smashedbug.com, tech music and geek news

I have written about Passpack on this blog. Over the past few weeks, I have decided to migrate over to LastPass.

With Passpack, I was storing my password vault with their software but saving passwords within my browser using a master password (which was the same as the Passpack password). With Passpack, I didn’t have an easy way to do auto-login (they have a bookmarklet to activate auto-login, but I never felt it integrated into my work environment seamlessly enough). As a result, I decided to check out LastPass.

LastPass, like PassPack, encrypts your passwords with high level encryption (AES256) and then securely transmits them to their servers. Using a long passphrase keeps this encrypted file secure (I’ll write more about this later!).

LastPass utilizes browser plugins to function. They have plugins for Internet Explorer, Firefox, Chrome, Opera as well as mobile platforms. I really like the plugin as it keeps an eye on when I am using passwords on various sites and will auto-fill, auto-login, generate new passwords when I am signing up for a site (or changing my password) and seamless integrate with my browser.

In addition to the standard browser plugins, I can access my password vault through their website and use a similar bookmarklet like Passpack offers (If I don’t want to install the plugin at a given computer). It also has an offline application, support for portable browsers (I have a copy of Mozilla Firefox that runs off my USB drive.. I can plug my USB drive into any computer and use my custom version of Firefox Portable with the LastPass plugin!)

There are two different versions of LastPass — the free version and the premium version. The free version is very comprehensive. As far as I can tell, it has no password limits and supports all of the browser plugins. It does not support mobile devices (smart phones, tablets, etc) or any second level authentication besides grid authentication.

For $12 per year, you can subscribe to the premium service. This provides full access to your Last Pass account using your mobile devices as well as additional second level authentication options including Sesame (a one time password generator that runs off a USB key) and YubiKey (a small keyring USB device that generates one time passwords).

I currently have the premium service and a YubiKey. As a result, when I log into LastPass, it prompts me for my password and has me hit the button on my YubiKey to generate a one time password. The use of the YubiKey provides an additional layer of security. With the YubiKey, someone will need not only my password but the physical YubiKey to access my LastPass account. Due to the nature of the encryption on the YubiKey, hacking it is not an option. I’ll be writing another entry in the near future about the YubiKey and encryption.

Getting back to LastPass … in addition to doing a great job storing passwords, it also supports secure notes (anything that is text can be added to a secure note), user profile data (fill out your standard personal information once and when you need to enter this into a website, LastPass can auto-populate the fields for you), credit card information and more!

The credit card information portion of the service is rather nice. How many websites do you purchase items from? Do they save your credit card information? How secure do you think it is? Even large sites are being hacked (Zappos being the latest one) — Would you rather store your credit card details with a company with a focus on securing your data (to the point where they can’t help you if you forget your password) or a company focused on selling you products?

For more information on LastPass, check out these following resources:

• Security Now Episode 256 - LastPass Security Indepth
• LastPass Blog - The LastPass Security Check
• LastPass Blog - Organizing Your Vault
• LastPass Blog - Replacing Weak and Duplicate Passwords
• LastPass Blog - Root Out Insecure Account Data
• LastPass Blog - Generated Security Question Answers
• LastPass Blog - Form Filling

Over the past month, I ran across the following tools that are very cool!!

Obi110 + Google Voice

The Obi110 is a $50 VoIP adapter. Hook one side up to your internet connection and the other side up to your phone. Register for the free Google Voice service and instantly have a free phone line and free US and Canadian long distance! For $1.50/mo, you can configure Callcentric to provide e911 services to your new phone line. Check out Judson’s Notes for step by step details on the setup! In addition, initial testing shows that sending faxes over this device does work! Easy to setup and in the event Google Voice happens to change their free policy in the future, Obi110 can support other VoIP providers to still provide low cost phone connectivity.

Crashplan+ Family Subscription

Crashplan is an online backup service (similar to Backblaze, Mozy, Carbonite) and supports Linux, Windows and Mac. The Family Plan provides unlimited storage space for up to 10 computers for as low as $6/mo (pay for 4 years in advance - $288). If your able to backup 10 computers, this is only 60 cents per month per computer! The service is great, allows backing up of all your data (very few exclusions) and provides cool features such as backing up to a friend, folder, external drive, etc. It saves multiple versions of your documents (ie if you modify a document and need an older version) as well as stores deleted files indefinitely (you deleted a file a year ago and just realized you need it?  Crashplan to the rescue!).

In addition, for companies, there is Crashplan Pro for around $7-$8/mo you can backup any type of device (including servers) — ideal for small business running a Windows server.  I setup an organization to backup to Crashplan’s central server as well as a local external disk. This gives them two backup locations (remote and local), file versioning (every 15 minutes the files are checked and saved if changed) and a history of deleted files.

PassPack

PassPack is online password storage. PassPack incorporates two or three levels of security (depending on your needs) and the free version allows you to save up to 100 passwords. It has a feature to log you into your accounts using one click and simple copy and paste functions that keep your password hidden from prying eyes. In addition to the online version, PassPack offers an application (which can be carried with you on a USB drive) to keep your passwords close at hand and a password generator.  Lots of cool features and very security minded. They have been around for several years and have had no known security breaches.

IPv6 is the next numbering scheme for the Internet. Right now, the majority of the Internet runs on IPv4. IPv4 is a 32bit addressing space, so 2^32 or 4,294,967,296 (4.2billion) unique addresses. Given how the system works and is divided out, the actual usable IP space is much less for assignment to an Internet enabled device.

The current solution is simple — instead of giving each device a public IP address, the use of network address translation takes households, companies and other larger entities and hides them behind one IP address. While it works, its essentially a band-aid fix for a scarcity of addressing space.

So IPv6 was developed in the late 90’s to address the issue. It uses a 128bit address space (2^128) which allows for around 340 undecillion unique addresses. Wait a minute … an undecillion??

I was intrigued.. soooo lets see if we can conceptualize how large IPv6 addressing space really is….

The Earth has a 24,859.82 mile circumference. Doing some simple math, we can calculate the volume (in cubic miles) of the Earth .. about 260,000,000,000 cubic miles.. and we could then further calculate the cubic feet to be 38,271,467,520,000,000,000,000 cubic feet.  Thats a nice number.  So if we had all of these 12″x12″x12″ boxes (1 cubic foot) filling up the entire volume of earth and we dumped IP addresses in each box .. each box would contain 8,891,280,867,218,191 IP addresses. Whoah .. too big .. lets create cubic inch boxes and see …

So each cubic foot has 1,728 cubic inches …. running the numbers yields  5,145,417,168,529 .. so each cubic inch box filling up the entire volume of the earth could contain over 5 trillion addresses (or 1198 current Internets (IPv4)).

Bit excessive?  I think so…..even after doing all that math, its still hard to conceptulize close to 1200 IPv4 address spaces fitting inside a small one cubic inch box and having enough of these boxes to fill up the entire Earth (all the oceans, all the land, the core, everything…) … jeeeez!!

Wow. I can’t believe I went this far into 2010 without a post to my blog! Shame on me!

So at the beginning of October, I came across “Getting Things Done” rather indirectly… There was some GTD software that won an open source award and since I didn’t hear about it, I was rather intrigued .. I never ended up actually checking out the software as shortly after doing a Google search on GTD, I came across setting up my email client, Mozilla Thunderbird using GTD principles. The simplicity of inbox management was very cool. Within minutes, I was tagging all incoming emails as “trash”, “archive”, “action”, “wait” or “defer” … within a few days, I added various filters and message rules to clean up my inbox based on these tags, I cleared out all of my inboxes (multiple email accounts) and setup my co-workers on the system.

After doing that, I needed more!! So I went to the source and got the book “Getting Things Done” by David Allen. Sweet. I read this in about 2 weeks and my mind was racing with ideas of actually finally getting ORGANIZED.

So what makes GTD so great? David Allen looked at the big picture and analyzed this issue. He uncovered that open loops (anything that requires some action/followup/etc by you) when stored only in your brain continue to remind you of these items (ie when trying to work, converse, eat lunch, whenever .. these open loops pop in your brain!) and if that was not bad enough, your brain can really only shuffle around 8-9 of these items before it starts to forget.

Both of these are bad! So a big goal of GTD is to take all of these open loops at store them outside of your brain. It can be low tech (paper and pencil) or something more sophisticated (I use an online to-do list and online calendar that I’ve interfaced on all of my computers and phone). I’m at the point now that I make sure where ever I am, I can collect any of these “open loops” immediately — when I ask someone to do something, when I’m asked to do something, when I have an idea, etc.. I either text my central to-do list from my phone, plug it in on the computer or write it down on a pad to re-enter at a later date (ie in a meeting where texting is not as fluid).

Once it is in my electronic inbox (to-do system) I can apply attributes to the item (context on where I can do this, when I should do it, if it is an action item vs someday item vs project, etc) and best of all, I know I’ll be checking my list or my list will remind me (it can text my phone!) so I no longer have to actively think about the task. Sweet.

So end result? At any given time, I can reference my system (to do list, calendar) and know exactly where all of my projects stand, what needs my attention, what I am waiting for, etc. I no longer need to actively *think* about these low level items and don’t find myself wasting time trying to remember things or make sure I didn’t forget anything.

Best part, if setup correctly, adding items to the system is painless! David Allen in his book provides a variety of recommendations on how to accomplish this effectively.

It is a great feeling to be on top of all of my tasks. It frees my mind to think of new tasks, it allows me to be more focused on the tasks at hand and the GTD system goes beyond just the to-do list and calendar and provides insight on how to build an effective filing system and organize reference materials to make them easily stored and retrieved.

Future posts will go into more depth on how my system is setup. I have written an implementation guide, please contact me if your interested in getting a copy (free).

Ok.. I’m fed up. I want to notate some music. I need to wear my headphones. My headphone jack does not work. Why does it not work? I don’t know.

A while back out of the blue my audio driver starting having an “EAccessViolation” error. I have no idea what this is. In anycase, since starting to get this error, my headphone jack does not work.

I googled this error and came up with various forms of black magic to get around the error (most people reinstalling Windows).

Why is it that something as simple as an audio driver or audio control panel cannot be resolved without completely destroying the entire working computer with a full reinstall?

Why can’t Windows developers provide better error reporting than “EAccessViolation”? What DOES THAT MEAN??!! So frustrating.

I seriously yearn for actual error reporting. I think any software that returned something as cryptic as “EAccessViolation” would be shunned and run out of town on any of my Unix systems. Why is it so hard for a Windows application to say “hey you know what? I was trying to access XYZ file and it was either not there, wrong version or something and as a result, I cannot run”?  What is so friggin hard about that? On a Unix system, I’ll get messages like that and if I don’t know what the file is, I can query what package installed that file on my system so I know EXACTLY what application would be causing the issue (but as an aside, I rarely have these issues so its a moot point).

Yes this was a rant, but I just want to use my computer and not troubleshoot some stupid “EAccessViolation” error. I’m about 3 minutes away from buying a new speaker setup that has a headphone jack so I can just bypass this annoyance. Thats seriously messed up.