Skip to content


Firefox Armag-addon fix script

It’s rather useless now, but it’s been sitting in my notepad for ages and I don’t have the heart to discard it. It’s still interesting stuff for certificates management.

For those of you who live in a cavern (or are still using Chrome despite knowing better), about 5 months ago, Firefox had a huge snafu: the certificate for signing add-ons expired and they didn’t see it coming (ikr), and since they are geniuses who pretend to know better than their users what’s best for them, signature is mandatory for add-ons. Long story short: all add-ons were disabled as soon as Firefox ran its daily(-ish) signature check.

One of the early fix consisted in delivering an add-on, via the channel used for telemetry/studies, which installed a new certificate. Some smart cookie extracted the certificate from said add-on, and some other one posted instructions on how to import said certificate just by using the browser console, which I found pretty cool.
So here you go:

// Firefox Armag-addon fix script
// Sources:
// - https://www.reddit.com/r/firefox/comments/bkspmk/addons_fix_for_5602_older/
// - https://www.velvetbug.com/benb/icfix/

// Just run this in the browser console (Ctrl+Shift+J) (if you can't, set devtools.chrome.enabled to enable in about:config, although the console available via Ctrl+Shift+I should do the trick too)

// 1) add the certificate from the hotfix
let intermediate = "MIIHLTCCBRWgAwIBAgIDEAAIMA0GCSqGSIb3DQEBDAUAMH0xCzAJBgNVBAYTAlVTMRwwGgYDVQQKExNNb3ppbGxhIENvcnBvcmF0aW9uMS8wLQYDVQQLEyZNb3ppbGxhIEFNTyBQcm9kdWN0aW9uIFNpZ25pbmcgU2VydmljZTEfMB0GA1UEAxMWcm9vdC1jYS1wcm9kdWN0aW9uLWFtbzAeFw0xNTA0MDQwMDAwMDBaFw0yNTA0MDQwMDAwMDBaMIGnMQswCQYDVQQGEwJVUzEcMBoGA1UEChMTTW96aWxsYSBDb3Jwb3JhdGlvbjEvMC0GA1UECxMmTW96aWxsYSBBTU8gUHJvZHVjdGlvbiBTaWduaW5nIFNlcnZpY2UxJjAkBgNVBAMTHXNpZ25pbmdjYTEuYWRkb25zLm1vemlsbGEub3JnMSEwHwYJKoZIhvcNAQkBFhJmb3hzZWNAbW96aWxsYS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC/qluiiI+wO6qGA4vH7cHvWvXpdju9JnvbwnrbYmxhtUpfS68LbdjGGtv7RP6F1XhHT4MU3v4GuMulH0E4Wfalm8evsb3tBJRMJPICJX5UCLi6VJ6J2vipXSWBf8xbcOB+PY5Kk6L+EZiWaepiM23CdaZjNOJCAB6wFHlGe+zUk87whpLa7GrtrHjTb8u9TSS+mwjhvgfP8ILZrWhzb5H/ybgmD7jYaJGIDY/WDmq1gVe03fShxD09Ml1P7H38o5kbFLnbbqpqC6n8SfUI31MiJAXAN2e6rAOM8EmocAY0EC5KUooXKRsYvHzhwwHkwIbbe6QpTUlIqvw1MPlQPs7Zu/MBnVmyGTSqJxtYoklr0MaEXnJNY3g3FDf1R0Opp2/BEY9Vh3Fc9Pq6qWIhGoMyWdueoSYa+GURqDbsuYnk7ZkysxK+yRoFJu4x3TUBmMKM14jQKLgxvuIzWVn6qg6cw7ye/DYNufc+DSPSTSakSsWJ9IPxiAU7xJ+GCMzaZ10Y3VGOybGLuPxDlSd6KALAoMcl9ghB2mvfB0N3wv6uWnbKuxihq/qDps+FjliNvr7C66mIVH+9rkyHIy6GgIUlwr7E88Qqw+SQeNeph6NIY85PL4p0Y8KivKP4J928tpp18wLuHNbIG+YaUk5WUDZ6/2621pi19UZQ8iiHxN/XKQIDAQABo4IBiTCCAYUwDAYDVR0TBAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwMwHQYDVR0OBBYEFBY++xz/DCuT+JsV1y2jwuZ4YdztMIGoBgNVHSMEgaAwgZ2AFLO86lh0q+FueCqyq5wjHqhjLJe3oYGBpH8wfTELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE01vemlsbGEgQ29ycG9yYXRpb24xLzAtBgNVBAsTJk1vemlsbGEgQU1PIFByb2R1Y3Rpb24gU2lnbmluZyBTZXJ2aWNlMR8wHQYDVQQDExZyb290LWNhLXByb2R1Y3Rpb24tYW1vggEBMDMGCWCGSAGG+EIBBAQmFiRodHRwOi8vYWRkb25zLm1vemlsbGEub3JnL2NhL2NybC5wZW0wTgYDVR0eBEcwRaFDMCCCHi5jb250ZW50LXNpZ25hdHVyZS5tb3ppbGxhLm9yZzAfgh1jb250ZW50LXNpZ25hdHVyZS5tb3ppbGxhLm9yZzANBgkqhkiG9w0BAQwFAAOCAgEAX1PNli/zErw3tK3S9Bv803RV4tHkrMa5xztxzlWja0VAUJKEQx7f1yM8vmcQJ9g5RE8WFc43IePwzbAoum5F4BTM7tqM//+e476F1YUgB7SnkDTVpBOnV5vRLz1Si4iJ/U0HUvMUvNJEweXvKg/DNbXuCreSvTEAawmRIxqNYoaigQD8x4hCzGcVtIi5Xk2aMCJW2K/6JqkN50pnLBNkPx6FeiYMJCP8z0FIz3fv53FHgu3oeDhi2u3VdONjK3aaFWTlKNiGeDU0/lr0suWfQLsNyphTMbYKyTqQYHxXYJno9PuNi7e1903PvM47fKB5bFmSLyzB1hB1YIVLj0/YqD4nz3lADDB91gMBB7vR2h5bRjFqLOxuOutNNcNRnv7UPqtVCtLF2jVb4/AmdJU78jpfDs+BgY/t2bnGBVFBuwqS2Kult/2kth4YMrL5DrURIM8oXWVQRBKxzr843yDmHo8+2rqxLnZcmWoe8yQ41srZ4IB+V3w2TIAd4gxZAB0Xa6KfnR4D8RgE5sgmgQoK7Y/hdvd9Ahu0WEZI8Eg+mDeCeojWcyjF+dt6c2oERiTmFTIFUoojEjJwLyIqHKt+eApEYpF7imaWcumFN1jR+iUjE4ZSUoVxGtZ/Jdnkf8VVQMhiBA+i7r5PsfrHq+lqTTGOg+GzYx7OmoeJAT0zo4c=";
let certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB);
certDB.addCertFromBase64(intermediate, ",,");

// 2) recheck all add-ons
ChromeUtils.defineModuleGetter(this, "XPIDatabase", "resource://gre/modules/addons/XPIDatabase.jsm");
XPIDatabase.verifySignatures();

Posted in Firefox.


Using DNSCrypt or DoH (or both) on Windows

A long time ago in a galaxy far, far the same, I setup my previous laptop with whatever was needed to send DNS queries to a DNSCrypt resolver instead of using my ISP’s.
At the time, it was kind of complicated (or at least tedious): I had to install dnscrypt-proxy, and because it had no caching mechanism, I had to also install Unbound on top of it. Both had to be installed as a service, ran at startup, Unbound had to listen to port 53 so that I could tell Windows to use 127.0.0.1 as a DNS server, dnscrypt-proxy had to listen to some arbitrary port, and Unbound had to be configured to query that. Not very fun. And as I was short in time, I never bothered formalizing all this into something that looks like a proper-ish guide. Which discouraged my from doing the same setup on other computers. Until today.

I decided to give it another shot. First surprise, Unbound now has a quite better documentation, with a whole guide (on PDF) for Windows. Before downloading it, I checked out DNSCrypt / dnscrypt-proxy, fearing the worst: last time I check it, the project was abandoned, and it wasn’t very clear what would replace it. Nice surprise there, there are now a bunch of clients, with DNSCrypt-proxy at the top (probably a full rewrite since it’s version 2.x and written in Go). And yet another nice surprise: as I was checking the documentation, I was directed to Simple DNSCrypt, which seems to be the recommended way to install dnscrypt-proxy, if you want to avoid getting a headache.

I don’t have much to say about Simple DNSCrypt, it’s really easy to use indeed (as long as you have a vague idea about how DNS things work), and if I didn’t want an excuse to safe-keep my the links above I could have just made a short “aToad” post about it. The default configuration is globally nice, I’ll just mention a few points/tweaks:

  • You’ll probably have to manually toggle on the DNSCrypt Service, and to configure your network card(s) to use it (no need to go dig into your Windows network settings, Simple DNSCrypt provides a one-click button for that and I don’t think you can miss it).
  • By default, DNSCrypt will be configured to automatically select any resolver with DNSSEC support + no logs + no filter. This includes a CloudFflare server, so you may want to disable this one. This also includes both servers that use DNSCrypt and servers that use DNS over HTTPS, which I find pretty neat.
  • The query log (default off) can be useful to check that your computer is actually using dnscrypt-proxy (but you may want to turn it off as soon as you’ve check, as I guess it will grow big pretty fast). It also show which DNS resolver the request is sent to, so you should notice that dnscrypt-proxy rotates between your chosen servers. Which is great for privacy… and makes it more harmless if you choose to keep CloudFlare in your list.
  • The advanced settings tab lets you enable/disable a DNS cache. It’s great because it means I don’t need Unbound on top of it. However, the default value for the cache (256 entries) isn’t appropriate for me (I run a web crawler, so a value of 2048, for instance, sounds better) and it cannot be edited from the UI. To change it, you need to shut down Simple DNSCrypt (and possible dnscrypt-proxy too, not sure about that), then modify the cache_size line in C:\[path to Simple DNSCrypt]\dnscrypt-proxy\dnscrypt-proxy.toml.

It also has more advanced features, like a domain blacklist, which might be more comfortable than using the good old HOSTS file (although beware it obviously won’t block anymore if your system somehow switches back to your ISP’s DNS), and a “cloak and forward” feature, which I haven’t looked into (and I’m not sure what this does ^^)

I’ve been using this for a few days. So far, no issue, no extra latency, no abnormal DNS error rate in my web crawler… Looking good! And since it’s so easy to set up, I’ll probably put it in all my other computers soon 🙂

Posted in Internet, software, Windows.


A guide to shitty web designs (please don’t do this)

“Things used to be better in the past.” Sounds familiar? While it may be a simple sign of nostalgia, sometimes… it’s just true.
Website designs have improved in many ways over the last couple of decades. For instance, see a blast from the past here if you want to hurt your eyes with some ancient designs that are still online. Although they aren’t the worst (those have been taken down ^^). But not all changes are good, and modern websites tend to increasingly have some UX flaws that barely occurred, if at all, in the past.

Here’s a list of 8 of such annoyances. It’s not a “top 8”, it’s just things I wrote down as I was encountering those flaws. They’re not sorted, not exhaustive, and you’ll see they mostly revolve around login procedures for some reason.

1) The hidden login form

Some websites place an extreme focus on the sign-up form, and neglect/hide/bury the login form. Combined with a tendency to make sign up forms as simple/short as possible, it makes it very easy to get mixed up. These days, I regularly fill sign up forms by accident, when what I meant was to log in. Simply because some stupid UX designer put a 2-field registration form right where you would expect a log in form. And then the form tells me “this account already exists”. Yes, I know, I was trying to log in.
I don’t get the logic in their twisted mind: you only register once, you log in many times, why the hell make it longer to log in than to register?! To me, it signals that they desperately need more registrations… Gladly, it’s still rather rare.

2) The 2-step login form

When I started web development, a good practice, on a failed login attempt, was to show a generic error message like “invalid credentials”, giving the user no indication of whether or not the ID they entered was a valid ID in the first place.
I don’t know what the hell happened, but at some point this commonsense practice became an oddity. And then some morons started to design 2-step login forms like: 1) type your e-mail 2) we tell you if it’s a valid ID, and if so now you type your password. I don’t know who started it all, but the first time I saw that was for the… Gmail login. Kudos, Google!

When this was introduced, I remember a bunch of discussion on IT/dev forums, basically all agreeing that this was not just silly, but a security issue. With such a system, typically you can check if e-mail address X@Y.Z is a registered user on site shitdesign.com. Random example: imagine if Pornhub did that? (NB: I just had a look, they don’t*)
Some websites have thought about that. But they tried to be smart: instead of reverting back to the good, old-fashioned way to do a login form, they had the genius idea to keep the 2 steps and add… a CAPTCHA! And not just one, but 2: one after entering your ID, then another one after entering your password. Isn’t that brilliant? What did you say? You can’t believe people can be that stupid? Well, believe me now:

2-step login with a CAPTCHA, step 1 2-step login with a CAPTCHA, step 2

Oh and although it prevents massively checking if a list of e-mails have an account, it doesn’t prevent manually checking a few e-mails.

Apart from this problem, which people who “have nothing to hide” maybe won’t care about (although captchas are never very fun), those 2-step login forms have the very, highly annoying characteristic of making it a pain to use a password manager. RIP credentials autotype! Thanks smart UX designer!

3) Other BS that breaks password managers

Two-step login isn’t the only thing that breaks password managers. Some sites show cute modals and stuff, but sometimes those decorative features use weird JavaScript that makes the login form vanish as soon as it loses focus (say… when you want to switch to your password manager to trigger auto-typing). On the plus side, that’s not a voluntary “feature”, so you can expect it to be fixed, eventually (Namecheap was the example I had in mind for this, but I just checked and they did fix it, hurray). On the downside, there’s little chance that the website operator bothers fixing that if you ask them to, so you’ll probably have to wait for a while for a fix.

Another password manager annoyance comes from most banking sites, who provide a virtual keyboard (well, numpad) that you must use to enter your passcode. No copy-pasting, no auto-typing, you must use their damned numpad. For your safety. From a banking site that generally forces you to use a 6-digit password (but not your birthday, yes we made it just the right size for a birthday but don’t use that). Meh.

4) The non-working “remember me / stay logged in” feature

Not a big annoyance here, but when you have a checkbox, on the login form, that says “stay connected”, then when you check it you do expect to stay connected for “a while”. I.e., at least until you come back to your browser the day after. I’ve seen a few websites, typically financial, where “stay logged in” would still result in your session being terminated the day after, or even just after a few hours. I get that they want to disconnect people “for security reasons”, but then maybe… just drop the “stay logged in” checkbox?

5) The CAPTCHA on the first login attempt

When CAPTCHAs became standard good practice on login forms, in most of the places that use them, you’d be allowed to try to log in a few times (maybe 4 or 5 times) without any CAPTCHA. And only then, after a few failures, you’d get a CAPTCHA. Basically, at that time, the CAPTCHA was a quality-of-life improvement, as it came as a replacement to things like “after 5 failed login attempts, lock the account for a while”.

But eh, this still required counting failed login attempts. Too much work. Eventually, webmasters gave in to laziness: why bother counting failed attempts, when you can just shove a CAPTCHA down the user’s throat every single time? And here we are now, I don’t remember where and when was the last time I saw a site that would allow you to log in without a CAPTCHA on your first attempt (while showing one after a few failures).

6) 2FA with a mandatory phone number

I’ve seen some websites recommending an authenticator app for 2-factor authentication rather than SMS because “SMS is not secure”. It’s true, so fair enough. Yet those sites still forced people to use SMS to set up their 2FA… How rational is that?

6b) Mandatory 2FA

Just… Don’t… Combined with 6) (which applies to absolutely all 2FA implementations I’ve seen so far), it’s nothing more than an excuse to require / collect phone numbers.

7) Mobile-centric design

A punch in the face of PC users. “Yeah, we know you’ve got a better device, but we decided we only care about shit devices and we want you to have the same shitty user experience as mobile users”.
Having a design that works nicely on mobile is nice. But it shouldn’t come at the cost of destroying the user experience on larger clients that are more fit to display web pages. No matter what designers tell you, it’s not possible to have the same experience on a 6″ screen as on a 20″ screen. Until you decide you’ll waste 14″.

8) Not showing the date in blog posts / news articles

Seriously, wtf? When someone posts and article on Reddit, and you can’t figure out if it was published yesterday or 2 years ago.

Footnotes

* They even show a message saying “We have sent you an email with your username and a link in order to reset your password” to any password reset request (no matter if the typed e-mail actually owns an account or not). Which is the proper way to do things.

Posted in web development.


How to capture Visual Studio Code in OBS Studio

I messed around a bit with OBS Studio lately, and found it wouldn’t manage to see Visual Studio Code if I tried adding it just like a game (Source => Add => Game Capture).

After a quick search, I found a solution explaining that it’s based on Chrome (nothing new here), and that as such OBS can only see it if hardware acceleration is disabled. That came a bit as a surprise to me, as obviously games use hardware acceleration and can be capture, but why not.
They also said Game Capture would still not work (gah!) and that Display Capture should be used instead. Now that’s a real bummer, because display capture means it needs to be cropped in order to show just the part that I want (notably, not the taskbar), and also it means that you have to be careful about everything that might get on your screen… much less convenient than capturing a specific program.
Indeed Game Capture doesn’t work (I tried). Eventually, I tried using Window Capture and… it worked. It still needs to be resized/cropped a bit if you don’t use a window that matches your target video resolution (unless you don’t mind some blank space), but that’s still way more convenient than Display Capture IMO.

Recap:

  1. Start Visual Studio Code with the --disable-gpu argument (I’d recommend editing your shortcut, no hardware acceleration is theoretically slower, but I didn’t really notice any difference)
  2. In OBS, use Window Capture to target your Visual Studio Code window

Posted in software.


Removing EasyAntiCheat on Windows

EasyAntiCheat, just like and client-side anti-cheat software, is cancer. It can spy on your whole computer, harvest any file, any stuff in your RAM (password manager much?), and you just shouldn’t install any game that comes with it.

Still, if you do, and if after that you uninstall said game, EasyAntiCheat will remain installed on your computer. Yes, even if you ran the EAC installer/uninstaller manually before removing the game. Namely, a couple of files will remain in C:\Program Files (x86)\EasyAntiCheat, as well as an EasyAntiCheat service.

So in order to get rid of it fully, you’ll have to do a couple of things manually:

  • delete that C:\Program Files (x86)\EasyAntiCheat folder
  • remove the EAC service, by running sc delete EasyAntiCheat in a command prompt (which must be ran as administrator)

There, I believe that’s all you need to clean up. But again, the best move is to not install it at all, if you can.

Posted in privacy, security, software.


Killing processes in Windows with a batch script

We’ve all had, at least a few times, some random program that would freeze and that for some reason the Windows Task Manager would fail to terminate in a timely manner. It turns out that I have, at the moment, a couple of repeating offenders in that matter. A freeze a few times a year is slightly annoying, but a couple of freezes each week seriously got on my nerves.

So I searched a little, and eventually found a way to kill a program instantly, skipping any pre-exit confirmation. Simply this:

taskkill /F /IM calc.exe

It will kill all processes from executable calc.exe, immediately. If it’s always the same program causing issue, you can just put it in a batch file (.bat) and run it whenever you need. I did that for 2 programs, one of which doesn’t even freeze, but I wanted to skip the long exit process, as an unclean exit causes no issue for this program.

If you want to keep the pre-exit confirmation, lose the /F:

taskkill /IM calc.exe

You can also kill by process ID. It’s nice when you have multiple instances of a program running, and you just want to kill a particular one (for instance just one browser tab that’s gotten out of control). But the drawback is, as process IDs always change, that you can’t make a batch file that you’ll just have to click: you’ll need to look up the process ID every time. The syntax is:

taskkill /PID [process ID]

Source, plus quite a few more examples / ideas: https://www.windows-commandline.com/taskkill-kill-process/

I tried this on Windows 10, but I assume it already works in Windows 7 / 8, and possibly even XP.

Posted in Windows.


Linux script to automatically shutdown when load average is low

I’ve been using on-demand machines (similar to AWS EC2 and Google Cloud VM instances) to perform large computations. Those machines are both pay-as-you go and pretty expensive, so you want to terminate them as soon as your computations are done.

I’m sure there’s some fancy way, using tools provided by the cloud machine provider, to automatically shut down a machine that’s idle. But I thought, rather than looking for each vendor-specific, complicated (and likely billable) solution, I’d come up with a bash script. And here it goes:

while :
do
  load5M=$(uptime | awk -F'[a-z]:' '{ print $2}' | cut -d, -f1)
  threshold=0.5
  echo $load5M
  if (( $(echo "$load5M < $threshold" | bc -l) )); then
    sudo shutdown now
    break
  fi
  sleep 5
done

It's an infinite loop, with a 5 seconds pause, which gets the load average over the last 5 minutes, displays it, and if it's lower than the defined threshold of 0.5 (that's half a CPU core), immediately stops the machine. Simple enough, apart from the 2 magic lines needed to get the load average and to do a comparison between 2 floats (I found that surprisingly tougher than comparing 2 integers!)

A little warning though: be sure to test it, to check that your provider doesn't automatically restarts a terminated machine. That's quite unlikely, but it would be a shame ^^

Posted in Linux.


How to install an old version of a game in Steam

There are multiple guides for this already, but they’re just too insufferably verbose and long. If you need a long version, see one of them, like this one. Otherwise, here is a short version:

Concise step-by-step

  1. Go to steam://nav/console (this opens the steam console)
  2. Run download_depot [appid] [depotid] [manifestid]
    (more details, notably how to find those IDs, at the end of the post)
    NB: the download can be slow, and it won’t show any progress.
  3. Note where the game was downloaded. It will typically be located in [WhereverYouInstalledSteam]\steamapps\content\app_[appid]\depot_[appid]
  4. Find where the current game version is installed (in Steam client, right-click on the game → properties → local files → browse local files)
  5. Replace the current game files with the newly downloaded ones (keep a backup if you want – although re-downloading the latest version is trivial)

Some more details on step 2.

The app ID and depot ID are technically useless since manifest IDs are unique, but Valve decided to make them mandatory anyway. I guess they just want to make sure running commands, while still possible, is as painful as possible.

For instance, to get the June 5, 2019 – 10:55:15 UTC version of “Love Thyself”, you’ll run
download_depot 949060 949061 7335981433319872232
and it will be downloaded into
[WhereverYouInstalledSteam]\steamapps\content\app_949060\depot_949061

The app and depot IDs can be found here: https://steamdb.info/app/949060/depots/
And the manifest IDs can be found here: https://steamdb.info/depot/949061/manifests/

Posted in Uncategorized.


How to catch wild pigs

You catch wild pigs by finding a suitable place in the woods and putting corn on the ground. The pigs find it and begin to come every day to eat the free corn. When they are used to coming every day, you put a fence down one side of the place where they are used to coming. When they get used to the fence, they begin to eat the corn again and you put up another side of the fence.

They get used to that and start to eat, again you continue until you have all four sides of the fence up with a gate in the last side. The pigs, who are used to the free corn, start to come through the gate to eat, you slam the gate on them and catch the whole herd.

Suddenly the wild pigs have lost their freedom. They run around and around inside the fence, but they are caught. Soon they go back to eating the free corn. They are so used to it that they have forgotten how to forage in the woods for themselves, so they accept their captivity.

It works on humans too: the government keeps pushing us toward communism/socialism and keeps spreading the free corn out in the form of programs such as supplemental income, tax credit for unearned income, tobacco subsidies, dairy subsidies, payments not to plant crops (CRP), welfare, medicine drugs, etc. while we continually lose our freedoms just a little at a time.

There is no such thing as a free lunch.

Source: http://www.crossroad.to/Victory/stories/wild-pigs.htm, but it’s actually a pretty common story

Posted in Uncategorized.


Cutting off work-related digital distractions at work

I recently realized that I wasn’t as productive as I wished I was at work. Sure, the colleagues playing pool at any random time of the day right next to my desk, or the whistling and singing (seriously!) in the open space don’t help, but I noticed I was also distracted by something sneakier: some of my very work tools. Namely, Slack and e-mails.

Slack

Slack’s business consists in empowering users to replace their too numerous short e-mails that span long threads with… a hundredfold more numerous instant messages that fill a screenful of channels. Gee, what an improvement! Even with desktop notifications off and my phone most often in airplane mode, the red icon in the Slack browser tab, and e-mail notification if I ignore it too long, guarantee regular distractions. I eventually resorted to some drastic measures:

  • Leaving some channels where I really wasn’t relevant. Like that channel where designers configured Zeplin to send notifications every time they commit a change
  • Muting chitchat channels like #random or #music
  • Starring as few as possible important channels, and hiding by default all channels except the starred ones and those with unread stuff
  • Limiting notifications to mentions and direct messages (and keywords, but I don’t have any), when I have to have notifications on (when working remotely)

I’m down to 6 starred channels and 4 muted channels out of around 25+. I also starred 3 private messaging channels, with tiny groups of people I regularly exchange with. I didn’t leave that many channels, I’d say about 3 or 4. But even then, Slack is now a lot less distracting. Unread stuff flashes way less often, and whenever I do check updates in those less important channels, as soon as I leave them they disappear again. Out of sight, out of mind.

Note that muted channels will reappear when you have unread messages in them, only they won’t be highlighted (unlike non-muted channels). Now that I think of it, this seems logical, but at first I was a bit surprised by this.

E-mails

That may be a bit trickier depending on your setup and habits. When I last changed my e-mail provider, from the start I added folders and I set up filters so that habitual incoming e-mails end up right where they belong, rather than flood my inbox. Try to do that. But not all at once: every time a new e-mail arrives, see if it’s a regular one that should fall into a folder. By regular, I don’t necessarily mean newsletters: it could also be for instance a contact with whom you exchange regularly.

Since I mentioned newsletters: ditch them. Seriously, if you do just one thing about your e-mails, I think that’s the one, and that’s easy enough. Like the incoming e-mail filter, don’t try to do it all at once, do it as they come. When a newsletter arrives, ask yourself: does it really interest me? Has this newsletter interested me at any time within the last X months? If no, hit that unsubscribe button. If yes, ask yourself if you really need to have that information pushed into your inbox, or if you can just actively consult it in your own time.
Unsubscribing is easier than ever now, as GDPR prompted newsletter managers to make sure unsubscribing is easy. Since I started the draft of this post, I think I unregistered from about 20 newsletters. My e-mail box feels so much quieter now 🙂

A last idea about your e-mails, although that one is hard to reach: try to keep your inbox empty. The previous tips are more important, and kind of a prerequisite, in order not to waste time moving e-mails around. Also, achieving a truly empty inbox might be a bad goal if you focus on it so much that it becomes in itself a distraction. But an empty, or near-empty, or at least an inbox where you can see the bottom of the list without scrolling feels quite relaxing to me. So I do try to keep my inbox to less than a screenful. Even if it means moving some e-mails into a “todo” folder that I process regularly: the inbox is where I land whenever I open my e-mail tab, a little stash out of sight in a todo folder feels better than a crowded inbox.

TL;DR

Slack: leave and mute channels, star the few important channels, hide non-starred channels, tune down (or fully turn off) notifications
E-mails: unsubscribe from newsletters, auto-sort regular incoming e-mails into folders, move the rest manually out of the inbox

Posted in Uncategorized.