Not Really a Blog

February 6, 2011

Using a password manager with Dropbox

Filed under: Computers, Internet — Tags: , — jesus @ 18:10

If you follow recommended practices you should have a strong and unique password on every single website (or service) you visit or use, so that access to the rest of the other services is limited if one of your password is guessed or captured in some way . While this all very well, it’s quite hard to do in practice.

We are either lazy and tend to repeat same passwords all over again in different websites or we just try to use variations of a few passwords so that we can keep them in our memory . I confess I have been using this method with the not so important websites that I use, reserving some strong password (and memorizing them) for some of the most important websites. I have even written about different ways in which you can have a strong password based on a pattern and some specific bits of information.

Up until a few months ago I was using this method but then I became more security concious and started using a password manager to store all my passwords, having updated the passwords on most of the websites I use. The way a password manager works is by storing all your passwords on an encrypted database file on disk so you can access all of them if you provide the master password. Thus, this master password needs to be strong enough. Now, this is all very well, but it’s useless if you keep your database at home and you are on the move or at work, etc.

So, what I’ve found useful is that keeping my encrypted file in a private folder on Dropbox works best, as that means that I can have that file everywhere on my computers giving me the flexibility of accessing it anywhere. You can even choose a password manager that works in all major operating systems so you are not limited by OS.

And before you tell me that this could be insecure if there are key loggers in action or any other kind of compromised system, yes, there’s a risk of handing in all your passwords. but, well, you need to find a compromise between being totally paranoid and keeping your passwords in a fire-proof safe and having all the websites sharing the same password :-). I’m a bit paranoid, so I don’t store really important passwords there, like my Gmail accounts, bank accounts, etc. Your mileage may vary, so use with caution.

If you have any other suggestions, please let me know as I’m interested in other ways in which you guys have solved this problem, if solved at all ;-)

July 6, 2010

Easy way to stop the annoying popups from snap.com

Filed under: Internet — Tags: — jesus @ 20:08

Get annoyed by them? Me too. A lot. And it seems you can’t disable them by using their interface. Or at least it doesn’t work for me.

Hot to fix this? Well, just like with any of these things, they usually load a javascript file. So, let’s just not load it:

First of all, edit /etc/hosts and add a line like 127.0.0.1 spa.snap.com:


sudo vi /etc/hosts

which should end like:


127.0.0.1 spa.snap.com

Better now!

November 16, 2009

Nice Firefox and Thunderbird themes

Filed under: Internet — Tags: , , , — jesus @ 09:12

I’ve found two themes for firefox and thunderbird that I’m so pleased with them I have to promote them a bit :-). They are Charamel and Silvermel created by Kurt Freudenthal. I discovered them thanks to Chewie. So, what I like about them is:

  • Works with newer versions of Mozilla firefox and thunderbird (Including version 3 beta 4)
  • It’s got really nice colours and  a nice layout.
  • It works fine under linux and Mac OS X. In the latter it lets you have small icons in the bookmark bar, whereas the default theme does not allow you to do that. See image to see what I mean.
  • You’ve got two different colours to choose from.

So go and buy the guy a beer so he can work more on them :-).

October 15, 2009

Little surprises in HTTP Headers

Filed under: Internet, System Administration — Tags: — jesus @ 22:59

Last week I move a blog I’ve got in Spanish to wordpress.com. Basically I really like wordpress.com and I believe it’s really worth it in terms of freeing my time from administering a wordpress installation and keeping up with the security fixes etc. And today, having a little bit of time I was tweaking my old website to redirect to the new site using an HTTP permanent redirect header. This is what I found in the HTTP headers:

[golan@mars ~] % HEAD http://roncero.org/blog/
200 OK
Cache-Control: max-age=260, must-revalidate
Connection: close
Date: Thu, 15 Oct 2009 21:35:09 GMT
Server: nginx
Vary: Cookie
Content-Type: text/html; charset=UTF-8
Last-Modified: Thu, 15 Oct 2009 21:34:29 +0000
Client-Date: Thu, 15 Oct 2009 21:35:09 GMT
Client-Peer: 76.74.254.123:80
Client-Response-Num: 1
Link: ; rel=shortlink
X-Hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
X-Nananana: Batcache
X-Pingback: http://blog.roncero.org/xmlrpc.php

So, apart from various bits of information (nginx), what I really really liked was the X-Hacker header :-). Fancy a job?

October 1, 2009

Google Wave Invites

Filed under: Internet — Tags: , — jesus @ 09:23

I’ve got two invites to Google Wave that I’m happy to give away. The first two persons that leave a comment including their email address (which will not be published) and their website, will get them :)

Update: The invitations are gone.

September 8, 2009

BeThere rules

Filed under: Internet — Tags: , , , — jesus @ 00:09

I generally like my ISP, BeThere, they are nice, offer a good internet package and they are friendly with techies. This is another reason why I love them, they publish problems with their routers on their blog and how they are going to fix it.

Whether having issues with the router it’s not nice, I like this approach where they admit the fault and show that they are taking the necessary steps to fix it. Kudos.

August 29, 2009

WordPress.com

Filed under: Internet — Tags: , , — jesus @ 00:39

For those of you who might have come here everyonce in a while you might have noticed that this blog is now hosted in wordpress.com, which would enable me to pay less attention to hosting my own wordpress and keep up with the security fixes. Not that I update this blog too much, but well, less work for me.

Every link should work, even considering the URL schema has changed a little bit (removed the /archive/ bit), but it’s handled perfectly. Kudos to WordPress.com.

January 26, 2007

Firefox trick

Filed under: Computers, Internet — Tags: , , — jesus @ 10:53

Try this in firefox:

  • Go to any page with lots of images.
  • Delete the URL bar
  • Substitute it with:
javascript:R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300;y4=200; x5=300; y5=200; DI=document.images; DIL=DI.length; function A(){for(i=0; i-DIL; i++){DIS=DI[ i ].style; DIS.position='absolute'; DIS.left=(Math.sin(R*x1+i*x2+x3)*x4+x5)+"px"; DIS.top=(Math.cos(R*y1+i*y2+y3)*y4+y5)+"px"}R++}setInterval('A()',5); void(0)

Press Enter and enjoy!!!

:-)

January 17, 2007

Last FM

Filed under: Internet — jesus @ 23:05

I first knew about internet radio by listening to Soma FM back in 2001 or 2002. It was pretty cool by then.

Lately I’ve been using Last FM quite a lot. I find it quite nice the way they have everything set up. They have a nice mp3 player with which you can listen to the music they are constantly streaming. Not only that, you can listen to different kinds of music at any time, searching it by artists or by music tags. It’s also a social website where you can see what your friends have been listening to lately or even get recommendations based on the music you’ve been listening to.

Anyway, I believe that it is pretty cool and I’ve just subscribed for 6 months so I can test it, but primarily to support them. Keep on with the good work :-)

December 13, 2006

More on setting a subversion mirror repository

Filed under: Internet, Programming — Tags: , , , — jesus @ 22:34

A few days ago I wrote about setting up a subversion repository using svnsync. On that entry I was using svn+ssh authentication, but there are some gotchas to take into account to avoid having a security issue.If you recall correctly, we had a unix user with which people will access the repository. If we haven’t taken any extra protection, that means that anyone that has their ssh key on such a user’s ~/.ssh/authorized_keys file can log into the system. If such user uses public authentication to access the remote account used for the remote repository, any committer can have access to the private key and thus access the remote machine and have write permissions on it.

To avoid this scenario we need to set things up in a way that users can commit to the main repository but cannot have access to the remote repository. And that, again, can be done by creating a different user (Remember, all this applies to the main repository box, not the remote box).
Say:

  • svn: The user used for the repository. It will let any user have write permission on the repository. It will also have all the public keys of all the committers, to allow them to access the server using the svn+ssh authentication under the generic user svn, in case it needs to be retrieved from a remote location, which can be easily used by forwarding your credentials.
  • svnsync: A user which will have access to the repository (read access is enough) and will have a couple of wrapper scripts to svnsync. It will use a ssh key to access the remote repository. The rest of the users will have no read permissions on this user’s home directory.
  • The rest of the users for the committers. They will have write access to the repository. As you may know, if you use svn+ssh authentication, whenever you do a commit, you basically are executing svnserve on the repositoy under your user ID (That’s why you need write permissions).

This way, committers won’t have access to the svnsync private key. But we must grant them access to the wrapper scripts, so whenever they do a commit, svnserve is able to execute those scripts by triggering a post-commit hook.

All these can be achieved by using sudo. So, say that we have two different wrapper scripts:

  • /home/svnsync/bin/synccommit.sh
    #!/bin/bash
    # this is to synchronize the repostory
    # $1 will be the repository
    if [[ -z $1 ]]
      then
        # The repository should be a parameter
        exit
    fi
    
    DATE=`date +%Y%m%d-%H%M `
    
    echo "[$DATE] Commiting to repository $1 . (output below if any)" >> /home/svnsync/svnsync-commit.log 2>&1
    /usr/local/bin/svnsync synchronize --username svnsync "$1" >> /home/svnsync/svnsync-commit.log 2>&1
    
  • /home/svnsync/bin/syncprop.sh
    #!/bin/bash
    # this is to synchronize the a property
    
    # $1 will be the repository
    # $2 will be the revision number
    
    if [[ -z $1 || -z $2 ]]
      then
        # The repository should be a parameter
        exit
    fi
    
    DATE=`date +%Y%m%d-%H%M `
    echo "[$DATE] Updating property (Revision $2) to repository $1 . (output below if any)" >> /home/svnsync/svnsync-properties.log 2>&1
    /usr/local/bin/svnsync copy-revprops --username svnsync "$1" "$2"  >> /home/svnsync/svnsync-properties.log 2>&1
    

We can call them by setting up the hook scripts as:

  • post-commit hook:
    # Propagate the data to the remote repository
    sudo -u svnsync /home/svnsync/bin/synccommit.sh svn+ssh://svnsync@remote/home/svnsync/svn &
    
  • post-rev-change:
    # Propagating changes to the remote repository. Putting it to the background
    sudo -u svnsync /home/svnsync/bin/syncprop.sh svn+ssh://svnsync@remote/home/svnsync/svn $REV  &
    

    All we need to do now is grant access to the committers to execute both wrapper scripts by adding the following to the /etc/sudoers file (remember, by using visudo)

    %commiters  ALL= (svnsync) NOPASSWD: /home/svnsync/bin/syncprop.sh
    svn         ALL= (svnsync) NOPASSWD: /home/svnsync/bin/syncprop.sh
    
  • Where committers is a common group where all committers belong to.

    Older Posts »

    The Shocking Blue Green Theme. Blog at WordPress.com.

    Follow

    Get every new post delivered to your Inbox.

    Join 2,876 other followers