April 29, 2012

Verifying My Signatures

 Oh yeah, it's been brought to my attention that my signatures cannot be verified depending on browser and version.  This is because different browsers put formatted text into the copy buffer using different methods and interpretations.  Also, blogger truncates the last endline necessary for a verified file.  The solution is for me to start putting up posts in the format I sign, but until I have the webspace to do that, here's what you can do if you REALLY want to verify a post:

  1. Get Firefox.
  2. Update to most current version.
  3. Copy from right after the title to right before the 'pondered' portion.
  4. Dump into a  text file.
  5. Tack on the empty newline at the end.

Gosh, that's dumb.  Sorry!

Keeping track of passwords: KeePass

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Most people who use passwords do not use them correctly.  This is because the way passwords are supposed to work has very little in common with the human mind.  The best passwords are long and random and contain symbols and other things that are just dumb to remember!  Even worse, so many different locations demand their own logins, which under best practices means you need a new password for each.  That quickly turns into worst practice as users get fed up with making/memorizing new passwords and simply re-using an old one.

It's a good thing this is a solved problem!  There are tons of programs that will remember your name/password combos for you, of varying complexity and completeness.  After digging around for a day or two, I found one I really really like: KeePass.  KeePass is open source under GPL v2, meaning it's both kinds of open.  It uses an encrypted datastore so that, without a master password, other people can't get into it.  And most importantly, it's got enough base features to be really easy to use, even when I'm doing complicated things!

Since I like it so much, I figured I'd write a quick guide for how to use it effectively.  It does automate a whole bunch of stuff, but takes a touch of work to get it into the right place.  Also, there are a few tips and tricks I learned to make the whole process more enjoyable.  Install it, and I'll go from there!


Using KeePass For The First Time

Alright, KeePass uses an encrypted file store, so the first time you use it you'll need to make a new one.  Go to File->New, and specify a master password.  You'll need this password every time you want to open the file store.  Note how KeePass tells you how strong your password is (pick one that's better than 40 bits).  You should also pick a keyfile, turning it into a something-you-have + something_you_know situation.  Check the checkbox and pick an existing file or make a new one.  Just make sure it's at least a kilobyte in length and that it won't change after you start using it!  I snagged some output from /dev/urandom and made it my keyfile (I protect it in other ways).

Once you do this, the keystore will be made.  On the left you can see the organizational structure for a new store, and you should just delete all those entries (take a moment to familiarize yourself with the icons at the top).  You can organize your keys in whatever fashion you like.  The left-hand panel uses a folder-like hierarchy, and it goes Group->[Sub_Group->][..]Keys.  So, a key has to have a top-level folder, but depth and breadth are to your personal taste.  If you prefer tagging instead, you can add your tags in the notes and search by them.  Easy!

So... you can add groups (top-level folders) and sub-groups by right-clicking in the left panel.  Make a group now.

After you do that, click on that group and then click the icon that is a key with a little green arrow.  This is how you create new keys for a group.  There's a ton of stuff in this window, but it's actually really easy to use.
  • The title is what the key is for (ie: Netflix).
  • User Name: the login name for the account
  • Password/Repeat: holds your password, whether you type it or generate it
  • Quality: How much your password does or doesn't suck
  • URL: Where you made the account
  • Notes: Any generic junk you want.  Tagging terms can go here
I haven't used Expiration or Attachments, but I'm sure they do what you'd think.  These things are all pretty evident.  The excitement comes from clicking the icon just below the '...' button.  Since making random passwords is something you should totally be doing since KeePass remembers them for you, the program automates this for you!

 So after you click the button for it, the Password Generator pops up.  Create a new profile and call it Convenient Random Passwords or something.  Set your length of generated password to 20, then make sure 'Generate using character set' is checked.  Check every box EXCEPT 'Space' and 'High ANSI characters', then click Generate at the bottom.  Don't worry about how many bits it has, it has enough.  Press Accept.

You're back on the Key Creation page, if you're following along correctly.  If you press OK here, your key is made!

I Have Keys, What Now?

If you want, add more groups/subgroups/keys.  Once you're ready to actually use a key, find it in search or the left-side menu, then right-click the key and choose Copy Password.  Ctrl+C also works.  Go paste it into the web form you're logging into.  It should let you log in, without having even seen your password in letters, and using a random+safe password at that!  After you paste it, KeePass, will clear its clipboard buffer, meaning you won't be able to paste it twice... into a live chat, for instance.  This is most of how you'll be using KeePass.

Configuration Considerations

KeePass has a ton of settings to fool around with, but here's a quick run-down of the really important ones.  Open the options by going to Tools->Options.
  • Security
    • Lock workspace when... (2)
    • Lock workspace after...
  • Memory
    • Check Enhanced
  • Advanced
    • Start and exit (these are to taste, but I'd go insane without them)
      • Remember Last Opened File
      • Automatically Open Last Used Database On Startup
      • Automatically Save When Closing/Locking The Database
      • Limit To Single Instance

Final Tips And Tricks

The previous stuff is about using KeePass in everyday situations.  However, sometimes further considerations are warranted.

KeePass is capable of importing/exporting to a whole bunch of formats, including PasswordSafe and other KeePass databases.  It's super-easy to use both sides of these features in my experience (although it makes sure you really want to export your passwords and stuff in plain text).  You should keep a copy of your database file somewhere other than your main computer, just in case.

Since importing/exporting is so easy, I've made a habit of keeping a central password store in my safe file scheme, and then tailoring my local KeePass database to only what I need on the specific machine.  For instance, my work computer has remote server logins and logins for nearby/delivering fast food places, while my home machine has my video game logins.  Keeps things nice and tidy!

For the especially paranoid, you can configure KeePass's encryption setup by going to File->Database Settings.  There you can increase the times the encryption key is calculated (more = longer static time = harder brute-forcing) and the algorithm (although it's only AES or TwoFish, and AES is publicly unbroken).

There's a whole bunch of other things to noodle around with, so don't be afraid to mess around with the settings!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iD8DBQBPnfDVdzdg8zBNoIARAprOAKCNdNsP3E3Cr2WtSAMHW7yMN/4p6QCfckBH
eUwtCzB9WgBy7ATMyTpw0DU=
=2/7E
-----END PGP SIGNATURE-----

October 01, 2011

Signal Transmission (or: Why You Should Never Buy Monster Cables)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


I spent last night drumming, so you fanciful folks get a simple article this week.

Do You Buy Hardware Cables?

Have you ever wondered why, whenever you go to a big box retailer like Best Buy or Circuit City, the prices you see for simple cables can extend upwards of $40, and sometimes more? Sure, the packaging talks about gold-plated terminators and being twelve times faster than the competition, but does that really justify the price difference? I'm here to help you learn a bit and potentially (hopefully!) save a great deal of money.

History Lesson

In order to do that, I'll have to tell you a little bit about what those cables are actually doing. In order to give you a good grasp of the situation, we'll need to go back to the difference between analog and digital signal transmission. Any time you want to transfer information between two pieces of hardware, you're going to need some variety of wire or connector. It used to be the case that we'd just stretch copper wires between them, letting the hardware pretend that it was just a really long internal connection. This is actually how most speakers in home theaters and car sound systems are wired today: just take some copper cables, connect them to the right terminals, and the speakers take the actual electrical impulses from your player to reproduce the sound. This is what analog is.

Digital signals, on the other hand, are more complicated in their execution (but not conceptually difficult). When one piece of hardware, for instance a DVD player, wants to communicate to a visual display, say a television, the DVD player starts off with the raw data it's trying to display. How the data starts off (zeroes and ones on a DVD, magnetic charges on a tape, a ceramic disc with grooves) doesn't really matter. That data needs to be in a format that the television can understand, so there's hardware inside of your DVD player to turn the input (whatever it was) into something the TV can understand. Then you use a cable to transmit that digital signal to the television, where it's converted using dedicated hardware into the picture that you see.

The Difference

Long, boring, blah blah blah. Why's all that important? Well, it turns out that analog and digital signals have a major, critical difference. When analog signal is degraded or weakened, you start getting interference with your output. If you accidentally drive a staple through a cable wire (the horror stories from working as support at Time Warner are deep and many) but you don't use a cable box, you'll still probably be able to see a picture on your screen, but it'll have all sorts of white flecks or static in it, and your audio will hiss, and all sorts of other terrible things. However, if you take that same exact pierced cable, and run it through a cable box (which turns the analog signal from the cable wire to a digital one (technically your TV did that with the cable wire itself, but don't worry about that)), you'll be lucky to get a picture a quarter of the time, and weird green boxes, a black screen, and no audio the rest.

You see, with analog transmission, you never have a perfect signal (there's always some variety of signal loss when transmitting analog signal), but it's pretty resilient in handling information loss (stapling the wire). With digital transmission, though, it's generally an all-or-nothing situation. I say generally because in most cases, the manufacturers of hardware try to deal with information loss, but it's must harder to get right than just accepting issues like analog does. In the earlier example that involved a cable box, the same staple that gives you some static with analog can completely stop you from getting your shows with digital.

Why We Use Digital Transmission

With that in mind, why do we use digital at all? Well, the normal situation for folks is that the hardware and the wires are fine, in which case digital give you perfect signal reproduction when you'd always have loss with analog. The much cooler thing is that digital information uses much, much less bandwidth (or how much data can go across a wire at a time) than analog. Analog is kind of a brute-force solution, where a single type of information is pushed across while trying to keep it as close to the source as possible. Digital uses zeroes and ones to transmit the information perfectly, and it's much easier to cram zeroes and ones together while still getting them to represent the same thing. When you're able to push more data, you can have more colors, more pixels, more channels, more everything!

The Take-Away

Alright, that lesson's over and done with. Now I'm able to tell you why it matters! Digital allows you to transmit data flawlessly, so long as you meet a minimum of bandwidth and don't have too many problems with the cable or hardware. The people who make the specifications for this are really good at what they do (usually a consortium for each specification, made of several companies that have a vested interest in getting it right (among other things)), and they leave a lot of breathing room in specifications for growth and failure. So long as you meet the minimums they provide, things just work.

Why are Monster Cables and their ever-present ilk evil? They attempt to con potential customers into believing that gold-plated terminals, or super-precise build standards, or potential transmission speed, or the dead chicken they have glued to the ceiling of the factory actually matter. Here is what's actually important when buying a cable:
  • make sure it's the type you need for your hardware
  • it must meet the minimum specification
  • it should probably be certified (differs per cable, but not as important as you think)
  • it should be long enough for what you're using it for
That's it. In other words, the wire could be made of tin and the terminals made out of rubber, but so long as it meets the specification, it will work.

Extra Special Bonus Round

If you're still with me, I've got an awesome gift for you for toughing it out. If you need cables, order them online. Those $60 HDMI cables you see at Best Buy? It turns out they cost less than $10 from reputable dealers. It can go as low as $5 if you wait around for sales. Here's a link for one right now! Pretty sweet, eh?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iD8DBQFOhquEdzdg8zBNoIARAvdkAJ9q+rNy8H4DPkMjcVhgOSCUtjdFQQCcCrU9
d8gpguhrtw9emYa/N5Yj9KA=
=pxdx
-----END PGP SIGNATURE-----

September 24, 2011

The Internet Enables: Music

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi again, everybody! After a decent break, a soul-blood pact has brought me back here, and this time I'm bringing some Bandcamp with me. It holds a special place in my heart for a wide variety of reasons, and I wanted to talk about not only why I enjoy it on a personal level, but also about why it's an interesting property of the Internet. No lists this time around, though; you'll have to read through (and also click the links!) to get what's up.

Before I can get into the nitty gritty, you need to know what it is first. Bandcamp is a musical distribution hub that pretends it's a website. Pop open this link right now. There's a white square with a black triangle, which is also a play button, and you should press it. When you do, music by Cloudkicker will begin streaming to your computer from somewhere out on the Internet, and it'll exit your speakers. The particular sound you're listening to right now is the seventh song in the album, "Push It Way Up!".

While that's playing (hope you enjoy prog metal/rock!), here's what makes this amazing: Cloudkicker is a one-man band that has no label, no production studio, and no advertising budget. It's actually just the name some guy (Ben Sharp, from Colombus OH if you must know) picked out to represent the music he'd be sharing with folks. From start to finish, he authored, recorded, mixed, and produced it all himself using a combination of drum-authoring software and guitars. After he had the tracks put together (and the album art, and so on and so forth), he signed up for an account on Bandcamp, configured the album's landing page to his liking, and loosed it upon the world.

Essentially, this is the first portion of why I like Bandcamp: you don't need to be signed to a label or independently wealthy to spread your music. You don't even need fancy, expensive software or instruments or even a super-powerful computer (although those help!). Right now, at this very moment, you could do the very same thing. All you'd have to do is go grab a copy of Audacity for whatever OS you're using to read this, create some samples from Youtube clips, loop them into a nice 4/4 beat, and throw it up on Bandcamp.

The point goes much further than this, though. Traditionally, to make an actual living off of your music, you used to need to know a guy who knows some dude who has a studio-like environment for mastering (or god forbid purchase the hardware yourself), and then produce cassettes or vinyls or CDs, and then figure out how to get people to pay money for them. This, as one might imagine, was outrageously expensive. Labels originally existed to essentially find a high-potential (read: guaranteed money-making) band, front them money to get an album or four made, and then profit from the investment.

The problem with labels in general is that they want to make money. A fair amount of it. All the time, from everything. They're a business, so that's what they're supposed to do! Unfortunately, making money means minimizing your risks and maximizing your profit, so new bands should have a sound that is known to widely appeal to audiences already, or makes only a few changes to known formulas. Bands that are already well-known are expected to continually produce music that is easily recognized as matching their previous style, even though there are exceptions (and rebels like Mastodon). Additionally, since getting a band's name out further than the street corners and venues of your home town is very expensive, labels are essentially who choose what music gets heard, and where, and how often across the country.

This assertion leads me right into point number two: the Internet goes pretty much everywhere. If you type the URL for Bandcamp, you get there (from most countries, anyways). If someone in the United Kingdom makes a ton of pony-themed mixes, I can listen to them without a plane trip. Talent from all over the globe now has a matching platform upon which they can share whatever madness or beauty they can create. This is actually quite similar to OCRemix, but it's original or themed music instead of video-game music. There's another, more critical difference, though, and it's a doozy.

The final point I'd like to make is actually the biggest one: Artists set the price for each track and for whole albums, and Bandcamp helps them collect. If Bandcamp operators were to hear an album and say to themselves, "this is the second coming of music, and we could be billionaires overnight if we charged oodles for it," but the artist just wants folks to have it, then the most that album is going to cost people is a dollar. Full album downloads can even be free, provided a couple of cases are met (artist pays at most $0.03 per free album, or the album is selling at a good rate... it's complicated but in an awesome way). In fact, all the albums that I've linked in this article are, at the time of writing, available for $0. Big 'ol nothing. Free as in beer. That dime you found on the sidewalk? Keep it, because you won't need to spend any portion of it on these!

Of course, if you like what you hear, you should definitely pay money. Brace yourself for the warm-and-fuzzies, though; Bandcamp is very different from essentially every other music provider today, online or otherwise. When you decide to pay for an album, the biggest cut Bandcamp will take is 15%. Mind you, they have to use payment collection services like any other internet-based store, which nibbles out another 4-6%, but in essence if you fork over $10 (which is less than you'll pay for ANY good album at a brick-and-mortar store!) at least $7.50 is going to the artist. If this does not blow your mind, here's a kick-ass chart you need to see.

That money's not going to advertising, or fancy parties for the recording studio, or shareholders, or distribution rights, or airtime, or any of that nonsense. It's going right to the people who made the music. Not only are you making sure that artists you like are more likely to make more music, you're also rewarding someone for their talent and hard effort. Even more: if you've never sold something you've made with your own two hands, it's the best feeling in the world to know that someone else will pay for something you made.

Okay, if you've made it this far, here's the take-away: click here, find something you really like, and give the person who just made your day better in FLAC/MP3/WAV/OGG/whatever format a thank-you.

*

Since this is a blog or something, here's a bunch of stuff I like:
Cloudkicker (prog metal/rock)
Dan Dankmeyer (super-progressive metal)
Gradient Audio (dubstep, wub-wub!)
Jackle App (bit of everything electronic)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iD8DBQFOfWtNdzdg8zBNoIARAq0XAJ9ugHcyXDiZ7S8QdfTMh8PuTAqapgCgiSqL
w5YbztCVn8x4m9wG3JWW6u4=
=pFIc
-----END PGP SIGNATURE-----

March 25, 2011

Normal Person Passwords

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The last post, I will admit, was heavy on details and light on usable information.  It was also super-long.  While I won't apologize (I know reading long things is a dying art, but I would rather folks didn't read me at all than to get a quarter of the way through a post and say 'tldr'), I am more than happy to make this one fun and sweet (and two days late (and apparently also super-long)).

How to make long but memorable passwords:
Human minds are fascinating things.  They're terrible at remembering random data without that randomness being made less random, but remember associated information with an incredible level of detail.  Even minor details can stick around for years with just a few recalls.  The trick is to think, then remember and use repeatedly.  I'll give you a trick for making random passwords in these easy steps:
  1. Think of your most favorite thing.  It can be an activity, or a club or group or class you go to, or your dog, or whatever.  You might think of a few good ones, but pick one.
  2. You can't use this, because everybody knows what it is.
  3. Think of another thing that you like.  If it didn't even cross your mind when making the first thing, it's a keeper.
  4. Next, think of your thing, and see what bubbles to the surface.  This is a right-brain activity, and may take a moment or two.  A few words, ideas, pictures, sounds and things like that should stick out.
  5. Combine two of those right-brainy things with the idea you chose.  If they're too random, pick a few things you know you'll remember.
  6. Harden the password (which is lower).
As an example, I ran through the steps and had to discard a handful of really common junk until I landed on Bicycle. Riding a bike makes me happy, and I do it on occasion, but it's not exactly a central point in my life.  Folks know I do it, but I'm not a fanatic about it... it's just a thing I know.  Some right-brain thinking later, and I wound up with the fact that I recently replaced my bike's chain, and bike chains are different for multiple gear setups.  This is a bit too random, and hard to memorize, so I'll make it a bit easier by using my memory of replacing my chain with a 15-speed-length one.  So, smushing them together, I get Bicycle15Gears.  Pretty good, but it needs hardening!

Password hardening is using a few quick rules you keep to yourself about changing letters and numbers in your password.  Some ideas (don't use all of these, or the first one, or first two; mix and match and make your own!) are here:
  • Last letters in words get capitalized ('spears' turns into 'spearS')
  • Hold shift on the first and last charactors in the password ('GreenGardeningGloves97' becomes 'GreenGardeningGloves9&)')
  • Put some charactor between each part of the password (2HandRails becomes 2_Hand_Rails)
  • Type all numbers twice (sweet59 becomes sweet5599)
  • All passwords start with a character (DropTheBomb becomes $DropTheBomb)
Anything that doesn't make your password more simple (like capitalizing all letters) makes it better.  In my example, I'll put a character on the beginning and end, making it ^Bicycle15Gears^, then separate my words with underscores.  After that process, I have ^_Bicycle_15_Gears_^.  This is a good password; it has uppers, lowers, numbers, and special characters, and is longer than 10 characters.

Alright, so now you have a super-secure password that will be easy to remember.  That doesn't make it any harder to type... but keep in mind that the harder it is for you to type (*not* remember!), the harder it is for anybody to crack it.  What should you do with this new, incredible password?

Download KeePass.  The top left box (which is Standard Exe for Windows) is probably the best bet.  When it's installed, start it.  Click File->New.  You'll get a dialog.  Put your new super-duper password into this box.  If REALLY want to be secure, choose a keyfile (which uses the file as another kind of password).  If you do, make sure to pick a file that's always gonna be around!  Choose a heading (I did Internet) and click Edit->Add Entry.  Fill out the generic information (title is Facebook, the rest is secret), then when you get to the password area, press the [...] button, then the little key right below it.  Press Generate a few times, until you get a lot of bits of randomness, then press OK.

BAM.  With that paragraph, you now have a way of having tons of login names and passwords while only having to remember your super-duper password.  This is as safe as you can get without diving into paranoia-land (your ankle-deep in it right now!).  Happy passwords!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iD8DBQFNjDvEdzdg8zBNoIARArI3AJ4zyGL3aGU5tskIkXr2y1YetXf79ACfWaqZ
2mfkeIUvFGzSn09PgqnBr+M=
=XEeJ
-----END PGP SIGNATURE-----