GTDinbox review

For the past two months, I’ve been using a task management tool called GTDinbox. I installed GTDinbox based on the recommendation as a colleague. Overall, I’ve been pleased with GTDinbox and plan to continue using it but it’s not a perfect tool. I installed GTDinbox based on the recommendation as a colleague. Overall, I’ve been pleased GTDinbox and plan to continue using it but I would not say that it’s a perfect tool.

GTDinbox is implemented as a FireFox add-on. Its rather ambitious goal is to turn “Gmail into a unique task manager to effectively manage your inbox, reduce email overload and maintain inbox zero.”  Unlike services such as RememberTheMilk which, has it’s own cloud backend, GTDinbox builds on top of Gmail. This is a somewhat unusual approach but Gmail has a number of features making it a good basis for a task manager.  Gmail offers free network accessible secure cloud storage that can be accessed through any web browser or less eloquently through any IMAP client.  Additionally, many tasks begin life as emails. Thus integration with Gmail means that these tasks don’t have to be reentered into a new system.

Once you download and install the GTDinbox FireFox add-on, GTDinbox modifies the Gmail UI.  When you view an email, 4 buttons appear at the top of it allowing you assign the email a status by marking it is as either Action, Waiting On, Some Day, or Finished.  You can also assign emails to a contexts  — e.g. “home”, “work”, etc.  –, projects, or references. GTDinbox adds a box to the side bar that allows you to view tasks by Project, Context, or Status. Once you have categorized the email, you can safety archive it to clear up your inbox and then use GTDinbox to track it.

Internally, GTDinbox works by assigning labels to emails.  Context labels start with C/ e.g. C/Home or C/Work. Project labels start with P/. And status labels start with S/.  While these labels have special meanings to GTDinbox they are also regular Gmail labels.  When viewing a message, the GTDinbox label will show up just like other labels. This approach is simple yet it works surprisingly well. I also really like the transparency that comes from using Gmail labels as the basis of the system. When you view active tasks within a context or project, GTDinbox simply displays a Gmail search page using the labels as search criteria.  For example, the following search string is used for the home context “label:c-home (label:s-action OR label:s-some-day OR label:s-waiting-on) -label:s-finished”.  This means that you have less reason to worry about losing your task data.  Even if GTDinbox stopped working, you could still access your tasks directly by viewing labels within Gmail. It also means that you can manipulate your tasks from any mail client.  Obviously accessing and manipulating your tasks this way is a lot less fun but at least it’s possible. For example, I will often manually move order shipment emails to the S/Waiting-on label using my smart phone.

Other features

Want to enter a task that doesn’t come from an email? GTDinbox adds a “Compose Personal” link. This is like the standard “Compose Mail” except that it adds the email directly to your inbox.  You can then label the email as a task just like an outside email. “Compose Personal” is also useful for sending notes to your smart phone.  Now instead of writing down an address or room number, I’ll often just use “Compose Personal” so I can access it by viewing email on my smart phone.

Downsides

Software Environment

GTDinbox requires that you use Gmail.  Most people use Gmail as at least one of their personal email accounts so this is not a huge burden. However, when tasks originate as emails to other accounts such as a work email, some of the convenience of GTDinbox is lost. You must forward the email to Gmail or enter it manually using “Compose Personal” — much less eloquent approaches.

GTDinbox is a FireFox add-on so you must use FireFox to access Gmail in order to use it. This may not seem like a big deal — everyone uses Firefox — but it means that you can’t use tools such as PRISM with GTDinbox. I’ve found PRISM to be a more streamlined way to access Gmail than Firefox, however I stopped using it in order to use GTDinbox. Additionally, you must have permissions on the computer you’re using to install add-ons into Firefox. This may be a problem if you frequently access your email from public computers in places such as school computer labs or Internet cafes. There, it is likely that you will either be unable to install the GTDinbox add-on because Firefox is locked down or you will have to reinstall it every time you access Gmail. For security reasons, I no longer access Gmail from untrusted computers so this has not been an issue for me.

Functional Limitations

Often, the same task involves multiple emails.  For example,  a single online order may involve 3 or more emails: order confirmation, payment confirmation, and shipment confirmation. I usually mark all emails related to an order as Waiting-On until I receive the item. Unfortunately GTDinbox provides no way to combine multiple emails into a single meta-task. Thus these three emails will show up as three unrelated tasks.  This limitation is compounded by the fact that you can’t manage tasks within the message list view.  You must click through to the full message to mark a task as finished or assign it to a project or context.

NO Tickler

Using a tickler file to defer tasks until a certain data and then process them in your inbox is one of the core pieces of GTD. My biggest complaint, about GTDinbox is that there is no way to tell it that you want to defer a task until a certain day and have it hide the task until that time. The closest thing that GTDinbox offers is marking a task as “Some Day” but “Some Day” tasks still show up in context and project views.

Emails Not Assigned a Status Are Untracked

This is one of the things that tripped me up when I first started using GTDinbox. GTDinbox will not track an email unless you must assign it a status — by marking it is as either Action, Waiting On, Some Day, or Finished. Assigning the email to a project or context is not sufficient. Once I became aware of this limitation, it wasn’t a big deal. Still it seems like something that could be fixed.

Can’t edit Email tasks.

GTDinbox is based on Gmail and thus inherits its limitations.  Gmail does not let you edit emails and for normal email this makes sense. However, if you enter a task using compose personal and want to add a note or correct something there is no way to do this. The best you can do is to reply to the email or mark the email task as finished and then create a new task with the changes.

Not maintained or endorsed by Google.

GTDinbox relies on editing the html of Gmail to add it’s enhancements. Although, Google does not do anything to overtly block GTDinbox, it does occasionally change Gmail. Sometimes these changes are enough to break GTDinbox.  When this happens, the creators of GTDinbox are usually quick to release a version that fixes things.  I’ve only been without a working GTDinbox briefly. To minimize down time, install GTDinbox from the Firefox add-on page rather than the GTDinbox site so you get auto-updated.

Conclusions

I’ve tried various methods of task management and so far GTDinbox is the best I’ve found. But it is not a perfect tool. Piggy backing off of another service means that it’s less polished. I get the sense that GTDinbox could be truly amazing if it was acquired by Google and baked into the fabric of Gmail.  Still there is much to be said for the simplicity and transparency of it’s design. It’s a great tool for taming your inbox and managing tasks. Some people swear by paper task lists or local text files.  But if you’re looking for a cloud based task management system, GTDinbox is well worth trying.

While preparing for a panel at Arisia entitled Early Adopters and Not on why people choose to be early adopters, I was trying to find the price history of the Iphone.  Since I couldn’t find a web site that presented historical price data on the iPhone, I decided to put something together myself. I’ve decide share the table I created so other people won’t have to repeat my efforts.

One of my reasons for generally not being a super early adopter is that you price a huge premium for having the latest or great gadget when it’s first released.  And if you wait a little bit you can get the same or better gadget for a lot less. Because the iPhone price is entirely set by Apple, it makes an interesting case study on how much the price of technology drops over time. The official price of the iPhone periodically drops, as shown in the table below. But, there are no sales and a new iPhone is never sold for less than the official price.  (There are occasionally sales on the refurbished iPhones for example on black Friday the refurbished 3GS was sold for $50.00 instead of the usual $150.00.)  Finding historical street price data is harder than historical MSRP data.  For the iPhone both prices are the same.

The table showing the historical price is included below.  Note: I’m sharing this table because I couldn’t find anything like it online. There may be some errors or omissions.  For example, it’s possible that I didn’t include a price change or there is an iPhone model I don’t know about or some of the prices are wrong.  The table only includes new iPhones within the United States. In case you’re wondering I don’t own an iPhone (I decided to go with Android instead).

On Tuesday Brett Glass gave a lunch talk entitled Lessons from Laramie: Broadband Innovation on the Wireless Frontier. The following is a summary of the talk based on notes that I took. The full video is available here and his slides are available here if you want more information after reading my summary.

Disclaimer:

This write up is based on notes I took during the talk. It is entirely possible that I got some of the details wrong. I’ve probably missed some important points as well.  A video of the talk has now been posted to the Berkman web site . I’m posting my notes in hope that they will be useful for those who don’t have the time to watch the full talk and as a way to help people determine if the talk is something they would be interested in watching. This summary is not intended to be a substitute for watching the full talk.  Also, I’m a computer scientist but not an electrical engineer nor an expert on networking. It is entirely possible that I’ve misunderstood important aspects of radio transmission, the electro-magnetic spectrum, or other technical issues.

Brett Glass talked about his experience building and running LARIAT an ISP in Laramie, WY. LARIAT is notable because it was arguably the world’s first WISP (terrestrial, Wireless high speed Internet Service Provider). LARIAT was founded in 1992 as a 501(c)(12) non-profit co-op to serve unserved/underserved areas in and around Laramie, WY in 1992. Glass took LARIAT private in 2003 at the request of the membership. In terms of geographic coverage area, LARIAT has been growing by about the size of the island of Manhattan each year.

The big advantage of wireless Internet for a rural area such as Laramie is the low deployment cost (around $100 per square mile). LARIAT uses residential roof mounted antennas to provide Internet access. They offer houses in prime locations such as hill tops free Internet in exchange for allowing LARIAT to mount roof top antennas which are used to provide Internet access to other homes.

Glass discussed the legal and regulatory environment LARIAT operated in and bemoaned policy decisions made in the absence of science. In particular he argued that policy needs to be made based on Shannon’s Law. Shannon’s Law says that capacity increases linearly with bandwidth but only logarithmically with signal to noise ratio. Essentially this means that while very crowded spectrum is difficult to use efficiently, having exclusive access to spectrum is only marginally better than lightly shared spectrum. Glass’s problem with the current spectrum allocation regime is that there’s really only unlicensed spectrum and exclusively licensed spectrum. Exclusively licensed spectrum is currently prohibitively expensive to obtain and unlicensed spectrum is polluted by consumer devices. He argued that we need a non-exclusively (”lightly”) licensed spectrum which is not polluted by consumer devices and unburdened by needless regulatory requirements. Shannon’s Law tells us that lightly licensed spectrum would be almost as good as exclusively licensed spectrum and vastly better than unlicensed spectrum that is crowded by consumer devices.

Glass detailed the reasons why a small ISP such as LARIAT is essentially forced to use unlicensed spectrum. Currently the FCC only auctions off spectrum rights for very large geographic areas. For example, there were auctions for the spectrum rights to all of Wyoming but not for the right to just Laramie. Another problem according to Glass, is that the foreclosure value of spectrum always exceeds it’s utility value. In other words, the value of the monopoly rents from blocking your competitors is likely to be greater than the ability to profit from the spectrum directly. This is a flaw in our current auction process.

The problem with using unlicensed spectrum such as the 2.4 GHz band to provide Internet access is interference from consumer devices. For example, Glass described an incident he called the “Biki Problem”. A customer reported problems with Internet service only on bright sunny days. The problem turned out to be the customer’s daughter sun bathing with a 2.4 GHz cordless phone in front of the antenna for wireless Internet.

Another issue that LARIAT faced was high bandwidth cost. The Incumbent telecoms charge LARIAT 10 times their cost for bandwidth but LARIAT has no other option. Backbone providers would charge a minimum of $15,000 which would mean that in a town of 28,000 LARIAT would need near 100% market share.

Glass made a number of policy recommendations. With regard to spectrum, in addition to increasing the geographic granularity of spectrum licenses and creating non-exclusively (lightly) licensed spectrum, he bemoaned the fact that much of the spectrum in Laramie is currently unused by it’s licensees. But the licensees are unwilling to rent out this unlicensed spectrum to others. He suggested applying the doctrine of “adverse possession” to spectrum or allowing “homesteading” on spectrum. Essentially if owners of spectrum are not willing to use it productively “squatters” should be free to make use of it. He spoke out against unnecessary regulation and net neutrality regulations in particular but did advocate fixing the broken “middle mile” (special access) market for upstream bandwidth.

Glass’s objection to network neutrality was interesting particularly since most of the Berkman community supports network neutrality. He was concerned that one of the plans that LARIAT offered would not be allowed under come of the current net neutrality proposal. This plan offers customers a guaranteed 256 kbs connection for $30 but does not allow them to run a server and certain file sharing programs. (256 kbs may sound slow but keep in mind that this is a guaranteed minimum. Glass said that the actual speeds will bounce up to 512 during times light times but will never drop below 256 even during “prime time”. By contrast Cable and DSL providers usually advertise a maximum speed which you would be unlikely to obtain in practice.) Glass pointed out that LARIAT was able to offer this plan because it could buy asymmetrical bandwidth cheaper from its upstream providers and that the restrictions on file sharing programs were necessary ensure that bandwidth usage was asymmetrical (e.g. download traffic was larger than upload traffic).

In the Q&A, I suggested that WISPs were a rarity and asked Glass if his policy recommendations – particularly with regard to net neutrality – made sense for areas such as Cambridge where there was only essentially a single choice for Internet. He replied that WISPs are more common than most people realize. Many WISP’s hide to avoid being squashed by big ISPs and a lot of WISPs don’t need to advertise. Glass cited D.C. Access — a WISP that operates in Capital Hill – as evidence that WISPs can and do exist in urban areas. Unfortunately, as far as I was able to determine Comcast seems to be the only option for those of us that live in Cambridge.

I found Glass’s description of LARIAT interesting and his policy recommendations on spectrum seem to have merit. However, I’m unconvinced by his arguments against net neutrality. The sad reality is that for most of the country the market for high speed Internet is a duopoly at best and a monopoly at worst (as in Cambridge). Until we have a truly competitive Internet the potential danger from traffic interference is simply too great not to have net neutrality protections.

This blog post is an idea that I’ve been kicking around for a while but haven’t had the time to research or implement.  I’ve finally decided just to post it speculatively.  I’m really hoping to get feed back from those in the community more knowledgeable about SSL than I am.  Note: This is a relatively geeky topic if you don’t understand what https:// and SSL are this post won’t make much sense…

Introduction

Does anyone know anything about the internals of https?  I was wondering if there is any way to prove that a document downloaded over https really came from the site you claim that it came from.  In other words, if you download a document over https, is there anyway for you to prove to a third party that it actually came from the web site you claim it came from? For example,  let’s say that Alice downloads doc.pdf from https://foobar.com/doc.pdf. https provides Alice assurance that doc.pdf really came from foobar.com (assuming that the certificate is legitimate).  But assuming doc.pdf does not have a digital signature,  if Alice simply sends the downloaded file to Bob, he has no proof that the file actually came from foobar.com. (Obviously, the ideal solution would be for the maintainer of foobar.com to digitially sign the pdf file. But few websites digitially sign the files they distribute and individual users often have no means of convincing a web site to do so.)  My question is whether there is any way for Alice to prove to Bob that she really obtained the file from foobar.com.  I thought that it might be possible for Alice to prove the file’s origin by sending some of the raw network traffic establishing the SSL connection along with the file.  (I’m using a PDF file to simplify the example but presumably the same issues would apply to a web page.)

Use Cases

PACER is an online service used by the United States federal courts to provide online access to court records and documents.  The documents on PACER are generally thought to be in the public domain but remain behind a pay wall.   Efforts such as  the PACER Recycling Project and RECAP allow users to upload PDF documents obtained from PACER to a central server where the documents can then be freely downloaded by others.  However, while PACER uses SSL, it does not provide digitally signed PDF files.  Thus users currently have no way to prove that the documents really came from PACER.

Another use case, is as a replacement for web screen shots.  Because web pages can be easily altered or taken down,  screen shots are often offered as “proof” that a web page used to exist even if it has since been altered or removed.  For example, this CNET news story describes how pranksters from 4chan retaliated against AT&T for blocking their site by posting a fake report saying that AT&T’s CEO died.  The story includes this screen shot of the pranked web page prior to its removal.  Of course screen shots can be easily faked or altered using tools such as Photo Shop or just by saving and editing the html.  Presumably web screen shots posted by CNET are relatively trustworthy, but what about screen shots posted by unknown users?

Ideal Solution

I envision a Firefox extension that would allow a user to easily create an archive bundle for an https: web page containing the page and SSL information proving its legitimacy.  (Obviously this would need to work for single files as well as web pages.)  This bundle would allow other users to view the web page of file as it existed and provide easily verifiable proof that the web page really came from the site in question.

My Questions for the SSL Knowledgable

Is this doable at all?

Screen shots are trivial to fake, if this approach can’t provide perfect proof of the origin of a document how much more assurance would it give you than just a screen shot?

Would releasing the raw https traffic also mean that Alice would be releasing her user name and password?

A minor concern is that the fact that a web site hosted or displayed a particular page is slightly different from the web site signing a file.  Furthermore, there may be issues with XSS vulnerabilities that allow attackers to make an https web site display arbitrary content.  However, XSS attack are a problem now with screen shot being passed around and XSS altered pages could probably be detected by viewing the html source.

But Not All Web Sites Use SSL

It has been repeatedly shown that web 2.0 applications such as gmail and facebook cannot be used securely over an unencrypted connection.  For example, hijacking the account of a facebook users on the same network is trivial. Perhaps I’m being overly optimistic but I believe once these vulnerabilities become more widely know and attack scripts/ exploits become widely available web applications will move to SSL as the default or at least offer https as an option.  (GMail already has an option to enable https though it is buried deeply within the settings.)

Please Comment

There you have it: my first real blog post.  Please let me know what you think.

Update December 13, 2009

Unfortunately, it appears that this won’t work.  The basic problem is that SSL uses a shared key so the client could easily forge messages.  (Initially, technically unsophisticated users might not be able to forge messages and sign them with the key but someone would probably develop an automated tool to do it.)  I still hope that at some point a standardized way to show what a web page showed previously will emerge that’s harder to forge than screen shots. Many thanks to Paco Hope and his colleagues at Cigital for providing feed back on this.

“First Post” as they used to say on slashdot.

This is my first blog post.

After spending far too long considering blogging and agonizing about the optimal approach, I’ve decided to just jump into it.

As such, I’m not sure how this blog will evolve over time.  For example,  I expect to focus on technical topics but I reserve the right to write about other things.  Similarly I’m using blogs.law.harvard.edu because I work at Berkman and it is a convenient platform with has good Google juice but I might decide to move to another server in the future.

Some of my goals of blogging are:

• Increasing my Google rank so I’m the first search result for “David Larochelle”.
• Getting ideas out of my head and into a place where other people can see them.

  I occasionally think of projects or ideas that I haven’t seen mentioned elsewhere.  Unfortunately I don’t have time to implement everything so a lot of this stuff gets stuck in my head.  As they say in “Getting Things Done”, you should get stuff out of your head.  So by posting this stuff here, I hope to get it out of my head and get feed back from the Internet community on what’s worth implementing.

• Having a web site that I can point people to (my old home page is now hopelessly out of date).   I know that home pages are less popular after the rise of social networking but I still think that twitter and facebook are not always enough.  Facebook is quasi-private and twitter’s message limit makes it impossible to deeply discuss things.  Also both services don’t archive well and can be thought of as temporary media.

Well there you have it — the intro to my blog.  Check back soon for a blog post about something other than blogging.