Page 2 of 12

ESP8266

This little board is a cheap serial to WiFi device that allows hooking up devices like the Arduino to WiFi for wireless control.

I plan on using this for my room lighting whenever I get around to playing with it.

Image-1

Privacy – Passwords

Passwords are hard to make secure these days, and we need to have more than one password because if your one password gets stolen then the malicious person can access everything you own. The problem we encounter having so many passwords is we now do not remember passwords. So what do we do when we don’t remember passwords? We write them down in a note book. What is wrong with writing them in a note book? Well, say someone found it in your house or you keep it in your purse. You lose all your passwords and someone else knows them. Another issue is that when we make a password, we don’t come up with something random; we usually just go about making it something memorable which means it’s something like married1998 or spotthedog23. These are some of the worst passwords one can come up with. Why? Because hackers can guess these easily because they know people do this. So the passwords you really need should look something like B^xD2$9zXP@#9t68w4U4UJ5r%J77SV. But there is no way you would want to type that or you would remember that, so this is where Password Managers come into play.

Password Managers keeps track of all the passwords you use, makes it easy to use them, are able to make unique passwords for sites you use, and they encrypt your passwords using a Master Password to protect them from just being stolen. These are all great reasons to use a Password Manager.

Here are some password managers I recommend:
1. LastPass
https://lastpass.com/
LastPass is a cloud based password manager which stores all your passwords in their data center and syncs between devices and browsers you use. One issue with going with a cloud based password manager is if they don’t do security right, malicious people can possibly break in and steal all your passwords. This is something LastPass has done right.

They had break ins in the past, however each time nothing important was stolen and they learned from their mistakes. At most what was stolen was a hash of the master password which they know how to hash the passwords so well that it’s incredibly hard to reverse into the actual password. For this reason, this has become the password manager for me.

They allow one type of device for free, Mobile/Tablet/Computer, but if you want to use more than one, it costs $12 a year which is a steal for something that protects your online life.

2. KeePass
http://keepass.info/
This is an open source password manager which is free but platform availability is limited. It was made for Windows, but has Unofficial releases for Linux, Mac, Windows Phone, Android, and iOS. I don’t personally trust “Unofficial” releases, so I’m sticking with LastPass.

3. 1Password
https://agilebits.com/onepassword
This password manager is quite nice, the only thing that prevents me personally from using it is it doesn’t support Linux and is expensive in my opinion at $50.

Now my recommendation on how to do passwords is as followed.
1. Have a password you don’t care about for sites you don’t care about that don’t have important information (like forums).
2. Make your master password long and have lots of entropy (many kinds of characters). You can use something like https://www.grc.com/haystack.htm or https://passwd.gec.im/ to get an idea as to how good your password may be.
3. Pad your master password, example put %^@3 at the front of the password and *22#$ at the end or something like that.
4. It’s ok to use phrases to make the master password memorable. Like maybe “I walked to the Candy Store, and I found some Butter Finger candy bars.” That mixed with some padding is “&*2^ I walked to the Candy Store, and I found some Butter Finger candy bars. $#6(” which could take 50.42 thousand trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion centuries to crack.
5. Use absolute random max length passwords for any place that has your credit card info or access to your money.
6. Protect your email address with two factor authentication and a random password because it can be a weak point for entry into your accounts.
7. Use two factor authentication on your password manager if possible so people have to both know your password and have your phone to get in.

 

This is what you have to do until Public Key encryption becomes popular. The one I’m waiting for is https://www.grc.com/sqrl/sqrl.htm.

Privacy – Search

Choice of search engine is another item which helps protect your privacy. Both Google and Bing keeps a log of everything you search for and uses it to improve search results and provide information to the government when requested.

Google https://history.google.com/history/
Bing https://www.bing.com/profile/history
Yahoo (A bing proxy) https://search.yahoo.com/history
Ask doesn’t provide you with a way to see or delete history, they do collect this info though.

In order to provide better privacy, you have to use a proxy site. These proxy sites would search on your behalf and not keep logs of what you search for or when you search. This protects you when you search for “How to build a bomb” and don’t want to get caught ;).

Proxy Search Sites I recommend are:
1. searx
https://searx.me/
https://github.com/asciimoo/searx
This is the one I personally use, it is open source, secured with SSL properly, and provides many preferences to customize which search engines you want enabled. My personal settings is DuckDuckGo and Google as the search engines. One thing I never understood is why they default to Google and 3 Bing search engines (Bing, Yahoo, and DDG).

2. privatesearch.io
https://www.privatesearch.io/
Another implementation of searx, but not fully updated and uses CloudFlare as an intermediate so I do not know how safe it is. Because CloudFlare is a man in the middle, CloudFlare could be keeping logs and the server that actually hosts it could be sending the data insecurely to CloudFlare. So you can use this service if you like, just beware of the details.

3. DuckDuckGo
https://duckduckgo.com/
This search engine is the most popular proxy search engine out there. There is two issue I have with it and that is it’s a proxy for Bing and other search engines (https://duck.co/help/results/sources/) which doesn’t give me the search results I want being a programmer and also DDG is not open source, so I can’t see how they work.

4. startpage
https://startpage.com/
This is a Google search proxy which is similar to DDG. the only thing I have against it is it’s not open source.

Everything is up to you on what you want to use. I may eventually write my own search proxy in go because go is my favorite language. I had a search proxy before, and I even attempted to make my own search engine which crawled the interwebs, but quickly found that I failed quickly at it. There is a reason these search companies has multiple gigabit connections and lots of servers.

Privacy – Browser

The next line in defense is the web browser you use because it is usually what you use to talk to the world. If you use a browser which doesn’t respect your privacy, you are basically giving the company everything that you do online. If you have a plugin that is prone to vulnerabilities, you risk being exploited and having malware take over your machine. Due to OS browsers not being updated quickly, I would not recommend using the browser that comes with your OS unless it’s an Linux/BSD system.

Browser Suggestions:
1. FireFox
https://www.mozilla.org/en-US/firefox/new/
This is the one browser I use and recommend. It respects the privacy of it’s user and is updated constantly to fix security problems. Firefox also has an advanced extension API which allows for tools to increase security and privacy far better than other browsers.

2. Chromium (not Chrome)
https://www.chromium.org/
Chromium is the open source version of Google Chrome which is safer to use than Google Chrome when it comes to privacy. It’s not as good as Firefox, but is good enough for some people.

Extensions:
1. HTTPS Everywhere
https://www.eff.org/https-everywhere
Available for Firefox and Chrome

This extension is designed to force websites which are known to support SSL to be SSL at the first connection preventing the use of tools like sslstrip on such websites which watches for the first insecure connection and prevents the redirect to a secure version.

2. Privacy Badger
https://www.eff.org/privacybadger
Available for Firefox and Chrome

Privacy Badger is an anti spying extension which watches how third party domains behave and if a third party domain is acting like a tracking site Privacy Badger will take action ether blocking cookies or blocking the domain entirely preventing the third party from tracking you.

3. uBlock Origin
https://github.com/gorhill/uBlock
https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm
Available for Firefox and Chrome

uBlock Origin blocks content that may not act in your interest such as advertisements, sites known for malware, and sites known to track. It is light weight and highly configurable.

There is another extension called uBlock which is similar, but not maintained by the original developer. I recommend going with the extension by the original developer.

4. uMatrix
https://github.com/gorhill/uMatrix
https://addons.mozilla.org/firefox/addon/umatrix/
https://chrome.google.com/webstore/detail/%C2%B5matrix/ogfcmafjalglgifnmanfmnieipoejdcf
Available for Firefox and Chrome

This extension is made for the more advanced user. It allows white listing of specific things websites can do, first and third party.  It is somewhat like a addon for Firefox which was hugely popular with the security community called NoScript, but seems to do some things differently. uMatrix is written by the same guy who made uBlock.

5. Referral Blocking Extensions
https://addons.mozilla.org/en-US/firefox/addon/refcontrol/
Available for Firefox

RefControl allows you to control which sites gets what in the http referral header. The http referral header tells websites where you came from which can be used for tracking purposes and other privacy invading actions.

I set the default action for sites not listed to set third party to forge my referral meaning when I leave one site to another or when one site makes a request to another it looks like I’m coming from the site which I’m going to and not the site I actually came from.

https://chrome.google.com/webstore/detail/referer-control/hnkcfpcejkafcihlgbojoidoihckciin?hl=en
Available for Chrome
Referer Control provides the same power as RefControl for Chrome based browsers.

Plugins:
Make sure you do not have Flash or Java enabled on your browser. It’s ok if it’s set for click to enable, but having it enabled by default is a bad idea with all of the vulnerabilities which exists in these old plugins.

In Firefox you can check what’s available by going to “about:addons” without quotes in the address bar.
In Chrome based browsers you can check by going to “chrome://plugins/” without quotes in the omni bar.

Privacy – Operating Systems

The first thing to think about when you think Privacy is the operating system (OS) you use. If you’re using an popular OS, that leaves you open for being a target by the hacker community. If you’re using an OS which doesn’t care about your privacy, such as Windows 10/8/7, you risk your information being seen by administrators of the servers or by hackers who break in.

For every operating system, if it’s not the one you use you will have a learning curve to learn how to use it and find new Applications to replace other ones you used.

Here are some of my choices for an Operating System.
1. Mac OS X
Apple does a good job at privacy and security by providing privacy tools, asking up front if you want to enable something that may infringe on your privacy, providing full drive encryption, preventing random applications you download off the internet from running unless Apple itself is aware (white listing), and providing built in anti malware which can be updated on the spot by Apple to remove newly found malware or prevent them from being installed.

There are some disadvantages to using OS X though. You are pretty much stuck with buying or having a Mac to run OS X. You can get around this with what is called hackintoshing, but you have to understand UNIX pretty well to do so. Being one of the top operating systems, there are some hackers that are looking into vulnerabilities which Apple isn’t exactly quick to releasing patches. Apple usually waits until they have a lot of things to fix before they release a patch for the OS.

Some advantages are because it’s a popular OS, lots of programs are being developed for it and you can even run some Linux applications on it using Xorg.

2. Elementary OS
https://elementary.io/
This OS has no issues with privacy as far as I am aware and in-fact has a privacy enhancing mode which makes things you do, such as browsing history, temporary. It acts as an OS and nothing more.

One thing Elementary OS does well is look pretty. It is based on Ubuntu which is based on Debian so you get all the benefits of both in one. You can configure it so that the Dock is auto hidden or auto shown so it doesn’t take space on screen giving you a lot of space for windows.

Because Linux isn’t popular, you will not have as many programs as are available for OS X and Windows, but you can use Wine to run some Windows programs or even run Windows in a virtual machine to run all Windows programs. Elementary OS comes with the Ubuntu Software Center which is a directory of programs you can install which makes finding alternatives easy.

You get amazing security using this because it is Linux and any security vulnerabilities are patched quickly by Debian.

3. Linux Mint
http://www.linuxmint.com/
Same as Elementary OS but with a more Windows like UI. The different versions are just different UIs available, I encourage you to play with the different versions before using. If you would prefer not to be based on Ubuntu, but based on Debian itself you can download the Debian Edition http://www.linuxmint.com/download_lmde.php

4. Ubuntu
http://www.ubuntu.com/
Ubuntu does have some Privacy issues out of the box, but you can easily disable that issue via the privacy settings. By default Ubuntu includes web results when searching in the Unity search box, this both slows down results and is a privacy issue because everything you type in the search box goes to Canonical (the parent company).

Ubuntu sort of mixes Mac and Windows into it’s own thing as far as UI goes. Everything else is the same as Linux Mint and Elementary OS.

The great thing about Ubuntu is there is lots of support for it. It’s hard to find software that will not work on it. If you have trouble, there is a great community ready to help.

If you want Ubuntu without the UI provided and without the privacy issue, Ubuntu Gnome (https://wiki.ubuntu.com/UbuntuGNOME/) exists which uses the Gnome UI. Xubuntu (http://xubuntu.org/), and Kubuntu (http://kubuntu.org/) also exists which uses the XFCE UI.

5. Debian
https://www.debian.org/
This OS is more for the geeky community. It’s more bare bones and doesn’t come with a software center making it harder to find software for the normal user of a computer. It has great privacy and provides multiple UIs, I recommend you try the different UIs in a virtual machine before using. I personally like Gnome and the standard Debian UI which is chosen by default.

6. Arch Linux
https://www.archlinux.org/
For the true geek. You have to know Linux to install the OS. They have tutorials that teaches you what you need to know to install, but you will likely get lost if you don’t know much terminal. You start off in a terminal, you have to format and install onto a hard drive manually, you have to configure the internet manually, you have to install a UI manually, it’s really is for the true geek. You get the best privacy and security with this OS though because they have packages always up to date which means you get security updates really quick. Some things requires you to use the user repository which is hard to use unless you have yaourt installed.

7. BSD Variants
https://www.freebsd.org/
https://www.netbsd.org/
http://www.pcbsd.org/
http://www.openbsd.org/
I have not tried NetBSD, PC-BSD or OpenBSD, but I’m assuming it’s similar to FreeBSD. These are true UNIX solutions which means many of the programs that works on Linux will also work on these systems with minor or no changes to the code. The only issue I have with BSD is I do not know how well support is as it’s even less popular than Linux. Mac OS X has some things based on FreeBSD like the user space and Juniper (a commercial router company), and Netflix uses FreeBSD as their core OS.

From what I’ve seen, installation is similar to that of Arch Linux, so it’s not made for the common user who doesn’t know much about terminal.

 

For the best privacy, I recommend Arch, BSD, Debian, Linux Mint, or Elementary OS.

You can test any of the Linux operating systems I have specified with Virtual Box (https://www.virtualbox.org/) which is an open source virtual machine environment for almost every OS.

Before installing, make sure to backup any important files as you may accidentally or intentionally delete them.

When you want to install to a system, simply burn the ISO to a disk or use YUMI (http://www.pendrivelinux.com/yumi-multiboot-usb-creator/) to put onto a USB drive and boot off the installation media.

Installation steps are different if you want to dual boot with your old OS or if you want to single boot into the newer one. Single boot is always the easiest method.

I need a better lens.

Even my new lens is not good enough for the moon. I need a telescope with a t-ring and a t-ring adapter for my camera. The camera has great resolution, just not great zoom.

Image-1

Photos from Colorado

DSC04998 DSC04999 DSC05010 Panorama

Desktops

I haven’t posted in a long time, so may as well post images of my desktop internals.

They have nice specs. They run UNIX/Linux 90% of the time. The gaming machine is the only machine that runs Windows and it runs it with the web browser sandboxed and in an standard user account. I don’t want those drive by sites taking over the machine. Usually when I download something for it, I download using UNIX/Linux and scan it before moving to the windows side. Something you will learn about me is I can’t trust windows.

Photo of media server.

DSC04976

Photo of gaming machine.

DSC04977

Find a Girl Friend

You can do anything in Linux
http://code.snipcademy.com/tutorials/command-line/how-to/find-a-girlfriend

YouView now Open Source

YouView has been updated and is now Open Source! https://github.com/GRMrGecko/YouView http://u.gecko.im/YouView

I decided to go open source due to lack of time to update and now that I pretty much deleted all my bad code from years ago.

« Older posts Newer posts »

© 2017 Mr. Gecko's Weblog

Theme by Anders NorenUp ↑