Opinion/Editorial/Life

Cleaning up My Password Security

Ramen Junkie 0 Comments

encryption-imageIt seems like there is an increasing amount of hacks and leaks lately.  These also seem to be larger and higher profile targets more and more.  Recently I’ve been seeing stories about Last.fm and Dropbox accounts apparently being compromised as well as a vulnerability in vBulleten, a popular Message Board hosting tool.  For the most part, a lot of these hacks are going to be harmless, for now.  Any website that actually matters is probably (they better be) using salted passwords, making a password dump mostly useless.  Though in Last.fm’s case, apparently 96% of the passwords were decrypted because their encryption algorithm was shoddy.  Still, it seemed like a good time to check over my Password Security.

Beware, those music scrobbles you see might actually be the music taste of some Russian or Chinese hacker!  Seriously though, I don’t really see the point with hacking Last.fm, I’m not entirely sure they even have any sort of financial data.  I imagine the email list is sort of useful for spam accounts.  I suppose there is also the issue of people using the same passwords everywhere.

The good side of these hacks, the lists get put on-line, on hacker sites or TOR sites, and there are several places that take these lists of leaked accounts, dump them in a database and allow you to search to see if your account shows up in a list and for which site, if available.  With all of these recent lists I went through and checked my primary email addresses and found about 20 entries between the two of them that had been compromised.  Most of those were vBulleten Boards that I had signed up for 10 years ago, never posted to, and had forgotten even existed.

I mentioned the problem of using the same password repeatedly.  I’ve got several “layers” I use for how much complexity I put into my passwords.  Financial sites, large buying sites (eBay, Amazon, etc), all get unique passwords.  I just remember those.  The next level, things like Facebook and Twitter, also get unique passwords, but I have some basic algorithms I use to generate them, mentally, so I can remember those as well while keeping them unique.  Sites like the ones that were compromised, tiny one off bulletin boards with little risk to me if they get hacked, I admit, I use the same few passwords on a lot of those.  Especially older ones from ten years ago, before I got serious about my online security.

Ironically, these sites are now possibly my most secure passwords.  Because I used Lastpass to generate the passwords.  Lastpass is a plug in for pretty much every browser.  It remembers your passwords, and syncs them across your Lastpass account.  I’ve used it for years to store and sync passwords, but I never really bothered with the generated passwords feature.  The best practice at the moment, for passwords, are long strings of random characters, lastpass can create these, and then remember them, so you don’t have to.  I don’t know what my new password is for the PPCGeeks message board, but I don’t need to, because when I visit, Lastpass will enter it and log me in.  It’s long and complex.  I mostly avoided this feature before because it pretty much meant I would never be able to log in via mobile since I would have to manually type the password in.  Lastpass now has a mobile solution, but I also just sort of accepted that, I’m never going to visit many of these sites on mobile anyway.

The even better solution, when available, is to use 2 Factor Authorization.  Something you know, a password, something you have, an Authenticator.  Every mobile platform has an authenticator App.  If you happen to be one of the 1% using Windows Phone like me, the Microsoft Authenticator works just like the Google Authenticator when setting it up.  When I want to log into say, Dropbox, I enter my username and password, like normal, and then I am prompted to enter the generated code from my Authenticator.  It doesn’t matter if someone else has my password, because they don’t have the Authenticator, which is randomly generated and can’t be duplicated.  I use this for any site that has it, which is almost all of the “big ones”, Microsoft, Google, Dropbox, etc.  I actually get frustrated when it’s not available, like when my Rockstar Games account got stolen 6 months ago or with Playstation Network, which has had like 3 or 4 hacks now.

Windows

Skype Preview, now with Skype Bots!

Ramen Junkie 0 Comments

As part of the recent Windows 10 Anniversary update, Skype was updated to Skype Preview.  Part of the preview is the new Skype Bots system.  Bots are the new Apps, which are the new Websites, or something…  Everyone is doing Bots these days.  These early bots are about what you might expect, simple interactions that may or may not be useful.  I did some testing with some of the bots.

There is also an If This Then That Bot, which I’m not going into detail on here.  I think it would be better served with it’s own separate write up.

Big News Bot

Bing News BotSimple enough, enter a topic, it returns 3 news stories related to the topic.  It seems to be pretty good about returning newer stories as well, though in some cases a bit repetitive.  I did a test search for the following…

Halt and Catch Fire, because I’ve been watching the show.  I got 3 results, all behind the scenes write ups, but all different angles on it.  They clearly invited people by to build up buzz for Season 3

Gene Wilder, because he passed away today.  It’s possibly the biggest story of the day.   I got 3 stories returned, all about his passing.

Pana, IL, because it’s where I live.  We don’t get a lot of news around here relating to the town, but it did return a story that was in the news recently.  As well as a couple of others that were more just “area news”.

Taylor Swift, because she’s in the gossipy news a lot.  I received three stories about her reporting for Jury Duty.  This topic and the Gene Wilder results kind of give an idea of the sameness problem.  I don’t really need the same story three times.  There isn’t any obvious sources listed wither so it’s not as if you can choose your preferred source.  Clicking a headline is a blind shot for where you’re going.

Honestly, I’m not sure how useful this really is.  Chances are you’re looking for news on a topic because you already know what the news is, ala Gene Wilder dying.  Otherwise, you’ve probably seen it already on some social media.

Bing Image Bot

Similar to the News Bot except it returns 3 images.  I did a test search for Cats.  It doesn’t even return the images, just links to the images.  You’d be way better off just going to images.bing.com and getting all the results, in a nice visual grid.

Trivia Master

Trivia MasterMoving on to some of the game bots.  Trivia Master is just as it sounds.  You tell it to start, it asks ten trivia questions on a topic, then gives a score.  The answers are multiple choice, so you don’t have to worry about spelling or exact wording.

It’s alright, but kind of a one trick horse that’s old as the hills.  The individual scoring flies by too fast as well, meaning you’ll have to keep scrolling back up to see if you were correct or not.  This problem is compounded by all of the wasted space in each of the message boxes.  It would make for a better party game or maybe some sort of back and forth with another Skype friend.

Candy Escape

Candy Escape 02Probably the most complex bot that I tried out was Candy Escape, a game that is reminiscent of the old Interactive Fiction games (ie ZORK).  You must solve puzzles and escape the candy prison.  You are the Walking Meat imprisoned by Candy.  It’s mostly pre-definined choices based, though not entirely.  For example, I was asked “What is the password”, which was just typed out with no choices offered.

It’s not without it’s quirky bugs though.  Early on I retrieved a rope from a skeleton after examining it.  Later, upon a second examination, the rope was gone from the image shown, but there was still an option to take it.  I also seemed to get stuck in a loop and the game’s hint wasn’t helpful at all.  I needed to escape from two guards, but my only option was to tell them to leave, which they refused to do, or to remove the crown, which just gave me the option to put the crown back on during my next choice, which brought me back where I started.

PC Hardware

On My New Acer Aspire E15

Ramen Junkie 0 Comments

Acer Aspire E15 So, right up front I want to say, I’m not trying to sell this as the most amazing machine ever or anything.  I mostly just want to give some thoughts and sort of initial impressions.  I’ve been previously using an HP 311 Netbook as my laptop.  I would argue, at the time, that it definitely was “The best Netbook”.  It’s like 5-6 years old now, it runs like complete crap despite my best efforts.  I’ve replaced the battery and power cord on it 3-4 times, it has all sort of flakey issues with the trackpad and keyboard that start to crop up after it runs for a bit, it’s just, definitely showing its age.  I’ve updated it recently with an Acer Aspire E15.

I’ve been trying and working towards a replacement laptop for a few years now.  I’m awful about saving up large chunks of money given my other hobbies and saving for a laptop is quite a chunk of change.  It also doesn’t help that I keep within my own personal spending budget, and a lot of any “extra income” over the years went to household needs and outfitting everyone else in the family with laptops.

My other problem was trying to decide just what I wanted.  Ideally I wanted something nicer, say, closer to $1000 or so than $500, but saving to that point is kind of a huge hurdle.  I wanted something capable of running games all right, I don’t need or want “highest settings perfect framerate” but I wanted something that would run smoothly for the games I like to play.  These sort of requirements presented a few issues.  Most of the more expensive laptops push form over function, so they would probably work all right for my needs but the higher price mostly means I’m paying for “fancy” looking.  Anything that’s a “Gaming” laptop in that price range is probably overkill for what I want and would be a 40 lb slab of computer.

I also have lost track of “what makes a computer good” several years ago.  Mostly because computing power really plateaued for general use a few years ago.  There’s not a huge difference in computers now than 3-4 years ago aside from power consumption, which is kind of minimal.  In the old days it was simple, more mhz, more ghz means it’s better.  The only real “requirement” I had for processor power was i5 or i7, no i3.  I wanted a decent chunk of RAM, say 8GB+ and some sort of discrete GPU.   Just having some sort of GPU vs “Intel Integrated Graphics” would meet my gaming needs.

Acer Aspire E15I also decided that at some point I needed to stop waffling on what I wanted and just pick something.  I did some searching around on Amazon, filtering specs and such to get less and less selection.  I had kind of been hoping to find a Lenovo Thinkpad but none of them in my price range meet my Graphical desires and they are all brickish.  The brick part wasn’t such a turn off as the integrated graphics.

I eventually settled on the Acer Aspire E15.  It’s a relatively new release (seems to be 2016), it met my desire on specs, it looked fairly nice design wise, it has a ten-key pad.  It was also within my current budget at around $550 dollars.  I did some checking online for reviews and chatter on Reddit and it seemed to be a pretty well liked machine.

I ended up finding it for a $100 less on NewEgg as well, with a 1TB 5200 drive instead of a 256GB SSD.  Now I had a choice to make, way more storage, at a much slower speed, or keep the nice quick SSD.  I even considered ordering the 1TB version and buying an SSD to put in it, essentially giving me a free 1TB drive to use for, whatever.  In the end, I opted for the SSD, for more money.  Having the extra 1TB drive is actually less useful to me than it sounds, I have something like 8-10 TB easily already going in the house across several machines, and I wanted the performance boost of the 256GB SSD.  Also, the hassle of figuring out the best way to install the OS onto the SSD, while not hard, was more trouble than I cared to bother with.  The whole point of upgrading is performance boost over my old laptop.  The most frustrating part of my desktop is I’m still using shitty 5200 RPM drives in it, and it’s the main bottleneck for sure.

Acer Aspire E5-575G-53VG Specs

  • Screen Size: 15.6 inches
  • Screen Resolution: 1920 x 1080 pixels
  • Processor: 2.3 GHz Core i5 6200U
  • RAM: 8 GB DDR4-SDRAM
  • Hard Drive: 256 GB flash_memory_solid_state
  • Graphics Coprocessor: NVIDIA GeForce 940MX (2GB)
  • Operating System: Windows 10
  • Item Weigh: 5.3 pounds

Acer Aspire E15So, onto the actual laptop on some initial impressions.  I’ve been using it for a few weeks now.  It is definitely a nice improvement over my old netbook.  I like having Windows again, though I still like Linux, I like the keyboard with its chicklet keys, I’m satisfied with the size and ports.  It’s even got a USB-C port, which I didn’t notice before buying it.

The 256GB drive is a little tight.  I mostly just need to keep myself more limited to things I’m actually going to use but I’ve installed World of Warcraft, Skyrim, Minecraft, Wildstar, Photoshop, Diablo 3, Office 2010, and a handful of developer apps and I’m already down below 100GB free.  It’s a bit too close for my comfort but I’ll learn to deal with it.  Also, everything runs nicely as expected, though the machine does start to get pretty hot after running Wildstar and Skyrim for a while.

It’s not a touch screen either.  Back when Windows 8 was the hot thing, I would have been all over a touch screen, Windows 10 took us back to a more traditional interface and so the touchscreen is less necessary.  It’s still something that’s kind of neat if it’s there, but it’s less required.

In general, it does seem like a pretty good all-around machine for the price point.  That said, you could probably drop down a bit in price if you don’t want something with a discrete GPU.

My DIY Projects

My DIY Dance Dance Revolution Hardpad

Ramen Junkie 0 Comments

IMGP0429Something like ten years or so ago, I built my own hardpad for use on Dance Dance Revolution and Stepmania.  Most of the pads that are easily bought are “soft pads”.  These vary in quality, I have a couple of pads that are pretty light weight and plastic I used ages ago.  These pads tend to get damaged pretty easily, especially when wearing shoes, and slide all over the place when playing.  When i used mine in college I actually taped it to the underside of the rug in the dorm and taped out the grid of squares on the surface, so I could play using my shoes.  I’m sure the people living below me loooove that.  Probably as much as I loved the people above me who played dice constantly.   Some more pricey are made of a thicker though still pliable rubbery material.  These mats slide around less due to the grippy nature of the material, but they can get worn out and damaged by the rough beating of shoes.

The ideal pad is a hard pad.  These can run hundreds of dollars on-line.  They also tend to be large and bulky and heavy.  Shortly after i had finished in college I decided to employ me newly acquired Engineering design skills to build my own Hard Pad.  The electronics part was easy.  I went to the local used game store and asked for the cheapest used PS2 controller they had in stock.  The guy behind the counter actually asked if I was planning to build a DDR pad with it, which was funny since I was.

The pad itself was a bit trickier.  I’d studied several design ideas on-line that others has built.  I wanted something that was less bulky than most of the pads I’d seen.  I also wanted to keep costs down somewhat, which meant using a little material as I could and not having to invest in a bunch of expensive triggers to wire into everything.  The trigger is the key component of course, since it registers the steps when playing.  The dead squares are all just plywood covered in sheet metal.

The sheet metal is also what I ended up using to build the triggers for the step squares.  When you press a key on a video game controller, all that happens is that an electrically conductive pad is flattened and shorts the connection between two copper pads on a PCB board.  When the electrical short is made,  current can flow which causes some chip somewhere to register the button press.  For my step pads, I simply enlarged this process by attaching plates of sheet metal tot he base and to the bottom of each step pad.  To give the pads some cushion and bounce, I placed strips of weather stripping bought at the hardware store between the base and the pad.  Stepping on the pad creates more than enough weight to overpower the weather stripping causing the two sheet metal pads to connect and trigger, stepping off allows the weather stripping to flex back up pushing the pad back to a neutral, unconnected position. I took some CAT 5 cable and soldered it to the sheet metal contacts and the appropriate parts inside the PS2 controller to replicate the button press action inside the controller.

Everything else was cutting wood, attaching corner brackets and attaching sheet metal.   Here are some old photos of the process.

The general construction was sound, but it had a few issues that I never really got around to fixing until more recently.

In the original design, I soldered the connections for the step pads tot he controller’s D-pad.  Mostly because the solder points were larger and easier to solder to.  This had some unintended side effects that made the game unplayable at any higher difficulty level.  By design, the controller never expects opposite D-Pad buttons to be depressed at the same time.  That is, it doesn’t expect the player to press left and right at once, the D-Pad generally controls movement in most games, why would you need to press opposite ways at once.  Dance Dance Revolution has “jumps” in more difficult stages, these are sequences where two arrows have to be matched at the same time, as in “jumped on”.  Since the D-pad doesn’t register left+right or up+down, these jumps would never register and were always considered a miss.  Kind of game play breaking in the case of DDR.

I also wanted to add a box to the set up, to replicate the buttons on the front of a real DDR machine used to select songs and options.  Not something important, but it would add to the effect, and if I ever got really ambitious, I could build a whole cabinet someday.

The other major issue, when I built the original design, I didn’t really do any real management of the wires between the controller and the pad.  They kind of strung around on the sides, they were all too long, and the controller itself was permanently attached to the pad, making moving and storing tricky.  I wanted to make the controller bits, detachable.

I’ve since solved all of these problems with some improvements, all somewhat related.  First problem was the triggers not working for jumps.  This was simple but tedious.  I needed to reqire the buttons from the D-Pad to the face buttons (Triangle, Circle, Square, X).  These work just fine when pressed together, lots of games have combinations where you have to press several buttons at once.

Please Parton my Shoddy Soldering

During this process, I also pitched the controller shaped housing and stuffed everything in a generic electrical project box.  I soldered the 4 shoulder buttons to 4 buttons attached to the box lid, to be used to interfacing with the menus.  Problem 2 solved, everything is in a nice box.

IMGP0430

The last bit was to make the controller easily detachable.  There are 4 pads, each with 2 wires, for a total of 8 wires going from the controller to the pad itself.  I was already using CAT-5 cable for the wire, it had 8 wires in it, so I attached an CAT5 end on the controller piece and a CAT5 receptacle to the dance pad.  Now the two were easily separable and securely attachable.

The ultimate test of course, does it all work?

stepmaniaresults

I’ve run several sets of tracks using the new set up and it certainly does work.  My DDR skill needs a lot of improvement to get back up where it was at my peak, but the pad itself works just fine.  Which is sort of the point, because it really is a fun way to get a pretty good workout in a short period of time.

 

 

IOT Projects

Saving a Slice of Raspberry Pi

Ramen Junkie 0 Comments

Raspberry_Pi_LogoSo of all the things on the network, the DNS and DHCP server are pretty important.  Especially because my experience has been the router the ISP provided is kind of mediocre at doing the DHCP job.  So when the Raspberry Pi I’ve tasked with doing the work started flaking out I was a little worried.

After some investigation, it seems the SD card had lost a sector, or whatever the equivalent thing is to a sector on flash memory.  These things do have a bit of a limited life and this particular one was a small 4GB card that was a little older.  Four gigabytes isn’t even above the recommended size for the Pi, but I knew I wasn’t planning on putting a lot on it.  Problems arose when it started dying though.  There actually isn’t much using the PiHole, some of the things my wife does with coupons and such I suspect might get blocked and I don’t want the headache of dealing with trying to manually whitelist things and complaints that this and that isn’t working.  The DHCP is another issue.  When the DHCP server disappears, it seems anything using it simply can’t connect to the internet.  I have a lot of static assignments but there’s quite a few assigned by the server.

I may have to look into setting up a secondary backup server, maybe on one of the CHIPs even.

I started out simply re-imaged Raspbian onto a fresh card and setting things up again following the tutorial I had posted.  Everything went pretty smoothly except that I was now out my old config file and would have to go through the hassle of recreating all of the changes I’d made adding and removing devices.

So I went with a new strategy, why not just clone the old card to a new one.  Unfortunately, Win32 Disk Imager, the recommended tool for imaging these SD cards, couldn’t read the whole card, it got hung up and failed partway in.  So I turned to my laptop and Linux hoping for something more robust, which I found in ‘dd’.  It probably stands for “Disk Duplicator”, but don’t quote me on that.

I started running dd to make an image of the old card to put onto a new card, unfortunately, it also failed, like Win32DiskImager.

Back to Square One…

After some searching, I found this post suggesting something called ddrescue.  Most of it wasn’t anything I needed aside from the following.

sudo apt-get install gddrescue
sudo ddrescue -v /dev/sdb /dev/sdc

A few things of note.  My laptop, like many, has a build in SD slot, I added a second using my USB card reader.  I opened the disk manager to get the path to each card, /dev/sdb and/dev/sdc.

This command also hit an error at the same point as both Win32DiskImager and the “dd” command, but it pushed on through, recovering everything else.  At this point it’s a matter of hoping that one bad spot wasn’t int he middle of an important file.

« Previous PageNext Page »

You Missed

Opinion/Editorial/Life

Thoughts on Twitter, Musk, and Alternatives…

Journal

Eclipse Adventure

Other Photos

Full Solar Eclipse, Anderson, IN (2024)

Opinion/Editorial/Life

On Artifact App Shutting Down