JDPFu.com 2025

Saw this on a forum by an AC today:

I think that my freedom is more important than my security.
I prefer to live in a free but insecure world than in a perfectly safe but not free world.

When govts try for a perfectly safe world, they need to be reminded of this stance.

Also, New Zealand has a law that fines someone refusing to unlock their electronics at the border with NZD$5,000. The claim is that they must have a good reason to demand access, but that is a little late. The article also said that the device would be in “airplane mode” for the searches.

Watch Live OTA TV from your home from anywhere in the world – big deal, right? Well, it could be. Let me explain.

• No extra service provider needed.
• 1-time costs for equipment that works at home AND remotely from anywhere
• Get around sports blackouts with a friend outside the blackout areas. THIS is the biggy.

7 things all travelers with smartphones and computers should do to be secure while traveling.

FIDO-u2f is a newish standard to provide low-cost security devices as a second form of authentication. The normal way this works is

• userid
• password
• on-time token (OTP or U2F or Oauth)

This provides added assurances that a week password won’t lead to account compromises. The U2F protocol makes the setup and daily use of a small USB device fairly simple.

Also, u2f is cross-platform primarily because it acts like a keyboard as far as the OS thinks, so Linux, OSX and Windows are each supported.

That’s the theory. Everyone seems to forget a few minor details.

Below I spell out what I’ve learned when setting up a Yubikey u2f device for use at a few online accounts. Google accounts, dropbox and github are the main accounts, but because google is an authenticator for many other online accounts, those are indirectly secured as well.

A YubiKey NEO firmware v3.3.x will be used as well.

Saw this over at Schneier’s Security site.

How your phone tracks your every move

His phone was leaving traces about 3x an hour and it wasn’t just GPS coordinates.

It is an ABC (Australian) report. They asked normal people to look at some metadata to figure out what they could know about a person. Bingo!

Be afraid. Be very afraid.

For everyone who doesn’t have an issue with this – fine. Send me all your emails, texts, tweets, G+ posts, FB posts, all contacts in every device you own, a list of everything you watch on TV, through Netflix, popcorn, all the torrents and photos from the last 6 months. After all, you don’t have anything to hide. Oh – and I don’t want just the nice, sanitized stuff. Send it all.

After all, you have nothing to hide.

Here’s what the public found in his metadata.

His final thoughts:

Having strangers poring over your data can be an unnerving experience but whether we’re aware of it or not that’s increasingly the case in the world we live in.

You missed it! We had a great time! A fun time for like minded people. Learned a little about some distros I didn’t know still existed. Learned a bunch about some things I knew little about – Angry Noob Syndrome – ANS, for example.

Whether you are a hard-core DevOps person, normal admin, end user, developer, or DBA, there were 4+ sessions for each and lots of interesting things you never knew about.

Ever wanted to get GigE speeds over wireless for your entire neighborhood from 40+ miles away from any other buildings? There was a session about that!

Ok – so here are the videos.

I’m always confused when folks elect to put their data on someone elses computer or storage. That is what using the cloud means.

It is really easy to have a private cloud where you host all the data from your broadband connected home with about the same power use as a high-efficiency LED light bulb. Plus by doing this, you can have remote access to all the compute power inside your house, through a highly secure connection, unlike what OwnCloud or Dropbox provide. Better. More secure. Under your control. What’s not to like?

I was watching a Spanish movie the other day and noticed there wasn’t any English subtitles or audio. My Spanish is poor and it won’t get any better without a little help.

Apertium , the F/LOSS language translation package, to the rescue.

I’ve been traveling overseas more and have discussed security issues with others in the IT security industry. Here is what I’ve decided.

With the recent HeartBleed issue in the openSSL libraries that impacted 80% of websites and the GnuTLS issue from last month, what should we do when security is needed most?

BTW, the NSA admitted to using the HeartBleed bug for years. My 20 yrs of professional experience with software tells me that there are probably 50 other issues like this in the openssl and gnutls software libraries. They are the best options for HTTPS traffic, but really shouldn’t be trusted when real security is needed.

What do I do?

Updated: 2/2016

I don’t travel all that much, just 3-4 weeks out of the country every year, usually for pleasure, not work. Below are the Android apps that consistently work well for me.

• without a data plan
• disconnected
• using wifi-only access
  The few times that I’ve looked for a data plan overseas to add to a smartphone, the costs were simply 10x more than I was willing to pay. In Europe, sometimes the data is fairly cheap, so it becomes more of an option. £15 for 2G is a bargain. For 10 days in Turkey, would you pay US$100 for a data capable GSM-SIM? Further, after 7 day, my friend’s SIM stopped working. Seems the Turkish government wants to know about all the cell phone users in their country. Moving the SIM to a different device did make it work again.

If you have a data plan, then translation tools work easier, but we’ll assume no data or wifi connection when you are away from the hotel.

I just returned from central and south east Asia, so the apps that worked are fresh in my mind. Some have been updated, since it is 3 yrs later now and I’ve been around the USA, Africa and to Europe a few times too.