Category: Compgeeky

Posted on

Once More Into the Breach

. . .or not.

I see articles occasionally about the death of passwords, creating effective passwords, blah-blah. Well, passwords and the insecurities created by stupid (or lazy. . . or more like both) people and their password habits aren’t going away any time soon, and most of the articles suggesting improvements are seriously lacking in effective counsel. Most now suggest pass phrases with common substitutions of symbols and numbers for letters, but really, how many folks will do that? Others suggest using password managers (I often suggest this, myself, but even users who have PAID me for consulting rarely make even the exceptionally minimal effort to effect this change in their behavior *sigh*).

So, what’s a solution? When it comes to ID10T errors like lazy or stupid (or both) password behavior, the only solutions seem to be either eliminating the users or letting them reap the effects of their bad behaviors.

*meh*

Now, I’ll admit that my own normative password policies would definitely not appeal to most users, although it baffles me why that case is, save for excessive laziness on their part. OK, so here’s a loose outline of a process that’s super simple and easier than most pass phrase processes. That it is similar to my own is purely coincidental. 😉

Select a song from childhood or early youth that can you reliably “sing” mentally. Or choose a memory shared only with people you have not seen for many years.
Extract an inner verse from the song or a visual from the selected memory.
Using the verse as a passphrase, extract ONLY the first letter of each word in the verse; using the visual of the memory, create a passphrase and do the same thing.
Now, with those passwords extracted from the passphrases, make your substitutions of symbols and numbers, as appropriate.

There. Relatively long, complex, fairly uncrackasble (in any reasonable amount ot time), easy to remember passwords. I have a couple passwords created by means similar to this that are 60-some-odd characters long, though most websites don’t allow passwords that are really all that long. No problem typing such passwords, because the pass phrases they are built on are extremely memorable, and I really don’t have problem typing long passwords.

Of course, for non-critical sites, I go ahead and use LastPass. *shrugs* I only allow it to autologon to sites that have no (genuine) PII for me and where I DGARA about some bad actor getting in, but I still use strong passwords, anyway. Oh, and a good VPN ALWAYS when online.

As for my devices, a good firewall (actually, firewalls on the devices that do not conflict with a hardware firewall for the network), strong passwords, encrypted PII, solid backups of data, and physical control of access will have to suffice.

Still, I cannot recall the number of calls (OK, I could go back on my records, but that’s where I will pead laziness *heh*) I have had from folks who “forgot” (or worse, “mislaid”–which means they had it written down somewhere) the passwords for their computers. *smh* Baffles me. It truly does.

Posted on

Me$$y$oft’s Windows Update Process Sucks Sewage

So, since I was closing in on 10,000 wins and no losses in what I call “Zen Freecell” (the “classic” Windows 7 version), Me$$y$oft decided to kill it on my Win10 box. Naturally. That’s not so bad, since I only played it while doing other things (watching a movie, listening to music, whatever) for relaxation. It’s not as though it were any kind of challenge. But it’s just a symptom of the kinds of things Me$$y$oft has taken to doing to users of Windows, such as the REALLY irritating things like resetting all the associations with non-Me$$y$oft software to only Me$$y$oft versions, if included with any sort of Me$$y$oft OS build. No thank you. Re-associating programs each time I open something Me$$y$oft wants me to use one of its crappy programs/apps to open is only likely to encourage me to move this box off their OS, too, no matter how much I need Windows to use ONE particular piece of software.

And all of that is after clearly and specifically designating a day and time for updates to be installed and having Me$$y$oft just effectively say, Screw you. I’m gonna wait until you are doing something productive and kill what you’re doing by rebooting to install “updates” no matter what I agreed to in the scheduling process.”

Me$$y$oft is trying to make me hate it and its products. And, you know, it’s working.

Posted on

Is Your “Smartphone” Spying On You?

Maybe.

Well, no: probably. If you use it to access social media sites (FarceBook, et al) or any Google service, almost certainly. Heck, there are growing claims that smartphones “listen in” to conversations happening within access of the phone’s mic, like so-called “smart” TVs do.

So?

I’ve worked with computers/networking, etc., for ~30 years and am certainly no Luddite, but my phone stays OFF (and usually in another room) when I am not making calls. I check it now and again for messages from any whitelisted folks, and (very rarely, and only when I’m away from a desktop/notebook/large format tablet–which is very, very rarely, since I almost always have one of the three at hand) I might use it to check something on the web, but only when locked down fairly well and using a strong VPN, while on a local network I trust to be well locked down, as well. I see no reason to let a phone run my life or be connected to any old whomever who might want to contact me.

Other phone “tracking” things?

I don’t need GPS. I’m not helpless or “directionally challenged.” I know how to read a map, can navigate with or without (usually) a compass, and check my routes before heading out anywhere I’ve not been before.

Yes, I got lost once (on an overcast day, on a system of rural gravel roads and two-tracks in rough terrain, off my projected area of travel for that day–no excuse, since I simply left my compass and map for the area behind that day). I stopped and asked directions (because I’m also not completely stupid).

I like the convenience of having computers, tablets, cell phones, etc., but unlike many I know nowadays who would probably be pleased as punch to have their dumb “smart” phone embedded in their body, wired to display in their field of vision, etc., I think I can handle a lil disconnection now and then.

Posted on

Passwords

I’ve used various techniques to devise memorable passwords and pass phrases over the years that are easy for me to recall but nevertheless fairly strong.

Here’s one (though it’s not currently active for ALL my password use).

Password construction: Take a song that’s at least 400 years old and uses an archaic form of the language in which it was written. Pick the third (or fourth, or whatever “interior) verse. Sing it backwards. Use the words in this backwards order to construct a password using the second (or third, or whatever; choose at semi-random) letter in each word. Use a number representing which letter of the words, when sung as written, you are using as a part of the embedded “key” to the password. Add at least two symbols that remind you of the site or app you assign the password to and “key” them to the site or app visually or audibly–whichever is a stronger memory gift for you.

Frankly, this is a bit difficult to do for folks who have neither an extensive repertoire of Renaissance (or older) music and lack both a good audial memory and the ability to sing/play something backwards, but it’s fun for those who do. . . or at least for me.

*shrugs*

For added complexity, one can take the reversed song and invert the tune, using the letter names of the resultant tune in the password.

Singing a song inverted and backwards, silently as in one’s mind’s ear, in order to extract the password makes me smile, so it’s worth it even if I have to type 60 or more characters.

Don’t do this for a WiFi password for your local network, though. Other folks will probably get lost trying to type it in and give up. Wait. No, DO use this for a WiFi password. It’ll really cut down on traffic. *heh*

OR. . . just use something like Lastpass to generate and “remember” your passwords, if something like this seems like too much work. You lazy bum.

Posted on

Thought Experiment in a RW Situation

So, my Wonder Woman’s lil personal notebook began exhibiting some serious problems.

The “Black screen after login” issue
When video regained, extremely slow non-response (click, wait several minutes, whatever was invoked finally displays, etc.).
Hard drive light on, solid. Task Manager (again, problems loading TM) showed 100% hard drive usage, almost constantly.

So, I knew what the problem was, generally, but thought to meself, “Self, approach this as a moderately intelligent non-techie would approach it,” and searched the web on those behaviors. Sure enough, failing hard drive was the consensus among views.

Now, I could have dragged out some serious tools, but decided again to limit myself to the above parameters and just used whatever hard drive repair tools are built into Windows 10, invoking a hard drive scan and repair the easy way by shutting the computer down mid-boot a few times (it was taking almost 10 minutes to get to the login screen anyway,
so I just emulated the behavior of a frustrated non-techie, to wit:
“Maybe if I shut it down and restart it. . . ” *heh*).

Continue reading “Thought Experiment in a RW Situation”

Posted on

Plus ça change, plus c’est la même chose?

Or is this “Déjà vu all over again?” *heh*

Now the guy who “wrote the book” on safe passwords has changed his tune and is now advocating using long passphrases.

The thing is, I’ve advocated this sort of thing off and on for years, here at this lil Third World County blog, because it’s an easy-peasy way to have long, complicated “passwords” that are easy to remember. I’ve even posted hints on how folks can “crack” my “passwords”

Hint: many of them are based on, but deliberately do not accurately reproduce, verses from 16th-to-19th Century art or folk songs in any one of six languages, and frequently run well over 64 characters. None of them spell all the words out correctly, and many do not use any of the actual words at all. Go ahead. Crack ’em. For me, they are easy-peasy to remember, though, ‘cos I can just “sing” the songs in my head as I type the passphrases, and because I am an “Odd,” the substitutions I use make sense to me but would seem almost psychotically delusional to “Normals”–or computers.

(Example of “Odd” perceptions/views of reality not directly related to my passphrase substitutions: numbers and mathematical functions have colors, shapes, and positions in 3D space for me. It’s how I “see” mathematical solutions without following steps in formulas. In a similar vein, word substitutions in art/folk song lyrics in foreign languages are “colored” and “shaped” by how I see and hear the words in my mind’s eyes and ears. So, easy to recall, for me, difficult to reproduce for any Normal or logical process.)

So, as I have said, have fun cracking my passwords. I’m sure there are some really Odd folks out there, somewhere, who’d enjoy doing just that. 🙂

Posted on

More on Safe Internet Use

VPNs can be handy things. The better ones offer much safer (note: safER) Internet use, and even less good ones have some value. I’ve been appreciating the switch to Speedify on Windows computers here on our home network. Fairly decent security boost, and I very much appreciate the side benefit of compressed data use.

Unfortunately, every time I have attempted to install Speedify on my Android phone, it reports having been installed but shows up nowhere. Even browsing the files on the device turns up no evidence of its presence. So, I’ve resorted to using “Opera VPN” (SurfEasy–acquired by Opera recently) on that phone. It is at least a wee tad better than using the (SurfEasy) VPN built into the Opera Browser, since it appears to simply remain active on the device whether I am using Opera or not, but it’s still SurfEasy, an MOR VPN, IMO.

If one doesn’t have a VPN subscription anywhere else, defaulting to Opera and enabling the built-in VPN would certainly improve one’s security over no VPN.

Posted on

Silver Lining to “Wanna Cry” Ransomware?

If there is a silver lining to the recent Wanna Cry ransomware outbreak, perhaps it is this: heightened security awareness among the sheeple. *sigh*

Here are some general things to do, gleaned from a few articles and my own experiences dealing with other folks’ malware infestations:

  • Don’t pay
  • don’t click on email attachments*
  • Keep your software up to date
  • INCLUDING your security softwares!
  • Back up your personal files, and make at least one system backup of a stable, clean system.

*See the asterisk above? Yeh, that. Being able to send and receive email attachments is one of the important features of email, so not opening ANY email attachments vitiates the usefulness of email. Not a problem. First, only accept attachments from someone you know. Verify that the email actually did come from that person. At least look at the headers, but if ANY possible question exists about the email’s authenticity, ASK THE PERSON WHO SEEMS TO HAVE SENT IT! And always, ALWAYS, ALWAYS scan email attachments with up-to-date security softwares.

Even if I have done all of these, I have sometimes saved the attachment offline, then opened it in a virtual machine to check. I have actually caught two “baddies” this way, though it’s been years since that time.

Nothing in the short list above is at all difficult to do, and not even really time-consuming either. It’s just common sense, something sorely lacking among many users (which is exactly how <300,000 computers were hit by “Wanna Cry”–users self-infecting).

Posted on

A Brief Note to Both of My Readers

*heh*

For any of your completely clueless friends, Malwarebytes’ blog is full of articles on malware, written for easy accessibility and comprehension by casual users. Nothing technical, just simple (sometimes too simple), easily-grasped blogposts about malware for folks who do not want or need technical stuff but who could benefit from a wee bit of awareness of threats.

https://blog.malwarebytes.com

Posted on

The Continuing Search for a New Web Browser

Since more and more sites are becoming even ruder about browser use–going well beyond simply browser sniffing, now–Opera 12.18 is starting to become a little more difficult to use as a default browser. It still does work fairly well, apart from aggressive attempts to lock “old” browsers out by some sites, but only in Windows 7 and 8/8.1. Windows 10 seems to simply not “like” it.

Sad, because it has many features other “modern” browsers–including Opera ASA’s “Chopera” (an Opera browser based on the Chrome rendering engine)–either lack or do not implement as well. Mouse gestures as clunky or just weird in most other browsers that implement them natively, and mouse gesture extensions have uniformly proven to be crap. Newsreader integrated into the browser, no add-in required? Nope. Granular–really granular–control of features/customization? Nope. Bookmarks that really work and can be easily organized? Nope. Even the best at importing Opera bookmarks and allowing organization requires laboriously reorganizing each separate folder and sub-folder, one at a time. That’s a bit tedious when one has a couple of hundred folders and thousands of bookmarks. (I treat bookmarking sort of like a library card file catalog: I want everything saved where and how I want it, organized into subject folders and searchable any way I want. Yes, I weed my “catalog” pretty regularly to eliminate dead links. Doesn’t everyone? 😉 )

I could go on and on, because there are many, many features baked into the “old” Opera that are just not present or are poorly implemented in all the other browsers I have tried. The one that comes sort of close to being a replacement, but even it doesn’t allow real customization, has clunky mouse gesture implementation, lousy bookmark organization, no built-in newsreader, and doesn’t let me choose my preferred default search engine, even though it shows a procedure for doing so! #gagamaggot

OK, so just checked again. Since the last time I tried and became disgusted with it, Vivaldi Browser at least does now import my bookmarks and does–almost–sort them, at least closely to their original organization. Manual sorting thereafter looks straightforward (though still tedious). But the rest? *meh* Notsomuch, it seems. *sigh* For example, it limits the number of “Speed Dial” columns to six. I prefer ten. Why bake in such stupid limitations? That’s just one of many such dumb ideas.

Still hunting.