Freeze An Open Sore
Mastodon account:
https://infosec.exchange/@freezeanopensore
underconstruction.gif
----- ----- -----
C84 Art phone and desktop wallpaper.
----- ----- -----
2024-03-30: The Open Sores Quickie Password Generator(TM)
Password managers aren't actually that great. You don't know what your passwords are, first of all. And if you need access to a service or device and don't have access to the machine holding your password manager you're in serious trouble.
Inventing strong, memorable passwords isn't that easy. You need entropy, catchiness and an aversion to dictionary words. correcthorsebatterystaple actually isn't that great at two of these.
However, you already know a lot of stuff: Songs. Poems. TV commercials. Famous quotes. Dumb things you and your friends used to say. They're in your head and not coming out. So utilise those for strong, memorable non-dictionary passwords.
The Howto:
1) Take a song lyric, poem, or something else that you memorised as a teen. For example, let's take a lyric from Led Zeppelin's very long song about staircases:
"There's a lady who knows all that glitters is gold and she's buying a stairway to heaven." Led Zeppelin, 1970
2) From this line, derive a password: T'alwkaltgig&s'basthLZ0791
3) Enjoy your 160-odd bits of entropy that has no real words and that you already know.
Another example, the theme from Sesame Street:
1) "Sunny days, sweeping the clouds away, on my way to where the air is sweet"
2) From this line, derive a password:Sd,stca,omw2wtais9691JR
(The final six characters are in reference to songwriter Joe Raposo and the year of the show's first broadcast.)
3) Around 150 bits of entropy. This is classed as extremely strong. I don't know about you, but I couldn't forget this song if I got hit by a runaway Snuffleupagus.
A third and final example is from Shakespeare's Hamlet
1) "To be, or not to be, that is the question." Hamlet Act 3, Scene 1.
2) Derivation: 2bon2btitqHA3S1
3) About 90 bits of entropy. Strong. And you probably know it.
Having memorised these when you were 6 or 16, no further effort is required.
If, somehow, you do fail to recall these phrases you can simply search them up on your favourite search engine.
You can even break all the rules and write them down - provided you do it in code. For example, here's how I write down passwords for accounts I very rarely use:
Instagram - wa@pm - walden
If you found this file on my hard drive you might guess the password to my Instagram account was from Henry David Thoreau's Walden - and you'd be right! But Walden is 400 pages long, so good luck guessing which phrase I've chosen, let alone deriving my password from it.
(It's key, of course, to actually have a particular stand-out phrase in mind, so don't pick something that is all parts equally important to you. In fact, it might be a good idea to choose something that isn't that important to you but that's buried in that brain anyway. That will make it harder to guess. If everyone knows Billie Eillish's Bad guy is your favourite song don't choose it - unless you can recite the words backwards, in which case that might be quite a good choice.)
There is no perfect system for passwords - things that open will open. The only way to truly secure data is to delete it. But IMO anyone who cracks this system deserves whatever is hidden behind it. Good luck.
==== end of entry ===
2024-03-30: The desktop metaphor filing system is no longer relevant.
A filing system based on the office metaphor (files, folders, cabinets, desktop, etc) was appropriate for people who worked in an office, used a computer for essentially one thing (work, which was working with computers) and had barely any formats or workfiles to consider.
Now we use computers for absolutely everything, have software that needs working directories filled with thousands of metafiles, can have multimedia that spans filetypes and even playback software, and some of us never go to an office and have never seen a filing cabinet or a file.
Might be time to come up with something else because I can't find a damn thing.
As an example, if I want to edit photos on my Linux laptop (my only computer) , I use a text file as todo list/notes, I have a photo library application that finds photos with tags (essential for finding one of thousands of photos), I have a photo editing program and I run a VM of Tiny10 to use the proprietary POS RAW editor for my camera.
I can't keep all this in one directory, even if I did there's a bunch of programs I need to open to do this. The directory structure for this type multimedia editing just no longer makes sense because putting all this in the directory the photo is in pollutes the folder the photo is in so much you may as well not have a directory in the first place.
So I now use Zenity to make a one-click menu button that launches everything at one click - opens the programs I need, opens a file browser in the relevant directories, and boots up the damned VM.
The fact I'm (command) coding my own menus to cut down dozens of clicks is pretty insane, but we're absolutely cornered into this because the desktop filing metaphor has put us here.
==== end of entry ===
2024-03-02: yt-dlp - a fair and unbiased review. Probably.
So I have used yt-dlp via the frontend youtubedl-gui to legally download videos from streaming media sites. I stress legally. Of course it's legal.
This stopped working last month. It would download about half a file or about half of every file in a playlist and return the same error. Googling this error return a huge number of different problems unrelated to mine. It's probably fair to assume this is a generic error message that is totally uninformative of what the problem might be.
I have the hunch that probably YouT- uh, the legal site I'm downloading legal copies from has changed the API/whatever-thingie that allows programs like yt-dlp to work - this happens with NewPipe on Android, for example. Like with NewPipe I figure just downloading the most recent version will fix the error.
So I download the latest zip file from the project's Github, unzip it and run the binary. The frontend doesn't work because it's still using installed yt-dlp, not the chmodded one over here. Thing is that I don't love installing stuff from Github and putting it in /opt. I'm just not a trusting person by nature.
So I better learn how to use the command line. So I
$ man yt-dlp.
Holy god is that the mind-map of an insane person. Command options. Command options everywhere. Jesus, I just want to rip some audio at the highest rate and save as an mp3, not fly this software to the fucking moon.
Ah, big brain idea: grep the man page for "audio". Wow, that was possibly worse. Okay, bigger brain idea. Just fucking Google it. Two seconds later my old adage - Google is a million times superior to man - is proven correct. So I run
$ ./yt-dlp_linux -x https://purelylegaldownloadsonly.com/freeplaylist1234
That downloads everything! Hooray! It wo- what the actual fuck?
So half the files are opus and half the files are m4a.
Delete.
Go to YT1s.com and manually input ten urls and still get the job done faster than this clusterfuck.
Conclusion: A solid 1 out of 5. Failed the 20 Minute Rule* and a website did the whole thing faster and tidier, and that's a pretty bad comparison to make.
* Addendum: The 20 Minute Rule: if any package in the Debian repository doesn't work as it should in twenty minutes of fucking around you have already wasted too much time on the damn thing. You can be almost certain there's another piece of software in the repo that will do exactly the same thing in there. Purge, search, install, repeat until problem is solved. Sure, it's a kludge but fuck you, I don't have all day.
==== end of entry ===
