Categories
Personal Computing

Oh no, Mr. Bill

Yesterday while I was writing my holiday letter, I was also sorting out, or trying to sort out a Win 10 virtual machine that went wobbly. The symptoms were that it was very slow, the start menu had gone missing, Edge had gone missing, etc.

The Moocher uses Win 10 to run ESplanner, a financial planning tool that evaluates your assets and recommends future spending to maintain purchasing power and stretch assets until estate time. This program is currently Windows only and is not friendly in Linux Wine and other simulated environments. Most MacOS users run a copy of Windows in a Parallels virtual machine.

Why Parallels and not Virtual Box

In the past, the Moocher has attempted to run Windows guests in Linux hosted Virtual Box environments. These mostly worked but JSAF development would typically eat the machine with topography database, computation, and network traffic. Virtual Box worked and the price was Navy approved.

But it was not well integrated with the OS. Parallels is. In addition to providing a virtual machine environment, Parallels provides file sharing, cut and paste between environments, and allows MacOS apps to work with Windows documents. The experience is pretty seamless and Parallels carefully designs the VM to integrate with MacOS in a way that keeps Windows in its jail. The only real difficulties I’ve incurred are in doing keyboard spells to cause Windows to start in safe mode, etc. This is not a VM launch option and hand keying of the spell is difficult.

Categories
Personal Computing Photography

Adobe CC Lightroom with iTHings

Intro

Those of you who follow me on Facebook and Twitter know that I take a lot of snapshots with my iPhone or iPad and that some of them actually look good. The tools I use with my phone are Apple Photos for quick hacks and Adobe Lightroom CC for more thoughtful work. One problem with this arrangement was that I had to manually manage two photo archives, one in Photos and one in Lightroom. Recently, I learned how to get my Lightroom environment to behave like an Apple Photos environment. That’s what this article is about.

References

This article is summarizes information from two references that I used to get my environment initialized. Reference 1 gives much more detailed descriptions of the process than this CLiff’s Note does.

  1. https://tidbits.com/article/15640, Photos Everywhere with Lightroom CC and Apple Photos, retrieved 10/25/2016.
  2. https://helpx.adobe.com/lightroom/how-to/lightroom-mobile.html, How to get started with Lightroom Mobile, retrieved 10/25/2016.
  3. https://helpx.adobe.com/lightroom/how-to/edit-organize-photos-mobile-to-desktop.html, How to Edit and Organize Photos Mobile to Desktop, retrieved 10/25/2016.

What you need

In writing this article, I have the following kit. Other phones and cameras capable of running Lightroom Mobile work equally well.

  • An Adobe Creative Cloud photography subscription for $10/month
  • An Apple iPhone 6+
  • An Apple iPad Pro 13 inch
  • Adobe Lightroom mobile on both.

It is also a good idea to install Camera Raw, especially if you have a real camera (one you look through to compose images). And now for iPhone and iPad which make Apple raw format available.

The next two sections describe some configuration preliminaries in Lightroom and Lightroom Mobile. The secret sauce is to subscribe to Creative Cloud and log the devices in. Then create a CC collection for each device that will automatically receive new photos taken by the device’s camera. This happens in the camera itself and is independent of the GUI used to operate the camera. Photos taken with either the Apple Camera UI and the Lightroom Mobile camera UI will be queued and saved to Creative Cloud.

Setting up Lightroom Creative Cloud

I have a monthly subscription to Photoshop Creative Cloud. This subscription allows me to use Photoshop and Photoshop Lightroom, and Creative Cloud. Creative Cloud is Adobe’s network storage environment that allows devices to share a library of image assets across hardware platforms. The basic subscription includes enough storage to get started. As your collection grows, you can add more storage.

Once you have purchased your subscription, follow Adobe’s instructions for installing Photoshop Lightroom. Go to the preferences menu and enable Lightroom Mobile.

Setting up Lightroom Mobile

Install Lightroom Mobile on your phone or table using the platform preferred source: for Apple iThings, the App Store and for Android things, the Google Play store. Android people, remember that it is a dangerous world out there, Play Store only.

Once through the initial screens you will enable creative cloud.

  1. Tap the LR logo to bring up the dialog
  2. Set Sync only over WiFi as you desire (recommended)
  3. Set Auto Add Photos to on
  4. Set Auto Add Videos to on
  5. Set Collect Usage Data as you desire

Once these settings have been made, create an auto add collection for the device.

  1. Open the organize view
  2. Tap + to open the Create Collection dialog
  3. Create and name a collection.
  4. Once the collection is present, tap the collection’s … icon to open its settings form
  5. Enable auto add

Work Flow

My two collections are  iPhone photos and iPad photos. Both collections appear in Lightroom Mobile on my iPhone and my iPad and in desktop Lightroom CC. Lightroom CC groups them under Collection From Lr Mobile.

  1. Take photos with the Apple camera
  2. Open Lr Mobile and let it sit. It will import new photos from the camera roll and push them to your CC account.
  3. Open Lr and let it sit. After a bit, it will sync with your CC account.
  4. Edit your new work in the normal Lightroom CC way.
  5. After a bit, your edited images will appear on your devices.

Creative Cloud App

Adobe Creative Cloud also includes a manager program that provides the following services.

  • Checks for and alerts you to updates
  • Shows which programs your subscription allows you to use
  • Lets you monitor your storage usage
  • Lets you maintain your CC credentials.

Adobe has designed CC app to launch at log in and periodically do its checks. It has a status bar widget that lets you wake it from standby to install updates or download additional products from your entitlement when you find a need for them or to try additional Creative Cloud products. The trial collection gives you access to all of the video and still image tools, prepress tools, and web tools.

The Catch

The $10/month plan entitles you to 2 GB of online storage. Reference 1 explains how the 2 GB is used as follows

Adobe’s Creative Cloud includes just 2 GB of storage with the Photography plan for $9.99 per month, but there’s a twist: that 2 GB is dedicated to storing files in Creative Cloud that are shared with other CC applications. Photos you sync via Lightroom mobile do not count against your CC storage allotment, because they’re stored as much smaller DNG files and therefore don’t take up as much space; I’m guessing the amount is negligible to Adobe. However, keep in mind that you need to pay for a Creative Cloud subscription simply to use Lightroom mobile in the first place.

Categories
Personal Computing

A kind word for Microsoft

As you know, I’m a Mac, not a PC but recently, an Ars article about Microsoft Visual Studio Code caught my eye. I dropped by the Visual Studio Code website and downloaded a copy. Much to my amazement, I like it.

My work mates know that Emacs is my idea of an integrated development environment. But Mac Emacs ports are clunky. You either have to bring over all the MacPorts goodness or do with one of several adaptations of Emacs to the Mac Aqua UI toolkit. Making the switch between Linux genuine Emacs and Mac Emacs never worked for me.

Every time I tried to get started with Xcode, it was always too much trouble for some quick scripting or most anything else. Xcode really wanted to make Mac OS or IOS graphical applications in the genuine Mac way. Anything else was just too hard to figure out

So I was pleased to see that there was an alternative IDE that was not heavyweight like Xcode or Eclipse (Java — exploit rich Java). So I downloaded Visual Studio Code to give it a try.

Why would a moocher want VS Code?

I’m ODU Institute for Learning in Retirement (a Tidewater VA senior’s club) communications and technology committee chairman. Steady growth of the club over 25 years has forced us to replace our legacy single user office automation (Access homebrew DB app) with a multi-user online professional service.

In making this switch, we have to import 600+ member records from our legacy system into our objective system. The mechanism for doing this is to transfer the data to a MS Excel workbook that our vendor will subject to some script foo to cause our data to appear in our corner of his system.

The easiest way to do the transfer was to create a view containing the records we needed to move, sort the view to make record addition easy, and export the view to a CSV file that we could open in Excel. The trick was that the new system had accounts with contacts, field names changed, some fields like phone numbers had to be correctly formatted and the area code added, etc. So somebody needed to write a record swabbing script. That somebody was the CTC chair since staff couldn’t do it and I was the only programmer volunteer in the club.

Initial Experiences

VS Code downloaded without fuss and runs without fuss. It appears identical in both Windows 10 and Mac OS X. My time is in Mac OS X since I have the Xcode environment in place, git is there, python 2.7 is there and everything is ready to go.

In the past, IDE’s have been too heavy weight to use in a project of this nature. I’d always made do with Emacs, GDB, and Make. This is the first time I’ve successfully used an IDE for a simple scripting project. It’s also my first Mac Python project but the experience is very much like working with the language n Linux Emacs using PDB in an Emacs shell window. Very comfortable to old moochers.

Getting Started on a New Project

Most reviews, tutorials, etc assume that you will be checking out from an existing repository, making a task branch, making some mods, testing, and merging your task branch back into the sprint branch. I was starting with blank disk space so a little preliminary spell-casting was needed.

  1. Create the project directory
  2. Create a git repository root in the project directory
  3. Start VS code and open the repository root
  4. Add your code file
  5. Add code
  6. Test, edit, test, until you feel you have something worth committing.
  7. Commit.
  8. Resume work.

Language Support

VS Code requires  extensions to become smart about the language (syntax coloring, library functions, compilers and interpreters, running, debuggers and debugging, etc. A built in view makes it easy to locate the modules you need and load them. MS offers a number of contributed Python environments. Each has a peer rating, description, capabilities description etc. It is generally pretty easy to pick the extensions you need. If you are working in a Mac OS compiled environment, you’ll need a debugger interface for either GDB or the LLVM debugger in addition to the language extensions.

Once you’ve loaded all of the needed extensions, restarting VS Code makes them available.

Running Python

So far, I’ve done all my running in the debugger. One oversight of the Python module is that it does not provide a natural way of passing start options to a program. Instead, one creates a running environment by writing some JSON code in a specified format. If you’re not JSON literate, what’s needed is not intuitive. I ended up hard coding the input and output file names in main() to avoid the need to mess with this environment file.

The Visual Debugger

The visual debugger is typical of the breed. It has a code pane, a shell output pane, and to the left, panes for the call stack, watchpoints, active local variables, and function parameters. These last two show the current values of the data passed in the call frame and the locals in the current stack frame. Expanders open structured values to allow inspection of structure members or class attributes.

The code window shows where execution stopped. The left margin has line hot spots used to insert breakpoints. When stopped, mouse hover over a local causes the value to appear in a popup overlay. A button bar at the top of the debugging pane contains a left run button for starting the build/run cycle. A second run button starts execution. Additional buttons step into, step out of, and step to next line. A pause button stops a long running program. A stop button terminates the run. All pretty standard stuff. Button icons are clear but tool tips back up the glyphs on the buttons.

Build Model

I’m not clear on the build model. I believe adding a code file adds it to the build. My only experience so far is with 300 lines of Python in a single file.

Source Code Control

VS Code provides a git view that shows the source directory structure, each file in the directory (as filtered by .gitignore), and the clean/dirty status of the file. A badge shows the number of dirty files in the directory. Controls let you add and remove files from the commit list and make the commit. A text pane provides a place for the check in message. I’ve not had to revert to a prior version so I can’t comment on the tools for doing so. If a file has not been commited, it can easily be reverted to the most recent commit. I’ve yet to have to revert a committed change.

 

Categories
Personal Computing

Airmail?

For some years, Ive been looking for an alternative Email client for the Apple Universe. I’ve finally found one I like. Most alternative clients worked only with Gmail. This one works with iCloud, Yahoo, Microsoft, and other popular mail services that support POP, IMAP, or ActiveSync.

Unboxing

I bought the program for the princely sum of $10 on the App Store. It launched and configured without issue.

I have 2 step authentication enabled on most accounts so I had to do the following extra stuff.

  • Create an iCloud App Password
  • Do Apple 2 step authentication
  • Do Google 2 step authentication
  • Add the first account at startup
  • Add the additional accounts from Preferences (like Apple Mail)

This took a little fumbling around but Google found the appropriate instructions at Apple Support quickly and all worked as advertised.

Reading Mail

Once my accounts were set up, I could read my mail in a unified inbox or check each account inbox. Articles can be archived, deleted, snoozed, starred, etc. I never really warmed to the Google Inbox idea of using an AI to sort Email into the those likely needing action, those that were informational, and those that were adverts, etc.

The reader interface is modern, easy to figure out after using the traditional Apple and Gmail interfaces, and it was easy to review and clear new mail.

The program silently imported my Apple Contacts, Apple Calendar, and Apple mail archive. Everything was there and indexed. Many products ignored the existing mail archive and started a new one. It is a pleasure to see that Airmail uses the existing MacOS mail archive.

Writing A Message

The Airmail composer is a joy to use compared to Apple Mail compose window. In Apple mail, I always disliked the start as plain, switch to html, and difficulty with bold, italic, and lists, particularly terminating a list. Airmail’s composer has solved all these issues.

 

Categories
Personal Computing

Colicky iPad

I dropped it once too often. Black tape holds the glass bits in at the border. And it is getting colicky, generally by becoming unresponsive at odd times. I’m trying to hold out until the Fall to replace the critter because Apple will freshen the product line some time in October. This offers a couple of advantages: I can get the newest product or I can pick up the 2014 iPad at a discount. Either is attractive as the current one is an iPad 2 32 bit only machine. Eventually, Apple will loose interest in making IOS updates for this older 32 bit hardware.

What I’ve tried

  1. Back up to iTunes
  2. Weed media (magazines and book)
  3. Multiple restarts along the way until the storage summary looked good in iTunes
  4. Yet another backup
  5. IOS restore

Hyptheses

I working on two.

  • It just needs a good weeding and software restore.
  • One too many encounters with the hard has addled its brains (cracked trace or surface mount bond)

Maybe I can send it off to Cousin Kory for baking. I hope it just needs an IOS restore and app reload to make it good. We’ll see.

Categories
Personal Computing

Windows 10 in Parallels 10

Boy, the Windows World is different than the Mac OS X world. When Apple rolls out an OS X major update, it just works. The image downloads, the installer runs, and it works as advertised. And the OS X reviewers say useful things about it. The Windows universe is not quite as polished but Microsoft has made steady improvement with Windows 7, 8, and now 10. The technical toy press treats the Windows 10 roll out as “ho hum, yet another WIndows” kind of like “yet another Republican presidential candidate.” And the technical toy press is looking for clicks so most of the articles have scary leads for things that are not that bad. Is Windows 10 good enough to ditch my Mac? No. Is it good enough that I won’t mind cranking up Windows to run ESplanner? Yes. And I may even turn off convergence mode.

Convergence mode is a Parallels trick that lets Parallels make Windows files and Windows program shortcuts available on the desktop, in the dock, and in the Finder. Turn on convergence, click an icon, and the Windows application window appears in the OS X universe. Except to log in and log out, there is no need ever to look at Windows desktop. A nice feature but one that is nowhere near as necessary as it was a few releases ago when Windows was ugly. Windows 10 is well thought out, not a muddle of mouse and touch, and the new colors, dialogs, and features are easy on the eye and recognize that Windows is part of a larger universe of computing rather than the walled garden from MSDOS to Windows 7.

This article started out as a quick note but given the poor quality description of the installation experience out there, I decided to write a long form post for my peeps. Most of you change Windows versions when you decide to change computers. Most do this when the disk becomes colicky or one too many dodgy websites was visited and the machine became infested with adware or other user experience enhancements.

Why Upgrade?

Windows 7, 8, and 10 are the best Windows yet. As David Pogue explained in his reviews and in WIndows 8, the Missing Manual, Windows 8 is the two greatest versions of Windows yet. Windows 8 was an attempt to support both a mouse UI and a touch UI in a single operating system. Apple chose not to do this and carefully keeps OS X and IOS separate. In reality, they share a kernel and many enabling technology libraries but each has its own unique user interface library. Apple did this to ensure that applications would not have a mixed metaphor user interface. OS X applications are mouse only. IOS applications are touch only.

Because Microsoft tried to make one OS to rule them all, it got into trouble by mixing its metaphors. Some actions are mouse only, some are touch only, but many have both touch gestures and mouse gesture access. The catch is that it is difficult for the user to recognize which are which. Win 8 takes the OS X task bar and turns it into a task screen of Tiles. Tiles allow you to launch applications. Once an app is launched, the app can change the tile to show what the app is currently doing.

A charm bar on the right allows access to many Win 8 functions. To summon the charms, move the mouse to the upper right corner of the display and it will appear. Alternately, touching the upper right corner will summon the charms bar.

Windows 10 fixes the touch interface and mouse interface gaps. It also brings back the start menu to the bottom toolbar of each screen. Those folks I’ve spoken with also report that startup is faster, login is faster, and use is crisper and more intuitive than in Win 8.

The Buzz

I can’t find any. When OS X ships, Ars Technica has a major review of a hundred paragraphs or so. No interest anywhere to be found about Windows 10.

The Updater

Burried in the tool tray is an icon to download Windows 10. Click it. A process opens, thinks a bit, and reports that the VM’s display does not support Windows 10. This blows chunks in Parallels. The updater does not approve of the Parallels 10 virtual video device and exits without further comment

Updating from an ISO Image

The recommended work around is to install Windows 10 from an ISO image. You can obtain these at

http://www.microsoft.com/en-us/software-download/windows10ISO

This page describes the basic process and gives links for obtaining the proper 32 bit or 64 bit version. Having an Intel Core2 machine, I opted for the 64 bit version.

The scheme of things is as follows.

  1. Start the Windows virtual machine and sign in to the admin account (the first one added, not you working account)
  2. Download the ISO
  3. Copy or save it to a 8 GB or larger FAT32 thumb drive
  4. Open the iso
  5. Start setup.exe
  6. Review the license terms

The Win 10 License

The Windows 10 license has been a source of some controversy in the enthusiast press so I thought it would be a good Idea to review it. Highlights follow.

  • You must have a Windows license to run Win 10 on the hardware. You obtain a license by purchasing one with the hardware. If you home brewed, you need to have a license for Windows XP or newer and may be asked for the license key. If you purchased a built system from Dell, HP, Acer, etc the OEM will have included a license and license key with the machine. The key is usually on a sticker affixed to the case.
  • The license entitles you to install Windows on 1 computer or in one virtual machine.
  • The license allows you to make one backup copy whatever that is. Copy of the ISO image? It is silent on VM clones, etc. Don’t ask, don’t tell.
  • It recommends that you read the privacy policy which is separate.
  • It describes your rights to revert to an earlier version of Windows should you need to do so. This is largely left over from the bad taste of Vista days.
  • It describes the remote access policy (1 session every 90 days)
  • It describes the screen sharing policy (1 session at a time)

These terms are appropriate for a personal use machine that will be browsing, emailing, photo editing, etc. The privacy policies that have stirred some hate and discontent are separate from the license policy. I’ll cover those after installation when they can be examined and adjusted.

Continuing with the installation

After reviewing the license, I elected to continue with the installation. The installer proceeded as follows.

  1. Check for updates. It may take a few minutes and they are not kidding. Too bad you can’t review the license while the updater performs the check.
  2. Once the update check is complete, you are presented with a list of editions that you can install (Win 10 home for me) and the option to retain your user files. I selected both of these and let ‘er rip.
  3. Once all the installation media is updated, the installer replaces the kernel and core libraries and restarts.
  4. Next, it updates the applications libraries that come with the OS and will restart.
  5. This process takes a couple of hours (similar to an OS X update)
  6. To this point, I’ve not been asked to make choices or enter local data.

Once step 2 (installation launch) is complete, the installation appears to run unattended until the final reboot. I expect that the privacy policy and related options are on a per user basis so I’ll cover these when I talk about first user login.

My First Login

I have two accounts on the machine, the administrator account, cleverly called something else, and a user account which is also my Microsoft Id which look suspiciously like my Google ID. I logged into the administrator account first. This first login gave me the opportunity to personalize my settings for the new Edge browser, auto correct, WiFi auto-login, etc. I disabled a good bit of this stuff because it was not appropriate to a Mac Mini sitting at home running Win 10 in a Parallels virtual machine.

When I logged into the user account with my Microsoft ID I was not given the opportunity to make these settings. Apparently, they are supposed to be remembered across devices and are properties of my Microsoft ID.

Microsoft ID

A Microsoft ID is a single Email address associated with all of the Microsoft web services that you use much as Google ID and Apple ID are for those two companies. The following Microsoft knowledge base article is the root of the Windows 10 introduction tutorial. It’s actually pretty good at covering the basics and includes short videos that illustrate the use of the touch features.

http://windows.microsoft.com/en-us/windows-8/microsoft-account-tutorial

Performing Admin Tasks

Microsoft has moved all of the system administration stuff to new locations. In my limited experience, it is best to log out of the user account and into the admin account to perform administration tasks rather than switching from the user user to the admin user. When switching, all of the user environment processes remain active but their windows are not shown. These active processes can interfere with the management tasks.

 Those Pesky Preferences

Lifehacker describes those pesky privacy settings on this page.

http://lifehacker.com/what-windows-10s-privacy-nightmare-settings-actually-1722267229

Basically, Microsoft has chosen to do some things like URL auto-completion and URL suggestion centrally in your Microsoft ID support back at the mother ship. Some of these things are also integrated with Cortana. When you make a request to Cortana, she uses context kept at the mother ship to assist you with your inquiry. Using these features sends some information to Microsoft which it accumulates. The troublesome bit is that Microsoft “shares context with trusted partners” without telling you who those partners are or what the relationship is. Could the NSA ba a Microsoft partner? The FBI? Amazon? Your imagination is as good as mine.

Fortunately, most of them can be tuned down. The Lifehacker article tells you where these settings are and gives some guidelines for adjusting them.

Getting Started

Windows 10 has moved most of the process navigation into the Windows Pane, the Tiles Pane, and the Apps Pane which is below the Tiles Pane. They’ve kept the best of the old and borrowed from Apple’s Launch Pad. These new metaphors are an improvement over the old menu of menus of programs.

It all starts at the Windows icon

The home screen has a Windows icon in the lower left corner. Clicking this icon raises a the primary dialog. The lower left has an abbreviated traditional menu that opens the file manager, and a few other key items. Above that is a list of frequently used items. To the right an array of application tiles appears. The lower menu bar functions similar to the Mac OS X dock. Icons representing each active user process open here.

Get Started and Settings

Settings in the menu and Get Started in the most used list are the places to go to customize the user’s Windows 10 experience. The Get Started pane brings up an extensive table of tutorials including video that introduce you to Windows 10. These are very well organized and helpful. This replaces the butt ugly help and Clippy.

Privacy

Microsoft’s privacy statement is now in plain language. Settings -> Privacy has a number of pages that control each feature. Most feature clusters have a master switch plus application switches much like in IOS settings. The master switch enables the service for all. The app switches enable access to the service for individual programs that have registered for access to the service. It’s really clear. There’s just a lot of it so you can enable information sharing for selected preferred services and turn it off for the majority of applications on the machine.

Categories
Personal Computing

Making Good Passwords for the Rest of Us

Every week brings stories of a new software exploit or corporate data breach in which user names and passwords are stolen. Security “experts” are advising us to make ever longer and more complex softwoods and to use unique passwords for each site that we visit. Why is this good advice and how do we go about making good but usable passwords? And how do we remember them all? I’ll attempt to answer these questions in this article in a way that is accessible to my retired buddies and family.

Why a User Name

There are lots of reasons to have a user name and password at sites that you visit regularly. Some benefit you while others benefit the site operator in a way that allows them to continue to provide the site’s service to you.

  • The site can provide personalized service
  • Some services are provided only to authenticated users having a standing business relationship with the organization (like your bank)
  • The site accumulates information that allows it to provide better services to you.

Some of these things can be done with or without an E-mail address using your home’s IP address as a substitute. Without an account, the site has no way of knowing which of several users at an address is actually visiting: you, your spouse, your 13 year old son? Without a sign-in, the site has to make somewhat general decisions about what to show you.

Why a Unique Password?

A password is a secret shared between you and the web site. When the user name and password pair are unique to the site, successful presentation of the user name and the associated password verifies you to the site and the site to you. You’ve shared that particular secret with only one web site. You each know that the intended party is at the other end of the line.

If login fails, you may have miss-typed the URL. Double check the URL before doing missing password procedures. It is not uncommon for unscrupulous operators to attempt to collect user name and password pairs by impersonating a site on a common misspelling of the URL.

Why a “Complex” Password?

The primary reason to use a complex password is to avoid well-known passwords or passwords composed from information known about you that an impersonator can obtain. This basically prevents an unscrupulous unskilled individual from committing theft of service or tampering with your relationship with the various sites that you visit. It is not intended to protect you from an organized and systematic attack.

Intelligence agencies and criminal syndicates make sophisticated attacks to break into web sites. One thing they try is to use statistically common passwords like “password12”. And surprisingly, they can make all the mess-ups like “pa$$word12”, “pas$word12”, etc. Most sites attempt to protect accounts against password guessing using several techniques.

  • Limiting the number of failed log in attempts in a time period
  • Increasing the delay between log in opportunities
  • Locking the account and requiring use of lost password procedures which involve different shared secrets.

How Passwords are Stored

Reputable web sites do not store your password. Rather they store the results of operating on your user name and password and possibly some well-known (to the site, anyway) other stuff to compute a hashed value. The addition of other stuff is called salting the hash or just salt for short. A hash function is a function that maps a string of data into another pseudo-random string. It is easy to compute the hash but prohibitively expensive or impossible to retrieve the original string from the hash because the hash function makes a many to 1 mapping. The hash is useful because the inputs that map to a given output are wildly different. No recognizable variation of the input string will give the same result as the correct string .

As a result, Google can not tell you your G-mail password. Google only has the hash. It is likely that the hash input and hash algorithm are designed to give different results when a common password is used with multiple Google accounts. Compromise of one account does not imply compromise of other accounts. Others may not be so clever or careful as Google.

What is taken in a break-in?

In many break-ins, the attackers gain the password database which is basically a list of user names with their hashed passwords. Many sites, especially entertainment sites, use a well known authentication process. Each such site produces the same hashed value from your E-mail address and password.

It is common for attackers to sell lists of user name password hash pairs. Today it is possible to break the hash to recover the original password. In other cases, the password list is stored in the clear and lists of user names with passwords are also available. Availability of these lists allow others to compromise your account to steal from you or to impersonate you.

What do I do?

To limit the consequences of password compromise and to authenticate my bank and broker’s web sites, I do the following.

  1. I use unique passwords for each site
  2. I use a password manager to store all my passwords
  3. I use a password manager that syncs password data among computer, phone, and tablet
  4. I chose the password manager carefully.

Making Unique Passwords

It is hard to make up good passwords. Choosing words myself generally results in using words associated with me, my interests, or my experiences. They’re not really random. Same with numbers. They’re usually the last 4 of an ancient phone number.

Instead, I use dice ware to make good but easy to type passwords whose parts are chosen randomly. Dice ware is a word list used with a dice cup and 5 dice. Do use real dice as computer random number generators are “pseudo-random”. That is, started with a seed, the random number generator will always make the same sequence of numbers. Which is to say, that they’re not random, they only appear to be. You can’t guess the next one given this one but you can reset the seed and recreate the sequence.

For web sites, I use three rolls to pick two strings (usually words) and a number. Each roll has 6 to the 5th power outcomes that are independent so there are 6 to the 15th power outcomes. Two rolls select a word from the word list. The advantage of the dice ware technique is that two words and a number stick in short term memory long enough to allow them to be typed easily yet the search space is big and fairly random. And you will come to remember those you use frequently. And there is nothing about the passwords that suggests you are using dice ware to make them. The dice ware word lists are available for a number of languages in addition to English that use the Latin alphabet.

Most sites will hold a password made this way. The troublesome sites are those that have a high complexity requirement but short string length. It is difficult to produce easily remembered 8 character passwords that have 2 digits, 2 punctuation, and one or more caps. You’re down to 4 letter words or going random. Also troublesome are sites that don’t tell you the maximum password length. These sites are truncating your password so the numbers, caps and special characters can be lost if they’re near the end.

Remembering 200 Passwords

I can’t do it. I don’t think computer security expert and ace cryptographer Bruce Schneirer can do it. So I use the OS X/IOS built in password manager and commercial product 1Password. The built in pass word manager works in the web browser and stores passwords in the OS X key chain. It can also store your SSH keys (for geeks) as of Mavericks and is synchronized via iCloud as of IOS 7.

I keep everything in 1Password also because I can use 1Password to keep track of security questions and responses and other information about the site and my relationship with the site that Key Chain will not store. As of IOS 8, applications will be able to ask 1Password for data. Agile Bits explains this interface and the actions they’ve taken to prevent misuse in their blog.

1Password never gives anything up without you authenticating using your 1Password master pass phrase. I have a good one that I can remember that I made using Dice Ware. It is guess proof.

The folks at 1Password understand cryptography and know how to build secure cryptographic applications. All 1Password data is protected using AES256 encryption and care is taken that the plain text and cypher text are not left lying around in memory.

Categories
Personal Computing Retired Live Web hacking

Second Life, Web Hacking Edition

To keep busy, I’ve been doing web sites for two non-profits, my church and the local Road Scholar Lifetime Learning Institute Network affiliate sponsored by Old Dominion University.  Both web sites were in need of updates for the brave new world of iPhone and iPad. Neither site was responsive and both had become disorganized as the sponsor’s activities grew in scale and complexity.

Categories
Personal Computing

New Life for an Old (early 2009) Mac Mini

My beloved Oswald (named after Nick’s grand sire) was getting as slow as his deceased name sake. The internal disk was failing, boot and shutdown times were long, and the machine was getting unstable. Time for a new iMac? Being a retired moocher, the thought of parting with $2500 while totally out of pocket was a bit unsettling. What could I do with an overhaul?

The Symptoms

The machine’s symptoms were

  • Dying in its sleep. I’d find the forbidden icon up on a gray background
  • Slow to log in
  • Slow to log out
  • Programs like Aperture ran slowly
  • Machine was not CPU bound
  • Machine was not swapping
  • Disk I/O looked reasonable. Most things read, modify in memory, then write.

Initial Investigation

  1. Review syslog using Console.app. Nothing scary. No panics called, no device errors for disks mentioned.
  2. Reinstall Mavericks. This helped for a while
  3. Check /Library/LaunchAgents and /Library/LaunchDaemons. They were full of crap from 12 years of Mac OS X updates and retired software. Clean these out.
  4. Do a general clean up using Clean My Mac 2. Remove broken startup items and broken preferences. There were some.
  5. Run About This Mac and check the kernel extensions. I found some from PPC days and the OS was actually trying to load one.
  6. Check and remove all KEXT’s older than Intel only OS X, say 2009. Remove all that were PPC only.

At this point the machine was somewhat improved. At least log in and log out were moving nicely. But the machine died in its sleep a week later.

On to Hardware

Now that the system was cleaned up, was the hardware old, ailing, or failing? Time for a visit to the Genius Bar.

I took the machine and power supply to the local Genius Bar at the MacArthur Mall Apple Store. After a few minutes to review the symptoms and my corrective actions, the Genius rounded up a monitor and keyboard and began a quick inspection. Once complete, he recommended running diagnostics. The disk phase quickly found a failing Hitachi Death Star disk. Apple could only put a disk like the original back in. Apple business rules did not allow Apple to make an alteration equivalent to repair. So I elected to reinstall Mavericks at the Genius Bar and restore the disk from Time Machine upon my return home.

On the way out, I launched a few things on the Mac Pro. Blinding fast. What’s in that sucker? About this Mac found a 256 GB SSD. Ah Ha! What can I do?

Alternative Courses of Action

While Time Machine was chugging, about 8 hours for 1/4 TB to restore, I did some research.

  • How hard was it to replace a disk? Not very.
  • How hard was it to reinstall and restore? Been there, done that, got the tee shirt!
  • Could I increase the memory? Yes, from 4 GB to 8 GB if the last firmware update had been installed. It was.
  • Could I put an SSD in? Yes.
  • Whose SSD?

SSD Selection

After some reading, I concluded that Samsung and Crucial were the go-to SSD suppliers. Both made their own flash and Samsung made its own controllers. Crucial was using recent Marvel controllers that were well regarded.

Could I get the memory and SSD from the same source? Maybe. Who?

  • Amazon did not have a good memory advisor AI so I ruled them out.
  • Samsung did not have a good memory advisor so I ruled them out.
  • Tiger Direct and NewEgg? They did not have Mac savvy memory  advisors so I ruled them out.
  • Crucial has supplied memory upgrades in the past and had a good Mac memory advisor. Did they also have a good SSD? The consensus of Ars, Toms’s Hardware, and AnandTech was that Crucial’s M550 was in the hunt.

So, I ordered 8 GB of expansion memory, and a 512 GB M550 laptop form factor eSATA 3 SSD. The SSD included a 9 MM spacer that would be needed in the Mac Mini. I also ordered Crucial’s Apple tools which included a spudger and small screw drivers.

Installation

Crucial was a bit back ordered so it was 10 days waiting for parts to come. Oswald took another header so I put an OS image on my media Drobo Gen2 to limp along while waiting for parts.

Parts arrived in Tuesday’s evening UPS run so I elected wisely to do the installation Wednesday morning.

 

  1. Are you satisfied with your backup? No. Run Time Machine and be sure things are up to date. They weren’t so I kicked that off around noon on Tuesday. Note which TM volume of three had the fresh backup.
  2. TM1 was mounted read only. Why? Run  Disk Utility to repair the disk. Nothing was wrong but it was 12 hours to find that out. Better safe than sorry.
  3. Does a recovery partition boot and run? Yes, from thumb drive made using the recovery disk tool from the App store, and also the recovery partition on the external media disk.
  4. Clean up and draw file an edge on a putty knife as described at iFixit.
  5. Do a normal shutdown before breakfast on Wednesday.
  6. After breakfast do the replacement following OWC’s 2009 Mac Mini disk replacement video.

OWC advises that the replacement is easy but not so easy. As to be expected, I found out why.

  • Getting the old disk out and the new one in looks easy when you watch an experienced tech do it. In practice, there are some sticky bits
  • Getting the drive tabs into the riser socket is tricky because there are no guides for the drive body. But it can be done with patience.
  • Getting the drive carrier tab into the mother board connector is a bit tricky. It took me 3 tries.
  • Seating the ribbon cable on the disk connector is a bit tricky. It needs a good push.
  • Replacing the memory was trivial. No skinned knuckles like desk top memory transplanting produces.

Once all was back together (well, almost all, one screw went missing), I fired the machine up. No happy chord. I let the machine boot. No internal disk. Three checks to find all the stuff mentioned above. Then the lost chord was back.

System Installation

Mac OS X installation goes like this.

  1. Start from the thumb drive (Alt/Opt down while booting until the drop down box shows).
  2. Start disk utility and partition the SSD. One 64GB Win81 partition and the balance to OS X HFS+ Journaled. ESPlanner brought the camel into the tent. Frown!
  3. Connect the Time Machine Drobo and restore the system disk from Time Machine. This took 8 hours for 1/4 TB of data.
  4. When Time Machine completes, the machine restarts.
  5. Complete the setup wizard.

Other than being agonizingly slow, the whole process was without drama. Only a bit of futzing around to get connectors seated.

The Results

For $500 and a day of BS&T, I have a new machine that is quick to boot, quick to log in, and pleasant to use. Even Aperture launch and Aperture import, both painful, are reasonably quick. This without making a working Aperture library on the SSD. Aperture is quick enough that there is no need to make a working library in addition to the archival library on the Drobo. Even image correction, which was slow before, is reasonably quick. Here’s why.

  • 4GB of memory was too little although nothing appeared to be swapped. My normal workload shows about 4.5 GB of App memory so stuff that was paging is no longer paging.
  • There is about 3GB of buffer cache. Enough said.
  • The SSD eliminates seek latency and rotational latency. Apps load much more quickly because they page in without mechanical waits.

Why the slow logins?

Just what were those LaunchAgents and LaunchDaemons? Would  you believe

  • A Google daemon to enhance the user experience?
  • An Adobe daemon to find the latest screwed up version of Flash?
  • An Oracle daemon to find the latest Java vulnerabilities?

Any or all of these were ill behaved. They’re worm food now. And the machine is happy. And Google’s helper is not missed.

Categories
Personal Computing

New Windows, SOS

Retired life is a zero sum game for now. For the first five years, I’ve chosen to live completely out of pocket by delaying the start of Social Security payments until age 70. To keep my retirement finances on track, I use ESPlanner to estimate my annual discretionary spending, See Finance to track expenses, and TurboTax to do my income taxes.

ESPlanner is a Windows program and I keep a Windows Free Household. Well, something had to give and I let the Windows camel into the tent but keep it in a corral using Parallels Desktop. This article describes my initial experiences with Parallels Desktop and Windows 8. Windows 8 is not your father’s Windows but it is awfully familiar in all the bad old ways.

Parallels Desktop

Parallels Desktop is a low administration version of the Parallels virtualization product designed for use by mere end users like me. Although I’ve been in the industry for over 30 years, I consider myself an end user when it comes to virtual machines and products so Parallels Desktop is my kind of product.

Terminology

Guest      An operating system running in a Parallels Desktop virtual machine

Host        The operating system running directly on the hardware, in this case, OS X.

Hypervisor            The part of Parallels Desktop that mediates between the guest operating system and the underlying hardware.

Virtual Machine     A simulated computer provided by Parallels Desktop using the Intel virtual machine facilities.

Installation

Parallels Desktop installs from a down loaded disk image. The retail box gets you a license key that you enter once installation is complete. The installation process is the one Mac OS X users know well. Just run the installer, let it verify that the host environment satisfies the preconditions, and then do the install. The product installs as a normal application bundle into /Applications. No surprises here.

Gest Installation

Parallel’s guest installation is straight forward. Parallels Desktop walks you through creating a virtual disk, starting the virtual machine, and loading and starting the Windows 8.1 installer. From there, it is the Windows installation experience  you know and love. Walk through the installation wizard answering its questions, let her rip, let the VM restart, and let Windows get itself caught up to date. As you remember, Windows will do an update download and a mandatory restart. That mandatory restart can be put off a couple of times but sooner or later, Windows 8 will insist on restarting. Might as well save yourself pain and get it over with.

Windows 8.1

When you are shopping for Windows, do pay extra for the standard Home Edition new system version. This version is somewhat more permissive in that it will allow you to make installations on a small number of virgin disks on the local subnet without requiring an earlier product to be present.

The System Builder edition lets you make one installation. Subsequent installations require contacting Microsoft to have them deauthorize the earlier versions. System Builder considers an installation to be subsequent if any part of the hardware has changed including the disk. Based on my reading, if you mess up a virtual machine, it’s likely you will need to call Microsoft and ask mother, may I to create a new instance of Windows. 

So, if you are an infrequent Microsoft customer, go to Best Buy or some such and confirm that you’re buying the correct version. And for their help, give them some love. You’ll probably not find the home/family version at Amazon or NewEgg. (I couldn’t but then again, Microsoft product jargon is mind numbing).

Remember the classic Steve Jobs jab, “Home Edition, 29.95. Business Edition, 29.95, Galactic Edition, 29.95”

Windows first impressions

Windows 8 is better than its predecessors in many ways.

  • The stack is execute disabled — this closes many buffer overflow attacks.
  • The heap is execute disabled — this closes many buffer overflow attacks.
  • Things work correctly for users that are not the administrator.

But Windows 8 hides many things. The UI has been reorganized around touch screens and touch gestures. Some touch gestures have mouse equivalents but they are not thought out in the same way as in OS X. And Windows is unclear about which gestures are mouse and touch screen and which are touch screen only. And it fails to explain the mousing technique for most mouse gestures. You just have to futz around until something useful happens.

Summoning the charms

One particularly frustrating thing in Parallels Desktop is summoning the Charrs. The charms are UI dingbats that let you search, see the list of programs like Launch Pad, and do some other common actions. Moving the mouse to the upper right corner is supposed to make them appear. Unfortunately, OS X gets first dibs on mouse events and the charms don’t appear.

The administrator user

The installer gives administrator rights to the first user created. As with earlier versions of Windows, the user holds these rights continually but unlike XP, the various system administration operations will ask for confirmation. On first launch of a downloaded image, Windows will ask if you really want to run this random thing from childporn.xxx. So it is a bit harder for things to be installed behind your back. But I don’t trust Redmond to get it right.

Just a user user

So the first thing I did after all the initial updating and restarting was over was to create a second user dave with regular user rights for every day use. This gives me another layer of insulation from acts of malware. Before performing administrative actions, Windows will tell me that I’ve initiated an administrative action and will ask for the administrator password. Not as elegant as sudo but an improvement over XP. So you give the admin password and you will be asked for additional confirmations for each admin action. So it is harder to be had than in the past.

Should something sneak by, running as dave prevents a process from touching the system files. Important system files are writable only by the administrative user so a process holding user id dave can’t alter them or install executables in Program Files, etc. Just a bit safer.

Active X

I guess Active X is still around and but less able to commit mayhem. Any Active X widget will be running as user dave with dave’s object access rights. Any Active X thing asking for administrator rights will be outed and I can kill it with extreme prejudice.

As a rule, I do everything I can in OS X where Apple and BSD sandboxing are in effect. The BSD Jails are pretty effective at keeping things out of mischief and I have OS X set up only to run signed executables built by developers who have purchased signing keys from Apple. This stops a lot of malware but $100 is chump change for a pro black hat. But, get caught and Apple kills your keys.

I don’t know if Microsoft is doing the same with signing of images, but the new versions are much more robust than the prior Microsoft art. The attack surface is still pretty large so Parallels Desktop provides another layer of containment. But Parallels can be exploited. Again, keep the attack surface small. I’m pretty much keeping this Windows instance stock.

Parallels Tools

Parallels Tools allow the guest to create native windows and to see a chroot subset of the file system. Once a guest process is launched, you can pretty much ignore the guest and interact with the user process in a regular Aqua window. And keep the data in the shared file system branch where the files are visible to Time Machine for backup.

Unfortunately, there is no Parallels Tool to summon the charms.