Paperless

Posts

  • 2018-01-20

    How to recover password after shortening

    Writing secure software is hard. At the same time, some things are so fundamental that failing to implement them is just inexcusable. One of these is that you must not limit the password length. (At least below some crazy limit like a thousand characters. Long before that your password is no longer the weakest link in even the most secure systems in the world.) Enter my new router, ironically named the Orcon Genius. It's a bog standard consumer router, and like most routers it came with an insecure admin password. I promptly replaced it with a long, generated password, but afterwards I could no longer log in. I suspected a shoddy implementation, so I cobbled together a script to try logging in using every substring of the password. After about half a second it spat out the correct password, verifying that this router only saves the first 15 characters of the password. The script is very simple:

  • 2017-09-18

    These companies work against your freedom

    Most companies have never done anything sufficiently evil to deserve going on this list. This list is reserved for companies which have done at least one thing that was so bad they should not be forgiven for it. I will try my very best never to do anything benefiting them economically, and I hope you will too.

  • 2017-04-10

    How broken is Samsung UK support?

    This is how broken:

  • 2017-02-25

    The HTTPS-only experience

    EFF recently announced that "We're Halfway to Encrypting the Entire Web." As a celebration of this achievement I've started an experiment: as of yesterday, no unencrypted HTTP traffic reaches this machine*.

  • 2017-01-14

    When MFA is not enough

    I hope you'll excuse the format of this post. Coffee does strange things to my brain.

  • 2016-10-07

    Full disk encryption with Arch Linux footnotes

    Pavel Kogan has an excellent guide to install Arch Linux with full disk encryption. I've taken the liberty of copying the instructions, adding a couple tweaks:

  • 2016-05-08

    Shell scripting dos and don’ts

    Shell scripting is like a room full of power tools: handy but dangerous.

  • 2016-02-24

    Save your bookmarks on Pinboard!

    Why? Check this out:

  • 2014-09-16

    Why I still contribute to Stack Overflow

    This is in response to Michael T. Richter's excellent critique of Stack Overflow (Update: sorry, the link is dead). While I share some of the concerns for the problems mentioned there, I don't believe they are quite as detrimental to the quality of the site as he appears to.

  • 2014-09-16

    How good is your unsubscribe?

    How far down the list do you get? These are all real issues with real newsletters or mailing lists I have at some time had the misfortune to subscribe to. Some of them are still filling up my spam box after multiple attempts at getting rid of them.