Google+ open-source construction Google+

Friday, June 22, 2012

security_class_101 Day_2

security 101:
Day 2: 
LastPass

LastPass is my cloud based Password data-base management application. I personally use KeePassX for local, and LastPass for my Internet passwords alone. I like different features in either app better. The major advantages to LastPass are the full range of Browser compatibility(IE,Opera, chrome/chromium, safari).  The browsers it does not play well with are:Maxthon, Avant, and a bunch of the Linux web-browsers(epiphany{gnome}midori), while a bunch of Linux browsers are based on the source code of firefox.

I will say that I am reviewing this from a free user perspective. If anyone wants to see a review of the pro, and how yubiKey works with LastPass. Although Hak5 has done a bunch of episodes on using yubiKey's, and LastPass.

LastPass advantages:


~ compliant w/ all of the major operating systems:Linux/mac/windows/BSD(sadly no haiku)



~ has a two factor authentication w/ cards, to perform two factor auth. with the free version.

~ has a security check for checking the strength of your passwords.
(there were three fast screens that flew by encrypting passwords, sending passwords, calculating password strength...)








~share the results to brag to your friend's or like in my case be disappoint by a mere 86%...:~{








~ Imports from almost any format, but doesn't export into many formats.
Import


VS.


export


~  Secure notes for keeping "secret" Lists.
(you can also copy/paste anything in one of thise lists you want.)


~ one click filling of form-data
(although I use AutoKey 2 automate strokes portably from inside a encrypted volume)

~Generate secure Passwords...
The LastPass Password generator, to give you an unlimited amount of random passwords.
 ~ It is my opinion that LastPass strength's lay in Cross-platform/browser, security check you can share with your friend's, a strong encryption focus. You can also use your Last Pass from the local Encrypted Vault. The Vault does work off-Line from your web-browser, but will alert you to off-Line being used. So even if Last Pass is doing maintenance, your still golden. I use my KeePassX local Linux password data-base, to fill in the Master-Password for my LastPass every time I log into most any of my browsers(I like Maxthon/Avant, Midori, and Epiphany as well...:/).

Although I think the main advantage from using any kind of password dataBase, is going to be the ease of use it is for (possibly-incompentent non-tech. users)to enter propperly strong passwords, and to easily change them if they find out their NT was attacked. 

Tuesday, June 19, 2012

security Class101:Day 1 KeePassX && Linux

 Using KeePassX 2 increase your security in Linux

I have been using KeePassX for my passWord data-base manager, for over a year now. That not only means that my pass-words are as long and complicated as possible, and all completely unique. Although I sometimes use web-services like twitter, google, my launchpad Oauth link, or facebook to login to my passwords. I have been switching one of these per week, which makes cracking my passwords, highly unlikely.




I like to make notes during the creation of an account, any information I found out about what types of passwords the data-base supports. I really wish there were simple tags on web-sites when creating passwords so I can know the most complicated I can make the passwords. Which I have found in the past, but it is generally rare.

You can easily install KeePassX on any GNU/Debian/Ubuntu(Linux) by running the command:

$ sudo apt-get install keepassx

<enter>

<PW>

<enter>
(install keepass2 for more M$ compatibility)

I do want to make clear that KeePassX is compatible w/ LastPass, but not many windows/mac based password managers. Since I use only Linux keePassX is perfect for my situation.

I usually keep keePassX on my toolbar dock. In Unity or Gnome-shell just open the application(app), then just right click and select "lock to panel" or similar command in "G-S".

So you may ask why I use keePassX and LastPass. I say that I like having my web-passwords mainly kept in LastPass, while I like the extra options for generating passwords, and there are other passwords that I only keep in my KeePassX data-base. Some of these passwords are: SSHkeys, IceCast Server, LastPass Master-Password(My LastPass Never remembers my Password, so I have 2 copy it in each time), and my public-pvt. OpenGPG keys.

Power-user top:

Ctrl + P generate semi-random password.

You can also check/uncheck options like:

allows you to do custom characters, exclude look-alike characters, make sure the passwords contain char. from different groups.

you compare and tell me. 

Also if you do like me and generate passwords from KeePassX, then all it takes is clicking that "save site" in the box that drops down from LastPass in your browser. From that point onwards you can just click "auto-fill to fill in your pass-words. Then just click the regular "log-in" button to get logged in.

the lock screen. You must unlock, before your next copy/paste. I set my desktop to be very lenient; while my net-book keePassX locks and deletes the paste buffer. 

you could also use a stupid-complicated password in a text file, called a keyFile.


What I highly recommend in getting started w/ a secure pass-word data-base is to make a list of your most often used/needed passwords: Here would be my list:

~Amazon/Ebay/pay-pal
~Google/twitter/Facebook/OpenAuth(my OpenID Link 2 my LaunchpadID)
~del.ic.ious/digg/reddit/stumbleupon/P2PU/identi.ca/linkedIn
~facebook/mySpace/couchSurfing/
~tumblR/wordPress/ping.fm/seismec/everNote(on-line notebook)/diigo(highlighting)
~mint-forums
~liveMocha/typingWeb/lumosity
~digsby/trillian/aol/icq/yahoo!
~last.fm/pandora

That is a lot, but I share a lot of articles on the Net. Most people will probably only need a dozen or so passwords to be satisfied, especially w/ most web apps having facebook, twitter, google, && OpenID link. Along w/ a few like E-bay, Amazon, and Pay-pal. Although I would suggest getting a second factor authentication token for your on-line banking either from your $ site(paypal for example), or get a yubi-key for $20 tied to your LastPass.

read fields for tips. repeat is red, because it does not match the first PW field.

Tuesday, June 12, 2012

Evil CSS vs. Open CSS and why M$ is doomed to fail...


Evil CSS vs. Open CSS and why M$ is doomed to fail...

#written by:Kevin James Lausen for Http://open-source—construction.blogspot.com
#I only had time to write the article, but not the tags, sharing, and so on b4 leaving for work this #morning.
#feel free to use any/all of this article it will be up on my blog by night-fall...

My first step is going to have to be to define Evil CSS, as well as it's saintly brother Open CSS. Evil CSS I(personally) define as “corporation supported software”, as well as “community supported software”. I came up with the idea of “community supported software” after attempting and failing to teach people what FLOSS(Free/Libre Open-source software). On the flip side of the coin, I have found that when I tell them Linux is a “community supported software” platform the concept seems to stick.

Ways to get support in Open Vs. Evil CSS:

Evil:
~buy a book or magazine about the Window$ or Adobe software you need help with.
~There are usually more You-tube videos for closed source projects because they are @ the moment more popular.
~Call the sometimes toll-free number on the back of the products package.
~There are User groups, and Blogs dedicated to any kind of software.


Open:
~Blogs(Muktware, Open-source—construction, OMGubuntu, webUpd8)
~Podcasts(audio and video)(Linux action show{jupiter-broadcasting-Bryan Lunduke && Chris Fisher}, FLOSS weekly{twit.tv}, Osalt{nixie-pixel rev3})
~User Groups(UseNet does still exhist)
~E-mail lists.(open to the public unlike many Evil CSS mailing lists are internal only)
~Personal developer web-site(Lunduke.com/opentablets.org/
~community forums(Linux forums
~IRC(Internet-Relay Chat) The original free Internet chat, where you can chat directly w/ your software's developers.
~Man(manual) pages. Now also on-line, and built into your Linux distribution. (where the old-school hacker term RTFM—read the freaking manual came from)
~Word of mouth. Generally your super geeky friend's are using Linux, and are willing to share their knowledge and time with you to further “Open CSS”.


Besides the many more ways to get support from a passionate community of users, there are many other reasons I think OpenCSS Linux, is going to trounce EvilCSS. The number one I believe is that Linux is going to be the go to gaming platform of the next century. This is mainly to do with a native steam client able to run the core steam games(portal, half-life, counter-strike...etc), as well as a great show of interest from Ubisoft, and EA games for Ubuntu(Linux). The Humble-indie-bundle has consistently proven that Linux users have extra $ to pay for great games. We have extra money because we don't pay the extortion rates of Micro$oft, Apple, or Adobe.

The other main reason I believe that Micro$oft is going to fail is the cost of Upgrade. Windows 8 is going to be 64-bit ONLY. That means that you are going to need a minimum of 4gb of RAM, with a preferred amount of 8gb or more. One of the major problems with 64-bit on windows, is that Mal-ware scans are going to take days, instead of hours; because 64-bit files are generally much larger. So that makes running a 64-bit Window$ system on a HDD impractical. That means you will need to upgrade @ least your Operating System partition on an SSD(Solid State Drive). So in order to upgrade my desktop computer to Windows 8 I would have to buy an SSD($150+),memory($80+), on top of the minimum hundred dollars to Lease(License) your software. The main draw-back is that you never truly Own all of the software on your computer.

I also want to briefly mention that there are entire countries(Russia, China, and Germany), that are either moving away from Microsoft's vendor lock-in; or have even written Laws to out-law Microsoft software. I would also like to mention that Microsoft software is not allowed in Google, although Apple is because it has roots in Unix. Unix is the grand-Father Operating system, before all of the modern pretty graphics started showing up.

I don't really know if the terms I enjoy using to explain free software will become popular, or enrage the FLOSS community; but I have found them to be the best way to teach the foundational concepts of Free software to Microsoft or Apple prone users.

Google+