by Brian Tomasik
First written: 8 Apr. 2015; last update: 18 Feb. 2018


This page collects some health and life guidelines that I find important enough to keep in mind. I made it mainly as a reminder for myself, but perhaps others will also benefit. I haven't done quantitative cost-benefit calculations for most of these points because data are often hard to find. In many cases, just following a precautionary rule is less work than researching the topic in enough depth to calculate how important it is to actually follow the rule.

This page omits many obvious points (e.g., wash your hands, get enough sleep, eat fruits and veggies) and shouldn't be considered exhaustive.


I currently take the following:


It's not clear whether multivitamins make any difference to health, but it seems plausibly safer to take them, and they're so cheap that cost shouldn't be a relevant factor. My current choice is Centrum Men's Multivitamin/Multimineral Supplement, but I haven't done much research. I don't know if multivitamins specifically for men are better than generic adult multivitamins.

Vitamin D and K2

Multivitamins don't have enough vitamin D. Typically they contain 400 IU, which is called "100%", but this is inadequate in my opinion. A recent analysis suggested that the current RDA for vitamin D may be 10 times too low and recommends 7000 IU/day. I don't know how to square this with existing recommendations against more than 4000 IU/day for adults. Currently I get 2900 IU per day: 400 from a multivitamin and 2500 from taking half of this vitamin D and K2 (MK7 form) supplement. I chose that supplement specifically rather than a vitamin-D-only supplement because some people recommend taking K2 with vitamin D: "For every 5,000–10,000 units of D3 being recommended and tested for, we are recommending 100 mcg of K2 mk7 to be sure and prevent the inappropriate calcification that higher doses of D3 alone could cause." Some claim the MK7 supplement form of K2 is better than the MK4 supplement form, while others contend that MK4 has more evidence of bone-health benefits.

Vitamin B12

B12 is especially important for vegans. This piece recommends:

  1. Eat fortified foods two or three times a day to get at least three micrograms (mcg or µg) of B12 a day or
  2. Take one B12 supplement daily providing at least 10 micrograms or
  3. Take a weekly B12 supplement providing at least 2000 micrograms.

The relationship between dose size and time between doses is very nonlinear. Let t be the time interval between doses in days, and let m be the mcg required per dose. I don't know the exact shape of the curve for t as a function of m, but here are some possibilities, fit to the data points that t(10) = 1 and t(2000) = 7:

Curve type Fit equation How often to take a 1000-mcg tablet?
Logarithmic t(m) = 2.1215 * log10(m - 7.04) every 6.4 days
Square root t(m) = 0.14437 * sqrt(m) + 0.54345 every 5.1 days
Generic power t(m) = 0.42927 * m0.36727 every 5.4 days

All told, taking a 1000-mcg tablet every 5-6 days seems good.

Currently I take Jarrow Formulas Methyl-B12, 1000mcg, 100 Lozenges about once every 5-6 days. I chose a methylcobalamin supplement rather than a more common cyanocobalamin one because some people say methylcobalamin is better, and I haven't found anyone saying it's worse. This post reports that an average daily cyanide intake of Norwegians is 95 mcg/person, while "The amount of cyanide in a 1,000 microgram cyanocobalamin is 20 micrograms." That statement was intended to show that the cyanide from cyanocobalamin is unlikely to be problematic, and that seems probably true, but since 20 is not completely trivial compared with 95, and since some claim other benefits to methylcobalamin, it seems perhaps worth spending an extra ~$10/year on more expensive methylcobalamin supplements?


[EDIT, Dec. 2015: I've decided to mostly cut out creatine because the health risks seem like they might be nontrivial. I still take small amounts here and there because I don't get creatine from my diet.] Because creatine is naturally found only in meat (although the liver can also synthesize it), creatine supplements might improve IQ slightly in veg*ans. I read somewhere that ~2.5 g/day is a good maintenance dose relative to my body size. I currently buy MET-Rx Creatine 4200 Diet Supplement Capsules, 240 Count. In Apr. 2015, a study was reported possibly linking creatine to testicular cancer. This makes me think twice about creatine, though it's not obvious how to trade some remote possibility of increased mental function against some remote possibility of increased cancer risk. Another consideration is that if creatine encourages me to walk on my treadmill slightly more during the day due to making my legs less fatigued (does it?), the health benefit of the extra exercise might outweigh the cancer risk.

Omega 3 capsules

It's important to get capsules with EPA and DHA, rather than just ALA. I currently use Nature Made Omega 3 Vegetarian Softgels, 540 mg rather than fish oil because (1) it's vegetarian and (2) it seems a priori less likely to have mercury contamination. Make sure not to leave them out in very hot weather or else they'll go bad.

Foods to eat

Eat mostly raw and unprocessed foods, except when cooking increases nutrient availability.

Eat many colors of fruits and veggies.

Don't go on diets, except for obvious "diets" like eating less or no junk food. Don't actively try to lose weight, since your body is likely to rebound afterwards. If you lose weight at all (which is unlikely), it should happen naturally as part of your regular lifestyle.

Food precautions

Avoid burned toast, french fries, etc. "Acrylamide can form in some foods when they are fried or baked. These foods include potatoes, cereals, coffee, crackers, breads, and dried fruits, according to the FDA. [...] The agency also advised consumers to avoid crisping or burning sliced potatoes and to toast bread and bagels to a light brown rather than dark brown color. Potatoes should be stored in a dark pantry — rather than the refrigerator — to reduce the amount of acrylamide formed during cooking." (source)

Avoid nutmeg (or eat only small amounts). "It takes a fair amount of nutmeg — two tablespoons or more — before people start exhibiting symptoms." (source)

I try to spit out apple seeds, but eating a few is ok as long as they're not chewed. Chewing and swallowing lots of apple seeds is unhealthy. Eating a bowl of apple seeds is dangerous.

See other poisonous foods: "Top 10 Poisonous Foods We Love To Eat".

Chemicals in foods/drink

Minimize food eaten from cans because of BPA.

Avoid plastic water bottles to reduce chemical leaching. I'm not sure how much difference this makes, but it seems worth a few dollars to buy a stainless steel water bottle. In the past I didn't use glass bottles out of concern that if the bottle cracked imperceptibly, I might swallow a small piece of glass; however, it seems swallowing a tiny glass piece is unlikely to cause major harm. This page agrees that stainless steel bottles are best. This page reviews pros and cons of different bottle materials. This page notes some things to watch out for when buying metal water bottles and recommends Klean Kanteen.

Pesticides (TODO: I should add stuff here). The choice between organic vs. conventional crops has implications for insect suffering as well as health. I weakly suspect that organic farming is worse for insects all things considered, but I remain very uncertain. If that's true, then the reasons to buy conventional are (1) better for insects and (2) cheaper, while the reasons to buy organic are (1) plausibly slightly healthier in general.


Treadmill workstationConsider a treadmill desk. I hate sitting or standing still all day. My treadmill desk improves my quality of life by more than any other item on this list. Walking allows me to feel less fidgety, less stressed, less full after a big meal, and more alert. You can wear earmuffs on the treadmill if the noise is bothersome. If you live in an apartment, you may want to seek a first-floor room in case your walking on the treadmill disturbs downstairs neighbors. I had this experience once in a third-floor apartment, though I think it was due to my running on the treadmill rather than just walking slowly. An alternative—and one that doesn't make any noise for downstairs neighbors—is to use a desk attached to a recumbent bike. (I don't like bike desks as much as treadmill desks because I get sweaty where my body touches the bike, and my posture feels better standing up.)

Pair intense exercise with something rewarding, such as watching a movie. If you feel mentally as though you can only watch movies/TV when exercising, you'll want to exercise more. (Thanks to a friend for this suggestion.) The power of plain old classical conditioning is impressive. (Though don't take it to extremes.) As another example, I only listen to music when I'm doing "boring" tasks, and this makes those tasks more enjoyable. This particular pairing is unintentional, though. Music, especially when it has lyrics, disrupts my ability to process language (presumably because music and language involve similar brain regions), so I can only listen to music while doing "menial" tasks, like managing my todo list or checking my Gmail spam folder for false positives.


Don't share toothbrushes. "brushing sometimes causes the gums to bleed, which exposes everyone you share your toothbrush with to blood stream diseases. Therefore, by sharing a toothbrush, the couples are actually sharing blood, which is a lot more risky than just sharing saliva." (source)

Avoid carbonated drinks, since they cause tooth decay.

Brush before eating, or wait ~20 minutes to brush after eating. I typically floss after a meal and then brush 20-60 minutes later. At first it felt weird not to brush immediately after eating, but I've gotten used to it. Now it actually feels slightly unpleasant to brush immediately after eating, which I only do if I need to leave the house immediately. I prefer to brush after eating rather than before because I want to remove the food taste from my mouth.

"Brush longer, not harder." "Children and adults tend to spend less than one minute at a time brushing their teeth, even though removing plaque from the mouth requires at least two to five minutes of brushing at least twice a day." (source) I brush and floss while reading at my computer. This means I waste no time brushing. It also makes it trivially easy to brush for a long time.

Consider getting a dental-floss holder. I use Flossaid Dental Floss Holder-Single Handle. It makes flossing effortless, allows me to floss with one hand, and keeps my fingers from getting saliva on them.


(doesn't apply to most people) For a few years, I had seborrhoeic dermatitis, especially on either side of my nose and between my eyes. Then one dermatologist gave me a simple solution. He suggested to get Head & Shoulders shampoo and, in addition to using it in my hair, I could rub it over the affected parts of my face (being sure to keep my eyes closed to prevent shampoo in the eyes). Within a few weeks, my seborrhoeic dermatitis was much improved, and after a few months, I think it had essentially gone away. (The same dermatologist had also recommended prescription treatments, but I didn't bother with them because of cost and hassle. They proved unnecessary anyway. In general, my experience with dermatologists has been that they often try to sell you on prescriptions you don't need.)


Don't use cotton swabs to remove ear wax. "The use of cotton swabs in the ear canal is associated with no medical benefits and poses definite medical risks. [...] the American Academy of Family Physicians, among many other professional medical associations, recommends never placing cotton swabs in the ear canal." (source) See also "Stop Cleaning Inside Your Ears: It’s Bad for You" and "The health benefits and dangers of earwax, from the Harvard Health Letter".


Avoid putting pressure on your eyes. UNSW (2008) gives some examples and recommendations. I first looked into this topic because I used to sleep with a shirt or pants over my eyes to block out light, and I wondered if the weight of this clothing on my eyes could be harmful. UNSW (2008) says: "Even for those who lie on their sides when sleeping, there is the possibility of pillow contact on the eye lids and increased pressure for dangerously long periods through the night. Wearing a sleep mask that touches the eyelids can cause a similar problem." As a result, I bought a sleep mask that bends upward in the middle. When the sleep mask is in the proper position, I can open my eyes, with only my eyelashes touching it, so it shouldn't apply any eye pressure.a

I prefer to cut my fingernails underneath clothing or a blanket to prevent fingernail fragments from flying up near my eyes, which happened to me occasionally in the past. You can also just close your eyes, but trimming nails under something allows you to keep your eyes open and read while doing the task. Covering your hands also helps keep fingernail fragments contained for easier cleanup.


It seems plausibly better to avoid sharing bar soap. "The Centers for Disease Control recommend using liquid soap over bar soap to prevent a MRSA infection, noting that antimicrobial soap is unnecessary. If you still want to use bar soap, do not share it, and leave it somewhere where it will dry off easily after use." (source)

Body checks

Check your body for ticks after every time you go outside in grass, forest, etc. Some parts of the USA have low incidences of tick-borne illnesses, making this precaution less necessary in those areas.

Check your moles every so often. "Everyone should check their moles, at least every 3 months. But if you have developed new moles or have a close relative with a history of melanoma, you should examine your body once a month." (source) Because I have so many moles, I see a dermatologist annually to take records of how my moles look. I had a few of the most worrisome moles removed.

(for men) Check testicles for bumps every so often.

Around the house

Check your house for radon. Test the room(s) where you spend the most time. I use the First Alert RD1 Radon Gas Test Kit.

Check that your smoke alarm works every few months.

If you have a home built before 1978 in the USA, get it tested for lead, especially if you have children.

Avoid open CFL bulbs

Some CFLs emit harmful levels of UV:

The Health Protection Agency of the United Kingdom has conducted research concluding that exposure to open (single envelope) compact fluorescent lamps (CFLs) for over 1 hour per day at a distance of less than 30 cm can exceed guideline levels as recommended by the International Commission on Non-Ionizing Radiation Protection (ICNIRP). [...]

close proximity to bare skin can result in exposure levels similar to direct sunlight. The Health Protection Agency of the United Kingdom recommend that in situations requiring close proximity to the light source, open (single envelope) CFLs are replaced with encapsulated (double envelope) CFLs. [...]

Ultraviolet radiation emitted by fluorescent lighting can increase an individual's exposure to carcinogenic radiation by 10 to 30 per cent per year, with an associated increased probability of contracting squamous cell carcinoma by 4 percent.

The Wikipedia article has pictures of single- vs. double-envelope CFLs.

"Ultraviolet Leaks from CFLs":

UV radiation from CFLs can often, but not always, be avoided by purchasing “double-envelope” bulbs in which the spiral tube is enclosed in a glass or polycarbonate cover resembling a standard incandescent bulb. The U.S. Food and Drug Administration and Health Canada advise that single-envelope CFLs should not be used at distances closer than about one foot.

"Can Compact Fluorescent Lightbulbs Damage Skin?":

at close range, around a foot or so, CFL exposure is "the equivalent of sunbathing at the equator." This may not be cause for alarm for those who have CFLs mounted in ceiling fixtures, but it should be a concern with desk or table lamps. The researchers recommend avoiding CFLs at close range and placing them behind glass barriers or enclosures.

However, there are alternatives in energy-efficient lighting now that LEDs are dropping in price and manufacturers are making more efficient versions of incandescents.

"LED and incandescent light bulbs have no emission in UV range; therefore, they do not pose any risk,"

"Energy-Efficient Lightbulbs May Have Dark Side When It Comes To Health":

"There is no UV component to LEDs, as far as I know," says Terry McGowan, director of engineering and technology for the American Lighting Association.

Cree reports: "Unlike incandescent and fluorescent light sources, Cree LED Lighting Products produce virtually no light in the Ultraviolet (UV) or Infrared (IR) spectrums." Similarly: "an employee from EnergyCircle said that most residential LED bulbs give off almost no UV light. [...] Consumer LED bulb maker Pharox advertises its bulbs as having no UV, so it's something worth checking when you're shopping around."

Personally I've switched to LED lights. Note that while these don't have significant UV risk, they are still toxic if broken:

If any LEDs break at home, Ogunseitan recommends sweeping them up while wearing gloves and a mask, and disposing of the debris — and even the broom — as hazardous waste.

Using LEDs at night may also interfere with melatonin production.

The particular LED lights I bought also have the problem that they have an outer bulb with holes in it, which bugs can get trapped in, presumably causing them suffering. To solve this problem, I initially put Scotch tape over the holes, but I found that bugs still got in. After that, I taped plastic wrap over the metal light holders that contained the bulbs, and this has worked well.

Lightning storms

Consider unplugging computer cables during a lightning storm if it's at close range. "If your computer is plugged into a wall socket that's switched on, even when it's in standby or sleep mode, it's vulnerable. That's because the lightning current can travel through the power cord or any other cable connected to your computer" (Toan Phung, summarized by Graham 2013). I learned this the hard way when, during a particularly intense lightning storm around my house, lightning traveled through wires (perhaps my ethernet cable?) and fried my computer. I was able to recover the hard-drive data by going to a hardware-repair shop, but the computer itself was destroyed.

While the risk is small, I prefer to avoid showering or otherwise using water or electrical appliances for more than brief periods if a lightning storm is close by. O’Connor (2006): "Ron Holle, a former meteorologist with the National Oceanic and Atmospheric Administration who tracks lightning injuries, estimates that 10 to 20 people in the United States are shocked annually while bathing, using faucets or handling appliances during storms." National Weather Service (2001-2005): "A house is a safe place to be during a thunderstorm as long as you avoid anything that conducts electricity. This means staying off corded phones, electrical appliances, wires, TV cables, computers, plumbing, metal doors and windows. Windows are hazardous for two reasons: wind generated during a thunderstorm can blow objects into the window, breaking it and causing glass to shatter and second, in older homes, in rare instances, lightning can come in cracks in the sides of windows."

Risky physical activities

Some physical activities are too risky for my taste. It's now well known that many NFL football players develop brain injuries from their sport. This suggests that playing football in a serious way for long periods of time is probably unwise. Professional boxing and similar sports are likewise dangerous.

I also feel that some much more low-key activities plausibly aren't worth the risk. For example, I used to occasionally go to a roller-skating rink with a community group. One time, one of the people I went with fell on his back side and caused an injury that was non-trivial. I imagine that similar risks are entailed by ice skating, skateboarding, aggressive mountain biking, etc. The same amount of exercise can be attained from less risky activities. I don't claim that roller skating is very risky and should be avoided by everyone; I'm just noting that relative to my own taste, such activities seem to have no real upside but non-negligible downside.

Pregnancy prevention

Don't use just condoms. The failure rate for even perfect use is 2% per year. Over 10 years that's about 18%. Use an additional form of birth control as well. (But still use condoms, because they're important for STI prevention.)

Consider getting a vasectomy. I did.

Sexually transmitted infections (STIs)

Use condoms / dental dams for oral sex. Several STIs can be passed by oral sex. Genital herpes is carried by 15-20% of Americans. It's usually not a huge deal medically, but there's a big social stigma against it, so it might permanently hinder your dating prospects. It can come from oral herpes (which 50-80% of Americans have) during unprotected oral sex, which means that even if you're with a partner who has been tested for most STIs, there remains a risk of getting genital herpes from oral herpes during oral sex. I assume the risk is somewhat low, but "HSV-1 [oral herpes] is a fast-growing cause of genital herpes."

Keep a list of all your STI vaccinations, such as for HPV or hepatitis A / B.

Get STI checks with each new sexual partner. Wikipedia has a helpful chart of which STIs to worry about depending on the type of sex being done. See also this excellent article. Condoms help a lot but don't guarantee 100% protection against HIV, HPV, syphilis, etc.

HIV testing usually has a 3- to 6-month "window period", which means that unless you think condoms are sufficient protection, it's ideal if your partner hasn't had risky sex for ~6 months before being tested.

Not all STIs are tested for at routine screenings. "make sure to ask which STIs your health practitioner is testing for you. Some infections like HPV, genital warts, and herpes are not routinely tested." (source)

Some STIs can be spread just by skin-to-skin contact. "transmission of STIs such as herpes, HPV, syphilis [rare but dangerous], pubic lice, or scabies [not so bad because it's treatable] can occur even if a condom is used." (source)

Personally, I find that thinking about STIs is a huge headache, and combined with pregnancy risk, it provides a non-prudish reason to avoid casual sex. (Indeed, I suspect that disease transmission and pregnancy were two of the big reasons for social stigmatization of casual sex prior to 20th-century medicine.) Casual sex is a lot of work for little reward. Indeed, especially in light of the hedonic treadmill, it's unclear whether sex has any long-term benefit at all relative to just masturbation and outercourse.


If you want to be married, consider not get legally married. Legal marriage is a headache in many ways. There's a pretty high chance you'll get divorced eventually, and divorce can be expensive. Plus, if you don't have the right prenup, your spouse can take half of your assets upon divorce. Even with a good prenup, your spouse can still probably take half of assets earned during marriage. Marriage has pros and cons from a tax perspective. One benefit of marriage is that it can allow you to get health insurance through your spouse's employer. (These comments apply to the USA. Also, laws can vary even depending on which US state you live in.)

Don't start addictions

"I wish I'd never started" is a common refrain among smokers and other addicts. It's so easy to not start an addiction compared with kicking an active addiction. It seems clear that one should generally try to start as few addictions as possible (except for mild addictions to productive activities, like exercise or learning).

It seems advisable to eschew not only exotic drugs but also socially acceptable drugs like caffeine and alcohol. Caffeine is very addictive, and a small portion of the population finds alcohol very addictive. Even if a drug isn't addictive, I doubt that it improves long-term happiness in view of the hedonic treadmill. So there seems little point in taking drugs unless you're already addicted and can't stop. Drugs are expensive, take time, may harm your health, probably don't increase long-run happiness, and may cause long-run trouble if addiction develops.

Alcohol interferes with the development of young brains, even up to age ~25. Beer and related beverages also fill their drinkers with empty calories. And drinking makes you less productive and might lead to behavior you'll later regret. So I've never had alcohol, except for small doses on two occasions by accident.

Alcohol is also problematic if you're at risk of having an unplanned pregnancy, because you might drink while pregnant without realizing it for a few weeks. This page says: "The most recent National Institute for Health and Care Excellence (NICE) guidance on Antenatal Care (2008) specifically advises that women trying to conceive, and those in the first three months of pregnancy, should avoid drinking alcohol, as this may be associated with an increased risk of miscarriage." Moreover, according to one study described on that page: "Drinking more than two units per week four weeks before pregnancy was associated with lower birthweight (105.7g lower) and a 7.7 decrease in birth centile compared with not drinking." In other words, drinking even a few weeks before a pregnancy starts can be harmful.

I've had caffeine about ten times. It feels good in the moment, but its side effects aren't pleasant. Some suggest that it doesn't actually improve long-run cognitive performance. I quit using it before addiction set in, remembering how unwise it is to start addictions.

Once someone asked me in the morning: "How do you get by without caffeine?" My silent reply was: "If you don't have highs, you don't have lows." I'm skeptical about achieving "free lunches" in terms of productivity by chemically altering one's body. Indeed, even sleep plays a crucial cognitive role, and I would not be as creative or sharp if I didn't sleep as much as I do.


Listen to podcasts while doing chores. This saves hours of otherwise wasted time per week and makes chores fun.

Things to check before bed

Here's a potentially incomplete list of things one might check every night before going to sleep:

  • Pets are inside and have adequate food + water.
  • Doors are locked.
  • Computers are locked.
  • Stove is turned off. I also check that nothing flammable is on the stove burners.
  • Heaters, air conditioners, and other large appliances are turned off or at least turned down. (Heaters are probably the most important of these from a fire-safety perspective.)


Avoid mean people.

Don't worry much what others think except in cases where conformity is unimportant and useful, like wearing a suit for an interview. Caring too much about other people's approval is a recipe for unhappiness.

When things go wrong:

  • It can help to treat shitty life situations as opportunities to practice equanimity. Think of yourself as accumulating "experience points" in the equanimity skill.
  • It's often possible to react to a bad situation either by getting upset or by laughing about it. Aiming to bias yourself toward the laughing response can help. For example, suppose you're really annoyed by someone's habits, or suppose you have a day where everything seems to go wrong. Try imagining yourself as a character in a sitcom who faces your situation, with an audience laugh track accompanying you.


Consider taking pictures of sentimental items to make it easier to give those items away (Winterich et al. 2017).

Junk mail

If possible, don't share your mailing address when donating to charities, unless you want to be put on their mailing lists. In my donor-advised fund, I can choose an option to donate anonymously or only share the name of my fund and not my full home address. You can look up other ways to donate anonymously as well.

Financial security

Check credit-card, bank, and brokerage transactions regularly, such as once per month. I once discovered that someone had stolen my credit card this way. Doing this also helps ensure you're not being billed for a service you don't want anymore. Checking brokerage-account transactions keeps you aware of whether you need to take action in response to an update (e.g., responding to corporate actions or buying new stocks following liquidation of a security).

Check your credit reports every once in a while. You might or might not want to sign up for a service that protects against identity theft like Identity Guard, since in addition to checking credit, they show information about Social Security numbers and other data.

Consider a credit freeze to reduce the risk of identity theft. Doing this might or might not be worth the hassle in your situation.

Use a paper shredder for mail and other documents that contain information about your identity or financial accounts, or even information as simple as your address. "Bonsaii DocShred C560-D 6-Sheet High-Security Micro-Cut Shredder" is an affordable shredder that cuts papers into confetti-sized pieces rather than long strips, since long strips are slightly less secure. I shred almost all of my mail by default so that I don't have to bother thinking about which documents do or don't need shredding. One person on this thread agrees: "The method I use is that I don't think about it too much. If a piece of mail may have something sensitive, it goes through the shredder. I don't want to spend all my time reading the mail, carefully looking for remnants of an account number, trying to make the decision of 'shred or not?'"

Consider using a separate computer only for online banking/etc. See point #2 here. Ordinarily, having one more computer to look after can increase your risk because there's one extra device that could be stolen at home or at an airport. However, if you don't store any passwords or personal information on this extra computer, you wouldn't be at much extra risk if it gets stolen.b

Computer security

Don't use wifi unless it has a password to avoid having someone access your information through it.

Lock your computer when not in use. Unless you have sensitive corporate/government information, this is probably sufficient to prevent run-of-the-mill criminals from stealing what's on your hard drive.

Consider a laptop lock. I use Dell Premium Laptop Keyed Computer Lock XHC2X.

Consider using a password manager, especially with two-factor authentication. You might not want to store crucial passwords (e.g., Google, financial institutions) on a password manager, since a password manager (though quite secure) is a single point of failure.

Yubikey is a convenient and high-security way to do two-factor authentication. You just press a button on a USB device and don't need to type in anything for your second factor. You can use Yubikey for two-factor authentication with Gmail, Facebook, etc.

If you lose a laptop/phone, change important passwords immediately to prevent the thief from using accounts where you're signed in (especially if your computer was unlocked).

Don't click suspicious links in emails, Facebook messages, or web-search results. Before clicking, examine the url where the link goes in addition to the anchor text of the link if the link is from an untrusted source.

In general, don't use real answers to security questions on websites. Instead, you can generate a secure password with LastPass as your answer to a security question, and then store the answer in the "Notes" field of the site's entry in LastPass. (Leo Laporte suggested something like this on an episode of Security Now.) There are two main reasons not to use real answers to security questions:

  1. Often the answers can be guessed based on other personal information about you combined with a Google search. For example, by knowing where you went to high school, a hacker can probably look up what your high school's mascot was. And your mother's maiden name may be visible from your Facebook profile.
  2. If the answers to security questions are stored poorly by the website, then a hack of the website's database may expose your answers to the security questions. As Wikipedia notes, security questions can also potentially be captured via keystroke logging. And unlike with passwords, which can be reset if they've been exposed, you can't just reset your answer to a permanent fact about yourself—unless you enter gibberish as your answer to the security question and then replace it with new gibberish.

Of course, you don't even have to record a gibberish security-question answer. Schneier (2005) says: "My usual technique is to type a completely random answer -- I madly slap at my keyboard for a few seconds -- and then forget about it." Using a nonsense answer means that if you ever do lose your password to the website, such as if you somehow get irrecoverably locked out of LastPass, then you're locked out of the website (assuming you can't plead with customer service to get back in). But as Schneier (2005) says, this is how it should be: "I like to think that if I forget my password, it should be really hard to gain access to my account." For an important account, I'd much rather risk being locked out than make it easier for someone else not to be locked out.

Disable Flash. This page says: "Unless you're playing kids' games online, you probably don't need it, and nixing it will save you from viewing a lot of online ads. You'll be a lot safer, because a large chunk of the malware attacking web browsers worldwide is dependent on Flash Player flaws."

Favor non-free products. Free software on the web sometimes isn't costless. It may include malware or potentially unwanted programs, which plausibly cost you more expected dollars through annoyance and possible theft of personal information than the $10 or $50 or whatever the paid version of a software tool would cost. If a software product isn't free, this increases my confidence that it's trustworthy because then the developers have something to lose if they get a bad reputation. (There are many exceptions to this general point, since many free software products are clearly legit.) This point generalizes beyond software—for example, it's probably better to pay for movies than to pirate them because the expected cost of malware from pirating is plausibly higher than the cost to actually buy the movie (although I haven't seen actual calculations about this). If you're sophisticated about malware tricks and how to avoid them, maybe you can pirate things relatively safely, but acquiring this level of expertise is itself costly in terms of time. Not pirating also seems more consistent with common-sense morality, except maybe in cases where the product is exorbitantly priced. For example, I have no moral problem with pirating academic papers using Sci-Hub because those papers cost ~$40 each, which is insane. If academic papers cost $1 each, or if I could buy a $10/month subscription to a "Netflix for academic papers", I would pay for these.

Do regular backups of all important data. Computer security is hard, and even if you take precautions, there are many ways your accounts could be hacked. Since reducing your risk of getting hacked to zero is nearly impossible, it makes sense to make sure that if you are hacked, the damage is minimized, by backing up your websites, important cloud files, and other precious information. Send downloads of your websites (minus any private data the files may contain) to friends so that even if all of your accounts are hacked and deleted simultaneously, the information still exists elsewhere. You might also want to create physical backups of the information, such as on Blu-ray discs.


I generally try to avoid keeping many files on my computer's desktop and instead store all but the most temporary of files in the cloud. (Thanks to a friend for this advice.) Over the years, I've learned the hard way that computers are vulnerable to dying unexpectedly, so it's unwise to have a document you don't want to lose only stored on your computer. (It's also unwise to only store a document in the cloud without making backups, but at least the cloud is less likely to die suddenly.) Archiveteam (2017) says regarding files stored on your computer's hard disk: "this data is located on a metal platter spinning thousands of times a minute, days or weeks at a time, dependent on a wide variety of factors to not be spontaneously lost." If you have files with particularly sensitive personal data, you could encrypt them before uploading to the cloud.

Buy a computer with lots of RAM, since this is the most important factor for making things run fast. In 2015, I got a ~$600 Windows laptop that came with 12 GB of RAM.

Kill Chrome/etc. processes that are hogging CPU. Sometimes I notice that my computer's fan is running at full speed even though it doesn't seem as though my computer is doing anything. By looking at Windows Task Manager -> Processes and sorting by CPU, I sometimes see that there are random Chrome processes that are hogging ~25% of the CPU non-stop, day in and day out. Or there might be programs that are not responding and hogging CPU. Ending these tasks can save CPU calculations, electricity, and fan noise. Often, CPU-hogging pages have lots of ads on them, and you can see them running in Chrome when the circle for the page's tab doesn't stop spinning.

Don't subject your computer to extreme temperatures. Gordon (2012) suggests that the temperature should ideally not go below 32°F or above 90-95°F. Menga (2008) recommends keeping the temperature between 35°F and 90°F. Gordon (2012) adds that "if for some reason you do expose your gadget to extreme temperatures, don't try to use it right away. Instead, let it warm up or cool down to room temperature before you turn it on. This will help protect your gadget from more lasting damage from things like condensation."

In general, keep customization to a minimum. Suppose you install a new program on your computer, and you customize its settings extensively to suit your liking. Everything is going great until one day when your computer suddenly dies. Now you have to get a new computer and reinstall your programs. Unless you made note of all your custom settings, you'll have to figure out again all the customizations you wanted to make, which is annoying. I personally prefer to mostly use default settings and learn to live with them in order to minimize the complexity of my configurations. A similar idea applies to apparent optimizations or customizations in software that you write. While deviating from the normal way of doing things may seem efficient at the time, in the long run it may require more maintenance, especially if future software updates break your customized code. Customizing things ensures job security for your developers, but in general I suspect the benefits aren't worth the maintenance costs. Analogously, I prefer to use the most basic, mainstream, and long-lasting way of doing a task rather than a flashy new way that may not last very long or a custom-built way that will require constant fixes over time to adapt to changing conditions.

When using Unix commands, be careful with the rm command because it permanently deletes files rather than sending them to the Trash can. jm666 gives an example of a particularly disastrous error:

$ pwd
$ cd /tnp; rm -rf *
sh: cd: /tnp: No such file or directory

Because the cd command fails, the working directory stays as /, and almost everything on the system gets permanently deleted. Personally, outside of scripts, I tend to delete things using the mouse rather than with rm in order to have more visibility over what I'm doing.

On a Mac, you can turn off .DS_Store files. I find .DS_Store files annoying because, among other reasons, they can clutter up cloud data folders if they get uploaded along with the files you actually want to upload.

Optional: Disable JavaScript by default

In 2017, I decided to try changing Chrome's settings to disable JavaScript by default. You can enable JavaScript selectively for trusted domains, which means you can continue using Gmail, Facebook, and so on as before. I agree with Finley (2015) that the experience of doing this was "glorious". Sites that had previously been filled with flashy ads that hogged CPU and loaded slowly were now quiescent and fast to load.

Of course, most of these benefits would already be captured by an adblocker. And there seem to be other plugins that let you intelligently disable JavaScript in selective ways. For now I'm using Chrome's built-in settings as a poor man's solution, but maybe I'll check out more advanced plugins in the future.

The only downside I've experienced so far is that some pages use JavaScript to load images or certain other content, but of course, you can enable JavaScript for any given domain if doing so seems worthwhile. If you want to enable JavaScript on one particular page without whitelisting the whole domain, you can

  1. open the page in another browser where you haven't disabled JavaScript, or
  2. open Google's cached version of the web page if you allow JavaScript on the domain.

Hoffman (2013) belittles the idea of turning off JavaScript. He says: "The security benefits of disabling JavaScript are dubious, and you will give up so much of the modern web if you do. You can whitelist websites to only run JavaScript on certain websites, but that’s a never-ending task that will take precious time." Really? Whitelisting a domain takes like 5 seconds on Chrome, except in rare cases where you have to whitelist a domain by pasting the url into Chrome's whitelist by hand because a redirect problem on the site prevents whitelisting it from the Omnibox. I doubt I'll ever whitelist more than a few hundred total domains. So the total time cost is on the order of ~an hour, while the benefits in terms of page load time, avoiding annoyances, etc. are significant, not to mention some security improvement as well.

Davis (2015), a McAfee article, says that one way to reduce the risk of malvertising is to "Turn off JavaScript. JavaScript is a programming language common to online ads. Unfortunately, this language suffers from a lot of vulnerabilities, meaning cybercriminals may use it to target and infect victims."


WordPress is an excellent platform for website creation. However, I have occasionally lost edits that I've made in the WordPress editor.

  • If I have the editor of an essay open for several days at a time, when I go to save the essay, the operation may fail, with my work lost. Therefore, I usually try to make my essay edits and close the editor within a few hours rather than keeping it open for long periods.
  • Especially around ~2016, I noticed that if I copy-pasted text into the editor, the essay crashed. This didn't happen much in 2017 and beyond, which makes me think it may have been a bug that got fixed.

To avoid losing edits, I press the "Save" button in the editor frequently, and every few days, I copy-paste the essay text into an email to myself as a crude form of version control. Perhaps there are plugins I could use to help with this too, but I haven't explored them and am nervous about relying on them.

I maintain a policy of always closing the WordPress editor after I'm done editing to avoid a situation like the following:

  1. Suppose you open an article in window A for editing. You make changes, save, but keep the window open.
  2. Later, you open the same article in a new window B, forgetting that window A is still open. You make changes in window B and save.
  3. Then, at some point later, you want to edit the piece again and find window A still open. You make changes to A and save. This results in losing all the changes made in window B!

I think this happened to me once in 2016, which is why I'm now extremely cautious in this regard. A rule for avoiding this problem is to prevent step #3 in the above scenario: never make edits in a draft page that you find already open; instead, close the draft page and then reopen it to ensure that you get all the latest edits. As yet another layer of precaution, you can prevent step #2 in the above scenario: before you edit some page P, you can check whether P is already open in some other tab; while this is laborious to do by eye if you have lots of tabs open, you can do it quickly in Chrome by opening chrome://inspect/#pages to see all open tabs across all browser windows and then Ctrl+f searching for P. (Note that the url of a page open in the WordPress editor looks different from the url of the published page.)

Opinion: Why is health education not better?

When I was in 10th grade, I remarked to a friend something like this: "You know what subject isn't taught enough in school? Health. It's more useful than most other academic topics yet receives so little attention." I still agree with this sentiment. It's puzzling that schools spend so much time teaching the names of the first European explorers of North America or the themes in To Kill a Mockingbird and so little time on topics you'll need to know about for the rest of your life, like "How to properly wash your hands" or "How to avoid phishing". One of my gym teachers used to say regarding the importance of learning about exercise: "The quadratic equation is great, but you can't use it if you're dead."

The health courses I took in school did cover a few topics extensively: drugs, alcohol, smoking, HIV, eating disorders, and suicide. Beyond that, coverage was skimpy. We weren't taught about elementary topics like how to properly brush your teeth or check your moles for signs of skin cancer. We were taught nothing about computer security or identity theft. (Perhaps this is understandable, since these topics are somewhat new, and governments are slow.) We were also taught basically nothing about financial health: how to invest, how to use a credit card, or what affects a credit score. We learned nothing about proper etiquette in social contexts, such as how to put on a tie, how to eat at business dinners, or how to apply for a job. There are many more life skills that most people need to know (and that would contribute to greater social mobility) but that are never taught in school. Akins (2014) gives some further examples.

Maybe those who design school curricula assume that people will learn the life skills anyway, and school's job is to teach about more abstract topics that people won't necessarily learn otherwise. But in practice, it seems that many people don't learn the relevant life skills well enough or early enough. Over a decade after the end of high school, I'm still learning life skills, some of which I wish I had known sooner.

I suspect that many people learn life skills through informal channels, including chitchat with friends, portrayals in TV/movies, and the news. But none of these are ideal, since chitchat can propagate myths, TV/movies are fictional, and news often doesn't give a proper sense of priority among risks (such as between the threat of terrorism vs. the threat of Lyme disease). Nonetheless, these informal channels of learning life skills are better than nothing, and this observation confutes the supercilious notion that gossip and TV are "a worthless waste of time".


  1. My only concern now is that the mask sometimes slides a bit during the night, and sometimes the positions it slides to are not obviously completely harmless from the perspective of eye pressure. One possible solution is to keep the sleep cover very loose to reduce the downside risk from in-the-night movement of the cover. On the other hand, keeping the mask very tight can reduce sliding from happening in the first place. Is there any long-term harm in having a tight sleep mask pressed against your face (without touching your eyes) for ~8 hours each day? I've also found that completely unstrapping the mask in the back reduces sliding and pressure on my face, although the mask doesn't block out light as well.  (back)
  2. Is this "extra computer" strategy necessary if you also use two-factor authentication, since that should already protect against your password being stolen by keylogging? I'm unsure, but it seems there are many bad things that malware can do that would be good to avoid. For example, if you "remember this computer" to avoid logging in using two-factor authentication each time, malware with access to your computer could copy whatever cookie or other information is used to remember your computer and thereby bypass two-factor authentication.  (back)