ANOTHER GOOD article about passwords

Very glad to see another post by a site, giving good information on handling passwords, security question answers, & the recommendation to use password managers. I last had a post about this in July, when Dreamhost also put out a good article about creating strong passwords for account security. The link to that article is below as well.

Lifehacker: Use Your Password Manager for Security Answers, Too

Dreamhost: How to Create Strong Passwords to Keep Your Website Safe

Linux on Samsung Galaxy TabPro S

I have picked ap a Galaxy TabPro S a year or two ago, but didn’t end up using it much since it was running Windows. I had always planned to try out Linux on it, but never got around to it until now. I installed Xubuntu, just to have a light OS, & the only issue is related to getting wireless working. It is however a quick fix:

GitHub: infernix/samsung_tabpro_s

Just need to clear the contents of /lib/firmware/ath10k/QCA6174/hw3.0/*, & then place the two files from the GitHub repo. After a reboot, wireless was working with no additional changes needed.

Xubuntu booting on my Samsung Galaxy TabPro S

De-google-ify Internet

Found this site on https://lobste.rs. Has so great, open alternatives to proprietary services: Framasoft: De-google-ify Internet.

The Framasoft web site also seems to have some great information on this topic as well.

A network dedicated to globally promoting “free” and particularly free software.
Many services and innovative projects freely put at the disposal of the general public.
A community of volunteers supported by a public interest association.
An invitation to build together a world of sharing and cooperation.

Setting Up Media Drive Sync

I have two external hard drives for my media, one to hold all of my downloads, & the second attached to an Nvidia Shield TV which I use as a Plex server. Since getting Plex setup there, I’ve been looking for a way to keep both drives up-to-date so that I don’t have to manually copy files to each drive when I download. I’ve been trying to get rsync running on the Shield, but then remembered Syncthing. Because of the amount of data, the initial check is going to take a few days, but I’m hoping this will be a good way to keep the drives updated.

I’ll have a follow up post to discuss how I actually got it setup (assuming it works) once the initial check is done.

Another 15 hours to go…

FINALLY: A Good Password Management Article

DreamHost recently posted an article on their site about password management: DreamHost: How to Create Strong Passwords to Keep Your Website Safe. Just the list of points is much better than what I’m used to seeing:

  1. Make your password long.
  2. Don’t use a common phrase.
  3. Test your password.
  4. Don’t reuse your password.
  5. Use a password manager.
  6. Don’t store passwords in your browser.
  7. Follow the rules every time.
  8. Use two-factor authentication.
  9. Consider the Passphrase/Diceware Method.
  10. Use security questions wisely.
  11. Keep an eye on your smartphone.

I still have to actually read the specifics for each, but that list alone is a great guide on modern password management.

Apple’s Warning Against Jailbreaking

Seeing as how the Electra 11.3.1 jailbreak is supposed to be released soon, it looks like Apple put out a statement on why you shouldn’t jailbreak: Apple: Unauthorized modification of iOS can cause security vulnerabilities, instability, shortened battery life, and other issues. I definitely find that ironic…

  • Security Vulnerabilities: I’ve seen jailbreak developers release patches for devices with Cydia before Apple puts them out
  • Instability: Okay, sure. But if an occasional crash is the cost of having things like themes & hooks into Springboard, it’s a price I’m willing to pay. Especially because iOS isn’t that much more stable without being jailbroken.
  • Shortened Battery Life: This coming from the company that was secretly throttling older device “to save battery life”. Sorry if I don’t believe this one.

I have not yet read the rest of the page, but I’m sure it will be much of the same above. I’m not interested in Jailbreaking to download free apps; it’s for the ability to customize the device i own & want to do with as i please.

Nintendo Switch Homebrew

I’ve been keeping an eye on this scene for a while now, eagerly awaiting the release of FusĂ©e GelĂ©e from Kate Temkin since she revealed the capabilities of the flaw. I’m a huge fan of releases like these that let you have more control over the system that you purchased, whether it be rooting an Android device, jailbreaking an Apple one, or getting Custom Firmware running on a Nintendo 2/3DS. I like those processes because it opens the platform to more customization, & not because of the ability to pirate games. Unfortunately, that part almost always follows when these techniques get released, which ends up giving users who want more open platforms a bad name.

Ethics aside, I am excited to get started on this myself.
– Kate Temkin: Hardware Hacker: FAQ: FusĂ©e GelĂ©e
– GitHub: reswitched / fusee-launcher
– fail0verflow: ShofEL2, a Tegra X1 and Nintendo Switch exploit
– GitHub: fail0verflow / shofel2
– GitHub: fail0verflow / switch-arm-trusted-firmware
– GitHub: fail0verflow / switch-coreboot
– GitHub: fail0verflow / switch-u-boot
– GitHub: fail0verflow / switch-linux

EDIT: 20180501: Well I worked on this over the weekend, & was at least able to get the Fusée Gelée display:

Used a paperclip to bridge ports 1 & 10.

Switch booted to Fusée Gelée screen

Twitter Austria & Storing Plaintext Passwords?

Just found this great Twitter thread: @c_pellegrino: Does T-Mobile Austria in fact store customers’ passwords in clear text @tmobileat? @PWTooStrong @Telekom_hilft

Something good that came out of this (just for me I guess), was finding out about this web site: Plain Text Offenders.