Keeping your passwords safe, but accessible – LastPass

I have been using a freeware product called “password safe”, and it was OK, but using it at work and at home meant I had to keep two databases up to date, which was a pain.

However, thanks to a tip from my friend Jeff, I just switched all my stuff (home and work) to LastPass (www.lastpass.com)

Why did I do that, and why would I tell the world where all my passwords are?  Well, it’s a really great system, and ULTRA secure.

In a nutshell, it stores your stuff in the cloud, but in encrypted form. Encryption happens on your computer, so they never have your unencrypted information, and have no way of getting it either! They also never store your personal information, or userid, or password in unencrypted form. So their system only contains encrypted blobs which are useless to anybody without the decryption key (your userID and password). So, they can cooperate fully with the FBI or foreign governments, and give them all the data they want. It’s still useless. There isn’t even any way of knowing who owns which blobs of encrypted data. How cool is that!  Well OK, so it’s probably only really cool to security geeks like me.

Anyway, you can store passwords & sites, and it will auto-fill for you when you go to log in with your browser (if you want – you can decide on a site by site basis). In addition, you can store personal info and credit card info on there and it can form-fill for you when you are at a checkout form on a website. You can also store notes of arbitrary text data, for any purpose you want. It generates passwords for you.

What! Put my credit card data out there? Are you nuts?  Well possibly, yes, but that’s another subject.  But yes, it’s secure enough to do that.  Once you "get” the security model, it’s clear that anything you store in this “vault” is accessible only by you, and so go ahead and use it for any bits of information, not just websites and passwords!

I mentioned that the system can generate passwords for you.  Here’s why that’s useful:  Most people tend to use 1 or 2 passwords for everything they do.  That means that if somebody learns, or guesses your password, they have access to a TON of stuff.  This is what we in the security business call “bad”.  If you use the system to generate a password for you when you sign up to access a website, it generates a nice secure password that is really hard to hack, and you would never remember it; but you don’t have to!  The password is stored with the site information, and when you go to that website, it automatically logs you in.  You never really even have to SEE that password.  You can view it if you want, but it’s not necessary. 

If you do this, not only are you creating logins for websites with a GOOD password (instead of the lame ones most of us use because they are easy to remember), but each site is different.  So in the unlikely event that somebody manages to get one of your passwords (no idea how that would be possible, but maybe a key logger on a public coffee-shop computer or something – work with me on this), then they only have access to one website because all the other websites you access have different passwords.

Another distinction is that since your information is stored “in the cloud”, you can access it from anywhere.  So, even if your computer dies in a fire, your important information is still out there.  If you use multiple computers, like I do, then this is really convenient because you don’t have to worry about keeping multiple databases of passwords up to date.  Any bit of information you store on one computer is available to you on any other computer.  Handy!

In addition to just storing stuff, you can share your passwords or notes selectively with other people. For instance, if I have a website with my personal login, and I want to give you access to it, I can either share the whole entry with you, allowing you to see the password, or I can share however much of it I want. This lets you use it by double-clicking (it then launches a browser, goes to that webpage, and logs in for you), but doesn’t let you see my password. Also, I can revoke the share any time I want.  This would be great for an employer to give an employee access to some business site (the company bank account, for instance), but without giving the employee the password.  They can do their job, but if they leave the company, there are no worries about having to run around and change the password – you simply revoke the share to that person!

They have a “premium” mode which is $12/yr which allows you to access all this from a mobile device too, and from a browser without installing their plugin, and also allows you to sync shares. So, if I’ve shared a login with you, and I change the password on my side, yours gets automatically updated.

If you want even MORE security, you can go for “two-factor authentication”. http://www.yubico.com/yubikey is inexpensive ($25 each, quantity 1), and works like an RSA token, but is actually a bit more secure because there is no LCD readout, and you never see the digits. If you buy a yubikey, they have a bundle where you can get a key and a year’s premium lastpass subscription for $30 (I wish I’d seen that before I sent my $12 in – LOL)

Anyhow, its very cool technology, and I have yet to read anything about this that’s negative.

 

Digitizing vinyl records: how do I do it?

I’ve had a couple of people ask me about digitizing old vinyl LPs, and so I thought I’d put my experiences down in writing here for your edification and enjoyment.

So you have a stack of old LPs, and you want to get them into iTunes so you can listen to them more conveniently?  There are a couple of things you should know before you run out and buy hardware and software, and spend hours doing this.

First, in case you were kidding yourself, this whole process is a royal pain.  It’s fiddly, time-consuming, and frustrating.  So, you should go through your albums and eliminate as many from the stack as you can.  How do you do this?  First, if you have a CD copy, then obviously don’t bother with the LP.  Next, look on-line to see if anybody else has a digitized MP3 version of this album.  Don’t worry about copyright or legality issues; you already own the LP (and the music on it), so getting it in another form for free is perfectly acceptable.

The easiest way I have found to look for such things is using bit-torrent.  Go to www.vuze.com and download their free client.  It’s really quite good and easy to use.  Put in the album name in question, and it will search 4 or 5 torrent sites for this.  You’ll get a bunch of results, some of which are not applicable.  You can use the filter on the right hand side to select just “Music” entries.  Browse through the results and pick one.  Important: LOOK AT THE COMMENTS!  People post comments on the torrent sites, and if you see comments like “fake: don’t download”, then skip that one.  It’s probably a virus or some scam to make money.  When you find something that looks decent (really not that hard once you do it a couple of times), download it.  This could take a short or a very long time depending on how many sources for this album are out on the net.  Be patient!

Of course, you could use this same procedure to download albums you don’t already own, or movies you don’t already own, but that would be illegal, so don’t do that.

You can’t find your album on the net anywhere?  Well, then put it in the “digitizing” pile, and continue your process of culling through your albums.

Once you have a smaller pile of albums to digitize, here’s how you do it!  There are several companies who sell “USB turntables” these days.  These may or may not be a good deal for you.  If you already own a decent turntable, then it’s better to invest in an interface box than to buy a cheezy turntable with an interface box built in.  Trust me, these USB turntables are inexpensive, and you get what you pay for – no audiophile turntable here!

I already owned a good turntable, so I bought Artcessories “USB Phono Plus”.  This box hooks up to your turntable, and has a USB plug for your computer.  The software that came with it was pretty horrible, so I ended up purchasing VinylStudio from AlpineSoft.  One thing this software does is to break up the tracks for you.  So, you put the needle down at the beginning of the record, digitize that entire side, and then the software takes care of it for you.  This is a HUGE timesaver.  If you had to do it track by track, it would take much longer, and I’d have even less hair.  The other neat thing is for a lot of the records I tried, the software will pull the track names from the internet.  This reduces your typing chore, though I do recommend proof-reading, as I did find errors sometimes.

If you don’t already own a turntable, then one of the USB turntables out there is probably a good bet for you.  Frequently there is software bundled, but try out the freebie version of VinylStudio as it may be worth the investment over the included software.

Is that a snake?

This is hilarious, and actually gets funnier each time you watch it.  Check out the reactions of each different person.  The main guy in white is priceless though – the pause is so classic!

Proposed cuts to the National Health Service (thanks to my Uncle)

From my Uncle’s most excellent blog:

The British Medical Association has weighed in on the new Prime Minister David Cameron’s health care proposals.

The Allergists voted to scratch it, but the Dermatologists advised not to make any rash moves.
The Gastroenterologists had a sort of a gut feeling about it, but the neurologists thought the Administration had a lot of nerve.
The Obstetricians felt they were all laboring under a misconception.
Ophthalmologists considered the idea short-sighted.
Pathologists yelled, "Over my dead body!" while the Pediatricians said, "Oh, Grow up!"
The Psychiatrists thought the whole idea was madness, while the Radiologists could see right through it.
The Surgeons were fed up with the cuts and decided to wash their hands of the whole thing. The ENT specialists didn’t swallow it, and just wouldn’t hear of it.
The Pharmacologists thought it was a bitter pill to swallow, and the Plastic Surgeons said, "This puts a whole new face on the matter…."
The Podiatrists thought it was a step forward, but the Urologists were pissed off at the whole idea.
The Anesthetists thought the whole idea was a gas, but the Cardiologists didn’t have the heart to say no.
In the end, the Proctologists won out, leaving the entire decision up to the arseholes in London.

By Tim Posted in Humor

Samsung Galaxy Tab – KIES PC Sync

I’m playing with an evaluation unit of the Samsung Galaxy Tablet from T-Mobile, so I thought I’d post my observations & any useful info I dig up. 

Pricing on this gadget varies widely.  T-Mobile has it for about $250.  If you want to pay more, you can get it from AT&T for $520.  Does that markup seem a little excessive to you?  Good, it did seem that way to me.

The model I have is SGH-T849 (no, not on the box or paperwork anywhere, you have to dig into the phone settings.  Here’s an interesting bit of trivia: If you plug this unit into your computer with the non-standard USB cable (looks like an iPod cable, but isn’t), the computer sees it, but it doesn’t charge it!  You have to plug that cable into the little wall-wart (which is admittedly very slick).

I asked “Irene” (complete with thick Indian accent) how to transfer memos from the tablet to my PC.  I was told this was not possible.  I took another tact and told her that the memo program has the ability to email memos, so I did that.  I ended up with a “.vnt” file as an attachment.  This is not text, html, xml, or anything else useful – it’s some proprietary file format.  I asked what reader I might employ to view said file.  After being put on hold for an extended period of time, “Irene” suggested that I download “Universal Viewer Portable 5.4.4” from the net (just google it, she said).  Cnet has it, if you are interested: http://download.cnet.com/Universal-Viewer-Portable/3000-2248_4-75157196.html?tag=api

According to net.wisdom, the sync program you need to use to transfer files and media to and from the tablet and your PC is called “Kies” (apparently pronounced “keys”, according to tech support).  Try finding this on Samsung’s twisty dead-link littered website, and you’ll be pulling your hair out.  I have less hair now, but victory was mine and I was able to find a link which did allow me to download Kies PC Sync software.  Here it is: http://www.samsung.com/ae/consumer/mobile-phones/mobile-phones/infotainment/GT-I9000HKDXSG/index.idx?pagetype=prd_detail&tab=support

It doesn’t matter what model of phone the website thinks you have, as they only have one sync program for all of them.  When I connect the tablet, I get “This device is not supported by Kies 2.0”.  Not very useful.  However, Windows 7 does see the device as a mass storage device, and can browse it.  I can manually copy pictures/videos back and forth, but I was looking for something more elegant.  Browsing the various folders didn’t yield anything “memo”-looking.

In the root directory is an executable named “Multimedia Sync by doubleTwist.exe” – intriguing!  When I ran it, I got a progress bar which stalled 2/3 of the way through with “Unknown error trying to download Multimedia Sync”.  I tried copying the file to my hard disk and running it from there – same result.

If you go to http://www.doubletwist.com/, you get a download page for an app which apparently does over-the-air sync.  Interesting, but overkill for what I’m trying to do at the moment.  T-Mobile does have a link (after more digging) where you can download this app: http://apps.t-mobile.com/doubletwist/ (it’s curious that tech support didn’t mention this).  After a painfully slow download, I was able to install it.  My initial impression is an iTunes type program for android devices.  Not bad, really!

However, it doesn’t have any ability to access memos.  So… the memo application on the tablet appears to be much like a piece of paper.  You can write on it, and look at it, but that’s it – don’t think you can transfer it somewhere else and use it.  To me, that’s fairly worthless.

*UPDATE* I reviewed the Samsung Galaxy SII cellphone.  Samsung has recently released Kies 2.0 and a wireless version also.