 hashed_password, salt, auth_source_id, permissions
    -              FROM members, projects, users, roles, member_roles
    +                 hashed_password, salt
    +              FROM users
                   WHERE 
    -                projects.id=members.project_id
    -                AND member_roles.member_id=members.id
    -                AND users.id=members.user_id 
    -                AND roles.id=member_roles.role_id
    -                AND users.status=1 
    -                AND login=? 
    -                AND identifier=? ";
    +                    users.status=1 
    +                AND login=?";
       $self->{RedmineQuery} = trim($query);
     }
     
    @@ -336,11 +331,12 @@
       }
       my $query = $cfg->{RedmineQuery};
       my $sth = $dbh->prepare($query);
    -  $sth->execute($redmine_user, $project_id);
    +  $sth->execute($redmine_user);
     
       my $ret;
    -  while (my ($hashed_password, $salt, $auth_source_id, $permissions) = $sth->fetchrow_array) {
    -
    +  while (my ($hashed_password, $salt) = $sth->fetchrow_array) {
    +      my $permissions = ":commit_access";
    +      my $auth_source_id = 0;
           unless ($auth_source_id) {
     	  			my $method = $r->method;
               my $salted_password = Digest::SHA1::sha1_hex($salt.$pass_digest);
    
  4. Configure and restart Apache.
    <virtualhost *:80>
        ServerName example.com
        DocumentRoot "/var/www/sites/example.com/public"
        RailsEnv production
    
        PerlLoadModule Apache::Authn::Redmine
    
        <directory "/var/www/sites/example.com/public">
            AuthType basic
            AuthName "Private Area"
            Require valid-user
            PerlAccessHandler Apache::Authn::Redmine::access_handler
            PerlAuthenHandler Apache::Authn::Redmine::authen_handler
            RedmineDSN "DBI:mysql:database=my_database;host=localhost"
            RedmineDbUser my_db_user
            RedmineDbPass my_db_password
        </directory>
    </virtualhost>
    

By the way, I’m running Ubuntu 11.10 (oneiric), Apache 2.2, MySQL 5.1, and Redmine 1.2.2.

Capitalism is pro-markets; corporatism is pro-business

I can empathize with the Occupy Wall Street protestors, but my perception is that many of them misunderstand the cause of their pain. They naively blame capitalism; they should blame corporatism.

Corporatism is the alliance of government and business. It happens on the left (think Solyndra), and on the right (think military-industrial complex), in the Federal government (think bipartisan bailout of GM) and in local government (think Utah naming April 5, 2010 “Cafe Rio day”.)

Corporatism is pro-business. Specific businesses get government subsidies, above-market-rate contracts, or special recognition.

Capitalism is pro-market. The consumer decides whether to favor GM or Ford; Cafe Rio, Costa Vida, Bajio, or Chipotle.

I loved Phil Windley’s post today on how Occupy Wall Street and the Tea Party, though they seem like polar opposites, actually share a disdain of corporatism and ought to work together to fight it.

Image source: James Sinclair

Script to enable/disable SOCKS proxy on Mac OS X

I’m working in a coffee shop today. I used SSH and SOCKS to browse the Internet securely, but today I decided to take it a step further and automate the process with a shell script. Here’s the script, for what it’s worth:

#!/bin/bash
disable_proxy()
{
        networksetup -setsocksfirewallproxystate Wi-Fi off
        networksetup -setsocksfirewallproxystate Ethernet off
        echo "SOCKS proxy disabled."
}
trap disable_proxy INT

networksetup -setsocksfirewallproxy Wi-Fi 127.0.0.1 9999
networksetup -setsocksfirewallproxy Ethernet 127.0.0.1 9999
networksetup -setsocksfirewallproxystate Wi-Fi on
networksetup -setsocksfirewallproxystate Ethernet on
echo "SOCKS proxy enabled."
echo "Tunneling..."
ssh -ND 9999 MYHOST.macminicolo.net

Instructions:

  1. Save this to a file. I saved it to “/Users/richard/bin/ssh_tunnel”.
  2. Make it executable and run it.
    $ chmod a+x /Users/richard/bin/ssh_tunnel
    $ /Users/richard/bin/ssh_tunnel
    
  3. It creates an SSH tunnel to my dedicated server at macminicolo.net and routes Internet traffic through that server.
  4. Hit Control-C to quit. The proxy is disabled. No need to fiddle with Network Preferences manually.

UPDATE March 18, 2011: I haven’t tried it, but Sidestep appears to be a free Mac OS X app that will enable SSH tunneling automatically when you connect to an insecure network.

Script to enable/disable DMZ on Linksys and Verizon routers

Your home Internet router gives you some protection against direct attacks on your computer by keeping your home network safely encapsulated. Each of your home computers can access the Internet (this is called NAT), but no outsider can access your computers directly. Outsiders only see the router. However, sometimes you want your computer to be “fully” online. Enter the “DMZ” feature of your router. Your router’s DMZ allows one of your computers to be fully exposed to the Internet (for better or worse).

Reasons to enable your DMZ:

  • Access your files while away from home.
  • Serve web pages from your computer.
  • Make BitTorrent transfers faster. BitTorrent transfers are usually faster when your computer is directly exposed to the Internet.

For my work at FamilyLink.com, I develop directly on my local machine. While working on our Facebook application, I need to allow Facebook servers to directly access my machine. (When you use a Facebook app, you’re accessing Facebook’s servers and Facebook servers are, in turn, accessing the developer’s server via a callback URL. While working on our Facebook app, Facebook directly accesses my local machine.) This requires me to open my machine to the DMZ.

Reasons not to enable your DMZ:

  • Your computer is more likely to be hacked
  • Your private data is more likely to be accessed

If you enable your DMZ, know which services are enabled on your machine and which files and data are being shared. There may be files you’re comfortable sharing on your local network that you wouldn’t want to share with the world. Only enable the DMZ as long as necessary.

Enabling the DMZ can be a pain — logging into your router and navigating to the correct setting — so I wrote the following Ruby scripts to make it easy. The first worked with the Linksys router I had. (I believe it was a WRT54G.) To use, fill in your router’s IP address and password, and your computer’s hardware address, then type “linksys_dmz.rb on” or “linksys_dmz.rb off” at the command-line. The script looks up your computer’s hardware address in the table of local IP addresses so the IP address can safely change from time to time.

#!/usr/bin/env ruby
# linksys_dmz.rb

router = '10.1.1.1'
user = 'admin'
pass = 'your_password'
hardware_address = '00:23:6C:00:00:00'

leases = `curl -su #{user}:#{pass} http://#{router}/DHCPTable.asp`
leases.scan(%r{'([^']+)', hardware_address}) do |m|
  ip_address = m[0].strip.to_s
  last_digit = ip_address.split('.').last
  if $*[0] == 'open' || $*[0] == 'on'
    post_values = "submit_button=DMZ&change_action=&action=Apply&dmz_enable=1&dmz_ipaddr=#{last_digit}"
    print "Opening DMZ to #{ip_address}\n\n"
  else
    post_values = "submit_button=DMZ&change_action=&action=Apply&dmz_enable=0"
    print "Closing DMZ\n\n"
  end
  `curl -su #{user}:#{pass} -e http://#{router}/DMZ.asp -d '#{post_values}' http://#{router}/apply.cgi`
end

Last year I switched to Verizon FIOS, which came with its own wireless router, so I had to write a new script. Again, fill in the password, then type “verizon_dmz.rb on” or “verizon_dmz.rb off” in Terminal. (This script assumes a 10.1.1.* network. Change it to 192.168.1.* if that’s what you have.)

As a side note, the Verizon router was a bit of beast to automate. It uses a hashed signature to try to enforce JavaScript-enabled browsers. Writing this script required using TamperData, Charles Proxy, and a lot of trial and error to discover which POST data were necessary.

I use this script to open the DMZ before working on our Facebook app, then I close it when I’m done for the day. Eventually, it’d be nice to find a way to enable the DMZ remotely — maybe via email or something.

#!/usr/bin/env ruby
# verizon_dmz.rb

require 'rubygems'
require 'mechanize'
require 'digest/md5'

user = 'admin'
pass = 'your_password'

localhost = `ifconfig`.scan(/inet (\d+\.\d+\.\d+\.\d+).*broadcast 10.1.1.255/).join
router    = localhost.gsub(/\d+$/,'1')

begin
    agent = Mechanize.new
    page = agent.get("http://#{router}:81")
rescue Exception
    abort "Unable to connect to Verizon Router! Check the IP address."
end

form = page.forms[0]
auth_key = form.fields.find {|f| f.name == 'auth_key'}.value
form.fields.find {|f| f.name == 'user_name'}.value = user
form.fields.find {|f| f.name == 'md5_pass'}.value = Digest::MD5.hexdigest(pass + auth_key)
form.fields.find {|f| f.name == 'mimic_button_field'}.value = 'submit_button_login_submit%3A+..'
form.method = "POST"
form.submit

post = {
    'dmz_host_cb_watermark' => '1',
    'dmz_host_ip0' => localhost.split('.')[0],
    'dmz_host_ip1' => localhost.split('.')[1],
    'dmz_host_ip2' => localhost.split('.')[2],
    'dmz_host_ip3' => localhost.split('.')[3],
    'active_page'  => '9013',
    'mimic_button_field' => 'submit_button_login_submit%3A+..',
}

if $*[0] == 'open' || $*[0] == 'on'
   post['dmz_host_cb'] = '1'
   puts "Opening DMZ to #{localhost}"
else
    puts "Closing DMZ"
end

agent.post('/index.cgi', post)

FamilyLink.com + Kynetx: How websites could be better with your family

I’ve been playing around with Kynetx.com technology. I think it has a lot of cool potential for helping FamilyLink.com users see who their relatives are across multiple websites.

For example,

  • What if you could see your FamilyLink.com relatives directly in Facebook?
  • If you knew which LinkedIn users were your relatives, would you be more likely to do business?
  • If you knew which Twitter users were your relatives, would you be more likely to follow them?
  • If you discovered that a comment on a political news story with which you strongly disagreed was from a relative, would you be more careful how you responded?

Here’s a demo video:

Reminiscing about Provo411.com and Scraping the Course Catalog

One of my first web development projects and biz partnerships with Brian Stucki was Provo411.com. We were roommates at BYU and conceived of a website where students could share events — parties, concerts, football games, etc. We were already in our beds for the night when the idea came, but we couldn’t go to sleep before buying the domain. I think it was the first domain I ever bought. It was September 2002.

I developed a calendar in PHP and wrote a few scripts to scrape byucougars.com and retrieve the sports schedules. I also developed a WML app so Brian and I could add events to the calendar from our pre-iPhone mobile phones. I recall being at a party in south Provo, in a former dental office, and using my Nextel phone to add the party to Provo411. If you go back far enough, you can see events on the calendar. My brother Alan did the artwork.

I always wanted Provo411.com to have a course schedule alert system. Perhaps students would pay $3 to receive an email or SMS alert when hard-to-get classes had an opening. It shouldn’t have been hard technically, but the publicly available course catalog isn’t updated in real-time. I could have scraped the authenticated course catalog on Route Y, but BYU might have objected and it’d be a fragile business model.

My brother Michael recently came home from his mission and started school at CSN. The business classes he wanted were full, so I put the old “course schedule alert” idea to the test with some new tools — Ruby and Mac OS X’s speech. Here’s what I came up with:

#!/usr/bin/env ruby

# a list of course call numbers to check
call_numbers = %w{ 46405 46407 46409 46411 46415 46413 53252 53254 53256 53258 53260 53262 53268 53270 53272 53274 46423 46435 53276 46443 }

# auth_token obtained via Firefox+TamperData while my brother logged into CSN
auth_token = "123456789012345"

say "Checking"

call_numbers.uniq.sort.each do |call_number|
    c = `curl -si -d CONVTOKEN=#{auth_token} -d AUDITT=N -d CALLT=#{call_number} -d CONTINUE=Continue "https://bighorn.nevada.edu/sis_csn/XSMBWEBM/SIVRE04.STR"`
    print "Call number #{call_number}: "
    if (c =~ /<p class="p5">([^< &#93;+)<br\/>/m)
        if $1.strip.empty?
            puts "May have openings\n"
            3.times {say "Michael, class number #{call_number} may be open!"}
        else
            puts "#{$1.strip}\n"
        end
    else
        puts "could not find message"
        say "Help. I cannot access the C S N website."
        return
    end
    sleep 5
end

# Ouput an audible message via Mac OS X's speech function
def say(message)
    `say "#{message}"`
end

We set this to run every 15 minutes on the living room iMac, and we turned up the volume. Every 15 minutes we could hear “Checking” from the computer. A few hours later we heard the script announce that a class had opened up. Michael, I’m still waiting for my $3.

Can pornography be made unpopular?

My friend Cam has started a cause called Fight the New Drug (FTND). That “New Drug” is pornography, and their approach parallels the fight against tobacco.

This is about changing the messaging. For example, if smoking is a way to rebel against authority, then parents and medical experts saying Don’t smoke! only reinforces the rebellion. But if smoking is succumbing to executives at Big Tobacco, then smoking isn’t a form of rebellion at all, it’s a form of conformity. What rebellious kid wants to conform to Big Tobacco executives? That’s the message of The Truth campaign.

Become a Fighter - Fight the New Drug
Fight the New Drug

Imagine a similar change of messaging around pornography: Pornography isn’t glamorous, it isn’t sexy. Love and romance without pornography is glamorous and sexy. By making the negative externalities of pornography more visible, it would become less appealing. While organizations like CP80 and Lighted Candle Society fight the supply-side of pornography, FTND fights the demand-side.

I’m very excited about this approach.

Mary Eberstadt at Stanford’s Hoover Institution calls pornography the “new tobacco” and said:

Yesterday, smoking was considered unremarkable in a moral sense, whereas pornography was widely considered disgusting and wrong — including even by people who consumed it. Today, as a general rule, just the reverse is true. Now it is pornography that is widely (though not universally) said to be value-free, whereas smoking is widely considered disgusting and wrong — including even by many smokers.

Can we change minds again?

Columnist Kathryn Jean Lopez said:

…I’ve been flashing back to something Traci Lords once said: “I have to thank Ed Meese for saving my life.” At 18, her career as a porn star ended in a federal raid. How many Tracis are on a computer near you today? And who else is porn harming? It’s a question that our society — which in its rhetoric and culture says it cares about women and children and lives and love — needs to grapple with. If Eberstadt’s comparison is right, the time [is] coming. The shrugs will cease. Yet I hope the turnaround comes, not because the government has made porn highly inconvenient, but because we have decided we want something better. (Smoking Is Out, Porn Is In.)

Seth Godin said you can’t fight an ideavirus (“pornography is okay”) by “challenging the medium in which it spreads.” Instead, you must counter “one ideavirus with another one.”

You don’t counter racism by making the act of uttering racist statements against the law. You do it by spreading an idea (racism is hateful, wrong and stupid) that keeps the racist from expressing his ideas because all his friends will shun him if he does. (“Thinking about this war”.)

Here is some of the FTND messaging, paraphrased:

1. Educate people about the negative effects of pornography and let them choose their pornography involvement for themselves. We do not contest the legality to produce pornographic material.

2. Just because it’s legal to smoke cigarettes, doesn’t mean it’s healthy. Similarly, porn can have devastating effects on you and your loved ones.

3. Although pornography consumption can lead to powerful addictive behaviors, we don’t contest people’s right to view it.

4. People need to be educated about the negative effects of pornography on individuals, families and businesses.

5. We fight against the demand for pornography. Through education, we believe people will no longer want to use porn and those with addictive behavior will seek help from professionals.

6. People addicted to porn often feel they have no options. We’re letting people know that they have a choice.

7. We want to infuse more sexiness into the world. Two committed people together — that is sexy. A lonely, addicted person sitting in front of a computer is not sexy.

Please make a $10 donation to FTND to become a “fighter”. Ten dollars from 1,000 people is better than $10,000 from 1 person. The money will be used to develop messaging campaigns to fight the demand for pornography. This will be a grass-roots movement to make pornography unpopular.

I’ve put in my $10 and I’m hoping many, many more friends will as well.

iPhone tip: Use a Silent Ringtone to Screen Calls in Your Sleep

Have you ever wished your iPhone would ring only when certain people call? Here’s how to do it:

  1. Download the “Silence” ringtone here: silence.m4r
  2. Copy this file into the Ringtones section of your iTunes. (Click to enlarge.)

    adding_ringtone_to_itunes
  3. Sync your iPhone with iTunes to load the ringtone.
  4. On your iPhone, change your ringtone to “Silence” (under Settings -> Sounds -> Ringtone). You’ll no longer hear your phone calls.

    2_iphone_silence_ringtone
  5. For each person whose calls you still want to hear, change his or her Custom Ringtone to something audible: Click the name in your contact list, choose Ringtone, then choose something besides Default

    3_iphone_important_caller 4_iphone_audible_ringtone

Now you can screen calls in your sleep. Because Sunday afternoons are for napping.