#539 Ad Blockers, Octogenarian Talks 1Password, Aerb USB-C Dongle, HSXKpasswd Roll Your Own Configurations

Send in your questions you’d like to have Professor Maryanne Garry answer on the show about the brain, memory or how we perceive things for a show in a few weeks. I have an argument with myself about whether the use of ad blockers are essentially stealing or whether their our only defense against emotional damage. My octogenarian father-in-law explains how 1Password made his computing experience so much easier in a video interview I hope you’ll use to convince others to use a password manager. A quick review of a USB-C dongle for $20 from Aerb that does 90% of what I need on my 12″ MacBook. In Chit Chat Across the Pond Bart takes us through part 2 of his explanation of how to use HSXKpasswd from the command line and how to create our own configuration files. It’s one that really would be helpful if you read along with his shownotes while you work it out on your own!


itunes
mp3 download


Hi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Macintosh bias. Today is Sunday September 6, 2015 and this is show number 539. I’m getting charged up for the big announcement day on Wednesday! Steven Goetz suggested that we fire up the live chatroom during the announcement like we did last time. All you have to do to join in the fun is go over to podfeet.com/live at 10 am Pacific Time. On the right side of the page you’ll see a web-based chat window asking you to pick a user name and then hit join. You’ll see a video link on the left but ignore that because I won’t be broadcasting ME during the event since we’ll all be watching Tim on our various devices. If you’d like to use a standalone client instead of the web client, Kirschen and I have compiled tutorials on how to set up Colloquy, Textual and Adium at a link in the shownotes. If you’re going to set up one of these clients I recommend working on that a little while ahead of time. Hope to “see” you there!

Professor Maryanne

Dr. Maryanne Garry, professor in psychology will be coming to visit again and we’re hoping to do another recording for the show. You may remember her as the one who messed with everything we thought we knew about our memory and then destroyed our understanding of how we pay attention to things. She suggested I ask you to submit questions to the show on what else you might want to know in the area of cognitive science. I’m sure her discussions in the past have left you with questions that you’d love to have her answer or things you’ve read about the mind, the way we learn and perceive things, memory and behavior – please send them in!

Blog Posts

Ad Blockers – Stealing or User Right?

Octogenarian Talks 1Password

One USB-C Dongle to Rule Them All?

Clarify

You hear me yap about how Clarify helps me all the time to make tutorials to help other people learn how to do things and helps me to remember how to do things, and I’m sure that’s vastly entertaining and informative for you. But there’s one thing better than that, and it’s when you hear a spontaneous testimonial from a fellow NosillaCastaway. Out of the blue, Ben wrote in with this message he hoped I’d share with you:

I am helping someone with a web application. After we spent a few hours this morning working through things, they had a question this afternoon. Since I was no longer with them, I opened Clarify and walked them through it. Later, I saw that they were able to figure out their question so I asked how they liked Clafiy, and they responded “I LOVED it so easy and so helpful!” There is no better testimonial then that of someone who Clarify has helped.

So this is actually an embedded testimonial – it’s Ben telling us how HIS friend thought Clarify helped them get their work done. If you don’t believe the 3 of us, please download the free trial of Clarify over at clarify-it.com for Mac or Windows or both, and prove it to yourself. When you do buy Clarify, be sure to let them know that you heard about it from me and Ben!

Chit Chat Across the Pond

Security Medium – OS X Trojans Accessing the Key Chain

There is yet another story about OS X security that sounds really bad – apps accessing your keychain without permission!

Attack apps abuse OS X’s accessibility features to find the popup that asks for permission to access the keychain on your screen, and then click the ‘OK’ button for you.

As bad as this sounds, there is some very important small print – before malicious apps can do this, you need to 1) download and install them, and 2) give them full administrator access to your system by entering your admin password when they ask you to.

Installing an app and running it is giving the app quite a lot of trust, but giving an app admin rights is giving it a LOT of trust – DO NOT DO SO LIGHTLY!

We now know this trick has been in use for some time, perhaps as far back as 2011. The advice to users remains what it always was, and always should be – be careful what you install and run, and be REALLY careful what you give admin access to!

Links:

Security Light

Important Security Updates:

Important Security News:

Notable Breaches:

Suggested Reading:

Main Topic – The hsxkpasswd command line tool continued

The Perl module powering this command line tool was chosen as module of the month for August 2015 by the editors at Perl Tricks: http://perltricks.com/article/192/2015/9/3/What-s-new-on-CPAN—August-2015

Finishing Part 1: https://www.bartbusschots.ie/s/2015/08/22/using-the-hsxkpasswd-terminal-command-part-1-of-2/

Part 2: https://www.bartbusschots.ie/s/2015/09/06/using-the-hsxkpasswd-terminal-command-part-2-of-2/

That’s going to wind this up for this week, many thanks to our sponsor for helping to pay the bills, the makers of Clarify over at clarify-it.com. Don’t forget to send in your Dumb Questions, comments and suggestions by emailing me at allison@podfeet.com, follow me on twitter @podfeet. Check out the NosillaCast Google Plus Community too – lots of fun over there! If you want to join in the fun of the live show, head on over to podfeet.com/live on Sunday nights at 5pm Pacific Time and join the friendly and enthusiastic NosillaCastaways. Thanks for listening, and stay subscribed.

5 thoughts on “#539 Ad Blockers, Octogenarian Talks 1Password, Aerb USB-C Dongle, HSXKpasswd Roll Your Own Configurations

  1. Michelle - September 7, 2015

    I don’t mind ads but where the hell is truth in advertising? If a site needs ads the site should vet those ads. How can I trust what a site is posting about if all I’ve the page is “Obama says you don’t have to pay your mortgage” or ” lose 20 lbs in a week while you sit on the couch”. Because of all of these bogus ads I don’t trust any of them. Even if I see something I might like I make sure to search for the item myself. TV too had ads for things that I would consider false advertising but I never seem to hear of any public advocate fighting to protect dumb people from clicking on them or even some smart people doing it and getting viruses.

  2. EP - September 17, 2015

    Allison. Great podcast! I’ve heard you on DTNS many times so finally decided to check out your solo work. I’ve only listened to shows so far but I’m really enjoying your fresh perspective on tech.

    The one thing I don’t really understand though is the hassle with HSXKpasswd especially after YOU JUST DID A SEGMENT on password managers??? Every password manager worth it’s salt already has an integrated, high entropy, highly CONFIGURABLE, password word generator built-in. I know you use 1Password. Personally I use LastPass (online) + Keepass for offline backup, and then because I’m paranoid, I use Viivo to encrypt my Keepass db before syncing to cloud storage (GDrive & DropBox) for yet another online backup. Anyways, all three of these password managers can generate unique 256-bit passwords (OVERKILL) with 2 clicks or less. Why bother with HSXKpasswd? Is it because it’s capable of generating human memorable pass-phrases using a configurable dictionary? If so, I still don’t see the point? The WHOLE POINT of using a password manager in the 1st place is you don’t NEED, or even want, memorable passwords. Passwords, security questions, backing up 2-factor auth QR-code .jpg’s… they can all be stored in a password safe and retrieved with 1 click.

    When you take into consideration HSXKpasswd’s .TXT config/pre-set file one must set up and/or the INSANELY complicated terminal commands, which are longer than the actual passwords the tool generates, what is the point? I suppose as a programming exercise in PERL this tool would be great to download and study. But other than that, a normal person wouldn’t use this tool. Could you imagine explaining the merits of HSXKpasswd to the seniors at that computer club meeting? Hell, even I wouldn’t use this tool and I’m an I.T. professional.

  3. EP - September 17, 2015

    @Michelle The reason why sites don’t vet ads is because they CAN’T. The vast majority of small, medium and even large websites obtain ad revenue by subscribing to an “ad network”. They do this by inserting into their website a small snip-it of code given to them by each ad network. That code snip-it is what loads and rotates the ads you see. That code is essentially a black-box to the website operator… they have little to no control over what ads are displayed and how (u might be given general control over ad content.. ie.. no adult ads, but not much more). Unless you’re a very unique website like the TWiT network who has a dedicated sales team, then your mom-&-pop website’s ONLY ad revenue option is to employ the “black-box” approach…. and even in TWiT’s case they probably get less than 5% of their revenue from their 2 (TWO) static website ads. TWiT makes ALL of its $$$ (literally MILLIONS & MILLIONS per yr) from testimonial commercial breaks DURING their podcasts.

  4. podfeet - September 18, 2015

    EP – glad you found the show, and thanks for the detailed question. I think we forget that some people haven’t been listening for the first decade of the show. Bart built this originally as a web interface at http://xkpasswd.net. This is for normal people to be able to choose strong, memorable passwords with a UI that lets them choose how many words, how much padding, what kind of characters to use, etc.

    It’s based on a combination of the xkcd cartoon that talks about passwords being good if you can pick four random words that you DIDN’T make up. Normally the problem with memorable passwords is that you made them up which means their logical and guessable. With Bart’s tool, it’s choosing the words for you so they don’t make ANY sense but they are memorable.

    The other piece is from Steve Gibson’s Password Haystacks theory that the longer you make a password even just by padding it will give you a password that won’t be broken in a gazillion years.

    What he’s been doing lately is making this into a tool you can use from the command line which is cool and I agree with you that this would not be something for the masses. He did teach me a while back how to make a Service which I use constantly to create my passwords.

    I’ve used the built-in password generators of both LastPass and 1Password but I cannot type them easily when I do need to so I use xkpasswd to create them and immediately store them in my password manager.

    I’m trying to find the episode where Bart explained the maths behind xkpasswd – you’d love it!

  5. Bart Busschots - September 21, 2015

    EP – a couple of points:

    1) I have found that while I do keep all my passwords in a vault, I still have to type them relatively often when I’m on devices that are not mine. My iPhone is always with me, so it knows my passwords, but I have to read them from the iPhone screen and type them into the computer. HSXKPasswds are a lot easier to do that with than pure random passwords
    2) I often have to set passwords on encrypted archives that I then have to email to people and tell them the password over the phone – again, HSXKPasswd passwords are much easier to work with in that situation than random gibberish
    3) the terminal stuff is only for those who WANT to play with it. It’s not meant for muggles! http://www.xkpasswd.net is for muggles.

Leave a Reply

Your email address will not be published.

Scroll to top