Audio Personal Computing

nVidia Shield TV First Impressions

A few days ago, I wrote about setting up an nVidia Sheild TV set top box and configuring Plex Media Server on it. Now that I’ve had a chance to live with it for a few days, I thought it would be appropriate to share my first impressions of this piece of kit.

Left to right: game controller, media player remote control, pedestal and computer.
nVidia Sheild Android TV Components

Why nVidia Shield?

  • It runs Plex Server! It’s that simple.
  • And it is the most expansive walled garden.
  • And it is hackable with nVidia folk spilling the beans on the nVidia Shield developer forums
  • It is cheap enough to buy one to experiment on.
  • It is capable enough to use for other appliance tasks about the Moocher’s cave.
Audio Personal Computing Video

New Kid On the Block

For some time I’ve been wanting to move media serving off of my Mac Mini because the design of the available servers requires the machine to be running and logged in which vastly increases its attack surface. I’d been looking for a number of alternatives, particularly one that was energy efficient, had a low footprint, and would be doing what it was designed to do. nVidia came to the rescue about a year ago with nVidia Shield TV, an Android TV. So I’ve allowed the Android camel into my tent.


  1. retrieved 2 December 2017.

Before you buy

Do two things. First, read the fine manual at [1]. Go through the FAQS at [2]. I didn’t include any video links as most are long on talk and low on information density. The links above will take you to the setup screens so you can review them.

You will need internet service. Shield has both WiFi and Ethernet interfaces built in. Both work well. If you have Ethernet available in your media cabinet, wired service works well. Shield just knows what to do. A wired interface speeds firmware updates. WiFi is adequate for media playback.

What’s in the box?

nVidia Shield TV System Components

The base kit consists of a game controller (left) and the Shield machine (right but just the fin part). The nice aluminum base and the nice aluminum Android TV remote are optional extras. The kit also includes a power adapter, HDMI cable, and USB cable for recharging controllers and remotes. And there is a quick start guide and all the warranty and compliance statements.

Personal Computing

Oh no, Mr. Bill

Yesterday while I was writing my holiday letter, I was also sorting out, or trying to sort out a Win 10 virtual machine that went wobbly. The symptoms were that it was very slow, the start menu had gone missing, Edge had gone missing, etc.

The Moocher uses Win 10 to run ESplanner, a financial planning tool that evaluates your assets and recommends future spending to maintain purchasing power and stretch assets until estate time. This program is currently Windows only and is not friendly in Linux Wine and other simulated environments. Most MacOS users run a copy of Windows in a Parallels virtual machine.

Why Parallels and not Virtual Box

In the past, the Moocher has attempted to run Windows guests in Linux hosted Virtual Box environments. These mostly worked but JSAF development would typically eat the machine with topography database, computation, and network traffic. Virtual Box worked and the price was Navy approved.

But it was not well integrated with the OS. Parallels is. In addition to providing a virtual machine environment, Parallels provides file sharing, cut and paste between environments, and allows MacOS apps to work with Windows documents. The experience is pretty seamless and Parallels carefully designs the VM to integrate with MacOS in a way that keeps Windows in its jail. The only real difficulties I’ve incurred are in doing keyboard spells to cause Windows to start in safe mode, etc. This is not a VM launch option and hand keying of the spell is difficult.

Personal Computing Photography

Adobe CC Lightroom with iTHings


Those of you who follow me on Facebook and Twitter know that I take a lot of snapshots with my iPhone or iPad and that some of them actually look good. The tools I use with my phone are Apple Photos for quick hacks and Adobe Lightroom CC for more thoughtful work. One problem with this arrangement was that I had to manually manage two photo archives, one in Photos and one in Lightroom. Recently, I learned how to get my Lightroom environment to behave like an Apple Photos environment. That’s what this article is about.


This article is summarizes information from two references that I used to get my environment initialized. Reference 1 gives much more detailed descriptions of the process than this CLiff’s Note does.

  1., Photos Everywhere with Lightroom CC and Apple Photos, retrieved 10/25/2016.
  2., How to get started with Lightroom Mobile, retrieved 10/25/2016.
  3., How to Edit and Organize Photos Mobile to Desktop, retrieved 10/25/2016.

What you need

In writing this article, I have the following kit. Other phones and cameras capable of running Lightroom Mobile work equally well.

  • An Adobe Creative Cloud photography subscription for $10/month
  • An Apple iPhone 6+
  • An Apple iPad Pro 13 inch
  • Adobe Lightroom mobile on both.

It is also a good idea to install Camera Raw, especially if you have a real camera (one you look through to compose images). And now for iPhone and iPad which make Apple raw format available.

The next two sections describe some configuration preliminaries in Lightroom and Lightroom Mobile. The secret sauce is to subscribe to Creative Cloud and log the devices in. Then create a CC collection for each device that will automatically receive new photos taken by the device’s camera. This happens in the camera itself and is independent of the GUI used to operate the camera. Photos taken with either the Apple Camera UI and the Lightroom Mobile camera UI will be queued and saved to Creative Cloud.

Setting up Lightroom Creative Cloud

I have a monthly subscription to Photoshop Creative Cloud. This subscription allows me to use Photoshop and Photoshop Lightroom, and Creative Cloud. Creative Cloud is Adobe’s network storage environment that allows devices to share a library of image assets across hardware platforms. The basic subscription includes enough storage to get started. As your collection grows, you can add more storage.

Once you have purchased your subscription, follow Adobe’s instructions for installing Photoshop Lightroom. Go to the preferences menu and enable Lightroom Mobile.

Setting up Lightroom Mobile

Install Lightroom Mobile on your phone or table using the platform preferred source: for Apple iThings, the App Store and for Android things, the Google Play store. Android people, remember that it is a dangerous world out there, Play Store only.

Once through the initial screens you will enable creative cloud.

  1. Tap the LR logo to bring up the dialog
  2. Set Sync only over WiFi as you desire (recommended)
  3. Set Auto Add Photos to on
  4. Set Auto Add Videos to on
  5. Set Collect Usage Data as you desire

Once these settings have been made, create an auto add collection for the device.

  1. Open the organize view
  2. Tap + to open the Create Collection dialog
  3. Create and name a collection.
  4. Once the collection is present, tap the collection’s … icon to open its settings form
  5. Enable auto add

Work Flow

My two collections are  iPhone photos and iPad photos. Both collections appear in Lightroom Mobile on my iPhone and my iPad and in desktop Lightroom CC. Lightroom CC groups them under Collection From Lr Mobile.

  1. Take photos with the Apple camera
  2. Open Lr Mobile and let it sit. It will import new photos from the camera roll and push them to your CC account.
  3. Open Lr and let it sit. After a bit, it will sync with your CC account.
  4. Edit your new work in the normal Lightroom CC way.
  5. After a bit, your edited images will appear on your devices.

Creative Cloud App

Adobe Creative Cloud also includes a manager program that provides the following services.

  • Checks for and alerts you to updates
  • Shows which programs your subscription allows you to use
  • Lets you monitor your storage usage
  • Lets you maintain your CC credentials.

Adobe has designed CC app to launch at log in and periodically do its checks. It has a status bar widget that lets you wake it from standby to install updates or download additional products from your entitlement when you find a need for them or to try additional Creative Cloud products. The trial collection gives you access to all of the video and still image tools, prepress tools, and web tools.

The Catch

The $10/month plan entitles you to 2 GB of online storage. Reference 1 explains how the 2 GB is used as follows

Adobe’s Creative Cloud includes just 2 GB of storage with the Photography plan for $9.99 per month, but there’s a twist: that 2 GB is dedicated to storing files in Creative Cloud that are shared with other CC applications. Photos you sync via Lightroom mobile do not count against your CC storage allotment, because they’re stored as much smaller DNG files and therefore don’t take up as much space; I’m guessing the amount is negligible to Adobe. However, keep in mind that you need to pay for a Creative Cloud subscription simply to use Lightroom mobile in the first place.

Personal Computing

A kind word for Microsoft

As you know, I’m a Mac, not a PC but recently, an Ars article about Microsoft Visual Studio Code caught my eye. I dropped by the Visual Studio Code website and downloaded a copy. Much to my amazement, I like it.

My work mates know that Emacs is my idea of an integrated development environment. But Mac Emacs ports are clunky. You either have to bring over all the MacPorts goodness or do with one of several adaptations of Emacs to the Mac Aqua UI toolkit. Making the switch between Linux genuine Emacs and Mac Emacs never worked for me.

Every time I tried to get started with Xcode, it was always too much trouble for some quick scripting or most anything else. Xcode really wanted to make Mac OS or IOS graphical applications in the genuine Mac way. Anything else was just too hard to figure out

So I was pleased to see that there was an alternative IDE that was not heavyweight like Xcode or Eclipse (Java — exploit rich Java). So I downloaded Visual Studio Code to give it a try.

Why would a moocher want VS Code?

I’m ODU Institute for Learning in Retirement (a Tidewater VA senior’s club) communications and technology committee chairman. Steady growth of the club over 25 years has forced us to replace our legacy single user office automation (Access homebrew DB app) with a multi-user online professional service.

In making this switch, we have to import 600+ member records from our legacy system into our objective system. The mechanism for doing this is to transfer the data to a MS Excel workbook that our vendor will subject to some script foo to cause our data to appear in our corner of his system.

The easiest way to do the transfer was to create a view containing the records we needed to move, sort the view to make record addition easy, and export the view to a CSV file that we could open in Excel. The trick was that the new system had accounts with contacts, field names changed, some fields like phone numbers had to be correctly formatted and the area code added, etc. So somebody needed to write a record swabbing script. That somebody was the CTC chair since staff couldn’t do it and I was the only programmer volunteer in the club.

Initial Experiences

VS Code downloaded without fuss and runs without fuss. It appears identical in both Windows 10 and Mac OS X. My time is in Mac OS X since I have the Xcode environment in place, git is there, python 2.7 is there and everything is ready to go.

In the past, IDE’s have been too heavy weight to use in a project of this nature. I’d always made do with Emacs, GDB, and Make. This is the first time I’ve successfully used an IDE for a simple scripting project. It’s also my first Mac Python project but the experience is very much like working with the language n Linux Emacs using PDB in an Emacs shell window. Very comfortable to old moochers.

Getting Started on a New Project

Most reviews, tutorials, etc assume that you will be checking out from an existing repository, making a task branch, making some mods, testing, and merging your task branch back into the sprint branch. I was starting with blank disk space so a little preliminary spell-casting was needed.

  1. Create the project directory
  2. Create a git repository root in the project directory
  3. Start VS code and open the repository root
  4. Add your code file
  5. Add code
  6. Test, edit, test, until you feel you have something worth committing.
  7. Commit.
  8. Resume work.

Language Support

VS Code requires  extensions to become smart about the language (syntax coloring, library functions, compilers and interpreters, running, debuggers and debugging, etc. A built in view makes it easy to locate the modules you need and load them. MS offers a number of contributed Python environments. Each has a peer rating, description, capabilities description etc. It is generally pretty easy to pick the extensions you need. If you are working in a Mac OS compiled environment, you’ll need a debugger interface for either GDB or the LLVM debugger in addition to the language extensions.

Once you’ve loaded all of the needed extensions, restarting VS Code makes them available.

Running Python

So far, I’ve done all my running in the debugger. One oversight of the Python module is that it does not provide a natural way of passing start options to a program. Instead, one creates a running environment by writing some JSON code in a specified format. If you’re not JSON literate, what’s needed is not intuitive. I ended up hard coding the input and output file names in main() to avoid the need to mess with this environment file.

The Visual Debugger

The visual debugger is typical of the breed. It has a code pane, a shell output pane, and to the left, panes for the call stack, watchpoints, active local variables, and function parameters. These last two show the current values of the data passed in the call frame and the locals in the current stack frame. Expanders open structured values to allow inspection of structure members or class attributes.

The code window shows where execution stopped. The left margin has line hot spots used to insert breakpoints. When stopped, mouse hover over a local causes the value to appear in a popup overlay. A button bar at the top of the debugging pane contains a left run button for starting the build/run cycle. A second run button starts execution. Additional buttons step into, step out of, and step to next line. A pause button stops a long running program. A stop button terminates the run. All pretty standard stuff. Button icons are clear but tool tips back up the glyphs on the buttons.

Build Model

I’m not clear on the build model. I believe adding a code file adds it to the build. My only experience so far is with 300 lines of Python in a single file.

Source Code Control

VS Code provides a git view that shows the source directory structure, each file in the directory (as filtered by .gitignore), and the clean/dirty status of the file. A badge shows the number of dirty files in the directory. Controls let you add and remove files from the commit list and make the commit. A text pane provides a place for the check in message. I’ve not had to revert to a prior version so I can’t comment on the tools for doing so. If a file has not been commited, it can easily be reverted to the most recent commit. I’ve yet to have to revert a committed change.


Personal Computing


For some years, Ive been looking for an alternative Email client for the Apple Universe. I’ve finally found one I like. Most alternative clients worked only with Gmail. This one works with iCloud, Yahoo, Microsoft, and other popular mail services that support POP, IMAP, or ActiveSync.


I bought the program for the princely sum of $10 on the App Store. It launched and configured without issue.

I have 2 step authentication enabled on most accounts so I had to do the following extra stuff.

  • Create an iCloud App Password
  • Do Apple 2 step authentication
  • Do Google 2 step authentication
  • Add the first account at startup
  • Add the additional accounts from Preferences (like Apple Mail)

This took a little fumbling around but Google found the appropriate instructions at Apple Support quickly and all worked as advertised.

Reading Mail

Once my accounts were set up, I could read my mail in a unified inbox or check each account inbox. Articles can be archived, deleted, snoozed, starred, etc. I never really warmed to the Google Inbox idea of using an AI to sort Email into the those likely needing action, those that were informational, and those that were adverts, etc.

The reader interface is modern, easy to figure out after using the traditional Apple and Gmail interfaces, and it was easy to review and clear new mail.

The program silently imported my Apple Contacts, Apple Calendar, and Apple mail archive. Everything was there and indexed. Many products ignored the existing mail archive and started a new one. It is a pleasure to see that Airmail uses the existing MacOS mail archive.

Writing A Message

The Airmail composer is a joy to use compared to Apple Mail compose window. In Apple mail, I always disliked the start as plain, switch to html, and difficulty with bold, italic, and lists, particularly terminating a list. Airmail’s composer has solved all these issues.


Personal Computing

Colicky iPad

I dropped it once too often. Black tape holds the glass bits in at the border. And it is getting colicky, generally by becoming unresponsive at odd times. I’m trying to hold out until the Fall to replace the critter because Apple will freshen the product line some time in October. This offers a couple of advantages: I can get the newest product or I can pick up the 2014 iPad at a discount. Either is attractive as the current one is an iPad 2 32 bit only machine. Eventually, Apple will loose interest in making IOS updates for this older 32 bit hardware.

What I’ve tried

  1. Back up to iTunes
  2. Weed media (magazines and book)
  3. Multiple restarts along the way until the storage summary looked good in iTunes
  4. Yet another backup
  5. IOS restore


I working on two.

  • It just needs a good weeding and software restore.
  • One too many encounters with the hard has addled its brains (cracked trace or surface mount bond)

Maybe I can send it off to Cousin Kory for baking. I hope it just needs an IOS restore and app reload to make it good. We’ll see.

Personal Computing

Windows 10 in Parallels 10

Boy, the Windows World is different than the Mac OS X world. When Apple rolls out an OS X major update, it just works. The image downloads, the installer runs, and it works as advertised. And the OS X reviewers say useful things about it. The Windows universe is not quite as polished but Microsoft has made steady improvement with Windows 7, 8, and now 10. The technical toy press treats the Windows 10 roll out as “ho hum, yet another WIndows” kind of like “yet another Republican presidential candidate.” And the technical toy press is looking for clicks so most of the articles have scary leads for things that are not that bad. Is Windows 10 good enough to ditch my Mac? No. Is it good enough that I won’t mind cranking up Windows to run ESplanner? Yes. And I may even turn off convergence mode.

Convergence mode is a Parallels trick that lets Parallels make Windows files and Windows program shortcuts available on the desktop, in the dock, and in the Finder. Turn on convergence, click an icon, and the Windows application window appears in the OS X universe. Except to log in and log out, there is no need ever to look at Windows desktop. A nice feature but one that is nowhere near as necessary as it was a few releases ago when Windows was ugly. Windows 10 is well thought out, not a muddle of mouse and touch, and the new colors, dialogs, and features are easy on the eye and recognize that Windows is part of a larger universe of computing rather than the walled garden from MSDOS to Windows 7.

This article started out as a quick note but given the poor quality description of the installation experience out there, I decided to write a long form post for my peeps. Most of you change Windows versions when you decide to change computers. Most do this when the disk becomes colicky or one too many dodgy websites was visited and the machine became infested with adware or other user experience enhancements.

Why Upgrade?

Windows 7, 8, and 10 are the best Windows yet. As David Pogue explained in his reviews and in WIndows 8, the Missing Manual, Windows 8 is the two greatest versions of Windows yet. Windows 8 was an attempt to support both a mouse UI and a touch UI in a single operating system. Apple chose not to do this and carefully keeps OS X and IOS separate. In reality, they share a kernel and many enabling technology libraries but each has its own unique user interface library. Apple did this to ensure that applications would not have a mixed metaphor user interface. OS X applications are mouse only. IOS applications are touch only.

Because Microsoft tried to make one OS to rule them all, it got into trouble by mixing its metaphors. Some actions are mouse only, some are touch only, but many have both touch gestures and mouse gesture access. The catch is that it is difficult for the user to recognize which are which. Win 8 takes the OS X task bar and turns it into a task screen of Tiles. Tiles allow you to launch applications. Once an app is launched, the app can change the tile to show what the app is currently doing.

A charm bar on the right allows access to many Win 8 functions. To summon the charms, move the mouse to the upper right corner of the display and it will appear. Alternately, touching the upper right corner will summon the charms bar.

Windows 10 fixes the touch interface and mouse interface gaps. It also brings back the start menu to the bottom toolbar of each screen. Those folks I’ve spoken with also report that startup is faster, login is faster, and use is crisper and more intuitive than in Win 8.

The Buzz

I can’t find any. When OS X ships, Ars Technica has a major review of a hundred paragraphs or so. No interest anywhere to be found about Windows 10.

The Updater

Burried in the tool tray is an icon to download Windows 10. Click it. A process opens, thinks a bit, and reports that the VM’s display does not support Windows 10. This blows chunks in Parallels. The updater does not approve of the Parallels 10 virtual video device and exits without further comment

Updating from an ISO Image

The recommended work around is to install Windows 10 from an ISO image. You can obtain these at

This page describes the basic process and gives links for obtaining the proper 32 bit or 64 bit version. Having an Intel Core2 machine, I opted for the 64 bit version.

The scheme of things is as follows.

  1. Start the Windows virtual machine and sign in to the admin account (the first one added, not you working account)
  2. Download the ISO
  3. Copy or save it to a 8 GB or larger FAT32 thumb drive
  4. Open the iso
  5. Start setup.exe
  6. Review the license terms

The Win 10 License

The Windows 10 license has been a source of some controversy in the enthusiast press so I thought it would be a good Idea to review it. Highlights follow.

  • You must have a Windows license to run Win 10 on the hardware. You obtain a license by purchasing one with the hardware. If you home brewed, you need to have a license for Windows XP or newer and may be asked for the license key. If you purchased a built system from Dell, HP, Acer, etc the OEM will have included a license and license key with the machine. The key is usually on a sticker affixed to the case.
  • The license entitles you to install Windows on 1 computer or in one virtual machine.
  • The license allows you to make one backup copy whatever that is. Copy of the ISO image? It is silent on VM clones, etc. Don’t ask, don’t tell.
  • It recommends that you read the privacy policy which is separate.
  • It describes your rights to revert to an earlier version of Windows should you need to do so. This is largely left over from the bad taste of Vista days.
  • It describes the remote access policy (1 session every 90 days)
  • It describes the screen sharing policy (1 session at a time)

These terms are appropriate for a personal use machine that will be browsing, emailing, photo editing, etc. The privacy policies that have stirred some hate and discontent are separate from the license policy. I’ll cover those after installation when they can be examined and adjusted.

Continuing with the installation

After reviewing the license, I elected to continue with the installation. The installer proceeded as follows.

  1. Check for updates. It may take a few minutes and they are not kidding. Too bad you can’t review the license while the updater performs the check.
  2. Once the update check is complete, you are presented with a list of editions that you can install (Win 10 home for me) and the option to retain your user files. I selected both of these and let ‘er rip.
  3. Once all the installation media is updated, the installer replaces the kernel and core libraries and restarts.
  4. Next, it updates the applications libraries that come with the OS and will restart.
  5. This process takes a couple of hours (similar to an OS X update)
  6. To this point, I’ve not been asked to make choices or enter local data.

Once step 2 (installation launch) is complete, the installation appears to run unattended until the final reboot. I expect that the privacy policy and related options are on a per user basis so I’ll cover these when I talk about first user login.

My First Login

I have two accounts on the machine, the administrator account, cleverly called something else, and a user account which is also my Microsoft Id which look suspiciously like my Google ID. I logged into the administrator account first. This first login gave me the opportunity to personalize my settings for the new Edge browser, auto correct, WiFi auto-login, etc. I disabled a good bit of this stuff because it was not appropriate to a Mac Mini sitting at home running Win 10 in a Parallels virtual machine.

When I logged into the user account with my Microsoft ID I was not given the opportunity to make these settings. Apparently, they are supposed to be remembered across devices and are properties of my Microsoft ID.

Microsoft ID

A Microsoft ID is a single Email address associated with all of the Microsoft web services that you use much as Google ID and Apple ID are for those two companies. The following Microsoft knowledge base article is the root of the Windows 10 introduction tutorial. It’s actually pretty good at covering the basics and includes short videos that illustrate the use of the touch features.

Performing Admin Tasks

Microsoft has moved all of the system administration stuff to new locations. In my limited experience, it is best to log out of the user account and into the admin account to perform administration tasks rather than switching from the user user to the admin user. When switching, all of the user environment processes remain active but their windows are not shown. These active processes can interfere with the management tasks.

 Those Pesky Preferences

Lifehacker describes those pesky privacy settings on this page.

Basically, Microsoft has chosen to do some things like URL auto-completion and URL suggestion centrally in your Microsoft ID support back at the mother ship. Some of these things are also integrated with Cortana. When you make a request to Cortana, she uses context kept at the mother ship to assist you with your inquiry. Using these features sends some information to Microsoft which it accumulates. The troublesome bit is that Microsoft “shares context with trusted partners” without telling you who those partners are or what the relationship is. Could the NSA ba a Microsoft partner? The FBI? Amazon? Your imagination is as good as mine.

Fortunately, most of them can be tuned down. The Lifehacker article tells you where these settings are and gives some guidelines for adjusting them.

Getting Started

Windows 10 has moved most of the process navigation into the Windows Pane, the Tiles Pane, and the Apps Pane which is below the Tiles Pane. They’ve kept the best of the old and borrowed from Apple’s Launch Pad. These new metaphors are an improvement over the old menu of menus of programs.

It all starts at the Windows icon

The home screen has a Windows icon in the lower left corner. Clicking this icon raises a the primary dialog. The lower left has an abbreviated traditional menu that opens the file manager, and a few other key items. Above that is a list of frequently used items. To the right an array of application tiles appears. The lower menu bar functions similar to the Mac OS X dock. Icons representing each active user process open here.

Get Started and Settings

Settings in the menu and Get Started in the most used list are the places to go to customize the user’s Windows 10 experience. The Get Started pane brings up an extensive table of tutorials including video that introduce you to Windows 10. These are very well organized and helpful. This replaces the butt ugly help and Clippy.


Microsoft’s privacy statement is now in plain language. Settings -> Privacy has a number of pages that control each feature. Most feature clusters have a master switch plus application switches much like in IOS settings. The master switch enables the service for all. The app switches enable access to the service for individual programs that have registered for access to the service. It’s really clear. There’s just a lot of it so you can enable information sharing for selected preferred services and turn it off for the majority of applications on the machine.

Personal Computing

Making Good Passwords for the Rest of Us

Every week brings stories of a new software exploit or corporate data breach in which user names and passwords are stolen. Security “experts” are advising us to make ever longer and more complex softwoods and to use unique passwords for each site that we visit. Why is this good advice and how do we go about making good but usable passwords? And how do we remember them all? I’ll attempt to answer these questions in this article in a way that is accessible to my retired buddies and family.

Why a User Name

There are lots of reasons to have a user name and password at sites that you visit regularly. Some benefit you while others benefit the site operator in a way that allows them to continue to provide the site’s service to you.

  • The site can provide personalized service
  • Some services are provided only to authenticated users having a standing business relationship with the organization (like your bank)
  • The site accumulates information that allows it to provide better services to you.

Some of these things can be done with or without an E-mail address using your home’s IP address as a substitute. Without an account, the site has no way of knowing which of several users at an address is actually visiting: you, your spouse, your 13 year old son? Without a sign-in, the site has to make somewhat general decisions about what to show you.

Why a Unique Password?

A password is a secret shared between you and the web site. When the user name and password pair are unique to the site, successful presentation of the user name and the associated password verifies you to the site and the site to you. You’ve shared that particular secret with only one web site. You each know that the intended party is at the other end of the line.

If login fails, you may have miss-typed the URL. Double check the URL before doing missing password procedures. It is not uncommon for unscrupulous operators to attempt to collect user name and password pairs by impersonating a site on a common misspelling of the URL.

Why a “Complex” Password?

The primary reason to use a complex password is to avoid well-known passwords or passwords composed from information known about you that an impersonator can obtain. This basically prevents an unscrupulous unskilled individual from committing theft of service or tampering with your relationship with the various sites that you visit. It is not intended to protect you from an organized and systematic attack.

Intelligence agencies and criminal syndicates make sophisticated attacks to break into web sites. One thing they try is to use statistically common passwords like “password12”. And surprisingly, they can make all the mess-ups like “pa$$word12”, “pas$word12”, etc. Most sites attempt to protect accounts against password guessing using several techniques.

  • Limiting the number of failed log in attempts in a time period
  • Increasing the delay between log in opportunities
  • Locking the account and requiring use of lost password procedures which involve different shared secrets.

How Passwords are Stored

Reputable web sites do not store your password. Rather they store the results of operating on your user name and password and possibly some well-known (to the site, anyway) other stuff to compute a hashed value. The addition of other stuff is called salting the hash or just salt for short. A hash function is a function that maps a string of data into another pseudo-random string. It is easy to compute the hash but prohibitively expensive or impossible to retrieve the original string from the hash because the hash function makes a many to 1 mapping. The hash is useful because the inputs that map to a given output are wildly different. No recognizable variation of the input string will give the same result as the correct string .

As a result, Google can not tell you your G-mail password. Google only has the hash. It is likely that the hash input and hash algorithm are designed to give different results when a common password is used with multiple Google accounts. Compromise of one account does not imply compromise of other accounts. Others may not be so clever or careful as Google.

What is taken in a break-in?

In many break-ins, the attackers gain the password database which is basically a list of user names with their hashed passwords. Many sites, especially entertainment sites, use a well known authentication process. Each such site produces the same hashed value from your E-mail address and password.

It is common for attackers to sell lists of user name password hash pairs. Today it is possible to break the hash to recover the original password. In other cases, the password list is stored in the clear and lists of user names with passwords are also available. Availability of these lists allow others to compromise your account to steal from you or to impersonate you.

What do I do?

To limit the consequences of password compromise and to authenticate my bank and broker’s web sites, I do the following.

  1. I use unique passwords for each site
  2. I use a password manager to store all my passwords
  3. I use a password manager that syncs password data among computer, phone, and tablet
  4. I chose the password manager carefully.

Making Unique Passwords

It is hard to make up good passwords. Choosing words myself generally results in using words associated with me, my interests, or my experiences. They’re not really random. Same with numbers. They’re usually the last 4 of an ancient phone number.

Instead, I use dice ware to make good but easy to type passwords whose parts are chosen randomly. Dice ware is a word list used with a dice cup and 5 dice. Do use real dice as computer random number generators are “pseudo-random”. That is, started with a seed, the random number generator will always make the same sequence of numbers. Which is to say, that they’re not random, they only appear to be. You can’t guess the next one given this one but you can reset the seed and recreate the sequence.

For web sites, I use three rolls to pick two strings (usually words) and a number. Each roll has 6 to the 5th power outcomes that are independent so there are 6 to the 15th power outcomes. Two rolls select a word from the word list. The advantage of the dice ware technique is that two words and a number stick in short term memory long enough to allow them to be typed easily yet the search space is big and fairly random. And you will come to remember those you use frequently. And there is nothing about the passwords that suggests you are using dice ware to make them. The dice ware word lists are available for a number of languages in addition to English that use the Latin alphabet.

Most sites will hold a password made this way. The troublesome sites are those that have a high complexity requirement but short string length. It is difficult to produce easily remembered 8 character passwords that have 2 digits, 2 punctuation, and one or more caps. You’re down to 4 letter words or going random. Also troublesome are sites that don’t tell you the maximum password length. These sites are truncating your password so the numbers, caps and special characters can be lost if they’re near the end.

Remembering 200 Passwords

I can’t do it. I don’t think computer security expert and ace cryptographer Bruce Schneirer can do it. So I use the OS X/IOS built in password manager and commercial product 1Password. The built in pass word manager works in the web browser and stores passwords in the OS X key chain. It can also store your SSH keys (for geeks) as of Mavericks and is synchronized via iCloud as of IOS 7.

I keep everything in 1Password also because I can use 1Password to keep track of security questions and responses and other information about the site and my relationship with the site that Key Chain will not store. As of IOS 8, applications will be able to ask 1Password for data. Agile Bits explains this interface and the actions they’ve taken to prevent misuse in their blog.

1Password never gives anything up without you authenticating using your 1Password master pass phrase. I have a good one that I can remember that I made using Dice Ware. It is guess proof.

The folks at 1Password understand cryptography and know how to build secure cryptographic applications. All 1Password data is protected using AES256 encryption and care is taken that the plain text and cypher text are not left lying around in memory.

Personal Computing Retired Live Web hacking

Second Life, Web Hacking Edition

To keep busy, I’ve been doing web sites for two non-profits, my church and the local Road Scholar Lifetime Learning Institute Network affiliate sponsored by Old Dominion University.  Both web sites were in need of updates for the brave new world of iPhone and iPad. Neither site was responsive and both had become disorganized as the sponsor’s activities grew in scale and complexity.