Yet another new theme… added Captcha

Trying to reinvigorate my old blog.  Cleaned up some old files from before I installed WordPress (I had files on the server that were from 2003!), updated to yet another clean theme (I didn’t like the colors of the previous and it was a little TOO simple, making it hard to see the post divisions, etc).  This one’s a little more cluttered than I’d like, but we’ll try it on for a while.

More importantly, I decided to get a handle on the thousands of spam messages by adding captchas.  I originally tried a captcha plugin that required the user to do some simple math, but I had a few spam comments within an hour, so I now went to the Google Captcha, which is hopefully stronger.

I hope that doesn’t slow the steady stream of one comment posting per year!  (sometimes I feel like I’m in an empty room talking to myself with this blog!)

Why Do Websites Still Have Such Bad Security?

While going through my password database and giving all of my old entries a refresh I was shocked to notice the password change email that I received from the Where’s George website (remember them?) contained my new password in plain text.  Good thing I used a site specific email address and password for them!  (When is the last time I logged into their site, anyhow?)

So, it got me to wondering… did they just send it back to me in a plain text email (a sin), or are they storing it in an unencrypted form as well (an even bigger sin)?  So, I went to their site and followed the forgotten password link, and sure enough they sent me my password again, in plain text:

Seriously?  That’s a major security snafu!  I thought that sites had gotten past that ages ago!

With so many cross-site breaches in the news these days they really should move into the 2000s.  Too bad my feedback e-mail bounced back and they probably won’t be answering.

EDIT:  To their credit, they did answer my feedback with:  “yes, we’re working on changing that.”

Password Managers — I want to love LastPass, but can’t

With all of the recent security breaches I’ve been trying to improve my password practices, especially on all of those sites where I used simple “throwaway account passwords”.

For about a year now I’ve been using KeePass for managing my passwords and generating stronger passwords. It’s very nice for that purpose and allows me to also keep track of those pesky security questions, etc. The problem is, it’s not very well integrated with the browser, etc. Sure, you can install a bunch of plugins, but it’s a pain and still leaves you either running various clients on various platforms of varying quality (often in Mono, which is barely a solution, to say the least), or with poor usability.

1Password looks beautiful and looks very powerful, but it doesn’t support enough platforms and is very expensive, so I haven’t even really given it much attention.

That leaves me considering LastPass. It has great integration on almost all platforms, browser plugins, widely supported, etc. I really like it, but can’t bring myself to use it because of a few fatal (IMO) flaws. If they’d just address these flaws I’d be willing to make the jump and pay for their service:

  • They use the same password for your vault as for the normal account maintenance login. That feels like a major weak point.
  • They require you to re-enter your password to “change identities”, but don’t allow different passwords for different identities (or, better, completely separate vaults. I want to be able to set it up to have my more secure passwords protected behind a much stronger password that is harder to type, but an easier to type password for my less important identities.
  • They don’t allow you to store your vaults off-site. While they’re theoretically safe if somebody gets ahold of it, they’re still a major target. Being able to store my vaults somewhere else gives me at least a (possibly false) sense of security by the fact that the location is known only to me.

Given how cheap their service is and how nicely their stuff integrates into all of my browsers (even mobile w/ Touch ID integration!) I’m considering using them for my less important “everyday” passwords, but continuing to use KeePass for my more secure passwords that I don’t access nearly as often.

What are your thoughts?

Mac newbie, day 4 (a rant about keyboard shortcuts)

Ugh…. I’m a major keyboard user and avoid the mouse at all costs. While the trackpad on the MacBook, with its many gestures, is SO AMAZINGLY AWESOME that it can ALMOST pull me away from the keyboard, it’s still not as fast as the keyboard for many operations. That said, MacOS seems almost hostile to keyboard users. And I’m not just talking about the fact that they’re all different than Linux (or Windows) — I can adapt (though as soon as I typed that I accidentally hit ALT + ARROW rather than CTRL + ARROW to jump back a few words to edit what I’d typed and almost lost this post because I used the Mac shortcut on a Windows computer, which caused the browser to go back! DOH!).

Here’s an example:

iPhoto… I imported the photos from my phone and then went through and started deleting all of the one-off temporary pictures of receipts, product price tags, etc… Normally I’d do this very quickly with the keyboard… arrow to select the picture, delete, arrow to the next. A very fast operation. In iPhoto? Forget it! Every time you delete a photo it resets your position back to the very first photo. As far as I can tell, you cannot use the keyboard to navigate efficiently. Another example, in iPhoto, is the inability to navigate back out of an album. Once I enter an album I cannot find any keystroke to go back up a level. I’ve tried everything I can think of and every shortcut that I can find that works in the finder or elsewhere… No such luck.

Maybe as I learn more shortcuts I’ll change my mind, but as of right now I’m giving it a 4/10 score for keyboard navigability.

Mac newbie, day 1

Day 1 as a Mac user.

I picked up my rMPB15 at Best Buy this afternoon. I’d already done my research, so it went fast… in and out. They agreed to match Frys’ price, saving me a bit of a drive.

I get it home and do the unboxing… no pics, there’s already plenty of those online. That said, opening Apple products is always fun as their packaging is a nice as their hardware! Beautifully packed, though I’m surprised that there wasn’t more padding on the box top!

First boot… things aren’t going so smooth! I didn’t do a search yet to see if this was a common problem, but we’re off to a rocky start. After entering my WiFi password (all 32 or so characters of it!) I hit next and it just sits… and sits… and sits. Strange. So, I hit back and try again and then the screen suddenly starts getting corrupted — pages on top of pages, can’t read the fields very well, but manage to get the password re-entered, and get to the next screen, which won’t let me type my Apple ID. Both radio buttons are selected, and I can’t type, it just keeps beeping. Can’t click anything. Back button finally works, back to WiFi password entry again. Long password entered again, same problem, lots of controls layered on top of controls, a complete mess. 3 or 4 tries, getting worried, finally go all of the way back to the first page of the setup wizard and try again… this time it works perfectly. Phew. Not a good first impression Apple!

So… I spend some time playing… I don’t like the bottom dock, takes too much space… move it to the left like Unity and remove some app icons that I don’t intend to use too often. Spend some time walking through every preference page, just to get a feel for what’s up. I tried not to change too much, try it out the way Apple suggest at first, but there were a few things that I still wanted to change:

  • Background graphics
  • Auto hide the dock
  • Not re-arrange my desktops based on last use!
  • Three finger drag (see below, bug #2!)
  • All of the gestures are on (not sure what the defaults were, but they all looked good!
  • Added a printer (took all of 2 seconds given that my Linux box had it shared with CUPS!!)
  • Function keys on by default (I use vim extensively and have a lot of stuff mapped to function keys!)
  • Navigate dialogs w/ keyboard (why wouldn’t anybody want this?)
  • Turn off the ANNOYING volume change feedback (I learned that you can still get it if/when you need it by holding shift while changing the volume)
  • Dictation w/ enhanced dictation w/ fn key shortcut!
  • Show date on title bar
  • Tap to click on trackpad (hidden in accessibility?!?) (see below, bug #3!)
  • …more? that’s what I remember changing! 🙂 …

I guess I did deviate from Apple’s defaults quite a bit!

My search history reveals my frustrations for the day:

  • Macbook power button does not sleep (doh! just hold it longer!)
  • OS X menu shortcut ( — not as easy as alt+letter for the appropriate menu in Linux & Windows!)
  • OS X fill all space/OS X maximize window (so the answer basically appears to be to install some 3rd party tool, or “better” just learn to deal with a ‘better’ design. I bought 15″, I want to use 15″!)
  • 3 finger gestures don’t work (see below)
  • FaceTime pause full screen (bug #4?!? yikes! — see below)
  • OS X disable volume change feedback
  • airdrop macbook iphone (not possible?!? odd… looks like Yosemite fixes this)
  • osx pgup key
  • more, I’m sure…

Google was definitely my friend today!

So… wrapping this up… my biggest hurdle of the day was getting used to the differences, ESPECIALLY the keyboard shortcuts — being a major keyboard user makes switching harder than it would be for a primarily mouse user.

Also, four major bugs was more than I expected from the hype, but they’re all things I can overcome. Just to summarize the bugs:

Bug #1: Installer Problems

Already discussed in detail above…

Bug #2: Three Finger Drag stopped working!

Apparently I’m not alone in this one… it was nice while it worked, but it went away and I can’t use the 3 finger gesture to move windows around anymore. I’ve tried rebooting, toggling it on/off, etc… nothing.

Bug #3: Tap to Drag

Another bug… tap to drag (hidden away in accessibility) has an option to either stay locked in drag mode, or automatically release when you lift your finger. About half the time it won’t release unless I tap, even though I have it set not to lock. It also takes too long to release, even when it does succeed, meaning that my next operation is often interpreted as another drag.

Bug #4: Facetime pauses in fullscreen

Called my son on his iPod 5 and he reported that every time I went full-screen my video was paused — though my camera light was still illuminated and I still saw my local video feed.

Anyhow… as I get more comfortable with the differences in keyboard interaction and the general paradigm I’m liking it more and more, but only time will tell.

BTW, as an aside… so far I like X-Code. A little cluttered, but seems to have a lot of power, and it uses Clang++!!!

A Linux lover buys a Mac

I’ve been wanting to do some mobile development for quite some time (all the way back to the original Newton, which I did some experimentation in before they dropped it). I considered doing Android development some time ago, but about the time that I was getting into it I decided to switch to an iPhone, which I absolutely loved — well, there went that plan. 🙂

So, here it is almost four years later and I decided to try again and decided to start with iOS development this time. Problem is, you have to own a Mac. I haven’t owned a Macintosh since the SE! So, after some pondering, I decided to go all out. I’ve been hearing great things about the MacBook Pro, and given that it has the ability to triple boot with BootCamp I decided that it offered the most flexibility, not to mention, they’re just sexy! So, today I bought a 15″ MacBook Pro, installed Xcode, and started to work my way through the documentation.

I decided I’d chronicle my experiences as a complete MacOS newbie! Maybe some of this will be helpful to others, maybe nobody will read it, maybe somebody will decide to chime in and add some comments showing me the error of my ways, it’s all good!

Having used Windows extensively at work and Linux extensively for both work and personal reasons, I’m finding it to be very different than what I’m used to! (ESPECIALLY keyboard shortcuts!)

Theme Updated

Three years without an update made for a stale blog, so I updated the theme to a more minimalist and mobile friendly theme. Not that it really matters as I don’t write much and don’t get much traffic, but I was getting tired of the old look.

Goodbye, I barely knew ye…

Wow… I can’t believe how long it’s been since I last updated this blog.

In mid February I crashed my beloved Schwinn… hard.  Fractured my elbow, separated some cartilage in my rib… bodies heal (yeah!), bikes don’t.

I loved this bike… it quickly became, by far, my favorite bike of any that I’ve ever owned.  It felt fast and spry, and was beautiful — eliciting positive comments everywhere that I rode it.  I probably rode it about 4000 miles before encountering this:

Excessive Gap

It’s hard to see from this photo, but the gap was nearly 2″ wide at the edge of the drain.  What’s also hard to see from this photo is that the drain extends about 3 times as far into the traffic lane as most do, putting the gap directly in the path of travel of most cyclists [I normally would have been further left, but somehow I’d ended up further right than I prefer to ride].

I don’t remember anything from the fall.  One second I’m riding, the next I’m on the ground.  After that it was a strange slow motion sensation as I watched my water bottles skitter ‘slowly’ by, then my ziploc food containers from lunch, as I thought to myself:  “Strange, I didn’t zip my bag”.  Why such a thought was going through my mind, I dunno.

The final outcome for the bike was a bent fork, bent handlebars, bent brake levers, bent saddle, damaged rim, torn tire & tube, and possibly some other less obvious stuff.

Anyhow, here’s a parting shot before I salvaged the undamaged parts:

Ouch… look at that fork.

It was nice while it lasted.  It now hangs in my garage, stripped… maybe some day I’ll find a LOOOONG fork for it — the LBS put an alignment gauge on it and says that the frame itself is straight.

Good Penetration Testing Live-CD?

I needed a penetration testing tool to ensure that a particular computer didn’t have any known vulnerabilities. Wanting something that didn’t have to be installed I started looking for live CDs, particularly one with Open-VAS installed. I tried numerous different CDs, all of which had some show stopper issue that made it not work. Most of them seemed to put more focus on making the UI look “haxxor 1337” than actually doing the intended job.

I finally stumbled upon a really good one! Don’t ask me how… I’d forgotten the name and tried to find it again, and even knowing a bunch of keywords I couldn’t find it with any of the search engines. Hopefully this link will help raise its position in the search game because it really deserves it!!

Shadow Circle, a PenTesting LiveCD that works!
Shadow Circle, a PenTesting LiveCD that works!