JDPFu.com 2025

Selling security vs doing security. The first one is a hell of a lot easier.

Link

With so many different vendors pushing thousands of different products, we all need a little help to find the right product to fit our needs.

Product reviews were helpful, but those have been taken over by commercial interests gaming the system. Read somewhere that 80% of product reviews on sites like Amazon are fake, put up by review management companies in violation of the ToS for Amazon, but still it is next to impossible to stop these.

So a few websites started making reviews which seemed to be based on facts and real trials. Sorta like Consumer Reports, but free. There is a difference between how Consumer Reports does their reviews and how these websites, like TheWirecutter.com do theirs. I´ll explain below.

Update for 2017. Just signed up for a new plan. My current provider is not offering any plans here anymore. 14.8% increase over 2016! 281% higher than I paid in 2014 plus the deductible is much higher and the coverage is much worse. Almost 3x more money and zero better options. No question to me why the democrats didn’t win the last presidential election. Their decisions on this are costing me thousands more yearly.

2016 Update: Just received the insurance paperwork for 2016 and my Hi-Deductible plan costs are increasing 13.75%!

In 2015, I was forced into a plan that raised the deductible 50% and costs 217% more than it cost in 2014.

My real monthly rates:
| 2014 | $148 |
| 2015 | $321 |
| 2016 | $365 |
| 2017 | $419 |

I’m not alone.

Thank you President Obama. Nice job.

Just got this email and I’m excited! Might be able to completely change my life! Er … perhaps not. The first line is a little, er, familiar for a bank.

I am a pilot that was on the first American C-17 aid flight into Nepal. This is what we brought.

Interesting cargo from Fairfax, VA.

Redit Discussion about this trip.

I have no issue as a US Taxpayer seeing our money spent in this way. Much better to be helping others, than the other things our DoD is known to be doing.

I don’t have any worries if this is the next generation of rock bands.

• Enter Sandman
• Sweet Child
• Back in Black
• Crazy Train
• Fade Away

Enjoy. Rock on.

• Thunderstuck by a different group

Back to doing my taxes. ;(

Do you like Tom Clancy novels? Here’s a real-life story where the spies failed.

Operational Security, OPSEC, is hard. Even for the CIA.
Presentation by Matthew Cole of NBC News given at the Blackhat conference in 2013.

Seems that the metadata is more important than the actual conversation for cell phones. 25 minutes watching this video will make it clear even to non-technical people why we need to end US, state and local government spying of US citizens by the use of electronic means and license plate tracking.

Metadata alone was used by Italian authorities to determine about 18 US spies with 30 phones who snatched a suspect (Italian citizen) off the street in Milan in 2003. That person showed up about 14 months later in Egypt.

Phone metadata discovered this using a tool called “Analysts Notebook.”

A few days ago, I signed up for Netflix DVD service. The DVD catalog is much deeper than their streaming offers, that is why. I live in an area with a LARGE netflix distribution center across town and folks I spoke with over the years said they’d get DVDs the following day.

My expectations were high and hopeful for 2015. Seems both Netflix, NF, and the USPS are working against me.

IoT is supposed to mean the Internet of Things – that means how every device from lamps, to TVs, baby monitors, home security devices, to washers, dryers, toasters, blenders, … thermostats, basically anything that uses batteries in the home should be connected to the internet so we can monitor them from our smart phones and remote computers anywhere in the world.

The killer app? Wouldn’t it be nice to have a hot bath ready for you at 7pm exactly 106 degF? Filled exactly to the point for your body to fill to the brim? Of course, you didn’t know you needed a bath for relaxation until about 4pm – when at work still.

As another online website got hacked today and leaked userids, email addresses and passwords, I started thinking about what would solve this issue basically forever.

1. don’t use the same password anywhere online. Always unique per login/website.


2. if you can, use a unique login for every online identity. No need to let anyone connect-the-dots or get a hint about your email login from a blog website. This is more important for logins to financial services. I couldn’t tell you my brokerage userid – don’t know it – it is random.


3. if you can, use a unique email address for all identities. These do not need to be anything more than email aliases, since receiving email and redirecting it to a real account is easy. No need to support “send”. If you don’t know what an email alias is, don’t worry.


4. Definitely have a few different email addresses – 1 for social stuff online and a different 1 or 3 for financial stuff. If the social email gets hacked, that shouldn’t impact your financial email accounts at all.


5. Lie on all password reset questions. Never tell the truth or the same answer for different websites. Keep your lies inside a password manager.

How to do these things easily? Use a password manager. Try it for a week, see if you don’t become addicted. More on KeePass

There are other uses for password managers too. Well worth your time.

If we do these things, no need to panic over having any social/google password db out there. Even if it were leaked as plain text, I wouldn’t care. It doesn’t matter. Don’t let any social website know your real email address or a password used anywhere else. Unique, random matters.

Prefer F/LOSS security tools over commercial offers. Historically, commercial security vendors have mislead their users or the marketing department simply lied.

keepass and keepassx are good. The source code is available for download and review by anyone. Security of the tool is not through anything hidden, just good encryption which currently cannot be broken when normal best-practices are used.

KeepassX is amazing.