10 Fast Ways to Become a Better Writer

/1 Comment/in /by

“Writing doesn’t just communicate ideas; it generates them. If you’re bad at writing and don’t like to do it, you’ll miss out on most of the ideas writing would have generated.”

— Paul Graham

The sun’s been down for hours and you are alone with a warm drink next to your laptop. You’re burning the midnight oil again in the back room, building your online business, and you know you need to put another post up on your blog, but you’re just not sure what, exactly, to write about.

The struggle of building your business and hustling on the side is that you don’t always have the time and luxury to write whenever you want, and while the idea of editors, proofreading, and revising your essays sounds great-you need to write something and write it now.

For people working a full-time job during the day, juggling families, and responding to other demands, having ample time to fill notebooks, draft, and re-write sounds like a pipe dream.

How can you quickly improve your writing?

What tools are there beyond grammar and spellchecker to make sure you’re doing your best work? In the world of online and email communication, writing powerful copy makes all the difference.

Sometimes we need tactical, specific, and immediately useful tips to make our writing better. Most writing tips, for me, always seem to feel good — and then I struggle with the actual writing and re-writing. How do you transform the writing tips of Stephen King, Stephen Pressfield, Seth Godin, and Ray Bradbury (amazing storytellers, all) into actionable outcomes?

Here are 10 of my favorite strategies that help when you’re self-editing, scrambling to make ends meet, and holding both a beer and a coffee in your hands while trying to write-and want to do your best work.

1. Start with a story.

Begin your piece with a fable that illustrates your point and shows the reader what it is that you’re talking about. Develop a scene and a scenario where people can nod their heads and say, yes, I see, that happens to me. I can picture myself doing that.

Despite how useful facts and lists are, stories are what resonate. We’re pulled into the grip of a helicopter crash, and most of us can’t look away when we see bright lights or hear loud noises. It’s the pull of the story and the unknown that captures our attention. Stories are memorable, and we can tell and re-tell them; they are, in fact, how we wire information into our brains.

Great writers on the web today hook readers in with stories, creating fictional (or narrative non-fictional) scenes with detail, specificity, and color.

Here are two great examples:

DANIELLE LAPORTE, ON MANAGING & LOVING MONEY:

“No one ever taught me how to manage money. My folks were young and working, Catholic High School didn’t give me any tips, and I skipped college. So that left me and my Visa card, which mysteriously showed up in the mail on my nineteenth birthday. I promptly went shopping that weekend. And the next weekend.”

If you look closely, the post is actually about a book launch, but the first paragraph isn’t about the book, the author, or the call-to-action at the end of the post. It’s a relatable, tangible story that outlines the problem all to common to many people: the problem of managing money, and the story of what happened when she got her first free credit card.

And a second example:

Caleb Wojcik, on The Metrics You Should Measure:

“You know the rush. A guest post you’ve written goes live on a huge site, you finally launch the product you’ve been working on for months, or an older article of yours gets Gizmodo’d. You watch your traffic spike and you can’t peel yourself away from the analytics for the whole day.

‘Look at all those visitors!’ you yell to your significant other as they feign interest.”

This post is about what you measure when you’re evaluating your blog, website, traffic, or product. The introductory story, however, is about that feeling you get when you see a post of yours go live, hit the charts, or make the rounds in Twitter-and the way your significant other may or may not be involved in your online business.

You can also use this strategically in personal emails. For example, rather than jumping to the question you’re dying to ask, you can start out with a quick story (or set the scene for where you are). This situates the reader (on the other end, perhaps in some place far different than where you are) within the framework of your life. Like Instagram but with words, you can give a little snippet of your life through language:

For example, change typical emails that begin:

“Hey Ryan, how are you? Hope you’re well.”

To a quick setting of the scene-showing where you are and what’s in your life:

“Hey Ryan,The other day, I was walking through the streets of San Francisco and grumbling about the never-ending fog. I realized that the city was like a refrigerator. Now that I’m in New York, I miss the air-conditioning and I also miss many of my friends like you dearly. It reminded me to email you and say hello. I hope you’re well.”

In both blog posts and in emails, using stories helps you illustrate your point and takes general advice and makes it something the reader can see and feel.

2. Start with a question.

Much of life, and blog posts, are paradoxes, not answers. Starting with the answer first can be terrifying (and worse, inaccurate or incomplete).

We revisit the same ideas over and over again not because we’ve conclusively decided, but because each topic is worth thousands of conversations. We need the reminders, we meditate on the ideas, and we each have our own flavor and take on the issue. In a recent New York Times Opinion piece about the suffering in Syria, the author opens the essay with a question that haunts human philosophy:

Does the torrent of suffering ever abate — and can one possibly find any point in suffering?”

You don’t need to answer the question to write a great story or essay. Begin with a question, and add your thoughts.

3. Play with the use of first, second, and third person narrative.

First person is filled with “I” statements — great when you know the author, or you have a relationship with the person doing the writing. Second person uses “you” all the time — and can be a wonderful tool for creating empathy and describing a scene that you want the reader to inhabit — but can become bossy quickly with excessive use. Third person focuses on the scene or the action from an anonymous observer within the room.

Most of the time, we don’t actually care about the writer. Your reader wants to know exactly how the writing affects him or her-and whether or not the reading is going to matter to them specifically Right from the start, you should paint a picture of the person or scene and show the action happening.

While first-person can be a tremendous tool as a writer, many bloggers (myself included) are often far too liberal in writing our experiences. Luckily, there’s a quick way to fix this: write the post you would normally write, and then edit selectively to remove the “I” from a couple of paragraphs.

Take a paragraph that looks like this, for example:

“I was tired and hungry from a long day and the rain was beating down on my bike helmet. I didn’t want to work anymore-I was completely exhausted and ready to hit the hay. But I knew how important it was to continue to get this project out the door-it was my first real project as an entrepreneur, and delivering it mattered.”

And turn it into this (reducing the use of I statements-but still narrative):

“The rain beat down on my bike helmet. It was a long and tiring day. Sometimes it feels better to hit the bed instead of continuing to work-but I wanted to impress my newest client. Getting projects out the door on time is critical for first-time entrepreneurs. It was important to deliver, and deliver well.”

You’ll know when removing the first person is great when the paragraph stands on its own without the use of the first person narrative.

Take this post by Chase Reeves on “How Much You Should Be In Your Business?” — the opening sentence is focused on the reader (the second person). For the sake of contrast, I’ll rewrite the opener in two different ways as a point of comparison.

Original (Second Person): “You’re here because you want to create a business that supports you. You want to build something that earns and affords you the life you aim for.”

First Person: “The more important thing to my business is creating something that supports me-something that affords me the life I want and creates earnings I can live off of.”

Third Person: “It’s clear why building a business is critical — it’s a form of support. It’s a source of earnings and creates a desirable lifestyle.”

To me, the original (second person) option is the most powerful-it connects with the reader, has them nodding yes, that’s my vision, and sets the parameters for the post. The first person version makes me wonder why I care about their business, and the third person feels dry and impersonal.

If you’ve written something and you know the content is good-but it’s not resonating in the way that you want-try re-writing it from a different point of view. That might be the trick to creating the snappy writing you want.

4. Talk it through.

Start with the communication vehicle you’re most comfortable with. Most people get stuck writing because they haven’t done it enough. They haven’t sat at the computer and made writing a habit, and each time they do eventually get to the screen, they agonize over each word choice and sentence until they’ve beaten the poor essay to death, 500 words and 2 bottles of wine later, declaring, “I’ll never write again, no, not me!”

If you’re stuck on writing, chat with a friend and use voice recorder, or stomp around your office or hallway and talk things out. Much of great conversation and thinking is done while moving-why should we sit and expect the great ideas to pour out of us once we’ve relegated our bodies to stillness? Start talking, start recording, and go for a walk. Many a mile I’ve walked with an earphone in my ear and a voice recorder on, pretending to talk to someone else while I’m actually just talking to myself.

5. Write the outcome you want first-by beginning with the ending.

Start with the ending, and the desired action. Sometimes the posts I write are creative, lyrical, poetic, and exploratory-that’s fine. Other times, I want something, and I want something specific. Perhaps it’s a donation to charity water, or a sign-up to my latest writing workshop. Each time, I think carefully and specifically about the person who will be reading the essay, and the end of the piece, and what action I want them to take.

Step one: write the desired outcome. Before writing your post, write the action or outcome that you want people to do. How do you want them to take action?

For example, a desired outcome might be getting people to sign up and enroll for One Month’s Content Marketing class. So, I begin by writing this outcome down:

Ryan goes to the website, reads my post, and nods. Yes, he’s working through all these problems I’m articulating. He really wants something to help him with building his audience and online business. Why does he click on the opt-in at the end? Something is really compelling — he clicks because he feels like the author completely understands the frustrations he’s having. He feels like his issue has been heard. So, here’s what I’ll write at the end: Want to get better at building your audience and writing content that actually gets shared? Sign up for One Month Content Marketing.

Step two: Outline the puzzle pieces (usually I use post it notes across my desk) that create a story framework that will lead to this desired outcome:

  • Start with a story-introduction that elucidates the situation or pain point;
  • Add in background information and expert details;
  • Create the framework for a solution to the problem with suggested steps;
  • End with a call to action and final solution (your recommended solution).

6. Write about things you know.

Write about things that seem incredibly obvious to you (and that you’re perhaps overlooking). Describe how you do things, and how you sort your day. Pay attention to the questions people ask you at conferences, in email, and during dinner conversations for clues to what people want to know. Surprisingly, people are incredibly different and what you do may be novel to someone else.

7. Be incredibly specific.

Clichés and abstract thinking are painful to read and prevalent across every type of writing. The solution to clichés is to get incredibly specific-start detailing the scene and describe who is doing what, where you are, and what is happening. Examples are more powerful than anecdotes.

For example:

“It was grueling, and I was exhausted. I’d never worked so hard in my life.”

Can be turned into something much more specific, with details about who, what, where, when, and why:

“My arms were quivering and shaking; in retrospect, doing a 26-mile run the day before writing my launch essay was probably not the best strategy. I could barely keep my fingers above my keyboard.”

8. After you’ve written your essay, go back and delete the first and the last paragraph.

After you’ve written your post or essay, go back and delete the first and last paragraph. The body usually contains the most of the “meat” of the post, and many writers amble on too long in the introductions and conclusions. Try deleting it and shortening it to make it sweet and punchy.

9. Mimic great writers you like.

You don’t have to reinvent the wheel. If you’re stuck, use Evernote to copy and trace patterns that you like. I like to save out great essays and drafts from my favorite writers, print them, and then highlight them to study how people write effectively. Behind the words that you enjoy the most are patterns and clues to great writing.

For example:

  • Email headings: Pay attention to what you click on in emails-what were the five emails you opened first today? What did the headlines say? Jot those down. Circle words that felt great. Were they long or short? What made you want to click? Take one you like and flip it around to become something that works for your business, idea, or model.
  • Start with a bang. Use powerful ledes. Not sure what a lede is? (It’s the bullet or grab at the beginning of a story, made clear in the first paragraph) — skim 5 opening paragraphs of the New York Times with a highlighter and see what you like about each one. Convert it to your own style.
  • End with a boom. Wrap up the writing with a punchy statement, a leading question, or a call to action. If you’ve deleted your first and last paragraphs, perhaps there was one sticky statement you wanted to keep-perhaps distilling that into one sentence will do the trick.

10. Write less and link more.

Find examples and point to them. It’s perfectly okay to not reinvent the wheel — it can be equally valuable to curate great content or showcase your process of discovery if it’s lead you to a great outcome or conclusion.

Here are three relevant articles on how to be a better writer:

In todays’ world of digital and fractured communication, writing is more essential than almost any other skill-when you get better at writing, you get better at everything.

Writing isn’t just a tool for communication — it’s a tool for creative generation and unlocking what’s within your mind. It’s a tool for discovery, search, synthesis and re-wiring. Writing regularly is not just a means to create content, but is itself a tool to generate ideas and crystalize ideas. Whenever you can, use a notebook, use Evernote, google docs, or another system to capture your ideas and practice collecting (and imagining) ideas.

The more you write, the easier it gets, just like any other habit.

When I first began writing, it could take me 6 to 8 hours to write a short post. Today, I can start and finish a post in under an hour if I’ve been thinking about it during the week. Writing has gotten easier to do because I keep it up as a habit. I use writing and sketching regularly as a means to generate ideas. My notes become stories, my stories become paragraphs, my thinking wanders over the page, and then I pour content into the computer.

But when you’re pressed for time-or you’re stuck in the here and now of needing to write a post, having someone to tell you that “practice” and “consistency” are the best tools to get better at writing doesn’t help you with the post that you’ve got to find a way to write — right now.

5 Of The Best Blogging Platforms

/0 Comments/in /by

Are you ready to kickoff your content marketing strategy, but confused about which platform to choose to start your blog? If so, then you’re in luck. In this post, we’re going to look at the pros and cons of each option. You will get a clearer idea of the best blogging platform for you. A strong blogging strategy can help elevate your personal brand or business as an authority within your space.

WordPress

WordPress, a popular CMS (content management system), is the most widely-used on the internet today and one of the best blogging platforms available. Technology profiler BuiltWith has identified that 15.8 million websites currently use it, compared to the next most popular CMS system Joomla, used by under 2.7 million websites. Web Technology Surveys found that of websites using content management systems, 58.7% are using WordPress.

There are two versions of WordPress. There is the hosted version, WordPress.com, which allows you to create a blog without the need for a domain, web hosting, or technical hassle. While this is the easiest and least expensive of options, it’s not as flexible as using the WordPress software on your own hosted domain.

Using the WordPress software on your own hosted domain allows you to have full control of the design, functionality, and content on your website. Thanks to its popularity, you can find thousands of themes (templates / designs) to get just the look you want for your website. You can also find thousands of designers who can create something custom or customize a theme that you like into something unique.

You can also find thousands of plugins to enhance the functionality of your website. This means that you can do pretty much anything on your WordPress website. From customizing the search engine optimization settings to adding contact or email opt-in forms to your blog sidebar, you will have options. You could even start your website as a blog and expand it to include anything you want, including an ecommerce website, forum, membership site, or social network.

As far as content goes, you have the ability to backup your content on a daily basis through the use of plugins, services, and hosting companies. Unlike people who only post to their Facebook page or other social profiles, you never have to worry about waking up one day to having lost your entire profile and thus, all of your content.

In short, there is very little you can’t do with WordPress software on your own hosted domain. This makes it the most scalable platform for your personal brand or business. You won’t have to worry about hitting a limitation that would lead you to having to move all of your content to another platform.

For those who do not like the idea of dealing with the technology-aspect of WordPress, there are plenty of options. You can choose WordPress-specific hosting companies like WP Engine or Synthesis, both of which cater only to WordPress websites and include security, backups, and superior WordPress software support.

This means that you can have the full benefits and features of WordPress with little technology hassle. You can learn more about using the WordPress software on your own domain at WordPress.org, as well as see a showcase of some of the top sites using WordPress.

WordPress.com

While we mentioned that WordPress.com is not going to be as flexible as using the WordPress software on your own hosted website, it is the next best bet if WordPress sounds good to you, but you are just not ready to deal with web hosting and seeking out themes and plugins for your website. It’s a good one for people who want to have the option of easily moving their content down the road.

Here’s what you need to know about using WordPress.com:

  • There are 374 themes to choose from, 194 of which are free.
  • Certain features, such as using your own domain name (you.com versus you.wordpress.com) or having an ad-free website, will require you to upgrade to paid plans starting at $99 per year.
  • You can’t install plugins designed for websites using the WordPress software on WordPress.com websites. This will limit your options for things like custom opt-in forms, custom search optimization, and more.

One of the biggest challenges for those who intend to eventually move from WordPress.com to the WordPress software on their own domain are the links. WordPress.com uses a specific link structure (you.wordpress.com/date/post-name/ or you.com/date/post-name/). If you can’t use the same URLs when you move from WordPress.com to your own domain, you will lose the links you have received to your content and the social sharing counts (social proof) for your content.

If your goal is to simply get your content going on a platform that would be easy to transfer to WordPress software down the road, WordPress.com is your second best bet to just using the WordPress software from the start.

WordPress.com does offer an export of your content, should there be any need to do so. With any hosted platform, it’s best to get a backup of your content regularly. This is in case you should lose your account or the platform should go out of service.

Medium

Medium is a hosted platform that has taken off in the last year and quickly become a top blogging platform. It’s beautiful and minimalistic design allows you to focus on what matters most in your content marketing strategy: your content. There are no themes to pick, plugins to install, or features to toggle. You simply write your content.

Signing up for Medium is easy too. You can use your Twitter or Facebook account and get the added bonus of automatically building an audience based on the people you are connected with on those accounts. As new people join, if they are connected with you on Twitter or Facebook, they will also be connected with you on Medium.

Depending on their settings, anyone connected to you on Medium will be alerted to new posts you write and posts you recommend on Medium. This means that if someone recommends your post, their audience will be notified about it. Hence, you’re getting built-in content promotion.

With that said, there are no customization options for your Medium blog. You can’t add opt-in forms to a sidebar that doesn’t exist. It does not allow you to add your own social sharing buttons. You can’t customize the SEO fields. It’s simply a place to create and consume content.

It’s not a bad thing, especially for those who are looking to simply build exposure for their personal brand. But it may not be the best thing for businesses. Especially those looking to convert readers into customers, as the best you can do is link back to your main website.

Medium does offer an export of your content, should there be any need to do so. With any hosted platform, it’s best to get a backup of your content regularly, in case you should lose your account or the platform should go out of service.

LinkedIn Publisher

LinkedIn has been allowing industry experts to blog on their network for a while. Recently, the option has been expanded to most LinkedIn members. To use LinkedIn’s blogging feature, you will just need to find the Publish a post button on your personal profile news feed. It will be right next to the buttons to share an update or photo on LinkedIn.

This brings to light the first major limitation of LinkedIn Publisher — you can’t use it with company pages. With Medium, you can simply sign up using your company’s Twitter profile. But on LinkedIn, you have to use your personal profile.

While that limits you from creating a blog for your business using LinkedIn, it does allow you to tap into your personal profile connections in a unique way. LinkedIn sends a notification to all of your first-degree connections (people you have connected with on LinkedIn) when you publish a post on your personal profile.

Your connections don’t have to opt-in to this. The only way to opt-out is to unsubscribe from the notifications dropdown itself. This makes your first post on LinkedIn special in the sense that everyone will get notified about your first publication. After that, it will depend on whether you have left enough of an impression for your connections to stay subscribed to your notifications.

So be sure to make your first post on LinkedIn count. This will ensure that people will want to hear about your next one.

Similar to Medium, you have no real customization options for your LinkedIn blog. You can add images and text to each piece of content. However, there are no themes to choose from or sidebars to build. Again, the only call to action you would be able to include would be a link back to your website.

Another downside to using the LinkedIn platform is the fact that you have no real control over your content. If LinkedIn decided to kill off their blogging platform, downloading your content and importing it to another platform would not be very seamless.

Facebook Notes

Facebook offers a feature called Notes for profiles and pages to use to share long-form content. The key difference at the moment is that Notes for profiles has been upgraded to a Medium-like format. Notes for pages is still using the format that existed years ago, which is clunky at best.

This means that you can blog using Notes on your personal profile or business page. Notes tend to get a little better visibility in the Facebook news feed. It isn’t much and your connections are not notified of a new note publication unless they have explicitly signed up for notifications from you.

For those looking to build up their reputation specifically on Facebook, Notes are a good way to go. You even get a little content promotion from the Notes page, where people can see notes published by their connections.

Similarly to Medium and LinkedIn, there are no customization options for your Facebook Notes, other than adding images and text to each of your posts. Calls to action can only be made with a link back to your website.

Also, exporting your content must be done through a full export of your entire account history. If Facebook decides to kill off Notes, you will have to export all of your notes and re-enter them on a new platform.

Using All of the Platforms for Distribution

There is an alternative to choosing one platform over the other, and that is to choose them all. While it might sound a little overwhelming at first, the goal isn’t to create unique content for each of these platforms. Instead, you will create one unique piece of content on your main platform. Then you will distribute that content on the other platforms mentioned above (Medium, LinkedIn Publisher, and Facebook).

Here’s why you would want to do this. You are going to have fans that prefer discovering content on Medium. There will be people who are connected to you on LinkedIn, but not anywhere else. You are going to have people who scroll down your Facebook profile page looking for more info about you.

Distributing content from your main blogging platform to other platforms allow you to get more reach for your content. All you have to do is find a way to summarize the main post. Then you can link back to it in posts on the other platforms.

You can expand this strategy to include some of the other best blog platforms to. This could include Tumblr, Blogspot, Quora, and pretty much any other platform that allows you to share long-form content. In addition to reaching your audiences on those networks, you will be building links that Google search can follow back to your main piece of content to index it.

So instead of considering an all or nothing strategy, consider an all strategy instead. The more you distribute and promote, the better your overall content marketing results will be.

Defensive Hacking: How to prevent a brute force attack

/2 Comments/in /by

Your password’s never as safe as you think it is, and understanding how to protect your website will help you from becoming the next iCloud. Today I want to look at the security weaknesses that led to brute force attacks.

Most brute force attacks work by targeting a website, typically the login page, with millions of username and password combinations until a valid combination is found. The same concept can be applied to password resets, secret questions, promotional and discount codes, and/or other “secret” information used to identify a user.

To perform a brute force attack, we need to do a few things:

  • Confirm account lockout/request throttling is disabled or easy to bypass
  • Determine the format of the username
  • Create a list of potential usernames
  • Confirm which usernames are valid
  • Test passwords for each valid username

The first step is to determine if an account lockout exists. This can be done by failing the login for a user. Next we need to figure out the format of the username. These can be significantly from one site to another, but the current trend is to use an email address since it’s easy to remember and can be used for password resets.

Here is the login page on our example site that we are targeting:

The first thing to notice is that the username is an email address. If the login screen didn’t tell us that, we may have been able to figure it out by trying to register or signup for an account. It’s pretty obvious from the signup page that an email address is used for the username:

If it’s a large public site, generally people sign up with gmail, yahoo, or other well-known email domains. Unfortunately, with the rampant hacking on the internet these days, it’s fairly easy to find massive lists of email addresses from compromised databases (https://haveibeenpwned.com/), (users.tar.gz, Adobes hacked list of 135M users). For the iCloud hack, the attackers probably started with the email addresses of the celebrities they wanted to target.

Let’s say we were (HYPOTHETICALLY) targeting James Franco’s use of our site here. First, I enter jamesfranco@gmail.com and a password then click login.

No dice. However, there is an interesting error message — “jamesfranco@gmail.com doesn’t exist!”

Determining Usernames

Now that we have our first clue, the website telling us if the username is registered or not, we need to build a list of usernames. If this was a company site, determining the email format and then creating a custom list is pretty simple. Corporate email addresses generally consist of one of the following formats:

  • firstname.lastname@company.com
  • james.franco@company.com
  • firstinitiallastname@company.com
  • jfranco@company.com
  • lastnamefirstinitial@company.com
  • francoj@company.com
  • firstname@company.com
  • james@company.com

A quick google search (http://www.wordstream.com/blog/ws/2009/09/23/find-anyones-personal-email) for the email domain will generally give you one email address from which you can deduce the format from.

For our example application, we know that the domain is onemonthsimple.com (which we found in the domain and footer), so we can start there.

Guessing Accounts

Let’s guess a few accounts and see if we can find a valid username. Manually testing a few common usernames with the @onemonthsimple.com domain is our first step. Let’s try these users:

  • Joe
  • Kate
  • Brian
  • Eric
  • Kristen
  • Emily
  • Jon
  • Chris

Wow — a few of those worked. When we guess the correct username we get an error message about the password being incorrect. We have a valid username and are on our way to breaking in!

Lets review what we already know:

Usernames are email addresses. The application will tell us if the email address is valid or not. If we find a valid email address with the wrong password, an “Incorrect Password” error message is shown. Since it is a (demo) corporate HR application, we guess correctly that most users have the @onemonthsimple.com as the email. Using this, we can create or use a list of common names and try to find out more users!

Manually guessing these usernames takes awhile. In order to find as many usernames as possible, an attacker would automate the process of trying usernames and matching the error messages to determine which ones are valid.

Automating Attacks

First, we need a larger list of names. In hacker terms, these are called dictionaries or wordlists. Based on what we know about this app, we need a wordlist of first names. Let’s grab the most popular 10,000 baby names from the US census (http://www.ssa.gov/OACT/babynames/limits.html) as a starting place.

Next, we need a way to automate the login process. For this, you can either write a small custom program or use a variety of different brute force hacking tools such as brutus or hydra. For this example, let’s just write our own. All it needs to do is:

  1. Read a file of usernames line by line
  2. Send the username to the website login
  3. Review the error message to see if the user is valid or not

Here’s the code:

require "net/http"
require "uri"
uri = URI.parse("http://localhost/sessions")
http = Net::HTTP.new(uri.host, "3000")
File.open("onemonth2013-users.txt", "r").each_line do |username| # remove the newline
  username = username.chomp
  request = Net::HTTP::Post.new(uri.request_uri)  
  request.set_form_data({"email"=>username,"password"=> "n0taL1k3lyp@ssw0rd","commit"=>
"Login"})

  response = http.request(request) 
  # If response contains incorrect password then the username is valid  
  if response.body.include? "Incorrect"
    puts "Found: #{username}"
  end
end

After this tool is run, we have a list of users for the site. Next, we rerun the script, but slightly modified. For each valid user, we try thousands of different passwords until we stop seeing the “Incorrect Password” error message — then we know we have the right username and password! Game over.

Defending against brute force attacks

Brute force attacks work because developers tip their hand to attackers by revealing critical information in error messages, fail to properly enforce account lockout and password complexity, and do not implement any form of request throttling. Let’s take a look at each one of these areas and see how you can protect your site.

Leaking Information

In our example, the login page revealed if the username was invalid or not. This is how we were able to determine valid usernames. The same thing happens with the password. This problem exists all over the Internet, just try a few favorite sites (https://secure.meetup.com/login/) and use the wrong password, does the site give you any hints you can use to break in?

The best way to prevent these types of attacks is to return a consistent error message for failed logins. Don’t give hints to hackers with verbose error messages!

Also, don’t forget the password reset functionality!

Account Lockout

Now that we have fixed the error message, we still want to strengthen the login further to prevent brute force password guessing attacks. To do this, we will add an account lockout to users when they fail the login after a certain number of times. This will prevent our script from testing millions of passwords for each account. Here is how we add the account lockout in Rails when using devise (http://rubydoc.info/github/plataformatec/devise/master/Devise/Models/Lockable):

First, make sure the devise initializer is properly setup for account lockout:

config/initializers/devise.rb
# Lock account based on failed login attempts
config.lock_strategy = :failed_attempts
# Lock and unlock based on email
config.unlock_keys = [ :email ]
# Email the user the unlock link
config.unlock_strategy = :email
# Lockout the account after 5 failed logins
config.maximum_attempts = 5
# Make sure devise has:lockable set in your model:
devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable, :lockable

Give it a quick test and make sure accounts are getting locked out and can be reset. If you are adding this to an existing site, you may need to run a migration to add the required devise database fields.

If you are not using devise, then you can manually add a counter in the user model and increment it for each failed login during the authentication process. However, you should use devise!

Password Complexity

Next, we want to make sure the passwords are a little more complex (http://www.sans.org/security-resources/policies/general/pdf/password-protection-policy) so that user’s cannot enter in a weak password, such as “password” or “wizard1”. There are a couple ways to do this, although I personally like the “Devise Security Extension”. This gem provides the ability to configure a number of security controls around passwords, including complexity. Check out the github project for all the details:

https://github.com/phatworx/devise_security_extension

Again, without devise, a decent option is to create a regular expression and make sure that all new passwords meet the requirements. In general, I think it’s best to require at least one number and one special character, with a minimum character length of 10. Passphrases, or passwords that are more than one word are the way to go!

Throttle Requests

Finally, we want to slow down the attackers. One common way developers do this is to implement a security control called a captcha. A captcha is a special image that is intended to be easy for humans to understand, but difficult for automated tools (like our Ruby script). In general, captchas can be annoying and lead to a poor user experience. Also, there are a few tricks hackers use to get past captchas including things like optical character recognition tools, (http://www.zdnet.com/blog/security/inside-indias-captcha-solving-economy/1835), or tricking users into solving captchas.

A better solution is to add in some form of rate limiting based on IP address after a certain amount of failed login attempts. However, be careful as this could be abused by attackers to deny access to legitimate users coming from the same IP range (think your office, coffee shop, or school). Ideally, combining the rate limiting with displaying a captcha is a fairly secure way to go to stop these types of attacks.

The best Ruby gem I’ve seen for throttling requests is rack-attack (https://github.com/kickstarter/rack-attack). Rack-attack was built by Kickstarter to stop brute force attacks. Not only can rack-attack be used to protect login pages, it can be used to protect any page on your site from brute-force attacks.

With our security fixes in place, retest your site and make sure you’ve crushed these types of bugs! If only Apple had enabled these basic login controls, maybe iCloud would be a safe place to store pictures!

Learning Hack: The Pomodoro Technique

/0 Comments/in /by

Pomodoros are a simple learning and productivity technique. We all get burnt out or spend time doing stuff that’s not really effective or valuable, right?

Take a kitchen timer (a Pomodoro timer) and set it to 25 minutes.

Work on one thing for those 25 minutes. If you’re able to do that, when the 25 minutes are up make a little X on a piece of paper, like a post-it, and take a 5 minute break where you’re NOT thinking about work. Go walk around, or drink a cup of water, or use the bathroom, or stretch a little bit.

Then decide what you’re going to work on next and do another Pomodoro.

After about four Pomodoros cycles (with 5 minute breaks in between each), you should take a longer break of 20 minutes or so.

The goal will be to hit a certain number of Pomodoros in a day, like 8 or so, and then hit that number again or more the next day.

If you get really distracted during a Pomodoro (like you end up spending a few minutes on Facebook) then the Pomodoro doesn’t count and you have to start over.

The Pomodoro Technique accomplishes a few things:

  1. It gives you an accepted relaxation / bucket time. Then you don’t feel bad taking a break. In fact, studies show that breaks are important for optimal learning and focus. If you don’t take breaks, you might not be as productive as you could be.
  2. It lets you recalibrate what you’re working on every 25 minutes. I know that for me I often get unproductive when I’m working on the same thing for a long-time because I start focusing on stuff that isn’t important but tricking myself into thinking its super important. (Have you ever found yourself spending more than 15 minutes agonizing over the formatting of a powerpoint slide?) The more often you step back and check in with the self, the more you’ll feel like you actually worked on the tasks that you were supposed to.
  3. It provides a small, but reasonable challenge for you to maintain focus. You can defer distractions to a time that is at most 25 minutes away.
  4. It sets a personal challenge for yourself. By quantifying how many Pomodoros you’ve accomplished during the day, you’ll naturally feel a desire to at least match that never the next day.
  5. You feel better at the end of the day. Most of us spend way too much time hunched at our desk and then we feel like shit at the end of the day. It’s usually because we haven’t been physically active, we didn’t drink enough water, or stretch enough throughout the day. These 5 minute breaks are perfect for that. I find that at the end of a day when I practice pomodoros, I usually feel awesome.

So how can you get started?

Well it’s as simple as getting a timer, a piece of paper, and a pen, really. But there are a few things I’d recommend:

  • There’s an app for that. Pomodoro Timer for the iPhone is a good one. There are a lot of fancy apps out there that track all your Pomodoros and are adjustable and whatnot, but this app does all I really want. It vibrates when your 25 minutes are up, and lets you pick whether you want to take a short or a long break when that’s done.
    (My friend Jon notes that there’s a cool desktop alternative called E.gg Timer, which has a pomodoro option at this url: http://e.ggtimer.com/pomodoro)
  • Get a notebook, a day calendar, or even just a post-it at your desk to track your Pomodoros. This will actually be a good reminder at the start of your day that you should be doing Pomodoros in the first place.
  • While you’re at it, buy a nice pen.

Hope you enjoyed this post. Do you have a learning technique you’d like to share? Or do you think Pomodoro is a stupid idea? Post about it in the comments below.

I want you to do Deep Work

/0 Comments/in /by

Deep work is the title of a Cal Newport book, and
the topic of my latest podcast episode: “Deep Work.

I fight desires all day long.

The five most common things*
that get in the way of doing deep work are:

  1. Eating
  2. Sleeping
  3. Taking a break
  4. Sex
  5. Checking email and social media

* That’s according to a 2012 study on willpower
by Roy F. Baumeister, PhD.

I know people who say
“I worked 8 hours today.”
But how much of that work
is actual productive, focused work?

A year ago, I was in a month-long focus slump
that lasted until I overheard a friend
use the term Deep Work to describe his work.

What is Deep Work?
Professional activities performed in a state of
distraction-free concentration that push your
cognitive capabilities to the limit.

Learn More 
If you want to learn more about Deep Work,
listen to this week’s On Books Podcast episode
in which I discuss highlights and applications
of Cal Newport’s book Deep Work and
its influence on my own work flow.

Listen to Deep Work now on iTunesYouTube or Spotify.

 

Changing Careers at 30: Are You Bold Enough To Do It?

/0 Comments/in /by

You’ve been dreaming about it for almost a decade. You see it so clearly it’s almost three dimensional. You can practically taste the sweet nectar of success.

Except that it’s nothing more than a fantasy. A pipe dream. One of those woulda, coulda, shoulda things you dwell on, that fascinates and scares you at the same time. It’s painful, but you can’t seem to stop.

You’ve been slowly wasting away at a job you loathe, letting it drain the life out of you, while you eye your friends with envy. You know, those friends that bit the bullet back in your glory days and dove head first into exciting career plans? Who never looked back, not even once?

You keep thinking, “Man, that could have been me.”

Except, well, it wasn’t. For whatever reason. Maybe you decided to take the more secure albeit less exciting route, or that well-paying “safe” job. Or you decided to start a family right out of the gate. Maybe you coasted for a few years, drifting from career to career, or project to project, but never really seeing results you’d hoped for.

No worries, friend. Whatever your situation, wherever you’re at right now, life isn’t over until it’s over. Now’s the time to stiffen up that upper lip and chase those dreams in earnest. But where to begin?

Have a Plan

Why? Because planning is cool. And because, well… if you fail to plan, you plan to fail. Really though, you don’t want to just drop your life and switch careers on a whim or start a new business without doing some due diligence. Quiz yourself. Ask yourself why you want to make this big change. Can you handle the pay cut that most likely will come (at least initially)?

Do you have the working capital you need to fund your idea? If you’re starting your own business, do you have a marketing budget? Do you need any sort of insurance coverage to legally operate? Assess all the required moving parts that will be necessary to make your career move a success, then ask yourself: Do you fall short in any of those areas?

Consider a Trial Phase

Perhaps your idea is something you can test the waters in first, before making a major move and potentially lighting bridges afire behind you. Ask yourself if the change you are contemplating could be something you could do on the side around your current job, just to make sure it’s viable.

For instance, if you’ve always dreamed of launching your own web design company, maybe you can start out with a couple of freelance projects during your spare time, and see where the waters take you. You might find web designing isn’t all it’s cracked up to be, and decide you want to focus your attention in another direction.

That’s perfectly fine too. There are no rules that say we have to settle on one career path, and one career path only. Variety is the spice of life, or haven’t you heard?

Deep Dive into Your Dreams

While it can be tempting to want to change careers simply because you see others around you succeeding at something, it doesn’t mean what they are succeeding at is right for you. We humans are a quirky lot, and we each come with our own unique gifts, talents, and skill sets.

Instead of being seduced by the lure of quick or easy money, or dazzled by a career that seems glamorous but doesn’t give you any kind of thrill, sit down and actually think about what you want to do. Analyze your passions, honestly assess your skills and strengths, figure out what lights you up and sets you on fire for life.

Then get to researching and find out if there’s a market out there that will let you somehow marry your passion and skills with smart business. If there’s a market for it, turn that idea into the best career move of your life, and don’t look back. But never forget, switching careers merely because you see someone else doing better than you at something is lame. Don’t do that.

Make Lots of Friends

A big part of changing careers successfully is making sure you have an established network of friends in place before you make the big move.

This is your social circle, your network of people that you know in the industry you’re trying to move into that can help make your transition a bit less difficult. In many industries, they say it’s all about who you know, and this is more true than you probably realize.

Even that guy you say hello to every day at the coffee shop might be a potential contact that could prove valuable in your business at some point. As an entrepreneur, you just never know when you meet someone, how they may affect your life and your business further down the road. Make friends, exchange contact information, expand your network. But do it with class, and don’t be an… well, you know.

Just Do It

Have you done all the research? Asked yourself all the tough questions? Have you mapped out some kind of game plan on where you’re going, how you’re going, and what you need to get there? If you’ve done everything you can think of to mitigate potential failures, it’s time to quit talking about the big plan, and do the big plan.

It’s easy to get stuck in some kind of holding pattern as you wrestle with a big life change. Any big life change, really. It doesn’t just apply to careers. “Should I? Shouldn’t I?” is the mental narrative that seems to loop on repeat.

It often triggers something I like to call procrastination assassination. I should know, I’ve been a victim of it myself. Don’t let that be you. Once you’ve reached a certain point, you just have to take a leap of faith. Or give it all up for good and resign yourself to your current ho-hum career.

But if you’re reading this post, I know you don’t want that. You want more than ho-hum. So how about you get busy, and make that long-awaited dream happen?

By my admittedly flawed calculations, I figure now is as good a time as any.

Take Control of Your Career And Create Your Own Learning Curriculum

/0 Comments/in /by

Learning online is overwhelming. How many times have you started a class and flailed about, looking for the right next steps?

In today’s rapidly accelerating world, we’re all trying to learn as much as we can as quickly as possible. If you’re anything like me, however, this means you can quickly get overwhelmed by all the choices.

Today we get to learn from Mathias Jakobsen, Internet entrepreneur, creator of Think Clearly, and Learning Designer at Hyper Island. Mathias has also curated workshops and learning sessions for the entire team at One Month. It helped our team find our own way as we grow. He took time to share with us his thoughts on learning, online education, making your own career path, and what to do when the transition feels clunky and uncomfortable.

How to chart your own learning path — An interview with Mathias Jakobsen

Sarah: We have a lot of students who are in the middle of career transitions. They’re learning new skills so that they can either get a new job or start an entrepreneurial project on the side. What is some advice you have for students who want to learn new skills but aren’t sure how to begin, or where to start?

Mathias: Make sure to check in with your motivation.

Why do you want to learn this skill? Is it because it might make you money which might give you better life conditions? Or is it because you are truly fascinated and want to learn because you are curious? Or something else? Of course, they are not mutually exclusive, and just because you are motivated by curiosity doesn’t mean that you can’t use the skill to make more money. But I think you will always be better off if you can dare to be honest with your motivation.

I think you will always be better off if you can dare to be honest with your motivation.

If you know that your main motivation is to make more money, then you need to keep that in mind when it gets challenging. How will you deal with getting stuck when it feels like you are not making progress for hours or even days? That’s when you are most likely to give up.

Perhaps you can give yourself a set number of hours and trust that if you truly spend 100 hours trying to learn this. It doesn’t matter so much if you feel stuck for parts of it. It’s a mindset shift from certainty to probability. You will never know in advance if you will be able to learn a new skill and make money from it, but you can define clear steps and conditions that will certainly increase your probability of succeeding.

If you are truly motivated primarily by curiosity, then it will be less challenging.

But if you are not honest with yourself and tell yourself it will be easy because you are curious but actually you are motivated by something else, then when it gets difficult, you will get discouraged and give up.

It’s important to dare to dream precisely about the future you truly desire.

In my coaching work with entrepreneurs I have often helped people dream about what could be possible instead of being stuck on all the things that are currently not possible. The trick here is to be very specific and precise. For example, someone might say that they dream about more money. They also have lots of other ideas and visions, but most people I meet seem to also have this idea of “more money.”

But they have never radically considered exactly how much more money they really want, what exactly they would do with it and what that might concretely look like. Do you want $200K annual salary? Do you want a million? Why not ten million?

So I ask people to tell me how they would spend their money if they had unlimited funds. What exactly would they buy? Most people start off making variations of the same list of all the things that society teaches us that we should desire: one or more luxury homes in a various metropolises, a boat, a plane, a fancy watch or two, some cars, some people are into helicopters, all organic food from Whole Foods, a private chef and so on.

Then I ask people to be more precise and to look up the price tags on all these items so that we can figure out how much money they would actually need to get everything they can dream of. But you can’t look up the price tag of “a fancy car” so you need to decide: is it going to be an old Ferrari F40, a Mercedes AMG SLS or a Bugatti Veyron? All three?

Do the research. And where will you park them? Who will clean that beach house when you are not there? It takes time, but what happens when you keep pushing yourself to see the specific details and make all those little choices, is that suddenly the dreams begin to feel more real, and when that happens, you can begin to realize that most of these are actually not your dreams.

Imagine that life with the specific things in it that you want. Draw it. It can be very motivating.

And then you can begin peeling off the layers and uncover the things you actually want in your life. Again, with the same precision. And don’t be ashamed if you (like me) dream about a vintage Rolex GMT-master. It’s a beautiful watch. Imagine that life with the specific things in it that you want. Draw it. It can be very motivating. But you need to dare to shamelessly let your desires run wild first and go as far as you can into the wanting. See what happens.

You need to dare to shamelessly let your desires run wild first. Go as far as you can into the wanting.

Why is it important to continue to re-invest in higher education as you grow older? What are the smartest leaders doing that other people aren’t doing?

Change is happening very fast today.

And the only thing that we know is that it will never again be this slow. It will only get faster. Companies have shorter life cycles. Technologies are being adopted faster. Information travels further and faster. Our skills are getting outdated all the time and need constant updating.

As I see it, learning is the only solution.

And not just this course or that course. But learning as a fundamental attitude is the only sane way to approach the future. Investing in education is just a piece of the puzzle.

What are some of the key tools and aspects of ongoing growth that you see people engaging in?

There is no tool for this. The tool of today may be outdated before I’m done with this sentence. It’s the attitude that matters.

An attitude of curiosity and openness to what’s new. You don’t need to like it or love it. But try it once or twice before making up your mind. I recently tried the new Periscope app. I thought it was stupid. But I pushed myself to try. I had so much fun. I was so surprised by how truly engaging and interesting it was. Just walking down the street, filming, live-streaming my life and telling the camera that I was on a mission to buy ice cream for my wife. Suddenly there were people from all over the world watching, commenting, interacting and I felt like a human. I felt they cared. I truly felt that. It was incredible.

Three days later I deleted the app and I haven’t used it since. Was it a failure? Does it matter? I spent a total of about 30 minutes playing with it. Now I at least have some sense of what it can do and particularly I can understand why others might love it. I explored. Get curious.

Do you see common mistakes people make when digging into self-learning and/or career transition?

People get stuck in all kinds of places. Most often people get stuck in one of these four places:

  • Trying to do it alone, and thinking that they need to (and are supposed to) know in advance, rather than going into it with an explorer’s attitude and taking notes along the way as they uncover, discover and figure it out.
  • Second, not taking the time to properly understand their true motivation. They set out to do something — a bit like a New Years resolution. They want to “lose weight” or “implement a new strategy” but they don’t put in the time and effort to understand why it truly personally motivates them to do this. You need to keep asking yourself “why is this important to me?” And for each answer you ask again “and why is that so important to me?” It typically takes at least seven steps, and often more. And often there are forks because there are multiple answers and each must be explored.
  • Third, people fail to clearly and precisely specify the goal: how much weight to lose. What exactly they want to see as a result of the new strategy. A good guide is to ask yourself: “is the goal so clear that I could give the instructions to someone else and hire them to unambiguously judge if the goal is achieved or not?” It must be something they can actually see with their own eyes. You must be able to track your progress, even if you don’t know exactly the results you will have in advance.
  • Finally, people don’t break their goals into small enough steps. They overestimate their own ability to change and they underestimate how powerful it can be to make tiny changes. If the steps are not clear enough it’s super difficult to act on it.

“Being more organized” is a great ambition to have, but what’s the step to take? Perhaps the first tiny step is to schedule just 10 minutes every week to make a list of what has been most disorganized that week. If you do that for five weeks you may not instantly become more organized but you will have better insight into what specifically is disorganized in your life.

Then the next step may be to pick one of the smallest things that kept showing up. Then, treat yourself. You are on the way to becoming a lot more organized by taking this first small and incredibly crucial step. You are shifting your perception of yourself from being disorganized to being someone who slowly but surely will become organized. And yes, this will not immediately solve your inbox and the clutter on your desk, but remember you’ve lived with the mess for years now anyway, so it can probably wait another few months.

If you could teach people three things, what would it be?

To seriously explore their own wants and desires in a precise, honest, ongoing and systematic way. Not to act on every desire, but to know what they are. And to get rid of all those that have simply been pushed onto you, as I wrote above.

I also strongly believe in taking notes and using tools that help you slow down at least temporarily. This shift in mind tempo seems to be very beneficial for seeing the longer threads that get lost in the haze of rapid (but small) changes that we see day to day.

To reflect regularly in order to integrate thinking and feeling and to discover and learn about yourself in whatever situations and experiences you go through.

To be kind to others. Both for the benefit of the other, but mainly for the benefit of oneself. Part of this is learning about yourself and what situations where you find it more difficult to be kind. Being late for a meeting and waiting on a busy subway is not a situation where I personally find it easy to be kind and let others on the train first. So I try to always be very early for things. If I haven’t eaten properly I also find it hard to be kind and sharing with others. So,I try to ensure that I get proper meals. This sounds stupid when I write it, but it’s really important.

You are a learning designer with Hyper Island, a company that focuses on the development of individual and company leadership growth. Can you tell us a bit more about your work at Hyper Island and the process? What do you do, and how does it work?

Hyper Island is a creative business school, and we consult with extraordinary individuals around the world. We enable organizations and individuals to see the bigger picture, engage, and act on opportunities that arise in our digital and technological age.

My primary job is to create a learning journey for the participants, which takes them from where they are and to where they can be, using whatever resources I have available in the form of speakers, sessions, workshops and our methodology.

The first step is to know where the participants are in their lives, companies, and experiences. I often do interviews with them or others do the interviews and I read the results. For some of our open classes, there is also bit of a filter for who signs up in the first place, so it’s not completely random. However, for some of our tailored programs for companies, the interviews are absolutely crucial to understanding where they really are and what they need.

The journey has several stages and we design different experiences and elements to best suit each team. There can be a lot of variation from one workshop to another, but some of the recurring elements are:

  • Build trust amongst the group. This is important for everything that comes after.
  • Set a clear precedent or example of the type of participation that is expected (this is not a class where you get to lean back and just listen, you will be asked without warning to discuss a question that seemingly has no definite answer, and still come up with one clear answer in a small group, in just 120 seconds, so get used to it) This might make people uncomfortable at first. That’s part of it.
  • Encourage space for self-assessment. Where am I in relation to X? Where are the others in the group?
  • Gather input. This can be powerful stories, ideas, concepts.
  • Lead exercises and workshops. Building on the input, pushing participants to do something with the material. Putting material into context and applying the skills they are learning enables them to take it home with them more permanently.
  • Self-reflection. Participants learn “what does this mean for me?”
  • Group sharing of reflections.

These are the elements of a learning journey, and within this journey, we can go through stages like “opening up and seeing the big picture” into “experimentation with a new attitude” and finally “planning, execution and implementation.”

Take us into the transformation of a participant. What are they like when they arrive, and what has changed when they leave?

People arrive with expectations.

Maybe they expect a traditional class with lectures. Others come on the recommendation of a friend. While they have no clear understanding of what will happen, they have very high expectations because their friend told them it would be incredible.

One of the first things we ask people to do is to share something that they normally would never share with others. It catches people off guard, and with little time to prepare, most people simply go for it. They are pushed to be vulnerable in front of a whole group. I think it’s pretty intense for the participant. But it also opens up the space so much after.

Some of our speakers are really good at pushing your thinking. To let go of some of your ideas and beliefs and judgements. Or at least consider how the world would look if you saw beyond your own judgement. That others might see it differently.

By the end of the first day most people express that they feel that their head is spinning. People report not being able to fall asleep.

The morning of the second day it’s time for quiet reflection and introspection. I love this part of the journey. We ask people to write down their answers to a set of questions that gently guide people into their memory, then into their emotions, then into critical thinking and eventually to consider larger implications of their new insights. It all happens individually, in silence at first.

Because most people don’t take the time (or have the time) to sit quietly and reflect, it can be super powerful.

It’s legitimate because the facilitator asked you to do it, and everyone else is doing it. I personally hate when some senior executive feels that he is so important that he must check his e-mail during those minutes. It’s like pissing on everyone else.

The second day of the journey is very creative and the experience for most people is that they suddenly tap into creative resources they never knew they had. It’s hugely empowering. The climax is typically at the end of day two.

On the last day it’s time to gather the new learnings and come back down to earth. To devise concrete action plans for putting the new stuff into practice. To solidify the learnings into an understanding or a framework that they can take with them.

When they leave they are less afraid.

They often say this out loud, but even if they don’t I can feel it. That’s probably one of the main reasons why I work here. It’s so hard to think clearly when there is fear. We help people leave lighter, less afraid.

As a school, you do this predominantly through face-to-face interactions. Tell us more about why in-person interaction is such an important tool.

Most people have really bad habits when they are in front of a laptop. The rapid Cmd-tab multi tasking shortcut is so hardwired into my brain that if an app or site is remotely unresponsive I will instinctively jump to another app or site while I wait.

Even if I have nothing to do there I just do it because it feels like I’m wasting time waiting for something else. This might be rational from a certain efficiency perspective. Back in the day when downloading a large PDF might have taken 50 minutes, I’m probably better off writing a few e-mails rather than waiting for the file to download while staring at the progress indicator.

But today the lag might be half a second before I switch. All it does is make me feel scattered and it’s simply a bad habit that I haven’t managed to change. I think we all have such habits, which most of the time are not that big a deal, especially if we are doing lots of little admin-style tasks, responding to tweets and other things that require no more than 3 second bursts of concentration. But for learning we often need more focus. Especially if we are trying to learn something that is not easy.

Face-to-face is by no means a silver bullet for this. Many learnings environments are so dull and boring and disengaging that you are probably better off just randomly surfing interesting Wikipedia articles on your phone than paying attention to the lecture or training that is being presented. We have all been there. It sucks.

You can make both online and offline teaching boring as hell.

However, let’s consider a session that is highly engaging but with content that is also difficult, challenging and hard to comprehend. For this I think that face-to-face sessions with a group, the way we do it at Hyper Island and many other places, can significantly help people stay focused and engaged because there is interaction and because it’s very easy to see that nobody else is “checking out” with their phones so it creates a social pressure to not do so.

The room creates a certain force of attention which both fuels the presenter with energy but also makes it less demanding for the participants to hold the attention because it’s already flowing in the room.

The other thing that can be much more effective in person-to-person, is building trust, which can be crucial if you want to have an engaged and engaging conversation or discussion in a learning environment. Trust can of course also be created online, but in my opinion it just takes a lot more time and effort. Probably because we have less non-verbal communication (body language, scents, touch etc.).

One of our challenges at One Month is in building this type of community online: in your perspective, what are the pros and cons of online education? When does each thrive?

I obviously love doing live, in-person learning experiences, but I am also realizing that it has so many limitations. It really doesn’t scale well: if you add more than 30 people in the same room you begin to lose the interactive experience, and it becomes like a conference instead.

It’s also geographically limited to people who are in close proximity to each other, or who are willing to travel. For brief learning sprints of 2–3 days this is not an issue, but if you want to really go deep in something it’s usually better to come together as a group on a weekly basis and then do individual exploration in between.

At Hyper Island we don’t believe that online education can replace some of the personal and organizational transformation work we do through our courses, but we do believe that integrating the online and offline can be tremendous. By using both, you can create a blended experience where some of the early trust building work happens in person and most of the deep dive and implementation happens virtually.

This allows us create much more valuable learning experiences. We are curiously exploring and experimenting in this space. We definitely haven’t solved it yet, but the opportunities are so massive and the fact that it has transformative potential on a truly global scale makes me really excited.

When does online learning excel? What is special about being online and connected in a way that we can’t do in person?

What online can do much better is to make the learning path individual. Each person can move in their own tempo and it can even be non-linear. One might choose a different order of learning.

What online can do much better is to make the learning path individual.

You can also do a lot of things that are not synchronised. This allows people to learn together from completely different locations and time zones.

I think online learning can excel when:

  • It’s social — an actual group of people who are learning together and who are committed to getting to know each other just like you would naturally do offline. This means taking the extra time to build trust. To small talk. To talk about the stuff we care about personally outside of the stuff we are learning. Who we are as people. What we dream about. I think it’s best when it’s a pretty small group. Even if the small group is also part of a huge group, I think a sub group of 5–10 people is ideal online. Everyone takes the time to have 1:1 conversations. Using something like the NYTimes 36 questions to fall in love, could be a simple 30 minutes activity that everyone does with each other (that’s two full hours for each person in a group of five)
  • What is to be learned is already well documented on the Internet at large (most stuff is today)
  • The teacher’s main job is to give the group the questions and directions for exploration.
  • Assignments that the group must solve together or maybe in pairs and which has some form of creative output. The teacher knows that it can be solved. The teacher has defined a reasonable format and time frame for the task. And the teacher is available for support if anyone gets really stuck.
  • The groups present their findings to each other.
  • The teacher also designs the experience so that there is a reasonable progression and adjusts based on the feedback of how well the groups solve the challenges. So the initial exercises are simpler and require few steps but they build up resources, knowledge and confidence which can be incorporated in later and more complex challenges.

You also write a newsletter, Think Clearly, based on your years of work with entrepreneurs and business leaders. What is the process you use when working with entrepreneurs? How do you help them clarify the noise and focus on what’s important?

I listen and ask questions.

More concretely, I have also used certain spaces and places that are not so ordinary. This is in order to help people get out of their normal habits.

A busy coffee shop can be fine for some meetings and for long time clients where we have built our habits and ways for working, we can do the conversation in the most distracting place and still be 100% focused.

But when you are first starting out, a quiet and slightly strange place can simply be more effective. I have used the lobby in the TriBeCa Grand Hotel for years. They serve great coffee, the staff is super friendly, and it’s quiet with high ceilings and skylights, yet, dark and intimate. It’s perfect.

You recently had a brand-new baby. How has she helped you reconsider the world? What do you see about the world through your children’s eyes?

The three things I want to teach everyone (above) are probably what I will teach my kids.

I think being a father is amazing for me. I feel so grounded in that experience and in having a family where there is so much love flowing around. My wife is incredible.

No matter how many miles I fly away to the other side of the planet to run some workshop, I feel grounded in them and I am happy that I both get to go away and then to come back home.

I learned that it’s very important for me to be doing work that I truly care about. Because then I take the energy I get from home and invest in my work, and I get a different kind of energy from doing the work which I can then bring home.

I also realize that while I have very reasonable hours at Hyper Island (I work pretty much exactly 40 hours per week), I still don’t see my kids that much. I see Noah for an hour in the morning and an hour in the evening and then on the weekend. But I know that when we are together, I’m a dad that brings home energy from doing something that matters to me. I work because it matters. It also pays for our rent, but I honestly feel that’s an added bonus. If I were independently wealthy I would still go out and do work that I care about because I want my kids to see that.

We’ve talked before about the magic in the mundane — how the smallest of things can make the biggest difference in life changes. What mundane things are magical in your own life? Can you give a few examples?

Magic: baking bread. Mixing flour and water and salt and making delicious food. Baked loaf 326 yesterday.

Changing a diaper can be such a rewarding experience. When I pay attention it has a lovely mix of intimacy but also efficient choreography of moves and swipes which can truly be mastered as an art form.

Sometimes just seeing the lit up NYC skyline from the packed subway car passing over the Williamsburg bridge after a long day.

What’s the biggest lesson you’ve learned this year, personally?

That my kryptonite is that I want to be liked by others.

I realized this a few weeks ago and it is so hugely liberating to know that this is the case. I think it is quite common actually, but I never knew for myself, and it limited my scope of action. From now on I may still limit my scope of action, because I still want to be liked.

But now I know it and it is my choice. I know I can also choose a different action outside of that scope if I am just willing to risk not being liked. I tried it recently and it was hugely empowering even though it was such a tiny thing.

I Studied German for 20 Min a Day For a Year and This is what I learned

/0 Comments/in /by

Last year, I decided I needed to learn German. It started one night while I was at a dinner party in Berlin. During dinner I noticed that I was at a table of German speakers who were all politely speaking in English just for me! I felt like the stereotypical stupid American. Berlin is one of the most amazing cities in the world. I knew I’d be back the following summer, so right then I set a goal. To return one year later with enough German skills to, for example, read a menu, ask directions, and follow along with some basic diner conversation.

My strategy: Every morning for one year, I would spend 20 minute learning German. I was curious: could I learn enough German to meet my goals by only studying 20 minutes a day?

My goal: return to Berlin in one year, with enough German to have a basic conversation

My goal: return to Berlin in one year, with enough German to have a basic conversation

One year timeline for learning German:

How much German can you learn with DuolingoThe first two months went smoothly. I started with Duolingo everyday for 20 minutes. Duolingo is a free language learning platform that includes flashcards, tests, and a social component where you can see your friend’s progress. It helped that a few friends of mine were also using Duolingo because I could see their progress alongside mine. Social pressure is a real thing, and I didn’t want to fall behind my friends!

After three months, I watched the movie Good Bye Lenin! in German and I couldn’t understand one word. I realized that I had no practical application to use German in everyday life. So I thought it would be best to pair Duolingo with other forms of learning: That month, I hired a teacher on Live Lingua (Roughly $28/hour) to help me improve my listening skills. We had a total of 10 one hour lessons session together where she’d help work with me on what I was learning with Duolingo.

In the fifth month, I traveled to Japan for a week. I found the context switching between studying German and visiting Japan was surprisingly difficult (note: I lived in Japan, and can speak very, very basic Japanese). For example, when I meant to say “Yes” in Japanese, German came out of my mouth. I felt like I was losing control of my mind.

By the sixth month, I realized that there were dozens of important everyday German words I wouldn’t learn in Duolingo. Such as entire categories of food that were missing from their library: raspberry, blueberries, pears, peach, and eggplant. So in addition to Duolingo I began using Anki. Anki is a flashcard app you can use on your laptop or phone.

In month seven, I picked up the book Fluent Forever. The biggest takeaway: I should pay more attention to pronunciation (I had skipped over learning the alphabet because Duolingo doesn’t teach it, and because it seemed boring to learn). This had left me making the same pronunciation mistakes over and over again. To balance this I found some YouTube videos on German pronunciation which were helpful.

In month eight, I had completed all the Duolingo lessons and the app told me I was 48% fluent. I think that is generous, because I still couldn’t understand 80% of what I would hear while watching movies. At this point I went back to the top of Duolingo’s lessons and I tried to do all of the lessons again until they were gold (which is supposed to mean it’s fresh in your mind).

Duolingo review example

After every lesson, if I didn’t know a word in Duolingo I would add it to Anki.

In month nine, I was getting bored of being on Duolingo everyday, so I also joined Yabla ($9.99/month) which is a site that adds English subtitles to German YouTube videos. Yabla has a really cool feature where you can slowly scrub through the video in case you miss something. I decided I would substitute 10 minutes of my German language using Yabla.

One year later, how much German do I know?

In month eleven I returned to Berlin. I immediately noticed that signs and advertisements that were there in the past suddenly had more meaning. “Oh that’s a barber” and “There’s a sale on blueberries today, buy one get one free.” On the other hand, speaking with Germans was almost impossible for me since everyone spoke either too fast for me, or would default into English upon hearing my mumbled accent.

Kapital Zwei language learning

In the week leading up to my arrival in Berlin I took an online test with Kapital Zwei and was ranked as level A.2.2. That’s equivalent to Level 2.5 of 8 on the scale of zero to fluent. Not bad! I decided I would join a German language school for two weeks while in Berlin to keep the momentum going (Kapital Zwei offers 12 hours a week of in class studying @ roughly $6/hour to learn with a group of 10 students).

The classes were 90% in German, and from the first day of class I was pleased to learn that I could follow along with the teacher fairly well. The takeaway being: if you speak to me slow and like I’m three, I just might just be able to follow along.

What would I do different next time?

1. Have a goal, and sub-goals for learning. Learning German “just to learn German” isn’t motivating. It’s the same plateau that I see One Month students make when learning to code.

My greatest motivation came when I had a goal:

“To return one year later with enough German skills to follow along with some basic diner conversation.”

The problem, is once I arrived to Berlin it was clear I wouldn’t hit my goal. And I didn’t have a new goal. Having a goal is important. Having subgoals (perhaps quarterly) would help me course correct for months when I fall short of my goal.

2. Use Multiple resources to learn (and sooner than I did): I was naive to think that using only Duolingo, or only any one resource, would provide me with enough knowledge. Duolingo’s greatest strengths is that it helps set goals, gives reminders, and a sense of social pressure, but isn’t helpful for practicing natural conversations.

In the future I’d suggest learning from Duolingo, while also learning songs (they were helpful for remembering vocab), and I’d take an in person class sooner.

Did you know that all European languages use the same grading scale that I mentioned above (A.1, A.2, B.1, etc)? It’s called the Common European Framework of Reference for Languages (CEFR). I hadn’t realized this, but now that I know it’s helpful because it gives me a sense of how to set expectations or reaching level A.2.2 of Spanish, French or any other European language.

I get the sense that if I took the German class for six months (everyday for 3 hours) that I would have been able to go from a A.2.2 to a C1 (which is much closer to my goal of listening and speaking during a dinner party).

3. Practice sentences, not just vocabulary words. Practicing vocabulary each day with Duolingo gave me the false impression that I knew more words than I did. Sure I knew how to say “Sister” and “Brother” but as soon as I used them in a sentence the conjugations and sentence structure made speaking much more difficult. This lead me to using a lot of one word answer and pointing at things. “Yes” (point) “Almond Milk.”

Conclusion

In one year I spent a minimum of 120 hours studying German, and a total of $615 on resources. Overall, my grade of A.2.2. is roughly 25% fluent according to the official German CERF test, which is pretty satisfying for learning mostly on my own, and mostly from my laptop.

 

8 Ways to Change Your Habits (And Actually Get What You Want)

/0 Comments/in /by

Click to tweet this quote

What does it take to make a goal or a dream come true?

You know the drill. You’re vowing to change your behavior. Tomorrow I’ll … start meditating. Start brushing my teeth. Finally get around to writing those essays you’ve been meaning to write. Make plans for the new book you’re putting together. Learn to code.

You vow that you’re going to do it. You know it. You have to do it.

But it didn’t get done today. So you wake up tomorrow and do the same thing you’ve always done. Yet your behavior doesn’t change.

When we make broad-sweeping declarations about our life, they don’t work.

In fact vowing to do anything, no matter how strong the vow, usually wears off as your willpower drains throughout the day. So how do you make a change in your life that’s actually effective? “Everyday people plan to do difficult things, but they don’t do them. They think, ‘I’ll do it tomorrow,’ and they swear to themselves that they’ll follow through the next day,” write Carol Dweck, researcher at Stanford and author of Mindset. “Research by Peter Gollwitzer and his colleagues show that vowing, even intense vowing, is often useless. The next day comes and the next day goes.”

So how do you make a resolution that actually works? Here are a few of the best tips and tools we’ve read about, used, and know to work:

1. Make a concrete, vivid plan.

What works, writes Dweck, is making a vivid, concrete plan. Describe to yourself exactly what you’re going to do, how you’re going to do it, and what steps you need to take, down to the minute detail. “Think of something you need to do, something you want to learn, or a problem you have to confront. What is it? Now make a concrete plan. When will you follow through on your plan? Where will you do it? How will you do it? Think about it in vivid detail.”

Increase your possibility of success by outlining when you’re going to do something, by putting it in your mind as a behavior — and on your calendar as an action.

These concrete plans — plans you can visualize — about when, where, and how you are going to do something lead to really high levels of follow-through, which, of course, ups the chances of success.

If you’re looking to write a book in the new year (which, full disclosure, I am), then break it down into its constituent parts. When will you write? What will it look like? What days a week will this happen?

Think about it exactly, not vaguely.

For me: I’m going to set an interim goal of writing on my book for at least ten days in January. More specifically, a writing session includes just opening the doc and working on a single page. I’m focused on making the habit of working on my book part of my regular routine.

2. To make change, visualize the change. Take time to imagine your behavior change in detail.

It turns out, detailed visualization is powerful enough to change behaviors even before you start. As I’ve written about before, the power of visualization is so important, it’s proven to change behaviors:

“In a famous basketball study, players were divided into groups that visualized perfect free throws, a second group that practiced their shots, and a placebo group that did nothing. At the end of the study, the players that visualized their perfect throws improved almost as much as the group that practiced — without ever touching a basketball. It’s important to note that the visualization involved the specific steps and actions it takes to perfect a free-throw shot.”

If you want to change what you do, you can begin with your thoughts.

3. Start small.

Habit change happens when you start really small. Want to learn how to run? Your first month might focus just on the first five minutes of each run, until you’ve mastered that first step. This includes mastering the steps of putting your shoes on, walking outside, and only then maybe adding a few minutes to walk to the corner or around the block each day.

What’s key is successive positive reinforcement, or rewarding the behavior you want more of. Too often we jump cold turkey into a brand-new routine only to find ourselves back in our old habits before we know it. Instead, focus on the smallest possible change that could build into a habit over time. For more on this, check out Stanford Professor B.J. Foggs’ Tiny Habits program.

“We often think that if you start with something so small, it won’t make a difference. But the truth is, because that momentum builds after you get going, you can often start with something really tiny, and it will blossom into something much bigger,” says writer and author James Clear.

If you’re stuck or overwhelmed with a new project, ask yourself: what’s the smallest thing I could do next to make this happen? It doesn’t matter how small it is — the trick is to make it small enough that you actually do something.

Tweet: “Even when you start small, it can make a huge difference.” — @James_Clear

4. Prime yourself.

New behaviors need an introduction, of sorts. Whenever I start to learn something new, I try to expose myself to the new context before actually committing to a new behavior change. Often the weight of how much is going on can be intimidating — researching a new location, mapping it out on google maps, looking up schedules, figuring out payment options, sticking to the plan — that enough friction in any of these steps and you don’t end up doing it.

Instead, make one of the first steps a walk through. Whenever I try out a new gym or studio, I go in for a tour. You can learn the routine, see the studio, and practice the behavior of going to the gym. This makes it easier for you to repeat this action down the line because you already know how to do it.

Want to start flossing your teeth in the morning? Go right now to your bathroom sink and practice the behavior. Get out the floss, put it on the countertop, and floss at least one tooth. Even if it’s 2pm in the afternoon, even if it’s just one tooth. This will prime you for repeating the behavior the next day.

5. Look to the process, not the outcome.

Too often we confuse the reward of the outcome with understanding what, exactly, it’s going to take to get there. Sitting down to write every single day is a lot more boring than having a published book in your hand. So how do you create a schedule that rewards the small successes?

It’s actually psychologically difficult to conceptualize change. We don’t understand thresholds of small changes; instead, we’re biased to see big wins. The biggest change happens over time, however, when you enact small, consistent behaviors. Sometimes mundane acts over time add up to something more exciting, after all.

“It’s so easy to focus on this idea of one defining moment, or overnight success, or some massive transformation to flip a switch and become a new person — but it’s not that way at all,” explains Clear. To make a behavior stick, look closely at the process and whether or not you’re really willing to commit to the, at times, drudgery and slog that it’ll take to get there.

And be ready to surprise yourself. Entrepreneur Corbett Barr reminds us that “Not a lot will change in one single day, but a lot can change in 30 days.” It’s rare that I’ll have a breakthrough day to finish my book (and by definition, that will only be one day out of many), but if I keep showing up, that day will arrive.

6. Motivation doesn’t last long, so plan ahead for when you’re not motivated.

How do you stay motivated? Well, it’s not about motivation — it’s about habit. Stephen Pressfield describes Somerset Maugham’s relationship to motivation and writing:

“Someone once asked Somerset Maugham if he wrote on a schedule or only when struck by inspiration. “I write only when inspiration strikes,” he replied. “Fortunately it strikes every morning at nine o’clock sharp.” Maugham reckoned another deeper truth: that by performing the mundane act of sitting down and starting to work, he set in motion a mysterious but infallible sequence of events that would produce inspiration, as surely as if the goddess had synchronized her watch with his.” — Steven Pressfield from The War of Art

In other words, the difference between a professional and an amateur is that a professional doesn’t wait for motivation. They get to it, even if they don’t feel like it.

7. When you get stuck, reduce the scope, but stick to the schedule.

This idea comes from 37 Signals, and I heard about it from Eric Zimmer and James Clear on “The One You Feed,” podcast. James writes every Monday and Thursday, and he explains that even when there’s a dud of a day, he still shows up and sticks to the schedule.

It doesn’t matter how you feel, it’s about shipping something. Rather than skipping altogether when circumstances get dicey (skipping your workout because you only have 20 minutes, avoiding your writing session because you’re tired), instead, find a way to do something, even if it’s just for a moment. Do jumping jacks for 6 minutes, then 1 minute of pushups. Write 200 words, or three sentences.

Whatever time you have is how much you do.

A little of something is a lot more than nothing.

Click to tweet this quote

8. Behavior change requires… change.

In order to get a different outcome, change the inputs.

This might seem exceptionally obvious, but it’s worth pointing out: if you want a different result, you’ll have to do something differently than you’re currently doing. What you’re doing right now (and for me, it’s spending three weeks not writing, then a day stressing about writing) — isn’t getting you the result that you want.

If you aren’t getting what you want, then what you’re doing isn’t working. In order to get what you want, something about the process will have to change.

What are you willing to do differently to get what you want?

How can you change your habits to get more of what you want?