Category Archives: Uncategorized

Super-simple improvements to your information security

This is something I learned from experience: your most frequent security issues are going to result from

  • Breaches or leaks at other large businesses (Twitter, Tumblr, DoorDash, Bitly, eVite, ParkMobile, ShareThis, TicketFly …) resulting in emails, usernames, passwords, and security question answers getting stolen
  • Phishing attacks against your users, wherever they may be.

Since most people use the same passwords in many places, both can result in bad actors getting passwords to your system, no matter what account was actually stolen. Here’s how to stop that and reduce security incident-related downtime by 90+%:

  • Require MFA for your system accounts and use SSO everywhere you can. This makes logging in with stolen credentials a lot harder. You turn a script-kiddy problem into a social engineering problem, which takes a lot more effort and skill on the part of the bad actors. They’ll spend the effort to get a bank account, but maybe not to get into a faculty member’s email.
  • Provide a password manager like DashLane to your users and require them to use it for work-related passwords. This makes it easy to use strong, unique passwords everywhere, and so it protects all the other passwords they use for work–the ones you don’t have control over.
  • Set up phishing training like KnowBe4. This provides a little more protection for the passwords you can’t control, and protects your users from scams, etc. It also protects them in their lives outside work, so it’s a good service to provide. At a school it’s especially important–I’ve found that students click on phishing emails at a much higher rate than staff or faculty, I assume because they have a lot less experience with email in general.

If you’re not already doing all these things, get them in the “In Progress” column now. By the way, keyloggers get around some of this, but that’s why you already have anti-malware running on all the endpoints and on the networking hardware, right?

Grant funding breaks everything

Grant funding, which asserts that big infusions of cash can bring some operation to a new level, sometimes handcuffs nonprofits.

Think about this: when we attend a museum exhibition with an interactive technology element, we’re not at all surprised to see a lot of it not working right. There’s one very common reason for this.

The issue is this: let’s say you get your $2M for the tech in the new gallery. On average that will cost $400K annually to support (20%). But we need that gift or the exhibition can’t be done, so we don’t often require some way to support those ongoing annual costs of about $400K. It would mean for every million dollar gift, we also need to secure a capital campaign gift of $3M or so, to endow the continuing maintenance of the project.

20% is a pretty typical maintenance figure for new tech purchases. More for computer hardware (25-33%), less for networking hardware (10%), and probably 20% for code, configuration, and content. If someone gives you $2M for some new gallery, or any kind of installation, most likely it will mean $400K in annual maintenance. Maybe less, maybe more. But it will be something.

Well, sometimes we don’t tell donors that. We look at the big gift and we need it so we say “thank you,” and we figure that we’ll somehow work that 20% (or 10% or 30% or whatever it is) into our existing budgets. In truth there are often ways to do that, so a lot of the time 20% is going to be an overestimate. But not for hardware, not for software, and not for content, unless you stop doing something else–this thing you just built is going to get old, either with failing hardware or glitchy code or stale content.

The conundrum is this: many big donors/grant funders don’t want to fund operations. That should come out of more consistent sources of income like ticketing, memberships, and entrance fees. Grants are for the big game-changing thing.

Realistically, we can’t fix this by putting every big gift into an endowment. But what we can do is think ahead to the retirement of these systems/projects–recognizing them as having finite lifetimes, and being up-front with donors about that. It would sometimes be hard, but it’s a lot easier than saying, or implying, “by the way, we’re not going to be able to keep this expensive thing working for more than 3-5 years.”


We moved to Philadelphia in December 2017, so we’ve been here just under 16 months. Here are the main differences between Philly and NYC:

  • Restaurant food in the sub-$100 range (dinner for two) is lots better in Philly. And there’s a BYO culture here that means lots of restaurants are in that range.
  • It’s way smaller. You can live in the suburbs and still be like 20 minutes from the middle of town.
  • There are lots fewer international people in Philly.
  • There are no good corner stores–bodegas or Korean grocers–in Philly. It’s not a thing. I mean there are probably some somewhere, but it’s not like there’s probably one near you.
  • Obviously real estate is a lot cheaper in Philly.
  • Obviously NYC is way cooler.

Free, no license white noise mp3s for sleeping

My wife likes to sleep with white noise, especially when we’re somewhere very quiet. We used to try always to have a fan running–they make the best sleeping sounds. But that’s not always practical. So we switched to using Youtube, but it tends to flake out when you try to play something for hours (or your wifi will drop off, or whatever).

Now I just make noise snippets in Audacity and play them on repeat in any music player. The amazing thing is that there are people out there charging money for this. Here are some for free:

I’m releasing these to the public domain, so you can do anything you want with them.

The brown noise one seems best. I may get ambitious one day and try to take the tone of the pink noise down. I’ll post it here if I do and it works out.

By the way, doing this in Audacity is easy. There are Youtube videos on it, or just go to the “Generate” menu and pick “Noise.”