We’ll learn about Garbage Collection in the context of a failed (and replaced) mSATA SSD from Crucial. New to podfeet.com – Amazon Affiliate links for Canada, Germany and the UK. A quick review of the Samsung T3 External USB 3.0 SSD (with USB-C connectivity). Joe LaGreca tells us about Authy, a brilliant two-factor authentication tool from authy.com/app/. Then we’ll go through the adventures of moving an Apple System Photo Library from an internal disk to the external T3 SSD.
Hi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Macintosh bias. Today is Sunday March 13, 2016 and this is show number 566.
In Chit Chat Across the Pond this week I had the awesome Stewart Cheifet back on the show. He is known for his long television run of The Computer Chronicles and Net Cafe from the 1980s through 2002. If you go back and watch those shows on the Internet Archives, you’ll find that rather than being comical because the technology is such old news to us, you’ll notice how insightful Stewart is about the future. In this episode of Chit Chat Across the Pond I ask him to talk about the present and future of Artificial Intelligence (and why it’s so scary). I ask him about self-driving cars – where he thinks we’re going and how fast are we going to get there. Finally I challenge him to convince me that virtual reality is really going to be a big thing. You’ll have to listen to find out if he succeeds. Remember to search for Chit Chat Across the Pond in your podcatcher so you can get all the episodes.
Blog Posts
mSATA SSD Failure on Drobo and Learning About Garbage Collection
Announcing Amazon Affiliate Links for Canada, Germany & UK
Samsung T3 – 1TB External USB 3.0 SSD
Moving Apple System Photo Library to an External SSD is Terrifying
Before I tell you the tale of how I moved my giant Photos library to the T3 SSD, let’s cleanse our pallets now with a listener review from Joe LaGreca. Joe is a new friend from the new Facebook group (podfeet.com/facebook). Anyway, he was chatting away in our Facebook group about how he uses Authy for two-factor authentication. I suggested that he do a review for the podcast, which is how I punish anyone helpful, right? He explained that between his job and family it wasn’t in the cards for him. I wrote back and told him that I love to have people do reviews because they learn how darn hard and time consuming it is when they try to do it themselves.
Would you believe that about a HALF HOUR LATER he sent me a fabulous audio review complete with the full text and the problem to be solved? Sheesh, that took all the fun out of torturing him! Anyway, let’s hear Joe’s most excellent review:
Joe LaGreca on Authy
Hello Nosillacast listeners, this is Joe lagreca from San Diego, California
Problem to be solved:
Two-factor Authentication is great from a security standpoint. However from an ease of use standpoint it can be a little frustrating. It can get annoying pulling your phone out to get a security token. Or worse yet you can lose your security tokens if you have to replace your iPhone. So I never liked having my tokens in only one place or device.
Solution:
The solution is a program AND cloud service called Authy (authy.com/app/). It is a Google authenticator replacement that gives you access to your security tokens across multiple devices. People might say having your tokens in the cloud is less secure, and while that is partially true, I feel the benefits outweigh the detriments.
The first step is to install Authy on your various devices. They support IOS and Android and also have Chrome plugins. The next step is to create an Authy account. Creating an Authy account requires a phone number and Email address. Verification for account setup can be sent either via phone call or SMS.
Once your account is setup, its use is very similar to that of Google Authenticator. When you enable two-factor Authentication for your various services they will show you a QR code to scan. You simply open Authy on your device ( preferably a phone or iPad so you can use its camera) and click add account. That will bring up a screen to scan a QR code (or you can key it in manually if you choose to). Once you scan the QR code, it will then provide you with your 2FA token.
This is where things are different from Google Authenticator. Instead of your tokens only being on one device, they are now synced and shared in the Authy cloud across all your devices. Authy secures your tokens with a master password. In iOS, touch ID can be used when accessing the Authy app.
Now when I need a token I can either access it from a Chrome extension on my computer, my phone, my iPad, or any other device I have Authy installed. While surfing the web on my computer I no longer have to pull my phone out of my pocket to get my security tokens. This is also very useful when I have to get my phone replaced. I no longer have to disable and re-enable two-factor authentication across all my services. I simply download the Authy app, authenticate, and all my tokens are available!
Side note:
While I do use 1password and know it can handle two-factor authentication I don’t like the idea of “having all my eggs in one basket”. The whole point of 2 Factor Authentication is to keep two separate pieces of information. I feel that keeping those two separate pieces of information in the same place is not as secure.
That’s going to wind this up for this week. Don’t forget to send in your Dumb Questions, comments and suggestions by emailing me at [email protected], follow me on twitter @podfeet. Check out the NosillaCast Google Plus Community and our Facebook group at podfeet.com/facebook. If you want to join in the fun of the live show, head on over to podfeet.com/live on Sunday nights at 5pm Pacific Time and join the friendly and enthusiastic NosillaCastaways. Thanks for listening, and stay subscribed.
[Disclosure: I’m the Chief Defender Against the Dark Arts at AgileBits, the makers of 1Password]
The choice of whether you store your two step verification secret along with your password in 1Password or not is, of course, your choice. Keeping them together in a 1Password item definitely eliminates the “two-factorness” of it. And if two-factorness is your goal in going with two-step verification than don’t store the second factor secret in 1Password. Use Authy or Google Authenticator for that. But before you decide that it is the two-factorness that really matters to you please read the rest of this.
There are other benefits of TOTP (the kind of 2FA that those use). One of those benefits is the “one-timeness”. The fact that the code can only be used whine a 30 second period. That benefit remains, even if you do store the long term TOTP secret within 1Password.
We also need to keep in mind why some services are pushing 2FA. They are doing so because they know that most of their users have weak or reused passwords. When Gmail wants you to use their two-step verification, it isn’t because they think the additional the security comes from the second-factorness, but instead it is because they think that people are using passwords that can easily be captured through reuse or phishing or guessing.
But if you are already using 1Password you probably have a strong and unique password for the service and are less vulnerable to phishing attacks. By using 1Password well you are already addressing (from a very different angle) the same problem that is leading services to promote two-step verification.
[Disclaimer: I work with Jeffrey Goldberg at AgileBits, but this response isn’t based on the work he and I do together on 1Password.]
As the folks at Crucial mentioned, attached to all bulk flash devices, which includes SSD SATA drives and USB thumb drives, is a small microcontroller which translates USB mass storage device requests into requests which are going to be formatted and passed on to the bulk flash memory part.
One thing about flash memory that is not fully appreciated, as we’ve all raced off to add SSD drives to all of our machines (I used a RAID 5 SSD array in my house server) is that flash memory has a limited life expectancy, in terms of erase cycles. I could write about this for hours, but the long and short is that after a given number of erase cycles, a flash memory cell is shot and can no longer reliably store fresh new data.
Bear with me – this shaggy dog story goes somewhere.
One of the things which happens during modifications to flash memory is “wear leveling”. This is a process by which “pages” of flash memory which are mostly only ever written are moved around so that “pages” which are repeatedly being written can be written to the seldom-modified pages.
For most SSD devices, once the device realizes it has no remaining unused “good” blocks it can use for wear leveling, the device will go into “READ ONLY” mode. Deleting files won’t solve this problem, unless the device has a native filesystem (most don’t, or else it is a FAT filesystem) because the device considers the filesystem accounting pages to be “used” – deleting a file results in the filesystem attempting to write accounting pages and those will fail because there are no free “good” pages. What you may well wind up having is a device which cannot be “erased” using any of the tools which operate above the device level.
The moral of the story is that worn out USB thumb drives and SATA / mSATA SSD drives require careful disposal if you’ve been unfortunate enough to have your drive go into “READ ONLY” mode and the SATA “SECURE ERASE” command isn’t supported by your operating system. And for what it’s worth, full-disk encryption, because the data has a larger percentage of modified bits per write, will wear your device out faster. On the plus side, using strong encryption on flash based storage devices means you can just toss them in the trash when you’re done — assuming your password was sufficiently strong to prevent a brute-force attack against it.
“This is a process by which “pages” of flash memory which are mostly only ever written are moved around so that “pages” which are repeatedly being written can be written to the seldom-modified pages.”
Should read “most only ever READ”.