Latest blog entries

Managing passwords in the cloud

Saturday, December 24th, 2022 at 12:01 pm

For a long time (until a few years ago) my technique to avoid repeating passwords was to use a bookmarket called SuperGenPass which would generate a password for me based on the website’s domain and a master password. For important things like email and banking I had specific unique passwords, but the numerous other accounts used this method.

I also avoided using the same email address for new accounts by never using the “login with Google/Facebook” option and as much as possible created a new unique email alias for each one. I don’t actually see much spam but when I do it is always interesting to note which address was being used. Did company A have a breach or did they just sell their customer data?

Back to the passwords… it was nice to have a quick way of ensuring that my passwords were different, but over time I noticed a flaw in this process and that was to do with data breaches and forced password resets.

If the account wasn’t important, such as something that was needed for a specific purpose but no longer, then one option was to delete the account and move on. However if I needed to keep using the account then the password needed to change, but because it was generated from my master password and the domain of the site, it couldn’t. For a short time I had two master passwords, one for most accounts and then a second for accounts that I remembered had needed to be changed. This wasn’t working so I switched over to a password manager.

I didn’t want to have to manage a password file myself so based on recommendations I had a look at both 1Password and LastPass, deciding on LastPass as it felt easier to use. There were plugins for both Firefox and Chrome, as well as an Android app.

This was working out well for a couple of years, until LastPass announced that they would essentially start taking features away from the free version. The main change I remember affecting me was that free accounts would be locked into either desktop or mobile access. Not that big a deal as I rarely used the Android app, and desktop still meant that I could still use it across multiple browsers and computers.

I also started to notice the interface changing, and not for the better:

  • Something I really liked about the LastPass plugin was that I could click the toolbar icon, type part of a website name and press enter. It would then load the site and automatically login for me. This was very convenient, until it became glitchy, by which I mean that sometimes it didn’t take the keyboard input. So I would have typed the name and pressed enter, but nothing happened so I would have to click the icon again, then ensure the cursor was within the search field.
  • Not that long ago the plugin prompted me to save credit card details, I decided to give it a go and then removed my card details because it was just broken. I couldn’t see how the LastPass would be able to populate the card details when the forms on different sites are so varied, is the expiry date one field or two, is the year two digits or four, is the month a number or a name, it is a text input or a drop down? After having it enabled while I made a couple of online purchases, it insisted on four different entries for the same card. It also wanted the CVV, so nope.
  • About a week ago LastPass started prompting me to save the password for my email and my bank, these are the accounts that I never put into LastPass. I double checked that they are still listed under “Never URLs” in my account settings, however the plugin is still prompting me.
  • Another odd thing I discovered last year while listing a few items for sale on eBay was how the plugin interacts with websites. As I was listing items I kept getting an error saying my description contained javascript. I was hand typing the simple HTML, but it turned out that the LastPass plugin was fiddling with the form input, a problem that had been known about for a while. Any plugin of this nature does need to scan the page for login forms and possibly modify those, but it doesn’t make sense to insert javascript into the eBay listing description.

So… all of this has meant that I have been becoming less happy with LastPass over time, and this isn’t touching on the security problems that I had been kind of ignoring. I didn’t know that despite their marketing claiming zero knowledge of the data in my vault that URLs and other data is not encrypted.

So I need to swtich, but switch to what?

For convenience I want a cloud based solution and 1Password does appear to be the recommended alternative (these days I need to be prepared to pay for important things, not just go for free but limited options), though Bitwarden has also been suggested. Looks like it need to do some more reading…

Tagged with: , ,

Getting on board with Mastodon

Saturday, November 12th, 2022 at 4:55 pm

It has now been two weeks since I decided to check out Mastodon again, prompted by the change of ownership of Twitter and a number people I trust talking about it. While I did dig up the details for an account I created years ago, I decided to delete that one and start fresh on aus.social. While that other account would have worked fine, I felt there would be a better sense of community by being on the same instance as people I knew.

I should say that while I have been on social networks for a long time I am not that “social” on them. I consume things posted by people I know and trust, rarely posting myself with the exception of during conferences or the comedy festival. I am also a creature of habit, so I wanted to be able to consume Mastodon posts in a way that didn’t disrupt my existing workflow.

So what is my existing workflow? I don’t want to have to go to multiple sites to see things, I want them aggregated together and long ago I worked out that my email client is where I wanted them. For over fifteen years this is how I have been consuming RSS feeds and for around twelve years I have posts from who I follow also appear as email messages. I also used to have the same for identi.ca (until that changed and I stopped using it) and Facebook (until they changed the API and I didn’t bother to update my script).

I also have my personal site and while I haven’t been writing blog posts as much as I should, this still exists and the homepage is another aggregator, but not of what I want to consume, instead it is what I am posting on different services. These blog posts show up there, along with my twitter posts, photos I put up on Flickr and books I add to my LibaryThing catalog.

So after creating my account and spending some time learning how to use Mastodon I started to think about two integrations:

  1. toots from people I follow into my email client
  2. toots I have posted onto my personal site

The second of these was the easiest because I quickly found that by default Mastodon provides an RSS feed for the public posts on a profile, just construct a URL of the form https://[instance]/users/[username].rss. Then in the settings for the wordpress plugin I use I add a new RSS feed, giving it the feed URL and setting a custom icon. I cleared the cache and it was done, my toots were now on the homepage for my personal site.

I expected that it would be harder to get the toots of people I follow, but once I started looking into the Mastodon API I was pleased to find that it was pretty easy:

  1. from the Development section of my Mastodon profile create an Application, this will also generate an access token which I can use to access the API as myself (all I need for this purpose)
  2. call the home timeline API endpoint to get the toots from the people I follow
  3. rework my existing script for Twitter to be for Mastodon

So now from within my email client I can go to a folder and see a combined timeline of Twitter and Mastodon posts. If I want to interact more I can then click through to the relevant site.

I also took the big step of finally pushing this code into the git repository that I had created years ago. So if you want to see some rough but functional perl code, then it is available for all to see.

After this flurry of activity on a rainy Saturday I then resumed my normal position of sitting back and watching what was happening. There are a decent amount of toots talking about how to best use Mastodon, there are mistakes being made but also plenty of lessons being learned.

As Twitter is becoming more of a mess I am seeing more people I knew joining a Mastodon instance. Right now it looks like an even split between people posting on Mastodon vs Twitter, with only a couple simultaneously posting to both.

Something else I am going to look into is I have seen there is an ActivityPub plugin for WordPress, so I could possibly have a more direct interaction between Mastodon (and others) and this site. I will investigate…

Tagged with: , ,

Returning to a location

Saturday, November 5th, 2022 at 10:58 am

Six years ago I stopped by the St Kilda Botanical Gardens, mainly within the Alister Clark Memorial Rose Garden, and took a few photos. I did start sorting and editing them but none of them really grabbed me so they remained in my todo folder. Last year I had the idea of going back on the same day and taking the same photos as a five year comparison.

I don’t recall why but I never did that, so with it approaching six years I decided to try to get back to these gardens. It isn’t like I have this new camera (now fixed after sending it back) to justify…

So, six years to the day I returned to the St Kilda Botanical Gardens and wandered around with my camera. On my phone I had the shots I needed to replicate, but I also was looking for other things as well.

Some were quite easy to replicate:

Walkway (2016) Walkway (2022)

While with others it wasn’t until I got home that I realised I hadn’t gotten the location quite right, for example with the gazebo I should have been standing a lot further back with more zoom:

Gazebo (2016) Gazebo (2022)

In the end there were only four shots that worked in showing the similarities (the structures) and differences (the plants), see the gallery on Flickr.

While I probably won’t do anything further with these photos and I also regret not matching up the time of day better, I consider this a successful experiment.

Tagged with: ,

Sending my new camera back

Thursday, August 25th, 2022 at 9:58 pm

That new camera I bought a month ago? Today I sent it back.

However that is only “back” in a geographical sense. I bought the camera online and it was shipped to me from Sydney, while I have posted it to a Sydney address, that destination is the Canon Service Centre because the camera has a fault. While I could have sent it back to the retailer, all they were going to do was forward it on to Canon, so I cut out the middleman.

It is a bit annoying that I have to pay for the postage, it is cutting into the saving I made by buying the camera online. That is a sense of security you get from a physical store, you can walk back into the store and under Australian consumer law it is on them to get it fixed.

I do miss the time when Canon had a decent service centre in Melbourne, especially since it was just around the corner from where I worked at Monash Uni. When my EF-S 17-85mm broke the first time I was able to drop it off and then pick it up once repaired. It was even more convenient when the driver board in my 7D failed because I had to take it back after the initial fix because they didn’t reconnect the display inside the viewfinder. If I had had to post it each time, that is extra cost on my part.

I know there is the Canon store in South Melbourne, even though they say they only accept drop offs for DSLR and EF/EF-S lenses, I suspect that if someone walked in with an R body or lens that they would be crazy to refuse it, even though they would just send it on to Sydney. I decided that time cost to try that approach would be higher than the monetary cost of posting it.

So what was wrong with the camera? The worst type of fault, an intermittent error in the form of Err 70, though nothing like Scott Kelby experienced.

The first few times I used the camera I had no issues, but then on the Saturday morning of Open House Melbourne I got the error a couple of times, but then not the remainder of the day or at all on the following day. I used the camera at home a couple of times, got the error once. Then again when on an outing with the camera club.

I did what the error says, turn the camera off and remove the battery. This worked and I could take photos again, but the photo when the error occurred would either not be stored or would be corrupted. As I left it a bit to see how often I would get the error I was able to confirm that it happened with different SD cards, with different batteries and with different lenses.

Hopefully it gets fixed and returned soon, but it will definitely be too late for the workshop I have booked in for this weekend.

Tagged with:

Weird or suspicious?

Saturday, August 20th, 2022 at 7:44 pm

When I am working at home from my desk I have the venetian blinds opened enough so that I can look out over my front garden and over the road. My experience is that I need to frequently rest my eyes by looking away from my monitors, and this type of break is often recommended as part of office ergonomics.

This also means that activity outside often catches my eye, not everything but a few days ago I saw a man at the front door of the house across the road. Nobody answered the door and I saw him ring the bell a few times and wait like he expected someone to be home. It was unusual that he walked out the street, looked in the window of the car parked there (which belongs to one of the people in the house) and then went back and rang the bell again. He walked off to the right which was out of my view.

About 20-30 minutes later I heard a car door slam, I looked outside and saw something very strange. There was a car parked on the footpath across the road, not on the side of the road, but right up on the footpath. How did they get there? Did they lose control and crash?

As I was trying to work out what I was seeing I saw the man from before walk around from the far (passenger) side of the car, get in and drive off. Not back onto the road, but along the footpath and out of my view. This was very weird, what did I just see? How was there enough space for a car between a letterbox and a large tree on the nature strip? It was thoroughly confusing.

Because it was so strange I made a quick note and then had to join a work meeting, forgetting about this until the next day when that neighbour came over to say they had been burgled and were asking if I had seen anything. Well yes I had, now what I saw wasn’t just weird, but also suspicious.

Unfortunately I didn’t see much, just that it was an older male person and a general description of the car, no license plate or any specific detail.

It made me think about one of the projects deep in my backlog which is to put up some cameras. But even if I had cameras my plan is to cover my own driveway and front door to get alerts if someone is approaching or to know if a parcel has been delivered, they would not capture anything across the road.

Tagged with: