JDPFu.com 2013

Some days we just can’t win.

This little blog VM is out of disk space … er … sorta.
It is out of inodes. Fortunately, it is at 93% use for sector storage, but unfortunately, there are less than 3K inodes available.

apt-get update cannot complete. Out of disk error.

The VM has 1.5G of swap that never gets used. The RAM amount is set to prevent that need on purpose, so I decided to

• change the swap partition into a data partition,
• rsync over a few thousand files from /var/www,
• mount /var/www from the other partition (vda5) and
  … life would be good. Yes, everything under /var/old-www was removed after mounting.

It was all scripted to minimize downtime. AND there is a good backup from last night should anything terrible happen. Downtime was a little over 30 seconds. Good enough. Heck, www.amazon.com was down for at least 10 minutes today, so my 30 seconds should be fine.

After all that, now there are fewer inodes available on /!!!

$ df -i

Filesystem     Inodes  IUsed  IFree IUse% Mounted on

/dev/vda1      296000 293371   2629  100% /

/dev/vda5       97344   3751  93593    4% /var/www

Looks like it is time to build a larger VM file. The blog storage was already expanded last year – which is probably why the inodes are so tight. Copying the entire VM will take longer than a few minutes.

What a pain. I hate downtime, but I hate leaving a system sorta-patched must more.

Some days we just can’t win.

Using FreeNAV on Android is mostly good, but it lacks a few capabilities that would be really nice for any GPS user.

• Add POI data
• Import POI files
• Export Favorites
• Transfer Favorites
  The POI DB is definitely missing many, many, many POIs. Looking for a specific pizza place found 6, but none of them are the two within 3 miles of home that have been there longer than I’ve lived here. It seems to list places 100+ miles away.

Looking for free audiobooks?

• www.booksshouldbefree.com/
• www.openculture.com/freeaudiobooks
  Both sites also have links to free eBooks too.

These are well-known authors with well-known books. Many are classics, certainly a few books that you’ve always meant to read, but just never got around to reading. Very few new books there.

I use audiobooks when on long drives. I suspect that War and Peace will outlast any drive most people have planned. ;) Book 1
or
eBook
will get you started.

Have you read Asimov’s Foundation Trilogy? Now is your chance!

When ever a new year arrives, it is time to do some digital cleanup. Going through old files, new files, old emails, new emails, archiving important things and deleting as much as possible. Heck, if I didn’t respond to that email yet, it probably wasn’t all that important.

Anyway, here’s how I do it, and more importantly, how you can setup your systems to make it easier next year and every year after that.

I won’t pretend to know all about your digital files, so it is unlikely these techniques will work for every situation. Still, I think there is some value with just a little organization.

By now most people that I know are using Anki techniques to learn things with memorization. Anki quizzes on facts and tracks whether we get them correct or not.

Anki learning gets a little tedious to me. Boring. There is at least one less boring option.

This week we’ve all read how General Petraeus was forced out of his position because the FBI was able to read his emails. I’ll leave the moral question about affairs for you to determine on your own, however, from a technology perspective, he did many things wrong.

I’ve added an update below, since new technical information has become known.

I started something new this week and must say that
My Corpse Pose Rocks!

I thought that was funny before, but now it is hilarious!

I just need to improve on the other 25+ poses covered. ;) I can see that taking a lifetime. Something that looks so simple can be extremely hard.

BTW, my ooooms are good, but have some room for improvement too. It is unexpected that I do feel something internally when making that sound.

Watching Olympics on NBC

I’m addicted to Olympics. I admit it. As I watch them on my OTA setup, the fluffers, you know, the announcers between sports, are constantly saying to watch all the events Live by visiting nbcolympics.com. I’ve been there a few times and been disappointed.

Sorry, this becomes a rant.

Where is Curiosity?

There are many different types of passwords. Some are for a financial institution and others are for blog comment websites and others are for your email accounts. Not all of these need to be 100% secure, but it would be easier if they were. If someone gets into a blog or forum account, so what, provided you have different passwords for each login. Good password management works. OTOH, if they get into your primary email account, that will provide access to almost every other account, including financial ones, with just a little effort. It would be best if there aren’t any breaches for these sensitive accounts – either through password cracking or other back-end cracks that we hear about weekly. That’s the ideal world. Reality is a little different.

The problem isn’t just about cracking your passwords today. The smarter cracker will retain your encrypted data/packets so they might be decrypted/cracked in the future. Yes, we need to protect our sensitive data not just for today, but for the next 20-40 years when 256-bit encryption will be trivial to crack. Perhaps protecting it for our lifetime is the best practice?

So, what can we do to minimize the future risks?

Password Managers

I love KeePassX and the cross-platform versions of this password manager, so I try to always use a long, complex, random, generated password for most of my needs. Sometimes a website limits the complexity to only 20 characters or just letters and numbers, significantly reducing the strength of the crypto alphabet. To counter act those limitations, I’ll try to use a nonsensical userid too. There are lots of other uses for a password manager that might be useful.

All this is stored inside a KeePassX database and automatically replicated to 4-10 different systems daily. The actual number changes since not all of them are always available. It is also backed up on many of these systems daily with 30 or 90 or 365 day versions available. The DB will not be lost. I would be sad if it became corrupted on my main system that I consider read-write, but any of the read-only versions are good enough too, if something bad happens.

High Value Targets

With all this data stored inside a file, that means my cracking just that 1 file, everything important to me can be known. It is a very high-value target. Lots of people do this with their password databases too. They trust the strength of the encryption as the only protection.

Future Cracking

That is a false sense of security. Here’s why. Just because some encryption cannot be cracked today, that doesn’t mean it can’t be cracked in 5 or 10 or 15 or 30 years. Anyone with a copy of the old file can crack it years later and gain access to sensitive data or passwords. It has been reported that the NSA has been recording SSL data packets on the internet for years – not because they can crack the crypto today, but for when they can crack it, then all that traffic will become available.

Keeping It Safe

There is no way to keep the data safe once it gets out, even if encrypted. At some point in the future, our 4096 AES encrypted data will be as easy to crack as anything encrypted with ROT13 is today. The point is that any current encryption will be trivial to crack in the future. Count on that. Here are a few steps to limit your exposure. You’ve probably heard most of them before:

• Use the strongest encryption possible.
• Use the longest keys/passwords possible, everywhere, not just for important data.
• Change your high-value passwords periodically, annually is probably often enough, unless there is a breach.
• Follow good password creation practices – which has been written about everywhere recently. There is no substitute for length.
• Try to prevent leaks of your passwords and password manager DB – don’t tempt fate.
• Other Techniques for Secure Passwords

About Future Cracking

Any encrypted packet, file, whatever-data, is only as secure as the crypto, passphrase, AND lack of access to the raw data can make it for your lifetime. In the future, we must assume that all our current state-of-the-art encryption will be cracked and the currently protected content will be available.

I use to offer my KeePass-database to anyone to show how confident I was in the crypto. That was stupid. Fortunately, nobody ever took a copy … unless it was on a USB flash drive I was sharing and they grabbed it without my knowledge. I can’t think of any of those people who are likely to spend more than a few hours on the file before deleting it. I could be wrong.

The file was also stored on a smart phone that was brazenly stolen during a recent trip overseas. It is out there now and forever. The smart phone had been reset to factory settings the day before the theft, SIM removed and the external SDHC memory was removed, my google account was not connected to the phone, but doing all that doesn’t remove all the data stored on the internal SDHC media. Some data is left behind, including my KeePassX database and a few photos. Of course, I had a strong passphrase on the DB, the phone was locked, but still, the general data on the device, not encrypted, could be recovered. I am not panicked about this, but I will be changing all the passwords over the next few months just to be certain. Obviously, the passphrase for KeePass has been changed too.