César

We live in a world full of options. Our choices have hugely increased since the beginning of the 21st century. With the Internet, smartphones, eCommerce, and virtual assistants becoming ubiquitous in the Western world, we can get and do whatever we want to, whenever we want to.

Because of this, I sometimes get overwhelmed by decision fatigue:

the deteriorating quality of decisions made by an individual after a long session of decision making

Every time you have the intention to do or buy something, you're met with dozens of options to achieve your goal. A great example is this blog. I could have used so, many, blogging, platforms! In the last two hours, I was even debating if I should move to another platform before this blog gets too serious. And I forgot about the important part: writing.

I love you, capitalism, but this is not fun.

This happens all the time. To me, and to most people too. And I haven't fully figured out how to tackle this, but here is some advice that helps me fight it.

Artificially restrict your options

Set ground rules you never break, so you stop considering certain options as feasible. Here are some pretty arbitrary but helpful rules that help me reduce my options:

  • Only buy black, white or grey clothing
  • Always buy clothes from the same companies
  • Never buy the latest iPhone

Establish principles

You might not want to completely cut off certain categories, products or services from your options. In that case, it's a good idea to establish some guiding principles that you try to look for whenever you're making a new purchase or decision

Here are some of the principles I guide my decisions with:

  • Veganism: everything I buy must be free of animal products. This is an ethical choice but also a principle which helps me guide my purchases.
  • Sustainability: I like supporting sustainable products (food, clothing, etc) but also sustainable software where possible.
  • Minimalism: I try to buy things that are simple but work well, and I try to buy one object or service that works really well rather than many that work okay.
  • Open source: when looking for new software to use, I try to look for open source alternatives (e.g. LibreOffice, Open Xchange, Standard Notes, Bitwarden, Joplin).
  • Privacy: I don't support companies that have shady privacy policies, that retain your data indefinitely or use it for purposes other than providing their core service. I prefer services which allow you to delete your accounts, don't share your data with third parties and (ideally) encrypt your information.

Some examples of how I apply these in real life:

Standard Notes over Evernote

Standard Notes is open source and end-to-end encrypted. You can delete all your data and your account whenever you want. Evernote, on the other hand, only “closes” your account, and if you don't delete all your notes before closing your account, they are kept and analysed forever.

Bitwarden over all other password managers

There are literally so many password managers out there that it can be impossible to choose. Bitwarden is the only open source one with all the features I need. So that was easy.

Come to terms with not having the best

You don't actually need much. You can live a fulfilled life with very little. Not every tool you use or activity you perform needs to be the best. It's okay to have an okay phone. It's okay to have an okay laptop. At some point you just need to choose something rather than nothing and be okay with missing out on the rest.

I posted about the EasyJet data breach yesterday, but realised I didn't provide comprehensive advice regarding what actions to take to safeguard your online identity if you've been involved in the breach.

There are a few threats you can be exposed to following a data breach like EasyJet's. I outline some of these below along with the protective measures you can take.

Leaked login details

If your email and password for an account were leaked, cybercriminals will attempt to use this combination on other online services.

Actions

  • Reset the password on all of your online accounts to unique, random ones. Use a password manager to keep track of all of your login credentials.
  • I have a blog post about passwords which can help you get started.

Social engineering

When personal information (like your full name, email, phone number, location, identification numbers, etc) is leaked online, it becomes easier for someone to figure out details about you which grant them access to your accounts.

This is why “security questions” are no longer a secure way of protecting your account if you forget your password. Most modern and big companies don't support this method anymore. After all, how hard is it to guess your mother's maiden name or your city of birth?

Actions

  • Change all of your security questions to random words. You can store them in the password manager you set up in the previous section.
  • Delete old online accounts you don't use anymore. Make sure the data is completely deleted from their systems.
  • Remove personal information like passport numbers, addresses, etc from websites which don't strictly require them. If you can't remove them, enter fake details.

Phishing

Your email address is usually leaked along with your personal information. This means you'll probably receive very convincing emails (with your personal information, which is now available publicly) from people pretending to be your bank, Facebook, and so on. They'll try to get you to give them even more personal information like passwords and card details.

Actions

  • If the breached company's website allows it, you should change your email address. That way, if you receive an email that seems like it came from the company, but is addressed to your old email, you can probably assume it's a scam.

  • If you want to be proactive, the best way to isolate your accounts is to have a different email for every account. You can use a service like AnonAddy and store the unique email in your password manager. This takes much more work so it's completely optional.

I just received the email.

I'm one of the 9 million EasyJet customers who's had their data leaked. I didn't think this would happen to me.

I'm very aware it could happen to me, mind you. That's why I practice good online security: I have good password habits, I check websites I sign up to to make sure they're not dangerous, I give minimal personal information online and I regularly delete old accounts I don't use anymore. I just never thought it would actually happen to me.

Thinking about it, it's no surprise.

The reason I care so much about online security is because data breaches happen all, the, time. Just look at the list of breached websites at Have I Been Pwned. These are services we use regularly. Some of them are massive companies which should know better and have the resources to secure their systems. Others did everything possible, but mistakes were made and data got leaked.

So, EasyJet is just one more to add to the list. And even though it bothers me that my data was breached, I know I've done all I could to protect my information online. My email and password combination for EasyJet is unique, so it won't work to log into any other online account I have. Unfortunately, my location, full name and personal email are now available publicly online, and I expect some phishing emails to come my way, but I'm prepared for that.

But EasyJet didn't do everything they could to protect our information. They limit their passwords to 20 characters, and they disallow some special characters, which reduces the possible password combinations which makes them easier to brute force. This is a small example, but suggests that account security comes as an afterthought, and that they're not following the latest website security advice. What a shame.

Let's take this as an opportunity to reflect and be proactive about online security. At a personal level, make sure you use unique, random passwords for all of your accounts, and disclose personal information online only when absolutely necessary. But more importantly, at an institutional level, let's hold these companies accountable for not implementing state of the art security.

EasyJet isn't only a low budget airline company. It's an online company. Once you decide to build a website for your business, that's what you become. EasyJet is responsible for excelling at both travel and website development. They owe that to their customers. They, and others, have no excuse to use outdated, insecure software and practices.

With great data comes great responsibility.

#privacy #security

Have you ever completely turned off your smartphone's notifications?

It's liberating. You're not interrupted and the only time you check your phone is when you intentionally reach for it. It feels weird at first, and you might be tempted to reach for your phone every few minutes in case you've “missed” something, but you get used to it and the end result is a good deal of calmness.

I have almost no apps on my phone except for the essentials. In fact, I currently only have exactly 24 apps on my iPhone, including the ones that come with the device, some of which I can't remove.

That already reduces the amount of notifications I would get were I to enable notifications on all of these apps. But I like to be radical sometimes, so I disable them all except for:

  • Phone (banners, sounds)
  • Calendar (banners, sounds)
  • Signal (banners)
  • Whatsapp (banners, except for groups)

As you can see, I've only enabled notifications for the basic services a phone should provide. I need to make and receive calls, texts and be reminded of important events. Everything else can wait.

A side effect of this is that I know that if I get a notification, it must be important and I should attend to it. That is the ultimate goal with your notifications: to separate distractions from critical information. Distractions are nice and important to include in your life, but they're not urgent, so you don't need to know about them as they occur.

Notifications are the tip of the iceberg regarding optimising your phone for focus, productivity and health. If you'd like a much more detailed guide, read How to Configure Your iPhone to Work for You, Not Against You.

Enjoy!

Following on from my previous post, I thought I'd write about how minimalism can be applied to developing good software.

This is a good question to ask yourself before building a new system of feature:

What is the least amount of code I can write to achieve my aim?

Not in a lazy way, but in a smart way. How elegant, simple and performant can your code be? Do you really need all of those extra lines of code just to add a 1% increase in functionality?

Here are a couple of concepts to follow for software engineering minimalism.

DRY

Don't Repeat Yourself. If I need to write the same code block two or three times, I usually move it into a function and call it everywhere I need. Simpler to test, maintain and debug. Similarly, if you have a function that already does 90% of what you need, reuse it! You can pass optional parameters to that function and check for them to achieve the remaining 10% of functionality, while keeping other calls to that function the same.

YAGNI

You Aren't Gonna Need It. Focus on the core feature, and don't build things you think you might need in the future. Even if you're certain you'll need them, kick the can down the road. You don't need them right now.

For example, when I was developing a URL shortening service, I almost went down the rabbit hole of implementing an email verification and password reset flow. What for!? People need to shorten URLs. Focus on mastering that first, then build other things. You'll get to an MVP faster that way.

3rd party libraries

A double-edged sword. Well-tested and reputable libraries can hugely reduce the number of lines of code you need to write, because other people have done that for you (and perhaps better than you, too!). That means we can focus on the custom parts of our system and not worry about reinventing the wheel.

But, don't go crazy on the libraries. Don't use really dodgy or badly tested ones. Also, if a library adds a lot of unnecessary features you don't need, maybe you're better off re-writing the small piece you need.

I've been learning NodeJS recently. As a way to do this, I developed a URL shortening REST API. Give it a long URL, and it will return a short code that can be shared instead.

Building the backend logic was super fun, fast and seamless. I learnt a lot too. However, a few weeks ago I decided I wanted to add a frontend so I could self-host this service and start using it. I thought I could make a Spanish-friendly version of TinyURL or Bitly, so it's easier to pronounce and say out loud.

This is where things got complicated. So many decisions! Should I go for a microservice architecture, and separate the backend API from the frontend app? Should I use React, or just jQuery? Should I server-side render or let the frontend take care of that? What CSS library should I use? Maybe Bootstrap, but maybe Tailwind.

Eventually I gave up. Looking back I think it was partly because of decision fatigue, but more so because I was complicating the system more than I had to. In fact, I was thinking of everything except the core feature: given a long URL, return a short URL.

So faithful to KISS (not the band), I decided to go back to basics. I used the views feature of ExpressJS (NodeJS micro web framework), and server-side rendered everything. I went for barely any CSS, and didn't even add frontend JavaScript.

The resulting application has two pages: the homepage, where you can shorten your URLs, and a summary page of the URL you've created.

I feel liberated. I was able to ship something and get an MVP out in a day. I was able to do this because I was ruthless in deciding what would make it into the basic, first release.

This got me thinking about something: functionality is more valuable than looks.

Think about high-traffic websites that people use every day because they provide something useful. Two examples that come to mind are previously mentioned TinyURL, and the old version of reddit.

These websites are UGLY.

But they provide a great amount of value to their users, so looks don't matter too much.

I'm going to try to keep this in mind when developing applications as a hobby but also professionally. Focus on the basics. Chances are they're enough to provide value.

Disclaimer: as a full-stack engineer with a backend skew, maybe I would have a slightly different opinion if I could develop beautiful frontends at speed ;)

In order to slow the spread of the Coronavirus while easing the restrictions on our freedom, we're probably going to need a “contact tracing” technology of some sort.

Governments across the world currently propose building an app on your phone that informs the health services who you've been in contact with.

But the people I've spoken to, not necessarily privacy-aware individuals, all seem skeptical about giving out your location history and contacts to a government entity.

Luckily, there is a way to both perform contact tracing and protect our privacy. Technology to the rescue!

This comic by Nicky Case perfectly explains how this can be achieved:

Contact Tracing Comic

Two protocols have already been developed to achieve private contact tracing: Temporary Contact Numbers and Decentralized Privacy-Preserving Proximity Tracing.

We should push for one of these to become the standard protocol for contact tracing technologies developed worldwide.

Our governments don't need to know our location or even who we were in contact with to keep us safe from COVID-19.

I often listen to a single song on repeat for hours on end while coding or trying to do “deep work”. I thought that was just me being weird. It turns out it's actually good for focus.

People who do this too include Tim Feriss and Ryan Holiday. There's even a book about how listening to music on repeat affects your brain.

Next time you need to focus, pick a song, preferably an instrumental-heavy one, and listen to it on repeat. I've made a Spotify playlist with some of my favourites. Beware though, it's mainly Daft Punk.

We spend most of our time outside of work consuming content, not producing it. We consume movies, social media feeds, songs, etc.

It's rare that we spend time creating. I think this is partly because, after a productive day at work, where one usually produces some sort of content, we just want to zone out, relax, and do the opposite.

But associating creativity with work and consumption with leisure is misguided. One can get so much satisfaction out of producing, too. And my theory is that, as with many things worth doing in life, even though it's harder to produce than to consume, it is infinitely more rewarding.

That's why I'm writing this blog, daily, for 100 days. I want to get into the habit of writing so that I get into the habit of creating for fun and for personal growth. I'm trying to make writing my keystone habit, as defined by Charles Duhigg, the author of The Power of Habit:

Keystone habits offer what is known within academic literature as ‘small wins.’ They help other habits to flourish by creating new structures, and they establish cultures where change becomes contagious.

Ask yourself: what can I create every day? Maybe you create a meaningful conversation with your significant other, family member, or best friend. Maybe you start growing your own vegetables, baking your own bread, building your own DIY furniture or coding a software project.

The world is too beautiful for us not to use its resources to our advantage.

Leaving social media was a very gradual process.

I first seriously considered deleting my social media accounts in late 2019, when I read Cal Newport's Digital Minimalism.

The reasons had already been in my mind before, as an aspiring minimalist who aims to value people and experiences more than things and money. Social media, I realised, was a very shallow way of staying “connected” with my friends. It was also a very easy way to waste my evenings after work, endlessly scrolling through Instagram or Facebook.

But it was another perspective which made me consider it more seriously: focus. Social media, along with its ubiquity achieved by the development of smartphones, kills focus and what Cal Newport calls “deep work”. On my way to work, if I ever felt slightly bored, I would immediately interrupt my train (pun intended) of thought with an app on my phone so I received some sort of distraction. I wondered if this was what I wanted, and clearly for me, the answer was “no”.

I was almost there, I knew I wanted to do it, but I just couldn't. I had already naturally reduced my usage of social media because of other lifestyle and belief changes, yet I felt uneasy about flipping the switch.

Until yet another negative effect of social media caught my attention: online privacy.

We willingly share crazy amounts of personal information online. I know I did with Facebook, especially when I first joined, circa 2010, when I was underage and naive about who I was giving my information to (not only Facebook, but third party developers of the random games I played). I had left a trail of thoughts, beliefs and personal data which I never realised I consented to.

That, and the fact that I had acquired over 1000 “friends” who I clearly did not know in person, and with whom I could not possibly maintain high quality relationships. Who was reading my posts? How many of these people have had their accounts hacked or otherwise compromised, who now are able to access my most personal moments and thoughts?


Low-usage accounts were first to go. Twitter was a breeze. I only used it to contact airlines because it was usually faster and more responsive than calling, but I had committed, and I needed to feel okay with “missing out” on some benefit from social media at the expense of many downsides.

Instagram was next. I deleted it in early March this year. That was a bigger one, emotionally and technically. I had my Instagram for a while, but actually almost never posted on it or used it to communicate with friends. I first took an export of my data, then deleted the account. Being a Facebook company, I thought the deletion process would take longer, but it was instant. That definitely made it easier.

The final one was the biggest one: Facebook. The account I had had the longest (almost 10 years). Recently I had only really used Facebook to remind me of people's birthdays (ha!) or to communicate with friends via Messenger. I now use a calendar app and Whatsapp or Signal for those purposes. My data export took a while to process, but once I had it, it was all I really needed: an HTML page which allowed me to view all my photos, posts, friends and even (creepily) my very old Messenger conversations.

It's been about two months without social media, and overall it's been absolutely amazing. I've learned a few things too.


It's reversible

Social media will always be there for me. If I decide this alternative, no social media lifestyle isn't for me, I can always go back. I exported all of my connections and followers anyways, so I know where to find people.

Time is precious

Boredom breeds creativity. Can't flick through Instagram on public transport? Think about your friendships and relationships, or how you can be a better person. No feed to read after work? Start a new project, learn a new skill, or read higher quality content.

A couple of things I've done with my free time:

  • Learning piano
  • More reading
  • Calling (not texting!) my friends and family more often
  • Learning new programming frameworks
  • Starting this blog!

There are negatives

Even though calling or physically spending time with friends is much better than social media “bonding”, there's still a part of me which thinks that some of my friendships would be kept more up to date if I saw their social media posts more often. Luckily, my girlfriend still uses social media, and she let's me in on all the juicy bits.

It's also harder to share stuff. I shared a link to this blog on my LinkedIn (which I only use for professional reasons, and I don't have the app on my phone). It got a few likes. It's nothing like sharing on Facebook or Twitter. But I'm okay with that. I probably rather have my closest friends reading this than random people on the internet. I'm okay with growing an audience organically; that way I have time to develop and improve my writing too.


Overall, I'm happy with my decision. I'll see what the coming months bring, and see if I stick with it. So far, I see no way of going back. I feel awesome. But I've said that about other things before, so I won't be naive in thinking my decision is final. But for now, bye bye social media.

Enter your email to subscribe to updates.