greyduck.net

Looking For Quacks In The Pavement

Category: Geekery (page 1 of 80)

Gnu FM – A self-hosted Last.fm alternative

Remember scrobbling?

Ever even heard of scrobbling?

Anyway. For the last dozen or so years I’ve configured my primary music player (current MediaMonkey) to send last-played data for songs in my library to the Last.fm website. The idea being that folks can see what I’m currently playing and/or most recently listened to. That’s entertaining in and of itself, at least to me. There’s a bonus, however. Doing big-data things to my music-listening information paired with similar information from other users results in an ability to recommend new music. The idea goes something like this:

  1. I listen to These Songs by These Bands quite a lot.
  2. A stranger on the Internet also listens to These Same Songs by These Same Bands, a lot.
  3. This stranger also listens to Some Other Songs by Some Other Bands.
  4. In theory, there’s a good chance that I might also like those Other Songs and/or Other Bands based on a commonality of musical tastes with a stranger on the Internet.

It’s a great idea. I even found some new-to-me musical artists as a result from time to time, such as Way Out West.

However. Last.fm has… degraded somewhat in usefulness over the course of this decade, and when DJ Sundog over on Mastodon recently noted that a self-hosted alternative exists, I had to try it out. Let’s be clear that I’m basically losing the “big data” part of what made Last.fm (and theoretically Libre.fm, its erstwhile replacement) valuable. Now I just want somewhere to point my data to. How I’m going to use that data is a problem for another day. I love building things!

Here’s what I’ve learned. (And, yes, I need to write about my Mastodon instance at some point as well. Please be patient; I’m out of the habit of actually blogging.)

Continue reading

Captain Marika on deck

Thanks to some shenanigans with online wishlists, I was spoiled about one of my holiday presents so the gifting individual decided to just give it to me early. So, hey, let’s do a quick onboxing!

The box is a bit dinged up, but the Nendoroid inside is intact and ready for assembly.

I adore the Mouretsu Pirates anime, as I have made clear during the weekly writing project. Once I found that they were making a Nendoroid figure for Kato Marika in her piracy outfit I knew that I was doomed to wind up entering the realm of anime-related figure ownership. I’d avoided this fate up until now (barring a couple of Funko Pops, but they don’t count). Welp. Here we are, now.

The Nendoroid comes with options. Which expression should Marika wear? What weapon should she wield, if any? I had decisions to make.

Admittedly, this is just a wee bit creepy.

I ended up going with the gun arm combo and leaving the hat on, and since she’s armed I gave her the “action” face as well. (There’s a bit of extra hair you can stick on her head if you eschew the hat, but if she’s packing heat then she should have her head covered.) Turns out that the back of her head has a lump of metal for the magnet on the base stand to click onto to keep her upright. It’s a neat little system, actually.

Let’s do some piracy!

The final result? I love it. It’s adorable and awesome. Thank you, Kyla!

Passwording In The Twenty Teens

(Disclaimer: I’m going to try to write this for a generally non-techie audience, but some techie stuff is inevitable. It’s an important topic anyway. Your mileage may vary. Etc.)

Identity theft. Banking fraud. Social media hacking. These are just a few of the worries we deal with nowadays. There’s no such thing as a perfectly secure system, and odds are good that any system or site that you use will experience some kind of security breach in its lifespan. Your best defense hinges on two actions: Controlling your level of risk exposure, and making it as difficult as reasonably possible for the bad guys to make your life miserable.

You don’t have many options for the first action. If you’re going to use Dropbox because that’s what your collaborators all use, you’re kind of stuck with the level of risk involved with being on Dropbox at all. Whatever service you use, be aware of how much of your stuff you’re sharing with that service. If you’re on social media, be aware of what you’re sharing and with whom. Consider what happens if the bad guys get access to that stuff. Doesn’t matter if they hack your password or the whole service, it’s still Your Stuff in Their Hands now.

This is particularly true for anything involving your money. Online banking. PayPal. Patreon. If you choose to use these services, make sure you become familiar with their security measures and get signed up for any alerts. (Unless you have unlimited money, of course, and love to share it with random people. In which case… hi! Be my friend?)

The second action is what brings me here today. Most normal, regular, decent people are terrible at dealing with passwords. Let’s be clear: I’m not saying people are somehow “stupid” on account of this fact. Passwords are a gigantic pain in the posterior! What a terrible way to have to interact with everything on the Internet that we need a login for! I do not blame anyone for being bad at passwording.

It gets worse when you try to learn how to be better. Over the course of the Internet’s lifespan password policies went from “policy? what policy?” through a series of increasingly arcane rules, some of which should be obsolete but folks hang onto them because dogma is everywhere. What do you do? Here are my guidelines:

The days of “letter replacement” passwords should be over and done. A password like “p@$$w0rd” is basically useless now. (Especially that example. Please, never use that.) Special characters are fine, but just using one or more does not a good password make all on its own.

I admit I’m speaking more to my fellow IT techs with that one than to regular folks. It’s still good to keep in mind!

Longer is better. (Yes, I’ll wait while you get the jokes out of the way. Done now? Good.) Look at the requirements for the service. When you create or change your password, does it give you a list of requirements? (If not… consider signing up for a different service.) Note the length requirement. It’s probably something like “8 to 15 characters.” You don’t need to use all 15, but get within a few characters of it. Why? Because if the bad guys try to get in to your account through the front door (as it were) the more characters you used the longer (much, much longer) it’ll take them to go through every combination of letters and numbers and such. Odds are they’ll get bored before they get in.

Let’s put it this way: If a password 8 characters long takes them a day to crack by trying every possible 8 character string, a 12 character password will take them months using the same computing power. (I’m simplifying this a whole lot. The principle is what’s important, not the actual math.) Past a certain point they will give up and move on to the next potential victim. You’ve become Not Worth Their Time, and that’s the best you can hope for.

To be frank, of course, if they’ve decided they really want your stuff? They’ll probably get your stuff, if they have the resources and time and a bit of luck. But still, make them work for it. The rat bastards don’t deserve your having made it easier for them.

The bad guys start with a list. Don’t be on that list. They use the list first, then they go through the “every combination of letters and numbers” I just mentioned. The list? It has stuff like “password” and “1234” and “4321” and “drowssap” and “rover” and “fluffy” and you get the idea. They’ve collaborated and built this list over the course of years of successfully getting into stuff belonging to people like you. The bad guys are smart, organized, and know that most people will pick the simplest password they can when given the choice (and no incentive/training otherwise).

Your password should never be just a string of numbers, should never be a variant on the word “password,” and should never be just a name. Especially not your own name.

“Okay,” I hear you ask, which should probably concern you about my mental state, “What should my password look like?” One of two options, here.

  1. Something utterly garbled and un-guessable, such as that created by a password manager (see below).
  2. Something long enough and just complicated enough to meet the requirements. Remember, length is more important than complexity as long as you don’t use easily guessed information. So, something like “Careful!4Focus” is valid because it’s 14 characters, has no identifying words that are specific to you as a person, and it meets the “you must use letters, numbers, and a special character” thing that the website probably insists upon. Play with this idea a bit! To a password system, an upper and lower case letter are completely different things. “careFul!4focuS” is technically speaking nothing at all like the previous example.

Passwords should be unique. Note the “should be” in there. If the bad guys get your Spotify password, that should absolutely not allow them to log into your online banking account. No account hack should let the bad guys into any other account with money attached! You can fudge this guideline a bit for truly unimportant stuff, but it’s up to you to decide what’s important and what isn’t. Be aware of the potential consequences.

As a side note: Consider carefully whether you want to have websites “remember” your debit/credit card info. It makes purchases easier for you, absolutely true. It also makes purchases easier for them if they get into your Amazon or Domino’s Pizza or other online shopping account.

So, now you have to maintain a bunch of passwords. Now what?

Consider a password manager. I’m a fan of KeePass but that’s not the only option available. What you’re looking for is a program which will keep your growing mess of passwords organized and available at your fingertips, but will keep them hidden from casual prying eyes. KeePass, like most of its competitors, will let you set a master password (you do have to remember that one) which unlocks access to all the other passwords. Then it will let you generate new super-complicated passwords or just let you hand-enter and store the ones you created yourself. Either way you prefer. A lot of password managers will even auto-type your username & password into websites for you.

This is a big complicated step! I’m fully aware of this. You don’t need to go this route…. but you need to do something. If you’re going to write them down, fine, but now you need to secure that piece of paper somehow, and in a way that lets you get at it when you need it. It’s up to you. Maybe you’ve got a system! Systems aren’t inherently bad, just be aware that the bad guys will be trying to figure out your system as well, so make it as non-obvious as you can.

(And there’s the even more complicated issue of having access to all these passwords across multiple devices & locations. Personally I use a secured KeePass file on a Dropbox share, though I’m considering ways to add more layers of security to the arrangement. The challenges never end, folks.)

Consider Two-Factor Authentication. Also known as “2FA” or “MFA”, the long-and-short of it is that instead of just an account name & password, now you have the account name & password & also some code, probably delivered via an app on your smartphone. The “factors” refer to the idea that your account is now protected by something you know (password, factor 1) and something you have (smartphone, factor 2). Sure, if the bad guys manage to get at your password and your smartphone, you’re out of luck… but that’s sure a lot of work, isn’t it? “2FA” is a bit of a hassle for you, yes. It’s a phenomenal hassle for the bad guys, though, so it’s generally a good idea for stuff you really need to have secured. Like, for instance, your bank account.

Last, and absolutely not least:

Ask your friendly neighborhood tech wiz. I guaran-damn-tee you, any techie worth anything at all will be delighted to hear something like, “Hey, I’ve been bad at passwords and I want to learn to do better, can you help?” The biggest hurdle we face in this battle is getting people to even care. Showing that the concern is real for you is going to go a long way toward making them happy to assist you.

In conclusion: Use the Internet carefully and wisely, and use the best password scheme you feel capable of handling. The identity and money you save may be your own.

So many broken links. SO MANY.

This site started nearly 15 years ago on the Monaural Jerk (“Journal maker” anagrammed) platform and was migrated to WordPress some time later. I ran the first rendition of what was then just called Gallery, then the Gallery 2, and didn’t quite make it to Gallery 3 before they pulled the plug on the entire project so in came Piwigo. Also, over 15 years I have linked to a great many odd sites.

The term you’re now looking for is “link rot.” As part of the revitalization project I installed a link checker plugin and boy oh boy did it find some broken links. And by “some” I mean “over 700.” I have spent the last couple days’ worth of free time wrangling that quantity down to “merely 521.” At this point I’m probably going to focus on the couple hundred gallery-related fixes and write off all of the old links to sites that probably don’t exist anymore. If the link is 404‘d after all these years, there’s not much value in chasing down whether or not it’s supposed to go anywhere valid today, right? Right.

Don’t worry: I’ll tell you about the Thing I’m Doing, soon. All in due time.

Yet Another Redesign

Every so often I realize that whatever theme I’m running isn’t up to whatever task I need it to perform. The last couple were certainly pretty enough on the big screen of a desktop PC but neither looked very good on a mobile device. Since I live on my phone (and to a lesser degree, the tablet) almost as much as on a regular PC nowadays, this has become important.

It’s even more important when I’m getting ready to launch a new posting project. (More about that, later…)

At any rate: I’m not done tinkering but the basics are in place now. If you see anything really out-of-whack please let me know!

Better Living Through Video Games

It’s been a long couple of months. Bad weather, bad news, grim mood, no enthusiasm for much of anything.

So, I’ve been playing a lot of games lately. Here’s what’s keeping me occupied:

Stardew Valley – I never played Harvest Moon or its ilk but for some reason I decided to jump on the hype train when this came out, and I have not been disappointed. You play as a farmer, struggling to get your inherited run-down farm up and running. You plant crops, you raise animals, you sell the vegetables and eggs and milk and crafted products for money, you collect things to restore the dilapidated town center, you delve into the mines (too deeply, perhaps) for more raw materials and artifacts, you earn friendship with your new neighbors (and perhaps marry one of them)… there’s a lot going on, is what I’m saying. It’s a very casual game in most ways but you have to pay attention to really prosper.

Guild Wars 2 – It’s an MMO. It’s published by the bastards who shut down City of Heroes, so yes, I have moral qualms about giving them my money. But it’s as good of an MMO as I can find at the moment. I’m not really into it as much anymore but it scratches that particular itch.

Diablo III – Until they release a proper HD patch for Diablo II, this is where I’m getting my isometric-perspective monster-smashing fix. It’s repetitive, sure, but sometimes it’s not about the novelty or the challenge, it’s just about making horrific demonspawn go “sputch” in satisfying ways.

Catan Universe – This is the second computerized rendition of the Settlers of Catan board game that I’ve tried. The first one is… buggy, to put it mildly. This one is very German and very very pre-release quality, but hey, you can play with/against friends and/or against the AI, and it’s a solidly playable experience. If you can’t get friends to your house to play around a table, it’s the next best thing.

Overwatch – I haven’t really played many “shooters” this past few years. Sometimes I’ll sign into one of the first two Borderlands games for a bit but I think I’m just out of touch with that playstyle. I know I started out playing Doom & Doom 2 quite well but it’s a whole different world now. And while Overwatch tries to match people up “by skill level,” I’m almost always the least-skilled person in any given match. I don’t regret the purchase but I’m not compelled to play, either. I probably need to find a group to play with; that was always most of the fun in the old Doom/Quake/UnrealTournament days, after all. Hmm.

…yeah, that’s pretty much what I’ve been playing the last few months.

Older posts

© 2018 greyduck.net

Theme by Anders NorenUp ↑