Online Security Recommendations

Posted on December 14, 2010 by Rick Lobrecht

Gawker Media is an online “news” organization.  Except for Lifehacker (which I really like) it’s kind of the supermarket tabloid of online media.  You may know Gawker from Gizmodo (the site which bought Apple’s stolen iPhone 4 prototype.)  Anyway, Gawker had a significant security breach, which has resulted in a leak of their authentication database.  You can read Gawker’s FAQ on the issue here, or some excellent coverage on their problems at Forbes.  In addition to the usernames and email addresses of all their users, the database also contained encrypted passwords.  Encryption is meant to be reversible, and hackers have started unencrypting the password database.  Some 200,000 passwords have already been decrypted, and many have been shown to be simple things like “password”.  Modern computer science dictates that authentication schemes shouldn’t store encrypted passwords, they should store password hashes.  Password hashes are one-way.  They can be used to determine that a user has typed in the right password, but there’s not a way to get a password back from them.  Their second large mistake was using a very old encryption standard, which has already been cracked.

So what does this have to do with you, especially if you don’t have an account on their system?

The first lesson from us is to not trust sites where we are creating accounts with passwords.  Their site design and site security may not be as good as we think.  This could lead to the exposure of your information, including your password for their site.

Which leads us to the next lesson.  Never.  Never.  And I mean NEVER, use the same password for multiple sites.  If you’ve used a password for site A and site B and site A is compromised, then they have your password for site B.  User’s are already experiencing this from Gawker’s breach.  A number of very odd tweets have gone out from users who have had their password decrypted.  Because of this risk, at least one site (LinkedIn) is proactively expiring passwords for the users on Gawkers list.

The third lesson is to use long and complicated passwords.  The passwords which have been recovered so far are simple and common passwords.  When the hacker is decrypting a string, and gets back password, it’s clear they are done.  When they get back adIop87H23f874gV58  they aren’t quite so sure.

But how am I supposed to remember all those different complicated passwords?  You should write them down.  Or use an application.  It really depends on your needs.  There are a number of different applications out there, and they are all a little different.  Obviously you need to trust them, so don’t take the decision lightly.  You could use a little book, and really write them down, just make sure your book is kept secure.  If the book never leaves your house, you’re probably ok.  If someone gets into your house, they aren’t there to steal the password to your Facebook profile.  There are two passwords which shouldn’t be written down, should still be long and complicated, and must be memorized.  The first is the password to your computer.  The second is the password to your password system.  There’s one more password that is especially important to keep secure, your email password.  Your email account is the gateway to all your other accounts.  If your email account is compromised, hackers can use that to request new passwords to most sites.

A lot of the applications have the ability to generate random passwords, but in case yours doesn’t, I’ve built a quick Excel spreadsheet which will generate random passwords.  Password_Generator

Go now.  Get a password system if you don’t have one, and start changing your unsecure passwords.

 
Posted in Online, Security | Comments Off

Microsoft Office 2011 for Mac

Posted on October 27, 2010 by Rick Lobrecht

Microsoft released Office for Mac 2011 yesterday.  It includes Word, PowerPoint, Excel, and as a replacement for Entourage – Outlook.  Office now has an interface similar to the ribbon based fluent UI introduced with Office 2007 for Windows.  Supposedly, Outlook has been written from scratch in Cocoa.

After seeing reports of it showing up in some users MSDN downloads, I rushed to log in.

I’m downloading now.

 
Posted in Apple, Mac, Microsoft, Office | Tagged | Comments Off

iPad engraving now available

Posted on October 26, 2010 by Rick Lobrecht

When I ordered my iPad, back in March, I lamented the fact that engraving wasn’t available.
TUAW reports, and Apple.com confirms, that Apple has started offering engraving on iPads.

It makes sense to have waited this long.  Originally, Apple was having a lot of trouble keeping up with demand.  They are obviously at a point now where their manufacturing can keep up (as evidenced by the retail presence in third party stores.)  Engraving adds a little something extra, which you can only get by ordering from Apple.com.  Just in time for the holiday season.

A couple of things to note when engraving from Apple.com.  It does add a couple of days to the shipping time.  It’s also not returnable

 
Posted in Apple, iPad | Tagged , | Comments Off

Congratulations Evernote

Posted on October 19, 2010 by Rick Lobrecht

Phil Libin, CEO of Evernote, has announced an additional $20 million in VC funding. Considering they are currently funding their daily operations out of their premium subscription revenue, this means a lot of new features for Evernote users. I’m looking forward to seeing what they come up with.

 
Posted in Productivity | Tagged , , | Comments Off

It’s going to be a long day

Posted on October 11, 2010 by Rick Lobrecht


88 unread emails after missing one day of work.

 
Posted in Productivity | Tagged | Comments Off

Evernote Site Memory Button

Posted on October 8, 2010 by Rick Lobrecht

A while ago, Evernote announced their new Site Memory function.  It allows content publishers to control how their content is saved into Evernote.  I’ve enabled Site Memory on this site using the awesome plugin Slocum Design Studio shared.

Do you want to try it?  Just find the Evernote icon  following each post, and click it.  If you don’t have an account, the pop-up will allow you to create one.  Go ahead, it’s free (although there is a premium service available.)

 
Posted in Productivity, Website | Tagged | Comments Off

Evernote Templates

Posted on October 6, 2010 by Rick Lobrecht

I use Evernote to keep track of most everything.  I really like it, and use it across my MacBook, my work Windows laptop, my iPhone, and my iPad.  One thing that I wish it had was either a template system, or a way to duplicate existing notes.  Unfortunately, it doesn’t have either, but there’s a reasonably simple work around.

To start with, I have a Templates notebook.  This is where I create my template notes, and house them for safekeeping.  Ideally, they will never be touched in this notebook after the initial creation, but they are there in case you ever lose your template, or need to tweak it in the future.

The first step to creating a new template is to create a new note in your Templates notebook.

Next, set the name, tag, and any other metadata items you want included in your template.

Fill out the content you want included in your template.  All of my current templates are checklists, so I make sure and include checkboxes for each item.

Once you’re template note has been crafted, it’s time to turn it into something which can be duplicated.  We do this by exporting the note.  Evernote export files have an .enex exension, but are really just XML files.  In the Windows client, right click on the note, and choose “Export 1 Note…”.  By default the file is called Evernote.enex, so ensure you name it something appropriate.  You also want to save it somewhere you will remember where you put it.  Maybe an Evernote templates folder in your Dropbox?  Make sure you check the “Export note tags” box.

If we want it to act as a template, we need to remove a few dates from the exported file.  Otherwise when we import it, it will get a creation date and time of when it was originally created, and not when you import it.  Find the .enex file you exported, and open it with your favorite text editor.  I’m going to use notepad for this example.  You could use an XML editor, if you have one.

There are three dates we need to remove.

The first is part of a tag describing how it was exported.  In my example it says:

<en-export export-date="20101006T145412Z"
application="Evernote/Windows" version="3.5">

We need to remove the export-date=”" section, so it looks like:

<en-export application="Evernote/Windows" version="3.5">

The other two are the created and updated tags.  They need to be removed completely.  In my sample they look like this:

<created>20101006T143045Z</created><updated>20101006T144103Z</updated>

The final result should look something like this:

If you want more information on the Evernote XML format, you can visit Evernote’s developer area.

Now on to using the template.  From the File menu choose Import -> Evernote Export Files…

Browse to your template .enex file and click the Open button.

When it completes the import, Evernote will explain synchronization to you, and ask if you want the notes moved to a synchronized notebook.  I click No.

You’ll then find the notes in a new local notebook named something like Imported Notes.  From there you can move it to another notebook, and start filling in whatever you need to.


 
Posted in Productivity | Tagged , , , | Comments Off

iPhone and iPad apps

Posted on October 5, 2010 by Rick Lobrecht

Yesterday, someone asked me what apps I use on my iPad.   I realize I’ve never done that post, so here you go.  BTW, this probably won’t answer their question from yesterday, because they were looking for fun apps.  I don’t actually use too many of those.

First off are a couple of Mac apps, which I use to move video DVDs onto my iPad.

  • Handbrake – rips DVDs and turns them into MPEG-4s
  • MetaX – sets all the metadata for your videos

iPhone apps

I have a few other apps installed, but I never run them, and just haven’t bothered removing them.

iPad apps

I have a ton of iPad apps installed which I never run.  I’m only going to list the things I actually find useful.  You may notice some overlap.  8-)

     
    Posted in Apple, iPad, iPhone | Comments Off

    dasBlog to WordPress migration

    Posted on October 4, 2010 by Rick Lobrecht

    I had a couple of false starts (that’s what happens when you don’t really plan things) but I’ve not gotten almost everything up and running.

    I first started by trying to bring in my RSS feed from dasBlog. This was a huge pain, but did end up working. The only bad thing is I didn’t have a good way to map my old URLs to my new posts, and each RSS item had an aggregator bug in it. I then started searching for some better options. It turns out a bunch of people have done this before. Below is a quick run through of the tools I used.

    I used the dasBlog to BlogML convertor from MSDN to create a single XML file of all my dasBlog content.

    I then used the BlogML Importer to bring the content in. This does a really great job of giving you a map of your old URLs to your new ones.

    This map combined with the Redirection plug-in let me save a large chunk of the URLs from my old site. Unfortunately, I was left with a bunch of GUID based CommentView URLs, which amazingly enough are getting a ton of traffic. I searched and searched, and didn’t come up with anyone who had solved this nicely. I knew that my dasBlog Google sitemap contained both sets of URLs, so I started playing around with that file. Luckily dasBlog put the two URLs together in the file, and Excel was able to import the XML into a spreadsheet. I ended up being able to generate a similar map containing old GUID based CommentView URLs with my new WordPress permalinks. Unfortunately, I couldn’t get that file to import into Redirection. (I think the problem is with the commas in the CommentView URLs.) After playing around way too much, I ended up loading the table directly. This worked really good.

    The last step was to create redirections for the day pages and the Category pages. Here’s the regex for those:

    ^/rick/CategoryView,category,(.*)\.aspx$

    http://blog.lobrecht.com/rick/category/$1/

    /(?i)rick/default,date,(\d*)-(\d*)-(\d*)\.aspx

    http://blog.lobrecht.com/rick/$1/$2/$3


    I might have been able to do this a little more elegantly, but it seems to work. I also need to set up a few manual redirects for the Categories I have with spaces in the names.

    Let me know if you find any issues with the new site.

     
    Posted in dasBlog, Website, WordPress | Comments Off

    Let’s try this again

    Posted on October 4, 2010 by Rick Lobrecht

    I’ve migrated my blog from a self-hosted dasBlog (on our home based server) to a WordPress based site on our webhost. I’ve re-migrated all my previous content, and set up redirects for all the individual articles. I’m working on the rest of the redirects.

     
    Posted in Website | Comments Off