BrainPickings on the source of creative breakthroughs


The most significant human achievements between Aristotle’s time and our own — our greatest art, the most enduring ideas of philosophy, the spark for every technological breakthrough — originated in leisure, in moments of unburdened contemplation, of absolute presence with the universe within one’s own mind and absolute attentiveness to life without, be it Galileo inventing modern timekeeping after watching a pendulum swing in a cathedral or Oliver Sacks illuminating music’s incredible effects on the mind while hiking in a Norwegian fjord.

From today’s BrainPickings. Read it.

Photo Credit: Pavel Lunkin via Compfight cc

Annual performance reviews are now out of vogue

When I was at Andersen Consulting, Accenture’s precursor, the “forced ranking” review cycle was the norm. Managers were given a curve, and had to map their team to that curve — you could only have x% “super high performers” and y% typical performers and, by fiat, z% of the team had to fit into the “lower performance” part of the curve. It’s notable to see how now, not-that-much-later, they’ve turned 180 degrees.

In big move, Accenture will get rid of annual performance reviews and rankings (WaPo)


Our evening with Keith Haring

On February 12, 2015, a small group of friends had the rare opportunity to take a private tour of the exhibit “Keith Haring: The Political Line” at the de Young Museum in San Francisco. Julian Cox, curator of the exhibit, shared his perspective throughout the tour. Click on any image in here to see the full set of snaps.


While I had known about Haring’s work through its ubiquity in pop culture in the 80’s, I wasn’t aware of the insane volume and breadth of work he created in just a few short years. I also wasn’t aware of the full extent of media in which he worked. Graffiti? Check. Oil on canvas? Check. Sculpture? Check. Paint on tarps (tarps?). Check. Prolific doesn’t begin to describe it. Sharpie on metal? Sure. Paint an entire car? Let’s do that as well. Crushingly, Haring was active for less a decade in the public eye; he died in 1990 at age 31 of complications from AIDS.


In describing most of the work we saw, “subltely” was not a word that would typically be used to describe it — day glow colors, shocking imagery, garish forms. There was even a 14′ phallus. (Yup.)


That said, there was one piece I could spend hours or days thinking about. The Last Rainforest, which was painted in 1989 only a few months before Haring’s death, is breathtaking.

The Last Rainforest

Keith Haring: The Last Rainforest (1989)


I highly recommend clicking through on the image above, and then zooming in on the detail. It’s as complex a story as Rodin’s depiction of Dante’s Inferno in the The Gates of Hell. It’s absolutely mind-bending in its complexity and in the number of stories that are included.

After the tour, we had the opportunity for our small group to take over one of the galleries for an incredible meal. (It was kind of like this, but without quite as much Russell Brand.)

All in all, an enlightening evening. Would do it again in a heartbeat.



Tools I use: Plus/Delta

There are a few tools I use on an almost weekly basis. Some of these help me get more stuff done, some of them help me do things better. One of these tools is Plus/Delta.

Plus/Delta is dead-simple. Two columns, one labeled “Plus” and one labeled “Delta.” You can do it on a whiteboard, on a collaborative Google Doc (here’s one), on paper, on Post-Its or on index cards. Have a facilitator scribe, or have the participants write their Plusses and Deltas on notecards or on Post-Its. Have the participants in the session articulate what worked well (“Plus”) and what they would change for next time (“Delta”). Capture everything, summarize the key points, learn from it and iterate. The whole process shouldn’t take more than 10-15 minutes.


It pretty much works with any size group; I’ve used it in groups up to about twenty or so. If the group is really large, break it into smaller subgroups and have each group do its own Plus/Delta. Then have each group pick a representative to share their results to everyone in the larger group in turn.

Plus/Delta works best when you make it a default part of a process. It’s just “the thing you do after you did something else.” For example:

  • Did you just do a two-day workshop? Have the participants engage in Plus/Delta near the end of the second day in order to understand how to do a better workshop next time.
  • Did you invest time to go to a conference? Plus/Delta.
  • Did your team pitch a project to a client? What do you do when you get back to the office? Plus/Delta.
  • How did that last development sprint go? Plus/Delta.
  • Is that an antelope driving a car? Plus/Delta. (Nope. Chuck Testa.)

You can learn more about Plus/Delta in the book Gamestorming, by Dave GraySunni Brown and James Macanufo. It’s one of dozens of tools in the very rich Gamestorming tool kit.

By the way, this post came about as part of the Weekly Post Challenge, proposed by Dre Armeda. You can find a few other posts from this week by Mendel KurlandKelley Koehler, Chris Ford, Matt MedeirosDre Armeda and an epic post from John Hawkins on how to produce a podcast.

image: Johanna Kollmann via cc by 2.0


You’re doing awesome

Just saw a great lightning talk from Mickey Kay at WordCamp SF 2014. It was only about five minutes long, and was a great reminder of the fact that we are all newbies. Even if you’re an “expert” in a field, there’s always more to learn. More importantly, if you are truly a n00b, there is one thing to remember, first and foremost. That thing is: You’re doing awesome.

Mickey Kay

You’re trying. You’re doing. You’re actually moving forward, even if it doesn’t feel like it at times.

Mickey then shared his three rules for keeping the forward momentum going.

Make as much as possible.

Make as much as possible. Be a creator. You power through the newbieness by getting your hands dirty.

Share your problems.

Share your problems. As much as you like to think it, you’re not a unique snowflake. Someone else has had this problem before. Maybe they can help you. Or, if someone else is also having the problem now, maybe you can work on solving it together.

It’s okay to not know.

It’s okay to not know. You don’t know everything. Neither does anyone else. In Mickey’s anecdotal survey of a number of “experts” in the WordPress field, he said that over 40% stated that they are often exploring new ground when they’re trying to solve a problem. There are no rote answers. It’s okay to be discovering as you go along.

Good reminders for all of us.

It’s most definitely go time: I’ve joined GoDaddy

It’s official: I’ve joined GoDaddy. I am incredibly stoked.

(Ob disclosure: while I’m now an employee of GoDaddy, these are my personal opinions.)

This is a company that has gone through an incredible maturation process in the past few years, and where the company is now is miles ahead of where it was even 24 months ago, both in brand and in product. The T&A Super Bowl ads are long gone, the products are getting solid reviews, and a lot of attention is being paid to customers: from small businesses to web designers and developers (including WordPress, Drupal and Joomla!) to mobile and local.

In particular, I’ll be working with our customers who are web professionals, ensuring that we’re engaging with communities of designers and developers and delivering the content, community and product that help this very important constituency kick ass.

Tomorrow is my first “official” day.

Let’s go!


New job == new swag sweatshirt. Bonus.

How to enable two factor authentication on 50 top websites including Facebook, Twitter and others

Padlock 800px

Two factor authentication (also called 2FA) is the term for a second form of authentication that is required before a web service allows you to log in. Typically, 2FA is enabled by sending a text message with a one-time code to your mobile phone, which you then need to enter in addition to your password. (This is often referred to as needing to have “something you know” such as your password, and pairing it with “something you have” such as your phone.)

Decided to do a little research on a number of common web services, in the wake of the Heartbleed bug from this week. While engaging in a best practice such as using a different password for every site and managing those passwords through a password manager (e.g. LastPass or 1Password) can provide an increased level of security, enabling 2FA is another highly recommended tool in the personal security toolbox. So, without further ado, here are the links to enable 2FA for fifty top websites. If you see any errors, or have other sites to add, please leave them in the comments and I’ll try to update this list.



How to enable 2FA

Adobe Creative Cloud

Adobe Creative Cloud does not currently support 2FA.

N/a and Amazon Prime do not currently support 2FA.


Amazon Web Services (AWS)

“AWS Multi-Factor Authentication (MFA) is a simple best practice that adds an extra layer of protection on top of your username and password. With MFA enabled, when a user signs in to an AWS website, they will be prompted for their username and password (the first factor – what they know), as well as for an authentication code from their AWS MFA device (the second factor – what they have). Taken together, these multiple factors provide increased security for your AWS account settings and resources.”

Apple iCloud

“Two-step verification is an optional security feature for your Apple ID. It requires you to verify your identity using one of your devices before you can:

Sign in to My Apple ID to manage your account.

Make an iTunes, App Store, or iBooks Store purchase from a new device.

Get Apple ID-related support from Apple.

Turning on two-step verification reduces the possibility of someone accessing or making unauthorized changes to your account information at My Apple ID or making purchases using your account.”

Apple iTunes

“Two-step verification is an optional security feature for your Apple ID. It requires you to verify your identity using one of your devices before you can:

Sign in to My Apple ID to manage your account.

Make an iTunes, App Store, or iBooks Store purchase from a new device.

Get Apple ID-related support from Apple.

Turning on two-step verification reduces the possibility of someone accessing or making unauthorized changes to your account information at My Apple ID or making purchases using your account.”

Bank of America

“The SafePass feature is Bank of America’s extra layer of protection against fraud and identity theft as you use Online Banking. The SafePass feature lets you authorize transactions using one-time, 6-digit Passcodes.”


“Add another layer of security to your account by enabling phone verification. Every time you sign in, we’ll send a text message to your mobile phone with a verification code. You can also verify your sign in with a phone call.

Phone verification will be applied to all the accounts you access with your ID. You’ll also be prompted for a security code on mobile devices.”


“For added security on your account, you can enable your smartphone as a second authentication method at login. Once two-factor authentication is setup, you will need to use it with your username and password at login.”


“Phone verification will be applied to all the accounts you access with your ID. You’ll also be prompted for a security code on mobile devices.”


BlueHost does not support 2FA.


“In order to enable 2-step login verifications for your users, navigate to the Security tab within Enterprise Settings. In the Application Management section, check the box next to the “Login verification” label. Please note that if Single Sign On (SSO) is enabled for your account, you will not be able to turn on 2-step login verification.”


“2-Step Login, adds an extra layer of security for your Buffer account. Whenever you log in to your account, after entering your username and password, you will be asked for a second authentication code that was sent to your mobile phone via text or free mobile app.”


CapitalOne does not support 2FA.


“When you first attempt to log in to Chase Online with using the Chase Mobile browser, we’ll ask you to verify that you own the accounts you want to access. To do this, you’ll need to request an Identification Code, which you can receive by phone, email or text message. When you receive your Identification Code, use it to complete the activation process and log in to the secure site on This helps protect your accounts from unauthorized access, even if someone has your login credentials.”


“With web performance and security being the core of CloudFlare, we are always looking for ways to improve not just our customers’ website security, but their account security as well. Therefore, we are excited to now offer two-factor authentication for all CloudFlare accounts.”


“Two-factor authentication is a great way to make your Coinbase account more secure.

What is it? Well, it’s a fancy word that basically means “getting a pin code on your cell phone” when you log in.”


“Multifactor Authentication is a way to increase the security of your account that requires you to enter additional one-time passcodes before you can gain access to your DreamHost account. It’s a smart move that can help to protect you from hackers and website hijackers.”


“Two-step verification is an optional but highly recommended security feature that adds an extra layer of protection to your Dropbox account. Once enabled, Dropbox will require a six-digit security code in addition to your password whenever you sign in to Dropbox or link a new computer, phone, or tablet.”


eBay itself does not seem to support 2FA, but purchases completed using eBay’s PayPal do support two factor authentication. Update: @tehdpeh has pointed out that eBay uses the same 2FA system as PayPal

Via PayPal


“When you first joined Etsy, you entrusted us with the responsibility to protect the personal information necessary to set up an account, make a purchase, or open a shop. In turn, we ensure that each new feature we launch on Etsy lives up to our high standards of security and Internet privacy. We are happy to share that today we’re launching three new optional security settings that offer Etsy members further control and visibility into their accounts. Additionally, as our platform has evolved in the last year, we’ve revisited our policies and are making several changes to our Privacy Policy. I’ll walk you through both below.”


“We take the security of your data very seriously. Several months ago, we introduced two-step verification along with several other security features. Today, we’re opening two-step verification up to everyone.”


“Facebook has always been committed to both protecting our users’ account and information, as well as giving them more control over their Facebook experience. From our User Operations team, who work to re-secure compromised accounts, to the Engineering team that designs and implements new security features like login notifications, one-time passwords, and remote session management, everyone at Facebook is working to ensure users have a safe, enjoyable experience.”


“Two-factor authentication, or 2FA, is a way of logging into websites that requires more than just a password. Using a password to log into a website is susceptible to security threats, because it represents a single piece of information a malicious person needs to acquire. The added security that 2FA provides is requiring additional information to sign in.

In GitHub’s case, this additional information is a code delivered to your cell phone, either as a text message (SMS) or generated by an application on your smartphone. After 2FA is enabled, GitHub generates a security code that is sent to your phone any time someone attempts to sign into your GitHub account. The only way someone can sign into your account is if they know both your password and have access to the security code on your phone.”


“2-Step Verification adds an extra layer of security to your Google Account, drastically reducing the chances of having the personal information in your account stolen. To break into an account with 2-Step Verification, bad guys would not only have to know your username and password, they’d also have to get a hold of your phone.”


“Two-Step Authentication adds another layer of security to your account by texting you a validation code to enter whenever you log in or make important account changes.”

Google Apps

“2-Step Verification adds an extra layer of security to your Google Account, drastically reducing the chances of having the personal information in your account stolen. To break into an account with 2-Step Verification, bad guys would not only have to know your username and password, they’d also have to get a hold of your phone.”


“2-Step Verification adds an extra layer of security to your Google Account, drastically reducing the chances of having the personal information in your account stolen. To break into an account with 2-Step Verification, bad guys would not only have to know your username and password, they’d also have to get a hold of your phone.”


“HootSuite’s 2-Step Verification security feature uses Google Authenticator (powered by Google) to enhance the protection of your HootSuite account.

Google Authentication uses something your know (your password) and something you have (your mobile device). You will receive a short numeric code on your mobile device to enter in addition to your username and password. Each code has a one-time use, and a new code will regenerate every 30 seconds.

Paired with HootSuite’s Location Verification System, your HootSuite account has added protection no matter where you are.”


HostGator does not support 2FA.



Instagram does not support 2FA.


Intuit TurboTax

Intuit TurboTax does not support 2FA.



“Two Factor Authentication (TFA) is a 100% Open Source, free to use security system for your Joomla site’s backend. Two Factor Authentication works in collaboration with the Google’s famous Authenticator App.”


“At LinkedIn, we are constantly looking for ways to improve the security of our members’ accounts. All LinkedIn accounts are already protected by a series of automatic checks that are designed to thwart unauthorized sign-in attempts. Now, we are introducing a new optional feature that adds another layer of security to your LinkedIn sign-in: two-step verification.”


“AlterEgo is a MailChimp app designed to add two-factor authentication to your account. Integrating AlterEgo with MailChimp helps keep your data safe by providing an additional layer of security that must be breached before an attacker can access your account. Because we feel so strongly about security, we also offer a 10% discount for MailChimp accounts integrated with AlterEgo.”


“The PayPal Security Key creates random temporary security codes that help safeguard your PayPal account when you log in. It comes in 2 types, each with different advantages:

Security key: You carry this small credit-card sized device with you. It creates a unique security code on the go.

Mobile phone security key: You can sign up to get security codes sent by text message to your mobile phone.”


Pinterest does not support 2FA.


“Two Factor Authentications – is a system wherein two different methods are used to authenticate. Using two factors as opposed to one delivers a higher level of authentication assurance.”


Secret does not support 2FA.



Snapchat does not support 2FA.



Soundcloud does not support 2FA.



StackOverflow does not support 2FA.



“Steam Guard is an additional level of security that can be applied to your Steam account. The first level of security on your account is your login credentials: your Steam account name and password. With Steam Guard, a second level of security is applied to your account, making it harder for your Steam account to fall into the wrong hands.”


SurveyMonkey does not support 2FA.



Target does not support 2FA.



“TFA makes it especially difficult for anyone other than you (e.g., hackers, exes, et al) to access your Tumblr account. How? Well, aside from your regular login info, you’ll need a couple extra things to get to your Dashboard:

Your phone (which you’ve password-protected, right?)

A unique, single-use code (sent via text or generated by an authenticator app)”


“Every day, a growing number of people log in to Twitter. Usually these login attempts come from the genuine account owners, but we occasionally hear from people whose accounts have been compromised by email phishing schemes or a breach of password data elsewhere on the web.

Today we’re introducing a new security feature to better protect your Twitter account: login verification.

This is a form of two-factor authentication. When you sign in to, there’s a second check to make sure it’s really you. You’ll be asked to register a verified phone number and a confirmed email address.”

Wells Fargo

WellsFargo does not support 2FA.


“The Google Authenticator plugin for WordPress gives you two-factor authentication using the Google Authenticator app for Android/iPhone/Blackberry.

If you are security aware, you may already have the Google Authenticator app installed on your smartphone, using it for two-factor authentication on Gmail/Dropbox/Lastpass/Amazon etc.

The two-factor authentication requirement can be enabled on a per-user basis. You could enable it for your administrator account, but log in as usual with less privileged accounts.”


“For Yahoo! checks not only the password when somebody—you, hopefully—attempts to log in to your account; it also looks at the location and computer whence the attempt is made. If one looks suspicious (say, a device you’ve never used before), Yahoo! Mail can require more than merely the password—if you have two-step authentication enabled.”


“2-Step Verification adds an extra layer of security to your Google Account, drastically reducing the chances of having the personal information in your account stolen. To break into an account with 2-Step Verification, bad guys would not only have to know your username and password, they’d also have to get a hold of your phone.”

How to move a WordPress blog from WPEngine to GoDaddy

Disclosure: As of the time of this writing, I am currently consulting to GoDaddy, and this is my personal opinion.

After watching the Google Hangout with the GoDaddy Managed WordPress team, I wanted to check out the process from start to finish for myself. Here’s what I did, step by step, to move this blog from WPEngine to GoDaddy. I backed up my WPEngine installation (they have a tool to download a .zip file of everything on the site, which worked fine). And here we go…

1) Sign up for GoDaddy Managed WordPress (or add it to your existing account)

This was easy. Go to and choose a plan. This blog gets a moderate amount of traffic, with a few big spikes, so I went with the Basic plan.

I already have a domain, so I skipped the “get your free domain” option, but if I was setting up a new blog, that would have been a nice perk.

Okay. Piece of cake. So far, so good.

2) It’s go time!

Screen Shot 2014-02-28 at 4.40.24 PM.png

I clicked the button, and I was taken directly to my hosting homepage.

3) I clicked on “Set Up”

Screen Shot 2014-02-28 at 4.44.52 PM.png

Nice page. I clicked the green button.

4) Migrate my existing site

Ok, first moment of truth. I need to move the site from WPEngine, so I clicked on “Migrate Your Existing Site.”

Screen Shot 2014-02-28 at 4.47.09 PM.png

5) The GoDaddy migration tool migrated everything over from WPEngine for me

I need to put in my credentials so the GoDaddy hosted system could do the automated move for me.

I made sure I had both my WordPress login credentials AND my FTP credentials, since both are needed for the migration.

Here we go…

Screen Shot 2014-02-28 at 4.49.38 PM.png

And success!

Screen Shot 2014-02-28 at 5.31.58 PM.png

Only minor glitch was that I fat-fingered one of the credentials, so I needed to wait 20 minutes for the timeout cycle to complete. With that minor inconvenience, the process worked as expected.

6) Oh noes

I hadn’t received the email that I was supposed to telling me that my migration was done, so I logged into my account and found that for some reason the migration had failed. It ended up that WPEngine uses SFTP for their file transfers, not FTP. I let GoDaddy support know this (I just dropped an email to the support email address, but I could have also called), and they restarted the migration using SFTP instead of FTP.

7) All better!

Success! Going to my dashboard at shows all my sites, and the Social Customer Manifesto blog is there, at a temporary address. I dig the automatic screenshot of all the sites.

Screen Shot 2014-04-08 at 10.37.51 AM.png

Clicking on “Manage” took me to a WordPress  dashboard. Everything looks sound.

Screen Shot 2014-03-01 at 10.11.29 AM.png

8) Time to move the domain over from the temporary domain to my permanent one

Screen Shot 2014-04-08 at 10.37.51 AM.png

I went back to the Gateway. Clicking “Settings” took me to a dropdown that let me tie the site to my domain.

Screen Shot 2014-04-08 at 10.44.19 AM.png

I clicked on “Add Domain.”

Screen Shot 2014-04-08 at 10.44.34 AM.png

I selected “” from the dropdown, and then selected the “Make this the primary domain for your account” checkbox.

Now I wait for a few minutes while things propagate.

Screen Shot 2014-04-08 at 10.49.38 AM.png

I waited about five minutes, and then refreshed my Gateway page. And…this looks promising!

Screen Shot 2014-04-08 at 10.51.07 AM.png

9) Success

And, that appears to be it. With the exception of the minor hiccup around the SFTP migration, everything went smoothly. My site is up and running and feels fast on the GoDaddy servers, at a fraction of the cost of WPEngine (about six bucks a month at GoDaddy). Winner!

What is bitcoin? And why should I care?


Have you been hearing a lot about Bitcoin, but still not entirely sure what it is? This easy-to-read ebook answers the following questions:

  • What is Bitcoin?
  • Why should I care about Bitcoin?
  • How do bitcoins get exchanged?
  • Are bitcoins money?
  • Why should a business accept bitcoin?
  • Why should I personally use bitcoins?
  • What are the risks?

You can download the ebook at

For Bitcoin to hit the mainstream, it needs to address its gender issue

Money Honey

image: freshphoto

Bitcoin has a woman problem that, unless solved, will keep it from hitting the mainstream as a medium of exchange, at least in the US. The following conversation is primarily aimed at the particular challenge Bitcoin faces in getting to mainstream adoption, and is not focused on the speculative rises and falls that have dominated the news cycles for the past few weeks in particular.

Right now (Dec 2013), the overwhelming majority of activity in the Bitcoin space is dominated by males. In doing a review of the market for consumer activity, and then comparing it to the market at large, it is clear that there is a significant gender gap that will need to be filled before Bitcoin can hit the mainstream as a payment mechanism in any meaningful way. Although all web statistics of this type are prone to some margin of error, these are certainly directionally correct. Read more at Coindale.